Namespaces | |
| namespace | AES_AARCH64 |
| namespace | ARIA_AVX512 |
| namespace | ARIA_F |
| namespace | ASN1 |
| namespace | Camellia_AVX2_GFNI |
| namespace | Camellia_AVX512 |
| namespace | Camellia_F |
| namespace | Cert_Extension |
| namespace | CMCE_CT |
| namespace | concepts |
| namespace | CryptoBox |
| namespace | CRYSTALS |
| namespace | CT |
| namespace | detail |
| namespace | Dilithium_Algos |
| namespace | fmt_detail |
| namespace | FPE |
| namespace | HTTP |
| namespace | KeyPair |
| namespace | Kuznyechik_F |
| namespace | Kyber_Algos |
| namespace | OCSP |
| namespace | OIDS |
| namespace | OS |
| namespace | PCurve |
| namespace | PEM_Code |
| namespace | PK_Ops |
| namespace | PKCS11 |
| namespace | PKCS8 |
| namespace | PKIX |
| namespace | ranges |
| namespace | Roughtime |
| namespace | Serpent_F |
| namespace | SHA1_F |
| namespace | SHACAL2_AVX2_F |
| namespace | SHACAL2_AVX512_F |
| namespace | SM4_AVX512_GFNI |
| namespace | Sodium |
| namespace | Threefish_F |
| namespace | TLS |
| namespace | TPM2 |
| namespace | Twofish_KS |
| namespace | X509 |
Concepts | |
| concept | absorbing_object |
| concept | appendable_object |
| concept | bitvectorish |
| concept | curve_supports_fe_invert2 |
| concept | curve_supports_fe_sqrt |
| concept | md_hash_implementation |
| concept | updatable_object |
| concept | WordType |
Typedefs | |
| typedef __vector unsigned int | Altivec32x4 |
| typedef __vector unsigned long long | Altivec64x2 |
| typedef __vector unsigned char | Altivec8x16 |
| using | bitvector = bitvector_base<std::allocator> |
| template<size_t bound> | |
| using | Bounded_XOF = detail::Bounded_XOF<XOF&, bound> |
| using | byte = std::uint8_t |
| typedef int32_t | CCCryptorStatus |
| typedef std::vector< std::set< Certificate_Status_Code > > | CertificatePathStatusCodes |
| using | CmceCodeWord = Strong<secure_bitvector, struct CmceCodeWord_> |
| Represents C of decapsulation. | |
| using | CmceColumnSelection = Strong<secure_bitvector, struct CmceColumnSelection_> |
| Represents c of private key. | |
| using | CmceErrorVector = Strong<secure_bitvector, struct CmceErrorVector_> |
| Represents e of encapsulation. | |
| using | CmceGfElem = Strong<uint16_t, struct CmceGfElem_> |
| Represents a GF(q) element. | |
| using | CmceGfMod = Strong<uint16_t, struct CmceGfMod_> |
| Represents a GF(q) modulus. | |
| using | CmceInitialSeed = Strong<secure_vector<uint8_t>, struct CmceInitialSeed_> |
| Represents initial delta of keygen. | |
| using | CmceIrreducibleBits = Strong<secure_vector<uint8_t>, struct CmceIrreducibleBits_> |
| using | CmceKeyGenSeed = Strong<secure_vector<uint8_t>, struct CmceKeyGenSeed_> |
| Represents a delta (can be altered; final value stored in private key). | |
| using | CmceOrderingBits = Strong<secure_vector<uint8_t>, struct CmceOrderingBits_> |
| using | CmcePermutation = Strong<secure_vector<uint16_t>, struct CmcePermutation_> |
| Represents a permutation (pi in spec). Used in field ordering creation. | |
| using | CmcePermutationElement = Strong<uint16_t, struct CmcePermutationElement_> |
| Represents an element of a permutation (pi in spec). Used in field ordering creation. | |
| using | CmceRejectionSeed = Strong<secure_vector<uint8_t>, struct CmceRejectionSeed_> |
| Represents s of private key. | |
| typedef X25519_PrivateKey | Curve25519_PrivateKey |
| typedef X25519_PublicKey | Curve25519_PublicKey |
| using | DilithiumCommitmentHash = Strong<std::vector<uint8_t>, struct DilithiumCommitmentHash_> |
| Hash of the message representative and the signer's commitment. | |
| using | DilithiumHashedPublicKey = Strong<std::vector<uint8_t>, struct DilithiumHashedPublicKey_> |
| using | DilithiumInternalKeypair |
| Internal representation of a Dilithium key pair. | |
| using | DilithiumMessageRepresentative = Strong<std::vector<uint8_t>, struct DilithiumMessageRepresentative_> |
| Representation of the message to be signed. | |
| using | DilithiumOptionalRandomness = Strong<secure_vector<uint8_t>, struct DilithiumOptionalRandomness_> |
| Optional randomness 'rnd' used for rho prime computation in ML-DSA. | |
| using | DilithiumPoly = Botan::CRYSTALS::Polynomial<DilithiumPolyTraits, Botan::CRYSTALS::Domain::Normal> |
| using | DilithiumPolyMatNTT = Botan::CRYSTALS::PolynomialMatrix<DilithiumPolyTraits> |
| using | DilithiumPolyNTT = Botan::CRYSTALS::Polynomial<DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT> |
| using | DilithiumPolyVec = Botan::CRYSTALS::PolynomialVector<DilithiumPolyTraits, Botan::CRYSTALS::Domain::Normal> |
| using | DilithiumPolyVecNTT = Botan::CRYSTALS::PolynomialVector<DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT> |
| using | DilithiumSeedRandomness = Strong<secure_vector<uint8_t>, struct DilithiumSeedRandomness_> |
| Principal seed used to generate Dilithium key pairs. | |
| using | DilithiumSeedRho = Strong<std::vector<uint8_t>, struct DilithiumPublicSeed_> |
| Public seed to sample the polynomial matrix A from. | |
| using | DilithiumSeedRhoPrime = Strong<secure_vector<uint8_t>, struct DilithiumSeedRhoPrime_> |
| Private seed to sample the polynomial vectors s1 and s2 from. | |
| using | DilithiumSerializedCommitment = Strong<std::vector<uint8_t>, struct DilithiumSerializedCommitment_> |
| Serialized representation of a commitment w1. | |
| using | DilithiumSerializedPrivateKey = Strong<secure_vector<uint8_t>, struct DilithiumSerializedPrivateKey_> |
| Serialized private key data. | |
| using | DilithiumSerializedPublicKey = Strong<std::vector<uint8_t>, struct DilithiumSerializedPublicKey_> |
| Serialized public key data (result of pkEncode(pk)). | |
| using | DilithiumSerializedSignature = Strong<std::vector<uint8_t>, struct DilithiumSerializedSignature_> |
| Serialized signature data. | |
| using | DilithiumSigningSeedK = Strong<secure_vector<uint8_t>, struct DilithiumSeedK_> |
| Private seed K used during signing. | |
| using | ForsLeafSecret = Strong<secure_vector<uint8_t>, struct ForsLeafSecret_> |
| using | ForsSignature = Strong<std::vector<uint8_t>, struct ForsSignature_> |
| using | FrodoDomainSeparator = Strong<std::array<uint8_t, 1>, struct FrodoDomainSeparator_> |
| using | FrodoIntermediateSharedSecret = Strong<secure_vector<uint8_t>, struct FrodoIntermediateSharedSecret_> |
| using | FrodoPackedMatrix = Strong<std::vector<uint8_t>, struct FrodoPackedMatrix_> |
| using | FrodoPlaintext = Strong<secure_vector<uint8_t>, struct FrodoPlaintext_> |
| using | FrodoPublicKeyHash = Strong<std::vector<uint8_t>, struct FrodoPublicKeyHash_> |
| using | FrodoSalt = Strong<std::vector<uint8_t>, struct FrodoSalt_> |
| using | FrodoSampleR = Strong<secure_vector<uint8_t>, struct FrodoSampleR_> |
| using | FrodoSeedA = Strong<std::vector<uint8_t>, struct FrodoSeedA_> |
| using | FrodoSeedS = Strong<secure_vector<uint8_t>, struct FrodoSeedS_> |
| using | FrodoSeedSE = Strong<secure_vector<uint8_t>, struct FrodoSeedSE_> |
| using | FrodoSeedZ = Strong<std::vector<uint8_t>, struct FrodoSeedZ_> |
| using | FrodoSerializedMatrix = Strong<secure_vector<uint8_t>, struct FrodoSerializedMatrix_> |
| using | GenerateLeafFunction = std::function<void(StrongSpan<SphincsTreeNode> , TreeNodeIndex)> |
| typedef uint16_t | gf2m |
| using | HSS_Level = Strong<uint32_t, struct HSS_Level_, EnableArithmeticWithPlainNumber> |
| The HSS layer in the HSS multi tree starting at 0 from the root. | |
| using | HSS_Sig_Idx = Strong<uint64_t, struct HSS_Sig_Idx_, EnableArithmeticWithPlainNumber> |
| The index of a node within a specific LMS tree layer. | |
| using | HypertreeLayerIndex = Strong<uint32_t, struct HypertreeLayerIndex_> |
| Index of a layer in the XMSS hyper-tree. | |
| using | InitializationVector = OctetString |
| typedef Invalid_Authentication_Tag | Integrity_Failure |
| using | KyberCompressedCiphertext = Strong<std::vector<uint8_t>, struct KyberCompressedCiphertext_> |
| Compressed and serialized ciphertext value. | |
| using | KyberEncryptionRandomness = Strong<secure_vector<uint8_t>, struct KyberEncryptionRandomness_> |
| Random value used to generate the Kyber ciphertext. | |
| using | KyberHashedCiphertext = Strong<std::vector<uint8_t>, struct KyberHashedCiphertext_> |
| using | KyberHashedPublicKey = Strong<std::vector<uint8_t>, struct KyberHashedPublicKey_> |
| Hash value of the serialized public key. | |
| using | KyberImplicitRejectionValue = Strong<secure_vector<uint8_t>, struct KyberImplicitRejectionValue_> |
| Secret random value (called Z in the spec), used for implicit rejection in the decapsulation. | |
| using | KyberInternalKeypair |
| using | KyberMessage = Strong<secure_vector<uint8_t>, struct KyberMessage_> |
| Random message value to be encrypted by the CPA-secure Kyber encryption scheme. | |
| using | KyberPoly = Botan::CRYSTALS::Polynomial<KyberPolyTraits, Botan::CRYSTALS::Domain::Normal> |
| using | KyberPolyMat = Botan::CRYSTALS::PolynomialMatrix<KyberPolyTraits> |
| using | KyberPolyNTT = Botan::CRYSTALS::Polynomial<KyberPolyTraits, Botan::CRYSTALS::Domain::NTT> |
| using | KyberPolyVec = Botan::CRYSTALS::PolynomialVector<KyberPolyTraits, Botan::CRYSTALS::Domain::Normal> |
| using | KyberPolyVecNTT = Botan::CRYSTALS::PolynomialVector<KyberPolyTraits, Botan::CRYSTALS::Domain::NTT> |
| using | KyberSamplingRandomness = Strong<secure_vector<uint8_t>, struct KyberSamplingRandomness_> |
| PRF value used for sampling of error polynomials. | |
| using | KyberSeedRandomness = Strong<secure_vector<uint8_t>, struct KyberSeedRandomness_> |
| Principal seed used to generate Kyber key pairs. | |
| using | KyberSeedRho = Strong<std::vector<uint8_t>, struct KyberSeedRho_> |
| Public seed value to generate the Kyber matrix A. | |
| using | KyberSeedSigma = Strong<secure_vector<uint8_t>, struct KyberSeedSigma_> |
| Private seed used to generate polynomial vectors s and e during key generation. | |
| using | KyberSerializedPublicKey = Strong<std::vector<uint8_t>, struct KyberSerializedPublicKey_> |
| Public key in serialized form (t || rho). | |
| using | KyberSharedSecret = Strong<secure_vector<uint8_t>, struct KyberSharedSecret_> |
| Shared secret value generated during encapsulation and recovered during decapsulation. | |
| using | KyberSigmaOrEncryptionRandomness |
| Variant value of either a KyberSeedSigma or a KyberEncryptionRandomness. | |
| using | LMOTS_K = Strong<std::vector<uint8_t>, struct LMOTS_K_> |
| The K value from the LM-OTS public key. | |
| using | LMOTS_Node = Strong<secure_vector<uint8_t>, struct LMOTS_Node_> |
| One node within one LM-OTS hash chain. | |
| using | LMOTS_Signature_Bytes = Strong<std::vector<uint8_t>, struct LMOTS_Signature_Bytes_> |
| Byte vector of an LM-OTS signature. | |
| using | LMS_AuthenticationPath = Strong<std::vector<uint8_t>, struct LMS_AuthenticationPath_> |
| The authentication path of an LMS signature. | |
| using | LMS_Identifier = Strong<std::vector<uint8_t>, struct LMS_Identifier_> |
| The identifier of an LMS tree (I in RFC 8554). | |
| using | LMS_Message = Strong<std::vector<uint8_t>, struct LMS_Message_> |
| A message that is signed with an LMS tree. | |
| using | LMS_Seed = Strong<secure_vector<uint8_t>, struct LMS_SEED_> |
| Seed of the LMS tree, used to generate the LM-OTS private keys. | |
| using | LMS_Signature_Bytes = Strong<std::vector<uint8_t>, struct LMS_Signature_Bytes_> |
| Raw bytes of an LMS signature. | |
| using | LMS_Tree_Node = Strong<std::vector<uint8_t>, struct LMS_Tree_Node_> |
| A node with the LMS tree. | |
| using | LMS_Tree_Node_Idx = Strong<uint32_t, struct LMS_Tree_Node_Idx_, EnableArithmeticWithPlainNumber> |
| The index of a node within a specific LMS tree layer. | |
| template<typename T> | |
| using | lock_guard_type = lock_guard<T> |
| typedef MessageAuthenticationCode | MAC |
| using | ML_DSA_Mode = DilithiumMode |
| using | ML_DSA_PrivateKey = Dilithium_PrivateKey |
| using | ML_DSA_PublicKey = Dilithium_PublicKey |
| using | ML_KEM_Mode = KyberMode |
| using | ML_KEM_PrivateKey = Kyber_PrivateKey |
| using | ML_KEM_PublicKey = Kyber_PublicKey |
| using | mutex_type = noop_mutex |
| template<std::signed_integral T> | |
| using | next_longer_int_t |
| template<std::unsigned_integral T> | |
| using | next_longer_uint_t |
| using | Point448 = Strong<std::array<uint8_t, X448_LEN>, struct Point448_> |
| typedef EC_Point | PointGFp |
| using | recursive_mutex_type = noop_mutex |
| typedef RandomNumberGenerator | RNG |
| typedef PBKDF | S2K |
| using | s32bit = std::int32_t |
| using | ScalarX448 = Strong<std::array<uint8_t, X448_LEN>, struct ScalarX448_> |
| using | secure_bitvector = bitvector_base<secure_allocator> |
| template<typename T> | |
| using | secure_deque = std::deque<T, secure_allocator<T>> |
| template<typename T> | |
| using | secure_vector = std::vector<T, secure_allocator<T>> |
| template<typename T> | |
| using | SecureVector = secure_vector<T> |
| typedef SM2_PrivateKey | SM2_Encryption_PrivateKey |
| typedef SM2_PublicKey | SM2_Encryption_PublicKey |
| typedef SM2_PrivateKey | SM2_Signature_PrivateKey |
| typedef SM2_PublicKey | SM2_Signature_PublicKey |
| using | SphincsAuthenticationPath = Strong<std::vector<uint8_t>, struct SphincsAuthenticationPath_> |
| using | SphincsContext = Strong<std::vector<uint8_t>, struct SphincsContext_> |
| using | SphincsHashedMessage = Strong<std::vector<uint8_t>, struct SphincsHashedMessage_> |
| using | SphincsHypertreeSignature = Strong<std::vector<uint8_t>, struct SphincsXmssSignature_> |
| using | SphincsInputMessage = Strong<std::vector<uint8_t>, struct SphincsInputMessage_> |
| using | SphincsMessagePrefix = Strong<std::vector<uint8_t>, struct SphincsMessagePrefix_> |
| using | SphincsMessageRandomness = Strong<secure_vector<uint8_t>, struct SphincsMessageRandomness_> |
| using | SphincsOptionalRandomness = Strong<secure_vector<uint8_t>, struct SphincsOptionalRandomness_> |
| using | SphincsPublicSeed = Strong<std::vector<uint8_t>, struct SphincsPublicSeed_> |
| using | SphincsSecretPRF = Strong<secure_vector<uint8_t>, struct SphincsSecretPRF_> |
| using | SphincsSecretSeed = Strong<secure_vector<uint8_t>, struct SphincsSecretSeed_> |
| using | SphincsTreeNode = Strong<std::vector<uint8_t>, struct SphincsTreeNode_> |
| Either an XMSS or FORS tree node or leaf. | |
| using | SphincsXmssSignature = Strong<std::vector<uint8_t>, struct SphincsXmssSignature_> |
| template<typename T> | |
| using | strong_type_wrapped_type = typename detail::wrapped_type_helper<std::remove_cvref_t<T>>::type |
| Extracts the wrapped type from a strong type. | |
| using | SymmetricKey = OctetString |
| using | TreeLayerIndex = Strong<uint32_t, struct TreeLayerIndex_, EnableArithmeticWithPlainNumber> |
| Index of the layer within a FORS/XMSS tree. | |
| using | TreeNodeIndex = Strong<uint32_t, struct TreeNodeIndex_, EnableArithmeticWithPlainNumber> |
| Index of an individual node inside an XMSS or FORS tree. | |
| using | u16bit = std::uint16_t |
| using | u32bit = std::uint32_t |
| using | u64bit = std::uint64_t |
| using | word = std::conditional_t<HasNative64BitRegisters, std::uint64_t, uint32_t> |
| typedef std::vector< secure_vector< uint8_t > > | wots_keysig_t |
| using | WotsChainIndex = Strong<uint32_t, struct WotsChainIndex_> |
| Index of a WOTS chain within a single usage of WOTS. | |
| using | WotsHashIndex = Strong<uint8_t, struct WotsHashIndex_, EnableArithmeticWithPlainNumber> |
| Index of a hash application inside a single WOTS chain (integers in "base_w"). | |
| using | WotsNode = Strong<secure_vector<uint8_t>, struct WotsNode_> |
| Start (or intermediate) node of a WOTS+ chain. | |
| using | WotsPublicKey = Strong<std::vector<uint8_t>, struct WotsPublicKey_> |
| using | WotsPublicKeyNode = Strong<std::vector<uint8_t>, struct WotsPublicKeyNode_> |
| End node of a WOTS+ chain (part of the WOTS+ public key). | |
| using | WotsSignature = Strong<secure_vector<uint8_t>, struct WotsSignature_> |
| typedef ASN1_Time | X509_Time |
| using | XmssTreeIndexInLayer = Strong<uint64_t, struct XmssTreeIndexInLayer_, EnableArithmeticWithPlainNumber> |
| Index of an XMSS tree (unique for just the local hyper-tree layer). | |
Functions | |
| BigInt | abs (const BigInt &n) |
| void | absorb_into_sponge (detail::SpongeLikeWithTrivialPermute auto &sponge, std::span< const uint8_t > input) |
| template<detail::SpongeLike SpongeT> | |
| void | absorb_into_sponge (SpongeT &sponge, std::span< const uint8_t > input, const detail::PermutationFn auto &permutation_fn) |
| BOTAN_MALLOC_FN void * | allocate_memory (size_t elems, size_t elem_size) |
| template<typename... Ptrs> | |
| bool | any_null_pointers (Ptrs... ptr) |
| void | argon2 (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t key[], size_t key_len, const uint8_t ad[], size_t ad_len, uint8_t y, size_t p, size_t M, size_t t) |
| bool | argon2_check_pwhash (const char *password, size_t password_len, std::string_view input_hash) |
| std::string | argon2_generate_pwhash (const char *password, size_t password_len, RandomNumberGenerator &rng, size_t p, size_t M, size_t t, uint8_t y, size_t salt_len, size_t output_len) |
| std::span< const uint8_t > | as_span_of_bytes (const char *s, size_t len) |
| std::span< const uint8_t > | as_span_of_bytes (const std::string &s) |
| std::span< const uint8_t > | as_span_of_bytes (std::string_view s) |
| std::string | asn1_class_to_string (ASN1_Class type) |
| std::string | asn1_tag_to_string (ASN1_Type type) |
| void | assert_unreachable (const char *file, int line) |
| void | assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line) |
| secure_vector< uint8_t > | base32_decode (const char input[], size_t input_length, bool ignore_ws) |
| secure_vector< uint8_t > | base32_decode (std::string_view input, bool ignore_ws) |
| size_t | base32_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws) |
| size_t | base32_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws) |
| size_t | base32_decode (uint8_t output[], std::string_view input, bool ignore_ws) |
| size_t | base32_decode_max_output (size_t input_length) |
| size_t | base32_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs) |
| std::string | base32_encode (const uint8_t input[], size_t input_length) |
| std::string | base32_encode (std::span< const uint8_t > input) |
| size_t | base32_encode_max_output (size_t input_length) |
| std::vector< uint8_t > | base58_check_decode (const char input[], size_t input_length) |
| std::vector< uint8_t > | base58_check_decode (std::string_view s) |
| std::string | base58_check_encode (const uint8_t input[], size_t input_length) |
| std::string | base58_check_encode (std::span< const uint8_t > vec) |
| std::vector< uint8_t > | base58_decode (const char input[], size_t input_length) |
| std::vector< uint8_t > | base58_decode (std::string_view s) |
| std::string | base58_encode (const uint8_t input[], size_t input_length) |
| std::string | base58_encode (std::span< const uint8_t > vec) |
| secure_vector< uint8_t > | base64_decode (const char input[], size_t input_length, bool ignore_ws) |
| size_t | base64_decode (std::span< uint8_t > output, std::string_view input, bool ignore_ws) |
| secure_vector< uint8_t > | base64_decode (std::string_view input, bool ignore_ws) |
| size_t | base64_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws) |
| size_t | base64_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws) |
| size_t | base64_decode (uint8_t output[], std::string_view input, bool ignore_ws) |
| size_t | base64_decode_max_output (size_t input_length) |
| size_t | base64_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs) |
| std::string | base64_encode (const uint8_t input[], size_t input_length) |
| std::string | base64_encode (std::span< const uint8_t > input) |
| size_t | base64_encode_max_output (size_t input_length) |
| template<typename Base> | |
| size_t | base_decode (const Base &base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true) |
| template<typename Base> | |
| size_t | base_decode_full (const Base &base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws) |
| template<typename Vector, typename Base> | |
| Vector | base_decode_to_vec (const Base &base, const char input[], size_t input_length, bool ignore_ws) |
| template<class Base> | |
| size_t | base_encode (const Base &base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs) |
| template<typename Base> | |
| std::string | base_encode_to_string (const Base &base, const uint8_t input[], size_t input_length) |
| BOTAN_FUZZER_API void | basecase_mul (word z[], size_t z_size, const word x[], size_t x_size, const word y[], size_t y_size) |
| BOTAN_FUZZER_API void | basecase_sqr (word z[], size_t z_size, const word x[], size_t x_size) |
| template<typename C, size_t WindowBits, typename BlindedScalar> | |
| C::ProjectivePoint | basemul_booth_exec (std::span< const typename C::AffinePoint > table, const BlindedScalar &scalar, RandomNumberGenerator &rng) |
| template<typename C, size_t WindowBits> | |
| std::vector< typename C::AffinePoint > | basemul_booth_setup (const typename C::AffinePoint &p, size_t max_scalar_bits) |
| template<typename C, size_t WindowBits, typename BlindedScalar> | |
| C::ProjectivePoint | basemul_exec (std::span< const typename C::AffinePoint > table, const BlindedScalar &scalar, RandomNumberGenerator &rng) |
| template<typename C, size_t WindowBits> | |
| std::vector< typename C::AffinePoint > | basemul_setup (const typename C::AffinePoint &p, size_t max_scalar_bits) |
| void | bcrypt_pbkdf (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t rounds) |
| template<WordType W> | |
| constexpr auto | bigint_add2 (W x[], size_t x_size, const W y[], size_t y_size) -> W |
| template<WordType W> | |
| constexpr auto | bigint_add3 (W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W |
| template<WordType W> | |
| constexpr int32_t | bigint_cmp (const W x[], size_t x_size, const W y[], size_t y_size) |
| template<WordType W> | |
| constexpr void | bigint_cnd_abs (W cnd, W x[], size_t size) |
| template<WordType W> | |
| constexpr W | bigint_cnd_add (W cnd, W x[], const W y[], size_t size) |
| template<WordType W> | |
| constexpr auto | bigint_cnd_sub (W cnd, W x[], const W y[], size_t size) -> W |
| template<WordType W> | |
| constexpr void | bigint_cnd_swap (W cnd, W x[], W y[], size_t size) |
| void | bigint_comba_mul16 (word z[32], const word x[16], const word y[16]) |
| void | bigint_comba_mul24 (word z[48], const word x[24], const word y[24]) |
| void | bigint_comba_mul4 (word z[8], const word x[4], const word y[4]) |
| void | bigint_comba_mul6 (word z[12], const word x[6], const word y[6]) |
| void | bigint_comba_mul7 (word z[14], const word x[7], const word y[7]) |
| void | bigint_comba_mul8 (word z[16], const word x[8], const word y[8]) |
| void | bigint_comba_mul9 (word z[18], const word x[9], const word y[9]) |
| void | bigint_comba_sqr16 (word z[32], const word x[16]) |
| void | bigint_comba_sqr24 (word z[48], const word x[24]) |
| void | bigint_comba_sqr4 (word z[8], const word x[4]) |
| void | bigint_comba_sqr6 (word z[12], const word x[6]) |
| void | bigint_comba_sqr7 (word z[14], const word x[7]) |
| void | bigint_comba_sqr8 (word z[16], const word x[8]) |
| void | bigint_comba_sqr9 (word z[18], const word x[9]) |
| template<WordType W> | |
| constexpr auto | bigint_ct_is_eq (const W x[], size_t x_size, const W y[], size_t y_size) -> CT::Mask< W > |
| template<WordType W> | |
| constexpr auto | bigint_ct_is_lt (const W x[], size_t x_size, const W y[], size_t y_size, bool lt_or_equal=false) -> CT::Mask< W > |
| template<WordType W> | |
| constexpr auto | bigint_linmul2 (W x[], size_t x_size, W y) -> W |
| template<WordType W> | |
| constexpr void | bigint_linmul3 (W z[], const W x[], size_t x_size, W y) |
| template<WordType W> | |
| constexpr void | bigint_monty_maybe_sub (size_t N, W z[], W x0, const W x[], const W p[]) |
| template<size_t N, WordType W> | |
| constexpr void | bigint_monty_maybe_sub (W z[N], W x0, const W x[N], const W y[N]) |
| void | bigint_monty_redc (word r[], const word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) |
| BOTAN_FUZZER_API void | bigint_monty_redc_12 (word r[12], const word z[24], const word p[12], word p_dash, word ws[12]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_16 (word r[16], const word z[32], const word p[16], word p_dash, word ws[16]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_24 (word r[24], const word z[48], const word p[24], word p_dash, word ws[24]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_32 (word r[32], const word z[64], const word p[32], word p_dash, word ws[32]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_4 (word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_6 (word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_8 (word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) |
| BOTAN_FUZZER_API void | bigint_monty_redc_generic (word r[], const word z[], size_t z_size, const word p[], size_t p_size, word p_dash, word ws[]) |
| void | bigint_monty_redc_inplace (word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) |
| void | bigint_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size) |
| template<WordType W> | |
| constexpr void | bigint_shl1 (W x[], size_t x_size, size_t x_words, size_t shift) |
| template<WordType W> | |
| constexpr void | bigint_shl2 (W y[], const W x[], size_t x_size, size_t shift) |
| template<WordType W> | |
| constexpr void | bigint_shr1 (W x[], size_t x_size, size_t shift) |
| template<WordType W> | |
| constexpr void | bigint_shr2 (W y[], const W x[], size_t x_size, size_t shift) |
| void | bigint_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size) |
| template<WordType W> | |
| constexpr auto | bigint_sub2 (W x[], size_t x_size, const W y[], size_t y_size) -> W |
| template<WordType W> | |
| constexpr void | bigint_sub2_rev (W x[], const W y[], size_t y_size) |
| template<WordType W> | |
| constexpr auto | bigint_sub3 (W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W |
| template<WordType W> | |
| constexpr auto | bigint_sub_abs (W z[], const W x[], const W y[], size_t N, W ws[]) -> CT::Mask< W > |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | bit_permute_step (T x, T mask, size_t shift) |
| size_t | bit_size_to_32bit_size (size_t bit_size) |
| size_t | bit_size_to_byte_size (size_t bit_size) |
| constexpr auto | bitlen (size_t x) |
| template<size_t WindowBits, std::unsigned_integral T> | |
| constexpr std::pair< size_t, CT::Choice > | booth_recode (T x) |
| template<typename T, typename Alloc, typename Alloc2> | |
| size_t | buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input) |
| template<typename T, typename Alloc> | |
| size_t | buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length) |
| std::string | bytes_to_string (std::span< const uint8_t > bytes) |
| template<WordType W, size_t N, size_t L> | |
| constexpr auto | bytes_to_words (std::span< const uint8_t, L > bytes) |
| template<size_t S, int64_t MUL = 1> requires (S > 0 && S < 64) | |
| void | carry (int64_t &h0, int64_t &h1) |
| template<size_t S> requires (S > 0 && S < 32) | |
| void | carry0 (int32_t &h0, int32_t &h1) |
| template<size_t S> requires (S > 0 && S < 64) | |
| void | carry0 (int64_t &h0, int64_t &h1) |
| constexpr uint64_t | carry_shift (const donna128 &a, size_t shift) |
| uint8_t * | cast_char_ptr_to_uint8 (char *s) |
| const uint8_t * | cast_char_ptr_to_uint8 (const char *s) |
| const char * | cast_uint8_ptr_to_char (const uint8_t *b) |
| char * | cast_uint8_ptr_to_char (uint8_t *b) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | ceil_division (T a, T b) |
| template<std::unsigned_integral T> requires (sizeof(T) < 32) | |
| constexpr uint8_t | ceil_log2 (T x) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | ceil_tobytes (T bits) |
| std::vector< WotsHashIndex > | chain_lengths (const SphincsTreeNode &msg, const Sphincs_Parameters ¶ms) |
| std::string | check_and_canonicalize_dns_name (std::string_view name) |
| bool | check_bcrypt (std::string_view pass, std::string_view hash) |
| bool | check_passhash9 (std::string_view pass, std::string_view hash) |
| template<std::unsigned_integral T> | |
| constexpr std::optional< T > | checked_add (T a, T b) |
| template<std::unsigned_integral T, std::unsigned_integral... Ts> requires all_same_v<T, Ts...> | |
| constexpr std::optional< T > | checked_add (T a, T b, Ts... rest) |
| template<typename RT, typename AT> requires std::integral<strong_type_wrapped_type<RT>> && std::integral<strong_type_wrapped_type<AT>> | |
| constexpr RT | checked_cast_to (AT i) |
| template<typename RT, typename ExceptionType, typename AT> requires std::integral<strong_type_wrapped_type<RT>> && std::integral<strong_type_wrapped_type<AT>> | |
| constexpr RT | checked_cast_to_or_throw (AT i, std::string_view error_msg_on_fail) |
| template<std::unsigned_integral T> | |
| constexpr std::optional< T > | checked_mul (T a, T b) |
| template<std::unsigned_integral T> | |
| constexpr std::optional< T > | checked_sub (T a, T b) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | choose (T mask, T a, T b) |
| constexpr void | clear_bytes (void *ptr, size_t bytes) |
| template<ranges::contiguous_output_range R> requires std::is_trivially_copyable_v<std::ranges::range_value_t<R>> | |
| constexpr void | clear_mem (R &&mem) |
| template<typename T> | |
| constexpr void | clear_mem (T *ptr, size_t n) |
| template<int M> | |
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 | clmul (const SIMD_4x32 &H, const SIMD_4x32 &x) |
| template<size_t N, WordType W> | |
| constexpr void | comba_mul (W z[2 *N], const W x[N], const W y[N]) |
| template<size_t N, WordType W> | |
| constexpr void | comba_sqr (W z[2 *N], const W x[N]) |
| constexpr uint64_t | combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2) |
| void | commoncrypto_adjust_key_size (const uint8_t key[], size_t length, const CommonCryptor_Opts &opts, secure_vector< uint8_t > &full_key) |
| CommonCryptor_Opts | commoncrypto_opts_from_algo (std::string_view algo) |
| CommonCryptor_Opts | commoncrypto_opts_from_algo_name (std::string_view algo_name) |
| void | compute_root (StrongSpan< SphincsTreeNode > out, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes, const SphincsTreeNode &leaf, TreeNodeIndex leaf_idx, uint32_t idx_offset, StrongSpan< const SphincsAuthenticationPath > authentication_path, uint32_t total_tree_height, Sphincs_Address &tree_address) |
| template<concepts::contiguous_strong_type TreeNode, concepts::strong_span AuthPathSS, concepts::tree_node_index TreeNodeIndex, concepts::tree_layer_index TreeLayerIndex, typename Address> requires concepts::tree_address<Address, TreeLayerIndex, TreeNodeIndex> | |
| void | compute_root (StrongSpan< TreeNode > out_root, AuthPathSS authentication_path, TreeNodeIndex leaf_idx, StrongSpan< const TreeNode > leaf, size_t node_size, TreeLayerIndex total_tree_height, uint32_t idx_offset, concepts::tree_hash_node_pair< TreeNodeIndex, TreeLayerIndex, Address, StrongSpan< TreeNode > > auto node_pair_hash, Address &tree_address) |
| Uses an authentication path and a leaf node to reconstruct the root node of a merkle tree. | |
| BigInt | compute_rsa_secret_exponent (const BigInt &e, const BigInt &phi_n, const BigInt &p, const BigInt &q) |
| template<typename OutR = detail::AutoDetect, ranges::spanable_range... Rs> requires (all_same_v<std::ranges::range_value_t<Rs>...>) | |
| constexpr auto | concat (Rs &&... ranges) |
| bool | constant_time_compare (const uint8_t x[], const uint8_t y[], size_t len) |
| bool | constant_time_compare (std::span< const uint8_t > x, std::span< const uint8_t > y) |
| template<ranges::contiguous_output_range OutR, ranges::contiguous_range InR> requires std::is_same_v<std::ranges::range_value_t<OutR>, std::ranges::range_value_t<InR>> && std::is_trivially_copyable_v<std::ranges::range_value_t<InR>> | |
| constexpr void | copy_mem (OutR &&out, const InR &in) |
| template<typename T> requires std::is_trivial_v<std::decay_t<T>> | |
| constexpr void | copy_mem (T *out, const T *in, size_t n) |
| template<ranges::spanable_range InR> | |
| void | copy_out_be (std::span< uint8_t > out, const InR &in) |
| template<ranges::spanable_range InR> | |
| void | copy_out_le (std::span< uint8_t > out, const InR &in) |
| template<WordType W, size_t N> | |
| consteval size_t | count_bits (const std::array< W, N > &p) |
| auto | create_aes_row_generator (const FrodoKEMConstants &constants, StrongSpan< const FrodoSeedA > seed_a) |
| std::unique_ptr< Private_Key > | create_ec_private_key (std::string_view alg_name, const EC_Group &ec_group, RandomNumberGenerator &rng) |
| std::string | create_hex_fingerprint (const uint8_t bits[], size_t bits_len, std::string_view hash_name) |
| std::string | create_hex_fingerprint (std::span< const uint8_t > vec, std::string_view hash_name) |
| std::array< uint8_t, ED448_LEN > | create_pk_from_sk (std::span< const uint8_t, ED448_LEN > sk) |
| Create a public key point from a secret key (RFC 8032 5.2.5). | |
| std::unique_ptr< Private_Key > | create_private_key (std::string_view alg_name, RandomNumberGenerator &rng, std::string_view params, std::string_view provider) |
| auto | create_shake_row_generator (const FrodoKEMConstants &constants, StrongSpan< const FrodoSeedA > seed_a) |
| std::span< const uint8_t > | cstr_as_span_of_bytes (const char *s) |
| uint8_t | ct_compare_u8 (const uint8_t x[], const uint8_t y[], size_t len) |
| BigInt | ct_divide (const BigInt &x, const BigInt &y) |
| void | ct_divide (const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out) |
| BigInt | ct_divide_pow2k (size_t k, const BigInt &y) |
| BigInt | ct_divide_word (const BigInt &x, word y) |
| void | ct_divide_word (const BigInt &x, word y, BigInt &q_out, word &r_out) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | ct_expand_top_bit (T a) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr size_t | ct_if_is_zero_ret (T x, size_t s) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | ct_is_zero (T x) |
| word | ct_mod_word (const BigInt &x, word y) |
| BigInt | ct_modulo (const BigInt &x, const BigInt &y) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr uint8_t | ct_popcount (T x) |
| template<std::unsigned_integral T> | |
| constexpr T | ct_reverse_bits (T b) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr size_t | ctz (T n) |
| void | curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32]) |
| void | curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32]) |
| template<typename ProjectivePoint> | |
| constexpr ProjectivePoint | dbl_a_minus_3 (const ProjectivePoint &pt) |
| template<typename ProjectivePoint> | |
| constexpr ProjectivePoint | dbl_a_zero (const ProjectivePoint &pt) |
| template<typename ProjectivePoint, typename FieldElement> | |
| constexpr ProjectivePoint | dbl_generic (const ProjectivePoint &pt, const FieldElement &A) |
| template<typename ProjectivePoint> | |
| constexpr ProjectivePoint | dbl_n_a_minus_3 (const ProjectivePoint &pt, size_t n) |
| template<typename ProjectivePoint> | |
| constexpr ProjectivePoint | dbl_n_a_zero (const ProjectivePoint &pt, size_t n) |
| template<typename ProjectivePoint, typename FieldElement> | |
| constexpr ProjectivePoint | dbl_n_generic (const ProjectivePoint &pt, const FieldElement &A, size_t n) |
| void | deallocate_memory (void *p, size_t elems, size_t elem_size) |
| gf2m | decode_gf2m (const uint8_t *mem) |
| Point448 | decode_point (std::span< const uint8_t > p_bytes) |
| Decode a point from a byte array. RFC 7748 Section 5 (decodeUCoordinate). | |
| ScalarX448 | decode_scalar (std::span< const uint8_t > scalar_bytes) |
| Decode a scalar from a byte array. RFC 7748 Section 5 (decodeScalar448). | |
| template<WordType W, W div> requires (div == 10) | |
| consteval std::pair< W, size_t > | div_magic () |
| template<WordType W> | |
| constexpr W | divide_10 (W x) |
| size_t | dl_exponent_size (size_t p_bits) |
| size_t | dl_work_factor (size_t bits) |
| template<typename E, typename... Args> | |
| void | do_throw_error (const char *file, int line, const char *func, Args... args) |
| size_t | ecp_work_factor (size_t bits) |
| void | ed25519_basepoint_mul (std::span< uint8_t, 32 > out, const uint8_t in[32]) |
| void | ed25519_gen_keypair (uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32]) |
| void | ed25519_sign (uint8_t sig[64], const uint8_t m[], size_t mlen, const uint8_t sk[64], const uint8_t domain_sep[], size_t domain_sep_len) |
| bool | ed25519_verify (const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk, const uint8_t domain_sep[], size_t domain_sep_len) |
| bool | ed25519_verify (const uint8_t msg[], size_t msg_len, const uint8_t sig[64], const uint8_t pk[32], const uint8_t domain_sep[], size_t domain_sep_len) |
| uint32_t | encode_gf2m (gf2m to_enc, uint8_t *mem) |
| secure_vector< uint8_t > | encode_point (const Point448 &p) |
| Encode a point to a 56 byte vector. RFC 7748 Section 5 (encodeUCoordinate). | |
| RandomNumberGenerator & | esdm_rng () |
| template<typename T> | |
| uint16_t | expand_mask_16bit (T tst) |
| void | expand_message_xmd (std::string_view hash_fn, std::span< uint8_t > output, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) |
| template<std::integral T> | |
| consteval eea_result< T > | extended_euclidean_algorithm (T a, T b) |
| secure_vector< gf2m > | find_roots_gf2m_decomp (const polyn_gf2m &polyn, size_t code_length) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | floor_log2 (T n) |
| template<typename... T> | |
| std::string | fmt (std::string_view format, const T &... args) |
| std::string | format_char_for_display (char c) |
| SphincsTreeNode | fors_public_key_from_signature (const SphincsHashedMessage &hashed_message, StrongSpan< const ForsSignature > signature, const Sphincs_Address &address, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hash) |
| FIPS 205, Algorithm 17: fors_pkFromSig. | |
| SphincsTreeNode | fors_sign_and_pkgen (StrongSpan< ForsSignature > sig_out, const SphincsHashedMessage &hashed_message, const SphincsSecretSeed &secret_seed, const Sphincs_Address &address, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation). | |
| BigInt | gcd (const BigInt &a, const BigInt &b) |
| template<typename GeneralVariantT, typename SpecialT> requires (std::is_constructible_v<GeneralVariantT, std::decay_t<SpecialT>>) | |
| constexpr GeneralVariantT | generalize_to (SpecialT &&specific) |
| Converts a given variant into another variant-ish whose type states are a super set of the given variant. | |
| template<typename GeneralVariantT, typename... SpecialTs> | |
| constexpr GeneralVariantT | generalize_to (std::variant< SpecialTs... > specific) |
| Converts a given variant into another variant-ish whose type states are a super set of the given variant. | |
| std::string | generate_bcrypt (std::string_view pass, RandomNumberGenerator &rng, uint16_t work_factor, char version) |
| std::vector< uint8_t > | generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits) |
| bool | generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset) |
| McEliece_PrivateKey | generate_mceliece_key (RandomNumberGenerator &rng, size_t ext_deg, size_t code_length, size_t t) |
| std::string | generate_passhash9 (std::string_view pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id) |
| BigInt | generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, std::string_view hash) |
| BigInt | generate_rsa_prime (RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob) |
| AEAD_Mode * | get_aead (std::string_view name, Cipher_Dir direction) |
| template<size_t B, typename T> requires (B < sizeof(T)) | |
| constexpr uint8_t | get_byte (T input) |
| template<typename T> | |
| constexpr uint8_t | get_byte_var (size_t byte_num, T input) |
| Keyed_Filter * | get_cipher (std::string_view algo_spec, Cipher_Dir direction) |
| Keyed_Filter * | get_cipher (std::string_view algo_spec, const SymmetricKey &key, Cipher_Dir direction) |
| Keyed_Filter * | get_cipher (std::string_view algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction) |
| Cipher_Mode * | get_cipher_mode (std::string_view algo_spec, Cipher_Dir direction, std::string_view provider="") |
| std::vector< std::string > | get_files_recursive (std::string_view dir) |
| KDF * | get_kdf (std::string_view algo_spec) |
| PBKDF * | get_pbkdf (std::string_view algo_spec, std::string_view provider="") |
| PBKDF * | get_s2k (std::string_view algo_spec) |
| template<WordType W> | |
| constexpr uint32_t | get_uint32 (const W xw[], size_t i) |
| template<uint64_t A, uint8_t B> | |
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 | gf2p8affine (const SIMD_8x32 &x) |
| template<uint64_t A, uint8_t B> | |
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 | gf2p8affineinv (const SIMD_8x32 &x) |
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 | gf2p8mul (const SIMD_8x32 &a, const SIMD_8x32 &b) |
| consteval uint64_t | gfni_matrix (std::string_view s) |
| gf2m | gray_to_lex (gf2m gray) |
| bool | has_filesystem_impl () |
| template<typename C, bool RO, std::invocable< std::span< uint8_t > > ExpandMsg> requires C::ValidForSswuHash | |
| auto | hash_to_curve_sswu (const ExpandMsg &expand_message) -> std::conditional_t< RO, typename C::ProjectivePoint, typename C::AffinePoint > |
| std::vector< uint8_t > | hex_decode (const char input[], size_t input_length, bool ignore_ws) |
| size_t | hex_decode (std::span< uint8_t > output, std::string_view input, bool ignore_ws) |
| std::vector< uint8_t > | hex_decode (std::string_view input, bool ignore_ws) |
| size_t | hex_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws) |
| size_t | hex_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws) |
| size_t | hex_decode (uint8_t output[], std::string_view input, bool ignore_ws) |
| secure_vector< uint8_t > | hex_decode_locked (const char input[], size_t input_length, bool ignore_ws) |
| secure_vector< uint8_t > | hex_decode_locked (std::string_view input, bool ignore_ws) |
| void | hex_encode (char output[], const uint8_t input[], size_t input_length, bool uppercase) |
| std::string | hex_encode (const uint8_t input[], size_t input_length, bool uppercase) |
| std::string | hex_encode (std::span< const uint8_t > input, bool uppercase=true) |
| template<WordType W, size_t N> | |
| constexpr auto | hex_to_words (const char(&s)[N]) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr size_t | high_bit (T n) |
| secure_vector< uint8_t > | hkdf_expand_label (std::string_view hash_fn, std::span< const uint8_t > secret, std::string_view label, std::span< const uint8_t > hash_val, size_t length) |
| template<typename... Alts, typename... Ts> | |
| constexpr bool | holds_any_of (const std::variant< Ts... > &v) noexcept |
| bool | host_wildcard_match (std::string_view issued_, std::string_view host_) |
| void | ht_sign (StrongSpan< SphincsHypertreeSignature > out_sig, const SphincsTreeNode &message_to_sign, const SphincsSecretSeed &secret_seed, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 12: ht_sign. | |
| bool | ht_verify (const SphincsTreeNode &signed_msg, StrongSpan< const SphincsHypertreeSignature > ht_sig, const SphincsTreeNode &pk_root, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 13: ht_verify. | |
| uint8_t | ieee1363_hash_id (std::string_view name) |
| size_t | if_work_factor (size_t bits) |
| template<typename... T> | |
| constexpr void | ignore_params (const T &... args) |
| template<std::unsigned_integral T> | |
| constexpr size_t | index_of_first_set_byte (T v) |
| void | initialize_allocator () |
| bool | intersects (ASN1_Class x, ASN1_Class y) |
| BigInt | inverse_mod (const BigInt &n, const BigInt &mod) |
| std::optional< BigInt > | inverse_mod_general (const BigInt &x, const BigInt &mod) |
| BigInt | inverse_mod_public_prime (const BigInt &x, const BigInt &p) |
| BigInt | inverse_mod_rsa_public_modulus (const BigInt &x, const BigInt &n) |
| BigInt | inverse_mod_secret_prime (const BigInt &x, const BigInt &p) |
| template<typename C> | |
| constexpr auto | invert_field_element (const typename C::FieldElement &fe) |
| std::string | ipv4_to_string (uint32_t ip) |
| bool | is_bailie_psw_probable_prime (const BigInt &n, const Barrett_Reduction &mod_n) |
| template<typename GeneralVariantT, typename SpecialT> | |
| constexpr bool | is_generalizable_to (const SpecialT &) noexcept |
| template<typename GeneralVariantT, typename... SpecialTs> | |
| constexpr bool | is_generalizable_to (const std::variant< SpecialTs... > &) noexcept |
| bool | is_lucas_probable_prime (const BigInt &C, const Barrett_Reduction &mod_C) |
| bool | is_miller_rabin_probable_prime (const BigInt &n, const Barrett_Reduction &mod_n, RandomNumberGenerator &rng, size_t test_iterations) |
| bool | is_passhash9_alg_supported (uint8_t alg_id) |
| BigInt | is_perfect_square (const BigInt &C) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr bool | is_power_of_2 (T arg) |
| bool | is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random) |
| std::optional< uint32_t > | is_sub_element_of (const OID &oid, std::initializer_list< uint32_t > prefix) |
| int32_t | jacobi (BigInt a, BigInt n) |
| template<absorbing_object T, typename... Ts> requires (std::constructible_from<std::span<const uint8_t>, Ts> && ...) | |
| size_t | keccak_absorb_padded_strings_encoding (T &sink, size_t padding_mod, Ts... byte_strings) |
| size_t | keccak_int_encoding_size (size_t x) |
| std::span< const uint8_t > | keccak_int_left_encode (std::span< uint8_t > out, size_t x) |
| std::span< const uint8_t > | keccak_int_right_encode (std::span< uint8_t > out, size_t x) |
| constexpr size_t | keccak_max_int_encoding_size () |
| BOTAN_FORCE_INLINE void | Keccak_Permutation_round (uint64_t T[25], const uint64_t A[25], uint64_t RC) |
| std::string | key_constraints_to_string (Key_Constraints c) |
| std::string | latin1_to_utf8 (const uint8_t chars[], size_t len) |
| BigInt | lcm (const BigInt &a, const BigInt &b) |
| gf2m | lex_to_gray (gf2m lex) |
| LMOTS_K | lmots_compute_pubkey_from_sig (const LMOTS_Signature &sig, const LMS_Message &msg, const LMS_Identifier &identifier, LMS_Tree_Node_Idx q) |
| Compute a public key candidate for an OTS-signature-message pair and the OTS instance parameters. | |
| uint32_t | load_3 (const uint8_t in[3]) |
| uint32_t | load_4 (const uint8_t *in) |
| template<typename OutT = detail::AutoDetect, typename... ParamTs> | |
| constexpr auto | load_be (ParamTs &&... params) |
| template<typename OutT = detail::AutoDetect, typename... ParamTs> | |
| constexpr auto | load_le (ParamTs &&... params) |
| std::unique_ptr< Private_Key > | load_private_key (const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits) |
| std::unique_ptr< Public_Key > | load_public_key (const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits) |
| template<typename T> | |
| secure_vector< T > | lock (const std::vector< T > &in) |
| size_t | low_zero_bits (const BigInt &n) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | majority (T a, T b, T c) |
| std::unique_ptr< BlockCipher > | make_commoncrypto_block_cipher (std::string_view name) |
| std::unique_ptr< Cipher_Mode > | make_commoncrypto_cipher_mode (std::string_view name, Cipher_Dir direction) |
| std::unique_ptr< HashFunction > | make_commoncrypto_hash (std::string_view name) |
| Compression_Algorithm * | make_compressor (std::string_view type) |
| Decompression_Algorithm * | make_decompressor (std::string_view type) |
| constexpr uint16_t | make_uint16 (uint8_t i0, uint8_t i1) |
| constexpr uint32_t | make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3) |
| constexpr uint64_t | make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7) |
| template<typename T, typename Pred> | |
| void | map_remove_if (Pred pred, T &assoc) |
| template<typename C> | |
| auto | map_to_curve_sswu (const typename C::FieldElement &u) -> typename C::AffinePoint |
| secure_vector< uint8_t > | mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, size_t ciphertext_len, const McEliece_PrivateKey &key) |
| void | mceliece_decrypt (secure_vector< uint8_t > &plaintext, secure_vector< uint8_t > &error_mask, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key) |
| void | mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key) |
| void | mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng) |
| size_t | mceliece_work_factor (size_t n, size_t t) |
| template<typename F> | |
| uint64_t | measure_cost (uint64_t trial_msec, F func) |
| void | mgf1_mask (HashFunction &hash, std::span< const uint8_t > input, std::span< uint8_t > output) |
| size_t | miller_rabin_test_iterations (size_t n_bits, size_t prob, bool random) |
| template<std::integral T, std::integral T2 = next_longer_int_t<T>> requires (sizeof(T) <= 4) | |
| consteval T | modular_inverse (T q, T2 m=T2(1)<< sizeof(T) *8) |
| template<std::integral T> requires (sizeof(T) <= 4) | |
| consteval T | montgomery_R (T q) |
| template<std::integral T> requires (sizeof(T) <= 4) | |
| consteval T | montgomery_R2 (T q) |
| Montgomery_Int | monty_execute (const Montgomery_Exponentiation_State &precomputed_state, const BigInt &k, size_t max_k_bits) |
| Montgomery_Int | monty_execute_vartime (const Montgomery_Exponentiation_State &precomputed_state, const BigInt &k) |
| Montgomery_Int | monty_exp (const Montgomery_Params ¶ms_p, const BigInt &g, const BigInt &k, size_t max_k_bits) |
| Montgomery_Int | monty_exp_vartime (const Montgomery_Params ¶ms_p, const BigInt &g, const BigInt &k) |
| template<WordType W> | |
| constexpr auto | monty_inverse (W a) -> W |
| Montgomery_Int | monty_multi_exp (const Montgomery_Params ¶ms_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2) |
| std::shared_ptr< const Montgomery_Exponentiation_State > | monty_precompute (const Montgomery_Int &g, size_t window_bits, bool const_time) |
| std::shared_ptr< const Montgomery_Exponentiation_State > | monty_precompute (const Montgomery_Params ¶ms, const BigInt &g, size_t window_bits, bool const_time) |
| template<WordType W, size_t N> | |
| constexpr auto | monty_redc (const std::array< W, 2 *N > &z, const std::array< W, N > &p, W p_dash) -> std::array< W, N > |
| template<WordType W, size_t N> | |
| constexpr auto | monty_redc_pdash1 (const std::array< W, 2 *N > &z, const std::array< W, N > &p) -> std::array< W, N > |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | montygomery_r (const std::array< W, N > &p) |
| template<typename C, size_t WindowBits, typename BlindedScalar> | |
| C::ProjectivePoint | mul2_exec (const AffinePointTable< C > &table, const BlindedScalar &x, const BlindedScalar &y, RandomNumberGenerator &rng) |
| template<typename C, size_t WindowBits> | |
| std::vector< typename C::ProjectivePoint > | mul2_setup (const typename C::AffinePoint &p, const typename C::AffinePoint &q) |
| constexpr void | mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi) |
| Gf448Elem | mul_a24 (const Gf448Elem &a) |
| Multiply a field element by the Curve448 constant a24 = 39081. | |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | mul_mod (const std::array< W, N > &x, const std::array< W, N > &y, const std::array< W, N > &p) |
| EC_Point | multi_exponentiate (const EC_Point &p1, const BigInt &z1, const EC_Point &p2, const BigInt &z2) |
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 | mulx_polyval (const SIMD_4x32 &h) |
| secure_vector< uint8_t > | nist_key_unwrap (const uint8_t input[], size_t input_len, const BlockCipher &bc) |
| secure_vector< uint8_t > | nist_key_unwrap (std::span< const uint8_t > input, const BlockCipher &bc) |
| secure_vector< uint8_t > | nist_key_unwrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc) |
| secure_vector< uint8_t > | nist_key_unwrap_padded (std::span< const uint8_t > input, const BlockCipher &bc) |
| std::vector< uint8_t > | nist_key_wrap (const uint8_t input[], size_t input_len, const BlockCipher &bc) |
| std::vector< uint8_t > | nist_key_wrap (std::span< const uint8_t > input, const BlockCipher &bc) |
| std::vector< uint8_t > | nist_key_wrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc) |
| std::vector< uint8_t > | nist_key_wrap_padded (std::span< const uint8_t > input, const BlockCipher &bc) |
| CT::Option< size_t > | oaep_find_delim (std::span< const uint8_t > input, std::span< const uint8_t > phash) |
| bool | operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2) |
| bool | operator!= (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator!= (const BigInt &a, const BigInt &b) |
| bool | operator!= (const BigInt &a, word b) |
| bool | operator!= (const CRL_Entry &a1, const CRL_Entry &a2) |
| bool | operator!= (const EC_Group &lhs, const EC_Group &rhs) |
| bool | operator!= (const OctetString &s1, const OctetString &s2) |
| bool | operator!= (const OID &a, const OID &b) |
| template<typename T, typename U> | |
| bool | operator!= (const secure_allocator< T > &, const secure_allocator< U > &) |
| bool | operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2) |
| bool | operator!= (const X509_DN &dn1, const X509_DN &dn2) |
| BigInt | operator% (const BigInt &n, const BigInt &mod) |
| word | operator% (const BigInt &n, word mod) |
| template<bitvectorish T1, bitvectorish T2> | |
| auto | operator& (const T1 &lhs, const T2 &rhs) |
| ECIES_Flags | operator& (ECIES_Flags a, ECIES_Flags b) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator& (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator& (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator& (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator&= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator&= (Strong< T1, Tags... > &a, T2 b) |
| EC_Point | operator* (const BigInt &scalar, const EC_Point &point) |
| BigInt | operator* (const BigInt &x, const BigInt &y) |
| BigInt | operator* (const BigInt &x, word y) |
| template<std::integral T> | |
| constexpr donna128 | operator* (const donna128 &x, T y) |
| EC_Point | operator* (const EC_Point &point, const BigInt &scalar) |
| Ed25519_FieldElement | operator* (const Ed25519_FieldElement &x, const Ed25519_FieldElement &y) |
| Ed448Point | operator* (const Scalar448 &lhs, const Ed448Point &rhs) |
| Syntax sugar for scalar multiplication. | |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator* (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator* (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T> | |
| constexpr donna128 | operator* (T y, const donna128 &x) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator* (T1 a, Strong< T2, Tags... > b) |
| BigInt | operator* (word x, const BigInt &y) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator*= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator*= (Strong< T1, Tags... > &a, T2 b) |
| BigInt | operator+ (const BigInt &x, const BigInt &y) |
| BigInt | operator+ (const BigInt &x, word y) |
| constexpr donna128 | operator+ (const donna128 &x, const donna128 &y) |
| constexpr donna128 | operator+ (const donna128 &x, uint64_t y) |
| EC_Point | operator+ (const EC_Point &lhs, const EC_Point &rhs) |
| Ed25519_FieldElement | operator+ (const Ed25519_FieldElement &x, const Ed25519_FieldElement &y) |
| OctetString | operator+ (const OctetString &k1, const OctetString &k2) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator+ (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator+ (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator+ (T1 a, Strong< T2, Tags... > b) |
| BigInt | operator+ (word x, const BigInt &y) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator++ (Strong< T, Tags... > &a) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator++ (Strong< T, Tags... > &a, int) |
| template<typename T, typename Alloc, typename L> | |
| std::vector< T, Alloc > & | operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in) |
| template<typename T, typename Alloc, typename L> | |
| std::vector< T, Alloc > & | operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in) |
| template<typename T, typename Alloc, typename Alloc2> | |
| std::vector< T, Alloc > & | operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in) |
| template<typename T, typename Alloc> | |
| std::vector< T, Alloc > & | operator+= (std::vector< T, Alloc > &out, std::span< const T > in) |
| template<typename T, typename Alloc> | |
| std::vector< T, Alloc > & | operator+= (std::vector< T, Alloc > &out, T in) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator+= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator+= (Strong< T1, Tags... > &a, T2 b) |
| BigInt | operator- (const BigInt &x, const BigInt &y) |
| BigInt | operator- (const BigInt &x, word y) |
| EC_Point | operator- (const EC_Point &lhs) |
| EC_Point | operator- (const EC_Point &lhs, const EC_Point &rhs) |
| Ed25519_FieldElement | operator- (const Ed25519_FieldElement &x) |
| Ed25519_FieldElement | operator- (const Ed25519_FieldElement &x, const Ed25519_FieldElement &y) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator- (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator- (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator- (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator-- (Strong< T, Tags... > &a) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator-- (Strong< T, Tags... > &a, int) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator-= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator-= (Strong< T1, Tags... > &a, T2 b) |
| BigInt | operator/ (const BigInt &x, const BigInt &y) |
| BigInt | operator/ (const BigInt &x, word y) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator/ (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator/ (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator/ (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator/= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator/= (Strong< T1, Tags... > &a, T2 b) |
| bool | operator< (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator< (const BigInt &a, const BigInt &b) |
| bool | operator< (const BigInt &a, word b) |
| bool | operator< (const OID &a, const OID &b) |
| bool | operator< (const X509_DN &dn1, const X509_DN &dn2) |
| BigInt | operator<< (const BigInt &x, size_t shift) |
| int | operator<< (int fd, Pipe &pipe) |
| std::ostream & | operator<< (std::ostream &os, const GeneralName &gn) |
| std::ostream & | operator<< (std::ostream &os, const GeneralSubtree &gs) |
| template<typename T, typename... Tags> requires (concepts::streamable<T>) | |
| decltype(auto) | operator<< (std::ostream &os, const Strong< T, Tags... > &v) |
| std::ostream & | operator<< (std::ostream &out, const OID &oid) |
| std::ostream & | operator<< (std::ostream &out, const X509_DN &dn) |
| std::ostream & | operator<< (std::ostream &out, Pipe &pipe) |
| std::ostream & | operator<< (std::ostream &stream, const BigInt &n) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator<< (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator<< (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator<< (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator<<= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator<<= (Strong< T1, Tags... > &a, T2 b) |
| bool | operator<= (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator<= (const BigInt &a, const BigInt &b) |
| bool | operator<= (const BigInt &a, word b) |
| template<typename T, typename... Tags> requires (std::three_way_comparable<T>) | |
| auto | operator<=> (const Strong< T, Tags... > &lhs, const Strong< T, Tags... > &rhs) |
| template<std::integral T1, std::integral T2, typename... Tags> | |
| auto | operator<=> (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> | |
| auto | operator<=> (T1 a, Strong< T2, Tags... > b) |
| bool | operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2) |
| bool | operator== (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator== (const BigInt &a, const BigInt &b) |
| bool | operator== (const BigInt &a, word b) |
| bool | operator== (const Classic_McEliece_Polynomial_Ring::Big_F_Coefficient &lhs, const Classic_McEliece_Polynomial_Ring::Big_F_Coefficient &rhs) |
| bool | operator== (const CRL_Entry &a1, const CRL_Entry &a2) |
| bool | operator== (const OctetString &s1, const OctetString &s2) |
| template<typename T, typename U> | |
| bool | operator== (const secure_allocator< T > &, const secure_allocator< U > &) |
| template<typename T, typename... Tags> requires (std::equality_comparable<T>) | |
| bool | operator== (const Strong< T, Tags... > &lhs, const Strong< T, Tags... > &rhs) |
| template<bitvectorish T1, bitvectorish T2> | |
| bool | operator== (const T1 &lhs, const T2 &rhs) |
| bool | operator== (const X509_DN &dn1, const X509_DN &dn2) |
| template<std::integral T1, std::integral T2, typename... Tags> | |
| auto | operator== (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> | |
| auto | operator== (T1 a, Strong< T2, Tags... > b) |
| bool | operator> (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator> (const BigInt &a, const BigInt &b) |
| bool | operator> (const BigInt &a, word b) |
| bool | operator>= (const ASN1_Time &t1, const ASN1_Time &t2) |
| bool | operator>= (const BigInt &a, const BigInt &b) |
| bool | operator>= (const BigInt &a, word b) |
| BigInt | operator>> (const BigInt &x, size_t shift) |
| int | operator>> (int fd, Pipe &pipe) |
| std::istream & | operator>> (std::istream &in, Pipe &pipe) |
| std::istream & | operator>> (std::istream &in, X509_DN &dn) |
| std::istream & | operator>> (std::istream &stream, BigInt &n) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator>> (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator>> (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator>> (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator>>= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator>>= (Strong< T1, Tags... > &a, T2 b) |
| OctetString | operator^ (const OctetString &k1, const OctetString &k2) |
| template<bitvectorish T1, bitvectorish T2> | |
| auto | operator^ (const T1 &lhs, const T2 &rhs) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator^ (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator^ (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator^ (T1 a, Strong< T2, Tags... > b) |
| template<typename Alloc, typename Alloc2> | |
| std::vector< uint8_t, Alloc > & | operator^= (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator^= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator^= (Strong< T1, Tags... > &a, T2 b) |
| ASN1_Class | operator| (ASN1_Class x, ASN1_Class y) |
| uint32_t | operator| (ASN1_Class x, ASN1_Type y) |
| uint32_t | operator| (ASN1_Type x, ASN1_Class y) |
| ASN1_Type | operator| (ASN1_Type x, ASN1_Type y) |
| constexpr donna128 | operator| (const donna128 &x, const donna128 &y) |
| constexpr donna128 | operator| (const donna128 &x, uint64_t y) |
| template<bitvectorish T1, bitvectorish T2> | |
| auto | operator| (const T1 &lhs, const T2 &rhs) |
| ECIES_Flags | operator| (ECIES_Flags a, ECIES_Flags b) |
| template<std::integral T, typename... Tags> | |
| constexpr decltype(auto) | operator| (Strong< T, Tags... > a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator| (Strong< T1, Tags... > a, T2 b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr decltype(auto) | operator| (T1 a, Strong< T2, Tags... > b) |
| template<std::integral T, typename... Tags> | |
| constexpr auto | operator|= (Strong< T, Tags... > &a, Strong< T, Tags... > b) |
| template<std::integral T1, std::integral T2, typename... Tags> requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>) | |
| constexpr auto | operator|= (Strong< T1, Tags... > &a, T2 b) |
| EC_Point | OS2ECP (const uint8_t data[], size_t data_len, const CurveGFp &curve) |
| std::pair< BigInt, BigInt > | OS2ECP (const uint8_t pt[], size_t pt_len, const BigInt &p, const BigInt &a, const BigInt &b) |
| EC_Point | OS2ECP (std::span< const uint8_t > data, const CurveGFp &curve) |
| template<typename T> | |
| constexpr auto | out_ptr (T &outptr) noexcept |
| template<class... Ts> | |
| overloaded (Ts...) -> overloaded< Ts... > | |
| uint32_t | P0 (uint32_t X) |
| uint32_t | P1 (uint32_t X) |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | p_div_2_plus_1 (const std::array< W, N > &p) |
| template<uint8_t X, WordType W, size_t N> | |
| consteval std::array< W, N > | p_minus (const std::array< W, N > &p) |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | p_minus_1_over_2 (const std::array< W, N > &p) |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | p_plus_1_over_4 (const std::array< W, N > &p) |
| std::vector< std::string > | parse_algorithm_name (std::string_view scan_name) |
| bool | passes_miller_rabin_test (const BigInt &n, const Barrett_Reduction &mod_n, const Montgomery_Params &monty_n, const BigInt &a) |
| secure_vector< uint8_t > | pbes2_decrypt (std::span< const uint8_t > key_bits, std::string_view passphrase, const std::vector< uint8_t > ¶ms) |
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > | pbes2_encrypt (std::span< const uint8_t > key_bits, std::string_view passphrase, std::chrono::milliseconds msec, std::string_view cipher, std::string_view digest, RandomNumberGenerator &rng) |
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > | pbes2_encrypt_iter (std::span< const uint8_t > key_bits, std::string_view passphrase, size_t pbkdf_iter, std::string_view cipher, std::string_view digest, RandomNumberGenerator &rng) |
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > | pbes2_encrypt_msec (std::span< const uint8_t > key_bits, std::string_view passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, std::string_view cipher, std::string_view digest, RandomNumberGenerator &rng) |
| void | pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const uint8_t salt[], size_t salt_len, size_t iterations) |
| size_t | pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, std::string_view password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) |
| std::vector< uint8_t > | pkcs_hash_id (std::string_view name) |
| template<typename ProjectivePoint, typename FieldElement> | |
| constexpr ProjectivePoint | point_add (const ProjectivePoint &a, const ProjectivePoint &b) |
| template<typename ProjectivePoint, typename AffinePoint, typename FieldElement> | |
| constexpr ProjectivePoint | point_add_mixed (const ProjectivePoint &a, const AffinePoint &b, const FieldElement &one) |
| template<typename ProjectivePoint, typename AffinePoint, typename FieldElement> | |
| constexpr ProjectivePoint | point_add_or_sub_mixed (const ProjectivePoint &a, const AffinePoint &b, CT::Choice sub, const FieldElement &one) |
| void | poly_double_n (uint8_t buf[], size_t n) |
| void | poly_double_n (uint8_t out[], const uint8_t in[], size_t n) |
| void | poly_double_n_le (uint8_t out[], const uint8_t in[], size_t n) |
| bool | poly_double_supported_size (size_t n) |
| template<uint8_t POLY, std::unsigned_integral T> | |
| constexpr T | poly_mul (T x, uint8_t y) |
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL | polyval_multiply (const SIMD_4x32 &H, const SIMD_4x32 &x) |
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL | polyval_reduce (const SIMD_4x32 &hi, const SIMD_4x32 &lo) |
| BigInt | power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod) |
| uint64_t | prefetch_array_raw (size_t bytes, const void *arrayv) noexcept |
| template<std::unsigned_integral T, size_t... Ns> | |
| T | prefetch_arrays (T(&... arr)[Ns]) noexcept |
| std::vector< std::string > | probe_provider_private_key (std::string_view alg_name, const std::vector< std::string > &possible) |
| template<typename T> | |
| std::vector< std::string > | probe_providers_of (std::string_view algo_spec, const std::vector< std::string > &possible={"base"}) |
| template<detail::SpongeLikeWithTrivialPermute SpongeT> | |
| void | process_bytes_in_sponge (SpongeT &sponge, size_t bytes_to_process, const detail::ModifierFn< SpongeT > auto &modifier_fn) |
| template<detail::SpongeLike SpongeT> | |
| BOTAN_FORCE_INLINE void | process_bytes_in_sponge (SpongeT &sponge, size_t bytes_to_process, const detail::PermutationFn auto &permutation_fn, const detail::ModifierFn< SpongeT > auto &modifier_fn) |
| void | R1 (uint32_t A, uint32_t &B, uint32_t C, uint32_t &D, uint32_t E, uint32_t &F, uint32_t G, uint32_t &H, uint32_t TJ, uint32_t Wi, uint32_t Wj) |
| void | R2 (uint32_t A, uint32_t &B, uint32_t C, uint32_t &D, uint32_t E, uint32_t &F, uint32_t G, uint32_t &H, uint32_t TJ, uint32_t Wi, uint32_t Wj) |
| gf2m | random_code_element (uint16_t code_length, RandomNumberGenerator &rng) |
| gf2m | random_gf2m (RandomNumberGenerator &rng) |
| BigInt | random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob) |
| BigInt | random_safe_prime (RandomNumberGenerator &rng, size_t bits) |
| std::map< std::string, std::string > | read_cfg (std::istream &is) |
| BOTAN_TEST_API std::map< std::string, std::string > | read_kv (std::string_view kv) |
| template<size_t WindowBits, typename W, size_t N> | |
| constexpr size_t | read_window_bits (std::span< const W, N > words, size_t offset) |
| template<WordType W, size_t N, W C> | |
| constexpr std::array< W, N > | redc_crandall (std::span< const W, 2 *N > z) |
| void | redc_mul (int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X) |
| template<typename RetT, typename KeyT, typename ReducerT> requires std::invocable<ReducerT&, RetT, const KeyT&> && std::convertible_to<std::invoke_result_t<ReducerT&, RetT, const KeyT&>, RetT> | |
| RetT | reduce (const std::vector< KeyT > &keys, RetT acc, ReducerT reducer) |
| template<WordType W, size_t N, size_t XN> | |
| consteval std::array< W, N > | reduce_mod (const std::array< W, XN > &x, const std::array< W, N > &p) |
| template<std::unsigned_integral T> requires (sizeof(T) == 1 || sizeof(T) == 2 || sizeof(T) == 4 || sizeof(T) == 8) | |
| constexpr T | reverse_bytes (T x) |
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 | reverse_vector (const SIMD_4x32 &in) |
| secure_vector< uint8_t > | rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek) |
| secure_vector< uint8_t > | rfc3394_keywrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek) |
| size_t | RFC4880_decode_count (uint8_t iter) |
| uint8_t | RFC4880_encode_count (size_t desired_iterations) |
| size_t | RFC4880_round_iterations (size_t iterations) |
| template<size_t R1, size_t R2, size_t R3, std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | rho (T x) |
| Gf448Elem | root (const Gf448Elem &elem) |
Compute the root of elem in the field. | |
| template<size_t R> | |
| SIMD_16x32 BOTAN_FN_ISA_AVX512 | rotl (SIMD_16x32 input) |
| template<size_t R> | |
| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 | rotl (SIMD_4x32 input) |
| template<size_t R> | |
| SIMD_8x32 BOTAN_FN_ISA_AVX2 | rotl (SIMD_8x32 input) |
| template<size_t ROT, std::unsigned_integral T> requires (ROT > 0 && ROT < 8 * sizeof(T)) | |
| BOTAN_FORCE_INLINE constexpr T | rotl (T input) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | rotl_var (T input, size_t rot) |
| template<size_t R> | |
| SIMD_16x32 BOTAN_FN_ISA_AVX512 | rotr (SIMD_16x32 input) |
| template<size_t R> | |
| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 | rotr (SIMD_4x32 input) |
| template<size_t R> | |
| SIMD_8x32 BOTAN_FN_ISA_AVX2 | rotr (SIMD_8x32 input) |
| template<size_t ROT, std::unsigned_integral T> requires (ROT > 0 && ROT < 8 * sizeof(T)) | |
| BOTAN_FORCE_INLINE constexpr T | rotr (T input) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | rotr_var (T input, size_t rot) |
| constexpr size_t | round_up (size_t n, size_t align_to) |
| std::string | runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch) |
| template<typename T> | |
| bool | same_mem (const T *p1, const T *p2, size_t n) |
| void | sc_muladd (uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c) |
| void | sc_reduce (uint8_t *s) |
| constexpr size_t | scalar_blinding_bits (size_t scalar_bits) |
| void | scrypt (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p) |
| void | scrypt (uint8_t output[], size_t output_len, std::string_view password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p) |
| void | secure_scrub_memory (ranges::contiguous_output_range auto &&data) |
| void | secure_scrub_memory (void *ptr, size_t n) |
| void | secure_zeroize_buffer (void *ptr, size_t n) |
| constexpr void | set_mem (uint8_t *ptr, size_t n, uint8_t val) |
| BOTAN_FORCE_INLINE void | SHA2_32_F (uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic) |
| BOTAN_FORCE_INLINE void | SHA2_32_F (uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t M) |
| BOTAN_FORCE_INLINE void | SHA2_64_F (uint64_t A, uint64_t B, uint64_t C, uint64_t &D, uint64_t E, uint64_t F, uint64_t G, uint64_t &H, uint64_t &M1, uint64_t M2, uint64_t M3, uint64_t M4, uint64_t magic) |
| BOTAN_FORCE_INLINE void | SHA2_64_F (uint64_t A, uint64_t B, uint64_t C, uint64_t &D, uint64_t E, uint64_t F, uint64_t G, uint64_t &H, uint64_t M) |
| template<WordType W, size_t N> | |
| consteval std::pair< size_t, std::array< W, N > > | shanks_tonelli_c1c2 (const std::array< W, N > &p) |
| template<WordType W, size_t N> | |
| consteval std::array< W, N > | shanks_tonelli_c3 (const std::array< W, N > &c2) |
| template<typename Z, WordType W, size_t N> | |
| consteval auto | shanks_tonelli_c4 (const std::array< W, N > &p_minus_1_over_2) -> Z |
| template<size_t S, WordType W, size_t N> | |
| constexpr W | shift_left (std::array< W, N > &x) |
| template<size_t S, WordType W, size_t N> | |
| constexpr W | shift_right (std::array< W, N > &x) |
| template<size_t S> | |
| SIMD_16x32 BOTAN_FN_ISA_AVX512 | shl (SIMD_16x32 input) |
| template<size_t S> | |
| SIMD_4x32 | shl (SIMD_4x32 input) |
| template<size_t S> | |
| SIMD_8x32 BOTAN_FN_ISA_AVX2 | shl (SIMD_8x32 input) |
| const char * | short_version_cstr () |
| std::string | short_version_string () |
| template<size_t R1, size_t R2, size_t S, std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr T | sigma (T x) |
| std::array< uint8_t, 2 *ED448_LEN > | sign_message (std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool f, std::span< const uint8_t > context, std::span< const uint8_t > msg) |
| Sign a message using a keypair (RFC 8032 5.2.6). | |
| bool | signature_check (std::span< const uint8_t, 32 > pk, const uint8_t h[32], const uint8_t r[32], const uint8_t s[32]) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr size_t | significant_bytes (T n) |
| std::vector< uint8_t > | sm2_compute_za (HashFunction &hash, std::string_view user_id, const EC_Group &group, const EC_AffinePoint &pubkey) |
| uint32_t | SM3_E (uint32_t W0, uint32_t W7, uint32_t W13, uint32_t W3, uint32_t W10) |
| template<size_t N, WordType W> | |
| constexpr void | solinas_correct_redc (std::array< W, N > &r, const std::array< W, N > &P, const std::array< W, N > &C) |
| std::vector< std::string > | split_on (std::string_view str, char delim) |
| template<typename C> | |
| constexpr CT::Option< typename C::FieldElement > | sqrt_field_element (const typename C::FieldElement &fe) |
| BigInt | sqrt_modulo_prime (const BigInt &a, const BigInt &p) |
| BigInt | square (const BigInt &x) |
| Gf448Elem | square (const Gf448Elem &elem) |
| Computes elem^2. Faster than operator*. | |
| void | squeeze_from_sponge (detail::SpongeLikeWithTrivialPermute auto &sponge, std::span< uint8_t > output) |
| template<detail::SpongeLike SpongeT> | |
| void | squeeze_from_sponge (SpongeT &sponge, std::span< uint8_t > output, const detail::PermutationFn auto &permutation_fn) |
| std::pair< BigInt, SymmetricKey > | srp6_client_agree (std::string_view identifier, std::string_view password, const DL_Group &group, std::string_view hash_id, const std::vector< uint8_t > &salt, const BigInt &B, const size_t a_bits, RandomNumberGenerator &rng) |
| std::pair< BigInt, SymmetricKey > | srp6_client_agree (std::string_view identifier, std::string_view password, std::string_view group_id, std::string_view hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng) |
| BigInt | srp6_generate_verifier (std::string_view identifier, std::string_view password, const std::vector< uint8_t > &salt, const DL_Group &group, std::string_view hash_id) |
| BigInt | srp6_generate_verifier (std::string_view identifier, std::string_view password, const std::vector< uint8_t > &salt, std::string_view group_id, std::string_view hash_id) |
| std::string | srp6_group_identifier (const BigInt &N, const BigInt &g) |
| template<typename C> requires C::ValidForSswuHash | |
| const auto & | SSWU_C1 () |
| template<typename C> requires C::ValidForSswuHash | |
| const auto & | SSWU_C2 () |
| template<typename ModifierT = detail::AutoDetect, typename... ParamTs> | |
| constexpr auto | store_be (ParamTs &&... params) |
| template<typename ModifierT = detail::AutoDetect, typename... ParamTs> | |
| constexpr auto | store_le (ParamTs &&... params) |
| std::string | string_join (const std::vector< std::string > &strs, char delim) |
| std::optional< uint32_t > | string_to_ipv4 (std::string_view str) |
| template<std::unsigned_integral T> | |
| BOTAN_FORCE_INLINE constexpr void | swap_bits (T &x, T &y, T mask, size_t shift) |
| template<std::unsigned_integral T> | |
| constexpr T | swar_in_range (T v, T lower, T upper) |
| template<std::unsigned_integral T> | |
| constexpr T | swar_lt (T a, T b) |
| std::vector< polyn_gf2m > | syndrome_init (const polyn_gf2m &generator, const std::vector< gf2m > &support, int n) |
| RandomNumberGenerator & | system_rng () |
| void | throw_invalid_argument (const char *message, const char *func, const char *file) |
| void | throw_invalid_state (const char *expr, const char *func, const char *file) |
| template<typename C> | |
| constexpr auto | to_affine (const typename C::ProjectivePoint &pt) |
| template<typename C, bool VariableTime = false> | |
| auto | to_affine_batch (std::span< const typename C::ProjectivePoint > projective) |
| template<typename C> | |
| auto | to_affine_x (const typename C::ProjectivePoint &pt) |
| const char * | to_string (Certificate_Status_Code code) |
| std::string | to_string (ErrorType type) |
| Convert an ErrorType to string. | |
| uint32_t | to_u32bit (std::string_view str_view) |
| uint16_t | to_uint16 (std::string_view str) |
| template<typename T> requires std::is_enum_v<T> | |
| auto | to_underlying (T e) noexcept |
| std::string | tolower_string (std::string_view str) |
| void | treehash (StrongSpan< SphincsTreeNode > out_root, StrongSpan< SphincsAuthenticationPath > out_auth_path, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes, std::optional< TreeNodeIndex > leaf_idx, uint32_t idx_offset, uint32_t total_tree_height, const GenerateLeafFunction &gen_leaf, Sphincs_Address &tree_address) |
| template<concepts::contiguous_strong_type TreeNode, concepts::strong_span AuthPathSS, concepts::tree_node_index TreeNodeIndex, concepts::tree_layer_index TreeLayerIndex, typename Address> requires concepts::tree_address<Address, TreeLayerIndex, TreeNodeIndex> | |
| void | treehash (StrongSpan< TreeNode > out_root, std::optional< AuthPathSS > out_auth_path, std::optional< TreeNodeIndex > leaf_idx, size_t node_size, TreeLayerIndex total_tree_height, uint32_t idx_offset, concepts::tree_hash_node_pair< TreeNodeIndex, TreeLayerIndex, Address, StrongSpan< TreeNode > > auto node_pair_hash, concepts::tree_gen_leaf< TreeNodeIndex, TreeLayerIndex, Address, StrongSpan< TreeNode > > auto gen_leaf, Address &tree_address) |
| Treehash logic to build up a merkle hash tree. | |
| template<typename ToT, ranges::contiguous_range FromR> requires std::is_default_constructible_v<ToT> && std::is_trivially_copyable_v<ToT> && std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>> | |
| constexpr ToT | typecast_copy (const FromR &src) |
| template<typename To> requires std::is_trivial_v<To> | |
| constexpr To | typecast_copy (const uint8_t src[]) noexcept |
| template<typename T> requires std::is_trivial_v<std::decay_t<T>> | |
| constexpr void | typecast_copy (T &out, const uint8_t in[]) |
| template<typename T> requires std::is_trivial_v<T> | |
| constexpr void | typecast_copy (T out[], const uint8_t in[], size_t N) |
| template<ranges::contiguous_output_range ToR, ranges::contiguous_range FromR> requires std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>> && std::is_trivially_copyable_v<std::ranges::range_value_t<ToR>> | |
| constexpr void | typecast_copy (ToR &&out, const FromR &in) |
| template<ranges::contiguous_output_range ToR, typename FromT> requires std::is_trivially_copyable_v<FromT> && (!std::ranges::range<FromT>) && std::is_trivially_copyable_v<std::ranges::range_value_t<ToR>> | |
| constexpr void | typecast_copy (ToR &&out, const FromT &in) |
| template<typename ToT, ranges::contiguous_range FromR> requires std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>> && std::is_trivially_copyable_v<ToT> && (!std::ranges::range<ToT>) | |
| constexpr void | typecast_copy (ToT &out, const FromR &in) |
| template<typename T> | |
| constexpr void | typecast_copy (uint8_t out[], const T &in) |
| template<typename T> requires std::is_trivially_copyable_v<T> | |
| constexpr void | typecast_copy (uint8_t out[], T in[], size_t N) |
| std::string | ucs2_to_utf8 (const uint8_t ucs2[], size_t len) |
| std::string | ucs4_to_utf8 (const uint8_t ucs4[], size_t len) |
| template<std::unsigned_integral T> | |
| void | unchecked_copy_memory (T *out, const T *in, size_t n) |
| template<typename T> | |
| std::vector< T > | unlock (const secure_vector< T > &in) |
| bool | unsafe_for_production_build () |
| template<typename T> | |
| constexpr decltype(auto) | unwrap_strong_type (T &&t) |
| Generically unwraps a strong type to its underlying type. | |
| template<typename T, typename V> | |
| bool | value_exists (const std::vector< T > &vec, const V &val) |
| BOTAN_FORCE_INLINE constexpr size_t | var_ctz32 (uint32_t n) |
| template<typename C, size_t WindowBits, typename BlindedScalar> | |
| C::ProjectivePoint | varpoint_exec (const AffinePointTable< C > &table, const BlindedScalar &scalar, RandomNumberGenerator &rng) |
| template<typename C, size_t TableSize> | |
| AffinePointTable< C > | varpoint_setup (const typename C::AffinePoint &p) |
| void | vartime_divide (const BigInt &x, const BigInt &y_arg, BigInt &q_out, BigInt &r_out) |
| BigInt | vartime_divide_pow2k (size_t k, const BigInt &y_arg) |
| bool | verify_signature (std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg) |
| Verify a signature(RFC 8032 5.2.7). | |
| const char * | version_cstr () |
| uint32_t | version_datestamp () |
| std::optional< std::string > | version_distribution_info () |
| uint32_t | version_major () |
| uint32_t | version_minor () |
| uint32_t | version_patch () |
| std::string | version_string () |
| std::optional< std::string > | version_vc_revision () |
| template<WordType W> | |
| constexpr auto | word8_add2 (W x[8], const W y[8], W carry) -> W |
| template<WordType W> | |
| constexpr auto | word8_add3 (W z[8], const W x[8], const W y[8], W carry) -> W |
| template<WordType W> | |
| constexpr auto | word8_linmul3 (W z[8], const W x[8], W y, W carry) -> W |
| template<WordType W> | |
| constexpr auto | word8_madd3 (W z[8], const W x[8], W y, W carry) -> W |
| template<WordType W> | |
| constexpr auto | word8_sub2 (W x[8], const W y[8], W carry) -> W |
| template<WordType W> | |
| constexpr auto | word8_sub3 (W z[8], const W x[8], const W y[8], W carry) -> W |
| template<WordType W> | |
| constexpr auto | word_add (W x, W y, W *carry) -> W |
| template<WordType W> | |
| constexpr auto | word_madd2 (W a, W b, W *c) -> W |
| template<WordType W> | |
| constexpr auto | word_madd3 (W a, W b, W c, W *d) -> W |
| template<WordType W> | |
| constexpr auto | word_sub (W x, W y, W *carry) -> W |
| constexpr size_t | words_for_bits (size_t x) |
| WotsPublicKey | wots_public_key_from_signature (const SphincsTreeNode &hashed_message, StrongSpan< const WotsSignature > signature, Sphincs_Address &address, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 8: wots_pkFromSig. | |
| void | wots_sign_and_pkgen (StrongSpan< WotsSignature > sig_out, StrongSpan< SphincsTreeNode > leaf_out, const SphincsSecretSeed &secret_seed, TreeNodeIndex leaf_idx, std::optional< TreeNodeIndex > sign_leaf_idx, const std::vector< WotsHashIndex > &wots_steps, Sphincs_Address &leaf_addr, Sphincs_Address &pk_addr, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 6 and 7: wots_pkGen and wots_sign. | |
| template<typename T, typename ParamT> requires std::constructible_from<T, ParamT> || (concepts::strong_type<T> && std::constructible_from<typename T::wrapped_type, ParamT>) | |
| constexpr decltype(auto) | wrap_strong_type (ParamT &&t) |
| Wraps a value into a caller-defined (strong) type. | |
| Point448 | x448 (const ScalarX448 &k, const Point448 &u) |
Multiply a scalar k with a point u. | |
| Point448 | x448_basepoint (const ScalarX448 &k) |
| Multiply a scalar with the base group element (5). | |
| bool | x500_name_cmp (std::string_view name1, std::string_view name2) |
| Path_Validation_Result | x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp) |
| Path_Validation_Result | x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp) |
| Path_Validation_Result | x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp) |
| Path_Validation_Result | x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp) |
| template<std::unsigned_integral T> | |
| void | xmss_concat (secure_vector< uint8_t > &target, const T &src) |
| template<std::unsigned_integral T> | |
| void | xmss_concat (secure_vector< uint8_t > &target, const T &src, size_t len) |
| SphincsTreeNode | xmss_gen_root (const Sphincs_Parameters ¶ms, const SphincsSecretSeed &secret_seed, Sphincs_Hash_Functions &hashes) |
| SphincsTreeNode | xmss_sign_and_pkgen (StrongSpan< SphincsXmssSignature > out_sig, const SphincsTreeNode &message, const SphincsSecretSeed &secret_seed, Sphincs_Address &wots_addr, Sphincs_Address &tree_addr, std::optional< TreeNodeIndex > idx_leaf, const Sphincs_Parameters ¶ms, Sphincs_Hash_Functions &hashes) |
| FIPS 205, Algorithm 10: xmss_sign. | |
| constexpr void | xor_buf (ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in) |
| constexpr void | xor_buf (ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in1, ranges::contiguous_range< uint8_t > auto &&in2) |
| void | xor_buf (std::span< uint8_t > out, std::span< const uint8_t > in, size_t n) |
| template<typename Alloc, typename Alloc2> | |
| void | xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n) |
| template<typename Alloc> | |
| void | xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n) |
| void | xor_buf (uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length) |
| void | xor_buf (uint8_t out[], const uint8_t in[], size_t length) |
| void | xts_compute_tweak_block (uint8_t tweak[], size_t BS, size_t blocks_in_tweak) |
| template<typename T, typename Alloc> | |
| void | zap (std::vector< T, Alloc > &vec) |
| template<typename T, typename Alloc> | |
| void | zeroise (std::vector< T, Alloc > &vec) |
| template<std::unsigned_integral T> | |
| void | zeroize_buffer (T buf[], size_t n) |
Variables | |
| constexpr size_t | BLAKE2B_BLOCKBYTES = 128 |
| constexpr size_t | BYTES_448 = ceil_tobytes<size_t>(448) |
| constexpr size_t | DefaultBufferSize = 4096 |
| constexpr size_t | ED448_LEN = 57 |
| const size_t | HEX_CODEC_BUFFER_SIZE = 256 |
| template<typename T> | |
| constexpr bool | is_strong_span_v = is_strong_span<T>::value |
| template<typename... Ts> | |
| constexpr bool | is_strong_type_v = is_strong_type<std::remove_const_t<Ts>...>::value |
| constexpr size_t | LMS_IDENTIFIER_LEN = 16 |
| The length in bytes of the LMS identifier (I). | |
| const size_t | MAX_EXT_DEG = 16 |
| const size_t | PRIME_TABLE_SIZE = 6541 |
| const uint16_t | PRIMES [] |
| constexpr size_t | WORDS_448 = 7 |
| constexpr size_t | X448_LEN = 56 |
Detailed Description
Wrapper for truncated hashes (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
(C) 2019 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2018,2019,2021 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2018,2019,2022 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2018,2019 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2023 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2022 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2018 Jack Lloyd (C) 2018 Ribose Inc
Botan is released under the Simplified BSD License (see license.txt)
Symmetric primitives for dilithium
(C) 2022-2023 Jack Lloyd (C) 2022-2023 Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity (C) 2022 Manuel Glaser - Rohde & Schwarz Cybersecurity (C) 2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
HSS - Hierarchical Signatures System (RFC 8554) (C) 2023,2026 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
HSS - Hierarchical Signatures System (RFC 8554) (C) 2023 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
HSS-LMS (C) 2023 Jack Lloyd 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
Utils for HSS/LMS (C) 2023 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
LM-OTS - Leighton-Micali One-Time Signatures (C) 2023 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
LM-OTS - Leighton-Micali One-Time Signatures (RFC 8554 Section 4) (C) 2023 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
LMS - Leighton-Micali Hash-Based Signatures (RFC 8554) (C) 2023 Jack Lloyd 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Botan is released under the Simplified BSD License (see license.txt)
Abstraction for a combined KEM public and private key.
(C) 2024 Jack Lloyd 2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
Abstraction for a combined KEM encryptors and decryptors.
(C) 2024 Jack Lloyd 2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
Adapter that allows using a KEX key as a KEM, using an ephemeral key in the KEM encapsulation.
(C) 2023 Jack Lloyd 2023,2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
Ordinary applications should never need to include or use this header. It is exposed only for specialized applications which want to implement new versions of public key crypto without merging them as changes to the library. One actual example of such usage is an application which creates RSA signatures using a custom TPM library. Unless you're doing something like that, you don't need anything here. Instead use pubkey.h which wraps these types safely and provides a stable application-oriented API.
Note: This header was accidentally pulled from the public API between Botan 3.0.0 and 3.2.0, and then restored in 3.3.0. If you are maintaining an application which used this header in Botan 2.x, you should make sure to use Botan 3.3.0 or later when migrating.
Hybrid Session Manager emitting both Tickets and storing sessions in Memory (C) 2023 Jack Lloyd (C) 2023 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
TLS Session Manager in Memory (C) 2011 Jack Lloyd (C) 2023 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
TLS Stateless Session Manager for stateless servers (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
Useful concepts that are available throughout the library (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
(C) 2025 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
(C) 2025 Jack Lloyd (C) 2025 polarnis
Botan is released under the Simplified BSD License (see license.txt)
A wrapper class to implement strong types (C) 2022 Jack Lloyd 2022 René Meusel - Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
(C) 2024 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
Treehash logic used for hash-based signatures (C) 2023 Jack Lloyd 2023 Fabian Albert, René Meusel, Amos Treiber, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
Parts of this file have been adapted from https://github.com/sphincs/sphincsplus
Botan is released under the Simplified BSD License (see license.txt)
utilities for PKIX::build_all_certificate_paths
Typedef Documentation
◆ Altivec32x4
| typedef __vector unsigned int Botan::Altivec32x4 |
Definition at line 26 of file aes_power8.cpp.
◆ Altivec64x2
| typedef __vector unsigned long long Botan::Altivec64x2 |
Definition at line 25 of file aes_power8.cpp.
◆ Altivec8x16
| typedef __vector unsigned char Botan::Altivec8x16 |
Definition at line 27 of file aes_power8.cpp.
◆ bitvector
| using Botan::bitvector = bitvector_base<std::allocator> |
Definition at line 1305 of file bitvector.h.
◆ Bounded_XOF
| using Botan::Bounded_XOF = detail::Bounded_XOF<XOF&, bound> |
Definition at line 224 of file pqcrystals_helpers.h.
◆ byte
| using Botan::byte = std::uint8_t |
◆ CCCryptorStatus
| typedef int32_t Botan::CCCryptorStatus |
Definition at line 24 of file commoncrypto.h.
◆ CertificatePathStatusCodes
| typedef std::vector<std::set<Certificate_Status_Code> > Botan::CertificatePathStatusCodes |
This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.
Definition at line 28 of file x509path.h.
◆ CmceCodeWord
| using Botan::CmceCodeWord = Strong<secure_bitvector, struct CmceCodeWord_> |
Represents C of decapsulation.
Definition at line 52 of file cmce_types.h.
◆ CmceColumnSelection
| using Botan::CmceColumnSelection = Strong<secure_bitvector, struct CmceColumnSelection_> |
Represents c of private key.
Definition at line 46 of file cmce_types.h.
◆ CmceErrorVector
| using Botan::CmceErrorVector = Strong<secure_bitvector, struct CmceErrorVector_> |
Represents e of encapsulation.
Definition at line 49 of file cmce_types.h.
◆ CmceGfElem
| using Botan::CmceGfElem = Strong<uint16_t, struct CmceGfElem_> |
Represents a GF(q) element.
Definition at line 19 of file cmce_types.h.
◆ CmceGfMod
| using Botan::CmceGfMod = Strong<uint16_t, struct CmceGfMod_> |
Represents a GF(q) modulus.
Definition at line 22 of file cmce_types.h.
◆ CmceInitialSeed
| using Botan::CmceInitialSeed = Strong<secure_vector<uint8_t>, struct CmceInitialSeed_> |
Represents initial delta of keygen.
Definition at line 31 of file cmce_types.h.
◆ CmceIrreducibleBits
| using Botan::CmceIrreducibleBits = Strong<secure_vector<uint8_t>, struct CmceIrreducibleBits_> |
Definition at line 40 of file cmce_types.h.
◆ CmceKeyGenSeed
| using Botan::CmceKeyGenSeed = Strong<secure_vector<uint8_t>, struct CmceKeyGenSeed_> |
Represents a delta (can be altered; final value stored in private key).
Definition at line 34 of file cmce_types.h.
◆ CmceOrderingBits
| using Botan::CmceOrderingBits = Strong<secure_vector<uint8_t>, struct CmceOrderingBits_> |
Definition at line 37 of file cmce_types.h.
◆ CmcePermutation
| using Botan::CmcePermutation = Strong<secure_vector<uint16_t>, struct CmcePermutation_> |
Represents a permutation (pi in spec). Used in field ordering creation.
Definition at line 28 of file cmce_types.h.
◆ CmcePermutationElement
| using Botan::CmcePermutationElement = Strong<uint16_t, struct CmcePermutationElement_> |
Represents an element of a permutation (pi in spec). Used in field ordering creation.
Definition at line 25 of file cmce_types.h.
◆ CmceRejectionSeed
| using Botan::CmceRejectionSeed = Strong<secure_vector<uint8_t>, struct CmceRejectionSeed_> |
Represents s of private key.
Definition at line 43 of file cmce_types.h.
◆ Curve25519_PrivateKey
Definition at line 18 of file curve25519.h.
◆ Curve25519_PublicKey
Definition at line 17 of file curve25519.h.
◆ DilithiumCommitmentHash
| using Botan::DilithiumCommitmentHash = Strong<std::vector<uint8_t>, struct DilithiumCommitmentHash_> |
Hash of the message representative and the signer's commitment.
Definition at line 64 of file dilithium_types.h.
◆ DilithiumHashedPublicKey
| using Botan::DilithiumHashedPublicKey = Strong<std::vector<uint8_t>, struct DilithiumHashedPublicKey_> |
Hash value of the serialized public key data (result of H(BytesToBits(pkEncode(pk)), also referred to as 'tr')
Definition at line 52 of file dilithium_types.h.
◆ DilithiumInternalKeypair
Internal representation of a Dilithium key pair.
Definition at line 67 of file dilithium_types.h.
◆ DilithiumMessageRepresentative
| using Botan::DilithiumMessageRepresentative = Strong<std::vector<uint8_t>, struct DilithiumMessageRepresentative_> |
Representation of the message to be signed.
Definition at line 55 of file dilithium_types.h.
◆ DilithiumOptionalRandomness
| using Botan::DilithiumOptionalRandomness = Strong<secure_vector<uint8_t>, struct DilithiumOptionalRandomness_> |
Optional randomness 'rnd' used for rho prime computation in ML-DSA.
Definition at line 39 of file dilithium_types.h.
◆ DilithiumPoly
| using Botan::DilithiumPoly = Botan::CRYSTALS::Polynomial<DilithiumPolyTraits, Botan::CRYSTALS::Domain::Normal> |
Definition at line 26 of file dilithium_types.h.
◆ DilithiumPolyMatNTT
Definition at line 24 of file dilithium_types.h.
◆ DilithiumPolyNTT
| using Botan::DilithiumPolyNTT = Botan::CRYSTALS::Polynomial<DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT> |
Definition at line 22 of file dilithium_types.h.
◆ DilithiumPolyVec
| using Botan::DilithiumPolyVec = Botan::CRYSTALS::PolynomialVector<DilithiumPolyTraits, Botan::CRYSTALS::Domain::Normal> |
Definition at line 27 of file dilithium_types.h.
◆ DilithiumPolyVecNTT
| using Botan::DilithiumPolyVecNTT = Botan::CRYSTALS::PolynomialVector<DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT> |
Definition at line 23 of file dilithium_types.h.
◆ DilithiumSeedRandomness
| using Botan::DilithiumSeedRandomness = Strong<secure_vector<uint8_t>, struct DilithiumSeedRandomness_> |
Principal seed used to generate Dilithium key pairs.
Definition at line 30 of file dilithium_types.h.
◆ DilithiumSeedRho
| using Botan::DilithiumSeedRho = Strong<std::vector<uint8_t>, struct DilithiumPublicSeed_> |
Public seed to sample the polynomial matrix A from.
Definition at line 33 of file dilithium_types.h.
◆ DilithiumSeedRhoPrime
| using Botan::DilithiumSeedRhoPrime = Strong<secure_vector<uint8_t>, struct DilithiumSeedRhoPrime_> |
Private seed to sample the polynomial vectors s1 and s2 from.
Definition at line 36 of file dilithium_types.h.
◆ DilithiumSerializedCommitment
| using Botan::DilithiumSerializedCommitment = Strong<std::vector<uint8_t>, struct DilithiumSerializedCommitment_> |
Serialized representation of a commitment w1.
Definition at line 61 of file dilithium_types.h.
◆ DilithiumSerializedPrivateKey
| using Botan::DilithiumSerializedPrivateKey = Strong<secure_vector<uint8_t>, struct DilithiumSerializedPrivateKey_> |
Serialized private key data.
Definition at line 45 of file dilithium_types.h.
◆ DilithiumSerializedPublicKey
| using Botan::DilithiumSerializedPublicKey = Strong<std::vector<uint8_t>, struct DilithiumSerializedPublicKey_> |
Serialized public key data (result of pkEncode(pk)).
Definition at line 48 of file dilithium_types.h.
◆ DilithiumSerializedSignature
| using Botan::DilithiumSerializedSignature = Strong<std::vector<uint8_t>, struct DilithiumSerializedSignature_> |
Serialized signature data.
Definition at line 58 of file dilithium_types.h.
◆ DilithiumSigningSeedK
| using Botan::DilithiumSigningSeedK = Strong<secure_vector<uint8_t>, struct DilithiumSeedK_> |
Private seed K used during signing.
Definition at line 42 of file dilithium_types.h.
◆ ForsLeafSecret
| using Botan::ForsLeafSecret = Strong<secure_vector<uint8_t>, struct ForsLeafSecret_> |
Definition at line 71 of file sp_types.h.
◆ ForsSignature
| using Botan::ForsSignature = Strong<std::vector<uint8_t>, struct ForsSignature_> |
Definition at line 72 of file sp_types.h.
◆ FrodoDomainSeparator
| using Botan::FrodoDomainSeparator = Strong<std::array<uint8_t, 1>, struct FrodoDomainSeparator_> |
Definition at line 47 of file frodo_types.h.
◆ FrodoIntermediateSharedSecret
| using Botan::FrodoIntermediateSharedSecret = Strong<secure_vector<uint8_t>, struct FrodoIntermediateSharedSecret_> |
Definition at line 56 of file frodo_types.h.
◆ FrodoPackedMatrix
| using Botan::FrodoPackedMatrix = Strong<std::vector<uint8_t>, struct FrodoPackedMatrix_> |
Definition at line 41 of file frodo_types.h.
◆ FrodoPlaintext
| using Botan::FrodoPlaintext = Strong<secure_vector<uint8_t>, struct FrodoPlaintext_> |
Definition at line 50 of file frodo_types.h.
◆ FrodoPublicKeyHash
| using Botan::FrodoPublicKeyHash = Strong<std::vector<uint8_t>, struct FrodoPublicKeyHash_> |
Definition at line 38 of file frodo_types.h.
◆ FrodoSalt
| using Botan::FrodoSalt = Strong<std::vector<uint8_t>, struct FrodoSalt_> |
Definition at line 53 of file frodo_types.h.
◆ FrodoSampleR
| using Botan::FrodoSampleR = Strong<secure_vector<uint8_t>, struct FrodoSampleR_> |
Definition at line 35 of file frodo_types.h.
◆ FrodoSeedA
| using Botan::FrodoSeedA = Strong<std::vector<uint8_t>, struct FrodoSeedA_> |
Definition at line 23 of file frodo_types.h.
◆ FrodoSeedS
| using Botan::FrodoSeedS = Strong<secure_vector<uint8_t>, struct FrodoSeedS_> |
Definition at line 26 of file frodo_types.h.
◆ FrodoSeedSE
| using Botan::FrodoSeedSE = Strong<secure_vector<uint8_t>, struct FrodoSeedSE_> |
Definition at line 29 of file frodo_types.h.
◆ FrodoSeedZ
| using Botan::FrodoSeedZ = Strong<std::vector<uint8_t>, struct FrodoSeedZ_> |
Definition at line 32 of file frodo_types.h.
◆ FrodoSerializedMatrix
| using Botan::FrodoSerializedMatrix = Strong<secure_vector<uint8_t>, struct FrodoSerializedMatrix_> |
Definition at line 44 of file frodo_types.h.
◆ GenerateLeafFunction
| using Botan::GenerateLeafFunction = std::function<void(StrongSpan<SphincsTreeNode> , TreeNodeIndex)> |
Definition at line 25 of file sp_treehash.h.
◆ gf2m
| typedef uint16_t Botan::gf2m |
Definition at line 20 of file gf2m_small_m.h.
◆ HSS_Level
| using Botan::HSS_Level = Strong<uint32_t, struct HSS_Level_, EnableArithmeticWithPlainNumber> |
◆ HSS_Sig_Idx
| using Botan::HSS_Sig_Idx = Strong<uint64_t, struct HSS_Sig_Idx_, EnableArithmeticWithPlainNumber> |
◆ HypertreeLayerIndex
| using Botan::HypertreeLayerIndex = Strong<uint32_t, struct HypertreeLayerIndex_> |
Index of a layer in the XMSS hyper-tree.
Definition at line 86 of file sp_types.h.
◆ InitializationVector
◆ Integrity_Failure
◆ KyberCompressedCiphertext
| using Botan::KyberCompressedCiphertext = Strong<std::vector<uint8_t>, struct KyberCompressedCiphertext_> |
Compressed and serialized ciphertext value.
Definition at line 63 of file kyber_types.h.
◆ KyberEncryptionRandomness
| using Botan::KyberEncryptionRandomness = Strong<secure_vector<uint8_t>, struct KyberEncryptionRandomness_> |
Random value used to generate the Kyber ciphertext.
Definition at line 48 of file kyber_types.h.
◆ KyberHashedCiphertext
| using Botan::KyberHashedCiphertext = Strong<std::vector<uint8_t>, struct KyberHashedCiphertext_> |
Hash of the compressed and serialized ciphertext value TODO: Remove this once Kyber-R3 is removed
Definition at line 67 of file kyber_types.h.
◆ KyberHashedPublicKey
| using Botan::KyberHashedPublicKey = Strong<std::vector<uint8_t>, struct KyberHashedPublicKey_> |
Hash value of the serialized public key.
Definition at line 60 of file kyber_types.h.
◆ KyberImplicitRejectionValue
| using Botan::KyberImplicitRejectionValue = Strong<secure_vector<uint8_t>, struct KyberImplicitRejectionValue_> |
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Definition at line 42 of file kyber_types.h.
◆ KyberInternalKeypair
Definition at line 73 of file kyber_types.h.
◆ KyberMessage
| using Botan::KyberMessage = Strong<secure_vector<uint8_t>, struct KyberMessage_> |
Random message value to be encrypted by the CPA-secure Kyber encryption scheme.
Definition at line 45 of file kyber_types.h.
◆ KyberPoly
| using Botan::KyberPoly = Botan::CRYSTALS::Polynomial<KyberPolyTraits, Botan::CRYSTALS::Domain::Normal> |
Definition at line 29 of file kyber_types.h.
◆ KyberPolyMat
Definition at line 27 of file kyber_types.h.
◆ KyberPolyNTT
| using Botan::KyberPolyNTT = Botan::CRYSTALS::Polynomial<KyberPolyTraits, Botan::CRYSTALS::Domain::NTT> |
Definition at line 25 of file kyber_types.h.
◆ KyberPolyVec
| using Botan::KyberPolyVec = Botan::CRYSTALS::PolynomialVector<KyberPolyTraits, Botan::CRYSTALS::Domain::Normal> |
Definition at line 30 of file kyber_types.h.
◆ KyberPolyVecNTT
| using Botan::KyberPolyVecNTT = Botan::CRYSTALS::PolynomialVector<KyberPolyTraits, Botan::CRYSTALS::Domain::NTT> |
Definition at line 26 of file kyber_types.h.
◆ KyberSamplingRandomness
| using Botan::KyberSamplingRandomness = Strong<secure_vector<uint8_t>, struct KyberSamplingRandomness_> |
PRF value used for sampling of error polynomials.
Definition at line 51 of file kyber_types.h.
◆ KyberSeedRandomness
| using Botan::KyberSeedRandomness = Strong<secure_vector<uint8_t>, struct KyberSeedRandomness_> |
Principal seed used to generate Kyber key pairs.
Definition at line 33 of file kyber_types.h.
◆ KyberSeedRho
| using Botan::KyberSeedRho = Strong<std::vector<uint8_t>, struct KyberSeedRho_> |
Public seed value to generate the Kyber matrix A.
Definition at line 36 of file kyber_types.h.
◆ KyberSeedSigma
| using Botan::KyberSeedSigma = Strong<secure_vector<uint8_t>, struct KyberSeedSigma_> |
Private seed used to generate polynomial vectors s and e during key generation.
Definition at line 39 of file kyber_types.h.
◆ KyberSerializedPublicKey
| using Botan::KyberSerializedPublicKey = Strong<std::vector<uint8_t>, struct KyberSerializedPublicKey_> |
Public key in serialized form (t || rho).
Definition at line 57 of file kyber_types.h.
◆ KyberSharedSecret
| using Botan::KyberSharedSecret = Strong<secure_vector<uint8_t>, struct KyberSharedSecret_> |
Shared secret value generated during encapsulation and recovered during decapsulation.
Definition at line 54 of file kyber_types.h.
◆ KyberSigmaOrEncryptionRandomness
Variant value of either a KyberSeedSigma or a KyberEncryptionRandomness.
Definition at line 70 of file kyber_types.h.
◆ LMOTS_K
| using Botan::LMOTS_K = Strong<std::vector<uint8_t>, struct LMOTS_K_> |
◆ LMOTS_Node
| using Botan::LMOTS_Node = Strong<secure_vector<uint8_t>, struct LMOTS_Node_> |
◆ LMOTS_Signature_Bytes
| using Botan::LMOTS_Signature_Bytes = Strong<std::vector<uint8_t>, struct LMOTS_Signature_Bytes_> |
◆ LMS_AuthenticationPath
| using Botan::LMS_AuthenticationPath = Strong<std::vector<uint8_t>, struct LMS_AuthenticationPath_> |
◆ LMS_Identifier
| using Botan::LMS_Identifier = Strong<std::vector<uint8_t>, struct LMS_Identifier_> |
◆ LMS_Message
| using Botan::LMS_Message = Strong<std::vector<uint8_t>, struct LMS_Message_> |
◆ LMS_Seed
| using Botan::LMS_Seed = Strong<secure_vector<uint8_t>, struct LMS_SEED_> |
◆ LMS_Signature_Bytes
| using Botan::LMS_Signature_Bytes = Strong<std::vector<uint8_t>, struct LMS_Signature_Bytes_> |
◆ LMS_Tree_Node
| using Botan::LMS_Tree_Node = Strong<std::vector<uint8_t>, struct LMS_Tree_Node_> |
◆ LMS_Tree_Node_Idx
| using Botan::LMS_Tree_Node_Idx = Strong<uint32_t, struct LMS_Tree_Node_Idx_, EnableArithmeticWithPlainNumber> |
◆ lock_guard_type
| using Botan::lock_guard_type = lock_guard<T> |
◆ MAC
| typedef MessageAuthenticationCode Botan::MAC |
◆ ML_DSA_Mode
| using Botan::ML_DSA_Mode = DilithiumMode |
◆ ML_DSA_PrivateKey
◆ ML_DSA_PublicKey
◆ ML_KEM_Mode
| using Botan::ML_KEM_Mode = KyberMode |
◆ ML_KEM_PrivateKey
◆ ML_KEM_PublicKey
◆ mutex_type
| using Botan::mutex_type = noop_mutex |
◆ next_longer_int_t
| using Botan::next_longer_int_t |
Definition at line 35 of file pqcrystals_helpers.h.
◆ next_longer_uint_t
| using Botan::next_longer_uint_t |
Definition at line 28 of file pqcrystals_helpers.h.
◆ Point448
| using Botan::Point448 = Strong<std::array<uint8_t, X448_LEN>, struct Point448_> |
Definition at line 18 of file x448_internal.h.
◆ PointGFp
| typedef EC_Point Botan::PointGFp |
Definition at line 430 of file ec_point.h.
◆ recursive_mutex_type
◆ RNG
| typedef RandomNumberGenerator Botan::RNG |
◆ S2K
| typedef PBKDF Botan::S2K |
◆ s32bit
| using Botan::s32bit = std::int32_t |
◆ ScalarX448
| using Botan::ScalarX448 = Strong<std::array<uint8_t, X448_LEN>, struct ScalarX448_> |
Definition at line 24 of file x448_internal.h.
◆ secure_bitvector
Definition at line 1304 of file bitvector.h.
◆ secure_deque
| using Botan::secure_deque = std::deque<T, secure_allocator<T>> |
◆ secure_vector
| using Botan::secure_vector = std::vector<T, secure_allocator<T>> |
◆ SecureVector
| using Botan::SecureVector = secure_vector<T> |
◆ SM2_Encryption_PrivateKey
◆ SM2_Encryption_PublicKey
◆ SM2_Signature_PrivateKey
◆ SM2_Signature_PublicKey
◆ SphincsAuthenticationPath
| using Botan::SphincsAuthenticationPath = Strong<std::vector<uint8_t>, struct SphincsAuthenticationPath_> |
Definition at line 67 of file sp_types.h.
◆ SphincsContext
| using Botan::SphincsContext = Strong<std::vector<uint8_t>, struct SphincsContext_> |
Definition at line 57 of file sp_types.h.
◆ SphincsHashedMessage
| using Botan::SphincsHashedMessage = Strong<std::vector<uint8_t>, struct SphincsHashedMessage_> |
Definition at line 59 of file sp_types.h.
◆ SphincsHypertreeSignature
| using Botan::SphincsHypertreeSignature = Strong<std::vector<uint8_t>, struct SphincsXmssSignature_> |
Definition at line 66 of file sp_types.h.
◆ SphincsInputMessage
| using Botan::SphincsInputMessage = Strong<std::vector<uint8_t>, struct SphincsInputMessage_> |
Definition at line 49 of file sp_types.h.
◆ SphincsMessagePrefix
| using Botan::SphincsMessagePrefix = Strong<std::vector<uint8_t>, struct SphincsMessagePrefix_> |
The prefix appended to the message in [hash_]slh_sign and slh_verify. E.g. for SLH-DSA (pure): 0x00 || |ctx| || ctx. Empty for SPHINCS+.
Definition at line 47 of file sp_types.h.
◆ SphincsMessageRandomness
| using Botan::SphincsMessageRandomness = Strong<secure_vector<uint8_t>, struct SphincsMessageRandomness_> |
Definition at line 64 of file sp_types.h.
◆ SphincsOptionalRandomness
| using Botan::SphincsOptionalRandomness = Strong<secure_vector<uint8_t>, struct SphincsOptionalRandomness_> |
Definition at line 63 of file sp_types.h.
◆ SphincsPublicSeed
| using Botan::SphincsPublicSeed = Strong<std::vector<uint8_t>, struct SphincsPublicSeed_> |
Definition at line 60 of file sp_types.h.
◆ SphincsSecretPRF
| using Botan::SphincsSecretPRF = Strong<secure_vector<uint8_t>, struct SphincsSecretPRF_> |
Definition at line 62 of file sp_types.h.
◆ SphincsSecretSeed
| using Botan::SphincsSecretSeed = Strong<secure_vector<uint8_t>, struct SphincsSecretSeed_> |
Definition at line 61 of file sp_types.h.
◆ SphincsTreeNode
| using Botan::SphincsTreeNode = Strong<std::vector<uint8_t>, struct SphincsTreeNode_> |
Either an XMSS or FORS tree node or leaf.
Definition at line 70 of file sp_types.h.
◆ SphincsXmssSignature
| using Botan::SphincsXmssSignature = Strong<std::vector<uint8_t>, struct SphincsXmssSignature_> |
Definition at line 65 of file sp_types.h.
◆ strong_type_wrapped_type
| using Botan::strong_type_wrapped_type = typename detail::wrapped_type_helper<std::remove_cvref_t<T>>::type |
Extracts the wrapped type from a strong type.
If the provided type is not a strong type, it is returned as is.
- Note
- This is meant as a helper for generic code that needs to deal with both wrapped strong types and bare objects. Use the ordinary ::wrapped_type declaration if you know that you are dealing with a strong type.
Definition at line 307 of file strong_type.h.
◆ SymmetricKey
| using Botan::SymmetricKey = OctetString |
◆ TreeLayerIndex
| using Botan::TreeLayerIndex = Strong<uint32_t, struct TreeLayerIndex_, EnableArithmeticWithPlainNumber> |
Index of the layer within a FORS/XMSS tree.
Definition at line 83 of file sp_types.h.
◆ TreeNodeIndex
| using Botan::TreeNodeIndex = Strong<uint32_t, struct TreeNodeIndex_, EnableArithmeticWithPlainNumber> |
Index of an individual node inside an XMSS or FORS tree.
Definition at line 92 of file sp_types.h.
◆ u16bit
| using Botan::u16bit = std::uint16_t |
◆ u32bit
| using Botan::u32bit = std::uint32_t |
◆ u64bit
| using Botan::u64bit = std::uint64_t |
◆ word
| using Botan::word = std::conditional_t<HasNative64BitRegisters, std::uint64_t, uint32_t> |
◆ wots_keysig_t
| typedef std::vector< secure_vector< uint8_t > > Botan::wots_keysig_t |
Definition at line 20 of file xmss_common_ops.h.
◆ WotsChainIndex
| using Botan::WotsChainIndex = Strong<uint32_t, struct WotsChainIndex_> |
Index of a WOTS chain within a single usage of WOTS.
Definition at line 95 of file sp_types.h.
◆ WotsHashIndex
| using Botan::WotsHashIndex = Strong<uint8_t, struct WotsHashIndex_, EnableArithmeticWithPlainNumber> |
Index of a hash application inside a single WOTS chain (integers in "base_w").
Definition at line 98 of file sp_types.h.
◆ WotsNode
| using Botan::WotsNode = Strong<secure_vector<uint8_t>, struct WotsNode_> |
Start (or intermediate) node of a WOTS+ chain.
Definition at line 79 of file sp_types.h.
◆ WotsPublicKey
| using Botan::WotsPublicKey = Strong<std::vector<uint8_t>, struct WotsPublicKey_> |
Definition at line 73 of file sp_types.h.
◆ WotsPublicKeyNode
| using Botan::WotsPublicKeyNode = Strong<std::vector<uint8_t>, struct WotsPublicKeyNode_> |
End node of a WOTS+ chain (part of the WOTS+ public key).
Definition at line 76 of file sp_types.h.
◆ WotsSignature
| using Botan::WotsSignature = Strong<secure_vector<uint8_t>, struct WotsSignature_> |
Definition at line 80 of file sp_types.h.
◆ X509_Time
| typedef ASN1_Time Botan::X509_Time |
Definition at line 23 of file asn1_obj.h.
◆ XmssTreeIndexInLayer
| using Botan::XmssTreeIndexInLayer = Strong<uint64_t, struct XmssTreeIndexInLayer_, EnableArithmeticWithPlainNumber> |
Index of an XMSS tree (unique for just the local hyper-tree layer).
Definition at line 89 of file sp_types.h.
Enumeration Type Documentation
◆ AlignmentBufferFinalBlock
|
strong |
Defines the strategy for handling the final block of input data in the handle_unaligned_data() method of the AlignmentBuffer<>.
- is_not_special: the final block is treated like any other block
- must_be_deferred: the final block is not emitted while bulk processing (typically add_data()) but is deferred until manually consumed (typically final_result())
The AlignmentBuffer<> assumes data to be "the final block" if no further input data is available in the BufferSlicer<>. This might result in some performance overhead when using the must_be_deferred strategy.
| Enumerator | |
|---|---|
| is_not_special | |
| must_be_deferred | |
Definition at line 33 of file alignment_buffer.h.
◆ ASN1_Class
|
strong |
ASN.1 Class Tags
| Enumerator | |
|---|---|
| Universal | |
| Application | |
| ContextSpecific | |
| Private | |
| Constructed | |
| ExplicitContextSpecific | |
| NoObject | |
Definition at line 28 of file asn1_obj.h.
◆ ASN1_Type
|
strong |
ASN.1 Type Tags
Definition at line 43 of file asn1_obj.h.
◆ Certificate_Status_Code
|
strong |
Certificate validation status code
Definition at line 20 of file pkix_enums.h.
◆ Cipher_Dir
|
strong |
The two possible directions a Cipher_Mode can operate in
| Enumerator | |
|---|---|
| Encryption | |
| Decryption | |
| ENCRYPTION | |
| DECRYPTION | |
Definition at line 25 of file cipher_mode.h.
◆ CRL_Code
|
strong |
X.509v2 CRL Reason Code.
| Enumerator | |
|---|---|
| Unspecified | |
| KeyCompromise | |
| CaCompromise | |
| AffiliationChanged | |
| Superseded | |
| CessationOfOperation | |
| CertificateHold | |
| RemoveFromCrl | |
| PrivilegeWithdrawn | |
| AaCompromise | |
Definition at line 198 of file pkix_enums.h.
◆ Decoder_Checking
| enum Botan::Decoder_Checking : uint8_t |
◆ DL_Group_Format
|
strong |
The DL group encoding format variants.
| Enumerator | |
|---|---|
| ANSI_X9_42 | |
| ANSI_X9_57 | |
| PKCS_3 | |
| DSA_PARAMETERS | |
| DH_PARAMETERS | |
| ANSI_X9_42_DH_PARAMETERS | |
| PKCS3_DH_PARAMETERS | |
Definition at line 30 of file dl_group.h.
◆ DL_Group_Source
|
strong |
| Enumerator | |
|---|---|
| Builtin | |
| RandomlyGenerated | |
| ExternalSource | |
Definition at line 21 of file dl_group.h.
◆ EC_Group_Encoding
|
strong |
This enum indicates the method used to encode the EC parameters
- Warning
- All support for explicit or implicit domain encodings will be removed in Botan4. Only named curves will be supported.
TODO(Botan4) remove this enum
| Enumerator | |
|---|---|
| Explicit | |
| ImplicitCA | |
| NamedCurve | |
| EC_DOMPAR_ENC_EXPLICIT | |
| EC_DOMPAR_ENC_IMPLICITCA | |
| EC_DOMPAR_ENC_OID | |
Definition at line 27 of file ec_point_format.h.
◆ EC_Group_Engine
|
strong |
Enum indicating the way the group in question is implemented
This is returned by EC_Group::engine
Definition at line 48 of file ec_group.h.
◆ EC_Group_Source
|
strong |
This enum indicates the source of the elliptic curve parameters in use.
Builtin means the curve is a known standard one which was compiled in the library.
ExternalSource means the curve parameters came from either an explicit curve encoding or an application defined curve.
| Enumerator | |
|---|---|
| Builtin | |
| ExternalSource | |
Definition at line 38 of file ec_group.h.
◆ EC_Point_Format
|
strong |
| Enumerator | |
|---|---|
| Uncompressed | |
| Compressed | |
| UNCOMPRESSED | |
| COMPRESSED | |
| Hybrid | |
| HYBRID | |
Definition at line 37 of file ec_point_format.h.
◆ ECIES_Flags
|
strong |
Flags controlling ECIES operation
Two of the flags are related to how cofactors are handled. Support for cofactors is deprecated and will be removed in Botan4.
The CheckMode flag is completely ignored; we always check that the point is valid.
TODO(Botan4) remove this enum
Definition at line 44 of file ecies.h.
◆ ErrorType
|
strong |
Different types of errors that might occur
| Enumerator | |
|---|---|
| Unknown | Some unknown error |
| SystemError | An error while calling a system interface |
| NotImplemented | An operation seems valid, but not supported by the current version |
| OutOfMemory | Memory allocation failure |
| InternalError | An internal error occurred |
| IoError | An I/O error occurred |
| InvalidObjectState | Invalid object state |
| KeyNotSet | A key was not set on an object when this is required |
| InvalidArgument | The application provided an argument which is invalid |
| InvalidKeyLength | A key with invalid length was provided |
| InvalidNonceLength | A nonce with invalid length was provided |
| LookupError | An object type was requested but cannot be found |
| EncodingFailure | Encoding a message or datum failed |
| DecodingFailure | Decoding a message or datum failed |
| TLSError | A TLS error (error_code will be the alert type) |
| HttpError | An error during an HTTP operation |
| InvalidTag | A message with an invalid authentication tag was detected |
| RoughtimeError | An error during Roughtime validation |
| CommonCryptoError | An error when interacting with CommonCrypto API |
| Pkcs11Error | An error when interacting with a PKCS11 device |
| TPMError | An error when interacting with a TPM device |
| DatabaseError | An error when interacting with a database |
| ZlibError | An error when interacting with zlib |
| Bzip2Error | An error when interacting with bzip2 |
| LzmaError | An error when interacting with lzma |
Definition at line 21 of file exceptn.h.
◆ LMOTS_Algorithm_Type
|
strong |
Enum of available LM-OTS algorithm types.
The supported parameter sets are defined in RFC 8554 Section 4.1. and draft-fluhrer-lms-more-parm-sets-11 Section 4. HSS/LMS typecodes are introduced in RFC 8554 Section 3.2. and their format specified in Section 3.3.
Definition at line 68 of file lm_ots.h.
◆ LMS_Algorithm_Type
|
strong |
Enum of available LMS algorithm types.
The supported parameter sets are defined in RFC 8554 Section 5.1. and draft-fluhrer-lms-more-parm-sets-11 Section 5. HSS/LMS typecodes are introduced in RFC 8554 Section 3.2. and their format specified in Section 3.3.
Definition at line 32 of file lms.h.
◆ MD_Endian
|
strong |
| Enumerator | |
|---|---|
| Little | |
| Big | |
Definition at line 20 of file mdx_hash.h.
◆ MlPrivateKeyFormat
|
strong |
Byte encoding format of ML-KEM and ML-DSA the private key.
Definition at line 81 of file kyber.h.
◆ PublicKeyOperation
|
strong |
Enumeration of possible operations a public key could be used for.
It is possible to query if a key supports a particular operation type using Asymmetric_Key::supports_operation()
| Enumerator | |
|---|---|
| Encryption | |
| Signature | |
| KeyEncapsulation | |
| KeyAgreement | |
◆ Signature_Format
|
strong |
Enumeration specifying the signature format.
This is mostly used for requesting DER encoding of ECDSA signatures; most other algorithms only support "standard".
| Enumerator | |
|---|---|
| Standard | |
| DerSequence | |
| IEEE_1363 | |
| DER_SEQUENCE | |
◆ Sphincs_Address_Type
|
strong |
| Enumerator | |
|---|---|
| WotsHash | |
| WotsPublicKeyCompression | |
| HashTree | |
| ForsTree | |
| ForsTreeRootsCompression | |
| WotsKeyGeneration | |
| ForsKeyGeneration | |
Definition at line 18 of file sp_address.h.
◆ Sphincs_Hash_Type
|
strong |
| Enumerator | |
|---|---|
| Shake256 | |
| Sha256 | |
| Haraka | Haraka is currently not supported. |
Definition at line 18 of file sp_parameters.h.
◆ Sphincs_Parameter_Set
|
strong |
| Enumerator | |
|---|---|
| Sphincs128Small | |
| Sphincs128Fast | |
| Sphincs192Small | |
| Sphincs192Fast | |
| Sphincs256Small | |
| Sphincs256Fast | |
| SLHDSA128Small | |
| SLHDSA128Fast | |
| SLHDSA192Small | |
| SLHDSA192Fast | |
| SLHDSA256Small | |
| SLHDSA256Fast | |
Definition at line 24 of file sp_parameters.h.
◆ TPM_Storage_Type
|
strong |
◆ Usage_Type
|
strong |
| Enumerator | |
|---|---|
| UNSPECIFIED | |
| TLS_SERVER_AUTH | |
| TLS_CLIENT_AUTH | |
| CERTIFICATE_AUTHORITY | |
| OCSP_RESPONDER | |
| ENCRYPTION | |
Definition at line 211 of file pkix_enums.h.
◆ WOTS_Derivation_Method
|
strong |
Determines how WOTS+ private keys are derived from the XMSS private key
| Enumerator | |
|---|---|
| Botan2x | This roughly followed the suggestions in RFC 8391 but is vulnerable to a multi-target attack. For new private keys, we recommend using the derivation as suggested in NIST SP.800-208. Private keys generated with Botan 2.x will need to stay with this mode, otherwise they won't be able to generate valid signatures any longer. |
| NIST_SP800_208 | Derivation as specified in NIST SP.800-208 to avoid a multi-target attack on the WOTS+ key derivation suggested in RFC 8391. New private keys should use this mode. |
Definition at line 136 of file xmss.h.
Function Documentation
◆ abs()
Return the absolute value
- Parameters
-
n an integer
- Returns
- absolute value of n
Definition at line 22 of file numthry.h.
References Botan::BigInt::abs().
Referenced by Botan::EC_Group::EC_Group(), gcd(), and Botan::EC_Group::verify_group().
◆ absorb_into_sponge() [1/2]
|
inline |
Definition at line 233 of file sponge_processing.h.
References absorb_into_sponge().
◆ absorb_into_sponge() [2/2]
|
inline |
Absorbs input data into the sponge state.
- Parameters
-
sponge The sponge state to absorb data into. input The input data to absorb. permutation_fn The function to call for the sponge's permutation.
Definition at line 221 of file sponge_processing.h.
References BOTAN_ASSERT_NOMSG, Botan::BufferSlicer::empty(), and process_bytes_in_sponge().
Referenced by Botan::Ascon_p::absorb(), Botan::Keccak_Permutation::absorb(), and absorb_into_sponge().
◆ allocate_memory()
| void * Botan::allocate_memory | ( | size_t | elems, |
| size_t | elem_size ) |
Allocate a memory buffer by some method. This should only be used for primitive types (uint8_t, uint32_t, etc).
- Parameters
-
elems the number of elements elem_size the size of each element
- Returns
- pointer to allocated and zeroed memory, or throw std::bad_alloc on failure
Definition at line 21 of file allocator.cpp.
References BOTAN_MALLOC_FN, checked_mul(), and Botan::mlock_allocator::instance().
Referenced by Botan::secure_allocator< T >::allocate().
◆ any_null_pointers()
| bool Botan::any_null_pointers | ( | Ptrs... | ptr | ) |
Return true if any of the provided arguments are null
Definition at line 54 of file mem_utils.h.
Referenced by botan_x509_cert_allowed_extended_usage_str(), botan_x509_cert_excluded_name_constraints(), botan_x509_cert_excluded_name_constraints_count(), botan_x509_cert_get_issuer_dn_count(), botan_x509_cert_get_path_length_constraint(), botan_x509_cert_get_subject_dn_count(), botan_x509_cert_issuer_alternative_names(), botan_x509_cert_issuer_alternative_names_count(), botan_x509_cert_permitted_name_constraints(), botan_x509_cert_permitted_name_constraints_count(), botan_x509_cert_serial_number(), botan_x509_cert_subject_alternative_names(), botan_x509_cert_subject_alternative_names_count(), botan_x509_crl_create(), botan_x509_crl_entries(), botan_x509_crl_entries_count(), botan_x509_crl_entry_create(), botan_x509_crl_entry_reason(), botan_x509_crl_entry_revocation_date(), botan_x509_crl_entry_serial_number(), botan_x509_crl_next_update(), botan_x509_crl_this_update(), botan_x509_crl_update(), botan_x509_general_name_get_type(), botan_xof_block_size(), botan_xof_init(), botan_xof_name(), botan_xof_output(), and botan_xof_update().
◆ argon2()
|
inline |
Argon2 key derivation function
- Parameters
-
output the output will be placed here output_len length of output password the user password password_len the length of password salt the salt salt_len length of salt key an optional secret key key_len the length of key ad an optional additional input ad_len the length of ad y the Argon2 variant (0 = Argon2d, 1 = Argon2i, 2 = Argon2id) p the parallelization parameter M the amount of memory to use in Kb t the number of iterations to use
Definition at line 139 of file argon2.h.
References argon2(), and Botan::PasswordHashFamily::create_or_throw().
Referenced by argon2().
◆ argon2_check_pwhash()
| bool Botan::argon2_check_pwhash | ( | const char * | password, |
| size_t | password_len, | ||
| std::string_view | hash ) |
Check a previously created password hash
Verify an Argon2 password hash against the provided password. Returns false if the input hash seems malformed or if the computed hash does not match.
- Parameters
-
password the password to check against password_len the length of password hash the stored hash to check against
Definition at line 77 of file argon2fmt.cpp.
References base64_decode(), base64_decode_max_output(), Botan::PasswordHashFamily::create_or_throw(), Botan::CT::is_equal(), split_on(), and to_u32bit().
◆ argon2_generate_pwhash()
| std::string Botan::argon2_generate_pwhash | ( | const char * | password, |
| size_t | password_len, | ||
| RandomNumberGenerator & | rng, | ||
| size_t | p, | ||
| size_t | M, | ||
| size_t | t, | ||
| uint8_t | y = 2, | ||
| size_t | salt_len = 16, | ||
| size_t | output_len = 32 ) |
Generate an Argon2 hash of the specified password. The y parameter specifies the variant: 0 for Argon2d, 1 for Argon2i, and 2 for Argon2id.
Definition at line 42 of file argon2fmt.cpp.
References base64_encode(), Botan::PasswordHashFamily::create_or_throw(), fmt(), and Botan::RandomNumberGenerator::randomize().
◆ as_span_of_bytes() [1/3]
|
inline |
Definition at line 59 of file mem_utils.h.
Referenced by Botan::DER_Encoder::add_object(), Botan::TLS::append_tls_length_value(), as_span_of_bytes(), as_span_of_bytes(), check_bcrypt(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::cSHAKE_XOF::cSHAKE_XOF(), cstr_as_span_of_bytes(), Botan::DataSource_Memory::DataSource_Memory(), Botan::CryptoBox::decrypt(), Botan::CryptoBox::decrypt_bin(), Botan::Bcrypt_PBKDF::derive_key(), Botan::PK_Key_Agreement::derive_key(), Botan::PK_Key_Agreement::derive_key(), Botan::Scrypt::derive_key(), Botan::Encrypted_PSK_Database::get(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), hkdf_expand_label(), Botan::TLS::Channel_Impl_12::key_material_export(), Botan::Pipe::process_msg(), Botan::Encrypted_PSK_Database::remove(), Botan::TLS::Server_Name_Indicator::serialize(), Botan::Encrypted_PSK_Database::set(), Botan::PSK_Database::set_str(), Botan::Buffered_Computation::update(), Botan::PK_Signer::update(), Botan::PK_Verifier::update(), and Botan::Pipe::write().
◆ as_span_of_bytes() [2/3]
|
inline |
Definition at line 64 of file mem_utils.h.
References as_span_of_bytes().
◆ as_span_of_bytes() [3/3]
|
inline |
Definition at line 68 of file mem_utils.h.
References as_span_of_bytes().
◆ asn1_class_to_string()
| std::string BOTAN_UNSTABLE_API Botan::asn1_class_to_string | ( | ASN1_Class | type | ) |
Definition at line 79 of file asn1_obj.cpp.
References Application, Constructed, ContextSpecific, NoObject, Private, and Universal.
Referenced by Botan::BER_Object::assert_is_a().
◆ asn1_tag_to_string()
| std::string BOTAN_UNSTABLE_API Botan::asn1_tag_to_string | ( | ASN1_Type | type | ) |
Definition at line 98 of file asn1_obj.cpp.
References BitString, BmpString, Boolean, Enumerated, GeneralizedTime, Ia5String, Integer, NoObject, Null, NumericString, ObjectId, OctetString, PrintableString, Sequence, Set, TeletexString, UniversalString, UtcTime, Utf8String, and VisibleString.
Referenced by Botan::BER_Object::assert_is_a().
◆ assert_unreachable()
| void BOTAN_UNSTABLE_API Botan::assert_unreachable | ( | const char * | file, |
| int | line ) |
Definition at line 61 of file assert.cpp.
References fmt().
◆ assertion_failure()
| void Botan::assertion_failure | ( | const char * | expr_str, |
| const char * | assertion_made, | ||
| const char * | func, | ||
| const char * | file, | ||
| int | line ) |
Called when an assertion fails Throws an Exception object
Definition at line 36 of file assert.cpp.
◆ base32_decode() [1/5]
| secure_vector< uint8_t > Botan::base32_decode | ( | const char | input[], |
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform base32 decoding
- Parameters
-
input some base32 input input_length the length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded base32 output
Definition at line 165 of file base32.cpp.
References base_decode_to_vec().
◆ base32_decode() [2/5]
| secure_vector< uint8_t > Botan::base32_decode | ( | std::string_view | input, |
| bool | ignore_ws = true ) |
Perform base32 decoding
- Parameters
-
input some base32 input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded base32 output
Definition at line 169 of file base32.cpp.
References base32_decode().
◆ base32_decode() [3/5]
| size_t Botan::base32_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs, | ||
| bool | ignore_ws = true ) |
Perform base32 decoding
- Parameters
-
output an array of at least base32_decode_max_output bytes input some base32 input input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding is allowed ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 152 of file base32.cpp.
References base_decode().
Referenced by base32_decode(), and base32_decode().
◆ base32_decode() [4/5]
| size_t Botan::base32_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform base32 decoding
- Parameters
-
output an array of at least base32_decode_max_output bytes input some base32 input input_length length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 157 of file base32.cpp.
References base_decode_full().
◆ base32_decode() [5/5]
| size_t Botan::base32_decode | ( | uint8_t | output[], |
| std::string_view | input, | ||
| bool | ignore_ws = true ) |
Perform base32 decoding
- Parameters
-
output an array of at least base32_decode_max_output bytes input some base32 input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 161 of file base32.cpp.
References base32_decode().
◆ base32_decode_max_output()
| size_t Botan::base32_decode_max_output | ( | size_t | input_length | ) |
Calculate the size of output buffer for base32_decode
- Parameters
-
input_length the length of input in bytes
- Returns
- the size of output buffer in bytes
Definition at line 177 of file base32.cpp.
◆ base32_encode() [1/3]
| size_t Botan::base32_encode | ( | char | output[], |
| const uint8_t | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs ) |
Perform base32 encoding
- Parameters
-
output an array of at least base32_encode_max_output bytes input is some binary data input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding chars will be applied if needed
- Returns
- number of bytes written to output
Definition at line 144 of file base32.cpp.
References base_encode().
Referenced by base32_encode().
◆ base32_encode() [2/3]
| std::string Botan::base32_encode | ( | const uint8_t | input[], |
| size_t | input_length ) |
Perform base32 encoding
- Parameters
-
input some input input_length length of input in bytes
- Returns
- base32 representation of input
Definition at line 148 of file base32.cpp.
References base_encode_to_string().
◆ base32_encode() [3/3]
|
inline |
Perform base32 encoding
- Parameters
-
input some input
- Returns
- base32 representation of input
Definition at line 47 of file base32.h.
References base32_encode().
◆ base32_encode_max_output()
| size_t Botan::base32_encode_max_output | ( | size_t | input_length | ) |
Calculate the size of output buffer for base32_encode
- Parameters
-
input_length the length of input in bytes
- Returns
- the size of output buffer in bytes
Definition at line 173 of file base32.cpp.
◆ base58_check_decode() [1/2]
| std::vector< uint8_t > Botan::base58_check_decode | ( | const char | input[], |
| size_t | input_length ) |
Perform base58 decoding with checksum
Definition at line 239 of file base58.cpp.
References base58_decode(), and load_be().
Referenced by base58_check_decode().
◆ base58_check_decode() [2/2]
|
inline |
Definition at line 57 of file base58.h.
References base58_check_decode().
◆ base58_check_encode() [1/2]
| std::string Botan::base58_check_encode | ( | const uint8_t | input[], |
| size_t | input_length ) |
Perform base58 encoding with checksum
Definition at line 186 of file base58.cpp.
References base58_encode().
Referenced by base58_check_encode().
◆ base58_check_encode() [2/2]
|
inline |
Definition at line 49 of file base58.h.
References base58_check_encode().
◆ base58_decode() [1/2]
| std::vector< uint8_t > Botan::base58_decode | ( | const char | input[], |
| size_t | input_length ) |
Perform base58 decoding
This is raw base58 encoding, without the checksum
Definition at line 193 of file base58.cpp.
References Botan::BigInt::bytes(), and Botan::BigInt::serialize().
Referenced by base58_check_decode(), and base58_decode().
◆ base58_decode() [2/2]
|
inline |
Definition at line 53 of file base58.h.
References base58_decode().
◆ base58_encode() [1/2]
| std::string Botan::base58_encode | ( | const uint8_t | input[], |
| size_t | input_length ) |
Perform base58 encoding
This is raw base58 encoding, without the checksum
Definition at line 181 of file base58.cpp.
References base58_encode().
Referenced by base58_check_encode(), base58_encode(), and base58_encode().
◆ base58_encode() [2/2]
|
inline |
Definition at line 45 of file base58.h.
References base58_encode().
◆ base64_decode() [1/6]
| secure_vector< uint8_t > Botan::base64_decode | ( | const char | input[], |
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
input some base64 input input_length the length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded base64 output
Definition at line 187 of file base64.cpp.
References base_decode_to_vec().
◆ base64_decode() [2/6]
| size_t Botan::base64_decode | ( | std::span< uint8_t > | output, |
| std::string_view | input, | ||
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
output a contiguous byte buffer of at least base64_decode_max_output bytes input some base64 input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 180 of file base64.cpp.
References base64_decode(), and base64_decode_max_output().
◆ base64_decode() [3/6]
| secure_vector< uint8_t > Botan::base64_decode | ( | std::string_view | input, |
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
input some base64 input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded base64 output
Definition at line 191 of file base64.cpp.
References base64_decode().
◆ base64_decode() [4/6]
| size_t Botan::base64_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs, | ||
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
output an array of at least base64_decode_max_output bytes input some base64 input input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding is allowed ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 167 of file base64.cpp.
References base_decode().
Referenced by argon2_check_pwhash(), base64_decode(), base64_decode(), base64_decode(), botan_base64_decode(), Botan::Roughtime::Chain::Chain(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::list_names(), Botan::Roughtime::servers_from_str(), and Botan::Base64_Decoder::write().
◆ base64_decode() [5/6]
| size_t Botan::base64_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
output an array of at least base64_decode_max_output bytes input some base64 input input_length length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 172 of file base64.cpp.
References base_decode_full().
◆ base64_decode() [6/6]
| size_t Botan::base64_decode | ( | uint8_t | output[], |
| std::string_view | input, | ||
| bool | ignore_ws = true ) |
Perform base64 decoding
- Parameters
-
output an array of at least base64_decode_max_output bytes input some base64 input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 176 of file base64.cpp.
References base64_decode().
◆ base64_decode_max_output()
| size_t Botan::base64_decode_max_output | ( | size_t | input_length | ) |
Calculate the size of output buffer for base64_decode
- Parameters
-
input_length the length of input in bytes
- Returns
- the size of output buffer in bytes
Definition at line 199 of file base64.cpp.
Referenced by argon2_check_pwhash(), base64_decode(), and botan_base64_decode().
◆ base64_encode() [1/3]
| size_t Botan::base64_encode | ( | char | output[], |
| const uint8_t | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs ) |
Perform base64 encoding
- Parameters
-
output an array of at least base64_encode_max_output bytes input is some binary data input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding chars will be applied if needed
- Returns
- number of bytes written to output
Definition at line 159 of file base64.cpp.
References base_encode().
Referenced by argon2_generate_pwhash(), base64_encode(), Botan::OCSP::Request::base64_encode(), botan_base64_encode(), Botan::PEM_Code::encode(), generate_passhash9(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::remove(), Botan::Encrypted_PSK_Database::set(), and Botan::Roughtime::Chain::to_string().
◆ base64_encode() [2/3]
| std::string Botan::base64_encode | ( | const uint8_t | input[], |
| size_t | input_length ) |
Perform base64 encoding
- Parameters
-
input some input input_length length of input in bytes
- Returns
- base64adecimal representation of input
Definition at line 163 of file base64.cpp.
References base_encode_to_string().
◆ base64_encode() [3/3]
|
inline |
Perform base64 encoding
- Parameters
-
input some input
- Returns
- base64adecimal representation of input
Definition at line 47 of file base64.h.
References base64_encode().
◆ base64_encode_max_output()
| size_t Botan::base64_encode_max_output | ( | size_t | input_length | ) |
Calculate the size of output buffer for base64_encode
- Parameters
-
input_length the length of input in bytes
- Returns
- the size of output buffer in bytes
Definition at line 195 of file base64.cpp.
◆ base_decode()
| size_t Botan::base_decode | ( | const Base & | base, |
| uint8_t | output[], | ||
| const char | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs, | ||
| bool | ignore_ws = true ) |
Perform decoding using the base provided
- Parameters
-
base object giving access to the encodings specifications output an array of at least Base::decode_max_output bytes input some base input input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding is allowed ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 118 of file codec_base.h.
References clear_mem(), and out_ptr().
Referenced by base32_decode(), base64_decode(), and base_decode_full().
◆ base_decode_full()
| size_t Botan::base_decode_full | ( | const Base & | base, |
| uint8_t | output[], | ||
| const char | input[], | ||
| size_t | input_length, | ||
| bool | ignore_ws ) |
Definition at line 178 of file codec_base.h.
References base_decode().
Referenced by base32_decode(), base64_decode(), and base_decode_to_vec().
◆ base_decode_to_vec()
| Vector Botan::base_decode_to_vec | ( | const Base & | base, |
| const char | input[], | ||
| size_t | input_length, | ||
| bool | ignore_ws ) |
Definition at line 190 of file codec_base.h.
References base_decode_full().
Referenced by base32_decode(), and base64_decode().
◆ base_encode()
| size_t Botan::base_encode | ( | const Base & | base, |
| char | output[], | ||
| const uint8_t | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | final_inputs ) |
Perform encoding using the base provided
- Parameters
-
base object giving access to the encodings specifications output an array of at least base.encode_max_output bytes input is some binary data input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. final_inputs true iff this is the last input, in which case padding chars will be applied if needed
- Returns
- number of bytes written to output
Definition at line 35 of file codec_base.h.
Referenced by base32_encode(), base64_encode(), and base_encode_to_string().
◆ base_encode_to_string()
| std::string Botan::base_encode_to_string | ( | const Base & | base, |
| const uint8_t | input[], | ||
| size_t | input_length ) |
Definition at line 84 of file codec_base.h.
References base_encode(), and BOTAN_ASSERT_EQUAL.
Referenced by base32_encode(), and base64_encode().
◆ basecase_mul()
| void Botan::basecase_mul | ( | word | z[], |
| size_t | z_size, | ||
| const word | x[], | ||
| size_t | x_size, | ||
| const word | y[], | ||
| size_t | y_size ) |
Basecase O(N^2) multiplication
Definition at line 20 of file mp_karat.cpp.
References carry(), word8_madd3(), word_madd3(), and zeroize_buffer().
Referenced by bigint_mul().
◆ basecase_sqr()
Basecase O(N^2) squaring
Definition at line 46 of file mp_karat.cpp.
References carry(), word8_madd3(), word_madd3(), and zeroize_buffer().
Referenced by bigint_sqr().
◆ basemul_booth_exec()
| C::ProjectivePoint Botan::basemul_booth_exec | ( | std::span< const typename C::AffinePoint > | table, |
| const BlindedScalar & | scalar, | ||
| RandomNumberGenerator & | rng ) |
Definition at line 306 of file pcurves_mul.h.
References booth_recode(), Botan::CT::poison(), and Botan::CT::unpoison().
Referenced by Botan::PrecomputedBaseMulTable< C, W >::mul().
◆ basemul_booth_setup()
| std::vector< typename C::AffinePoint > Botan::basemul_booth_setup | ( | const typename C::AffinePoint & | p, |
| size_t | max_scalar_bits ) |
Definition at line 254 of file pcurves_mul.h.
References to_affine_batch().
Referenced by Botan::PrecomputedBaseMulTable< C, W >::PrecomputedBaseMulTable().
◆ basemul_exec()
| C::ProjectivePoint Botan::basemul_exec | ( | std::span< const typename C::AffinePoint > | table, |
| const BlindedScalar & | scalar, | ||
| RandomNumberGenerator & | rng ) |
Definition at line 200 of file pcurves_mul.h.
References Botan::CT::poison(), and Botan::CT::unpoison().
◆ basemul_setup()
| std::vector< typename C::AffinePoint > Botan::basemul_setup | ( | const typename C::AffinePoint & | p, |
| size_t | max_scalar_bits ) |
Definition at line 165 of file pcurves_mul.h.
References to_affine_batch().
◆ bcrypt_pbkdf()
|
inline |
Bcrypt PBKDF compatible with OpenBSD bcrypt_pbkdf
Definition at line 71 of file bcrypt_pbkdf.h.
References bcrypt_pbkdf(), and Botan::PasswordHashFamily::create_or_throw().
Referenced by bcrypt_pbkdf().
◆ bigint_add2()
|
inlineconstexpr |
Two operand addition with carry out
Definition at line 94 of file mp_core.h.
References BOTAN_ASSERT, carry(), word8_add2(), and word_add().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::_invert_vartime_div2_helper(), Botan::BigInt::add(), Botan::BlindedScalarBits< C, WindowBits+1 >::BlindedScalarBits(), p_div_2_plus_1(), and redc_crandall().
◆ bigint_add3()
|
inlineconstexpr |
Three operand addition with carry out
Definition at line 120 of file mp_core.h.
References bigint_add3(), carry(), word8_add3(), and word_add().
Referenced by Botan::BigInt::add2(), bigint_add3(), Botan::BigInt::mod_add(), Botan::Montgomery_Int::operator+(), and p_plus_1_over_4().
◆ bigint_cmp()
|
inlineconstexpr |
Compare x and y Return -1 if x < y Return 0 if x == y Return 1 if x > y
Definition at line 426 of file mp_core.h.
References BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), Botan::CT::Mask< T >::is_zero(), and Botan::CT::unpoison().
Referenced by Botan::BigInt::add(), Botan::BigInt::add2(), Botan::BigInt::cmp(), Botan::BigInt::cmp_word(), and gcd().
◆ bigint_cnd_abs()
|
inlineconstexpr |
Definition at line 80 of file mp_core.h.
References carry(), Botan::CT::Mask< T >::expand(), and word_add().
◆ bigint_cnd_add()
|
inlineconstexpr |
Definition at line 45 of file mp_core.h.
References carry(), Botan::CT::Mask< T >::expand(), and word_add().
Referenced by Botan::BigInt::mod_sub(), and Botan::Montgomery_Int::operator-().
◆ bigint_cnd_sub()
|
inlineconstexpr |
Definition at line 62 of file mp_core.h.
References carry(), Botan::CT::Mask< T >::expand(), and word_sub().
◆ bigint_cnd_swap()
|
inlineconstexpr |
Definition at line 29 of file mp_core.h.
References Botan::CT::Mask< T >::expand().
Referenced by Botan::BigInt::ct_cond_swap(), and ct_divide_pow2k().
◆ bigint_comba_mul16()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul16 | ( | word | z[32], |
| const word | x[16], | ||
| const word | y[16] ) |
Definition at line 794 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul(), and comba_mul().
◆ bigint_comba_mul24()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul24 | ( | word | z[48], |
| const word | x[24], | ||
| const word | y[24] ) |
Definition at line 1446 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul().
◆ bigint_comba_mul4()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul4 | ( | word | z[8], |
| const word | x[4], | ||
| const word | y[4] ) |
Definition at line 42 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul(), and comba_mul().
◆ bigint_comba_mul6()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul6 | ( | word | z[12], |
| const word | x[6], | ||
| const word | y[6] ) |
Definition at line 115 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul(), and comba_mul().
◆ bigint_comba_mul7()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul7 | ( | word | z[14], |
| const word | x[7], | ||
| const word | y[7] ) |
Definition at line 221 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by comba_mul().
◆ bigint_comba_mul8()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul8 | ( | word | z[16], |
| const word | x[8], | ||
| const word | y[8] ) |
Definition at line 352 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul(), and comba_mul().
◆ bigint_comba_mul9()
| BOTAN_FUZZER_API void Botan::bigint_comba_mul9 | ( | word | z[18], |
| const word | x[9], | ||
| const word | y[9] ) |
Definition at line 511 of file mp_comba.cpp.
References Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by bigint_mul(), and comba_mul().
◆ bigint_comba_sqr16()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr16 | ( | word | z[32], |
| const word | x[16] ) |
Definition at line 618 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr(), and comba_sqr().
◆ bigint_comba_sqr24()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr24 | ( | word | z[48], |
| const word | x[24] ) |
Definition at line 1090 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr().
◆ bigint_comba_sqr4()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr4 | ( | word | z[8], |
| const word | x[4] ) |
Definition at line 16 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr(), and comba_sqr().
◆ bigint_comba_sqr6()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr6 | ( | word | z[12], |
| const word | x[6] ) |
Definition at line 74 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr(), and comba_sqr().
◆ bigint_comba_sqr7()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr7 | ( | word | z[14], |
| const word | x[7] ) |
Definition at line 171 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by comba_sqr().
◆ bigint_comba_sqr8()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr8 | ( | word | z[16], |
| const word | x[8] ) |
Definition at line 292 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr(), and comba_sqr().
◆ bigint_comba_sqr9()
| BOTAN_FUZZER_API void Botan::bigint_comba_sqr9 | ( | word | z[18], |
| const word | x[9] ) |
Definition at line 440 of file mp_comba.cpp.
References Botan::word3< W >::extract(), Botan::word3< W >::mul(), and Botan::word3< W >::mul_x2().
Referenced by bigint_sqr(), and comba_sqr().
◆ bigint_ct_is_eq()
|
inlineconstexpr |
Definition at line 506 of file mp_core.h.
References Botan::CT::Mask< T >::is_zero().
Referenced by Botan::BigInt::is_equal().
◆ bigint_ct_is_lt()
|
inlineconstexpr |
Compare x and y Returns a Mask: |1| if x[0:x_size] < y[0:y_size] or |0| otherwise If lt_or_equal is true, returns |1| also for x == y
Definition at line 473 of file mp_core.h.
References Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_zero().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::deserialize(), Botan::BigInt::is_less_than(), Botan::PCurve::GenericPrimeOrderCurve::mul2_vartime_x_mod_order_eq(), and Botan::PCurve::PrimeOrderCurveImpl< C >::mul2_vartime_x_mod_order_eq().
◆ bigint_linmul2()
|
inlinenodiscardconstexpr |
Definition at line 392 of file mp_core.h.
References carry(), and word_madd2().
Referenced by Botan::BigInt::operator*=().
◆ bigint_linmul3()
|
inlineconstexpr |
Definition at line 403 of file mp_core.h.
References carry(), word8_linmul3(), and word_madd2().
Referenced by bigint_mul(), bigint_sqr(), Botan::BigInt::mul(), operator*(), and operator*().
◆ bigint_monty_maybe_sub() [1/2]
|
inlineconstexpr |
Conditional subtraction for Montgomery reduction
This function assumes that (x0 || x) is less than 2*p
Computes z[0:N] = (x0 || x[0:N]) - p[0:N]
If z would be positive, returns z[0:N] Otherwise returns original input x
Definition at line 225 of file mp_core.h.
References Botan::CT::conditional_assign_mem(), word8_sub3(), and word_sub().
Referenced by bigint_monty_redc_12(), bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), bigint_monty_redc_generic(), monty_redc(), monty_redc_pdash1(), Botan::IntMod< MontgomeryRep< ScalarParams > >::mul2(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator+, and Botan::Montgomery_Int::operator+().
◆ bigint_monty_maybe_sub() [2/2]
|
inlineconstexpr |
Conditional subtraction for Montgomery reduction
This function assumes that (x0 || x) is less than 2*p
Computes z[0:N] = (x0 || x[0:N]) - p[0:N]
If z would be positive, returns z[0:N] Otherwise returns original input x
Definition at line 254 of file mp_core.h.
References Botan::CT::conditional_assign_mem(), and word_sub().
◆ bigint_monty_redc()
|
inline |
Montgomery Reduction
- Parameters
-
r result of exactly p_size words z integer to reduce, of size exactly 2*p_size. p modulus p_size size of p p_dash Montgomery value ws array of at least p_size words ws_size size of ws in words
It is allowed to set &r[0] == &z[0] however in this case note that only the first p_size words of r will be written to and the high p_size words of r/z will still hold the original inputs, these must be cleared after use. See bigint_monty_redc_inplace
Definition at line 906 of file mp_core.h.
References bigint_monty_redc_12(), bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), bigint_monty_redc_generic(), and BOTAN_ARG_CHECK.
Referenced by bigint_monty_redc_inplace().
◆ bigint_monty_redc_12()
| void Botan::bigint_monty_redc_12 | ( | word | r[12], |
| const word | z[24], | ||
| const word | p[12], | ||
| word | p_dash, | ||
| word | ws[12] ) |
Definition at line 200 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc(), and monty_redc().
◆ bigint_monty_redc_16()
| void Botan::bigint_monty_redc_16 | ( | word | r[16], |
| const word | z[32], | ||
| const word | p[16], | ||
| word | p_dash, | ||
| word | ws[16] ) |
Definition at line 386 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc(), and monty_redc().
◆ bigint_monty_redc_24()
| void Botan::bigint_monty_redc_24 | ( | word | r[24], |
| const word | z[48], | ||
| const word | p[24], | ||
| word | p_dash, | ||
| word | ws[24] ) |
Definition at line 696 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc().
◆ bigint_monty_redc_32()
| void Botan::bigint_monty_redc_32 | ( | word | r[32], |
| const word | z[64], | ||
| const word | p[32], | ||
| word | p_dash, | ||
| word | ws[32] ) |
Definition at line 1350 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc().
◆ bigint_monty_redc_4()
| void Botan::bigint_monty_redc_4 | ( | word | r[4], |
| const word | z[8], | ||
| const word | p[4], | ||
| word | p_dash, | ||
| word | ws[4] ) |
Definition at line 12 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc(), and monty_redc().
◆ bigint_monty_redc_6()
| void Botan::bigint_monty_redc_6 | ( | word | r[6], |
| const word | z[12], | ||
| const word | p[6], | ||
| word | p_dash, | ||
| word | ws[6] ) |
Definition at line 46 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc(), and monty_redc().
◆ bigint_monty_redc_8()
| void Botan::bigint_monty_redc_8 | ( | word | r[8], |
| const word | z[16], | ||
| const word | p[8], | ||
| word | p_dash, | ||
| word | ws[8] ) |
Definition at line 106 of file mp_monty_n.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by bigint_monty_redc(), and monty_redc().
◆ bigint_monty_redc_generic()
| void Botan::bigint_monty_redc_generic | ( | word | r[], |
| const word | z[], | ||
| size_t | z_size, | ||
| const word | p[], | ||
| size_t | p_size, | ||
| word | p_dash, | ||
| word | ws[] ) |
Definition at line 90 of file mp_monty.cpp.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), BOTAN_ARG_CHECK, Botan::word3< W >::extract(), and Botan::word3< W >::monty_step().
Referenced by bigint_monty_redc().
◆ bigint_monty_redc_inplace()
|
inline |
Definition at line 931 of file mp_core.h.
References bigint_monty_redc(), and zeroize_buffer().
Referenced by Botan::Montgomery_Int::mul(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Int::mul_by(), Botan::Montgomery_Params::mul_by(), Botan::Montgomery_Params::redc(), Botan::Montgomery_Params::sqr(), Botan::Montgomery_Int::square_this_n_times(), and Botan::Montgomery_Int::value().
◆ bigint_mul()
| void Botan::bigint_mul | ( | word | z[], |
| size_t | z_size, | ||
| const word | x[], | ||
| size_t | x_size, | ||
| size_t | x_sw, | ||
| const word | y[], | ||
| size_t | y_size, | ||
| size_t | y_sw, | ||
| word | workspace[], | ||
| size_t | ws_size ) |
Definition at line 283 of file mp_karat.cpp.
References basecase_mul(), bigint_comba_mul16(), bigint_comba_mul24(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_linmul3(), and zeroize_buffer().
Referenced by Botan::BigInt::mul(), Botan::Montgomery_Int::mul(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Int::mul_by(), Botan::Montgomery_Params::mul_by(), Botan::Barrett_Reduction::multiply(), operator*(), and Botan::Scalar448::operator*().
◆ bigint_shl1()
|
inlineconstexpr |
Definition at line 307 of file mp_core.h.
References carry(), carry_shift(), Botan::CT::Mask< T >::expand(), unchecked_copy_memory(), and zeroize_buffer().
Referenced by ct_divide_pow2k(), and Botan::BigInt::operator<<=().
◆ bigint_shl2()
|
inlineconstexpr |
Definition at line 350 of file mp_core.h.
References carry(), carry_shift(), Botan::CT::Mask< T >::expand(), and unchecked_copy_memory().
Referenced by Botan::BigInt::ct_shift_left(), and operator<<().
◆ bigint_shr1()
|
inlineconstexpr |
Definition at line 326 of file mp_core.h.
References carry(), carry_shift(), Botan::CT::Mask< T >::expand(), unchecked_copy_memory(), and zeroize_buffer().
Referenced by Botan::BigInt::operator>>=().
◆ bigint_shr2()
|
inlineconstexpr |
Definition at line 368 of file mp_core.h.
References carry(), carry_shift(), Botan::CT::Mask< T >::expand(), and unchecked_copy_memory().
Referenced by gcd(), and operator>>().
◆ bigint_sqr()
| void Botan::bigint_sqr | ( | word | z[], |
| size_t | z_size, | ||
| const word | x[], | ||
| size_t | x_size, | ||
| size_t | x_sw, | ||
| word | workspace[], | ||
| size_t | ws_size ) |
Definition at line 327 of file mp_karat.cpp.
References basecase_sqr(), bigint_comba_sqr16(), bigint_comba_sqr24(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_linmul3(), BOTAN_ASSERT, and zeroize_buffer().
Referenced by Botan::Montgomery_Params::sqr(), Botan::Barrett_Reduction::square(), Botan::BigInt::square(), and Botan::Montgomery_Int::square_this_n_times().
◆ bigint_sub2()
|
inlineconstexpr |
Two operand subtraction
Definition at line 148 of file mp_core.h.
References BOTAN_ASSERT, word8_sub2(), and word_sub().
Referenced by Botan::BigInt::add().
◆ bigint_sub2_rev()
|
inlineconstexpr |
Two operand subtraction, x = y - x; assumes y >= x
Definition at line 174 of file mp_core.h.
References BOTAN_ASSERT, and word_sub().
Referenced by Botan::BigInt::add().
◆ bigint_sub3()
|
inlineconstexpr |
Three operand subtraction
Expects that x_size >= y_size
Writes to z[0:x_size] and returns borrow
Definition at line 192 of file mp_core.h.
References BOTAN_ASSERT, word8_sub3(), and word_sub().
Referenced by Botan::BigInt::add2(), ct_divide(), ct_divide_pow2k(), ct_modulo(), Botan::BigInt::ct_reduce_below(), Botan::IntMod< MontgomeryRep< ScalarParams > >::invert_vartime(), Botan::BigInt::mod_add(), Botan::BigInt::mod_sub(), Botan::Montgomery_Int::operator-(), p_minus(), p_minus_1_over_2(), Botan::BigInt::reduce_below(), and reduce_mod().
◆ bigint_sub_abs()
|
inlineconstexpr |
Return abs(x-y), ie if x >= y, then compute z = x - y Otherwise compute z = y - x No borrow is possible since the result is always >= 0
Returns a Mask: |1| if x >= y or |0| if x < y
- Parameters
-
z output array of at least N words x input array of N words y input array of N words N length of x and y ws array of at least 2*N words
Definition at line 279 of file mp_core.h.
References Botan::CT::conditional_copy_mem(), word8_sub3(), and word_sub().
Referenced by gcd().
◆ bit_permute_step()
|
constexpr |
Definition at line 192 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
◆ bit_size_to_32bit_size()
|
inline |
Definition at line 46 of file code_based_util.h.
Referenced by generate_mceliece_key(), mceliece_decrypt(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().
◆ bit_size_to_byte_size()
|
inline |
Definition at line 42 of file code_based_util.h.
Referenced by mceliece_decrypt().
◆ bitlen()
|
constexpr |
Definition at line 101 of file pqcrystals_helpers.h.
References ceil_log2().
Referenced by Botan::DilithiumConstants::DilithiumConstants(), Botan::KyberConstants::KyberConstants(), and Botan::bitvector_base< secure_allocator >::subvector().
◆ booth_recode()
|
constexpr |
Definition at line 294 of file pcurves_mul.h.
References Botan::CT::Mask< T >::expand().
Referenced by basemul_booth_exec(), and Botan::WindowedBoothMulTable< C, W >::mul().
◆ buffer_insert() [1/2]
| size_t Botan::buffer_insert | ( | std::vector< T, Alloc > & | buf, |
| size_t | buf_offset, | ||
| const std::vector< T, Alloc2 > & | input ) |
Definition at line 325 of file mem_ops.h.
References BOTAN_ASSERT_NOMSG, buffer_insert(), and copy_mem().
◆ buffer_insert() [2/2]
| size_t Botan::buffer_insert | ( | std::vector< T, Alloc > & | buf, |
| size_t | buf_offset, | ||
| const T | input[], | ||
| size_t | input_length ) |
Definition at line 314 of file mem_ops.h.
References BOTAN_ASSERT_NOMSG, buffer_insert(), and copy_mem().
Referenced by buffer_insert(), and buffer_insert().
◆ bytes_to_string()
|
inline |
Definition at line 76 of file mem_utils.h.
Referenced by Botan::CryptoBox::decrypt(), Botan::PSK_Database::get_str(), Botan::TLS::TLS_Data_Reader::get_string(), Botan::TLS::PskIdentity::identity_as_string(), Botan::Encrypted_PSK_Database::list_names(), and Botan::ASN1::to_string().
◆ bytes_to_words()
|
inlineconstexpr |
Definition at line 287 of file pcurves_util.h.
References load_be(), and shift_left().
Referenced by Botan::Scalar448::bytes_are_reduced(), Botan::IntMod< MontgomeryRep< ScalarParams > >::deserialize(), Botan::IntMod< MontgomeryRep< ScalarParams > >::from_wide_bytes(), Botan::IntMod< MontgomeryRep< ScalarParams > >::from_wide_bytes_varlen(), and Botan::Scalar448::Scalar448().
◆ carry()
requires (S > 0 && S < 64)
|
inline |
Definition at line 27 of file ed25519_internal.h.
Referenced by Botan::BigInt::add(), Botan::word3< W >::add(), Botan::BigInt::add2(), basecase_mul(), basecase_sqr(), bigint_add2(), bigint_add3(), bigint_cnd_abs(), bigint_cnd_add(), bigint_cnd_sub(), bigint_linmul2(), bigint_linmul3(), bigint_shl1(), bigint_shl2(), bigint_shr1(), bigint_shr2(), Botan::Streebog::compress_64(), Botan::BigInt::ct_cond_add(), Botan::Ed25519_FieldElement::deserialize(), Botan::IntMod< MontgomeryRep< ScalarParams > >::div2(), ed25519_basepoint_mul(), Botan::IntMod< MontgomeryRep< ScalarParams > >::invert_vartime(), Botan::Ed25519_FieldElement::mul(), Botan::word3< W >::mul(), Botan::IntMod< MontgomeryRep< ScalarParams > >::mul2(), Botan::word3< W >::mul_x2(), Botan::IntMod< MontgomeryRep< ScalarParams > >::negate(), Botan::BigInt::operator*=(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator+, Botan::Montgomery_Int::operator+(), Botan::donna128::operator+=(), Botan::donna128::operator+=(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator-, Botan::donna128::operator<<, Botan::donna128::operator>>, poly_mul(), redc_crandall(), reduce_mod(), sc_muladd(), sc_reduce(), Botan::EC_Group_Data::scalar_from_bytes_with_trunc(), shift_left(), shift_right(), Botan::Sodium::sodium_add(), Botan::Sodium::sodium_increment(), solinas_correct_redc(), Botan::Ed25519_FieldElement::sqr2(), Botan::Ed25519_FieldElement::sqr_iter(), Botan::divide_precomp< W >::vartime_mod_2to1(), word8_add2(), word8_add3(), word8_linmul3(), word8_madd3(), word8_sub2(), word8_sub3(), word_add(), word_madd2(), word_madd3(), word_sub(), and xts_compute_tweak_block().
◆ carry0() [1/2]
requires (S > 0 && S < 32)
|
inline |
Definition at line 48 of file ed25519_internal.h.
◆ carry0() [2/2]
requires (S > 0 && S < 64)
|
inline |
Definition at line 38 of file ed25519_internal.h.
Referenced by sc_muladd(), sc_reduce(), and Botan::Ed25519_FieldElement::serialize_to().
◆ carry_shift()
|
inlineconstexpr |
Definition at line 129 of file donna128.h.
Referenced by bigint_shl1(), bigint_shl2(), bigint_shr1(), and bigint_shr2().
◆ cast_char_ptr_to_uint8() [1/2]
|
inline |
◆ cast_char_ptr_to_uint8() [2/2]
|
inline |
◆ cast_uint8_ptr_to_char() [1/2]
|
inline |
Definition at line 281 of file mem_ops.h.
Referenced by Botan::BigInt::decode(), Botan::Base64_Decoder::end_msg(), Botan::Hex_Decoder::end_msg(), Botan::HTTP::http_sync(), Botan::TPM2::Context::manufacturer(), Botan::HTTP::operator<<(), operator<<(), operator>>(), Botan::DataSource_Stream::peek(), Botan::DataSource_Stream::read(), Botan::Pipe::read_all_as_string(), Botan::TPM2::Context::vendor(), Botan::Base64_Decoder::write(), Botan::DataSink_Stream::write(), and Botan::Hex_Decoder::write().
◆ cast_uint8_ptr_to_char() [2/2]
|
inline |
◆ ceil_division()
|
constexpr |
Ceil of an unsigned integer division. b must not be zero.
- Parameters
-
a divident b divisor
- Returns
- ceil(a/b)
Definition at line 167 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
Referenced by Botan::Classic_McEliece_Parameters::encode_out_size().
◆ ceil_log2()
requires (sizeof(T) < 32)
|
constexpr |
Definition at line 140 of file bit_ops.h.
Referenced by bitlen(), Botan::BigInt::ct_shift_left(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), and mceliece_work_factor().
◆ ceil_tobytes()
|
constexpr |
Return the number of bytes necessary to contain bits bits.
Definition at line 175 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
Referenced by Botan::Classic_McEliece_Encryptor::raw_kem_encrypt(), Botan::bitvector_base< secure_allocator >::to_bytes(), Botan::bitvector_base< secure_allocator >::to_bytes(), and Botan::FrodoMatrix::unpack().
◆ chain_lengths()
| BOTAN_TEST_API std::vector< WotsHashIndex > Botan::chain_lengths | ( | const SphincsTreeNode & | msg, |
| const Sphincs_Parameters & | params ) |
Given a msg construct the lengths (amount of hashes for signature) for each WOTS+ chain, including the checksum.
Corresponds to FIPS 205, Algorithm 7 or 8, Step 1-7
Definition at line 92 of file sp_wots.cpp.
References Botan::detail::Strong_Base< T >::get(), Botan::Sphincs_Parameters::wots_len_1(), and Botan::Sphincs_Parameters::wots_len_2().
Referenced by wots_public_key_from_signature(), and xmss_sign_and_pkgen().
◆ check_and_canonicalize_dns_name()
| BOTAN_TEST_API std::string Botan::check_and_canonicalize_dns_name | ( | std::string_view | name | ) |
If name is a valid DNS name, return it canonicalized
Otherwise throws Decoding_Error
Definition at line 369 of file parsing.cpp.
Referenced by Botan::AlternativeName::decode_from().
◆ check_bcrypt()
| bool Botan::check_bcrypt | ( | std::string_view | password, |
| std::string_view | hash ) |
Check a previously created password hash
Takes a password and a bcrypt hash and returns true if the password is the same as the one that was used to generate the bcrypt hash.
- Parameters
-
password the password to check against hash the stored hash to check against
Definition at line 161 of file bcrypt.cpp.
References as_span_of_bytes(), Botan::CT::is_equal(), and to_uint16().
Referenced by botan_bcrypt_is_valid().
◆ check_passhash9()
| bool Botan::check_passhash9 | ( | std::string_view | password, |
| std::string_view | hash ) |
Check a previously created password hash
- Parameters
-
password the password to check against hash the stored hash to check against
Definition at line 76 of file passhash9.cpp.
References base64_decode(), Botan::OctetString::bits_of(), Botan::PBKDF::derive_key(), Botan::CT::is_equal(), and load_be().
◆ checked_add() [1/2]
|
inlineconstexpr |
Definition at line 19 of file int_utils.h.
Referenced by checked_add(), Botan::AlternativeName::count(), and Botan::OID::encode_into().
◆ checked_add() [2/2]
requires all_same_v<T, Ts...>
|
inlineconstexpr |
Definition at line 37 of file int_utils.h.
References checked_add().
◆ checked_cast_to()
requires std::integral<strong_type_wrapped_type<RT>> && std::integral<strong_type_wrapped_type<AT>>
|
constexpr |
Definition at line 74 of file int_utils.h.
References checked_cast_to_or_throw().
Referenced by Botan::Cert_Extension::ASBlocks::ASIdOrRange::decode_from(), Botan::HSS_LMS_Params::L(), Botan::XMSS_PrivateKey::remaining_signatures(), Botan::ML_DSA_MessageHash::start(), and Botan::HSS_LMS_PublicKeyInternal::verify_signature().
◆ checked_cast_to_or_throw()
requires std::integral<strong_type_wrapped_type<RT>> && std::integral<strong_type_wrapped_type<AT>>
|
constexpr |
Definition at line 61 of file int_utils.h.
References unwrap_strong_type(), and wrap_strong_type().
Referenced by checked_cast_to(), and Botan::HSS_LMS_Params::HSS_LMS_Params().
◆ checked_mul()
|
inlineconstexpr |
Definition at line 46 of file int_utils.h.
Referenced by Botan::mlock_allocator::allocate(), allocate_memory(), and Botan::mlock_allocator::deallocate().
◆ checked_sub()
|
constexpr |
Definition at line 28 of file int_utils.h.
◆ choose()
|
constexpr |
Bitwise selection
If mask is |1| returns a If mask is |0| returns b If mask is some other value returns a or b depending on the bit
Definition at line 216 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::conditional_assign(), Botan::IntMod< MontgomeryRep< ScalarParams > >::conditional_assign(), Botan::IntMod< MontgomeryRep< ScalarParams > >::conditional_assign(), Botan::IntMod< MontgomeryRep< ScalarParams > >::conditional_swap(), Botan::SHA1_F::F1(), majority(), R2(), Botan::CT::Mask< T >::select(), Botan::CT::Mask< T >::select_n(), SHA2_32_F(), SHA2_32_F(), SHA2_64_F(), and SHA2_64_F().
◆ clear_bytes()
|
inlineconstexpr |
Zero out some bytes. Warning: use secure_scrub_memory instead if the memory is about to be freed or otherwise the compiler thinks it can elide the writes.
- Parameters
-
ptr a pointer to memory to zero bytes the number of bytes to zero in ptr
Definition at line 101 of file mem_ops.h.
Referenced by clear_mem(), clear_mem(), Botan::TPM2::init_with_size(), and Botan::Memory_Pool::Memory_Pool().
◆ clear_mem() [1/2]
requires std::is_trivially_copyable_v<std::ranges::range_value_t<R>>
|
inlineconstexpr |
Zero memory before use. This simply calls memset and should not be used in cases where the compiler cannot see the call as a side-effecting operation.
- Parameters
-
mem a contiguous range of Ts to zero
Definition at line 130 of file mem_ops.h.
References clear_bytes(), and Botan::ranges::size_bytes().
◆ clear_mem() [2/2]
|
inlineconstexpr |
Zero memory before use. This simply calls memset and should not be used in cases where the compiler cannot see the call as a side-effecting operation (for example, if calling clear_mem before deallocating memory, the compiler would be allowed to omit the call to memset entirely under the as-if rule.)
- Parameters
-
ptr a pointer to an array of Ts to zero n the number of Ts pointed to by ptr
Definition at line 118 of file mem_ops.h.
References clear_bytes().
Referenced by base_decode(), Botan_FFI::botan_view_bin_bounce_fn(), Botan::CT::copy_output(), create_aes_row_generator(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305_open(), Botan::BigInt::ct_reduce_below(), Botan::BigInt::ct_shift_left(), Botan::Bcrypt_PBKDF::derive_key(), Botan::ZFEC::encode_shares(), Botan::BigInt::encode_words(), Botan::StreamCipher::generate_keystream(), Botan::Gf448Elem::Gf448Elem(), hex_decode(), Botan::BLAKE2b::key_schedule(), Botan::EC_Point_Var_Point_Precompute::mul(), pbkdf2(), Botan::CRYSTALS::Trait_Base< ConstantsT, DerivedT >::polyvec_pointwise_acc_montgomery(), Botan::BigInt::reduce_below(), Botan::polyn_gf2m::set_to_zero(), Botan::polyn_gf2m::sqmod_init(), Botan::bitvector_base< secure_allocator >::to_bytes(), Botan::Zlib_Style_Stream< Stream, ByteType, StreamLenType >::Zlib_Style_Stream(), and Botan::Zlib_Style_Stream< Stream, ByteType, StreamLenType >::~Zlib_Style_Stream().
◆ clmul()
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 Botan::clmul | ( | const SIMD_4x32 & | H, |
| const SIMD_4x32 & | x ) |
Definition at line 31 of file polyval_fn.h.
References Botan::SIMD_4x32::andc(), BOTAN_FORCE_INLINE, Botan::SIMD_4x32::bswap(), Botan::SIMD_4x32::raw(), reverse_vector(), and Botan::SIMD_4x32::shift_elems_left().
Referenced by polyval_multiply(), and polyval_reduce().
◆ comba_mul()
|
inlineconstexpr |
Definition at line 801 of file mp_core.h.
References bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul7(), bigint_comba_mul8(), bigint_comba_mul9(), Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by Botan::BlindedScalarBits< C, WindowBits+1 >::BlindedScalarBits(), mul_mod(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator*, Botan::IntMod< MontgomeryRep< ScalarParams > >::operator*=(), Botan::MontgomeryRep< Params >::to_rep(), and Botan::MontgomeryRep< Params >::wide_to_rep().
◆ comba_sqr()
|
inlineconstexpr |
Definition at line 837 of file mp_core.h.
References bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr7(), bigint_comba_sqr8(), bigint_comba_sqr9(), Botan::word3< W >::extract(), and Botan::word3< W >::mul().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::square(), and Botan::IntMod< MontgomeryRep< ScalarParams > >::square_n().
◆ combine_lower()
|
inlineconstexpr |
Definition at line 133 of file donna128.h.
References Botan::donna128::lo().
◆ commoncrypto_adjust_key_size()
| void Botan::commoncrypto_adjust_key_size | ( | const uint8_t | key[], |
| size_t | length, | ||
| const CommonCryptor_Opts & | opts, | ||
| secure_vector< uint8_t > & | full_key ) |
Definition at line 134 of file commoncrypto_utils.cpp.
References Botan::CommonCryptor_Opts::algo, and copy_mem().
◆ commoncrypto_opts_from_algo()
| CommonCryptor_Opts Botan::commoncrypto_opts_from_algo | ( | std::string_view | algo | ) |
Definition at line 96 of file commoncrypto_utils.cpp.
References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::cipher_mode(), Botan::SCAN_Name::cipher_mode_pad(), commoncrypto_opts_from_algo_name(), Botan::CommonCryptor_Opts::mode, and Botan::CommonCryptor_Opts::padding.
Referenced by make_commoncrypto_cipher_mode().
◆ commoncrypto_opts_from_algo_name()
| CommonCryptor_Opts Botan::commoncrypto_opts_from_algo_name | ( | std::string_view | algo_name | ) |
Definition at line 56 of file commoncrypto_utils.cpp.
References Botan::CommonCryptor_Opts::algo, Botan::CommonCryptor_Opts::block_size, and Botan::CommonCryptor_Opts::key_spec.
Referenced by commoncrypto_opts_from_algo(), and make_commoncrypto_block_cipher().
◆ compute_root() [1/2]
| BOTAN_TEST_API void Botan::compute_root | ( | StrongSpan< SphincsTreeNode > | out, |
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes, | ||
| const SphincsTreeNode & | leaf, | ||
| TreeNodeIndex | leaf_idx, | ||
| uint32_t | idx_offset, | ||
| StrongSpan< const SphincsAuthenticationPath > | authentication_path, | ||
| uint32_t | tree_height, | ||
| Sphincs_Address & | tree_address ) |
Using a leaf node and the authentication path (neighbor nodes on the way from leaf to root), computes the the root node of the respective tree. This function is generic and used by FORS and XMSS in the SLH-DSA verification logic.
Definition at line 102 of file sp_treehash.cpp.
References BOTAN_ASSERT_NOMSG, copy_mem(), Botan::BufferSlicer::empty(), Botan::Sphincs_Parameters::n(), Botan::Sphincs_Address::set_tree_height(), Botan::Sphincs_Address::set_tree_index(), Botan::detail::Container_Strong_Adapter_Base< T >::size(), Botan::StrongSpan< T >::size(), Botan::Sphincs_Hash_Functions::T(), and Botan::BufferSlicer::take().
Referenced by fors_public_key_from_signature(), and ht_verify().
◆ compute_root() [2/2]
requires concepts::tree_address<Address, TreeLayerIndex, TreeNodeIndex>
|
inline |
Uses an authentication path and a leaf node to reconstruct the root node of a merkle tree.
- Parameters
-
out_root A output buffer for the root node of the merkle tree. authentication_path The authentication path in one buffer (concatenated nodes). leaf_idx The index of the leaf used to sig in the bottom layer beginning with 0. leaf The leaf node used to sig. node_size The size of each node in the tree. total_tree_height The height of the merkle tree to construct. idx_offset If we compute a subtree this marks the index of the leftmost leaf node in the bottom layer. node_pair_hash The function to process two child nodes to compute their parent node. tree_address The address that is passed to node_pair hash. This function will update the address accordings to the currently processed node. This object may contain further algorithm specific information, like the position of this merkle tree in a hypertree.
Definition at line 210 of file tree_hash.h.
References BOTAN_ASSERT_NOMSG, copy_mem(), Botan::BufferSlicer::empty(), Botan::detail::Strong_Base< T >::get(), Botan::StrongSpan< T >::size(), and Botan::BufferSlicer::take().
◆ compute_rsa_secret_exponent()
| BigInt BOTAN_TEST_API Botan::compute_rsa_secret_exponent | ( | const BigInt & | e, |
| const BigInt & | phi_n, | ||
| const BigInt & | p, | ||
| const BigInt & | q ) |
Compute the RSA private exponent d
This algorithm is constant time with respect to phi_n, p, and q, aside from leaking their lengths. It may leak the public exponent e.
- Parameters
-
e the public exponent phi_n is lcm(p-1, q-1) p is the first secret prime q is the second secret prime
- Returns
- d inverse of e modulo phi_n
Definition at line 332 of file mod_inv.cpp.
References BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, ct_divide_word(), ct_mod_word(), gcd(), and inverse_mod_general().
Referenced by Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().
◆ concat()
requires (all_same_v<std::ranges::range_value_t<Rs>...>)
|
constexpr |
Concatenate an arbitrary number of buffers. Performs range-checks as needed.
The output type can be auto-detected based on the input ranges, or explicitly specified by the caller. If all input ranges have a static extent, the total size is calculated at compile time and a statically sized std::array<> is used. Otherwise this tries to use the type of the first input range as output type.
Alternatively, the output container type can be specified explicitly.
Definition at line 90 of file concat_util.h.
References Botan::detail::concatenate().
Referenced by Botan::GeneralName::binary_name(), Botan::Classic_McEliece_Polynomial_Ring::compute_minimal_polynomial(), Botan::Expanded_Keypair_Codec::encode_keypair(), Botan::Seed_Expanding_Keypair_Codec::encode_keypair(), hkdf_expand_label(), Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal(), Botan::SphincsPlus_PrivateKey::private_key_bits(), Botan::FrodoKEM_PrivateKey::raw_private_key_bits(), Botan::FrodoKEM_PublicKey::raw_public_key_bits(), Botan::Hybrid_PublicKey::raw_public_key_bits(), Botan::TLS::Hybrid_KEM_PublicKey::raw_public_key_bits(), Botan::XMSS_PublicKey::raw_public_key_bits(), Botan::Classic_McEliece_PrivateKeyInternal::serialize(), Botan::Ascon_AEAD128_Mode::start_msg(), Botan::HSS_LMS_PublicKeyInternal::to_bytes(), and Botan::LMS_PublicKey::to_bytes().
◆ constant_time_compare() [1/2]
|
inline |
Memory comparison, input insensitive
- Parameters
-
x a pointer to an array y a pointer to another array len the number of Ts in x and y
- Returns
- true iff x[i] == y[i] forall i in [0...n)
Definition at line 88 of file mem_ops.h.
References constant_time_compare().
◆ constant_time_compare() [2/2]
| bool Botan::constant_time_compare | ( | std::span< const uint8_t > | x, |
| std::span< const uint8_t > | y ) |
Memory comparison, input insensitive
- Parameters
-
x a range of bytes y another range of bytes
- Returns
- true iff x and y have equal lengths and x[i] == y[i] forall i in [0...n)
Definition at line 17 of file mem_ops.cpp.
References Botan::CT::Mask< T >::expand(), Botan::CT::is_equal(), Botan::CT::Mask< T >::is_equal(), and Botan::CT::Mask< T >::is_lte().
Referenced by constant_time_compare(), Botan::PKCS1v15_Raw_SignaturePaddingScheme::verify(), and Botan::PKCS1v15_SignaturePaddingScheme::verify().
◆ copy_mem() [1/2]
requires std::is_same_v<std::ranges::range_value_t<OutR>, std::ranges::range_value_t<InR>> && std::is_trivially_copyable_v<std::ranges::range_value_t<InR>>
|
inlineconstexpr |
Copy memory
- Parameters
-
out the destination array in the source array
Definition at line 160 of file mem_ops.h.
References Botan::ranges::assert_equal_byte_lengths(), and Botan::ranges::size_bytes().
◆ copy_mem() [2/2]
requires std::is_trivial_v<std::decay_t<T>>
|
inlineconstexpr |
Copy memory
- Parameters
-
out the destination array in the source array n the number of elements of in/out
Definition at line 144 of file mem_ops.h.
References BOTAN_ASSERT_IMPLICATION.
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::Argon2::blamka(), botan_cipher_update(), botan_privkey_ed25519_get_privkey(), botan_privkey_ed448_get_privkey(), botan_privkey_x25519_get_privkey(), botan_privkey_x448_get_privkey(), botan_pubkey_ed25519_get_pubkey(), botan_pubkey_ed448_get_pubkey(), botan_pubkey_x25519_get_pubkey(), botan_pubkey_x448_get_pubkey(), Botan_FFI::botan_view_bin_bounce_fn(), buffer_insert(), buffer_insert(), Botan::Ed25519_PublicKey::check_key(), Botan::CRYSTALS::Polynomial< DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT >::clone(), Botan::CRYSTALS::PolynomialVector< DilithiumPolyTraits, Botan::CRYSTALS::Domain::NTT >::clone(), commoncrypto_adjust_key_size(), Botan::Streebog::compress_64(), compute_root(), compute_root(), Botan::TPM2::copy_into(), Botan::TPM2::copy_into(), Botan::Sodium::crypto_auth_hmacsha512256(), Botan::Sodium::crypto_box_curve25519xsalsa20poly1305_seed_keypair(), curve25519_donna(), ed25519_gen_keypair(), Botan::Ed448_PublicKey::Ed448_PublicKey(), Botan::ML_KEM_Encryptor::encapsulate(), Botan::BigInt::encode_words(), Botan::CryptoBox::encrypt(), expand_message_xmd(), Botan::RawHashFunction::final_result(), Botan::TLS::Stream_Handshake_IO::format(), Botan::CCM_Mode::format_b0(), Botan::CCM_Mode::format_c0(), Botan::MontgomeryRep< Params >::from_rep(), Botan::IntMod< MontgomeryRep< ScalarParams > >::from_wide_bytes(), Botan::IntMod< MontgomeryRep< ScalarParams > >::from_wide_bytes_varlen(), Botan::IntMod< MontgomeryRep< ScalarParams > >::from_words(), Botan::TPM_Context::gen_random(), Botan::Gf448Elem::Gf448Elem(), Botan::BLAKE2b::key_schedule(), mceliece_decrypt(), Botan::Montgomery_Int::Montgomery_Int(), Botan::Montgomery_Int::mul_by(), Botan::Montgomery_Params::mul_by(), nist_key_unwrap(), nist_key_unwrap_padded(), nist_key_wrap(), nist_key_wrap_padded(), operator^(), Botan::DataSource_Memory::peek(), Botan::PseudorandomKeyGeneration::PseudorandomKeyGeneration(), Botan::DataSource_Memory::read(), reduce_mod(), Botan::Blowfish::salted_set_key(), Botan::Scalar448::Scalar448(), Botan::CTR_BE::seek(), Botan::IntMod< MontgomeryRep< ScalarParams > >::serialize_to(), Botan::EC_AffinePoint_Data_PC::serialize_uncompressed_to(), Botan::EC_AffinePoint_Data_BN::serialize_x_to(), Botan::EC_AffinePoint_Data_PC::serialize_x_to(), Botan::EC_AffinePoint_Data_BN::serialize_xy_to(), Botan::EC_AffinePoint_Data_PC::serialize_xy_to(), Botan::EC_AffinePoint_Data_BN::serialize_y_to(), Botan::EC_AffinePoint_Data_PC::serialize_y_to(), Botan::TLS::Session_Keys::Session_Keys(), Botan::CFB_Mode::shift_register(), Botan::HSS_LMS_PrivateKeyInternal::sign(), Botan::RTSS_Share::split(), Botan::polyn_gf2m::sqmod_init(), Botan::Montgomery_Int::square_this_n_times(), Botan::GHASH::start(), Botan::bitvector_base< secure_allocator >::subvector(), treehash(), treehash(), Botan::XTS_Mode::update_tweak(), Botan::Base64_Decoder::write(), Botan::Base64_Encoder::write(), Botan::Buffered_Filter::write(), Botan::Hex_Decoder::write(), Botan::Hex_Encoder::write(), and Botan::X448_PublicKey::X448_PublicKey().
◆ copy_out_be()
|
inline |
Partially copy a subset of in into out using big-endian byte order.
Definition at line 773 of file loadstor.h.
References Botan::detail::copy_out_any_word_aligned_portion(), and get_byte_var().
◆ copy_out_le()
|
inline |
Partially copy a subset of in into out using little-endian byte order.
Definition at line 789 of file loadstor.h.
References Botan::detail::copy_out_any_word_aligned_portion(), and get_byte_var().
Referenced by Botan::BLAKE2b::final_result(), and xts_compute_tweak_block().
◆ count_bits()
|
inlineconsteval |
Definition at line 269 of file pcurves_util.h.
◆ create_aes_row_generator()
|
inline |
Definition at line 23 of file frodo_aes_generator.h.
References Botan::BufferStuffer::append(), Botan::Block_Cipher_Fixed_Params< 16, 16 >::BLOCK_SIZE, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, clear_mem(), Botan::BufferStuffer::full(), Botan::FrodoKEMMode::is_aes(), Botan::FrodoKEMConstants::mode(), Botan::FrodoKEMConstants::n(), Botan::BufferStuffer::next(), Botan::BufferStuffer::remaining_capacity(), Botan::SymmetricAlgorithm::set_key(), and store_le().
◆ create_ec_private_key()
| std::unique_ptr< Private_Key > Botan::create_ec_private_key | ( | std::string_view | algo_name, |
| const EC_Group & | group, | ||
| RandomNumberGenerator & | rng ) |
Create a new ECC key
Definition at line 448 of file pk_algs.cpp.
References BOTAN_UNUSED.
Referenced by botan_ec_privkey_create(), and create_private_key().
◆ create_hex_fingerprint() [1/2]
| std::string Botan::create_hex_fingerprint | ( | const uint8_t | bits[], |
| size_t | bits_len, | ||
| std::string_view | hash_name ) |
Definition at line 38 of file pk_keys.cpp.
References Botan::HashFunction::create_or_throw(), and hex_encode().
Referenced by create_hex_fingerprint(), Botan::X509_Certificate::fingerprint(), Botan::Private_Key::fingerprint_private(), and Botan::Public_Key::fingerprint_public().
◆ create_hex_fingerprint() [2/2]
|
inline |
Definition at line 428 of file pk_keys.h.
References create_hex_fingerprint().
◆ create_pk_from_sk()
| BOTAN_TEST_API std::array< uint8_t, ED448_LEN > Botan::create_pk_from_sk | ( | std::span< const uint8_t, ED448_LEN > | sk | ) |
Create a public key point from a secret key (RFC 8032 5.2.5).
Definition at line 369 of file ed448_internal.cpp.
References Botan::Ed448Point::base_point_mul(), Botan::XOF::create_or_throw(), and Botan::Ed448Point::encode().
Referenced by Botan::Ed448_PrivateKey::Ed448_PrivateKey(), and Botan::Ed448_PrivateKey::Ed448_PrivateKey().
◆ create_private_key()
| std::unique_ptr< Private_Key > Botan::create_private_key | ( | std::string_view | algo_name, |
| RandomNumberGenerator & | rng, | ||
| std::string_view | algo_params = "", | ||
| std::string_view | provider = "" ) |
Create a new key For ECC keys, algo_params specifies EC group (eg, "secp256r1") For DH/DSA/ElGamal keys, algo_params is DL group (eg, "modp/ietf/2048") For RSA, algo_params is integer keylength For McEliece, algo_params is n,t If algo_params is left empty, suitable default parameters are chosen.
Definition at line 493 of file pk_algs.cpp.
References BOTAN_UNUSED, Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f, Botan::Sphincs_Parameters::create(), create_ec_private_key(), Botan::DilithiumMode::Dilithium6x5, fmt(), Botan::FrodoKEMMode::FrodoKEM976_SHAKE, Botan::DL_Group::from_name(), Botan::EC_Group::from_name(), Botan::Classic_McEliece_Parameter_Set::from_string(), Botan::KyberMode::Kyber1024_R3, Botan::DilithiumMode::ML_DSA_6x5, Botan::KyberMode::ML_KEM_768, Botan::XMSS_Parameters::oid(), split_on(), Botan::EC_Group::supports_named_group(), to_u32bit(), and Botan::XMSS_Parameters::XMSS_SHA2_10_512.
Referenced by botan_privkey_create(), and Botan::TLS::Hybrid_KEM_PrivateKey::generate_from_group().
◆ create_shake_row_generator()
|
inline |
Definition at line 23 of file frodo_shake_generator.h.
References BOTAN_ASSERT_NOMSG, Botan::FrodoKEMMode::is_shake(), Botan::FrodoKEMConstants::mode(), and store_le().
◆ cstr_as_span_of_bytes()
|
inline |
Definition at line 72 of file mem_utils.h.
References as_span_of_bytes().
◆ ct_compare_u8()
| uint8_t Botan::ct_compare_u8 | ( | const uint8_t | x[], |
| const uint8_t | y[], | ||
| size_t | len ) |
Memory comparison, input insensitive
- Parameters
-
x a pointer to an array y a pointer to another array len the number of Ts in x and y
- Returns
- 0xFF iff x[i] == y[i] forall i in [0...n) or 0x00 otherwise
Definition at line 13 of file mem_ops.cpp.
References Botan::CT::is_equal().
◆ ct_divide() [1/2]
BigInt division, const time variant
This runs with control flow independent of the values of x/y. Warning: the loop bounds still leak the sizes of x and y.
- Parameters
-
x an integer y a non-zero integer
- Returns
- x/y with remainder discarded
Definition at line 77 of file divide.h.
References ct_divide().
◆ ct_divide() [2/2]
| BOTAN_TEST_API void Botan::ct_divide | ( | const BigInt & | x, |
| const BigInt & | y, | ||
| BigInt & | q, | ||
| BigInt & | r ) |
BigInt division, const time variant
This runs with control flow independent of the values of x/y. Warning: the loop bounds still leak the sizes of x and y.
- Parameters
-
x an integer y a non-zero integer q will be set to x / y r will be set to x % y
Definition at line 51 of file divide.cpp.
References Botan::BigInt::_data(), bigint_sub3(), Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::BigInt::ct_cond_swap(), Botan::BigInt::get_bit(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), Botan::BigInt::size(), and Botan::BigInt::with_capacity().
Referenced by ct_divide(), Botan::FPE_FE1::decrypt(), Botan::FPE_FE1::encrypt(), and lcm().
◆ ct_divide_pow2k()
| BOTAN_TEST_API BigInt Botan::ct_divide_pow2k | ( | size_t | k, |
| const BigInt & | y ) |
BigInt division, const time variant, 2^k variant
This runs with control flow independent of the value of y. This function leaks the value of k and the length of y. If k < bits(y) this returns zero
- Parameters
-
k an integer y a positive integer
- Returns
- q equal to 2**k / y
Definition at line 83 of file divide.cpp.
References Botan::BigInt::_data(), bigint_cnd_swap(), bigint_shl1(), bigint_sub3(), Botan::BigInt::bits(), BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::BigInt::conditionally_set_bit(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::set_bit(), Botan::BigInt::sig_words(), Botan::BigInt::size(), Botan::BigInt::with_capacity(), and Botan::BigInt::zero().
Referenced by Botan::Barrett_Reduction::for_secret_modulus().
◆ ct_divide_word() [1/2]
Constant time division
This runs with control flow independent of the values of x/y. Warning: the loop bounds still leaks the size of x.
- Parameters
-
x an integer y a non-zero word
- Returns
- quotient floor(x / y)
Definition at line 160 of file divide.cpp.
References BOTAN_UNUSED, and ct_divide_word().
◆ ct_divide_word() [2/2]
| BOTAN_TEST_API void Botan::ct_divide_word | ( | const BigInt & | x, |
| word | y, | ||
| BigInt & | q, | ||
| word & | r ) |
Constant time division
This runs with control flow independent of the values of x/y. Warning: the loop bounds still leaks the size of x.
- Parameters
-
x an integer y a non-zero integer q will be set to x / y r will be set to x % y
Definition at line 123 of file divide.cpp.
References Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::CT::Mask< T >::expand_top_bit(), Botan::BigInt::flip_sign(), Botan::BigInt::get_bit(), Botan::CT::Mask< T >::is_gte(), Botan::BigInt::is_negative(), Botan::BigInt::sig_words(), and Botan::BigInt::with_capacity().
Referenced by compute_rsa_secret_exponent(), ct_divide_word(), operator/(), and Botan::BigInt::to_dec_string().
◆ ct_expand_top_bit()
|
constexpr |
If top bit of arg is set, return |1| (all bits set). Otherwise return |0| (all bits unset)
Definition at line 28 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and Botan::CT::value_barrier().
Referenced by ct_is_zero(), and Botan::CT::Mask< T >::expand_top_bit().
◆ ct_if_is_zero_ret()
|
constexpr |
If arg is zero, return the size_t s. Otherwise return the size_t zero.
Definition at line 45 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and Botan::CT::value_barrier().
Referenced by ctz(), high_bit(), and significant_bytes().
◆ ct_is_zero()
|
constexpr |
If arg is zero, return |1|. Otherwise return |0|
Definition at line 37 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ct_expand_top_bit().
Referenced by Botan::CT::Choice::from_int(), Botan::CT::Choice::into_bitmask(), Botan::CT::Mask< T >::is_zero(), and prefetch_array_raw().
◆ ct_mod_word()
| BOTAN_TEST_API word Botan::ct_mod_word | ( | const BigInt & | x, |
| word | y ) |
BigInt word modulo, const time variant
This runs with control flow independent of the values of x/y. Warning: the loop bounds still leaks the size of x.
- Parameters
-
x a positive integer y a non-zero word
- Returns
- r the remainder of x divided by y
Definition at line 168 of file divide.cpp.
References Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::CT::Mask< T >::expand_top_bit(), Botan::BigInt::get_bit(), Botan::CT::Mask< T >::is_gte(), and Botan::BigInt::is_positive().
Referenced by compute_rsa_secret_exponent().
◆ ct_modulo()
| BOTAN_TEST_API BigInt Botan::ct_modulo | ( | const BigInt & | x, |
| const BigInt & | modulo ) |
BigInt modulo, const time variant
Using this function is (slightly) cheaper than calling ct_divide and using only the remainder.
- Parameters
-
x a non-negative integer modulo a positive integer
- Returns
- result x % modulo
Definition at line 192 of file divide.cpp.
References Botan::BigInt::_data(), bigint_sub3(), Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::BigInt::ct_cond_swap(), Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), Botan::BigInt::size(), and Botan::BigInt::with_capacity().
Referenced by Botan::RSA_PrivateKey::check_key(), Botan::FPE_FE1::decrypt(), Botan::FPE_FE1::encrypt(), inverse_mod(), inverse_mod_general(), power_mod(), Botan::Modular_Reducer::reduce(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().
◆ ct_popcount()
|
constexpr |
Calculates the number of 1-bits in an unsigned integer in constant-time. This operation is also known as "population count" or hamming weight.
Modern compilers will recognize this pattern and replace it by a hardware instruction, if available. This is the SWAR (SIMD within a register) algorithm. See: https://nimrod.blog/posts/algorithms-behind-popcount/#swar-algorithm
Note: C++20 provides std::popcount(), but there's no guarantee that this is implemented in constant-time.
- Parameters
-
x an unsigned integer
- Returns
- the number of 1-bits in the provided value
Definition at line 273 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ct_popcount().
Referenced by ct_popcount(), and Botan::bitvector_base< secure_allocator >::hamming_weight().
◆ ct_reverse_bits()
|
inlineconstexpr |
- Returns
- the reversed bits in
b.
Definition at line 239 of file bit_ops.h.
References reverse_bytes().
◆ ctz()
|
constexpr |
Count the trailing zero bits in n
- Parameters
-
n an integer value
- Returns
- maximum x st 2^x divides n
Definition at line 115 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ct_if_is_zero_ret().
Referenced by low_zero_bits(), and var_ctz32().
◆ curve25519_basepoint()
| void Botan::curve25519_basepoint | ( | uint8_t | mypublic[32], |
| const uint8_t | secret[32] ) |
Exponentiate by the x25519 base point
- Parameters
-
mypublic output value secret random scalar
Definition at line 19 of file x25519.cpp.
References curve25519_donna().
Referenced by Botan::X25519_PrivateKey::check_key(), Botan::Sodium::crypto_scalarmult_curve25519_base(), Botan::X25519_PrivateKey::X25519_PrivateKey(), Botan::X25519_PrivateKey::X25519_PrivateKey(), and Botan::X25519_PrivateKey::X25519_PrivateKey().
◆ curve25519_donna()
| void Botan::curve25519_donna | ( | uint8_t | mypublic[32], |
| const uint8_t | secret[32], | ||
| const uint8_t | basepoint[32] ) |
Definition at line 453 of file donna.cpp.
References copy_mem(), Botan::CT::poison(), and Botan::CT::unpoison().
Referenced by Botan::Sodium::crypto_scalarmult_curve25519(), and curve25519_basepoint().
◆ dbl_a_minus_3()
|
inlineconstexpr |
Definition at line 362 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl().
◆ dbl_a_zero()
|
inlineconstexpr |
Definition at line 381 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl().
◆ dbl_generic()
|
inlineconstexpr |
Definition at line 397 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl().
◆ dbl_n_a_minus_3()
|
inlineconstexpr |
Definition at line 432 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl_n().
◆ dbl_n_a_zero()
|
inlineconstexpr |
Definition at line 457 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl_n().
◆ dbl_n_generic()
|
inlineconstexpr |
Definition at line 477 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::dbl_n().
◆ deallocate_memory()
| void Botan::deallocate_memory | ( | void * | p, |
| size_t | elems, | ||
| size_t | elem_size ) |
Free a pointer returned by allocate_memory
- Parameters
-
p the pointer returned by allocate_memory elems the number of elements, as passed to allocate_memory elem_size the size of each element, as passed to allocate_memory
Definition at line 50 of file allocator.cpp.
References Botan::mlock_allocator::instance(), and secure_scrub_memory().
Referenced by Botan::secure_allocator< T >::deallocate().
◆ decode_gf2m()
| gf2m Botan::decode_gf2m | ( | const uint8_t * | mem | ) |
Definition at line 102 of file gf2m_small_m.cpp.
Referenced by Botan::polyn_gf2m::polyn_gf2m().
◆ decode_point()
| Point448 Botan::decode_point | ( | std::span< const uint8_t > | p_bytes | ) |
Decode a point from a byte array. RFC 7748 Section 5 (decodeUCoordinate).
Definition at line 25 of file x448_internal.cpp.
References BOTAN_ARG_CHECK, typecast_copy(), and X448_LEN.
◆ decode_scalar()
| ScalarX448 Botan::decode_scalar | ( | std::span< const uint8_t > | scalar_bytes | ) |
Decode a scalar from a byte array. RFC 7748 Section 5 (decodeScalar448).
Definition at line 30 of file x448_internal.cpp.
References BOTAN_ARG_CHECK, typecast_copy(), and X448_LEN.
◆ div_magic()
requires (div == 10)
|
consteval |
Definition at line 530 of file mp_core.h.
Referenced by divide_10().
◆ divide_10()
|
inlineconstexpr |
Definition at line 545 of file mp_core.h.
References div_magic().
Referenced by Botan::BigInt::to_dec_string().
◆ dl_exponent_size()
| size_t BOTAN_TEST_API Botan::dl_exponent_size | ( | size_t | prime_group_size | ) |
Return the appropriate exponent size to use for a particular prime group. This is twice the size of the estimated cost of breaking the key using an index calculus attack; the assumption is that if an arbitrary discrete log on a group of size bits would take about 2^n effort, and thus using an exponent of size 2^(2*n) implies that all available attacks are about as easy (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) operations) while minimizing the exponent size for performance reasons.
Definition at line 53 of file workfactor.cpp.
References BOTAN_ARG_CHECK.
Referenced by Botan::DL_Group::DL_Group().
◆ dl_work_factor()
| size_t BOTAN_TEST_API Botan::dl_work_factor | ( | size_t | prime_group_size | ) |
Estimate work factor for discrete logarithm
- Parameters
-
prime_group_size size of the group in bits
- Returns
- estimated security level for this group
Definition at line 48 of file workfactor.cpp.
References if_work_factor().
◆ do_throw_error()
|
inline |
◆ ecp_work_factor()
| size_t Botan::ecp_work_factor | ( | size_t | prime_group_size | ) |
Estimate work factor for EC discrete logarithm
- Parameters
-
prime_group_size size of the group in bits
- Returns
- estimated security level for this group
Definition at line 16 of file workfactor.cpp.
Referenced by Botan::EC_PublicKey::estimated_strength().
◆ ed25519_basepoint_mul()
| void Botan::ed25519_basepoint_mul | ( | std::span< uint8_t, 32 > | out, |
| const uint8_t | in[32] ) |
Definition at line 1863 of file ge.cpp.
References carry(), Botan::CT::poison(), and Botan::CT::unpoison().
Referenced by ed25519_gen_keypair(), and ed25519_sign().
◆ ed25519_gen_keypair()
| void Botan::ed25519_gen_keypair | ( | uint8_t | pk[32], |
| uint8_t | sk[64], | ||
| const uint8_t | seed[32] ) |
Definition at line 18 of file ed25519.cpp.
References copy_mem(), Botan::HashFunction::create_or_throw(), and ed25519_basepoint_mul().
Referenced by Botan::Sodium::crypto_sign_ed25519_seed_keypair(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), and Botan::Ed25519_PrivateKey::Ed25519_PrivateKey().
◆ ed25519_sign()
| void Botan::ed25519_sign | ( | uint8_t | sig[64], |
| const uint8_t | m[], | ||
| size_t | mlen, | ||
| const uint8_t | sk[64], | ||
| const uint8_t | domain_sep[], | ||
| size_t | domain_sep_len ) |
Definition at line 34 of file ed25519.cpp.
References Botan::HashFunction::create_or_throw(), ed25519_basepoint_mul(), sc_muladd(), and sc_reduce().
Referenced by Botan::Sodium::crypto_sign_ed25519_detached().
◆ ed25519_verify() [1/2]
| bool Botan::ed25519_verify | ( | const uint8_t * | m, |
| size_t | mlen, | ||
| const uint8_t | sig[64], | ||
| const uint8_t * | pk, | ||
| const uint8_t | domain_sep[], | ||
| size_t | domain_sep_len ) |
Definition at line 70 of file ed25519.cpp.
References Botan::HashFunction::create_or_throw(), load_le(), sc_reduce(), and signature_check().
Referenced by Botan::Sodium::crypto_sign_ed25519_verify_detached(), and ed25519_verify().
◆ ed25519_verify() [2/2]
| bool Botan::ed25519_verify | ( | const uint8_t | msg[], |
| size_t | msg_len, | ||
| const uint8_t | sig[64], | ||
| const uint8_t | pk[32], | ||
| const uint8_t | domain_sep[], | ||
| size_t | domain_sep_len ) |
References ed25519_verify().
◆ encode_gf2m()
| uint32_t Botan::encode_gf2m | ( | gf2m | to_enc, |
| uint8_t * | mem ) |
Definition at line 96 of file gf2m_small_m.cpp.
◆ encode_point()
| secure_vector< uint8_t > Botan::encode_point | ( | const Point448 & | p | ) |
Encode a point to a 56 byte vector. RFC 7748 Section 5 (encodeUCoordinate).
Definition at line 21 of file x448_internal.cpp.
References Botan::detail::Container_Strong_Adapter_Base< T >::begin(), and Botan::detail::Container_Strong_Adapter_Base< T >::end().
◆ esdm_rng()
| RandomNumberGenerator & Botan::esdm_rng | ( | ) |
Return a shared reference to a global PRNG instance provided by ESDM
Definition at line 100 of file esdm_rng.cpp.
◆ expand_mask_16bit()
| uint16_t Botan::expand_mask_16bit | ( | T | tst | ) |
Expand an input to a bit mask depending on it being being zero or non-zero
- Parameters
-
tst the input
- Returns
- the mask 0xFFFF if tst is non-zero and 0 otherwise
Definition at line 25 of file code_based_util.h.
Referenced by Botan::polyn_gf2m::calc_degree_secure(), Botan::polyn_gf2m::eea_with_coefficients(), and Botan::polyn_gf2m::patchup_deg_secure().
◆ expand_message_xmd()
| void BOTAN_TEST_API Botan::expand_message_xmd | ( | std::string_view | hash_fn, |
| std::span< uint8_t > | output, | ||
| std::span< const uint8_t > | input, | ||
| std::span< const uint8_t > | domain_sep ) |
XMD hash function from RFC 9380
This is only used internally to implement hash2curve so is not exposed to end users.
Definition at line 17 of file xmd.cpp.
References copy_mem(), Botan::HashFunction::create_or_throw(), and fmt().
Referenced by Botan::EC_Scalar::hash().
◆ extended_euclidean_algorithm()
|
consteval |
Run the extended Euclidean algorithm to find the greatest common divisor of a and b and the Bézout coefficients, u and v.
Definition at line 69 of file pqcrystals_helpers.h.
Referenced by modular_inverse().
◆ find_roots_gf2m_decomp()
| secure_vector< gf2m > Botan::find_roots_gf2m_decomp | ( | const polyn_gf2m & | polyn, |
| size_t | code_length ) |
Find the roots of a polynomial over GF(2^m) using the method by Federenko et al.
Definition at line 240 of file gf2m_rootfind_dcmp.cpp.
References find_roots_gf2m_decomp().
Referenced by find_roots_gf2m_decomp().
◆ floor_log2()
|
constexpr |
Definition at line 134 of file bit_ops.h.
References BOTAN_ARG_CHECK, BOTAN_FORCE_INLINE, and high_bit().
Referenced by Botan::Classic_McEliece_GF::log_q_from_mod(), and Botan::Classic_McEliece_Parameters::tau().
◆ fmt()
| std::string Botan::fmt | ( | std::string_view | format, |
| const T &... | args ) |
Simple formatter utility.
Should be replaced with std::format once that's available on all our supported compilers.
'{}' markers in the format string are replaced by the arguments. Unlike std::format, there is no support for escaping or for any kind of conversion flags.
Definition at line 53 of file fmt.h.
References Botan::fmt_detail::do_fmt().
Referenced by Botan::AlternativeName::add_attribute(), Botan::GOST_3410_PublicKey::algo_name(), Botan::KEX_to_KEM_Adapter_PublicKey::algo_name(), Botan::Algorithm_Not_Found::Algorithm_Not_Found(), Botan::AlternativeName::AlternativeName(), argon2_generate_pwhash(), assert_unreachable(), Botan::TLS::auth_method_from_string(), Botan::BER_Bad_Tag::BER_Bad_Tag(), Botan::BER_Decoding_Error::BER_Decoding_Error(), Botan::CFB_Mode::CFB_Mode(), Botan::TPM2::cipher_tss2_to_botan(), Botan::CMAC::CMAC(), Botan::CommonCrypto_Error::CommonCrypto_Error(), Botan::Compression_Error::Compression_Error(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::AES_256_CTR_XOF::copy_state(), Botan::KDF::create(), Botan::TPM2::PrivateKey::create(), Botan::TPM2::PublicKey::create(), Botan::Private_Key::create_decryption_op(), Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism(), Botan::PKCS11::MechanismWrapper::create_ecdsa_mechanism(), Botan::Public_Key::create_encryption_op(), Botan::Private_Key::create_kem_decryption_op(), Botan::Public_Key::create_kem_encryption_op(), Botan::Private_Key::create_key_agreement_op(), create_private_key(), Botan::PKCS11::MechanismWrapper::create_rsa_crypt_mechanism(), Botan::PKCS11::MechanismWrapper::create_rsa_sign_mechanism(), Botan::Private_Key::create_signature_op(), Botan::Public_Key::create_verification_op(), Botan::Public_Key::create_x509_verification_op(), Botan::PEM_Code::decode(), Botan::PEM_Code::decode_check_label(), Botan::ASN1_String::decode_from(), Botan::Cert_Extension::ASBlocks::ASIdentifierChoice::decode_from(), Botan::Cert_Extension::ASBlocks::ASIdentifiers::decode_from(), Botan::Cert_Extension::ASBlocks::ASIdOrRange::decode_from(), Botan::Cert_Extension::IPAddressBlocks::IPAddressChoice< V >::decode_from(), Botan::Cert_Extension::IPAddressBlocks::IPAddressFamily::decode_from(), Botan::Cert_Extension::IPAddressBlocks::IPAddressOrRange< V >::decode_from(), Botan::Cert_Extension::TNAuthList::Entry::decode_from(), Botan::Decoding_Error::Decoding_Error(), Botan::DL_Group::DL_Group(), Botan::DL_Group::DL_Group(), Botan::EC_Group::EC_Group(), Botan::PEM_Code::encode(), Botan::TPM2::Error::Error(), Botan::Exception::Exception(), Botan::Exception::Exception(), expand_message_xmd(), Botan::Stream_Decompression::finish(), Botan::DL_Group::from_name(), Botan::EC_Group::from_name(), Botan::EC_Group::from_OID(), Botan::PSS_Params::from_padding_name(), Botan::Classic_McEliece_Parameter_Set::from_string(), Botan::OID::from_string(), generate_dsa_primes(), Botan::EC_PublicKey::get_int_field(), Botan::TPM2::get_raw_rc(), Botan::GOST_28147_89::GOST_28147_89(), Botan::GOST_28147_89_Params::GOST_28147_89_Params(), Botan::Sphincs_Parameters::hash_name(), hex_decode(), hkdf_expand_label(), Botan::HMAC_DRBG::HMAC_DRBG(), Botan::HSS_LMS_Params::HSS_LMS_Params(), Botan::HTTP::http_sync(), Botan::Hybrid_PublicKey::Hybrid_PublicKey(), Botan::Invalid_Algorithm_Name::Invalid_Algorithm_Name(), Botan::Invalid_Argument::Invalid_Argument(), Botan::Invalid_IV_Length::Invalid_IV_Length(), Botan::Invalid_Key_Length::Invalid_Key_Length(), Botan::Pipe::Invalid_Message_Number::Invalid_Message_Number(), Botan::TLS::kex_method_from_string(), Botan::Key_Not_Set::Key_Not_Set(), Botan::Lion::Lion(), load_private_key(), load_public_key(), Botan::PEM_Code::matches(), Botan::BLAKE2b::name(), Botan::BLAKE2s::name(), Botan::Cascade_Cipher::name(), Botan::CBC_Mode::name(), Botan::CCM_Mode::name(), Botan::CFB_Mode::name(), Botan::ChaCha::name(), Botan::CMAC::name(), Botan::Comb4P::name(), Botan::CTR_BE::name(), Botan::DilithiumMessageHash::name(), Botan::FPE_FE1::name(), Botan::GCM_Mode::name(), Botan::GeneralName::name(), Botan::GMAC::name(), Botan::HKDF::name(), Botan::HKDF_Expand::name(), Botan::HKDF_Extract::name(), Botan::HMAC::name(), Botan::HMAC_DRBG::name(), Botan::ISO_9796_DS2::name(), Botan::ISO_9796_DS3::name(), Botan::KDF1::name(), Botan::KDF1_18033::name(), Botan::KDF2::name(), Botan::Keccak_1600::name(), Botan::KMAC128::name(), Botan::KMAC256::name(), Botan::Lion::name(), Botan::OFB::name(), Botan::PBKDF2_Family::name(), Botan::PKCS1v15_Raw_SignaturePaddingScheme::name(), Botan::PKCS1v15_SignaturePaddingScheme::name(), Botan::PKCS5_PBKDF2::name(), Botan::PSS_Raw::name(), Botan::PSSR::name(), Botan::RFC4880_S2K_Family::name(), Botan::SHA_3::name(), Botan::SHAKE_128::name(), Botan::SHAKE_256::name(), Botan::SignRawBytes::name(), Botan::SipHash::name(), Botan::Skein_512::name(), Botan::SP800_108_Counter::name(), Botan::SP800_108_Feedback::name(), Botan::SP800_108_Pipeline::name(), Botan::SP800_56C_One_Step_Hash::name(), Botan::SP800_56C_One_Step_HMAC::name(), Botan::SP800_56C_Two_Step::name(), Botan::Streebog::name(), Botan::TLS::TLS_NULL_HMAC_AEAD_Mode::name(), Botan::TLS_12_PRF::name(), Botan::Truncated_Hash::name(), Botan::X931_SignaturePadding::name(), Botan::Asymmetric_Key::object_identifier(), pbes2_decrypt(), Botan::PK_Decryptor_EME::PK_Decryptor_EME(), Botan::PK_Encryptor_EME::PK_Encryptor_EME(), Botan::PK_KEM_Decryptor::PK_KEM_Decryptor(), Botan::PK_KEM_Encryptor::PK_KEM_Encryptor(), Botan::PK_Key_Agreement::PK_Key_Agreement(), Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), Botan::PK_Verifier::PK_Verifier(), Botan::PKCS11::PKCS11_ReturnError::PKCS11_ReturnError(), Botan::PRNG_Unseeded::PRNG_Unseeded(), Botan::Provider_Not_Found::Provider_Not_Found(), Botan::Credentials_Manager::psk(), Botan::Dynamically_Loaded_Library::resolve_symbol(), Botan::RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(), Botan::Sqlite3_Database::row_count(), Botan::RSA_PrivateKey::RSA_PrivateKey(), runtime_version_check(), split_on(), srp6_client_agree(), srp6_generate_verifier(), Botan::XOF::start(), Botan::SRP6_Server_Session::step1(), Botan::SRP6_Server_Session::step2(), Botan::Streebog::Streebog(), Botan::System_Error::System_Error(), throw_invalid_argument(), throw_invalid_state(), Botan::TLS::Callbacks::tls12_protocol_specific_kdf(), Botan::Argon2::to_string(), Botan::ASN1_Time::to_string(), Botan::Bcrypt_PBKDF::to_string(), Botan::PBKDF2::to_string(), Botan::RFC4880_S2K::to_string(), Botan::Scrypt::to_string(), Botan::Unknown_PK_Field_Name::Unknown_PK_Field_Name(), Botan::TLS::Cipher_State::update_read_keys(), Botan::TLS::Cipher_State::update_write_keys(), Botan::UUID::UUID(), Botan::TLS::Certificate_Type_Base::validate_selection(), Botan::PK_Ops::Verification_with_Hash::Verification_with_Hash(), Botan::XMSS_Hash::XMSS_Hash(), Botan::XMSS_Parameters::xmss_id_from_string(), Botan::XMSS_WOTS_Parameters::xmss_wots_id_from_string(), and Botan::XTS_Mode::XTS_Mode().
◆ format_char_for_display()
| std::string Botan::format_char_for_display | ( | char | c | ) |
Return a string containing 'c', quoted and possibly escaped
This is used when creating an error message nothing an invalid character in some codex (for example during hex decoding)
Currently this function escapes tab, newlines and carriage return as "\t", "\n", and "\r", and also escapes characters > 0x7F as "\xHH" where HH is the hex code.
Definition at line 98 of file charset.cpp.
Referenced by hex_decode().
◆ fors_public_key_from_signature()
| BOTAN_TEST_API SphincsTreeNode Botan::fors_public_key_from_signature | ( | const SphincsHashedMessage & | hashed_message, |
| StrongSpan< const ForsSignature > | signature, | ||
| const Sphincs_Address & | address, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hash ) |
FIPS 205, Algorithm 17: fors_pkFromSig.
Reconstructs the FORS public key from a given FORS signature and message. This is tailored for the use case in the SLH-DSA implementation and is not meant for general usability.
Definition at line 130 of file sp_fors.cpp.
References Botan::Sphincs_Parameters::a(), Botan::Sphincs_Address::as_keypair_from(), BOTAN_ASSERT_NOMSG, compute_root(), Botan::BufferStuffer::full(), Botan::Sphincs_Parameters::k(), Botan::Sphincs_Parameters::n(), Botan::BufferStuffer::next(), Botan::Sphincs_Address::set_type(), Botan::Sphincs_Hash_Functions::T(), and Botan::BufferSlicer::take().
◆ fors_sign_and_pkgen()
| BOTAN_TEST_API SphincsTreeNode Botan::fors_sign_and_pkgen | ( | StrongSpan< ForsSignature > | sig_out, |
| const SphincsHashedMessage & | hashed_message, | ||
| const SphincsSecretSeed & | secret_seed, | ||
| const Sphincs_Address & | address, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation).
Implements a domain specific wrapper for the few-times signature scheme FORS (Forest of Random Subsets). It is meant to be used inside SLH-DSA and does not aim to be applicable for other use cases.
Definition at line 63 of file sp_fors.cpp.
References Botan::Sphincs_Parameters::a(), Botan::Sphincs_Address::as_keypair_from(), BOTAN_ASSERT_NOMSG, Botan::Sphincs_Parameters::fors_signature_bytes(), ForsKeyGeneration, ForsTree, Botan::BufferStuffer::full(), Botan::Sphincs_Parameters::k(), Botan::Sphincs_Parameters::n(), Botan::BufferStuffer::next(), Botan::Sphincs_Hash_Functions::PRF(), Botan::Sphincs_Address::set_type(), Botan::StrongSpan< T >::size(), Botan::Sphincs_Hash_Functions::T(), and treehash().
◆ gcd()
Compute the greatest common divisor
- Parameters
-
x a positive integer y a positive integer
- Returns
- gcd(x,y)
Definition at line 220 of file numthry.cpp.
References abs(), bigint_cmp(), bigint_shr2(), bigint_sub_abs(), BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::expand_bool(), Botan::BigInt::is_zero(), Botan::CT::poison_all(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::CT::unpoison_all(), and Botan::BigInt::with_capacity().
Referenced by botan_mp_gcd(), compute_rsa_secret_exponent(), generate_rsa_prime(), lcm(), and random_prime().
◆ generalize_to() [1/2]
requires (std::is_constructible_v<GeneralVariantT, std::decay_t<SpecialT>>)
|
constexpr |
Converts a given variant into another variant-ish whose type states are a super set of the given variant.
This is useful to convert restricted variant types into more general variants types.
Definition at line 87 of file stl_util.h.
Referenced by Botan::TLS::Channel_Impl_13::send_handshake_message(), and Botan::TLS::Channel_Impl_13::send_handshake_message().
◆ generalize_to() [2/2]
|
constexpr |
Converts a given variant into another variant-ish whose type states are a super set of the given variant.
This is useful to convert restricted variant types into more general variants types.
Definition at line 101 of file stl_util.h.
References is_generalizable_to().
◆ generate_bcrypt()
| std::string Botan::generate_bcrypt | ( | std::string_view | password, |
| RandomNumberGenerator & | rng, | ||
| uint16_t | work_factor = 12, | ||
| char | version = 'a' ) |
Create a password hash using Bcrypt
Takes the password to hash, a rng, and a work_factor. The resulting password hash is returned as a string.
Higher work factors increase the amount of time the algorithm runs, increasing the cost of cracking attempts. The increase is exponential, so a work factor of 12 takes roughly twice as long as work factor 11. The default work factor was set to 10 up until the 2.8.0 release.
It is recommended to set the work factor as high as your system can tolerate (from a performance and latency perspective) since higher work factors greatly improve the security against GPU-based attacks. For example, for protecting high value administrator passwords, consider using work factor 15 or 16; at these work factors each bcrypt computation takes several seconds. Since admin logins will be relatively uncommon, it might be acceptable for each login attempt to take some time. As of 2018, a good password cracking rig (with 8 NVIDIA 1080 cards) can attempt about 1 billion bcrypt computations per month for work factor 13. For work factor 12, it can do twice as many. For work factor 15, it can do only one quarter as many attempts.
Due to bugs affecting various implementations of bcrypt, several different variants of the algorithm are defined. As of 2.7.0 Botan supports generating (or checking) the 2a, 2b, and 2y variants. Since Botan has never been affected by any of the bugs which necessitated these version upgrades, all three versions are identical beyond the version identifier. Which variant to use is controlled by the version argument.
The bcrypt work_factor must be at least 4 (though at this work factor bcrypt is not very secure). The bcrypt format allows up to 31, but Botan currently rejects all work factors greater than 18 since even that work factor requires roughly 15 seconds of computation on a fast machine.
- Warning
- The password is truncated at at most 72 characters; characters after that do not have any effect on the resulting hash. To support longer passwords, consider pre-hashing the password, for example by using the hex encoding of SHA-256 of the password as the input to bcrypt.
- Parameters
-
password the password. rng a random number generator work_factor how much work to do to slow down guessing attacks version which version to emit (may be 'a', 'b', or 'y' all of which have identical behavior in this implementation).
TODO(Botan4) Convert work_factor to a size_t
Definition at line 146 of file bcrypt.cpp.
References Botan::RandomNumberGenerator::random_vec().
Referenced by botan_bcrypt_generate().
◆ generate_dsa_primes() [1/2]
| std::vector< uint8_t > Botan::generate_dsa_primes | ( | RandomNumberGenerator & | rng, |
| BigInt & | p_out, | ||
| BigInt & | q_out, | ||
| size_t | pbits, | ||
| size_t | qbits ) |
Generate DSA parameters using the FIPS 186 kosherizer
- Parameters
-
rng a random number generator p_out where the prime p will be stored q_out where the prime q will be stored pbits how long p will be in bits qbits how long q will be in bits
- Returns
- random seed used to generate this parameter set
Definition at line 138 of file dsa_gen.cpp.
References generate_dsa_primes(), and Botan::RandomNumberGenerator::randomize().
◆ generate_dsa_primes() [2/2]
| bool BOTAN_TEST_API Botan::generate_dsa_primes | ( | RandomNumberGenerator & | rng, |
| BigInt & | p_out, | ||
| BigInt & | q_out, | ||
| size_t | pbits, | ||
| size_t | qbits, | ||
| const std::vector< uint8_t > & | seed, | ||
| size_t | offset = 0 ) |
Generate DSA parameters using the FIPS 186 kosherizer
- Parameters
-
rng a random number generator p_out where the prime p will be stored q_out where the prime q will be stored pbits how long p will be in bits qbits how long q will be in bits seed the seed used to generate the parameters offset optional offset from seed to start searching at
- Returns
- true if seed generated a valid DSA parameter set, otherwise false. p_out and q_out are only valid if true was returned.
Definition at line 54 of file dsa_gen.cpp.
References Botan::BigInt::_assign_from_bytes(), Botan::BigInt::bits(), Botan::HashFunction::create_or_throw(), fmt(), is_prime(), operator++(), Seed, and Botan::BigInt::set_bit().
Referenced by Botan::DL_Group::DL_Group(), Botan::DL_Group::DL_Group(), and generate_dsa_primes().
◆ generate_mceliece_key()
| McEliece_PrivateKey Botan::generate_mceliece_key | ( | RandomNumberGenerator & | rng, |
| size_t | ext_deg, | ||
| size_t | code_length, | ||
| size_t | t ) |
Definition at line 181 of file code_based_key_gen.cpp.
References bit_size_to_32bit_size(), generate_mceliece_key(), Botan::polyn_gf2m::sqrt_mod_init(), store_le(), and syndrome_init().
Referenced by generate_mceliece_key(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().
◆ generate_passhash9()
| std::string Botan::generate_passhash9 | ( | std::string_view | password, |
| RandomNumberGenerator & | rng, | ||
| uint16_t | work_factor = 15, | ||
| uint8_t | alg_id = 4 ) |
Create a password hash using PBKDF2
Functions much like generate_bcrypt(). The last parameter, alg_id, specifies which PRF to use. Currently defined values are:
The work_factor must be greater than zero and less than 512. This performs 10000 * work_factor PBKDF2 iterations, using 96 bits of salt taken from rng. Using work factor of 10 or more is recommended.
- Parameters
-
password the password rng a random number generator work_factor how much work to do to slow down guessing attacks alg_id specifies which PRF to use with PBKDF2 0 is HMAC(SHA-1) 1 is HMAC(SHA-256) 2 is CMAC(Blowfish) 3 is HMAC(SHA-384) 4 is HMAC(SHA-512) all other values are currently undefined
Definition at line 47 of file passhash9.cpp.
References base64_encode(), Botan::OctetString::bits_of(), BOTAN_ARG_CHECK, Botan::PBKDF::derive_key(), get_byte(), and Botan::RandomNumberGenerator::randomize().
◆ generate_rfc6979_nonce()
|
inline |
- Parameters
-
x the secret (EC)DSA key q the group order h the message hash already reduced mod q hash the hash function used to generate h
Definition at line 56 of file rfc6979.h.
References Botan::BigInt::bits(), and Botan::RFC6979_Nonce_Generator::nonce_for().
◆ generate_rsa_prime()
| BigInt Botan::generate_rsa_prime | ( | RandomNumberGenerator & | keygen_rng, |
| RandomNumberGenerator & | prime_test_rng, | ||
| size_t | bits, | ||
| const BigInt & | coprime, | ||
| size_t | prob = 128 ) |
Generate a prime suitable for RSA p/q
- Parameters
-
keygen_rng a random number generator prime_test_rng a random number generator bits how large the resulting prime should be in bits (must be >= 512) coprime a positive integer that (prime - 1) should be coprime to prob use test so false positive is bounded by 1/2**prob
- Returns
- random prime with the specified criteria
Definition at line 226 of file make_prm.cpp.
References Botan::BigInt::bits(), BOTAN_DEBUG_ASSERT, Botan::Barrett_Reduction::for_secret_modulus(), gcd(), Botan::BigInt::is_even(), is_miller_rabin_probable_prime(), miller_rabin_test_iterations(), Botan::CT::scoped_poison(), and Botan::BigInt::set_bit().
Referenced by Botan::RSA_PrivateKey::RSA_PrivateKey().
◆ get_aead()
|
inline |
Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX")
- Parameters
-
name AEAD name direction Cipher_Dir::Encryption or Cipher_Dir::Decryption
Definition at line 138 of file aead.h.
References Botan::AEAD_Mode::create(), and get_aead().
Referenced by get_aead().
◆ get_byte()
requires (B < sizeof(T))
|
inlineconstexpr |
Byte extraction
- Parameters
-
input the value to extract from
- Returns
- byte byte number B of input
Definition at line 79 of file loadstor.h.
Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(), Botan::polyn_gf2m::encode(), Botan::Cert_Extension::IPAddressBlocks::IPAddressFamily::encode_into(), Botan::detail::fallback_store_any(), Botan::TLS::Connection_Cipher_State::format_ad(), generate_passhash9(), hex_encode(), Botan::TLS::Channel_Impl_12::key_material_export(), Botan::McEliece_PrivateKey::private_key_bits(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), Botan::TLS::Certificate_Verify::serialize(), Botan::TLS::Cookie::serialize(), Botan::TLS::EarlyDataIndication::serialize(), Botan::TLS::Extensions::serialize(), Botan::TLS::PSK::serialize(), Botan::TLS::Record_Size_Limit::serialize(), Botan::TLS::Server_Hello::serialize(), Botan::TLS::Server_Name_Indicator::serialize(), Botan::TLS::SRTP_Protection_Profiles::serialize(), Botan::TLS::Supported_Groups::serialize(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::CCM_Mode::set_associated_data_n(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), sm2_compute_za(), and Botan::RTSS_Share::split().
◆ get_byte_var()
|
inlineconstexpr |
Byte extraction
- Parameters
-
byte_num which byte to extract, 0 == highest byte input the value to extract from
- Returns
- byte byte_num of input
Definition at line 69 of file loadstor.h.
Referenced by Botan::TLS::append_tls_length_value(), Botan::BigInt::binary_encode(), Botan::BigInt::byte_at(), copy_out_be(), copy_out_le(), Botan::CCM_Mode::encode_length(), Botan::TLS::Certificate_12::serialize(), and Botan::TLS::Certificate_Status::serialize().
◆ get_cipher() [1/3]
|
inline |
Factory method for general symmetric cipher filters. No key will be set in the filter.
- Parameters
-
algo_spec the name of the desired cipher direction determines whether the filter will be an encrypting or decrypting filter
- Returns
- pointer to the encryption or decryption filter
Definition at line 201 of file filters.h.
References Botan::Cipher_Mode::create_or_throw().
Referenced by get_cipher(), and get_cipher().
◆ get_cipher() [2/3]
|
inline |
Factory method for general symmetric cipher filters.
- Parameters
-
algo_spec the name of the desired cipher key the key to be used for encryption/decryption performed by the filter direction determines whether the filter will be an encrypting or decrypting filter
- Returns
- pointer to the encryption or decryption filter
Definition at line 216 of file filters.h.
References get_cipher(), and Botan::Keyed_Filter::set_key().
◆ get_cipher() [3/3]
|
inline |
Factory method for general symmetric cipher filters.
- Parameters
-
algo_spec the name of the desired cipher key the key to be used for encryption/decryption performed by the filter iv the initialization vector to be used direction determines whether the filter will be an encrypting or decrypting filter
- Returns
- pointer to newly allocated encryption or decryption filter
Definition at line 232 of file filters.h.
References Botan::OctetString::empty(), get_cipher(), and Botan::Keyed_Filter::set_iv().
◆ get_cipher_mode()
|
inline |
Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS")
- Parameters
-
algo_spec cipher name direction Cipher_Dir::Encryption or Cipher_Dir::Decryption provider provider implementation to choose
Definition at line 283 of file cipher_mode.h.
References Botan::Cipher_Mode::create(), and get_cipher_mode().
Referenced by get_cipher_mode().
◆ get_files_recursive()
| BOTAN_TEST_API std::vector< std::string > Botan::get_files_recursive | ( | std::string_view | dir | ) |
Definition at line 123 of file filesystem.cpp.
References BOTAN_UNUSED.
◆ get_kdf()
|
inline |
Factory method for KDF (key derivation function)
- Parameters
-
algo_spec the name of the KDF to create
- Returns
- pointer to newly allocated object of that type
Prefer KDF::create
Definition at line 274 of file kdf.h.
References Botan::KDF::create_or_throw(), and get_kdf().
Referenced by get_kdf().
◆ get_pbkdf()
|
inline |
Password based key derivation function factory method
- Parameters
-
algo_spec the name of the desired PBKDF algorithm provider the provider to use
- Returns
- pointer to newly allocated object of that type
Definition at line 246 of file pbkdf.h.
References Botan::PBKDF::create_or_throw(), and get_pbkdf().
Referenced by get_pbkdf().
◆ get_s2k()
|
inline |
Definition at line 250 of file pbkdf.h.
References Botan::PBKDF::create_or_throw(), and get_s2k().
Referenced by get_s2k().
◆ get_uint32()
|
constexpr |
Definition at line 33 of file pcurves_solinas.h.
◆ gf2p8affine()
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 Botan::gf2p8affine | ( | const SIMD_8x32 & | x | ) |
Definition at line 52 of file simd_avx2_gfni.h.
References BOTAN_FORCE_INLINE, and Botan::SIMD_8x32::raw().
◆ gf2p8affineinv()
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 Botan::gf2p8affineinv | ( | const SIMD_8x32 & | x | ) |
Definition at line 57 of file simd_avx2_gfni.h.
References BOTAN_FORCE_INLINE, and Botan::SIMD_8x32::raw().
◆ gf2p8mul()
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_GFNI SIMD_8x32 Botan::gf2p8mul | ( | const SIMD_8x32 & | a, |
| const SIMD_8x32 & | b ) |
Definition at line 61 of file simd_avx2_gfni.h.
References BOTAN_FORCE_INLINE, and Botan::SIMD_8x32::raw().
◆ gfni_matrix()
|
consteval |
Definition at line 19 of file simd_avx2_gfni.h.
◆ gray_to_lex()
Definition at line 30 of file code_based_util.h.
◆ has_filesystem_impl()
| BOTAN_TEST_API bool Botan::has_filesystem_impl | ( | ) |
Definition at line 113 of file filesystem.cpp.
◆ hash_to_curve_sswu()
requires C::ValidForSswuHash
|
inline |
Hash to curve (SSWU); RFC 9380
This is the Simplified Shallue-van de Woestijne-Ulas (SSWU) map.
The parameter expand_message models the function of RFC 9380 and is provided by higher levels. For the curves implemented here it will typically be XMD, but could also be an XOF (expand_message_xof) or a MHF like Argon2.
For details see RFC 9380 sections 3, 5.2 and 6.6.2.
Definition at line 1712 of file pcurves_impl.h.
References map_to_curve_sswu().
Referenced by Botan::PCurve::PrimeOrderCurveImpl< C >::hash_to_curve_nu(), and Botan::PCurve::PrimeOrderCurveImpl< C >::hash_to_curve_ro().
◆ hex_decode() [1/6]
| std::vector< uint8_t > Botan::hex_decode | ( | const char | input[], |
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
input some hex input input_length the length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded hex output
Definition at line 148 of file hex.cpp.
References hex_decode().
◆ hex_decode() [2/6]
| size_t Botan::hex_decode | ( | std::span< uint8_t > | output, |
| std::string_view | input, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
output a contiguous byte buffer of at least input_length/2 bytes input some hex input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 131 of file hex.cpp.
References hex_decode().
◆ hex_decode() [3/6]
| std::vector< uint8_t > Botan::hex_decode | ( | std::string_view | input, |
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
input some hex input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded hex output
Definition at line 157 of file hex.cpp.
References hex_decode().
◆ hex_decode() [4/6]
| size_t Botan::hex_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
output an array of at least input_length/2 bytes input some hex input input_length length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 116 of file hex.cpp.
References hex_decode().
◆ hex_decode() [5/6]
| size_t Botan::hex_decode | ( | uint8_t | output[], |
| const char | input[], | ||
| size_t | input_length, | ||
| size_t & | input_consumed, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
output an array of at least input_length/2 bytes input some hex input input_length length of input in bytes input_consumed is an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input. ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 72 of file hex.cpp.
References clear_mem(), fmt(), format_char_for_display(), and out_ptr().
Referenced by botan_hex_decode(), Botan::Hex_Decoder::end_msg(), Botan::TLS::Session_Manager_SQL::find_some(), hex_decode(), hex_decode(), hex_decode(), hex_decode(), hex_decode(), hex_decode_locked(), Botan::OctetString::OctetString(), Botan::UUID::UUID(), and Botan::Hex_Decoder::write().
◆ hex_decode() [6/6]
| size_t Botan::hex_decode | ( | uint8_t | output[], |
| std::string_view | input, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
output an array of at least input_length/2 bytes input some hex input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- number of bytes written to output
Definition at line 127 of file hex.cpp.
References hex_decode().
◆ hex_decode_locked() [1/2]
| secure_vector< uint8_t > Botan::hex_decode_locked | ( | const char | input[], |
| size_t | input_length, | ||
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
input some hex input input_length the length of input in bytes ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded hex output
Definition at line 135 of file hex.cpp.
References hex_decode().
Referenced by Botan::BigInt::from_radix_digits(), hex_decode_locked(), and Botan::RTSS_Share::RTSS_Share().
◆ hex_decode_locked() [2/2]
| secure_vector< uint8_t > Botan::hex_decode_locked | ( | std::string_view | input, |
| bool | ignore_ws = true ) |
Perform hex decoding
- Parameters
-
input some hex input ignore_ws ignore whitespace on input; if false, throw an exception if whitespace is encountered
- Returns
- decoded hex output
Definition at line 144 of file hex.cpp.
References hex_decode_locked().
◆ hex_encode() [1/3]
| void Botan::hex_encode | ( | char | output[], |
| const uint8_t | input[], | ||
| size_t | input_length, | ||
| bool | uppercase = true ) |
Perform hex encoding
- Parameters
-
output an array of at least input_length*2 bytes input is some binary data input_length length of input in bytes uppercase should output be upper or lower case?
Definition at line 34 of file hex.cpp.
References get_byte().
Referenced by botan_hex_encode(), create_hex_fingerprint(), hex_encode(), hex_encode(), Botan::TLS::Session_Manager_SQL::remove(), Botan::TLS::Session_Manager_SQL::retrieve_one(), Botan::TLS::Session_Manager_SQL::store(), Botan::BigInt::to_hex_string(), Botan::OctetString::to_string(), Botan::RTSS_Share::to_string(), Botan::UUID::to_string(), Botan::X509_Certificate::to_string(), and Botan::UUID::UUID().
◆ hex_encode() [2/3]
| std::string Botan::hex_encode | ( | const uint8_t | input[], |
| size_t | input_length, | ||
| bool | uppercase = true ) |
Perform hex encoding
- Parameters
-
input some input input_length length of input in bytes uppercase should output be upper or lower case?
- Returns
- hexadecimal representation of input
Definition at line 42 of file hex.cpp.
References hex_encode().
◆ hex_encode() [3/3]
|
inline |
Perform hex encoding
- Parameters
-
input some input uppercase should output be upper or lower case?
- Returns
- hexadecimal representation of input
Definition at line 43 of file hex.h.
References hex_encode().
◆ hex_to_words()
|
constexpr |
Definition at line 743 of file mp_core.h.
References shift_left().
◆ high_bit()
|
constexpr |
Return the index of the highest set bit T is an unsigned integer type
- Parameters
-
n an integer value
- Returns
- index of the highest set bit in n
Definition at line 73 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ct_if_is_zero_ret().
Referenced by Botan::OID::encode_into(), floor_log2(), random_prime(), and Botan::BigInt::top_bits_free().
◆ hkdf_expand_label()
| secure_vector< uint8_t > BOTAN_TEST_API Botan::hkdf_expand_label | ( | std::string_view | hash_fn, |
| std::span< const uint8_t > | secret, | ||
| std::string_view | label, | ||
| std::span< const uint8_t > | hash_val, | ||
| size_t | length ) |
HKDF-Expand-Label from TLS 1.3/QUIC
- Parameters
-
hash_fn the hash to use secret the secret bits label the full label (no "TLS 1.3, " or "tls13 " prefix is applied) hash_val the previous hash value (used for chaining, may be empty) length the desired output length
Definition at line 119 of file hkdf.cpp.
References as_span_of_bytes(), BOTAN_ARG_CHECK, concat(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::KDF::derive_key(), fmt(), and store_be().
◆ holds_any_of()
|
constexprnoexcept |
Definition at line 65 of file stl_util.h.
Referenced by Botan::TLS::Channel_Impl_13::from_peer().
◆ host_wildcard_match()
| BOTAN_TEST_API bool Botan::host_wildcard_match | ( | std::string_view | wildcard, |
| std::string_view | host ) |
Check if the given hostname is a match for the specified wildcard
Definition at line 252 of file parsing.cpp.
References tolower_string().
Referenced by Botan::X509_Certificate::matches_dns_name().
◆ ht_sign()
| void Botan::ht_sign | ( | StrongSpan< SphincsHypertreeSignature > | out_sig, |
| const SphincsTreeNode & | message_to_sign, | ||
| const SphincsSecretSeed & | secret_seed, | ||
| XmssTreeIndexInLayer | tree_index_in_layer, | ||
| TreeNodeIndex | idx_leaf, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 12: ht_sign.
Creates a SLH-DSA XMSS hypertree signature of message_to_sign. The signature is written into the buffer defined by out_sig. tree_index_in_layer and idx_leaf define which XMSS tree of the hypertree and which leaf of this XMSS tree is used for signing.
Definition at line 22 of file sp_hypertree.cpp.
References BOTAN_ASSERT_NOMSG, Botan::Sphincs_Address::copy_subtree_from(), Botan::Sphincs_Parameters::d(), Botan::BufferStuffer::full(), Botan::detail::Strong_Base< T >::get(), HashTree, Botan::Sphincs_Parameters::ht_signature_bytes(), Botan::BufferStuffer::next(), Botan::Sphincs_Address::set_keypair_address(), Botan::Sphincs_Address::set_layer_address(), Botan::Sphincs_Address::set_tree_address(), Botan::StrongSpan< T >::size(), WotsHash, xmss_sign_and_pkgen(), Botan::Sphincs_Parameters::xmss_signature_bytes(), and Botan::Sphincs_Parameters::xmss_tree_height().
◆ ht_verify()
| bool Botan::ht_verify | ( | const SphincsTreeNode & | signed_msg, |
| StrongSpan< const SphincsHypertreeSignature > | ht_sig, | ||
| const SphincsTreeNode & | pk_root, | ||
| XmssTreeIndexInLayer | tree_index_in_layer, | ||
| TreeNodeIndex | idx_leaf, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 13: ht_verify.
Given a message signed_msg the SLH-DSA XMSS hypertree is reconstructed using a hypertree signature ht_sig. tree_index_in_layer and idx_leaf define which XMSS tree of the hypertree and which leaf of this XMSS tree was used for signing.
- Returns
- true iff the top-most reconstructed root equals
pk_root
Definition at line 62 of file sp_hypertree.cpp.
References BOTAN_ASSERT_NOMSG, compute_root(), Botan::Sphincs_Address::copy_keypair_from(), Botan::Sphincs_Address::copy_subtree_from(), Botan::Sphincs_Parameters::d(), Botan::BufferSlicer::empty(), Botan::detail::Strong_Base< T >::get(), HashTree, Botan::Sphincs_Parameters::ht_signature_bytes(), Botan::Sphincs_Parameters::n(), Botan::Sphincs_Address::set_keypair_address(), Botan::Sphincs_Address::set_layer_address(), Botan::Sphincs_Address::set_tree_address(), Botan::StrongSpan< T >::size(), Botan::Sphincs_Hash_Functions::T(), Botan::BufferSlicer::take(), Botan::Sphincs_Parameters::wots_bytes(), wots_public_key_from_signature(), WotsHash, WotsPublicKeyCompression, and Botan::Sphincs_Parameters::xmss_tree_height().
◆ ieee1363_hash_id()
| uint8_t Botan::ieee1363_hash_id | ( | std::string_view | hash_name | ) |
Return the IEEE 1363 hash identifier
- Parameters
-
hash_name the name of the hash function
- Returns
- uint8_t code identifying the hash, or 0 if not known
Definition at line 144 of file hash_id.cpp.
Referenced by Botan::X931_SignaturePadding::X931_SignaturePadding().
◆ if_work_factor()
| size_t BOTAN_TEST_API Botan::if_work_factor | ( | size_t | n_bits | ) |
Estimate work factor for integer factorization
- Parameters
-
n_bits size of modulus in bits
- Returns
- estimated security level for this modulus
Definition at line 37 of file workfactor.cpp.
Referenced by dl_work_factor(), Botan::RSA_PublicKey::estimated_strength(), and Botan::TPM_PrivateKey::estimated_strength().
◆ ignore_params()
|
constexpr |
Mark variable as unused.
Takes any number of arguments and marks all as unused, for instance BOTAN_UNUSED(a); or BOTAN_UNUSED(x, y, z);
Definition at line 142 of file assert.h.
References ignore_params().
Referenced by ignore_params().
◆ index_of_first_set_byte()
|
constexpr |
Return the index of the first byte with the high bit set
Definition at line 130 of file int_utils.h.
◆ initialize_allocator()
| void BOTAN_UNSTABLE_API Botan::initialize_allocator | ( | ) |
Ensure the allocator is initialized
Definition at line 66 of file allocator.cpp.
References Botan::mlock_allocator::instance().
Referenced by Botan::Allocator_Initializer::Allocator_Initializer().
◆ intersects()
|
inline |
Definition at line 70 of file asn1_obj.h.
◆ inverse_mod()
Modular inversion. This algorithm is const time with respect to x, as long as x is less than modulus. It also avoids leaking information about the modulus, except that it does leak which of 3 categories the modulus is in: an odd integer, a power of 2, or some other even number, and if the modulus is even, leaks the power of 2 which divides the modulus.
- Parameters
-
x a positive integer modulus a positive integer
- Returns
- y st (x*y) % modulus == 1 or 0 if no such value
Definition at line 371 of file mod_inv.cpp.
References BOTAN_ARG_CHECK, ct_modulo(), inverse_mod(), inverse_mod_general(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), and Botan::BigInt::zero().
Referenced by inverse_mod().
◆ inverse_mod_general()
| std::optional< BigInt > BOTAN_TEST_API Botan::inverse_mod_general | ( | const BigInt & | x, |
| const BigInt & | m ) |
Compute the inverse of x modulo some integer m
Returns nullopt if no such integer exists eg if gcd(x, m) > 1
This algorithm is const time with respect to x, aside from its length. It also avoids leaking information about the modulus m, except that it does leak which of 3 categories the modulus is in:
- An odd integer
- A power of 2
- Some even number not a power of 2
And if the modulus is even, it leaks the power of 2 which divides the modulus.
- Parameters
-
x a positive integer less than m m a positive integer
Throws Invalid_Argument if x or m are negative
Definition at line 179 of file mod_inv.cpp.
References Botan::BigInt::bits(), BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::BigInt::ct_cond_add(), Botan::BigInt::ct_cond_assign(), ct_modulo(), Botan::BigInt::get_bit(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), low_zero_bits(), Botan::BigInt::mask_bits(), Botan::BigInt::Positive, Botan::BigInt::power_of_2(), and Botan::BigInt::set_sign().
Referenced by botan_mp_mod_inverse(), compute_rsa_secret_exponent(), and inverse_mod().
◆ inverse_mod_public_prime()
| BigInt BOTAN_TEST_API Botan::inverse_mod_public_prime | ( | const BigInt & | x, |
| const BigInt & | p ) |
Compute the inverse of x modulo a public prime p
This algorithm is constant time with respect to x. The prime p is assumed to be public.
- Parameters
-
x a positive integer less than p p an odd prime
- Returns
- y such that (x*y) % p == 1
This always returns a result since any integer in [1,p) has an inverse modulo a prime p.
This function assumes as a precondition that p truly is prime; the results may not be correct if this does not hold.
Throws Invalid_Argument if x is less than or equal to zero, or if p is even or less than 3.
Definition at line 293 of file mod_inv.cpp.
References inverse_mod_secret_prime().
Referenced by Botan::DL_Group::inverse_mod_p(), Botan::DL_Group::inverse_mod_q(), Botan::EC_Scalar_Data_BN::invert(), and Botan::EC_Scalar_Data_BN::invert_vartime().
◆ inverse_mod_rsa_public_modulus()
Compute the inverse of x modulo a public RSA modulus n
This algorithm is constant time with respect to x. The RSA modulus is assumed to be public.
- Parameters
-
x a positive integer less than n n a RSA public modulus
- Returns
- y such that (x*y) % n == 1
This always returns a result since any integer in [1,n) has an inverse modulo a RSA public modulus n, unless you have happened to guess one of the factors at random. In the unlikely event of this occurring, Internal_Error will be thrown.
Definition at line 297 of file mod_inv.cpp.
References BOTAN_ARG_CHECK, BOTAN_ASSERT, Botan::BigInt::is_odd(), Botan::BigInt::is_positive(), and Botan::BigInt::is_zero().
◆ inverse_mod_secret_prime()
| BigInt BOTAN_TEST_API Botan::inverse_mod_secret_prime | ( | const BigInt & | x, |
| const BigInt & | p ) |
Compute the inverse of x modulo a secret prime p
This algorithm is constant time with respect to x and p, aside from leaking the length of p. (In particular it should not leak the length of x, if x is shorter)
- Parameters
-
x a positive integer less than p p an odd prime
- Returns
- y such that (x*y) % p == 1
This always returns a result since any integer in [1,p) has an inverse modulo a prime p.
This function assumes as a precondition that p truly is prime; the results may not be correct if this does not hold.
Throws Invalid_Argument if x is less than or equal to zero, or if p is even or less than 3.
Definition at line 282 of file mod_inv.cpp.
References BOTAN_ARG_CHECK, Botan::BigInt::is_odd(), and Botan::BigInt::is_positive().
Referenced by Botan::RSA_PrivateKey::check_key(), inverse_mod_public_prime(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().
◆ invert_field_element()
|
inlineconstexpr |
Field inversion
Uses the specialized fe_invert2 if available, or otherwise the standard (FLT-based) field inversion.
Definition at line 35 of file pcurves_algos.h.
Referenced by map_to_curve_sswu(), SSWU_C2(), to_affine(), to_affine_batch(), and to_affine_x().
◆ ipv4_to_string()
| std::string BOTAN_TEST_API Botan::ipv4_to_string | ( | uint32_t | ip_addr | ) |
Convert an IPv4 address to a string
- Parameters
-
ip_addr the IPv4 address to convert
- Returns
- string representation of the IPv4 address
Definition at line 225 of file parsing.cpp.
References store_be().
Referenced by Botan::AlternativeName::contents(), Botan::AlternativeName::get_attribute(), and Botan::GeneralName::name().
◆ is_bailie_psw_probable_prime()
| bool BOTAN_TEST_API Botan::is_bailie_psw_probable_prime | ( | const BigInt & | n, |
| const Barrett_Reduction & | mod_n ) |
Perform Bailie-PSW primality test
This is a combination of Miller-Rabin with base 2 and a Lucas test. No known composite integer passes both tests, though it is conjectured that infinitely many composite counterexamples exist.
- Parameters
-
n the positive integer to test mod_n a pre-created Barrett_Reduction for n
- Returns
- true if n seems probably prime, false if n is composite
Definition at line 98 of file primality.cpp.
References Botan::BigInt::from_word(), Botan::BigInt::is_even(), is_lucas_probable_prime(), and passes_miller_rabin_test().
Referenced by Botan::EC_Group::EC_Group(), and is_prime().
◆ is_generalizable_to() [1/2]
|
constexprnoexcept |
Definition at line 70 of file stl_util.h.
Referenced by generalize_to(), and Botan::TLS::Handshake_State_13< Connection_Side::Client, Client_Handshake_13_Message, Server_Handshake_13_Message, Server_Post_Handshake_13_Message >::sending().
◆ is_generalizable_to() [2/2]
|
constexprnoexcept |
Definition at line 75 of file stl_util.h.
◆ is_lucas_probable_prime()
| bool BOTAN_TEST_API Botan::is_lucas_probable_prime | ( | const BigInt & | n, |
| const Barrett_Reduction & | mod_n ) |
Perform Lucas primality test
- See also
- FIPS 186-4 C.3.3
- Warning
- it is possible to construct composite integers which pass this test alone.
- Parameters
-
n the positive integer to test mod_n a pre-created Barrett_Reduction for n
- Returns
- true if n seems probably prime, false if n is composite
Definition at line 18 of file primality.cpp.
References Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::BigInt::ct_cond_add(), Botan::BigInt::ct_cond_assign(), Botan::BigInt::flip_sign(), Botan::BigInt::from_word(), Botan::BigInt::get_bit(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_odd(), is_perfect_square(), Botan::BigInt::is_positive(), jacobi(), Botan::Barrett_Reduction::multiply(), Botan::BigInt::one(), Botan::Barrett_Reduction::reduce(), and Botan::Barrett_Reduction::square().
Referenced by is_bailie_psw_probable_prime(), is_prime(), and random_prime().
◆ is_miller_rabin_probable_prime()
| bool BOTAN_TEST_API Botan::is_miller_rabin_probable_prime | ( | const BigInt & | n, |
| const Barrett_Reduction & | mod_n, | ||
| RandomNumberGenerator & | rng, | ||
| size_t | t ) |
Perform t iterations of a Miller-Rabin primality test with random bases
- Parameters
-
n the positive integer to test mod_n a pre-created Barrett_Reduction for n rng a random number generator t number of tests to perform
- Returns
- result of primality test
Definition at line 160 of file primality.cpp.
References Botan::BigInt::from_word(), Botan::BigInt::is_even(), passes_miller_rabin_test(), and Botan::BigInt::random_integer().
Referenced by generate_rsa_prime(), is_prime(), and random_prime().
◆ is_passhash9_alg_supported()
| bool Botan::is_passhash9_alg_supported | ( | uint8_t | alg_id | ) |
Check if the PRF used with PBKDF2 is supported
- Parameters
-
alg_id alg_id used in generate_passhash9()
Definition at line 129 of file passhash9.cpp.
◆ is_perfect_square()
Test if the positive integer x is a perfect square ie if there exists some positive integer y st y*y == x See FIPS 186-4 sec C.4
- Returns
- 0 if the integer is not a perfect square, otherwise returns the positive y st y*y == x
Definition at line 347 of file numthry.cpp.
References Botan::BigInt::bits(), Botan::BigInt::one(), Botan::BigInt::power_of_2(), and Botan::BigInt::zero().
Referenced by is_lucas_probable_prime().
◆ is_power_of_2()
|
constexpr |
Power of 2 test. T should be an unsigned integer type
- Parameters
-
arg an integer value
- Returns
- true iff arg is 2^n for some n > 0
Definition at line 62 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
Referenced by operator%(), Botan::BigInt::operator%=(), Botan::BigInt::operator/=(), Botan::Scrypt::Scrypt(), and Botan::CTR_BE::seek().
◆ is_prime()
| bool Botan::is_prime | ( | const BigInt & | n, |
| RandomNumberGenerator & | rng, | ||
| size_t | prob = 64, | ||
| bool | is_random = false ) |
Check for primality
This uses probabilistic algorithms - there is some non-zero (but very low) probability that this function will return true even if n is actually composite.
- Parameters
-
n a positive integer to test for primality rng a random number generator prob chance of false positive is bounded by 1/2**prob is_random true if n was randomly chosen by us
- Returns
- true if all primality tests passed, otherwise false
Definition at line 381 of file numthry.cpp.
References Botan::BigInt::bits(), Botan::Barrett_Reduction::for_secret_modulus(), is_bailie_psw_probable_prime(), Botan::BigInt::is_even(), is_lucas_probable_prime(), is_miller_rabin_probable_prime(), Botan::RandomNumberGenerator::is_seeded(), miller_rabin_test_iterations(), PRIME_TABLE_SIZE, PRIMES, and Botan::BigInt::word_at().
Referenced by botan_mp_is_prime(), Botan::RSA_PrivateKey::check_key(), Botan::DL_Group::DL_Group(), generate_dsa_primes(), random_safe_prime(), Botan::DL_Group::verify_group(), and Botan::EC_Group::verify_group().
◆ is_sub_element_of()
|
inline |
Definition at line 16 of file x509_utils.h.
References Botan::OID::get_components().
Referenced by Botan::X509_DN::lookup_ub().
◆ jacobi()
Compute the Jacobi symbol. If n is prime, this is equivalent to the Legendre symbol.
- Parameters
-
a is a non-negative integer n is an odd integer > 1
- Returns
- (n / m)
Definition at line 119 of file numthry.cpp.
References BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::BigInt::is_odd(), low_zero_bits(), and Botan::BigInt::word_at().
Referenced by Botan::DL_Group::DL_Group(), is_lucas_probable_prime(), and sqrt_modulo_prime().
◆ keccak_absorb_padded_strings_encoding()
requires (std::constructible_from<std::span<const uint8_t>, Ts> && ...)
| size_t Botan::keccak_absorb_padded_strings_encoding | ( | T & | sink, |
| size_t | padding_mod, | ||
| Ts... | byte_strings ) |
This is a combination of the functions encode_string() and bytepad() defined in NIST SP.800-185 Section 2.3. Additionally, the result is directly streamed into the provided XOF to avoid unnecessary memory allocation or a byte vector.
- Parameters
-
sink the XOF or byte vector to absorb the byte_stringsintopadding_mod the modulus value to create a padding for (NIST calls this 'w') byte_strings a variable-length list of byte strings to be encoded and absorbed into the given xof
- Returns
- the number of bytes absorbed into the
xof
Definition at line 91 of file keccak_helpers.h.
References BOTAN_ASSERT_NOMSG, keccak_absorb_padded_strings_encoding(), keccak_int_left_encode(), and keccak_max_int_encoding_size().
Referenced by keccak_absorb_padded_strings_encoding().
◆ keccak_int_encoding_size()
| BOTAN_TEST_API size_t Botan::keccak_int_encoding_size | ( | size_t | x | ) |
- Returns
- the required bytes for encodings of keccak_int_left_encode() or keccak_int_right_encode() given an integer
x
Definition at line 55 of file keccak_helpers.cpp.
◆ keccak_int_left_encode()
| BOTAN_TEST_API std::span< const uint8_t > Botan::keccak_int_left_encode | ( | std::span< uint8_t > | buffer, |
| size_t | x ) |
Integer encoding defined in NIST SP.800-185 that can be unambiguously parsed from the beginning of the string.
This function does not allocate any memory and requires the caller to provide a sufficiently large buffer. For a given x, this will need exactly keccak_int_encoding_size() bytes. For an arbitrary x it will generate keccak_max_int_encoding_size() bytes at most.
- Parameters
-
buffer buffer to write the left-encoding of xto. It is assumed that the buffer will hold at least keccak_int_encoding_size() bytes.x the integer to be left-encoded
- Returns
- the byte span that represents the bytes written to
buffer.
Definition at line 42 of file keccak_helpers.cpp.
References BOTAN_ASSERT_NOMSG.
Referenced by keccak_absorb_padded_strings_encoding().
◆ keccak_int_right_encode()
| BOTAN_TEST_API std::span< const uint8_t > Botan::keccak_int_right_encode | ( | std::span< uint8_t > | out, |
| size_t | x ) |
Integer encoding defined in NIST SP.800-185 that can be unambiguously parsed from the end of the string.
This function does not allocate any memory and requires the caller to provide a sufficiently large buffer. For a given x, this will need exactly keccak_int_encoding_size() bytes. For an arbitrary x it will generate keccak_max_int_encoding_size() bytes at most.
- Parameters
-
out buffer to write the right-encoding of xto. It is assumed that the buffer will hold at least keccak_int_encoding_size() bytes.x the integer to be right-encoded
- Returns
- the byte span that represents the bytes written to
buffer.
Definition at line 48 of file keccak_helpers.cpp.
References BOTAN_ASSERT_NOMSG.
◆ keccak_max_int_encoding_size()
|
constexpr |
- Returns
- the maximum required bytes for encodings of keccak_int_left_encode() or keccak_int_right_encode()
Definition at line 65 of file keccak_helpers.h.
Referenced by keccak_absorb_padded_strings_encoding().
◆ Keccak_Permutation_round()
| BOTAN_FORCE_INLINE void Botan::Keccak_Permutation_round | ( | uint64_t | T[25], |
| const uint64_t | A[25], | ||
| uint64_t | RC ) |
Definition at line 15 of file keccak_perm_round.h.
References BOTAN_FORCE_INLINE, and rotl().
Referenced by Botan::Keccak_Permutation::permute().
◆ key_constraints_to_string()
|
inline |
Definition at line 34 of file pkix_types.h.
References key_constraints_to_string().
Referenced by key_constraints_to_string().
◆ latin1_to_utf8()
| BOTAN_TEST_API std::string Botan::latin1_to_utf8 | ( | const uint8_t | chars[], |
| size_t | len ) |
Definition at line 89 of file charset.cpp.
Referenced by Botan::ASN1_String::decode_from().
◆ lcm()
Least common multiple
- Parameters
-
x a positive integer y a positive integer
- Returns
- z, smallest integer such that z % x == 0 and z % y == 0
Definition at line 296 of file numthry.cpp.
References ct_divide(), gcd(), Botan::BigInt::Positive, and Botan::BigInt::set_sign().
Referenced by Botan::Cascade_Cipher::Cascade_Cipher(), Botan::RSA_PrivateKey::check_key(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().
◆ lex_to_gray()
Definition at line 38 of file code_based_util.h.
Referenced by syndrome_init().
◆ lmots_compute_pubkey_from_sig()
| BOTAN_TEST_API LMOTS_K Botan::lmots_compute_pubkey_from_sig | ( | const LMOTS_Signature & | sig, |
| const LMS_Message & | msg, | ||
| const LMS_Identifier & | identifier, | ||
| LMS_Tree_Node_Idx | q ) |
Compute a public key candidate for an OTS-signature-message pair and the OTS instance parameters.
Defined in RFC 8554 4.6 - Algorithm 4b
Definition at line 333 of file lm_ots.cpp.
References Botan::LMOTS_Signature::algorithm_type(), Botan::LMOTS_Signature::C(), Botan::LMOTS_Params::create_or_throw(), store_be(), and Botan::LMOTS_Signature::y().
◆ load_3()
|
inline |
Definition at line 18 of file ed25519_internal.h.
Referenced by Botan::Ed25519_FieldElement::deserialize(), sc_muladd(), and sc_reduce().
◆ load_4()
|
inline |
Definition at line 22 of file ed25519_internal.h.
References load_le().
Referenced by Botan::Ed25519_FieldElement::deserialize(), sc_muladd(), and sc_reduce().
◆ load_be()
|
inlineconstexpr |
Load "something" in big endian byte order See the documentation of this file for more details.
Definition at line 504 of file loadstor.h.
References Botan::detail::load_any().
Referenced by Botan::TLS::Datagram_Handshake_IO::add_record(), base58_check_decode(), bytes_to_words(), check_passhash9(), Botan::SHA_256::compress_digest(), Botan::SHA_512::compress_digest(), Botan::SHA_1::compress_n(), Botan::SM3::compress_n(), Botan::Whirlpool::compress_n(), Botan::AlternativeName::decode_from(), Botan::GeneralName::decode_from(), Botan::TLS::Session::decrypt(), Botan::CryptoBox::decrypt_bin(), Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::HSS_LMS_PrivateKeyInternal::from_bytes_or_throw(), Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw(), Botan::HSS_Signature::from_bytes_or_throw(), Botan::LMOTS_Signature::from_bytes_or_throw(), Botan::LMS_PublicKey::from_bytes_or_throw(), Botan::LMS_Signature::from_bytes_or_throw(), Botan::HOTP::generate_hotp(), Botan::TLS::TLS_Data_Reader::get_elem(), Botan::SIMD_4x32::load_be(), nist_key_unwrap(), nist_key_unwrap_padded(), Botan::TLS::Server_Hello_12_Shim::random_signals_downgrade(), Botan::TLS::Server_Hello_13::random_signals_downgrade(), Botan::CTR_BE::seek(), Botan::TLS::Session::Session(), ucs2_to_utf8(), and ucs4_to_utf8().
◆ load_le()
|
inlineconstexpr |
Load "something" in little endian byte order See the documentation of this file for more details.
Definition at line 495 of file loadstor.h.
References Botan::detail::load_any().
Referenced by Botan::BlindedScalarBits< C, WindowBits+1 >::BlindedScalarBits(), Botan::Gf448Elem::bytes_are_canonical_representation(), Botan::MD4::compress_n(), Botan::MD5::compress_n(), Botan::RIPEMD_160::compress_n(), Botan::Classic_McEliece_Field_Ordering::create_field_ordering(), Botan::Sodium::crypto_core_hsalsa20(), Botan::GOST_28147_89::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::FrodoMatrix::deserialize(), ed25519_verify(), Botan::GOST_28147_89::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::Dilithium_Algos::expand_A(), Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(), Botan::Gf448Elem::Gf448Elem(), load_4(), Botan::SIMD_4x32::load_le(), Botan::Kyber_Algos::load_le3(), Botan::FrodoMatrix::mul_add_as_plus_e(), Botan::FrodoMatrix::mul_add_sa_plus_e(), random_prime(), Botan::detail::FullWordBounds< SpongeT >::read_from(), Botan::detail::PartialWordBounds< SpongeT >::read_from(), Botan::FrodoMatrix::sample(), Botan::Dilithium_Algos::sample_in_ball(), Botan::ChaCha::seek(), Botan::Salsa20::seek(), Botan::Salsa20::set_iv_bytes(), Botan::Threefish_512::set_tweak(), Botan::Sodium::sodium_free(), Botan::bitvector_base< secure_allocator >::subvector(), Botan::CRYSTALS::unpack(), and xts_compute_tweak_block().
◆ load_private_key()
| std::unique_ptr< Private_Key > Botan::load_private_key | ( | const AlgorithmIdentifier & | alg_id, |
| std::span< const uint8_t > | key_bits ) |
Definition at line 289 of file pk_algs.cpp.
References fmt(), Botan::AlgorithmIdentifier::oid(), split_on(), and Botan::OID::to_formatted_string().
◆ load_public_key()
| std::unique_ptr< Public_Key > Botan::load_public_key | ( | const AlgorithmIdentifier & | alg_id, |
| std::span< const uint8_t > | key_bits ) |
Definition at line 130 of file pk_algs.cpp.
References fmt(), Botan::AlgorithmIdentifier::oid(), split_on(), and Botan::OID::to_formatted_string().
Referenced by Botan::TLS::Hybrid_KEM_PublicKey::load_for_group(), and Botan::X509::load_key().
◆ lock()
| secure_vector< T > Botan::lock | ( | const std::vector< T > & | in | ) |
Definition at line 80 of file secmem.h.
Referenced by Botan::Semaphore::acquire(), Botan::OID_Map::add_oid(), Botan::OID_Map::add_oid2str(), Botan::OID_Map::add_str2oid(), Botan::Memory_Pool::allocate(), Botan::Stateful_RNG::clear(), Botan::Stateful_Key_Index_Registry::current_index(), Botan::Memory_Pool::deallocate(), Botan::Stateful_RNG::force_reseed(), Botan::Stateful_RNG::initialize_with(), Botan::Stateful_RNG::is_seeded(), Botan::OID_Map::oid2str(), Botan::Thread_Pool::queue_thunk(), Botan::TPM2::PrivateKey::raw_private_key_bits(), Botan::Semaphore::release(), Botan::Stateful_Key_Index_Registry::remaining_operations(), Botan::Stateful_RNG::reseed_from_rng(), Botan::Stateful_RNG::reseed_from_sources(), Botan::Stateful_Key_Index_Registry::reserve_next_index(), Botan::Stateful_Key_Index_Registry::set_index_lower_bound(), Botan::Thread_Pool::shutdown(), Botan::OID_Map::str2oid(), Botan::Barrier::sync(), and Botan::Barrier::wait().
◆ low_zero_bits()
| size_t Botan::low_zero_bits | ( | const BigInt & | x | ) |
- Parameters
-
x an integer
- Returns
- count of the low zero bits in x, or, equivalently, the largest value of n such that 2^n divides x evenly. Returns zero if x is equal to zero.
Definition at line 194 of file numthry.cpp.
References Botan::CT::Mask< T >::cleared(), ctz(), Botan::CT::Mask< T >::expand(), Botan::BigInt::size(), and Botan::BigInt::word_at().
Referenced by inverse_mod_general(), jacobi(), passes_miller_rabin_test(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and sqrt_modulo_prime().
◆ majority()
|
constexpr |
Definition at line 222 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and choose().
Referenced by Botan::SHA1_F::F3(), R2(), SHA2_32_F(), SHA2_32_F(), SHA2_64_F(), and SHA2_64_F().
◆ make_commoncrypto_block_cipher()
| std::unique_ptr< BlockCipher > Botan::make_commoncrypto_block_cipher | ( | std::string_view | name | ) |
Definition at line 133 of file commoncrypto_block.cpp.
References commoncrypto_opts_from_algo_name(), and make_commoncrypto_block_cipher().
Referenced by Botan::BlockCipher::create(), and make_commoncrypto_block_cipher().
◆ make_commoncrypto_cipher_mode()
| std::unique_ptr< Cipher_Mode > Botan::make_commoncrypto_cipher_mode | ( | std::string_view | name, |
| Cipher_Dir | direction ) |
Definition at line 214 of file commoncrypto_mode.cpp.
References commoncrypto_opts_from_algo(), and make_commoncrypto_cipher_mode().
Referenced by Botan::Cipher_Mode::create(), and make_commoncrypto_cipher_mode().
◆ make_commoncrypto_hash()
| std::unique_ptr< HashFunction > Botan::make_commoncrypto_hash | ( | std::string_view | name | ) |
Definition at line 79 of file commoncrypto_hash.cpp.
References MAKE_COMMONCRYPTO_HASH_2, and MAKE_COMMONCRYPTO_HASH_3.
Referenced by Botan::HashFunction::create().
◆ make_compressor()
|
inline |
Definition at line 154 of file compression.h.
References Botan::Compression_Algorithm::create(), and make_compressor().
Referenced by make_compressor().
◆ make_decompressor()
|
inline |
Definition at line 160 of file compression.h.
References Botan::Decompression_Algorithm::create(), and make_decompressor().
Referenced by make_decompressor().
◆ make_uint16()
|
inlineconstexpr |
Make a uint16_t from two bytes
- Parameters
-
i0 the first byte i1 the second byte
- Returns
- i0 || i1
Definition at line 92 of file loadstor.h.
Referenced by Botan::TLS::Certificate_Request_12::Certificate_Request_12(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), Botan::ML_KEM_Symmetric_Primitives::init_XOF(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), random_gf2m(), Botan::RTSS_Share::reconstruct(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().
◆ make_uint32()
|
inlineconstexpr |
Make a uint32_t from four bytes
- Parameters
-
i0 the first byte i1 the second byte i2 the third byte i3 the fourth byte
- Returns
- i0 || i1 || i2 || i3
Definition at line 104 of file loadstor.h.
Referenced by Botan::TLS::Certificate_12::Certificate_12(), Botan::TLS::Certificate_Status::Certificate_Status(), Botan::TLS::Stream_Handshake_IO::get_next_record(), Botan::TLS::TLS_Data_Reader::get_uint24_t(), Botan::TLS::TLS_Data_Reader::get_uint32_t(), and Botan::SIMD_4x32::splat_u8().
◆ make_uint64()
|
inlineconstexpr |
Make a uint64_t from eight bytes
- Parameters
-
i0 the first byte i1 the second byte i2 the third byte i3 the fourth byte i4 the fifth byte i5 the sixth byte i6 the seventh byte i7 the eighth byte
- Returns
- i0 || i1 || i2 || i3 || i4 || i5 || i6 || i7
Definition at line 121 of file loadstor.h.
◆ map_remove_if()
| void Botan::map_remove_if | ( | Pred | pred, |
| T & | assoc ) |
Definition at line 53 of file stl_util.h.
Referenced by Botan::TLS::Channel_Impl_12::activate_session().
◆ map_to_curve_sswu()
|
inline |
Map to curve (SSWU)
See RFC 9380 ("Hashing to Elliptic Curves") section 6.6.2
Definition at line 1675 of file pcurves_impl.h.
References Botan::CT::Option< T >::has_value(), invert_field_element(), Botan::CT::poison(), sqrt_field_element(), SSWU_C1(), SSWU_C2(), Botan::CT::unpoison(), and Botan::CT::Option< T >::value_or().
Referenced by hash_to_curve_sswu().
◆ mceliece_decrypt() [1/3]
| secure_vector< uint8_t > Botan::mceliece_decrypt | ( | secure_vector< gf2m > & | error_pos, |
| const uint8_t * | ciphertext, | ||
| size_t | ciphertext_len, | ||
| const McEliece_PrivateKey & | key ) |
p_err_pos_len must point to the available length of error_pos on input, the function will set it to the actual number of errors returned in the error_pos array
Definition at line 146 of file goppa_code.cpp.
References bit_size_to_32bit_size(), bit_size_to_byte_size(), copy_mem(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PrivateKey::get_codimension(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PrivateKey::get_dimension(), Botan::McEliece_PrivateKey::get_goppa_polyn(), Botan::McEliece_PrivateKey::get_H_coeffs(), Botan::McEliece_PrivateKey::get_Linv(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::polyn_gf2m::get_sp_field(), and Botan::McEliece_PrivateKey::get_sqrtmod().
◆ mceliece_decrypt() [2/3]
| void Botan::mceliece_decrypt | ( | secure_vector< uint8_t > & | plaintext, |
| secure_vector< uint8_t > & | error_mask, | ||
| const uint8_t | ciphertext[], | ||
| size_t | ciphertext_len, | ||
| const McEliece_PrivateKey & | key ) |
Definition at line 122 of file goppa_code.cpp.
References Botan::McEliece_PublicKey::get_code_length(), and mceliece_decrypt().
◆ mceliece_decrypt() [3/3]
| void Botan::mceliece_decrypt | ( | secure_vector< uint8_t > & | plaintext_out, |
| secure_vector< uint8_t > & | error_mask_out, | ||
| const secure_vector< uint8_t > & | ciphertext, | ||
| const McEliece_PrivateKey & | key ) |
Definition at line 115 of file goppa_code.cpp.
References mceliece_decrypt().
Referenced by Botan::McEliece_PrivateKey::check_key(), mceliece_decrypt(), and mceliece_decrypt().
◆ mceliece_encrypt()
| void Botan::mceliece_encrypt | ( | secure_vector< uint8_t > & | ciphertext_out, |
| secure_vector< uint8_t > & | error_mask_out, | ||
| const secure_vector< uint8_t > & | plaintext, | ||
| const McEliece_PublicKey & | key, | ||
| RandomNumberGenerator & | rng ) |
Definition at line 109 of file mceliece.cpp.
References Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PublicKey::get_public_matrix(), and Botan::McEliece_PublicKey::get_t().
Referenced by Botan::McEliece_PrivateKey::check_key().
◆ mceliece_work_factor()
| size_t Botan::mceliece_work_factor | ( | size_t | code_size, |
| size_t | t ) |
Estimate work factor for McEliece
- Returns
- estimated security level for these key parameters
Definition at line 90 of file mce_workfactor.cpp.
References ceil_log2().
Referenced by Botan::McEliece_PublicKey::estimated_strength().
◆ measure_cost()
| uint64_t Botan::measure_cost | ( | uint64_t | trial_msec, |
| F | func ) |
Definition at line 19 of file time_utils.h.
References BOTAN_UNUSED, and Botan::OS::get_system_timestamp_ns().
Referenced by Botan::Argon2_Family::tune_params(), Botan::Bcrypt_PBKDF_Family::tune_params(), Botan::RFC4880_S2K_Family::tune_params(), and Botan::Scrypt_Family::tune_params().
◆ mgf1_mask()
| void Botan::mgf1_mask | ( | HashFunction & | hash, |
| std::span< const uint8_t > | input, | ||
| std::span< uint8_t > | output ) |
MGF1 from PKCS #1 v2.0
- Parameters
-
hash hash function to use input - the input buffer output - the output buffer. The buffer is XORed with the output of MGF1.
Definition at line 15 of file mgf1.cpp.
References Botan::Buffered_Computation::final(), Botan::Buffered_Computation::output_length(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().
◆ miller_rabin_test_iterations()
| size_t Botan::miller_rabin_test_iterations | ( | size_t | n_bits, |
| size_t | prob, | ||
| bool | random ) |
Return required number of Miller-Rabin tests in order to reach the specified probability of error.
- Parameters
-
n_bits the bit-length of the integer being tested prob chance of false positive is bounded by 1/2**prob random is set if (and only if) the integer was randomly generated by us and thus cannot have been maliciously constructed.
Definition at line 182 of file primality.cpp.
Referenced by generate_rsa_prime(), is_prime(), and random_prime().
◆ modular_inverse()
requires (sizeof(T) <= 4)
|
consteval |
Calculate the modular multiplacative inverse of q modulo m. By default, this assumes m to be 2^bitlength of T for application in a Montgomery reduction.
Definition at line 97 of file pqcrystals_helpers.h.
References extended_euclidean_algorithm().
◆ montgomery_R()
requires (sizeof(T) <= 4)
|
consteval |
Definition at line 44 of file pqcrystals_helpers.h.
Referenced by montgomery_R2().
◆ montgomery_R2()
requires (sizeof(T) <= 4)
|
consteval |
Definition at line 52 of file pqcrystals_helpers.h.
References montgomery_R().
◆ monty_execute()
| Montgomery_Int Botan::monty_execute | ( | const Montgomery_Exponentiation_State & | precomputed_state, |
| const BigInt & | k, | ||
| size_t | max_k_bits ) |
Definition at line 156 of file monty_exp.cpp.
References monty_execute().
Referenced by monty_execute(), monty_exp(), and passes_miller_rabin_test().
◆ monty_execute_vartime()
| Montgomery_Int Botan::monty_execute_vartime | ( | const Montgomery_Exponentiation_State & | precomputed_state, |
| const BigInt & | k ) |
Definition at line 162 of file monty_exp.cpp.
References monty_execute_vartime().
Referenced by monty_execute_vartime(), and monty_exp_vartime().
◆ monty_exp()
|
inline |
Definition at line 46 of file monty_exp.h.
References monty_execute(), and monty_precompute().
Referenced by power_mod().
◆ monty_exp_vartime()
|
inline |
Definition at line 54 of file monty_exp.h.
References monty_execute_vartime(), and monty_precompute().
Referenced by sqrt_modulo_prime().
◆ monty_inverse()
|
inlineconstexpr |
Definition at line 690 of file mp_core.h.
References BOTAN_ARG_CHECK.
◆ monty_multi_exp()
| Montgomery_Int Botan::monty_multi_exp | ( | const Montgomery_Params & | params_p, |
| const BigInt & | x, | ||
| const BigInt & | z1, | ||
| const BigInt & | y, | ||
| const BigInt & | z2 ) |
Return (x^z1 * y^z2) % p
Definition at line 166 of file monty_exp.cpp.
References Botan::BigInt::bits(), Botan::BigInt::get_substring(), Botan::BigInt::is_negative(), monty_multi_exp(), Botan::Montgomery_Int::mul(), Botan::Montgomery_Int::mul_by(), Botan::Montgomery_Int::one(), Botan::Montgomery_Params::p_words(), round_up(), Botan::Montgomery_Int::square(), and Botan::Montgomery_Int::square_this_n_times().
Referenced by monty_multi_exp(), and Botan::DL_Group::multi_exponentiate().
◆ monty_precompute() [1/2]
| std::shared_ptr< const Montgomery_Exponentiation_State > Botan::monty_precompute | ( | const Montgomery_Int & | g, |
| size_t | window_bits, | ||
| bool | const_time ) |
Definition at line 141 of file monty_exp.cpp.
References monty_precompute().
Referenced by monty_exp(), monty_exp_vartime(), monty_precompute(), monty_precompute(), and passes_miller_rabin_test().
◆ monty_precompute() [2/2]
| std::shared_ptr< const Montgomery_Exponentiation_State > Botan::monty_precompute | ( | const Montgomery_Params & | params, |
| const BigInt & | g, | ||
| size_t | window_bits, | ||
| bool | const_time ) |
Definition at line 147 of file monty_exp.cpp.
References BOTAN_ARG_CHECK, monty_precompute(), and Botan::Montgomery_Params::p().
◆ monty_redc()
|
inlineconstexpr |
Definition at line 109 of file pcurves_util.h.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), bigint_monty_redc_12(), bigint_monty_redc_16(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step(), and Botan::word3< W >::mul().
Referenced by Botan::MontgomeryRep< Params >::redc().
◆ monty_redc_pdash1()
|
inlineconstexpr |
Definition at line 65 of file pcurves_util.h.
References Botan::word3< W >::add(), bigint_monty_maybe_sub(), Botan::word3< W >::extract(), Botan::word3< W >::monty_step_pdash1(), and Botan::word3< W >::mul().
Referenced by Botan::MontgomeryRep< Params >::redc().
◆ montygomery_r()
|
inlineconsteval |
Definition at line 49 of file pcurves_util.h.
References reduce_mod().
◆ mul2_exec()
| C::ProjectivePoint Botan::mul2_exec | ( | const AffinePointTable< C > & | table, |
| const BlindedScalar & | x, | ||
| const BlindedScalar & | y, | ||
| RandomNumberGenerator & | rng ) |
Definition at line 510 of file pcurves_mul.h.
References Botan::AffinePointTable< C, R >::ct_select(), Botan::CT::poison(), and Botan::CT::unpoison().
Referenced by Botan::WindowedMul2Table< C, W >::mul2().
◆ mul2_setup()
| std::vector< typename C::ProjectivePoint > Botan::mul2_setup | ( | const typename C::AffinePoint & | p, |
| const typename C::AffinePoint & | q ) |
Definition at line 448 of file pcurves_mul.h.
References BOTAN_ASSERT_UNREACHABLE.
Referenced by Botan::VartimeMul2Table< C, W >::VartimeMul2Table(), and Botan::WindowedMul2Table< C, W >::WindowedMul2Table().
◆ mul64x64_128()
|
inlineconstexpr |
Perform a 64x64->128 bit multiplication
Definition at line 24 of file mul128.h.
Referenced by operator*().
◆ mul_a24()
Multiply a field element by the Curve448 constant a24 = 39081.
Definition at line 439 of file curve448_gf.cpp.
References Botan::Gf448Elem::words().
Referenced by Botan::Ed448Point::decode(), Botan::Ed448Point::operator+(), and x448().
◆ mul_mod()
|
inlineconsteval |
Definition at line 56 of file pcurves_util.h.
References comba_mul(), and reduce_mod().
◆ multi_exponentiate()
| EC_Point Botan::multi_exponentiate | ( | const EC_Point & | p1, |
| const BigInt & | z1, | ||
| const EC_Point & | p2, | ||
| const BigInt & | z2 ) |
ECC point multiexponentiation - not constant time!
- Parameters
-
p1 a point z1 a scalar p2 a point z2 a scalar
- Returns
- (p1 * z1 + p2 * z2)
Definition at line 36 of file point_mul.cpp.
References Botan::EC_Point_Multi_Point_Precompute::multi_exp().
◆ mulx_polyval()
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 Botan::mulx_polyval | ( | const SIMD_4x32 & | h | ) |
Definition at line 92 of file polyval_fn.h.
References BOTAN_FORCE_INLINE, Botan::SIMD_4x32::shl(), Botan::SIMD_4x32::shr(), and Botan::SIMD_4x32::top_bit_mask().
◆ nist_key_unwrap() [1/2]
| secure_vector< uint8_t > Botan::nist_key_unwrap | ( | const uint8_t | input[], |
| size_t | input_len, | ||
| const BlockCipher & | bc ) |
- Parameters
-
input the value to be decrypted, output of nist_key_wrap input_len length of input bc a keyed 128-bit block cipher that will be used to decrypt input
- Returns
- input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.
Definition at line 116 of file nist_keywrap.cpp.
References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::decrypt(), and load_be().
Referenced by botan_nist_kw_dec(), nist_key_unwrap(), and rfc3394_keyunwrap().
◆ nist_key_unwrap() [2/2]
|
inline |
- Parameters
-
input the value to be decrypted, output of nist_key_wrap bc a keyed 128-bit block cipher that will be used to decrypt input
- Returns
- input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.
Definition at line 53 of file nist_keywrap.h.
References nist_key_unwrap().
◆ nist_key_unwrap_padded() [1/2]
| secure_vector< uint8_t > Botan::nist_key_unwrap_padded | ( | const uint8_t | input[], |
| size_t | input_len, | ||
| const BlockCipher & | bc ) |
- Parameters
-
input the value to be decrypted, output of nist_key_wrap input_len length of input bc a keyed 128-bit block cipher that will be used to decrypt input
- Returns
- input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.
Definition at line 169 of file nist_keywrap.cpp.
References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::decrypt(), and load_be().
Referenced by botan_nist_kw_dec(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::list_names(), and nist_key_unwrap_padded().
◆ nist_key_unwrap_padded() [2/2]
|
inline |
- Parameters
-
input the value to be decrypted, output of nist_key_wrap bc a keyed 128-bit block cipher that will be used to decrypt input
- Returns
- input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.
Definition at line 93 of file nist_keywrap.h.
References nist_key_unwrap_padded().
◆ nist_key_wrap() [1/2]
| std::vector< uint8_t > Botan::nist_key_wrap | ( | const uint8_t | input[], |
| size_t | input_len, | ||
| const BlockCipher & | bc ) |
Key wrap. See RFC 3394 and NIST SP800-38F
- Parameters
-
input the value to be encrypted input_len length of input, must be a multiple of 8 bc a keyed 128-bit block cipher that will be used to encrypt input
- Returns
- input encrypted under NIST key wrap algorithm
Definition at line 90 of file nist_keywrap.cpp.
References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::encrypt(), and store_be().
Referenced by botan_nist_kw_enc(), nist_key_wrap(), and rfc3394_keywrap().
◆ nist_key_wrap() [2/2]
|
inline |
Key wrap. See RFC 3394 and NIST SP800-38F
- Parameters
-
input the value to be encrypted bc a keyed 128-bit block cipher that will be used to encrypt input
- Returns
- input encrypted under NIST key wrap algorithm
Definition at line 33 of file nist_keywrap.h.
References nist_key_wrap().
◆ nist_key_wrap_padded() [1/2]
| std::vector< uint8_t > Botan::nist_key_wrap_padded | ( | const uint8_t | input[], |
| size_t | input_len, | ||
| const BlockCipher & | bc ) |
KWP (key wrap with padding). See RFC 5649 and NIST SP800-38F
- Parameters
-
input the value to be encrypted input_len length of input bc a keyed 128-bit block cipher that will be used to encrypt input
- Returns
- input encrypted under NIST key wrap algorithm
Definition at line 148 of file nist_keywrap.cpp.
References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::encrypt(), and store_be().
Referenced by botan_nist_kw_enc(), Botan::Encrypted_PSK_Database::get(), nist_key_wrap_padded(), Botan::Encrypted_PSK_Database::remove(), and Botan::Encrypted_PSK_Database::set().
◆ nist_key_wrap_padded() [2/2]
|
inline |
KWP (key wrap with padding). See RFC 5649 and NIST SP800-38F
- Parameters
-
input the value to be encrypted bc a keyed 128-bit block cipher that will be used to encrypt input
- Returns
- input encrypted under NIST key wrap algorithm
Definition at line 73 of file nist_keywrap.h.
References nist_key_wrap_padded().
◆ oaep_find_delim()
| BOTAN_FUZZER_API CT::Option< size_t > Botan::oaep_find_delim | ( | std::span< const uint8_t > | input, |
| std::span< const uint8_t > | phash ) |
Definition at line 102 of file oaep.cpp.
References Botan::CT::Mask< T >::as_choice(), Botan::CT::Mask< T >::cleared(), Botan::CT::Mask< T >::if_set_return(), Botan::CT::Mask< T >::is_equal(), Botan::CT::is_not_equal(), Botan::CT::Mask< T >::is_zero(), and Botan::CT::Mask< T >::set().
◆ operator!=() [1/11]
| bool Botan::operator!= | ( | const AlgorithmIdentifier & | a1, |
| const AlgorithmIdentifier & | a2 ) |
Definition at line 68 of file alg_id.cpp.
◆ operator!=() [2/11]
Definition at line 271 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator!=() [3/11]
◆ operator!=() [4/11]
◆ operator!=() [5/11]
Test two CRL entries for inequality in at least one field.
Definition at line 60 of file crl_ent.cpp.
◆ operator!=() [6/11]
Definition at line 736 of file ec_group.h.
◆ operator!=() [7/11]
| bool Botan::operator!= | ( | const OctetString & | x, |
| const OctetString & | y ) |
Compare two strings
- Parameters
-
x an octet string y an octet string
- Returns
- if x is not equal to y
Definition at line 92 of file symkey.cpp.
◆ operator!=() [8/11]
Compare two OIDs.
- Returns
- true if a is not equal to b
Definition at line 342 of file asn1_obj.h.
◆ operator!=() [9/11]
|
inline |
◆ operator!=() [10/11]
| bool Botan::operator!= | ( | const X509_Certificate & | cert1, |
| const X509_Certificate & | cert2 ) |
Check two certificates for inequality
- Parameters
-
cert1 The first certificate cert2 The second certificate
- Returns
- true if the arguments represent different certificates, false if they are binary identical
Definition at line 714 of file x509cert.cpp.
◆ operator!=() [11/11]
Definition at line 257 of file x509_dn.cpp.
◆ operator%() [1/2]
Definition at line 134 of file big_ops3.cpp.
References Botan::BigInt::from_word(), Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), Botan::BigInt::is_zero(), Botan::BigInt::sig_words(), vartime_divide(), and Botan::BigInt::word_at().
◆ operator%() [2/2]
Definition at line 158 of file big_ops3.cpp.
References Botan::BigInt::is_positive(), is_power_of_2(), Botan::BigInt::Negative, Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::divide_precomp< W >::vartime_mod_2to1(), and Botan::BigInt::word_at().
◆ operator&() [1/5]
| auto Botan::operator& | ( | const T1 & | lhs, |
| const T2 & | rhs ) |
Definition at line 1335 of file bitvector.h.
References Botan::detail::copy_lhs_allocator_aware().
◆ operator&() [2/5]
|
inline |
◆ operator&() [3/5]
|
constexpr |
Definition at line 445 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator&() [4/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 440 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator&() [5/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 434 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator&=() [1/2]
|
constexpr |
Definition at line 573 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator&=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 567 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator*() [1/12]
◆ operator*() [2/12]
Definition at line 57 of file big_ops3.cpp.
References Botan::BigInt::_data(), bigint_linmul3(), bigint_mul(), Botan::BigInt::cond_flip_sign(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::size(), Botan::BigInt::with_capacity(), and Botan::BigInt::word_at().
◆ operator*() [3/12]
Definition at line 90 of file big_ops3.cpp.
References Botan::BigInt::_data(), bigint_linmul3(), Botan::BigInt::mutable_data(), Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::with_capacity().
◆ operator*() [4/12]
Definition at line 95 of file donna128.h.
References BOTAN_ARG_CHECK, Botan::donna128::hi(), Botan::donna128::lo(), and mul64x64_128().
◆ operator*() [5/12]
Definition at line 395 of file ec_point.h.
References Botan::EC_Point::mul().
◆ operator*() [6/12]
|
inline |
Definition at line 148 of file ed25519_fe.h.
References Botan::Ed25519_FieldElement::mul().
◆ operator*() [7/12]
| Ed448Point Botan::operator* | ( | const Scalar448 & | lhs, |
| const Ed448Point & | rhs ) |
Syntax sugar for scalar multiplication.
Definition at line 365 of file ed448_internal.cpp.
References Botan::Ed448Point::scalar_mul().
◆ operator*() [8/12]
|
constexpr |
Definition at line 394 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator*() [9/12]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 389 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator*() [10/12]
Definition at line 105 of file donna128.h.
◆ operator*() [11/12]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 383 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator*() [12/12]
◆ operator*=() [1/2]
|
constexpr |
Definition at line 534 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator*=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 528 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator+() [1/11]
Definition at line 1099 of file bigint.h.
References Botan::BigInt::_data(), Botan::BigInt::add2(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().
◆ operator+() [2/11]
Definition at line 1103 of file bigint.h.
References Botan::BigInt::add2(), and Botan::BigInt::Positive.
◆ operator+() [3/11]
Definition at line 109 of file donna128.h.
◆ operator+() [4/11]
Definition at line 115 of file donna128.h.
◆ operator+() [5/11]
Definition at line 385 of file ec_point.h.
◆ operator+() [6/11]
|
inline |
Definition at line 140 of file ed25519_fe.h.
References Botan::Ed25519_FieldElement::add().
◆ operator+() [7/11]
| OctetString Botan::operator+ | ( | const OctetString & | x, |
| const OctetString & | y ) |
Concatenate two strings
- Parameters
-
x an octet string y an octet string
- Returns
- x concatenated with y
Definition at line 99 of file symkey.cpp.
References Botan::OctetString::bits_of(), and OctetString.
◆ operator+() [8/11]
|
constexpr |
Definition at line 360 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator+() [9/11]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 355 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator+() [10/11]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 349 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator+() [11/11]
◆ operator++() [1/2]
|
constexpr |
Definition at line 625 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator++() [2/2]
|
constexpr |
Definition at line 618 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
Referenced by generate_dsa_primes().
◆ operator+=() [1/7]
| std::vector< T, Alloc > & Botan::operator+= | ( | std::vector< T, Alloc > & | out, |
| const std::pair< const T *, L > & | in ) |
◆ operator+=() [2/7]
| std::vector< T, Alloc > & Botan::operator+= | ( | std::vector< T, Alloc > & | out, |
| const std::pair< T *, L > & | in ) |
◆ operator+=() [3/7]
| std::vector< T, Alloc > & Botan::operator+= | ( | std::vector< T, Alloc > & | out, |
| const std::vector< T, Alloc2 > & | in ) |
◆ operator+=() [4/7]
| std::vector< T, Alloc > & Botan::operator+= | ( | std::vector< T, Alloc > & | out, |
| std::span< const T > | in ) |
◆ operator+=() [5/7]
| std::vector< T, Alloc > & Botan::operator+= | ( | std::vector< T, Alloc > & | out, |
| T | in ) |
◆ operator+=() [6/7]
|
constexpr |
Definition at line 508 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator+=() [7/7]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 502 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator-() [1/9]
Definition at line 1111 of file bigint.h.
References Botan::BigInt::_data(), Botan::BigInt::add2(), Botan::BigInt::reverse_sign(), and Botan::BigInt::sig_words().
◆ operator-() [2/9]
Definition at line 1115 of file bigint.h.
References Botan::BigInt::add2(), and Botan::BigInt::Negative.
◆ operator-() [3/9]
◆ operator-() [4/9]
Definition at line 390 of file ec_point.h.
◆ operator-() [5/9]
|
inline |
Definition at line 152 of file ed25519_fe.h.
References Botan::Ed25519_FieldElement::negate().
◆ operator-() [6/9]
|
inline |
Definition at line 144 of file ed25519_fe.h.
References Botan::Ed25519_FieldElement::sub().
◆ operator-() [7/9]
|
constexpr |
Definition at line 377 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator-() [8/9]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 372 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator-() [9/9]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 366 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator--() [1/2]
|
constexpr |
Definition at line 638 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator--() [2/2]
|
constexpr |
Definition at line 631 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator-=() [1/2]
|
constexpr |
Definition at line 521 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator-=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 515 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator/() [1/5]
Definition at line 106 of file big_ops3.cpp.
References Botan::BigInt::is_positive(), Botan::BigInt::sig_words(), vartime_divide(), and Botan::BigInt::word_at().
◆ operator/() [2/5]
Definition at line 120 of file big_ops3.cpp.
References ct_divide_word().
◆ operator/() [3/5]
|
constexpr |
Definition at line 411 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator/() [4/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 406 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator/() [5/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 400 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator/=() [1/2]
|
constexpr |
Definition at line 547 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator/=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 541 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<() [1/5]
Definition at line 283 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator<() [2/5]
◆ operator<() [3/5]
Definition at line 1176 of file bigint.h.
References Botan::BigInt::cmp_word().
◆ operator<() [4/5]
Compare two OIDs.
- Returns
- true if a is lexicographically smaller than b
Definition at line 173 of file asn1_oid.cpp.
References Botan::OID::get_components().
◆ operator<() [5/5]
Definition at line 264 of file x509_dn.cpp.
References BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, Botan::X509_DN::get_attributes(), and x500_name_cmp().
◆ operator<<() [1/12]
Definition at line 188 of file big_ops3.cpp.
References Botan::BigInt::_data(), bigint_shl2(), Botan::BigInt::is_zero(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::with_capacity(), and Botan::BigInt::zero().
◆ operator<<() [2/12]
| int Botan::operator<< | ( | int | out, |
| Pipe & | pipe ) |
Stream output operator; dumps the results from pipe's default message to the output stream.
- Parameters
-
out file descriptor for an open output stream pipe the pipe
Definition at line 18 of file fd_unix.cpp.
References DefaultBufferSize, Botan::Pipe::read(), and Botan::Pipe::remaining().
◆ operator<<() [3/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | os, |
| const GeneralName & | gn ) |
Definition at line 325 of file name_constraint.cpp.
References Botan::GeneralName::name(), and Botan::GeneralName::type().
◆ operator<<() [4/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | os, |
| const GeneralSubtree & | gs ) |
Definition at line 349 of file name_constraint.cpp.
References Botan::GeneralSubtree::base().
◆ operator<<() [5/12]
requires (concepts::streamable<T>)
| decltype(auto) Botan::operator<< | ( | std::ostream & | os, |
| const Strong< T, Tags... > & | v ) |
Definition at line 311 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<<() [6/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | out, |
| const OID & | oid ) |
Definition at line 300 of file asn1_oid.cpp.
References Botan::OID::to_string().
◆ operator<<() [7/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | out, |
| const X509_DN & | dn ) |
Definition at line 409 of file x509_dn.cpp.
References Botan::X509_DN::dn_info().
◆ operator<<() [8/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | out, |
| Pipe & | pipe ) |
Stream output operator; dumps the results from pipe's default message to the output stream.
- Parameters
-
out an output stream pipe the pipe
Definition at line 19 of file pipe_io.cpp.
References cast_uint8_ptr_to_char(), DefaultBufferSize, Botan::Pipe::read(), and Botan::Pipe::remaining().
◆ operator<<() [9/12]
| std::ostream & Botan::operator<< | ( | std::ostream & | stream, |
| const BigInt & | n ) |
Definition at line 19 of file big_io.cpp.
References Botan::BigInt::to_dec_string(), and Botan::BigInt::to_hex_string().
◆ operator<<() [10/12]
|
constexpr |
Definition at line 496 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<<() [11/12]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 491 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<<() [12/12]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 485 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<<=() [1/2]
|
constexpr |
Definition at line 612 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<<=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 606 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<=() [1/3]
Definition at line 275 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator<=() [2/3]
Definition at line 1144 of file bigint.h.
References Botan::BigInt::cmp().
◆ operator<=() [3/3]
Definition at line 1168 of file bigint.h.
References Botan::BigInt::cmp_word().
◆ operator<=>() [1/3]
requires (std::three_way_comparable<T>)
| auto Botan::operator<=> | ( | const Strong< T, Tags... > & | lhs, |
| const Strong< T, Tags... > & | rhs ) |
Definition at line 323 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get(), and operator<=>().
Referenced by operator<=>().
◆ operator<=>() [2/3]
| auto Botan::operator<=> | ( | Strong< T1, Tags... > | a, |
| T2 | b ) |
Definition at line 333 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator<=>() [3/3]
| auto Botan::operator<=> | ( | T1 | a, |
| Strong< T2, Tags... > | b ) |
Definition at line 328 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator==() [1/13]
| bool Botan::operator== | ( | const AlgorithmIdentifier & | a1, |
| const AlgorithmIdentifier & | a2 ) |
Definition at line 53 of file alg_id.cpp.
References Botan::AlgorithmIdentifier::oid(), Botan::AlgorithmIdentifier::parameters(), and Botan::AlgorithmIdentifier::parameters_are_null_or_empty().
◆ operator==() [2/13]
Definition at line 267 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator==() [3/13]
◆ operator==() [4/13]
Definition at line 1160 of file bigint.h.
References Botan::BigInt::cmp_word().
◆ operator==() [5/13]
| bool Botan::operator== | ( | const Classic_McEliece_Polynomial_Ring::Big_F_Coefficient & | lhs, |
| const Classic_McEliece_Polynomial_Ring::Big_F_Coefficient & | rhs ) |
Definition at line 72 of file cmce_poly.cpp.
References Botan::Classic_McEliece_Polynomial_Ring::Big_F_Coefficient::coeff, and Botan::Classic_McEliece_Polynomial_Ring::Big_F_Coefficient::idx.
◆ operator==() [6/13]
Test two CRL entries for equality in all fields.
Definition at line 44 of file crl_ent.cpp.
References Botan::CRL_Entry::expire_time(), Botan::CRL_Entry::reason_code(), and Botan::CRL_Entry::serial_number().
◆ operator==() [7/13]
| bool Botan::operator== | ( | const OctetString & | x, |
| const OctetString & | y ) |
Compare two strings
- Parameters
-
x an octet string y an octet string
- Returns
- if x is equal to y
Definition at line 85 of file symkey.cpp.
References Botan::OctetString::bits_of().
◆ operator==() [8/13]
|
inline |
◆ operator==() [9/13]
requires (std::equality_comparable<T>)
| bool Botan::operator== | ( | const Strong< T, Tags... > & | lhs, |
| const Strong< T, Tags... > & | rhs ) |
Definition at line 317 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator==() [10/13]
| bool Botan::operator== | ( | const T1 & | lhs, |
| const T2 & | rhs ) |
Definition at line 1349 of file bitvector.h.
◆ operator==() [11/13]
Definition at line 221 of file x509_dn.cpp.
References Botan::X509_DN::get_attributes(), and x500_name_cmp().
◆ operator==() [12/13]
| auto Botan::operator== | ( | Strong< T1, Tags... > | a, |
| T2 | b ) |
Definition at line 343 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator==() [13/13]
| auto Botan::operator== | ( | T1 | a, |
| Strong< T2, Tags... > | b ) |
Definition at line 338 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator>() [1/3]
Definition at line 287 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator>() [2/3]
Definition at line 1156 of file bigint.h.
References Botan::BigInt::is_less_than().
◆ operator>() [3/3]
Definition at line 1180 of file bigint.h.
References Botan::BigInt::cmp_word().
◆ operator>=() [1/3]
Definition at line 279 of file asn1_time.cpp.
References Botan::ASN1_Time::cmp().
◆ operator>=() [2/3]
Definition at line 1148 of file bigint.h.
References Botan::BigInt::cmp().
◆ operator>=() [3/3]
Definition at line 1172 of file bigint.h.
References Botan::BigInt::cmp_word().
◆ operator>>() [1/8]
Definition at line 205 of file big_ops3.cpp.
References Botan::BigInt::_data(), bigint_shr2(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::with_capacity(), and Botan::BigInt::zero().
◆ operator>>() [2/8]
| int Botan::operator>> | ( | int | in, |
| Pipe & | pipe ) |
File descriptor input operator; dumps the remaining bytes of input to the (assumed open) pipe message.
- Parameters
-
in file descriptor for an open input stream pipe the pipe
Definition at line 39 of file fd_unix.cpp.
References DefaultBufferSize, and Botan::Pipe::write().
◆ operator>>() [3/8]
| std::istream & Botan::operator>> | ( | std::istream & | in, |
| Pipe & | pipe ) |
Stream input operator; dumps the remaining bytes of input to the (assumed open) pipe message.
- Parameters
-
in the input stream pipe the pipe
Definition at line 34 of file pipe_io.cpp.
References cast_uint8_ptr_to_char(), DefaultBufferSize, and Botan::Pipe::write().
◆ operator>>() [4/8]
| std::istream & Botan::operator>> | ( | std::istream & | in, |
| X509_DN & | dn ) |
Definition at line 429 of file x509_dn.cpp.
References Botan::X509_DN::add_attribute(), and Botan::X509_DN::deref_info_field().
◆ operator>>() [5/8]
| std::istream & Botan::operator>> | ( | std::istream & | stream, |
| BigInt & | n ) |
Definition at line 42 of file big_io.cpp.
◆ operator>>() [6/8]
|
constexpr |
Definition at line 479 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator>>() [7/8]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 474 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator>>() [8/8]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 468 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator>>=() [1/2]
|
constexpr |
Definition at line 599 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator>>=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 593 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator^() [1/5]
| OctetString Botan::operator^ | ( | const OctetString & | x, |
| const OctetString & | y ) |
XOR two strings
- Parameters
-
x an octet string y an octet string
- Returns
- x XORed with y
Definition at line 109 of file symkey.cpp.
References Botan::OctetString::begin(), copy_mem(), Botan::OctetString::length(), OctetString, and xor_buf().
◆ operator^() [2/5]
| auto Botan::operator^ | ( | const T1 & | lhs, |
| const T2 & | rhs ) |
Definition at line 1342 of file bitvector.h.
References Botan::detail::copy_lhs_allocator_aware().
◆ operator^() [3/5]
|
constexpr |
Definition at line 428 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator^() [4/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 423 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator^() [5/5]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 417 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator^=() [1/3]
| std::vector< uint8_t, Alloc > & Botan::operator^= | ( | std::vector< uint8_t, Alloc > & | out, |
| const std::vector< uint8_t, Alloc2 > & | in ) |
◆ operator^=() [2/3]
|
constexpr |
Definition at line 560 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator^=() [3/3]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 554 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator|() [1/11]
|
inline |
Definition at line 78 of file asn1_obj.h.
◆ operator|() [2/11]
|
inline |
Definition at line 86 of file asn1_obj.h.
◆ operator|() [3/11]
|
inline |
Definition at line 82 of file asn1_obj.h.
◆ operator|() [4/11]
Definition at line 74 of file asn1_obj.h.
◆ operator|() [5/11]
Definition at line 121 of file donna128.h.
References Botan::donna128::hi(), and Botan::donna128::lo().
◆ operator|() [6/11]
Definition at line 125 of file donna128.h.
References Botan::donna128::hi(), and Botan::donna128::lo().
◆ operator|() [7/11]
| auto Botan::operator| | ( | const T1 & | lhs, |
| const T2 & | rhs ) |
Definition at line 1328 of file bitvector.h.
References Botan::detail::copy_lhs_allocator_aware().
◆ operator|() [8/11]
|
inline |
◆ operator|() [9/11]
|
constexpr |
Definition at line 462 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator|() [10/11]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 457 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator|() [11/11]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 451 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator|=() [1/2]
|
constexpr |
Definition at line 586 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ operator|=() [2/2]
requires (detail::has_capability<EnableArithmeticWithPlainNumber, Tags...>)
|
constexpr |
Definition at line 580 of file strong_type.h.
References Botan::detail::Strong_Base< T >::get().
◆ OS2ECP() [1/3]
Perform point decoding Use EC_Group::OS2ECP instead
Definition at line 870 of file ec_point.cpp.
References Botan::CurveGFp::get_a(), Botan::CurveGFp::get_b(), Botan::CurveGFp::get_p(), Botan::EC_Point::on_the_curve(), and OS2ECP().
◆ OS2ECP() [2/3]
| std::pair< BigInt, BigInt > BOTAN_UNSTABLE_API Botan::OS2ECP | ( | const uint8_t | data[], |
| size_t | data_len, | ||
| const BigInt & | curve_p, | ||
| const BigInt & | curve_a, | ||
| const BigInt & | curve_b ) |
Perform point decoding
This is an internal function which was accidentally made public. Do not use it; it will be removed in Botan4.
- Parameters
-
data the encoded point data_len length of data in bytes curve_p the curve equation prime curve_a the curve equation a parameter curve_b the curve equation b parameter
Definition at line 887 of file ec_point.cpp.
References Botan::BigInt::bytes(), and Botan::BigInt::decode().
◆ OS2ECP() [3/3]
| EC_Point BOTAN_UNSTABLE_API Botan::OS2ECP | ( | std::span< const uint8_t > | data, |
| const CurveGFp & | curve ) |
Definition at line 866 of file ec_point.cpp.
References OS2ECP().
Referenced by OS2ECP(), OS2ECP(), and Botan::EC_Group_Data::point_deserialize().
◆ out_ptr()
|
nodiscardconstexprnoexcept |
Definition at line 127 of file stl_util.h.
Referenced by Botan::TPM2::Object::_public_info(), base_decode(), Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::HashFunction::final_with_ticket(), hex_decode(), Botan::TPM2::Signature_Operation::sign(), Botan::TLS::Extensions::take(), and Botan::TPM2::Session::tpm_nonce().
◆ overloaded()
| Botan::overloaded | ( | Ts... | ) | ->overloaded< Ts... > |
◆ P0()
|
inline |
◆ P1()
|
inline |
◆ p_div_2_plus_1()
|
inlineconsteval |
Definition at line 206 of file pcurves_util.h.
References bigint_add2(), and shift_right().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::_invert_vartime_div2_helper(), and Botan::IntMod< MontgomeryRep< ScalarParams > >::div2().
◆ p_minus()
|
inlineconsteval |
Definition at line 175 of file pcurves_util.h.
References bigint_sub3().
◆ p_minus_1_over_2()
|
inlineconsteval |
Definition at line 196 of file pcurves_util.h.
References bigint_sub3(), and shift_right().
Referenced by shanks_tonelli_c4(), and Botan::IntMod< MontgomeryRep< ScalarParams > >::sqrt().
◆ p_plus_1_over_4()
|
inlineconsteval |
Definition at line 186 of file pcurves_util.h.
References bigint_add3(), and shift_right().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::sqrt().
◆ parse_algorithm_name()
| std::vector< std::string > Botan::parse_algorithm_name | ( | std::string_view | scan_name | ) |
Parse a SCAN-style algorithm name
- Parameters
-
scan_name the name
- Returns
- the name components
Definition at line 57 of file parsing.cpp.
Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), and Botan::EncryptionPaddingScheme::create().
◆ passes_miller_rabin_test()
| bool Botan::passes_miller_rabin_test | ( | const BigInt & | n, |
| const Barrett_Reduction & | mod_n, | ||
| const Montgomery_Params & | monty_n, | ||
| const BigInt & | a ) |
Perform a single Miller-Rabin test with specified base
- Parameters
-
n the positive integer to test mod_n a pre-created Barrett_Reduction for n monty_n Montgomery parameters for n a the base to check
- Returns
- result of primality test
Definition at line 110 of file primality.cpp.
References Botan::BigInt::bits(), BOTAN_ASSERT_NOMSG, Botan::CT::driveby_unpoison(), Botan::BigInt::is_even(), low_zero_bits(), monty_execute(), monty_precompute(), Botan::Barrett_Reduction::square(), and Botan::Montgomery_Int::value().
Referenced by is_bailie_psw_probable_prime(), and is_miller_rabin_probable_prime().
◆ pbes2_decrypt()
| secure_vector< uint8_t > Botan::pbes2_decrypt | ( | std::span< const uint8_t > | key_bits, |
| std::string_view | passphrase, | ||
| const std::vector< uint8_t > & | params ) |
Decrypt a PKCS #5 v2.0 encrypted stream
- Parameters
-
key_bits the input passphrase the passphrase to use for decryption params the PBES2 parameters
Definition at line 281 of file pbes2.cpp.
References Botan::Cipher_Mode::create(), Botan::BER_Decoder::decode(), Decryption, Botan::BER_Decoder::end_cons(), fmt(), Botan::OID::human_name_or_empty(), OctetString, Botan::AlgorithmIdentifier::oid(), Botan::AlgorithmIdentifier::parameters(), split_on(), Botan::BER_Decoder::start_sequence(), and Botan::BER_Decoder::verify_end().
◆ pbes2_encrypt()
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt | ( | std::span< const uint8_t > | key_bits, |
| std::string_view | passphrase, | ||
| std::chrono::milliseconds | msec, | ||
| std::string_view | cipher, | ||
| std::string_view | digest, | ||
| RandomNumberGenerator & | rng ) |
Encrypt with PBES2 from PKCS #5 v2.0
- Parameters
-
key_bits the input passphrase the passphrase to use for encryption msec how many milliseconds to run PBKDF2 cipher specifies the block cipher to use to encrypt digest specifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)") rng a random number generator
Definition at line 243 of file pbes2.cpp.
◆ pbes2_encrypt_iter()
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt_iter | ( | std::span< const uint8_t > | key_bits, |
| std::string_view | passphrase, | ||
| size_t | iterations, | ||
| std::string_view | cipher, | ||
| std::string_view | digest, | ||
| RandomNumberGenerator & | rng ) |
Encrypt with PBES2 from PKCS #5 v2.0
- Parameters
-
key_bits the input passphrase the passphrase to use for encryption iterations how many iterations to run PBKDF2 cipher specifies the block cipher to use to encrypt digest specifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)") rng a random number generator
Definition at line 272 of file pbes2.cpp.
Referenced by Botan::PKCS8::BER_encode_encrypted_pbkdf_iter().
◆ pbes2_encrypt_msec()
| std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt_msec | ( | std::span< const uint8_t > | key_bits, |
| std::string_view | passphrase, | ||
| std::chrono::milliseconds | msec, | ||
| size_t * | out_iterations_if_nonnull, | ||
| std::string_view | cipher, | ||
| std::string_view | digest, | ||
| RandomNumberGenerator & | rng ) |
Encrypt with PBES2 from PKCS #5 v2.0
- Parameters
-
key_bits the input passphrase the passphrase to use for encryption msec how many milliseconds to run PBKDF2 out_iterations_if_nonnull if not null, set to the number of PBKDF iterations used cipher specifies the block cipher to use to encrypt digest specifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)") rng a random number generator
Definition at line 254 of file pbes2.cpp.
Referenced by Botan::PKCS8::BER_encode(), and Botan::PKCS8::BER_encode_encrypted_pbkdf_msec().
◆ pbkdf2() [1/2]
| void Botan::pbkdf2 | ( | MessageAuthenticationCode & | prf, |
| uint8_t | out[], | ||
| size_t | out_len, | ||
| const uint8_t | salt[], | ||
| size_t | salt_len, | ||
| size_t | iterations ) |
Perform PBKDF2. The prf is assumed to be keyed already.
Definition at line 91 of file pbkdf2.cpp.
References BOTAN_ASSERT_NOMSG, clear_mem(), Botan::Buffered_Computation::final(), Botan::Buffered_Computation::output_length(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().
◆ pbkdf2() [2/2]
| size_t Botan::pbkdf2 | ( | MessageAuthenticationCode & | prf, |
| uint8_t | out[], | ||
| size_t | out_len, | ||
| std::string_view | password, | ||
| const uint8_t | salt[], | ||
| size_t | salt_len, | ||
| size_t | iterations, | ||
| std::chrono::milliseconds | msec ) |
Definition at line 72 of file pbkdf2.cpp.
References pbkdf2().
Referenced by Botan::PBKDF2::derive_key(), Botan::Scrypt::derive_key(), Botan::PKCS5_PBKDF2::pbkdf(), and pbkdf2().
◆ pkcs_hash_id()
| std::vector< uint8_t > BOTAN_TEST_API Botan::pkcs_hash_id | ( | std::string_view | hash_name | ) |
Return the PKCS #1 hash identifier
- See also
- RFC 3447 section 9.2
- Parameters
-
hash_name the name of the hash function
- Returns
- uint8_t sequence identifying the hash
- Exceptions
-
Invalid_Argument if the hash has no known PKCS #1 hash id
Definition at line 78 of file hash_id.cpp.
Referenced by botan_pkcs_hash_id(), Botan::PKCS1v15_Raw_SignaturePaddingScheme::PKCS1v15_Raw_SignaturePaddingScheme(), and Botan::PKCS1v15_SignaturePaddingScheme::PKCS1v15_SignaturePaddingScheme().
◆ point_add()
|
inlineconstexpr |
Definition at line 187 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::add().
◆ point_add_mixed()
|
inlineconstexpr |
Definition at line 238 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::add_mixed().
◆ point_add_or_sub_mixed()
|
inlineconstexpr |
Definition at line 293 of file pcurves_algos.h.
Referenced by Botan::ProjectiveCurvePoint< FieldElement, Params >::add_or_sub().
◆ poly_double_n() [1/2]
|
inline |
Definition at line 26 of file poly_dbl.h.
References poly_double_n().
◆ poly_double_n() [2/2]
| void BOTAN_TEST_API Botan::poly_double_n | ( | uint8_t | out[], |
| const uint8_t | in[], | ||
| size_t | n ) |
Polynomial doubling in GF(2^n)
Definition at line 81 of file poly_dbl.cpp.
Referenced by poly_double_n(), and Botan::SIV_Mode::S2V().
◆ poly_double_n_le()
| void BOTAN_TEST_API Botan::poly_double_n_le | ( | uint8_t | out[], |
| const uint8_t | in[], | ||
| size_t | n ) |
Definition at line 100 of file poly_dbl.cpp.
Referenced by xts_compute_tweak_block().
◆ poly_double_supported_size()
|
inline |
Returns true iff poly_double_n is implemented for this size.
Definition at line 22 of file poly_dbl.h.
Referenced by Botan::CMAC::CMAC(), and Botan::XTS_Mode::XTS_Mode().
◆ poly_mul()
|
constexpr |
Compile-time polynomial multiplication in GF(2^8) modulo an irreducible polynomial POLY
When T is larger than a byte, the function computes the product of each byte of T and returns the packed result.
This function is intended only for use at compile-time, and in particular should not be used with secret inputs.
TODO(Botan4) this function should be consteval, but that hits bugs in older versions of GCC and Clang.
Definition at line 306 of file bit_ops.h.
References carry().
◆ polyval_multiply()
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL Botan::polyval_multiply | ( | const SIMD_4x32 & | H, |
| const SIMD_4x32 & | x ) |
Definition at line 128 of file polyval_fn.h.
References BOTAN_FORCE_INLINE, clmul(), polyval_reduce(), Botan::SIMD_4x32::shift_elems_left(), and Botan::SIMD_4x32::shift_elems_right().
◆ polyval_reduce()
| BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL Botan::polyval_reduce | ( | const SIMD_4x32 & | hi, |
| const SIMD_4x32 & | lo ) |
Definition at line 107 of file polyval_fn.h.
References BOTAN_FORCE_INLINE, clmul(), and Botan::SIMD_4x32::swap_halves().
Referenced by polyval_multiply().
◆ power_mod()
Modular exponentiation
- Parameters
-
b an integer base x a positive exponent m a positive modulus
- Returns
- (b^x) % m
Definition at line 310 of file numthry.cpp.
References Botan::BigInt::bits(), Botan::BigInt::ct_cond_assign(), ct_modulo(), Botan::Barrett_Reduction::for_secret_modulus(), Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), monty_exp(), Botan::BigInt::one(), reduce_mod(), Botan::Montgomery_Int::value(), and Botan::BigInt::zero().
Referenced by botan_mp_powmod().
◆ prefetch_array_raw()
|
noexcept |
Prefetch an array
This function returns a uint64_t which is accumulated from values read from the array. This may help confuse the compiler sufficiently to not elide otherwise "useless" reads. The return value will always be zero.
Definition at line 14 of file prefetch.cpp.
References ct_is_zero().
Referenced by prefetch_arrays().
◆ prefetch_arrays()
|
noexcept |
Prefetch several arrays
This function returns a uint64_t which is accumulated from values read from the array. This may help confuse the compiler sufficiently to not elide otherwise "useless" reads. The return value will always be zero.
Definition at line 34 of file prefetch.h.
References prefetch_array_raw().
Referenced by Botan::SEED::decrypt_n(), and Botan::SEED::encrypt_n().
◆ probe_provider_private_key()
| std::vector< std::string > Botan::probe_provider_private_key | ( | std::string_view | alg_name, |
| const std::vector< std::string > & | possible ) |
Definition at line 736 of file pk_algs.cpp.
References BOTAN_UNUSED.
◆ probe_providers_of()
| std::vector< std::string > Botan::probe_providers_of | ( | std::string_view | algo_spec, |
| const std::vector< std::string > & | possible = {"base"} ) |
Definition at line 105 of file scan_name.h.
Referenced by Botan::BlockCipher::providers(), Botan::HashFunction::providers(), Botan::KDF::providers(), Botan::MessageAuthenticationCode::providers(), Botan::PasswordHashFamily::providers(), Botan::PBKDF::providers(), Botan::StreamCipher::providers(), and Botan::XOF::providers().
◆ process_bytes_in_sponge() [1/2]
|
inline |
Definition at line 206 of file sponge_processing.h.
References process_bytes_in_sponge().
◆ process_bytes_in_sponge() [2/2]
| BOTAN_FORCE_INLINE void Botan::process_bytes_in_sponge | ( | SpongeT & | sponge, |
| size_t | bytes_to_process, | ||
| const detail::PermutationFn auto & | permutation_fn, | ||
| const detail::ModifierFn< SpongeT > auto & | modifier_fn ) |
Performs the core processing loop for ingesting or extracting data into/from the sponge state in a byte-oriented manner for the given number of bytes_to_process. The provided word_modifier_fn is called for each (partial) word of the sponge state that needs to be modified or read.
The processing loop ensures efficient handling of unaligned input and output data. For that, it calls the provided permutation function either with an instance of PartialWordBounds or FullWordBounds. Hence word_modifier_fn must be able to handle both types of bounds and should use their respective methods to read from or write into input or output buffers.
- Parameters
-
sponge the sponge instance to process data into or from bytes_to_process the number of sponge state bytes to traverse permutation_fn a function that performs the sponge's permutation modifier_fn a function that modifies the sponge state words
Definition at line 136 of file sponge_processing.h.
References BOTAN_DEBUG_ASSERT, and BOTAN_FORCE_INLINE.
Referenced by absorb_into_sponge(), Botan::Ascon_p::percolate_in(), Botan::Ascon_p::percolate_out(), process_bytes_in_sponge(), and squeeze_from_sponge().
◆ R1()
|
inline |
Definition at line 21 of file sm3_fn.h.
Referenced by Botan::SM3::compress_n(), Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::EC_Point::EC_Point(), Botan::EC_Point::EC_Point(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::SIMD_4x32::load_be(), and Botan::SIMD_4x32::load_le().
◆ R2()
|
inline |
Definition at line 43 of file sm3_fn.h.
References choose(), majority(), P0(), and rotl().
Referenced by Botan::SM3::compress_n(), Botan::Blowfish::decrypt_n(), Botan::Blowfish::encrypt_n(), Botan::SIMD_4x32::load_be(), and Botan::SIMD_4x32::load_le().
◆ random_code_element()
| gf2m Botan::random_code_element | ( | uint16_t | code_length, |
| RandomNumberGenerator & | rng ) |
Definition at line 81 of file polyn_gf2m.cpp.
References random_gf2m().
Referenced by Botan::polyn_gf2m::polyn_gf2m().
◆ random_gf2m()
| gf2m Botan::random_gf2m | ( | RandomNumberGenerator & | rng | ) |
Definition at line 75 of file polyn_gf2m.cpp.
References make_uint16(), and Botan::RandomNumberGenerator::randomize().
Referenced by random_code_element().
◆ random_prime()
| BigInt Botan::random_prime | ( | RandomNumberGenerator & | rng, |
| size_t | bits, | ||
| const BigInt & | coprime = BigInt::from_u64(0), | ||
| size_t | equiv = 1, | ||
| size_t | equiv_mod = 2, | ||
| size_t | prob = 128 ) |
Randomly generate a prime suitable for discrete logarithm parameters
- Parameters
-
rng a random number generator bits how large the resulting prime should be in bits coprime a positive integer that (prime - 1) should be coprime to equiv a non-negative number that the result should be equivalent to modulo equiv_mod equiv_mod the modulus equiv should be checked against prob use test so false positive is bounded by 1/2**prob
- Returns
- random prime with the specified criteria
Definition at line 111 of file make_prm.cpp.
References Botan::BigInt::bits(), BOTAN_DEBUG_ASSERT, Botan::Barrett_Reduction::for_secret_modulus(), Botan::BigInt::from_word(), gcd(), high_bit(), Botan::BigInt::is_even(), is_lucas_probable_prime(), is_miller_rabin_probable_prime(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), load_le(), miller_rabin_test_iterations(), Botan::RandomNumberGenerator::next_byte(), PRIME_TABLE_SIZE, PRIMES, Botan::RandomNumberGenerator::randomize(), and Botan::BigInt::set_bit().
Referenced by Botan::DL_Group::DL_Group(), and random_safe_prime().
◆ random_safe_prime()
| BigInt Botan::random_safe_prime | ( | RandomNumberGenerator & | rng, |
| size_t | bits ) |
Return a 'safe' prime, of the form p=2*q+1 with q prime
- Parameters
-
rng a random number generator bits is how long the resulting prime should be
- Returns
- prime randomly chosen from safe primes of length bits
Definition at line 311 of file make_prm.cpp.
References is_prime(), random_prime(), and Botan::BigInt::zero().
Referenced by Botan::DL_Group::DL_Group().
◆ read_cfg()
| std::map< std::string, std::string > Botan::read_cfg | ( | std::istream & | is | ) |
Definition at line 35 of file read_cfg.cpp.
Referenced by Botan::TLS::Text_Policy::Text_Policy(), and Botan::TLS::Text_Policy::Text_Policy().
◆ read_kv()
| std::map< std::string, std::string > Botan::read_kv | ( | std::string_view | kv | ) |
Accepts key value pairs delimited by commas:
"" (returns empty map) "K=V" (returns map {'K': 'V'}) "K1=V1,K2=V2" "K1=V1,K2=V2,K3=V3" "K1=V1,K2=V2,K3=a_value\,with\,commas_and_\=equals"
Values may be empty, keys must be non-empty and unique. Duplicate keys cause an exception.
Within both key and value, comma and equals can be escaped with backslash. Backslash can also be escaped.
Definition at line 13 of file read_kv.cpp.
References split_on().
◆ read_window_bits()
|
constexpr |
Definition at line 1054 of file mp_core.h.
Referenced by Botan::BlindedScalarBits< C, WindowBits+1 >::get_window(), Botan::UnblindedScalarBits< C, WindowBits >::get_window(), and Botan::IntMod< MontgomeryRep< ScalarParams > >::pow_vartime().
◆ redc_crandall()
|
constexpr |
Reduce z modulo p = 2**B - C where C is small
z is assumed to be at most (p-1)**2
For details on the algorithm see
- Handbook of Applied Cryptography, Algorithm 14.47
- Guide to Elliptic Curve Cryptography, Algorithm 2.54 and Note 2.55
Definition at line 975 of file mp_core.h.
References bigint_add2(), carry(), Botan::CT::conditional_assign_mem(), P0(), word_madd2(), word_madd3(), and word_sub().
◆ redc_mul()
|
inline |
Definition at line 57 of file ed25519_internal.h.
Referenced by sc_muladd(), and sc_reduce().
◆ reduce()
requires std::invocable<ReducerT&, RetT, const KeyT&> && std::convertible_to<std::invoke_result_t<ReducerT&, RetT, const KeyT&>, RetT>
| RetT Botan::reduce | ( | const std::vector< KeyT > & | keys, |
| RetT | acc, | ||
| ReducerT | reducer ) |
Reduce the values of keys into an accumulator initialized with acc using the reducer function reducer.
The reducer is a function taking the accumulator and a single key to return the new accumulator. Keys are consecutively reduced into the accumulator.
- Returns
- the accumulator containing the reduction of
keys
Definition at line 29 of file stl_util.h.
Referenced by Botan::Hybrid_PrivateKey::check_key(), Botan::Hybrid_PublicKey::check_key(), Botan::TLS::Hybrid_KEM_PublicKey::load_for_group(), Botan::Hybrid_PublicKey::raw_public_key_bits(), and Botan::TLS::Hybrid_KEM_PublicKey::raw_public_key_bits().
◆ reduce_mod()
|
inlineconsteval |
Definition at line 16 of file pcurves_util.h.
References bigint_sub3(), carry(), copy_mem(), and shift_left().
Referenced by montygomery_r(), mul_mod(), and power_mod().
◆ reverse_bytes()
requires (sizeof(T) == 1 || sizeof(T) == 2 || sizeof(T) == 4 || sizeof(T) == 8)
|
inlineconstexpr |
Swap the byte order of an unsigned integer
Definition at line 27 of file bswap.h.
References reverse_bytes().
Referenced by ct_reverse_bits(), Botan::detail::load_any(), reverse_bytes(), and Botan::detail::store_any().
◆ reverse_vector()
| BOTAN_FORCE_INLINE BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 Botan::reverse_vector | ( | const SIMD_4x32 & | in | ) |
Definition at line 16 of file polyval_fn.h.
References BOTAN_FORCE_INLINE, and Botan::SIMD_4x32::raw().
Referenced by clmul().
◆ rfc3394_keyunwrap()
| secure_vector< uint8_t > Botan::rfc3394_keyunwrap | ( | const secure_vector< uint8_t > & | key, |
| const SymmetricKey & | kek ) |
Decrypt a key under a key encryption key using the algorithm described in RFC 3394
- Parameters
-
key the encrypted key to decrypt kek the key encryption key
- Returns
- key decrypted under kek
Definition at line 27 of file rfc3394.cpp.
References BOTAN_ARG_CHECK, Botan::BlockCipher::create_or_throw(), nist_key_unwrap(), and Botan::OctetString::size().
◆ rfc3394_keywrap()
| secure_vector< uint8_t > Botan::rfc3394_keywrap | ( | const secure_vector< uint8_t > & | key, |
| const SymmetricKey & | kek ) |
Encrypt a key under a key encryption key using the algorithm described in RFC 3394
- Parameters
-
key the plaintext key to encrypt kek the key encryption key
- Returns
- key encrypted under kek
Definition at line 16 of file rfc3394.cpp.
References BOTAN_ARG_CHECK, Botan::BlockCipher::create_or_throw(), nist_key_wrap(), and Botan::OctetString::size().
◆ RFC4880_decode_count()
| size_t Botan::RFC4880_decode_count | ( | uint8_t | encoded_iter | ) |
Decode the iteration count from RFC 4880 encoding
Definition at line 61 of file rfc4880.cpp.
Referenced by Botan::OpenPGP_S2K::decode_count(), and RFC4880_round_iterations().
◆ RFC4880_encode_count()
| uint8_t Botan::RFC4880_encode_count | ( | size_t | iterations | ) |
RFC 4880 encodes the iteration count to a single-byte value
Definition at line 47 of file rfc4880.cpp.
Referenced by Botan::OpenPGP_S2K::encode_count(), and RFC4880_round_iterations().
◆ RFC4880_round_iterations()
|
inline |
Round an arbitrary iteration count to next largest iteration count supported by RFC4880 encoding.
Definition at line 32 of file rfc4880.h.
References RFC4880_decode_count(), RFC4880_encode_count(), and RFC4880_round_iterations().
Referenced by RFC4880_round_iterations(), and Botan::RFC4880_S2K_Family::tune_params().
◆ rho()
|
constexpr |
SHA-2 Sigma style function
Definition at line 53 of file rotate.h.
References BOTAN_FORCE_INLINE, and rotr().
Referenced by Botan::Dilithium_Algos::decode_public_key(), Botan::Dilithium_Algos::encode_public_key(), Botan::Dilithium_Algos::expand_A(), Botan::Dilithium_Algos::expand_keypair(), Botan::Kyber_Algos::expand_keypair(), Botan::Dilithium_Symmetric_Primitives_Base::H(), Botan::Kyber_KEM_Operation_Base::Kyber_KEM_Operation_Base(), Botan::Kyber_PublicKey::Kyber_PublicKey(), SHA2_32_F(), SHA2_32_F(), SHA2_64_F(), and SHA2_64_F().
◆ root()
Compute the root of elem in the field.
The root of a in GF(p) is computed as r = a^((p+1)/4) mod p. Note that the root is not unique, i.e. r and p-r are both roots.
- Returns
- GfPElem The root of this element.
Definition at line 451 of file curve448_gf.cpp.
References Botan::Gf448Elem::words().
Referenced by Botan::Ed448Point::decode(), Botan::Sphincs_Hash_Functions::H_msg(), Botan::XMSS_Hash::h_msg(), Botan::Sphincs_Hash_Functions::H_msg_digest(), Botan::XMSS_Hash::h_msg_init(), Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(), xmss_gen_root(), and Botan::Sphincs_Hash_Functions::~Sphincs_Hash_Functions().
◆ rotl() [1/4]
|
inline |
◆ rotl() [2/4]
Definition at line 927 of file simd_4x32.h.
References Botan::SIMD_4x32::rotl().
◆ rotl() [3/4]
◆ rotl() [4/4]
requires (ROT > 0 && ROT < 8 * sizeof(T))
|
constexpr |
Bit rotation left by a compile-time constant amount
- Parameters
-
input the input word
- Returns
- input rotated left by ROT bits
Definition at line 23 of file rotate.h.
References BOTAN_FORCE_INLINE.
Referenced by Botan::SHA_1::compress_n(), Botan::Noekeon::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SHA1_F::F1(), Botan::SHA1_F::F2(), Botan::SHA1_F::F3(), Botan::SHA1_F::F4(), Botan::GOST_28147_89::GOST_28147_89(), Keccak_Permutation_round(), P0(), P1(), R1(), R2(), SM3_E(), and Botan::Serpent_F::transform().
◆ rotl_var()
|
constexpr |
Bit rotation left, variable rotation amount
- Parameters
-
input the input word rot the number of bits to rotate, must be between 0 and sizeof(T)*8-1
- Returns
- input rotated left by rot bits
Definition at line 64 of file rotate.h.
References BOTAN_FORCE_INLINE.
◆ rotr() [1/4]
|
inline |
◆ rotr() [2/4]
Definition at line 932 of file simd_4x32.h.
References Botan::SIMD_4x32::rotr().
◆ rotr() [3/4]
◆ rotr() [4/4]
requires (ROT > 0 && ROT < 8 * sizeof(T))
|
constexpr |
Bit rotation right by a compile-time constant amount
- Parameters
-
input the input word
- Returns
- input rotated right by ROT bits
Definition at line 35 of file rotate.h.
References BOTAN_FORCE_INLINE.
Referenced by Botan::Noekeon::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::Serpent_F::i_transform(), rho(), and sigma().
◆ rotr_var()
|
constexpr |
Bit rotation right, variable rotation amount
- Parameters
-
input the input word rot the number of bits to rotate, must be between 0 and sizeof(T)*8-1
- Returns
- input rotated right by rot bits
Definition at line 75 of file rotate.h.
References BOTAN_FORCE_INLINE.
◆ round_up()
|
inlineconstexpr |
Integer rounding
Returns an integer z such that n <= z <= n + align_to and z % align_to == 0
- Parameters
-
n an integer align_to the alignment boundary
- Returns
- n rounded up to a multiple of align_to
Definition at line 26 of file rounding.h.
References BOTAN_ARG_CHECK.
Referenced by Botan::BigInt::bytes(), Botan::EC_Point_Base_Point_Precompute::EC_Point_Base_Point_Precompute(), monty_multi_exp(), Botan::EC_Point_Base_Point_Precompute::mul(), Botan::EC_Point_Var_Point_Precompute::mul(), Botan::EC_Point_Multi_Point_Precompute::multi_exp(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), Botan::BigInt::randomize(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().
◆ runtime_version_check()
| std::string Botan::runtime_version_check | ( | uint32_t | major, |
| uint32_t | minor, | ||
| uint32_t | patch ) |
Usable for checking that the DLL version loaded at runtime exactly matches the compile-time version. Call using BOTAN_VERSION_* macro values, like so:
It will return an empty string if the versions match, or otherwise an error message indicating the discrepancy. This only is useful in dynamic libraries, where it is possible to compile and run against different versions.
Definition at line 75 of file version.cpp.
References fmt(), short_version_cstr(), version_major(), version_minor(), and version_patch().
◆ same_mem()
|
inline |
Memory comparison, input insensitive
- Parameters
-
p1 a pointer to an array p2 a pointer to another array n the number of Ts in p1 and p2
- Returns
- true iff p1[i] == p2[i] forall i in [0...n)
Definition at line 299 of file mem_ops.h.
References same_mem().
Referenced by same_mem().
◆ sc_muladd()
| void Botan::sc_muladd | ( | uint8_t * | s, |
| const uint8_t * | a, | ||
| const uint8_t * | b, | ||
| const uint8_t * | c ) |
Definition at line 26 of file sc_muladd.cpp.
References carry(), carry0(), load_3(), load_4(), and redc_mul().
Referenced by ed25519_sign().
◆ sc_reduce()
| void Botan::sc_reduce | ( | uint8_t * | s | ) |
Definition at line 25 of file sc_reduce.cpp.
References carry(), carry0(), load_3(), load_4(), and redc_mul().
Referenced by ed25519_sign(), and ed25519_verify().
◆ scalar_blinding_bits()
|
constexpr |
Return number of blinding bits to use
This can return any value between 0 and the scalar bit length.
The field arithmetic and scalar multiplication algorithms are anyway written and tested to be constant time; blinding is just used as a safety net in the case that the compiler rewrites constant time code to include variable time behavior. If utmost performance is of concern and you are in a position to test that your specific compiler for your specific architecture is not inserting variable time behavior where not expected (for example by using the existing valgrind-based CT checking) it is safe to modify this function to just return 0, or some very small blinding factor of 1-4 bits.
Definition at line 41 of file pcurves_mul.h.
◆ scrypt() [1/2]
|
inline |
Scrypt key derivation function (RFC 7914)
- Parameters
-
output the output will be placed here output_len length of output password the user password password_len length of password salt the salt salt_len length of salt N the CPU/Memory cost parameter, must be power of 2 r the block size parameter p the parallelization parameter
Suitable parameters for most uses would be N = 32768, r = 8, p = 1
Scrypt uses approximately (p + N + 1) * 128 * r bytes of memory
Definition at line 83 of file scrypt.h.
References Botan::PasswordHashFamily::create_or_throw(), and scrypt().
◆ scrypt() [2/2]
|
inline |
Scrypt key derivation function (RFC 7914) Before 2.8 this function was the primary interface for scrypt
- Parameters
-
output the output will be placed here output_len length of output password the user password salt the salt salt_len length of salt N the CPU/Memory cost parameter, must be power of 2 r the block size parameter p the parallelization parameter
Suitable parameters for most uses would be N = 32768, r = 8, p = 1
Scrypt uses approximately (p + N + 1) * 128 * r bytes of memory
Definition at line 115 of file scrypt.h.
References Botan::PasswordHashFamily::create_or_throw(), and scrypt().
◆ secure_scrub_memory() [1/2]
| void Botan::secure_scrub_memory | ( | ranges::contiguous_output_range auto && | data | ) |
Zero memory contents in a way that a compiler should not elide, using some system specific technique.
- Parameters
-
data the data region to be scrubbed
Definition at line 59 of file mem_ops.h.
References secure_scrub_memory(), and Botan::ranges::size_bytes().
◆ secure_scrub_memory() [2/2]
| void Botan::secure_scrub_memory | ( | void * | ptr, |
| size_t | n ) |
Scrub memory contents in a way that a compiler should not elide, using some system specific technique. Note that this function might not zero the memory (for example, in some hypothetical implementation it might combine the memory contents with the output of a system PRNG), but if you can detect any difference in behavior at runtime then the clearing is side-effecting and you can just use clear_mem.
Use this function to scrub memory just before deallocating it, or on a stack buffer before returning from the function.
- Parameters
-
ptr a pointer to memory to scrub n the number of bytes pointed to by ptr
Definition at line 25 of file mem_utils.cpp.
References secure_zeroize_buffer().
Referenced by botan_scrub_mem(), deallocate_memory(), Botan::GHASH::final(), Botan::OS::free_locked_pages(), Botan::GHASH::reset_state(), secure_scrub_memory(), Botan::Sodium::sodium_free(), Botan::Sodium::sodium_memzero(), Botan::BER_Object::~BER_Object(), and Botan::BLAKE2s::~BLAKE2s().
◆ secure_zeroize_buffer()
| BOTAN_TEST_API void Botan::secure_zeroize_buffer | ( | void * | ptr, |
| size_t | n ) |
Zeroize memory contents in a way that a compiler should not elide, using some system specific technique.
Use this function to scrub memory just before deallocating it, or on a stack buffer before returning from the function.
- Parameters
-
ptr a pointer to memory to scrub n the number of bytes pointed to by ptr
Definition at line 29 of file mem_utils.cpp.
Referenced by Botan::PCurve::PrimeOrderCurve::Scalar::_zeroize(), secure_scrub_memory(), Botan::AlignmentBuffer< T, BLOCK_SIZE, FINAL_BLOCK_STRATEGY >::~AlignmentBuffer(), and Botan::BlindedScalarBits< C, WindowBits+1 >::~BlindedScalarBits().
◆ set_mem()
|
inlineconstexpr |
◆ SHA2_32_F() [1/2]
| BOTAN_FORCE_INLINE void Botan::SHA2_32_F | ( | uint32_t | A, |
| uint32_t | B, | ||
| uint32_t | C, | ||
| uint32_t & | D, | ||
| uint32_t | E, | ||
| uint32_t | F, | ||
| uint32_t | G, | ||
| uint32_t & | H, | ||
| uint32_t & | M1, | ||
| uint32_t | M2, | ||
| uint32_t | M3, | ||
| uint32_t | M4, | ||
| uint32_t | magic ) |
Definition at line 19 of file sha2_32_f.h.
References BOTAN_FORCE_INLINE, choose(), majority(), rho(), and sigma().
Referenced by Botan::SHA_256::compress_digest().
◆ SHA2_32_F() [2/2]
| BOTAN_FORCE_INLINE void Botan::SHA2_32_F | ( | uint32_t | A, |
| uint32_t | B, | ||
| uint32_t | C, | ||
| uint32_t & | D, | ||
| uint32_t | E, | ||
| uint32_t | F, | ||
| uint32_t | G, | ||
| uint32_t & | H, | ||
| uint32_t | M ) |
Definition at line 41 of file sha2_32_f.h.
References BOTAN_FORCE_INLINE, choose(), majority(), and rho().
◆ SHA2_64_F() [1/2]
| BOTAN_FORCE_INLINE void Botan::SHA2_64_F | ( | uint64_t | A, |
| uint64_t | B, | ||
| uint64_t | C, | ||
| uint64_t & | D, | ||
| uint64_t | E, | ||
| uint64_t | F, | ||
| uint64_t | G, | ||
| uint64_t & | H, | ||
| uint64_t & | M1, | ||
| uint64_t | M2, | ||
| uint64_t | M3, | ||
| uint64_t | M4, | ||
| uint64_t | magic ) |
Definition at line 19 of file sha2_64_f.h.
References BOTAN_FORCE_INLINE, choose(), majority(), rho(), and sigma().
Referenced by Botan::SHA_512::compress_digest().
◆ SHA2_64_F() [2/2]
| BOTAN_FORCE_INLINE void Botan::SHA2_64_F | ( | uint64_t | A, |
| uint64_t | B, | ||
| uint64_t | C, | ||
| uint64_t & | D, | ||
| uint64_t | E, | ||
| uint64_t | F, | ||
| uint64_t | G, | ||
| uint64_t & | H, | ||
| uint64_t | M ) |
Definition at line 41 of file sha2_64_f.h.
References BOTAN_FORCE_INLINE, choose(), majority(), and rho().
◆ shanks_tonelli_c1c2()
|
inlineconsteval |
Definition at line 215 of file pcurves_util.h.
References shift_right().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::sqrt().
◆ shanks_tonelli_c3()
|
inlineconsteval |
Definition at line 238 of file pcurves_util.h.
References shift_right().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::sqrt().
◆ shanks_tonelli_c4()
|
consteval |
Definition at line 247 of file pcurves_util.h.
References p_minus_1_over_2().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::sqrt().
◆ shift_left()
|
inlineconstexpr |
Definition at line 712 of file mp_core.h.
References carry().
Referenced by bytes_to_words(), hex_to_words(), Botan::IntMod< MontgomeryRep< ScalarParams > >::mul2(), and reduce_mod().
◆ shift_right()
|
inlineconstexpr |
Definition at line 727 of file mp_core.h.
References carry().
Referenced by Botan::IntMod< MontgomeryRep< ScalarParams > >::_invert_vartime_div2_helper(), Botan::IntMod< MontgomeryRep< ScalarParams > >::div2(), p_div_2_plus_1(), p_minus_1_over_2(), p_plus_1_over_4(), shanks_tonelli_c1c2(), and shanks_tonelli_c3().
◆ shl() [1/3]
|
inline |
◆ shl() [2/3]
Definition at line 938 of file simd_4x32.h.
References Botan::SIMD_4x32::shl().
◆ shl() [3/3]
◆ short_version_cstr()
| const char * Botan::short_version_cstr | ( | ) |
Same as version_short_string except returning a pointer to the string.
Definition at line 16 of file version.cpp.
Referenced by runtime_version_check(), and short_version_string().
◆ short_version_string()
| std::string Botan::short_version_string | ( | ) |
Return a version string of the form "MAJOR.MINOR.PATCH" where each of the values is an integer.
Definition at line 28 of file version.cpp.
References short_version_cstr().
◆ sigma()
|
constexpr |
SHA-2 Sigma style function
Definition at line 45 of file rotate.h.
References BOTAN_FORCE_INLINE, and rotr().
Referenced by Botan::Kyber_Algos::expand_keypair(), SHA2_32_F(), and SHA2_64_F().
◆ sign_message()
| std::array< uint8_t, 114 > Botan::sign_message | ( | std::span< const uint8_t, ED448_LEN > | sk, |
| std::span< const uint8_t, ED448_LEN > | pk, | ||
| bool | f, | ||
| std::span< const uint8_t > | context, | ||
| std::span< const uint8_t > | msg ) |
Sign a message using a keypair (RFC 8032 5.2.6).
- Parameters
-
sk the secret key pk the public key f the prehash flag (true iff using Ed448ph) context the context string msg the message to sign
- Returns
- the signature
Definition at line 382 of file ed448_internal.cpp.
References Botan::BufferStuffer::append(), Botan::Ed448Point::base_point_mul(), BOTAN_ASSERT, Botan::XOF::create_or_throw(), ED448_LEN, Botan::Ed448Point::encode(), and Botan::BufferStuffer::full().
◆ signature_check()
| bool Botan::signature_check | ( | std::span< const uint8_t, 32 > | pk, |
| const uint8_t | h[32], | ||
| const uint8_t | r[32], | ||
| const uint8_t | s[32] ) |
Definition at line 1904 of file ge.cpp.
References Botan::CT::is_equal().
Referenced by Botan::Ed25519_PublicKey::check_key(), and ed25519_verify().
◆ significant_bytes()
|
constexpr |
Return the number of significant bytes in n
- Parameters
-
n an integer value
- Returns
- number of significant bytes in n
Definition at line 94 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ct_if_is_zero_ret().
◆ sm2_compute_za()
| std::vector< uint8_t > Botan::sm2_compute_za | ( | HashFunction & | hash, |
| std::string_view | user_id, | ||
| const EC_Group & | group, | ||
| const EC_AffinePoint & | pubkey ) |
Definition at line 82 of file sm2.cpp.
References Botan::Buffered_Computation::final(), Botan::EC_Group::get_a(), Botan::EC_Group::get_b(), get_byte(), Botan::EC_Group::get_g_x(), Botan::EC_Group::get_g_y(), Botan::EC_Group::get_p_bytes(), Botan::BigInt::serialize(), Botan::Buffered_Computation::update(), and Botan::EC_AffinePoint::xy_bytes().
Referenced by botan_pubkey_sm2_compute_za().
◆ SM3_E()
|
inline |
◆ solinas_correct_redc()
|
inlineconstexpr |
Set r to r - C. Then if r < 0, add P to r
Definition at line 84 of file pcurves_solinas.h.
References carry(), Botan::CT::value_barrier(), word_add(), and word_sub().
◆ split_on()
| BOTAN_TEST_API std::vector< std::string > Botan::split_on | ( | std::string_view | str, |
| char | delim ) |
Split a string
- Parameters
-
str the input string delim the delimiter
- Returns
- string split by delim
Definition at line 111 of file parsing.cpp.
References fmt().
Referenced by argon2_check_pwhash(), Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism(), create_private_key(), Botan::TLS::Text_Policy::get_list(), load_private_key(), load_public_key(), pbes2_decrypt(), Botan::TLS::Text_Policy::read_cert_type_list(), Botan::TLS::Text_Policy::read_group_list(), read_kv(), Botan::PK_Ops::Verification_with_Hash::Verification_with_Hash(), and Botan::X509_Cert_Options::X509_Cert_Options().
◆ sqrt_field_element()
|
inlineconstexpr |
Field square root
Uses the specialized fe_sqrt if available, or otherwise the standard square root
Definition at line 60 of file pcurves_algos.h.
Referenced by Botan::PCurve::PrimeOrderCurveImpl< C >::deserialize_point(), and map_to_curve_sswu().
◆ sqrt_modulo_prime()
Compute the square root of x modulo a prime using the Tonelli-Shanks algorithm. This algorithm is primarily used for EC point decompression which takes only public inputs, as a consequence it is not written to be constant-time and may leak side-channel information about its arguments.
- Parameters
-
x the input p the prime modulus
- Returns
- y such that (y*y)p == x, or -1 if no such integer
Definition at line 27 of file numthry.cpp.
References BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), Botan::BigInt::from_word(), Botan::BigInt::is_odd(), jacobi(), low_zero_bits(), monty_exp_vartime(), Botan::BigInt::power_of_2(), Botan::BigInt::square(), and Botan::Montgomery_Int::value().
◆ square() [1/2]
- Parameters
-
x an integer
- Returns
- (x*x)
Definition at line 184 of file numthry.cpp.
References Botan::BigInt::square().
Referenced by Botan::Ed448Point::decode(), Botan::Ed448Point::double_point(), Botan::Ed448Point::operator+(), Botan::PCurve::GenericPrimeOrderCurve::scalar_square(), Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_square(), and x448().
◆ square() [2/2]
Computes elem^2. Faster than operator*.
Definition at line 445 of file curve448_gf.cpp.
References Botan::Gf448Elem::words().
◆ squeeze_from_sponge() [1/2]
|
inline |
Definition at line 258 of file sponge_processing.h.
References squeeze_from_sponge().
◆ squeeze_from_sponge() [2/2]
|
inline |
Squeezes output data from the sponge state.
- Parameters
-
sponge The sponge state to squeeze data from. output The output buffer to write the squeezed data into. permutation_fn The function to call for the sponge's permutation.
Definition at line 245 of file sponge_processing.h.
References BOTAN_ASSERT_NOMSG, Botan::BufferStuffer::full(), and process_bytes_in_sponge().
Referenced by Botan::Ascon_p::squeeze(), Botan::Keccak_Permutation::squeeze(), and squeeze_from_sponge().
◆ srp6_client_agree() [1/2]
| std::pair< BigInt, SymmetricKey > Botan::srp6_client_agree | ( | std::string_view | username, |
| std::string_view | password, | ||
| const DL_Group & | group, | ||
| std::string_view | hash_id, | ||
| const std::vector< uint8_t > & | salt, | ||
| const BigInt & | B, | ||
| size_t | a_bits, | ||
| RandomNumberGenerator & | rng ) |
SRP6a Client side
- Parameters
-
username the username we are attempting login for password the password we are attempting to use group specifies the shared SRP group hash_id specifies a secure hash function salt is the salt value sent by the server B is the server's public value a_bits size of secret exponent in bits rng is a random number generator
- Returns
- (A,K) the client public key and the shared secret key
Definition at line 79 of file srp6.cpp.
References Botan::BigInt::bits(), BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::HashFunction::create_or_throw(), fmt(), Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), Botan::DL_Group::mod_p(), Botan::DL_Group::multiply_mod_p(), Botan::DL_Group::p_bits(), Botan::DL_Group::p_bytes(), Botan::DL_Group::power_b_p(), Botan::DL_Group::power_g_p(), and Botan::BigInt::serialize().
◆ srp6_client_agree() [2/2]
| std::pair< BigInt, SymmetricKey > Botan::srp6_client_agree | ( | std::string_view | username, |
| std::string_view | password, | ||
| std::string_view | group_id, | ||
| std::string_view | hash_id, | ||
| const std::vector< uint8_t > & | salt, | ||
| const BigInt & | B, | ||
| RandomNumberGenerator & | rng ) |
SRP6a Client side
- Parameters
-
username the username we are attempting login for password the password we are attempting to use group_id specifies the shared SRP group hash_id specifies a secure hash function salt is the salt value sent by the server B is the server's public value rng is a random number generator
- Returns
- (A,K) the client public key and the shared secret key
Definition at line 66 of file srp6.cpp.
References Botan::DL_Group::from_name(), and srp6_client_agree().
Referenced by botan_srp6_client_agree(), and srp6_client_agree().
◆ srp6_generate_verifier() [1/2]
| BigInt Botan::srp6_generate_verifier | ( | std::string_view | identifier, |
| std::string_view | password, | ||
| const std::vector< uint8_t > & | salt, | ||
| const DL_Group & | group, | ||
| std::string_view | hash_id ) |
Generate a new SRP-6 verifier
- Parameters
-
identifier a username or other client identifier password the secret used to authenticate user salt a randomly chosen value, at least 128 bits long group specifies the shared SRP group hash_id specifies a secure hash function
Definition at line 138 of file srp6.cpp.
References Botan::HashFunction::create_or_throw(), fmt(), Botan::DL_Group::p_bits(), and Botan::DL_Group::power_g_p().
◆ srp6_generate_verifier() [2/2]
| BigInt Botan::srp6_generate_verifier | ( | std::string_view | identifier, |
| std::string_view | password, | ||
| const std::vector< uint8_t > & | salt, | ||
| std::string_view | group_id, | ||
| std::string_view | hash_id ) |
Generate a new SRP-6 verifier
- Parameters
-
identifier a username or other client identifier password the secret used to authenticate user salt a randomly chosen value, at least 128 bits long group_id specifies the shared SRP group hash_id specifies a secure hash function
Definition at line 129 of file srp6.cpp.
References Botan::DL_Group::from_name(), and srp6_generate_verifier().
Referenced by botan_srp6_generate_verifier(), and srp6_generate_verifier().
◆ srp6_group_identifier()
Return the group id for this SRP param set, or else thrown an exception
- Parameters
-
N the group modulus g the group generator
- Returns
- group identifier
Definition at line 47 of file srp6.cpp.
References Botan::BigInt::bits(), and Botan::DL_Group::from_name().
◆ SSWU_C1()
requires C::ValidForSswuHash
| const auto & Botan::SSWU_C1 | ( | ) |
SSWU constant C1 - (-B / A)
See RFC 9380 section 6.6.2
Definition at line 1660 of file pcurves_impl.h.
References SSWU_C2().
Referenced by map_to_curve_sswu().
◆ SSWU_C2()
requires C::ValidForSswuHash
| const auto & Botan::SSWU_C2 | ( | ) |
SSWU constant C2 - (B / (Z * A))
See RFC 9380 section 6.6.2
Definition at line 1646 of file pcurves_impl.h.
References invert_field_element().
Referenced by map_to_curve_sswu(), and SSWU_C1().
◆ store_be()
|
inlineconstexpr |
Store "something" in big endian byte order See the documentation of this file for more details.
Definition at line 745 of file loadstor.h.
References Botan::detail::store_any().
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::BigInt::binary_encode(), Botan::GeneralName::binary_name(), Botan::BlindedScalarBits< C, WindowBits+1 >::BlindedScalarBits(), botan_x509_crl_view_binary_values(), Botan::FPE_FE1::decrypt(), Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::AlternativeName::encode_into(), Botan::CryptoBox::encrypt(), Botan::FPE_FE1::encrypt(), Botan::TLS::Session::encrypt(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::TLS::Connection_Cipher_State::format_ad(), hkdf_expand_label(), Botan::ML_KEM_Symmetric_Primitives::init_PRF(), Botan::ML_KEM_Symmetric_Primitives::init_XOF(), ipv4_to_string(), lmots_compute_pubkey_from_sig(), Botan::LMOTS_Public_Key::LMOTS_Public_Key(), Botan::TLS::make_hello_random(), Botan::TLS::make_server_hello_random(), Botan::TPM2::Context::manufacturer(), Botan::TLS::Cipher_State::next_ticket_nonce(), nist_key_wrap(), nist_key_wrap_padded(), Botan::XMSS_PublicKey::raw_public_key_bits(), Botan::CTR_BE::seek(), Botan::TLS::New_Session_Ticket_12::serialize(), Botan::TLS::New_Session_Ticket_13::serialize(), Botan::IntMod< MontgomeryRep< ScalarParams > >::serialize_to(), Botan::PseudorandomKeyGeneration::set_i(), Botan::PseudorandomKeyGeneration::set_j(), Botan::PseudorandomKeyGeneration::set_q(), Botan::HSS_LMS_PrivateKeyInternal::sign(), Botan::LMOTS_Private_Key::sign(), Botan::LMS_PrivateKey::sign_and_get_pk(), Botan::SIMD_4x32::store_be(), Botan::HSS_LMS_PrivateKeyInternal::to_bytes(), Botan::HSS_LMS_PublicKeyInternal::to_bytes(), Botan::LMS_PublicKey::to_bytes(), Botan::Sphincs_Address::to_bytes(), Botan::Sphincs_Address::to_bytes_compressed(), Botan::Buffered_Computation::update_be(), Botan::Buffered_Computation::update_be(), Botan::Buffered_Computation::update_be(), and Botan::TPM2::Context::vendor().
◆ store_le()
|
inlineconstexpr |
Store "something" in little endian byte order See the documentation of this file for more details.
Definition at line 736 of file loadstor.h.
References Botan::detail::store_any().
Referenced by Botan::Ascon_AEAD128_Mode::calculate_tag_and_finish(), create_aes_row_generator(), create_shake_row_generator(), Botan::Sodium::crypto_core_hsalsa20(), Botan::GOST_28147_89::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::Streebog::final_result(), generate_mceliece_key(), Botan::CRYSTALS::pack(), Botan::RandomNumberGenerator::randomize_with_ts_input(), Botan::Salsa20::salsa_core(), Botan::ChaCha::seek(), Botan::Salsa20::seek(), Botan::Classic_McEliece_Minimal_Polynomial::serialize(), Botan::FrodoMatrix::serialize(), Botan::Sodium::sodium_malloc(), Botan::SIMD_4x32::store_le(), Botan::bitvector_base< secure_allocator >::subvector_replace(), Botan::Gf448Elem::to_bytes(), Botan::Scalar448::to_bytes(), Botan::Buffered_Computation::update_le(), Botan::Buffered_Computation::update_le(), Botan::Buffered_Computation::update_le(), Botan::ChaCha20Poly1305_Mode::update_len(), Botan::detail::FullWordBounds< SpongeT >::write_into(), and Botan::detail::PartialWordBounds< SpongeT >::write_into().
◆ string_join()
| std::string Botan::string_join | ( | const std::vector< std::string > & | strs, |
| char | delim ) |
Join a string
- Parameters
-
strs strings to join delim the delimiter
- Returns
- string joined by delim
Definition at line 140 of file parsing.cpp.
Referenced by Botan::CPUID::to_string(), and Botan::Key_Constraints::to_string().
◆ string_to_ipv4()
| std::optional< uint32_t > BOTAN_TEST_API Botan::string_to_ipv4 | ( | std::string_view | ip_str | ) |
Convert a string representation of an IPv4 address to a number
- Parameters
-
ip_str the string representation
- Returns
- integer IPv4 address
Definition at line 156 of file parsing.cpp.
References BOTAN_ASSERT_NOMSG.
Referenced by Botan::AlternativeName::add_attribute(), Botan::AlternativeName::AlternativeName(), Botan::TLS::Server_Name_Indicator::hostname_acceptable_for_sni(), Botan::NameConstraints::is_excluded(), Botan::NameConstraints::is_permitted(), Botan::GeneralName::matches(), and Botan::X509_Certificate::matches_dns_name().
◆ swap_bits()
|
constexpr |
Definition at line 202 of file bit_ops.h.
References BOTAN_FORCE_INLINE.
◆ swar_in_range()
|
constexpr |
SWAR (SIMD within a word) byte-by-byte comparison
This individually compares each byte of the provided words. It returns a mask which contains, for each byte, 0x80 if the byte in a was less than the byte in b. Otherwise the mask is 00.
This implementation assumes that the high bits of each byte in both lower and upper are clear! It is possible to support the full range of bytes, but this requires additional comparisons.
Definition at line 114 of file int_utils.h.
◆ swar_lt()
|
constexpr |
SWAR (SIMD within a word) byte-by-byte comparison
This individually compares each byte of the provided words. It returns a mask which contains, for each byte, 0xFF if the byte in a was less than the byte in b. Otherwise the mask is 00.
This implementation assumes that the high bits of each byte in both a and b are clear! It is possible to support the full range of bytes, but this requires additional comparisons.
Definition at line 91 of file int_utils.h.
◆ syndrome_init()
| std::vector< polyn_gf2m > Botan::syndrome_init | ( | const polyn_gf2m & | generator, |
| const std::vector< gf2m > & | support, | ||
| int | n ) |
Definition at line 605 of file polyn_gf2m.cpp.
References Botan::polyn_gf2m::get_degree(), Botan::polyn_gf2m::get_sp_field(), and lex_to_gray().
Referenced by generate_mceliece_key().
◆ system_rng()
| RandomNumberGenerator & Botan::system_rng | ( | ) |
Return a shared reference to a global PRNG instance provided by the operating system. For instance might be instantiated by /dev/urandom or CryptGenRandom.
Definition at line 373 of file system_rng.cpp.
Referenced by Botan::System_RNG::accepts_input(), Botan::AutoSeeded_RNG::AutoSeeded_RNG(), botan_pk_op_decrypt_create(), botan_pk_op_encrypt_create(), botan_pk_op_kem_decrypt_create(), botan_pk_op_key_agreement_create(), botan_pk_op_sign_create(), botan_rng_reseed(), botan_system_rng_get(), Botan::System_RNG::clear(), Botan::System_RNG::fill_bytes_with_input(), Botan::System_RNG::is_seeded(), Botan::System_RNG::name(), Botan::Sodium::randombytes_buf(), and Botan::RandomNumberGenerator::randomize_with_ts_input().
◆ throw_invalid_argument()
| void BOTAN_UNSTABLE_API Botan::throw_invalid_argument | ( | const char * | message, |
| const char * | func, | ||
| const char * | file ) |
Called when an invalid argument is used Throws Invalid_Argument
Definition at line 23 of file assert.cpp.
References fmt().
◆ throw_invalid_state()
| void BOTAN_UNSTABLE_API Botan::throw_invalid_state | ( | const char * | message, |
| const char * | func, | ||
| const char * | file ) |
Called when an invalid state is encountered Throws Invalid_State
Definition at line 27 of file assert.cpp.
References fmt().
◆ to_affine()
|
inlineconstexpr |
Convert a projective point into affine
Definition at line 76 of file pcurves_algos.h.
References invert_field_element().
Referenced by Botan::PCurve::GenericPrimeOrderCurve::point_to_affine(), Botan::PCurve::PrimeOrderCurveImpl< C >::point_to_affine(), and to_affine_batch().
◆ to_affine_batch()
| auto Botan::to_affine_batch | ( | std::span< const typename C::ProjectivePoint > | projective | ) |
Definition at line 107 of file pcurves_algos.h.
References Botan::CT::Choice::as_bool(), invert_field_element(), Botan::CT::Choice::no(), and to_affine().
Referenced by Botan::AffinePointTable< C, R >::AffinePointTable(), basemul_booth_setup(), basemul_setup(), and Botan::VartimeMul2Table< C, W >::VartimeMul2Table().
◆ to_affine_x()
| auto Botan::to_affine_x | ( | const typename C::ProjectivePoint & | pt | ) |
Convert a projective point into affine and return x coordinate only
Definition at line 96 of file pcurves_algos.h.
References invert_field_element().
Referenced by Botan::PCurve::GenericPrimeOrderCurve::base_point_mul_x_mod_order(), Botan::PCurve::PrimeOrderCurveImpl< C >::base_point_mul_x_mod_order(), Botan::PCurve::GenericPrimeOrderCurve::mul_x_only(), and Botan::PCurve::PrimeOrderCurveImpl< C >::mul_x_only().
◆ to_string() [1/2]
| const char * Botan::to_string | ( | Certificate_Status_Code | code | ) |
Convert a status code to a human readable diagnostic message
- Parameters
-
code the certificate status
- Returns
- string literal constant, or nullptr if code unknown
Definition at line 11 of file cert_status.cpp.
References AS_BLOCKS_ERROR, CA_CERT_NOT_FOR_CERT_ISSUER, CA_CERT_NOT_FOR_CRL_ISSUER, CANNOT_ESTABLISH_TRUST, CERT_CHAIN_LOOP, CERT_CHAIN_TOO_LONG, CERT_HAS_EXPIRED, CERT_IS_REVOKED, CERT_ISSUER_NOT_FOUND, CERT_NAME_NOMATCH, CERT_NOT_YET_VALID, CERT_PUBKEY_INVALID, CERT_SERIAL_NEGATIVE, CHAIN_LACKS_TRUST_ROOT, CHAIN_NAME_MISMATCH, CRL_BAD_SIGNATURE, CRL_HAS_EXPIRED, CRL_NOT_YET_VALID, DN_TOO_LONG, DUPLICATE_CERT_EXTENSION, DUPLICATE_CERT_POLICY, EXT_IN_V1_V2_CERT, INVALID_USAGE, IPADDR_BLOCKS_ERROR, NAME_CONSTRAINT_ERROR, NO_MATCHING_CRLDP, NO_REVOCATION_DATA, OCSP_BAD_STATUS, OCSP_CERT_NOT_LISTED, OCSP_HAS_EXPIRED, OCSP_IS_TOO_OLD, OCSP_ISSUER_NOT_FOUND, OCSP_ISSUER_NOT_TRUSTED, OCSP_NO_HTTP, OCSP_NO_REVOCATION_URL, OCSP_NOT_YET_VALID, OCSP_RESPONSE_GOOD, OCSP_RESPONSE_INVALID, OCSP_RESPONSE_MISSING_KEYUSAGE, OCSP_SERVER_NOT_AVAILABLE, OCSP_SIGNATURE_ERROR, OCSP_SIGNATURE_OK, POLICY_ERROR, SIGNATURE_ALGO_BAD_PARAMS, SIGNATURE_ALGO_UNKNOWN, SIGNATURE_ERROR, SIGNATURE_METHOD_TOO_WEAK, TRUSTED_CERT_HAS_EXPIRED, TRUSTED_CERT_NOT_YET_VALID, UNKNOWN_CRITICAL_EXTENSION, UNTRUSTED_HASH, V2_IDENTIFIERS_IN_V1_CERT, VALID_CRL_CHECKED, and VERIFIED.
◆ to_string() [2/2]
| std::string Botan::to_string | ( | ErrorType | type | ) |
Convert an ErrorType to string.
Definition at line 13 of file exceptn.cpp.
References Bzip2Error, CommonCryptoError, DatabaseError, DecodingFailure, EncodingFailure, HttpError, InternalError, InvalidArgument, InvalidKeyLength, InvalidNonceLength, InvalidObjectState, InvalidTag, IoError, KeyNotSet, LookupError, LzmaError, NotImplemented, OutOfMemory, Pkcs11Error, RoughtimeError, SystemError, TLSError, TPMError, Unknown, and ZlibError.
Referenced by Botan::TLS::Server_Hello_13::basic_validation(), botan_x509_cert_validation_status(), Botan::PKCS11::PKCS11_ReturnError::PKCS11_ReturnError(), and Botan::Path_Validation_Result::status_string().
◆ to_u32bit()
| BOTAN_TEST_API uint32_t Botan::to_u32bit | ( | std::string_view | str | ) |
Convert a decimal string to a number
- Parameters
-
str the string to convert
- Returns
- number value of the string
Definition at line 32 of file parsing.cpp.
Referenced by Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_as_integer(), argon2_check_pwhash(), create_private_key(), Botan::TLS::Text_Policy::get_len(), Botan::HTTP::http_sync(), and to_uint16().
◆ to_uint16()
| uint16_t Botan::to_uint16 | ( | std::string_view | str | ) |
Convert a decimal string to a number
- Parameters
-
str the string to convert
- Returns
- number value of the string
Definition at line 22 of file parsing.cpp.
References to_u32bit().
Referenced by check_bcrypt(), and Botan::TLS::Text_Policy::srtp_profiles().
◆ to_underlying()
requires std::is_enum_v<T>
|
noexcept |
Definition at line 121 of file stl_util.h.
◆ tolower_string()
| std::string Botan::tolower_string | ( | std::string_view | str | ) |
Definition at line 241 of file parsing.cpp.
Referenced by Botan::AlternativeName::add_dns(), and host_wildcard_match().
◆ treehash() [1/2]
| BOTAN_TEST_API void Botan::treehash | ( | StrongSpan< SphincsTreeNode > | out_root, |
| StrongSpan< SphincsAuthenticationPath > | out_auth_path, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes, | ||
| std::optional< TreeNodeIndex > | leaf_idx, | ||
| uint32_t | idx_offset, | ||
| uint32_t | tree_height, | ||
| const GenerateLeafFunction & | gen_leaf, | ||
| Sphincs_Address & | tree_address ) |
Implements a generic Merkle tree hash. Will be used for both FORS and XMSS signatures. gen_leaf is used to create leaf nodes in the respective trees. Additionally XMSS uses the gen_leaf logic to store the WOTS Signature in the main SLH-DSA signature. The leaf_idx is the index of leaf to sign. If only the root node must be computed (without a signature), the leaf_idx is set to std::nullopt.
Definition at line 17 of file sp_treehash.cpp.
References BOTAN_ASSERT_NOMSG, copy_mem(), Botan::StrongSpan< T >::get(), Botan::Sphincs_Parameters::n(), Botan::Sphincs_Address::set_tree_height(), Botan::Sphincs_Address::set_tree_index(), Botan::StrongSpan< T >::size(), and Botan::Sphincs_Hash_Functions::T().
Referenced by fors_sign_and_pkgen(), and xmss_sign_and_pkgen().
◆ treehash() [2/2]
requires concepts::tree_address<Address, TreeLayerIndex, TreeNodeIndex>
|
inline |
Treehash logic to build up a merkle hash tree.
Computes the root of the merkle tree. Can also output an authentication path necessary for a hash based signature.
Given the following tree: Layer: 2 7R / \ 1 3X 6A / \ / \ 0 1X 2A 4 5
The treehash logic traverses the tree (Post-order traversal), i.e., the nodes are discovered in order 1,2,3,...,7. If we want to create a signature using leaf node 1, the authentication path is (Node 2, Node 6), since we need those to compute the root.
- Parameters
-
out_root An output buffer to store the root node in (size: node_size ). out_auth_path Optional buffer to store the authentication path in (size: node_size * total_tree_height). leaf_idx The optional index of the leaf used to sign in the bottom tree layer beginning with index 0. nullopt if no node is signed, so we need no auth path. node_size The size of each node in the tree. total_tree_height The height of the merkle tree to construct. idx_offset If we compute a subtree this marks the index of the leftmost leaf node in the bottom layer node_pair_hash The function to process two child nodes to compute their parent node. gen_leaf The logic to create a leaf node given the address in the tree. Probably this function creates a one-time/few-time-signature's public key which is hashed to be the leaf node. tree_address The address that is passed to gen_leaf or node_pair hash. This function will update the address accordings to the currently processed node. This object may contain further algorithm specific information, like the position of this merkle tree in a hypertree.
Definition at line 110 of file tree_hash.h.
References BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, copy_mem(), Botan::detail::Strong_Base< T >::get(), and Botan::StrongSpan< T >::size().
◆ typecast_copy() [1/9]
requires std::is_default_constructible_v<ToT> && std::is_trivially_copyable_v<ToT> && std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>>
|
inlineconstexpr |
Create a trivial type by bit-casting a range of trivially copyable type with matching length into it.
Definition at line 210 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [2/9]
requires std::is_trivial_v<To>
|
inlineconstexprnoexcept |
Definition at line 252 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [3/9]
requires std::is_trivial_v<std::decay_t<T>>
|
inlineconstexpr |
Definition at line 244 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [4/9]
requires std::is_trivial_v<T>
|
inlineconstexpr |
Definition at line 227 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [5/9]
requires std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>> && std::is_trivially_copyable_v<std::ranges::range_value_t<ToR>>
|
inlineconstexpr |
Copy a range of a trivially copyable type into another range of trivially copyable type of matching byte length.
Definition at line 176 of file mem_ops.h.
References Botan::ranges::assert_equal_byte_lengths(), and Botan::ranges::size_bytes().
Referenced by decode_point(), decode_scalar(), Botan::bitvector_base< secure_allocator >::from_bytes(), Botan::detail::load_any(), Botan::detail::load_any(), Botan::Roughtime::Nonce::Nonce(), Botan::detail::store_any(), Botan::detail::store_any(), Botan::bitvector_base< secure_allocator >::to_bytes(), typecast_copy(), typecast_copy(), typecast_copy(), typecast_copy(), typecast_copy(), typecast_copy(), typecast_copy(), typecast_copy(), xor_buf(), and xor_buf().
◆ typecast_copy() [6/9]
requires std::is_trivially_copyable_v<FromT> && (!std::ranges::range<FromT>) && std::is_trivially_copyable_v<std::ranges::range_value_t<ToR>>
|
inlineconstexpr |
Copy an instance of trivially copyable type into a range of trivially copyable type with matching length.
Definition at line 199 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [7/9]
requires std::is_trivially_copyable_v<std::ranges::range_value_t<FromR>> && std::is_trivially_copyable_v<ToT> && (!std::ranges::range<ToT>)
|
inlineconstexpr |
Copy a range of trivially copyable type into an instance of trivially copyable type with matching length.
Definition at line 188 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [8/9]
|
inlineconstexpr |
Definition at line 236 of file mem_ops.h.
References typecast_copy().
◆ typecast_copy() [9/9]
requires std::is_trivially_copyable_v<T>
|
inlineconstexpr |
Definition at line 218 of file mem_ops.h.
References typecast_copy().
◆ ucs2_to_utf8()
| BOTAN_TEST_API std::string Botan::ucs2_to_utf8 | ( | const uint8_t | ucs2[], |
| size_t | len ) |
Convert a sequence of UCS-2 (big endian) characters to a UTF-8 string This is used for ASN.1 BMPString type
- Parameters
-
ucs2 the sequence of UCS-2 characters len length of ucs2 in bytes, must be a multiple of 2
Definition at line 54 of file charset.cpp.
References load_be().
Referenced by Botan::ASN1_String::decode_from().
◆ ucs4_to_utf8()
| BOTAN_TEST_API std::string Botan::ucs4_to_utf8 | ( | const uint8_t | ucs4[], |
| size_t | len ) |
Convert a sequence of UCS-4 (big endian) characters to a UTF-8 string This is used for ASN.1 UniversalString type
- Parameters
-
ucs4 the sequence of UCS-4 characters len length of ucs4 in bytes, must be a multiple of 4
Definition at line 70 of file charset.cpp.
References load_be().
Referenced by Botan::ASN1_String::decode_from().
◆ unchecked_copy_memory()
|
inline |
Definition at line 44 of file mem_utils.h.
Referenced by bigint_shl1(), bigint_shl2(), bigint_shr1(), bigint_shr2(), and Botan::BigInt::mod_sub().
◆ unlock()
| std::vector< T > Botan::unlock | ( | const secure_vector< T > & | in | ) |
Definition at line 85 of file secmem.h.
Referenced by Botan::OCSP::CertID::CertID(), Botan::Roughtime::Chain::Chain(), Botan::DL_Group::DL_Group(), Botan::KeyPair::encryption_consistency_check(), Botan::DL_Group::from_PEM(), Botan::OCSP::CertID::is_id_for(), and Botan::Cipher_Mode_Filter::set_iv().
◆ unsafe_for_production_build()
| bool Botan::unsafe_for_production_build | ( | ) |
Certain build-time options, used for testing, result in a binary which is not safe for use in a production system. This function can be used to test for such a configuration at runtime.
Currently these unsafe conditions include:
- Unsafe fuzzer mode (–unsafe-fuzzer-mode) which intentionally disables various checks in order to improve the effectiveness of fuzzing.
- Terminate on asserts (–unsafe-terminate-on-asserts) which intentionally aborts if any internal assertion failure occurs, rather than throwing an exception.
Definition at line 67 of file version.cpp.
◆ unwrap_strong_type()
|
nodiscardconstexpr |
Generically unwraps a strong type to its underlying type.
If the provided type is not a strong type, it is returned as is.
- Note
- This is meant as a helper for generic code that needs to deal with both wrapped strong types and bare objects. Use the ordinary get() method if you know that you are dealing with a strong type.
- Parameters
-
t value to be unwrapped
- Returns
- the unwrapped value
Definition at line 243 of file strong_type.h.
Referenced by checked_cast_to_or_throw(), Botan::detail::concatenate(), Botan::bitvector_base< secure_allocator >::ct_conditional_xor(), Botan::bitvector_base< secure_allocator >::equals_vartime(), Botan::bitvector_base< secure_allocator >::operator&=(), Botan::bitvector_base< secure_allocator >::operator^=(), Botan::bitvector_base< secure_allocator >::operator|=(), Botan::bitvector_base< secure_allocator >::subvector(), Botan::bitvector_base< secure_allocator >::subvector_replace(), and Botan::detail::unwrap_strong_type_or_enum().
◆ value_exists()
| bool Botan::value_exists | ( | const std::vector< T > & | vec, |
| const V & | val ) |
Existence check for values
Definition at line 43 of file stl_util.h.
Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Policy::allowed_signature_hash(), Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::Certificate_Type_Base::Certificate_Type_Base(), Botan::TLS::Policy::choose_key_exchange_group(), Botan::TLS::Policy::ciphersuite_list(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Server_Hello_13::create(), Botan::TPM2::Context::find_free_persistent_handle(), Botan::TLS::Hello_Retry_Request::Hello_Retry_Request(), Botan::TLS::Signature_Scheme::is_available(), Botan::TLS::Server_Impl_13::new_session_ticket_supported(), Botan::TPM2::Context::persist(), Botan::TLS::Key_Share::retry_offer(), Botan::TLS::Supported_Groups::Supported_Groups(), and Botan::TLS::Certificate_Type_Base::validate_selection().
◆ var_ctz32()
|
constexpr |
Definition at line 180 of file bit_ops.h.
References BOTAN_FORCE_INLINE, and ctz().
◆ varpoint_exec()
| C::ProjectivePoint Botan::varpoint_exec | ( | const AffinePointTable< C > & | table, |
| const BlindedScalar & | scalar, | ||
| RandomNumberGenerator & | rng ) |
Definition at line 371 of file pcurves_mul.h.
References Botan::AffinePointTable< C, R >::ct_select(), Botan::CT::poison(), and Botan::CT::unpoison().
Referenced by Botan::WindowedMulTable< C, W >::mul().
◆ varpoint_setup()
| AffinePointTable< C > Botan::varpoint_setup | ( | const typename C::AffinePoint & | p | ) |
Definition at line 351 of file pcurves_mul.h.
Referenced by Botan::WindowedBoothMulTable< C, W >::WindowedBoothMulTable(), and Botan::WindowedMulTable< C, W >::WindowedMulTable().
◆ vartime_divide()
| BOTAN_TEST_API void Botan::vartime_divide | ( | const BigInt & | x, |
| const BigInt & | y, | ||
| BigInt & | q, | ||
| BigInt & | r ) |
BigInt Division
- Parameters
-
x an integer y a non-zero integer q will be set to x / y r will be set to x % y
Definition at line 325 of file divide.cpp.
References BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, Botan::BigInt::grow_to(), Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::reduce_below(), Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), Botan::BigInt::top_bits_free(), Botan::divide_precomp< W >::vartime_div_2to1(), Botan::BigInt::word_at(), and Botan::BigInt::zero().
Referenced by botan_mp_div(), operator%(), and operator/().
◆ vartime_divide_pow2k()
| BOTAN_TEST_API BigInt Botan::vartime_divide_pow2k | ( | size_t | k, |
| const BigInt & | y ) |
BigInt division, variable time, 2^k variant
This is identical to ct_divide_pow2k in functionality, but leaks both k and y to side channels, so it should only be used with public inputs.
- Parameters
-
k an integer y a positive integer
- Returns
- q equal to 2**k / y
Definition at line 225 of file divide.cpp.
References BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, Botan::BigInt::grow_to(), Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::reduce_below(), Botan::BigInt::set_bit(), Botan::BigInt::sig_words(), Botan::BigInt::top_bits_free(), Botan::divide_precomp< W >::vartime_div_2to1(), Botan::BigInt::word_at(), and Botan::BigInt::zero().
Referenced by Botan::Barrett_Reduction::for_public_modulus().
◆ verify_signature()
| bool Botan::verify_signature | ( | std::span< const uint8_t, ED448_LEN > | pk, |
| bool | phflag, | ||
| std::span< const uint8_t > | context, | ||
| std::span< const uint8_t > | sig, | ||
| std::span< const uint8_t > | msg ) |
Verify a signature(RFC 8032 5.2.7).
- Parameters
-
pk the public key phflag the prehash flag (true iff using Ed448ph) context the context string sig the signature msg the message to verify
- Exceptions
-
Decoding_Error if the public key or signature is malformed
- Returns
- true if the signature is valid
Definition at line 428 of file ed448_internal.cpp.
References Botan::Ed448Point::base_point(), Botan::Scalar448::bytes_are_reduced(), Botan::Ed448Point::decode(), Botan::Ed448Point::double_scalar_mul_vartime(), ED448_LEN, and Botan::Ed448Point::negate().
Referenced by Botan::Roughtime::Response::from_bits().
◆ version_cstr()
| const char * Botan::version_cstr | ( | ) |
Same as version_string() except returning a pointer to a statically allocated string.
- Returns
- version string
Definition at line 20 of file version.cpp.
Referenced by botan_version_string(), and version_string().
◆ version_datestamp()
| uint32_t Botan::version_datestamp | ( | ) |
Return the date this version of botan was released, in an integer of the form YYYYMMDD. For instance a version released on May 21, 2013 would return the integer 20130521. If the currently running version is not an official release, this function will return 0 instead.
- Returns
- release date, or zero if unreleased
Definition at line 32 of file version.cpp.
References BOTAN_VERSION_DATESTAMP.
Referenced by botan_version_datestamp().
◆ version_distribution_info()
| std::optional< std::string > Botan::version_distribution_info | ( | ) |
Return any string that is set at build time using the --distribution-info option. It allows a packager of the library to specify any distribution-specific patches. If no value is given at build time, returns nullopt.
- Returns
- distribution info
Definition at line 44 of file version.cpp.
◆ version_major()
| uint32_t Botan::version_major | ( | ) |
Get the major version number.
- Returns
- major version number
Definition at line 55 of file version.cpp.
References BOTAN_VERSION_MAJOR.
Referenced by botan_version_major(), and runtime_version_check().
◆ version_minor()
| uint32_t Botan::version_minor | ( | ) |
Get the minor version number.
- Returns
- minor version number
Definition at line 59 of file version.cpp.
References BOTAN_VERSION_MINOR.
Referenced by botan_version_minor(), and runtime_version_check().
◆ version_patch()
| uint32_t Botan::version_patch | ( | ) |
Get the patch number.
- Returns
- patch number
Definition at line 63 of file version.cpp.
References BOTAN_VERSION_PATCH.
Referenced by botan_version_patch(), and runtime_version_check().
◆ version_string()
| std::string Botan::version_string | ( | ) |
Get a human-readable single-line string identifying the version of Botan. No particular format should be assumed.
- Returns
- version string
Definition at line 24 of file version.cpp.
References version_cstr().
◆ version_vc_revision()
| std::optional< std::string > Botan::version_vc_revision | ( | ) |
Returns a string that is set to a revision identifier corresponding to the source, or nullopt if this could not be determined. It is set for all official releases, and for builds that originated from within a git checkout.
- Returns
- VC revision
Definition at line 36 of file version.cpp.
◆ word8_add2()
|
inlineconstexpr |
Definition at line 268 of file mp_asmi.h.
References carry(), and word_add().
Referenced by bigint_add2().
◆ word8_add3()
|
inlineconstexpr |
Definition at line 294 of file mp_asmi.h.
References carry(), and word_add().
Referenced by bigint_add3().
◆ word8_linmul3()
|
inlineconstexpr |
Definition at line 397 of file mp_asmi.h.
References carry(), and word_madd2().
Referenced by bigint_linmul3().
◆ word8_madd3()
|
inlineconstexpr |
Definition at line 423 of file mp_asmi.h.
References carry(), and word_madd3().
Referenced by basecase_mul(), and basecase_sqr().
◆ word8_sub2()
|
inlineconstexpr |
Definition at line 345 of file mp_asmi.h.
References carry(), and word_sub().
Referenced by bigint_sub2().
◆ word8_sub3()
|
inlineconstexpr |
Definition at line 371 of file mp_asmi.h.
References carry(), and word_sub().
Referenced by bigint_monty_maybe_sub(), bigint_sub3(), and bigint_sub_abs().
◆ word_add()
|
inlineconstexpr |
Definition at line 231 of file mp_asmi.h.
References carry().
Referenced by Botan::word3< W >::add(), bigint_add2(), bigint_add3(), bigint_cnd_abs(), bigint_cnd_add(), Botan::BigInt::ct_cond_add(), Botan::IntMod< MontgomeryRep< ScalarParams > >::div2(), Botan::word3< W >::mul(), Botan::word3< W >::mul_x2(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator+, Botan::IntMod< MontgomeryRep< ScalarParams > >::operator-, solinas_correct_redc(), word8_add2(), and word8_add3().
◆ word_madd2()
|
inlineconstexpr |
Definition at line 90 of file mp_asmi.h.
References carry().
Referenced by bigint_linmul2(), bigint_linmul3(), redc_crandall(), Botan::divide_precomp< W >::vartime_mod_2to1(), and word8_linmul3().
◆ word_madd3()
|
inlineconstexpr |
Definition at line 133 of file mp_asmi.h.
References carry().
Referenced by basecase_mul(), basecase_sqr(), redc_crandall(), and word8_madd3().
◆ word_sub()
|
inlineconstexpr |
Definition at line 320 of file mp_asmi.h.
References carry().
Referenced by bigint_cnd_sub(), bigint_monty_maybe_sub(), bigint_monty_maybe_sub(), bigint_sub2(), bigint_sub2_rev(), bigint_sub3(), bigint_sub_abs(), Botan::IntMod< MontgomeryRep< ScalarParams > >::negate(), Botan::IntMod< MontgomeryRep< ScalarParams > >::operator-, redc_crandall(), solinas_correct_redc(), word8_sub2(), and word8_sub3().
◆ words_for_bits()
|
constexpr |
Definition at line 18 of file curve448_scalar.h.
◆ wots_public_key_from_signature()
| BOTAN_TEST_API WotsPublicKey Botan::wots_public_key_from_signature | ( | const SphincsTreeNode & | hashed_message, |
| StrongSpan< const WotsSignature > | signature, | ||
| Sphincs_Address & | address, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 8: wots_pkFromSig.
Reconstructs the WOTS public key from a given WOTS signature and message. This is tailored for the use case in the SLH-DSA implementation and is not meant for general usability in non SLH-DSA algorithms.
Definition at line 104 of file sp_wots.cpp.
References chain_lengths(), Botan::detail::Strong_Base< T >::get(), Botan::Sphincs_Parameters::n(), Botan::BufferStuffer::next(), Botan::Sphincs_Address::set_chain_address(), Botan::BufferSlicer::take(), Botan::Sphincs_Parameters::w(), and Botan::Sphincs_Parameters::wots_len().
Referenced by ht_verify().
◆ wots_sign_and_pkgen()
| BOTAN_TEST_API void Botan::wots_sign_and_pkgen | ( | StrongSpan< WotsSignature > | sig_out, |
| StrongSpan< SphincsTreeNode > | leaf_out, | ||
| const SphincsSecretSeed & | secret_seed, | ||
| TreeNodeIndex | leaf_idx, | ||
| std::optional< TreeNodeIndex > | sign_leaf_idx, | ||
| const std::vector< WotsHashIndex > & | wots_steps, | ||
| Sphincs_Address & | leaf_addr, | ||
| Sphincs_Address & | pk_addr, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 6 and 7: wots_pkGen and wots_sign.
Implements a domain specific wrapper for the one-time signature scheme WOTS+ (Winternitz OTS). It is meant to be used inside SLH-DSA and does not aim to be applicable for other use cases. If this function is not used in a signing operation (i.e. sign_leaf_idx is not set), wots_steps may be empty.
Definition at line 133 of file sp_wots.cpp.
References BOTAN_ASSERT_NOMSG, Botan::Sphincs_Address::get_type(), Botan::Sphincs_Parameters::n(), Botan::BufferStuffer::next(), Botan::Sphincs_Hash_Functions::PRF(), Botan::Sphincs_Address::set_chain_address(), Botan::Sphincs_Address::set_hash_address(), Botan::Sphincs_Address::set_keypair_address(), Botan::Sphincs_Address::set_type(), Botan::Sphincs_Hash_Functions::T(), Botan::Sphincs_Parameters::w(), Botan::Sphincs_Parameters::wots_bytes(), Botan::Sphincs_Parameters::wots_len(), WotsHash, WotsKeyGeneration, and WotsPublicKeyCompression.
Referenced by xmss_sign_and_pkgen().
◆ wrap_strong_type()
requires std::constructible_from<T, ParamT> || (concepts::strong_type<T> && std::constructible_from<typename T::wrapped_type, ParamT>)
|
nodiscardconstexpr |
Wraps a value into a caller-defined (strong) type.
If the provided object t is already of type T, it is returned as is.
- Note
- This is meant as a helper for generic code that needs to deal with both wrapped strong types and bare objects. Use the ordinary constructor if you know that you are dealing with a bare value type.
- Parameters
-
t value to be wrapped
- Returns
- the wrapped value
Definition at line 268 of file strong_type.h.
Referenced by checked_cast_to_or_throw(), Botan::detail::load_any(), Botan::bitvector_base< secure_allocator >::subvector(), and Botan::detail::wrap_strong_type_or_enum().
◆ x448()
| Point448 Botan::x448 | ( | const ScalarX448 & | k, |
| const Point448 & | u ) |
Multiply a scalar k with a point u.
- Parameters
-
k scalar u point on curve
- Returns
- k * u
Definition at line 48 of file x448_internal.cpp.
References Botan::CT::Mask< T >::cleared(), Botan::Gf448Elem::ct_cond_swap(), Botan::CT::Mask< T >::expand(), Botan::detail::Strong_Base< T >::get(), mul_a24(), Botan::Gf448Elem::one(), square(), and Botan::Gf448Elem::zero().
Referenced by x448_basepoint().
◆ x448_basepoint()
| Point448 Botan::x448_basepoint | ( | const ScalarX448 & | k | ) |
Multiply a scalar with the base group element (5).
Multiply a scalar with the standard group element (5).
- Parameters
-
k scalar
- Returns
- encoded point
Definition at line 41 of file x448_internal.cpp.
References x448().
◆ x500_name_cmp()
| bool Botan::x500_name_cmp | ( | std::string_view | name1, |
| std::string_view | name2 ) |
Definition at line 32 of file x509_dn.cpp.
Referenced by operator<(), and operator==().
◆ x509_path_validate() [1/4]
| Path_Validation_Result Botan::x509_path_validate | ( | const std::vector< X509_Certificate > & | end_certs, |
| const Path_Validation_Restrictions & | restrictions, | ||
| const Certificate_Store & | store, | ||
| std::string_view | hostname = "", | ||
| Usage_Type | usage = Usage_Type::UNSPECIFIED, | ||
| std::chrono::system_clock::time_point | validation_time = std::chrono::system_clock::now(), | ||
| std::chrono::milliseconds | ocsp_timeout = std::chrono::milliseconds(0), | ||
| const std::vector< std::optional< OCSP::Response > > & | ocsp_resp = {} ) |
PKIX Path Validation
- Parameters
-
end_certs certificate chain to validate restrictions path validation restrictions store store that contains trusted certificates hostname if not empty, compared against the DNS name in end_certs[0] usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] validation_time what reference time to use for validation ocsp_timeout timeout for OCSP operations, 0 disables OCSP check ocsp_resp additional OCSP responses to consider (eg from peer)
- Returns
- result of the path validation
Definition at line 954 of file x509path.cpp.
References x509_path_validate().
◆ x509_path_validate() [2/4]
| Path_Validation_Result Botan::x509_path_validate | ( | const std::vector< X509_Certificate > & | end_certs, |
| const Path_Validation_Restrictions & | restrictions, | ||
| const std::vector< Certificate_Store * > & | trusted_roots, | ||
| std::string_view | hostname = "", | ||
| Usage_Type | usage = Usage_Type::UNSPECIFIED, | ||
| std::chrono::system_clock::time_point | validation_time = std::chrono::system_clock::now(), | ||
| std::chrono::milliseconds | ocsp_timeout = std::chrono::milliseconds(0), | ||
| const std::vector< std::optional< OCSP::Response > > & | ocsp_resp = {} ) |
PKIX Path Validation
- Parameters
-
end_certs certificate chain to validate (with end entity certificate in end_certs[0]) restrictions path validation restrictions trusted_roots list of certificate stores that contain trusted certificates hostname if not empty, compared against the DNS name in end_certs[0] usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] validation_time what reference time to use for validation ocsp_timeout timeout for OCSP operations, 0 disables OCSP check ocsp_resp additional OCSP responses to consider (eg from peer)
- Returns
- result of the path validation note: when enabled, OCSP check is softfail by default: if the OCSP server is not reachable, Path_Validation_Result::successful_validation() will return true. Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings().
Definition at line 868 of file x509path.cpp.
References Botan::PKIX::build_all_certificate_paths(), CANNOT_ESTABLISH_TRUST, Botan::PKIX::check_chain(), Botan::PKIX::check_crl(), Botan::PKIX::check_ocsp(), Botan::PKIX::merge_revocation_status(), OCSP_NO_HTTP, OK, Botan::Path_Validation_Restrictions::require_self_signed_trust_anchors(), and Botan::Path_Validation_Result::successful_validation().
Referenced by botan_x509_cert_verify(), botan_x509_cert_verify_with_crl(), Botan::TLS::Callbacks::tls_verify_cert_chain(), x509_path_validate(), x509_path_validate(), and x509_path_validate().
◆ x509_path_validate() [3/4]
| Path_Validation_Result Botan::x509_path_validate | ( | const X509_Certificate & | end_cert, |
| const Path_Validation_Restrictions & | restrictions, | ||
| const Certificate_Store & | store, | ||
| std::string_view | hostname = "", | ||
| Usage_Type | usage = Usage_Type::UNSPECIFIED, | ||
| std::chrono::system_clock::time_point | validation_time = std::chrono::system_clock::now(), | ||
| std::chrono::milliseconds | ocsp_timeout = std::chrono::milliseconds(0), | ||
| const std::vector< std::optional< OCSP::Response > > & | ocsp_resp = {} ) |
PKIX Path Validation
- Parameters
-
end_cert certificate to validate restrictions path validation restrictions store store that contains trusted certificates hostname if not empty, compared against the DNS name in end_cert usage if not set to UNSPECIFIED, compared against the key usage in end_cert validation_time what reference time to use for validation ocsp_timeout timeout for OCSP operations, 0 disables OCSP check ocsp_resp additional OCSP responses to consider (eg from peer)
- Returns
- result of the path validation
Definition at line 968 of file x509path.cpp.
References x509_path_validate().
◆ x509_path_validate() [4/4]
| Path_Validation_Result Botan::x509_path_validate | ( | const X509_Certificate & | end_cert, |
| const Path_Validation_Restrictions & | restrictions, | ||
| const std::vector< Certificate_Store * > & | trusted_roots, | ||
| std::string_view | hostname = "", | ||
| Usage_Type | usage = Usage_Type::UNSPECIFIED, | ||
| std::chrono::system_clock::time_point | validation_time = std::chrono::system_clock::now(), | ||
| std::chrono::milliseconds | ocsp_timeout = std::chrono::milliseconds(0), | ||
| const std::vector< std::optional< OCSP::Response > > & | ocsp_resp = {} ) |
PKIX Path Validation
- Parameters
-
end_cert certificate to validate restrictions path validation restrictions trusted_roots list of stores that contain trusted certificates hostname if not empty, compared against the DNS name in end_cert usage if not set to UNSPECIFIED, compared against the key usage in end_cert validation_time what reference time to use for validation ocsp_timeout timeout for OCSP operations, 0 disables OCSP check ocsp_resp additional OCSP responses to consider (eg from peer)
- Returns
- result of the path validation
Definition at line 941 of file x509path.cpp.
References x509_path_validate().
◆ xmss_concat() [1/2]
| void Botan::xmss_concat | ( | secure_vector< uint8_t > & | target, |
| const T & | src ) |
Concatenates the byte representation in big-endian order of any integral value to a secure_vector.
- Parameters
-
target Vector to concatenate the byte representation of the integral value to. src integral value to concatenate.
Definition at line 28 of file xmss_tools.h.
Referenced by Botan::XMSS_WOTS_Parameters::base_w().
◆ xmss_concat() [2/2]
| void Botan::xmss_concat | ( | secure_vector< uint8_t > & | target, |
| const T & | src, | ||
| size_t | len ) |
Concatenates the last n bytes of the byte representation in big-endian order of any integral value to a to a secure_vector.
- Parameters
-
target Vector to concatenate the byte representation of the integral value to. src Integral value to concatenate. len number of bytes to concatenate. This value must be smaller or equal to the size of type T.
Definition at line 48 of file xmss_tools.h.
◆ xmss_gen_root()
| SphincsTreeNode Botan::xmss_gen_root | ( | const Sphincs_Parameters & | params, |
| const SphincsSecretSeed & | secret_seed, | ||
| Sphincs_Hash_Functions & | hashes ) |
Compute the XMSS public key (root node) of the top-most subtree. Contains logic of FIPS 205, Algorithm 18: slh_keygen_internal
Definition at line 58 of file sp_xmss.cpp.
References Botan::Sphincs_Parameters::d(), HashTree, Botan::Sphincs_Parameters::n(), root(), Botan::Sphincs_Address::set_layer_address(), Botan::Sphincs_Parameters::wots_bytes(), WotsPublicKeyCompression, xmss_sign_and_pkgen(), and Botan::Sphincs_Parameters::xmss_tree_height().
Referenced by Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey().
◆ xmss_sign_and_pkgen()
| SphincsTreeNode Botan::xmss_sign_and_pkgen | ( | StrongSpan< SphincsXmssSignature > | out_sig, |
| const SphincsTreeNode & | message, | ||
| const SphincsSecretSeed & | secret_seed, | ||
| Sphincs_Address & | wots_addr, | ||
| Sphincs_Address & | tree_addr, | ||
| std::optional< TreeNodeIndex > | idx_leaf, | ||
| const Sphincs_Parameters & | params, | ||
| Sphincs_Hash_Functions & | hashes ) |
FIPS 205, Algorithm 10: xmss_sign.
This generates a Merkle signature of message (i.e. a FORS public key (bottom layer) or an XMSS root node). The Merkle authentication path logic is mostly hidden in treehash_spec. The WOTS signature followed by the Merkle authentication path are stored in out_sig. Set idx_leaf to std::nullopt if no signature is desired.
- Returns
- the XMSS public key (i.e. the root of the XMSS merkle tree)
Definition at line 19 of file sp_xmss.cpp.
References Botan::Sphincs_Address::as_subtree_from(), BOTAN_ASSERT_NOMSG, chain_lengths(), Botan::Sphincs_Address::get_type(), HashTree, Botan::Sphincs_Parameters::n(), Botan::BufferStuffer::next(), Botan::BufferStuffer::remaining_capacity(), Botan::Sphincs_Address::set_type(), treehash(), Botan::Sphincs_Parameters::wots_bytes(), wots_sign_and_pkgen(), WotsPublicKeyCompression, and Botan::Sphincs_Parameters::xmss_tree_height().
Referenced by ht_sign(), and xmss_gen_root().
◆ xor_buf() [1/7]
|
inlineconstexpr |
XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length
- Parameters
-
out the input/output range in the read-only input range
Definition at line 341 of file mem_ops.h.
References Botan::ranges::assert_equal_byte_lengths(), and typecast_copy().
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::Salsa20::cipher_bytes(), Botan::Lion::decrypt_n(), Botan::Lion::encrypt_n(), Botan::GHASH::final(), mgf1_mask(), operator^(), Botan::OctetString::operator^=(), operator^=(), pbkdf2(), Botan::SIV_Mode::S2V(), xor_buf(), xor_buf(), xor_buf(), xor_buf(), and xor_buf().
◆ xor_buf() [2/7]
|
inlineconstexpr |
XOR arrays. Postcondition out[i] = in1[i] ^ in2[i] forall i = 0...length
- Parameters
-
out the output range in1 the first input range in2 the second input range
Definition at line 371 of file mem_ops.h.
References Botan::ranges::assert_equal_byte_lengths(), and typecast_copy().
◆ xor_buf() [3/7]
|
inline |
Definition at line 421 of file mem_ops.h.
References BOTAN_ARG_CHECK, and xor_buf().
◆ xor_buf() [4/7]
| void Botan::xor_buf | ( | std::vector< uint8_t, Alloc > & | out, |
| const uint8_t * | in, | ||
| const std::vector< uint8_t, Alloc2 > & | in2, | ||
| size_t | n ) |
Definition at line 437 of file mem_ops.h.
References BOTAN_ARG_CHECK, and xor_buf().
◆ xor_buf() [5/7]
| void Botan::xor_buf | ( | std::vector< uint8_t, Alloc > & | out, |
| const uint8_t * | in, | ||
| size_t | n ) |
Definition at line 429 of file mem_ops.h.
References BOTAN_ARG_CHECK, and xor_buf().
◆ xor_buf() [6/7]
|
inline |
XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length
- Parameters
-
out the output buffer in the first input buffer in2 the second input buffer length the length of the three buffers
Definition at line 415 of file mem_ops.h.
References xor_buf().
◆ xor_buf() [7/7]
|
inline |
XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length
- Parameters
-
out the input/output buffer in the read-only input buffer length the length of the buffers
Definition at line 403 of file mem_ops.h.
References xor_buf().
◆ xts_compute_tweak_block()
| void Botan::xts_compute_tweak_block | ( | uint8_t | tweak[], |
| size_t | BS, | ||
| size_t | blocks_in_tweak ) |
Definition at line 119 of file poly_dbl.cpp.
References BOTAN_ASSERT_NOMSG, carry(), copy_out_le(), load_le(), and poly_double_n_le().
Referenced by Botan::XTS_Mode::update_tweak().
◆ zap()
| void Botan::zap | ( | std::vector< T, Alloc > & | vec | ) |
Zeroise the values then free the memory
- Parameters
-
vec the vector to zeroise and free
Definition at line 133 of file secmem.h.
References zeroise().
Referenced by Botan::TLS::Cipher_State::advance_with_client_finished(), Botan::TLS::Cipher_State::advance_with_client_hello(), Botan::AES_128::clear(), Botan::AES_192::clear(), Botan::AES_256::clear(), Botan::ANSI_X919_MAC::clear(), Botan::ARIA_128::clear(), Botan::ARIA_192::clear(), Botan::ARIA_256::clear(), Botan::Blowfish::clear(), Botan::Camellia_128::clear(), Botan::Camellia_192::clear(), Botan::Camellia_256::clear(), Botan::CAST_128::clear(), Botan::ChaCha::clear(), Botan::CTR_BE::clear(), Botan::DES::clear(), Botan::GHASH::clear(), Botan::GOST_28147_89::clear(), Botan::HMAC::clear(), Botan::IDEA::clear(), Botan::KMAC::clear(), Botan::Kuznyechik::clear(), Botan::Lion::clear(), Botan::Noekeon::clear(), Botan::Poly1305::clear(), Botan::RC4::clear(), Botan::Salsa20::clear(), Botan::SEED::clear(), Botan::Serpent::clear(), Botan::SHACAL2::clear(), Botan::SipHash::clear(), Botan::SM4::clear(), Botan::Threefish_512::clear(), Botan::TripleDES::clear(), Botan::Twofish::clear(), Botan::TLS::Record_Layer::clear_read_buffer(), Botan::TLS::Cipher_State::clear_read_keys(), and Botan::TLS::Cipher_State::clear_write_keys().
◆ zeroise()
| void Botan::zeroise | ( | std::vector< T, Alloc > & | vec | ) |
Zeroise the values; length remains unchanged
- Parameters
-
vec the vector to zeroise
Definition at line 124 of file secmem.h.
Referenced by Botan::BLAKE2b::clear(), Botan::CMAC::clear(), Botan::CTR_BE::clear(), Botan::GMAC::clear(), Botan::GOST_34_11::clear(), Botan::OFB::clear(), Botan::SHAKE_Cipher::clear(), Botan::Streebog::clear(), Botan::Whirlpool::init(), Botan::OctetString::operator^=(), Botan::CBC_Decryption::reset(), Botan::CFB_Mode::reset(), Botan::OCB_Mode::reset(), Botan::CTR_BE::seek(), and zap().
◆ zeroize_buffer()
|
inline |
- Parameters
-
buf a pointer to the start of the region n the number of elements in buf
Definition at line 37 of file mem_utils.h.
Referenced by basecase_mul(), basecase_sqr(), bigint_monty_redc_inplace(), bigint_mul(), bigint_shl1(), bigint_shr1(), bigint_sqr(), Botan::AlignmentBuffer< T, BLOCK_SIZE, FINAL_BLOCK_STRATEGY >::clear(), and Botan::AlignmentBuffer< T, BLOCK_SIZE, FINAL_BLOCK_STRATEGY >::fill_up_with_zeros().
Variable Documentation
◆ BLAKE2B_BLOCKBYTES
|
constexpr |
Definition at line 18 of file blake2b.h.
Referenced by Botan::BLAKE2b::add_data().
◆ BYTES_448
|
constexpr |
Definition at line 21 of file curve448_gf.h.
◆ DefaultBufferSize
|
constexpr |
How much to allocate for a buffer of no particular size
Definition at line 137 of file types.h.
Referenced by operator<<(), operator<<(), operator>>(), operator>>(), Botan::Pipe::read_all_as_string(), and Botan::Pipe::write().
◆ ED448_LEN
|
constexpr |
Definition at line 18 of file ed448_internal.h.
Referenced by Botan::Ed448_PrivateKey::Ed448_PrivateKey(), Botan::Ed448_PrivateKey::Ed448_PrivateKey(), Botan::Ed448_PrivateKey::Ed448_PrivateKey(), Botan::Ed448_PublicKey::Ed448_PublicKey(), Botan::Ed448_PrivateKey::private_key_bits(), sign_message(), and verify_signature().
◆ HEX_CODEC_BUFFER_SIZE
| const size_t Botan::HEX_CODEC_BUFFER_SIZE = 256 |
Size used for internal buffer in hex encoder/decoder
Definition at line 20 of file hex_filt.cpp.
Referenced by Botan::Hex_Decoder::Hex_Decoder(), Botan::Hex_Encoder::Hex_Encoder(), and Botan::Hex_Encoder::Hex_Encoder().
◆ is_strong_span_v
|
constexpr |
Definition at line 739 of file strong_type.h.
◆ is_strong_type_v
|
constexpr |
Definition at line 29 of file strong_type.h.
◆ LMS_IDENTIFIER_LEN
|
constexpr |
The length in bytes of the LMS identifier (I).
Definition at line 69 of file lms.h.
Referenced by Botan::HSS_LMS_PrivateKeyInternal::from_bytes_or_throw(), Botan::LMS_PublicKey::from_bytes_or_throw(), Botan::HSS_LMS_PrivateKeyInternal::HSS_LMS_PrivateKeyInternal(), Botan::LMS_PublicKey::LMS_PublicKey(), and Botan::LMS_PublicKey::size().
◆ MAX_EXT_DEG
| const size_t Botan::MAX_EXT_DEG = 16 |
Definition at line 19 of file gf2m_small_m.cpp.
◆ PRIME_TABLE_SIZE
| const size_t Botan::PRIME_TABLE_SIZE = 6541 |
The size of the PRIMES[] array
Definition at line 175 of file numthry.h.
Referenced by is_prime(), and random_prime().
◆ PRIMES
| const uint16_t Botan::PRIMES |
A const array of all odd primes less than 65535
Definition at line 12 of file primes.cpp.
Referenced by is_prime(), and random_prime().
◆ WORDS_448
|
constexpr |
Definition at line 23 of file curve448_gf.h.
Referenced by Botan::Gf448Elem::bytes_are_canonical_representation(), Botan::Gf448Elem::ct_cond_assign(), Botan::Gf448Elem::ct_cond_swap(), Botan::Ed448Point::decode(), Botan::Gf448Elem::is_zero(), and Botan::Gf448Elem::operator==().
◆ X448_LEN
|
constexpr |
Definition at line 16 of file x448_internal.h.
Referenced by Botan::X448_PrivateKey::check_key(), decode_point(), decode_scalar(), Botan::X448_PrivateKey::X448_PrivateKey(), Botan::X448_PrivateKey::X448_PrivateKey(), and Botan::X448_PublicKey::X448_PublicKey().
Generated by
1.15.0