Botan 3.0.0-alpha0
Crypto and TLS for C&
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

namespace  ARIA_F
 
namespace  ASN1
 
namespace  Camellia_F
 
namespace  Cert_Extension
 
namespace  CryptoBox
 
namespace  CT
 
namespace  FPE
 
namespace  HTTP
 
namespace  KeyPair
 
namespace  OCSP
 
namespace  OIDS
 
namespace  OS
 
namespace  PEM_Code
 
namespace  PK_Ops
 
namespace  PKCS11
 
namespace  PKCS8
 
namespace  PKIX
 
namespace  Roughtime
 
namespace  Serpent_F
 
namespace  SHA1_F
 
namespace  SHA1_SSE2_F
 
namespace  Sodium
 
namespace  Threefish_F
 
namespace  TLS
 
namespace  X509
 

Classes

class  Adler32
 
class  AEAD_Mode
 
class  AES_128
 
class  AES_192
 
class  AES_256
 
class  Algorithm_Not_Found
 
class  AlgorithmIdentifier
 
class  Allocator_Initializer
 
class  AlternativeName
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  Argon2
 
class  Argon2_Family
 
class  ARIA_128
 
class  ARIA_192
 
class  ARIA_256
 
class  ASN1_Formatter
 
class  ASN1_Object
 
class  ASN1_Pretty_Printer
 
class  ASN1_String
 
class  ASN1_Time
 
class  Atomic
 
class  Attribute
 
class  AutoSeeded_RNG
 
class  Barrier
 
class  Base64_Decoder
 
class  Base64_Encoder
 
class  Bcrypt_PBKDF
 
class  Bcrypt_PBKDF_Family
 
class  BER_Bad_Tag
 
class  BER_Decoder
 
class  BER_Decoding_Error
 
class  BER_Object
 
class  BigInt
 
class  BitBucket
 
class  BLAKE2b
 
class  BLAKE2bMAC
 
class  Blinder
 
class  Block_Cipher_Fixed_Params
 
class  BlockCipher
 
class  BlockCipherModePaddingMethod
 
class  Blowfish
 
struct  BotanErrorCategory
 An error category for errors from Botan (other than TLS alerts) More...
 
class  Buffered_Computation
 
class  Buffered_Filter
 
class  Bzip2_Compression
 
class  Bzip2_Decompression
 
class  calendar_point
 
class  Camellia_128
 
class  Camellia_192
 
class  Camellia_256
 
class  Cascade_Cipher
 
class  CAST_128
 
class  CBC_Decryption
 
class  CBC_Encryption
 
class  CBC_Mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  CECPQ1_key
 
class  Certificate_Extension
 
class  Certificate_Store
 
class  Certificate_Store_In_Memory
 
class  Certificate_Store_In_SQL
 
class  Certificate_Store_In_SQLite
 
class  Certificate_Store_MacOS
 
class  Certificate_Store_Windows
 
class  CFB_Decryption
 
class  CFB_Encryption
 
class  CFB_Mode
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  ChaCha_RNG
 
class  Chain
 
class  Cipher_Mode
 
class  Cipher_Mode_Filter
 
class  CMAC
 
class  Comb4P
 
class  CommonCrypto_Error
 
struct  CommonCryptor_Opts
 
class  Compression_Algorithm
 
class  Compression_Alloc_Info
 
class  Compression_Error
 
class  Compression_Stream
 
class  CPUID
 
class  CRC24
 
class  CRC32
 
class  Credentials_Manager
 
class  CRL_Entry
 
class  CTR_BE
 
class  CTS_Decryption
 
class  CTS_Encryption
 
class  Curve25519_PrivateKey
 
class  Curve25519_PublicKey
 
class  CurveGFp
 
class  CurveGFp_Repr
 
class  DataSink
 
class  DataSink_Stream
 
class  DataSource
 
class  DataSource_Memory
 
class  DataSource_Stream
 
class  Decoding_Error
 
class  Decompression_Algorithm
 
class  Deflate_Compression
 
class  Deflate_Decompression
 
class  DER_Encoder
 
class  DES
 
class  DH_PrivateKey
 
class  DH_PublicKey
 
class  DL_Group
 
class  DL_Scheme_PrivateKey
 
class  DL_Scheme_PublicKey
 
class  DLIES_Decryptor
 
class  DLIES_Encryptor
 
class  donna128
 
class  DSA_PrivateKey
 
class  DSA_PublicKey
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  EC_Group
 
class  EC_PrivateKey
 
class  EC_PublicKey
 
class  ECDH_PrivateKey
 
class  ECDH_PublicKey
 
class  ECDSA_PrivateKey
 
class  ECDSA_PublicKey
 
class  ECGDSA_PrivateKey
 
class  ECGDSA_PublicKey
 
class  ECIES_Decryptor
 
class  ECIES_Encryptor
 
class  ECIES_KA_Operation
 
class  ECIES_KA_Params
 
class  ECIES_System_Params
 
class  ECKCDSA_PrivateKey
 
class  ECKCDSA_PublicKey
 
class  Ed25519_PrivateKey
 
class  Ed25519_PublicKey
 
class  ElGamal_PrivateKey
 
class  ElGamal_PublicKey
 
class  EME
 
class  EME_PKCS1v15
 
class  EME_Raw
 
class  EMSA
 
class  EMSA1
 
class  EMSA_PKCS1v15
 
class  EMSA_PKCS1v15_Raw
 
class  EMSA_Raw
 
class  EMSA_X931
 
class  Encoding_Error
 
class  Encrypted_PSK_Database
 
class  Encrypted_PSK_Database_SQL
 
class  Entropy_Source
 
class  Entropy_Sources
 
class  ESP_Padding
 
class  Exception
 
class  Extensions
 
class  Fanout_Filter
 
class  FE_25519
 
class  Filter
 
class  Flatfile_Certificate_Store
 
class  Fork
 
class  FPE_FE1
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
struct  ge_p3
 
class  GeneralName
 X.509 GeneralName Type. More...
 
class  GeneralSubtree
 A single Name Constraint. More...
 
class  Getentropy
 
class  GF2m_Field
 
class  GHASH
 
class  GMAC
 
class  GOST_28147_89
 
class  GOST_28147_89_Params
 
class  GOST_3410_PrivateKey
 
class  GOST_3410_PublicKey
 
class  GOST_34_11
 
class  Gzip_Compression
 
class  Gzip_Decompression
 
class  Hardware_RNG
 
class  HashFunction
 
class  Hex_Decoder
 
class  Hex_Encoder
 
class  HKDF
 
class  HKDF_Expand
 
class  HKDF_Extract
 
class  HMAC
 
class  HMAC_DRBG
 
class  HOTP
 
class  IDEA
 
class  Integer_Overflow_Detected
 
class  Intel_Rdseed
 
class  Internal_Error
 
class  Invalid_Algorithm_Name
 
class  Invalid_Argument
 
class  Invalid_Authentication_Tag
 
class  Invalid_IV_Length
 
class  Invalid_Key_Length
 
class  Invalid_State
 
class  ISO_9796_DS2
 
class  ISO_9796_DS3
 
class  KDF
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 
class  Key_Length_Specification
 
class  Key_Not_Set
 
class  Keyed_Filter
 
class  Kyber_90s_Symmetric_Primitives
 
class  Kyber_Modern_Symmetric_Primitives
 
class  Kyber_PrivateKey
 
class  Kyber_PublicKey
 
class  Kyber_Symmetric_Primitives
 
class  KyberMode
 
class  Lion
 
class  lock_guard
 
class  Lookup_Error
 
class  LZMA_Compression
 
class  LZMA_Decompression
 
class  McEliece_PrivateKey
 
class  McEliece_PublicKey
 
class  MD4
 
class  MD5
 
class  MDx_HashFunction
 
class  Memory_Pool
 
class  MessageAuthenticationCode
 
class  mlock_allocator
 
class  Modular_Reducer
 
class  Montgomery_Int
 
class  Montgomery_Params
 
class  NameConstraints
 Name Constraints. More...
 
class  newhope_poly
 
class  No_Filesystem_Access
 
class  Noekeon
 
class  noop_mutex
 
class  Not_Implemented
 
class  Null_Padding
 
class  Null_RNG
 
class  OAEP
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  OctetString
 
class  OFB
 
class  OID
 
class  OneAndZeros_Padding
 
class  OpenPGP_S2K
 
class  Output_Buffers
 
struct  overloaded
 
class  Parallel
 
class  PasswordHash
 
class  PasswordHashFamily
 
class  Path_Validation_Restrictions
 
class  Path_Validation_Result
 
class  PBKDF
 
class  PBKDF2
 
class  PBKDF2_Family
 
class  Pipe
 
class  PK_Decryptor
 
class  PK_Decryptor_EME
 
class  PK_Encryptor
 
class  PK_Encryptor_EME
 
class  PK_KEM_Decryptor
 
class  PK_KEM_Encryptor
 
class  PK_Key_Agreement
 
class  PK_Key_Agreement_Key
 
class  PK_Signer
 
class  PK_Verifier
 
class  PKCS10_Request
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
class  PKCS8_Exception
 
class  PointGFp
 
class  PointGFp_Base_Point_Precompute
 
class  PointGFp_Multi_Point_Precompute
 
class  PointGFp_Var_Point_Precompute
 
class  Poly1305
 
class  polyn_gf2m
 
class  Private_Key
 
class  PRNG_Unseeded
 
class  Processor_RNG
 
class  Provider_Not_Found
 
class  PSK_Database
 
class  PSSR
 
class  PSSR_Raw
 
class  Public_Key
 
class  RandomNumberGenerator
 
class  RC4
 
class  RFC4880_S2K
 
class  RFC4880_S2K_Family
 
class  RFC6979_Nonce_Generator
 
class  RIPEMD_160
 
class  RSA_PrivateKey
 
class  RSA_PublicKey
 
class  RTSS_Share
 
class  RWLock
 
class  Salsa20
 
class  SCAN_Name
 
class  Scrypt
 
class  Scrypt_Family
 
class  secure_allocator
 
class  SecureQueue
 
class  SEED
 
class  Semaphore
 
class  Serpent
 
class  SHA_160
 
class  SHA_224
 
class  SHA_256
 
class  SHA_3
 
class  SHA_384
 
class  SHA_3_224
 
class  SHA_3_256
 
class  SHA_3_384
 
class  SHA_3_512
 
class  SHA_512
 
class  SHA_512_256
 
class  SHACAL2
 
class  SHAKE_128
 
class  SHAKE_128_Cipher
 
class  SHAKE_256
 
class  SIMD_4x32
 
class  SIMD_8x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  Skein_512
 
class  SM2_PrivateKey
 
class  SM2_PublicKey
 
class  SM3
 
class  SM4
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56A_Hash
 
class  SP800_56A_HMAC
 
class  SP800_56C
 
class  SQL_Database
 
class  Sqlite3_Database
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_Compression
 
class  Stream_Decompression
 
class  Stream_IO_Error
 
class  StreamCipher
 
class  Streebog
 
class  SymmetricAlgorithm
 
class  System_Certificate_Store
 
class  System_Error
 
class  System_RNG
 
class  Thread_Pool
 
class  Threefish_512
 
class  Timer
 
class  TLS_12_PRF
 
class  TOTP
 
class  TPM_Context
 
class  TPM_Error
 
class  TPM_PrivateKey
 
class  TPM_RNG
 
class  TripleDES
 
class  Tweakable_Block_Cipher
 
class  Twofish
 
struct  URI
 
class  UUID
 
class  Whirlpool
 
class  Win32_EntropySource
 
class  X509_CA
 
class  X509_Cert_Options
 
class  X509_Certificate
 
class  X509_CRL
 
class  X509_DN
 
class  X509_Object
 
class  X942_PRF
 
class  XMSS_Address
 
class  XMSS_Common_Ops
 
class  XMSS_Hash
 
class  XMSS_Index_Registry
 
class  XMSS_Parameters
 
class  XMSS_PrivateKey
 
class  XMSS_PublicKey
 
class  XMSS_Signature
 
class  XMSS_Signature_Operation
 
class  XMSS_Tools
 
class  XMSS_Verification_Operation
 
class  XMSS_WOTS_Addressed_PrivateKey
 
class  XMSS_WOTS_Addressed_PublicKey
 
class  XMSS_WOTS_Parameters
 
class  XMSS_WOTS_PrivateKey
 
class  XMSS_WOTS_PublicKey
 
class  XTS_Decryption
 
class  XTS_Encryption
 
class  XTS_Mode
 
class  ZFEC
 
class  Zlib_Compression
 
class  Zlib_Decompression
 
class  Zlib_Style_Stream
 

Typedefs

typedef __vector unsigned int Altivec32x4
 
typedef __vector unsigned long long Altivec64x2
 
typedef __vector unsigned char Altivec8x16
 
typedef BLAKE2b Blake2b
 
typedef BLAKE2bMAC Blake2bMac
 
using byte = std::uint8_t
 
typedef int32_t CCCryptorStatus
 
typedef std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
 
typedef EC_Group EC_Domain_Params
 
typedef FE_25519 fe
 
typedef uint16_t gf2m
 
using InitializationVector = OctetString
 
typedef Invalid_Authentication_Tag Integrity_Failure
 
template<typename T >
using lock_guard_type = lock_guard< T >
 
typedef MessageAuthenticationCode MAC
 
typedef noop_mutex mutex_type
 
typedef PK_Key_Agreement_Key PK_KA_Key
 
typedef Private_Key PKCS8_PrivateKey
 
typedef newhope_poly poly
 
typedef noop_mutex recursive_mutex_type
 
typedef RandomNumberGenerator RNG
 
typedef PBKDF S2K
 
using s32bit = std::int32_t
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T > >
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T > >
 
template<typename T >
using SecureVector = secure_vector< T >
 
typedef SHA_160 SHA_1
 
typedef SM2_PrivateKey SM2_Encryption_PrivateKey
 
typedef SM2_PublicKey SM2_Encryption_PublicKey
 
typedef SM2_PrivateKey SM2_Signature_PrivateKey
 
typedef SM2_PublicKey SM2_Signature_PublicKey
 
using SymmetricKey = OctetString
 
using u16bit = std::uint16_t
 
using u32bit = std::uint32_t
 
using u64bit = std::uint64_t
 
typedef std::vector< secure_vector< uint8_t > > wots_keysig_t
 
typedef Curve25519_PrivateKey X25519_PrivateKey
 
typedef Curve25519_PublicKey X25519_PublicKey
 
typedef Public_Key X509_PublicKey
 
typedef ASN1_Time X509_Time
 

Enumerations

enum  { SM3_BLOCK_BYTES = 64 , SM3_DIGEST_BYTES = 32 }
 
enum class  ASN1_Class : uint32_t {
  Universal = 0b0000'0000 , Application = 0b0100'0000 , ContextSpecific = 0b1000'0000 , Private = 0b1100'0000 ,
  Constructed = 0b0010'0000 , ExplicitContextSpecific = Constructed | ContextSpecific , NoObject = 0xFF00
}
 
enum class  ASN1_Type : uint32_t {
  Eoc = 0x00 , Boolean = 0x01 , Integer = 0x02 , BitString = 0x03 ,
  OctetString = 0x04 , Null = 0x05 , ObjectId = 0x06 , Enumerated = 0x0A ,
  Sequence = 0x10 , Set = 0x11 , Utf8String = 0x0C , NumericString = 0x12 ,
  PrintableString = 0x13 , TeletexString = 0x14 , Ia5String = 0x16 , VisibleString = 0x1A ,
  UniversalString = 0x1C , BmpString = 0x1E , UtcTime = 0x17 , GeneralizedTime = 0x18 ,
  NoObject = 0xFF00
}
 
enum class  Certificate_Status_Code {
  OK = 0 , VERIFIED = 0 , OCSP_RESPONSE_GOOD = 1 , OCSP_SIGNATURE_OK = 2 ,
  VALID_CRL_CHECKED = 3 , OCSP_NO_HTTP = 4 , FIRST_WARNING_STATUS = 500 , CERT_SERIAL_NEGATIVE = 500 ,
  DN_TOO_LONG = 501 , OCSP_NO_REVOCATION_URL = 502 , OCSP_SERVER_NOT_AVAILABLE = 503 , FIRST_ERROR_STATUS = 1000 ,
  SIGNATURE_METHOD_TOO_WEAK = 1000 , UNTRUSTED_HASH = 1001 , NO_REVOCATION_DATA = 1002 , NO_MATCHING_CRLDP = 1003 ,
  CERT_NOT_YET_VALID = 2000 , CERT_HAS_EXPIRED = 2001 , OCSP_NOT_YET_VALID = 2002 , OCSP_HAS_EXPIRED = 2003 ,
  CRL_NOT_YET_VALID = 2004 , CRL_HAS_EXPIRED = 2005 , OCSP_IS_TOO_OLD = 2006 , CERT_ISSUER_NOT_FOUND = 3000 ,
  CANNOT_ESTABLISH_TRUST = 3001 , CERT_CHAIN_LOOP = 3002 , CHAIN_LACKS_TRUST_ROOT = 3003 , CHAIN_NAME_MISMATCH = 3004 ,
  POLICY_ERROR = 4000 , INVALID_USAGE = 4001 , CERT_CHAIN_TOO_LONG = 4002 , CA_CERT_NOT_FOR_CERT_ISSUER = 4003 ,
  NAME_CONSTRAINT_ERROR = 4004 , CA_CERT_NOT_FOR_CRL_ISSUER = 4005 , OCSP_CERT_NOT_LISTED = 4006 , OCSP_BAD_STATUS = 4007 ,
  CERT_NAME_NOMATCH = 4008 , UNKNOWN_CRITICAL_EXTENSION = 4009 , DUPLICATE_CERT_EXTENSION = 4010 , OCSP_SIGNATURE_ERROR = 4501 ,
  OCSP_ISSUER_NOT_FOUND = 4502 , OCSP_RESPONSE_MISSING_KEYUSAGE = 4503 , OCSP_RESPONSE_INVALID = 4504 , EXT_IN_V1_V2_CERT = 4505 ,
  DUPLICATE_CERT_POLICY = 4506 , V2_IDENTIFIERS_IN_V1_CERT = 4507 , CERT_IS_REVOKED = 5000 , CRL_BAD_SIGNATURE = 5001 ,
  SIGNATURE_ERROR = 5002 , CERT_PUBKEY_INVALID = 5003 , SIGNATURE_ALGO_UNKNOWN = 5004 , SIGNATURE_ALGO_BAD_PARAMS = 5005
}
 
enum  Cipher_Dir : int { ENCRYPTION , DECRYPTION }
 
enum class  CRL_Code : uint32_t {
  UNSPECIFIED = 0 , KEY_COMPROMISE = 1 , CA_COMPROMISE = 2 , AFFILIATION_CHANGED = 3 ,
  SUPERSEDED = 4 , CESSATION_OF_OPERATION = 5 , CERTIFICATE_HOLD = 6 , REMOVE_FROM_CRL = 8 ,
  PRIVLEDGE_WITHDRAWN = 9 , PRIVILEGE_WITHDRAWN = 9 , AA_COMPROMISE = 10 , DELETE_CRL_ENTRY = 0xFF00 ,
  OCSP_GOOD = 0xFF01 , OCSP_UNKNOWN = 0xFF02
}
 
enum  Decoder_Checking { NONE , IGNORE_WS , FULL_CHECK }
 
enum class  DL_Group_Format {
  ANSI_X9_42 , ANSI_X9_57 , PKCS_3 , DSA_PARAMETERS = ANSI_X9_57 ,
  DH_PARAMETERS = ANSI_X9_42 , ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42 , PKCS3_DH_PARAMETERS = PKCS_3
}
 
enum class  DL_Group_Source { Builtin , RandomlyGenerated , ExternalSource }
 
enum class  EC_Group_Encoding {
  Explicit , ImplicitCA , NamedCurve , EC_DOMPAR_ENC_EXPLICIT = Explicit ,
  EC_DOMPAR_ENC_IMPLICITCA = ImplicitCA , EC_DOMPAR_ENC_OID = NamedCurve
}
 
enum class  EC_Group_Source { Builtin , ExternalSource }
 
enum class  ECIES_Flags : uint32_t {
  NONE = 0 , SINGLE_HASH_MODE = 1 , COFACTOR_MODE = 2 , OLD_COFACTOR_MODE = 4 ,
  CHECK_MODE = 8
}
 
enum class  ErrorType {
  Unknown = 1 , SystemError , NotImplemented , OutOfMemory ,
  InternalError , IoError , InvalidObjectState = 100 , KeyNotSet ,
  InvalidArgument , InvalidKeyLength , InvalidNonceLength , LookupError ,
  EncodingFailure , DecodingFailure , TLSError , HttpError ,
  InvalidTag , RoughtimeError , CommonCryptoError = 201 , Pkcs11Error ,
  TPMError , DatabaseError , ZlibError = 300 , Bzip2Error ,
  LzmaError
}
 
enum  Key_Constraints {
  NO_CONSTRAINTS = 0 , DIGITAL_SIGNATURE = 1 << 15 , NON_REPUDIATION = 1 << 14 , KEY_ENCIPHERMENT = 1 << 13 ,
  DATA_ENCIPHERMENT = 1 << 12 , KEY_AGREEMENT = 1 << 11 , KEY_CERT_SIGN = 1 << 10 , CRL_SIGN = 1 << 9 ,
  ENCIPHER_ONLY = 1 << 8 , DECIPHER_ONLY = 1 << 7
}
 
enum class  KyberKeyEncoding { Raw , Full }
 
enum class  Newhope_Mode { SHA3 , BoringSSL }
 
enum  Newhope_Params {
  NEWHOPE_SENDABYTES = 1824 , NEWHOPE_SENDBBYTES = 2048 , NEWHOPE_OFFER_BYTES = 1824 , NEWHOPE_ACCEPT_BYTES = 2048 ,
  NEWHOPE_SHARED_KEY_BYTES = 32 , NEWHOPE_SEED_BYTES = 32 , NEWHOPE_POLY_BYTES = 1792 , CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32 ,
  CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32 , CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
}
 
enum  Signature_Format { IEEE_1363 , DER_SEQUENCE }
 
enum class  TPM_Storage_Type { User , System }
 
enum class  Usage_Type {
  UNSPECIFIED , TLS_SERVER_AUTH , TLS_CLIENT_AUTH , CERTIFICATE_AUTHORITY ,
  OCSP_RESPONDER , ENCRYPTION
}
 

Functions

BigInt abs (const BigInt &n)
 
BOTAN_MALLOC_FN void * allocate_memory (size_t elems, size_t elem_size)
 
void argon2 (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t key[], size_t key_len, const uint8_t ad[], size_t ad_len, uint8_t y, size_t p, size_t M, size_t t)
 
bool argon2_check_pwhash (const char *password, size_t password_len, const std::string &input_hash)
 
std::string argon2_generate_pwhash (const char *password, size_t password_len, RandomNumberGenerator &rng, size_t p, size_t M, size_t t, uint8_t y, size_t salt_len, size_t output_len)
 
std::string asn1_class_to_string (ASN1_Class type)
 
std::string asn1_tag_to_string (ASN1_Type type)
 
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
secure_vector< uint8_t > base32_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base32_decode (const std::string &input, bool ignore_ws)
 
size_t base32_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
size_t base32_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base32_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base32_encode (const uint8_t input[], size_t input_length)
 
std::vector< uint8_t > base58_check_decode (const char input[], size_t input_length)
 
std::vector< uint8_t > base58_check_decode (const std::string &s)
 
template<typename Alloc >
std::string base58_check_encode (const std::vector< uint8_t, Alloc > &vec)
 
std::string base58_check_encode (const uint8_t input[], size_t input_length)
 
std::vector< uint8_t > base58_decode (const char input[], size_t input_length)
 
std::vector< uint8_t > base58_decode (const std::string &s)
 
template<typename Alloc >
std::string base58_encode (const std::vector< uint8_t, Alloc > &vec)
 
std::string base58_encode (const uint8_t input[], size_t input_length)
 
secure_vector< uint8_t > base64_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const std::string &input, bool ignore_ws)
 
size_t base64_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
size_t base64_decode_max_output (size_t input_length)
 
size_t base64_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base64_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base64_encode (const uint8_t input[], size_t input_length)
 
size_t base64_encode_max_output (size_t input_length)
 
template<typename Base >
size_t base_decode (Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
 
template<typename Base >
size_t base_decode_full (Base &&base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
template<typename Vector , typename Base >
Vector base_decode_to_vec (Base &&base, const char input[], size_t input_length, bool ignore_ws)
 
template<class Base >
size_t base_encode (Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Base >
std::string base_encode_to_string (Base &&base, const uint8_t input[], size_t input_length)
 
void bcrypt_pbkdf (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t rounds)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
int32_t bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_abs (word cnd, word x[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], word x_size, const word y[], size_t y_size)
 
void bigint_cnd_add_or_sub (CT::Mask< word > mask, word x[], const word y[], size_t size)
 
word bigint_cnd_addsub (CT::Mask< word > mask, word x[], const word y[], const word z[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul24 (word z[48], const word x[24], const word y[24])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word z[32], const word x[16])
 
void bigint_comba_sqr24 (word z[48], const word x[24])
 
void bigint_comba_sqr4 (word z[8], const word x[4])
 
void bigint_comba_sqr6 (word z[12], const word x[6])
 
void bigint_comba_sqr8 (word z[16], const word x[8])
 
void bigint_comba_sqr9 (word z[18], const word x[9])
 
CT::Mask< word > bigint_ct_is_eq (const word x[], size_t x_size, const word y[], size_t y_size)
 
CT::Mask< word > bigint_ct_is_lt (const word x[], size_t x_size, const word y[], size_t y_size, bool lt_or_equal=false)
 
word bigint_divop (word n1, word n0, word d)
 
word bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
void bigint_mod_sub (word t[], const word s[], const word mod[], size_t mod_sw, word ws[])
 
template<size_t N>
void bigint_mod_sub_n (word t[], const word s[], const word mod[], word ws[])
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size)
 
void bigint_monty_redc_16 (word z[], const word p[16], word p_dash, word ws[])
 
void bigint_monty_redc_24 (word z[], const word p[24], word p_dash, word ws[])
 
void bigint_monty_redc_32 (word z[], const word p[32], word p_dash, word ws[])
 
void bigint_monty_redc_4 (word z[], const word p[4], word p_dash, word ws[])
 
void bigint_monty_redc_6 (word z[], const word p[6], word p_dash, word ws[])
 
void bigint_monty_redc_8 (word z[], const word p[8], word p_dash, word ws[])
 
void bigint_monty_redc_generic (word z[], size_t z_size, const word p[], size_t p_size, word p_dash, word ws[])
 
void bigint_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
 
void bigint_shl1 (word x[], size_t x_size, size_t x_words, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
CT::Mask< word > bigint_sub_abs (word z[], const word x[], const word y[], size_t N, word ws[])
 
int32_t bigint_sub_abs (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
template<typename T >
constexpr T bit_permute_step (T x, T mask, size_t shift)
 
size_t bit_size_to_32bit_size (size_t bit_size)
 
size_t bit_size_to_byte_size (size_t bit_size)
 
void blamka_ssse3 (uint64_t T[128])
 
const BotanErrorCategorybotan_category () noexcept
 
template<typename T >
constexpr void bswap_4 (T x[4])
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
template<size_t S, int64_t MUL = 1>
void carry (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int32_t &h0, int32_t &h1)
 
template<size_t S>
void carry0 (int64_t &h0, int64_t &h1)
 
uint64_t carry_shift (const donna128 &a, size_t shift)
 
uint8_t * cast_char_ptr_to_uint8 (char *s)
 
const uint8_t * cast_char_ptr_to_uint8 (const char *s)
 
const char * cast_uint8_ptr_to_char (const uint8_t *b)
 
char * cast_uint8_ptr_to_char (uint8_t *b)
 
void CECPQ1_accept (uint8_t *shared_key, uint8_t *accept_message, const uint8_t *offer_message, RandomNumberGenerator &rng)
 
void CECPQ1_accept (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], uint8_t send[CECPQ1_ACCEPT_BYTES], const uint8_t received[CECPQ1_OFFER_BYTES], RandomNumberGenerator &rng)
 
void CECPQ1_finish (uint8_t *shared_key, const CECPQ1_key &offer_key, const uint8_t *accept_message)
 
void CECPQ1_finish (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], const CECPQ1_key &offer_key, const uint8_t received[CECPQ1_ACCEPT_BYTES])
 
void CECPQ1_offer (uint8_t *offer_message, CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
void CECPQ1_offer (uint8_t send[CECPQ1_OFFER_BYTES], CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
template<typename T >
constexpr uint8_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &pass, const std::string &hash)
 
bool check_passhash9 (const std::string &pass, const std::string &hash)
 
size_t checked_add (size_t x, size_t y, const char *file, int line)
 
template<typename RT , typename AT >
RT checked_cast_to (AT i)
 
template<typename T >
constexpr T choose (T mask, T a, T b)
 
PK_Signerchoose_sig_format (const Private_Key &key, const std::map< std::string, std::string > &opts, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
PK_Signerchoose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
std::string clean_ws (const std::string &s)
 
constexpr void clear_bytes (void *ptr, size_t bytes)
 
template<typename T >
constexpr void clear_mem (T *ptr, size_t n)
 
uint64_t combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
void commoncrypto_adjust_key_size (const uint8_t key[], size_t length, const CommonCryptor_Opts &opts, secure_vector< uint8_t > &full_key)
 
CommonCryptor_Opts commoncrypto_opts_from_algo (const std::string &algo)
 
CommonCryptor_Opts commoncrypto_opts_from_algo_name (const std::string &algo_name)
 
template<typename... Ts>
decltype(auto) concat (Ts &&...buffers)
 
template<typename ResultT , typename... Ts>
ResultT concat_as (Ts &&...buffers)
 
bool constant_time_compare (const uint8_t x[], const uint8_t y[], size_t len)
 
template<typename T >
constexpr void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
std::unique_ptr< Private_Keycreate_ec_private_key (const std::string &alg_name, const EC_Group &ec_group, RandomNumberGenerator &rng)
 
template<typename Alloc >
std::string create_hex_fingerprint (const std::vector< uint8_t, Alloc > &vec, const std::string &hash_name)
 
std::string create_hex_fingerprint (const uint8_t bits[], size_t bits_len, const std::string &hash_name)
 
std::unique_ptr< Private_Keycreate_private_key (const std::string &alg_name, RandomNumberGenerator &rng, const std::string &params, const std::string &provider)
 
uint8_t ct_compare_u8 (const uint8_t x[], const uint8_t y[], size_t len)
 
BigInt ct_divide (const BigInt &x, const BigInt &y)
 
void ct_divide (const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out)
 
void ct_divide_word (const BigInt &x, word y, BigInt &q_out, word &r_out)
 
template<typename T >
constexpr T ct_is_zero (T x)
 
BigInt ct_modulo (const BigInt &x, const BigInt &y)
 
template<typename T >
constexpr size_t ctz (T n)
 
void curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32])
 
void curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
void deallocate_memory (void *p, size_t elems, size_t elem_size)
 
gf2m decode_gf2m (const uint8_t *mem)
 
size_t dl_exponent_size (size_t bits)
 
size_t dl_work_factor (size_t bits)
 
template<typename E , typename... Args>
void do_throw_error (const char *file, int line, const char *func, Args... args)
 
size_t ecp_work_factor (size_t bits)
 
void ed25519_gen_keypair (uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
 
void ed25519_gen_keypair (uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32])
 
void ed25519_sign (uint8_t sig[64], const uint8_t m[], size_t mlen, const uint8_t sk[64], const uint8_t domain_sep[], size_t domain_sep_len)
 
bool ed25519_verify (const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk, const uint8_t domain_sep[], size_t domain_sep_len)
 
bool ed25519_verify (const uint8_t msg[], size_t msg_len, const uint8_t sig[64], const uint8_t pk[32], const uint8_t domain_sep[], size_t domain_sep_len)
 
uint32_t encode_gf2m (gf2m to_enc, uint8_t *mem)
 
template<typename T >
uint16_t expand_mask_16bit (T tst)
 
void expand_message_xmd (const std::string &hash_fn, uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len)
 
template<typename T >
constexpr T expand_top_bit (T a)
 
void fe_0 (fe &x)
 
void fe_1 (fe &x)
 
void fe_add (fe &x, const fe &a, const fe &b)
 
void fe_copy (fe &a, const fe &b)
 
void fe_frombytes (fe &x, const uint8_t *b)
 
void fe_invert (fe &x, const fe &z)
 
int fe_isnegative (const fe &x)
 
int fe_isnonzero (const fe &x)
 
void fe_mul (fe &x, const fe &a, const fe &b)
 
void fe_neg (fe &x, const fe &z)
 
void fe_pow22523 (fe &x, const fe &y)
 
void fe_sq (fe &x, const fe &z)
 
void fe_sq2 (fe &x, const fe &z)
 
void fe_sq_iter (fe &x, const fe &z, size_t iter)
 
void fe_sub (fe &x, const fe &a, const fe &b)
 
void fe_tobytes (uint8_t *b, const fe &x)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, size_t code_length)
 
void gamma (SIMD_4x32 &A0, SIMD_4x32 &A1, SIMD_4x32 &A2, SIMD_4x32 &A3)
 
BigInt gcd (const BigInt &a, const BigInt &b)
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t *a, const ge_p3 *A, const uint8_t *b)
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])
 
int ge_frombytes_negate_vartime (ge_p3 *v, const uint8_t *)
 
void ge_scalarmult_base (uint8_t out[32], const uint8_t in[32])
 
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, char version)
 
std::vector< uint8_t > generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
 
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, size_t ext_deg, size_t code_length, size_t t)
 
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id)
 
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
 
BigInt generate_rsa_prime (RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const DL_Group &group, const std::string &hash_id)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
 
AEAD_Modeget_aead (const std::string &name, Cipher_Dir direction)
 
template<size_t B, typename T >
constexpr uint8_t get_byte (T input)
 
template<typename T >
constexpr uint8_t get_byte_var (size_t byte_num, T input)
 
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
 
Cipher_Modeget_cipher_mode (const std::string &algo_spec, Cipher_Dir direction, const std::string &provider="")
 
std::vector< std::string > get_files_recursive (const std::string &dir)
 
KDFget_kdf (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
PBKDFget_s2k (const std::string &algo_spec)
 
std::vector< std::string > get_sig_paddings (const std::string &algo)
 
gf2m gray_to_lex (gf2m gray)
 
bool has_filesystem_impl ()
 
std::string hash_for_emsa (const std::string &algo_spec)
 
PointGFp hash_to_curve_sswu (const EC_Group &group, const std::string &hash_fn, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len, bool random_oracle)
 
std::vector< uint8_t > hex_decode (const char input[], size_t input_length, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const std::string &input, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const std::string &input, bool ignore_ws)
 
void hex_encode (char output[], const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename Alloc >
std::string hex_encode (const std::vector< uint8_t, Alloc > &input, bool uppercase=true)
 
std::string hex_encode (const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename T >
constexpr size_t high_bit (T n)
 
secure_vector< uint8_t > hkdf_expand_label (const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
 
template<typename... Alts, typename... Ts>
constexpr bool holds_any_of (const std::variant< Ts... > &v) noexcept
 
bool host_wildcard_match (const std::string &issued_, const std::string &host_)
 
uint8_t ieee1363_hash_id (const std::string &name)
 
size_t if_work_factor (size_t bits)
 
void initialize_allocator ()
 
bool intersects (ASN1_Class x, ASN1_Class y)
 
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
 
std::string ipv4_to_string (uint32_t ip)
 
bool is_bailie_psw_probable_prime (const BigInt &n)
 
bool is_bailie_psw_probable_prime (const BigInt &n, const Modular_Reducer &mod_n)
 
bool is_lucas_probable_prime (const BigInt &C, const Modular_Reducer &mod_C)
 
bool is_miller_rabin_probable_prime (const BigInt &n, const Modular_Reducer &mod_n, RandomNumberGenerator &rng, size_t test_iterations)
 
bool is_passhash9_alg_supported (uint8_t alg_id)
 
BigInt is_perfect_square (const BigInt &C)
 
template<typename T >
constexpr bool is_power_of_2 (T arg)
 
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
 
int32_t jacobi (const BigInt &a, const BigInt &n)
 
std::string key_constraints_to_string (Key_Constraints constraints)
 
std::string latin1_to_utf8 (const uint8_t chars[], size_t len)
 
BigInt lcm (const BigInt &a, const BigInt &b)
 
gf2m lex_to_gray (gf2m lex)
 
uint64_t load_3 (const uint8_t in[3])
 
uint64_t load_4 (const uint8_t *in)
 
template<typename T >
constexpr T load_be (const uint8_t in[], size_t off)
 
template<typename T >
constexpr void load_be (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
constexpr void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
constexpr void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
constexpr void load_be (T out[], const uint8_t in[], size_t count)
 
template<>
constexpr uint16_t load_be< uint16_t > (const uint8_t in[], size_t off)
 
template<>
constexpr uint32_t load_be< uint32_t > (const uint8_t in[], size_t off)
 
template<>
constexpr uint64_t load_be< uint64_t > (const uint8_t in[], size_t off)
 
template<typename T >
constexpr T load_le (const uint8_t in[], size_t off)
 
template<typename T >
constexpr void load_le (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
constexpr void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
constexpr void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
constexpr void load_le (T out[], const uint8_t in[], size_t count)
 
template<>
constexpr uint16_t load_le< uint16_t > (const uint8_t in[], size_t off)
 
template<>
constexpr uint32_t load_le< uint32_t > (const uint8_t in[], size_t off)
 
template<>
constexpr uint64_t load_le< uint64_t > (const uint8_t in[], size_t off)
 
std::unique_ptr< Private_Keyload_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
 
std::unique_ptr< Public_Keyload_public_key (const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
 
size_t low_zero_bits (const BigInt &n)
 
template<typename T >
constexpr T majority (T a, T b, T c)
 
std::unique_ptr< BlockCiphermake_commoncrypto_block_cipher (const std::string &name)
 
std::unique_ptr< Cipher_Modemake_commoncrypto_cipher_mode (const std::string &name, Cipher_Dir direction)
 
std::unique_ptr< HashFunctionmake_commoncrypto_hash (const std::string &name)
 
Compression_Algorithmmake_compressor (const std::string &type)
 
Decompression_Algorithmmake_decompressor (const std::string &type)
 
boost::system::error_code make_error_code (Botan::ErrorType e)
 
constexpr uint16_t make_uint16 (uint8_t i0, uint8_t i1)
 
constexpr uint32_t make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
 
constexpr uint64_t make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
secure_vector< uint8_t > mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, size_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext, secure_vector< uint8_t > &error_mask, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
 
size_t mceliece_work_factor (size_t n, size_t t)
 
void mgf1_mask (HashFunction &hash, const uint8_t in[], size_t in_len, uint8_t out[], size_t out_len)
 
size_t miller_rabin_test_iterations (size_t n_bits, size_t prob, bool random)
 
BigInt monty_execute (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
 
BigInt monty_execute_vartime (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
 
BigInt monty_exp (std::shared_ptr< const Montgomery_Params > params_p, const BigInt &g, const BigInt &k, size_t max_k_bits)
 
BigInt monty_exp_vartime (std::shared_ptr< const Montgomery_Params > params_p, const BigInt &g, const BigInt &k)
 
word monty_inverse (word a)
 
BigInt monty_multi_exp (const std::shared_ptr< const Montgomery_Params > &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
 
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute (const std::shared_ptr< const Montgomery_Params > &params, const BigInt &g, size_t window_bits, bool const_time)
 
void mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
 
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
void newhope_keygen (uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_keygen (uint8_t send[NEWHOPE_SENDABYTES], newhope_poly *sk, RandomNumberGenerator &rng, Newhope_Mode=Newhope_Mode::SHA3)
 
void newhope_shareda (uint8_t *sharedkey, const poly *sk, const uint8_t received[], Newhope_Mode mode)
 
void newhope_shareda (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], const newhope_poly *ska, const uint8_t *received, Newhope_Mode mode=Newhope_Mode::SHA3)
 
void newhope_sharedb (uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_sharedb (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], uint8_t send[], const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode=Newhope_Mode::SHA3)
 
secure_vector< uint8_t > nist_key_unwrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
secure_vector< uint8_t > nist_key_unwrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
secure_vector< uint8_t > oaep_find_delim (uint8_t &valid_mask, const uint8_t input[], size_t input_len, const secure_vector< uint8_t > &Phash)
 
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator!= (const ASN1_Time &, const ASN1_Time &)
 
bool operator!= (const BigInt &a, const BigInt &b)
 
bool operator!= (const BigInt &a, word b)
 
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
 
bool operator!= (const OctetString &s1, const OctetString &s2)
 
bool operator!= (const OID &a, const OID &b)
 
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
 
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
 
BigInt operator% (const BigInt &n, const BigInt &mod)
 
word operator% (const BigInt &n, word mod)
 
ECIES_Flags operator& (ECIES_Flags a, ECIES_Flags b)
 
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
 
BigInt operator* (const BigInt &x, const BigInt &y)
 
BigInt operator* (const BigInt &x, word y)
 
donna128 operator* (const donna128 &x, uint64_t y)
 
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
 
donna128 operator* (uint64_t y, const donna128 &x)
 
BigInt operator* (word x, const BigInt &y)
 
BigInt operator+ (const BigInt &x, const BigInt &y)
 
BigInt operator+ (const BigInt &x, word y)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
donna128 operator+ (const donna128 &x, uint64_t y)
 
OctetString operator+ (const OctetString &k1, const OctetString &k2)
 
OID operator+ (const OID &oid, uint32_t new_comp)
 
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator+ (word x, const BigInt &y)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
BigInt operator- (const BigInt &x, const BigInt &y)
 
BigInt operator- (const BigInt &x, word y)
 
PointGFp operator- (const PointGFp &lhs)
 
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator/ (const BigInt &x, const BigInt &y)
 
BigInt operator/ (const BigInt &x, word y)
 
bool operator< (const ASN1_Time &, const ASN1_Time &)
 
bool operator< (const BigInt &a, const BigInt &b)
 
bool operator< (const BigInt &a, word b)
 
bool operator< (const OID &a, const OID &b)
 
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
 
BigInt operator<< (const BigInt &x, size_t shift)
 
int operator<< (int fd, Pipe &pipe)
 
std::ostream & operator<< (std::ostream &os, const GeneralName &gn)
 
std::ostream & operator<< (std::ostream &os, const GeneralSubtree &gs)
 
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
 
std::ostream & operator<< (std::ostream &out, Pipe &pipe)
 
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
 
bool operator<= (const ASN1_Time &, const ASN1_Time &)
 
bool operator<= (const BigInt &a, const BigInt &b)
 
bool operator<= (const BigInt &a, word b)
 
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator== (const ASN1_Time &, const ASN1_Time &)
 
bool operator== (const BigInt &a, const BigInt &b)
 
bool operator== (const BigInt &a, word b)
 
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator== (const OctetString &s1, const OctetString &s2)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator> (const ASN1_Time &, const ASN1_Time &)
 
bool operator> (const BigInt &a, const BigInt &b)
 
bool operator> (const BigInt &a, word b)
 
bool operator>= (const ASN1_Time &, const ASN1_Time &)
 
bool operator>= (const BigInt &a, const BigInt &b)
 
bool operator>= (const BigInt &a, word b)
 
BigInt operator>> (const BigInt &x, size_t shift)
 
int operator>> (int fd, Pipe &pipe)
 
std::istream & operator>> (std::istream &in, Pipe &pipe)
 
std::istream & operator>> (std::istream &in, X509_DN &dn)
 
std::istream & operator>> (std::istream &stream, BigInt &n)
 
OctetString operator^ (const OctetString &k1, const OctetString &k2)
 
template<typename Alloc , typename Alloc2 >
std::vector< uint8_t, Alloc > & operator^= (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in)
 
ASN1_Class operator| (ASN1_Class x, ASN1_Class y)
 
uint32_t operator| (ASN1_Class x, ASN1_Type y)
 
uint32_t operator| (ASN1_Type x, ASN1_Class y)
 
ASN1_Type operator| (ASN1_Type x, ASN1_Type y)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
ECIES_Flags operator| (ECIES_Flags a, ECIES_Flags b)
 
template<typename Alloc >
PointGFp OS2ECP (const std::vector< uint8_t, Alloc > &data, const CurveGFp &curve)
 
std::pair< BigInt, BigIntOS2ECP (const uint8_t data[], size_t data_len, const BigInt &curve_p, const BigInt &curve_a, const BigInt &curve_b)
 
PointGFp OS2ECP (const uint8_t data[], size_t data_len, const CurveGFp &curve)
 
template<class... Ts>
 overloaded (Ts...) -> overloaded< Ts... >
 
std::vector< std::string > parse_algorithm_name (const std::string &namex)
 
bool passes_miller_rabin_test (const BigInt &n, const Modular_Reducer &mod_n, const std::shared_ptr< Montgomery_Params > &monty_n, const BigInt &a)
 
secure_vector< uint8_t > pbes2_decrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, const std::vector< uint8_t > &params)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t pbkdf_iter, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
void pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const uint8_t salt[], size_t salt_len, size_t iterations)
 
std::vector< uint8_t > pkcs_hash_id (const std::string &name)
 
void poly_double_n (uint8_t buf[], size_t n)
 
void poly_double_n (uint8_t out[], const uint8_t in[], size_t n)
 
void poly_double_n_le (uint8_t out[], const uint8_t in[], size_t n)
 
bool poly_double_supported_size (size_t n)
 
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
 
BOTAN_TEST_API const BigIntprime_p192 ()
 
BOTAN_TEST_API const BigIntprime_p224 ()
 
BOTAN_TEST_API const BigIntprime_p256 ()
 
BOTAN_TEST_API const BigIntprime_p384 ()
 
BOTAN_TEST_API const BigIntprime_p521 ()
 
std::vector< std::string > probe_provider_private_key (const std::string &alg_name, const std::vector< std::string > &possible)
 
template<typename T >
std::vector< std::string > probe_providers_of (const std::string &algo_spec, const std::vector< std::string > &possible={ "base" })
 
gf2m random_code_element (uint16_t code_length, RandomNumberGenerator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
 
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
 
std::map< std::string, std::string > read_cfg (std::istream &is)
 
BOTAN_TEST_API std::map< std::string, std::string > read_kv (const std::string &kv)
 
void redc_mul (int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
 
BOTAN_TEST_API void redc_p192 (BigInt &x, secure_vector< word > &ws)
 
BOTAN_TEST_API void redc_p224 (BigInt &x, secure_vector< word > &ws)
 
BOTAN_TEST_API void redc_p256 (BigInt &x, secure_vector< word > &ws)
 
BOTAN_TEST_API void redc_p384 (BigInt &x, secure_vector< word > &ws)
 
BOTAN_TEST_API void redc_p521 (BigInt &x, secure_vector< word > &ws)
 
constexpr uint16_t reverse_bytes (uint16_t x)
 
constexpr uint32_t reverse_bytes (uint32_t x)
 
constexpr uint64_t reverse_bytes (uint64_t x)
 
secure_vector< uint8_t > rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
secure_vector< uint8_t > rfc3394_keywrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
size_t RFC4880_decode_count (uint8_t iter)
 
uint8_t RFC4880_encode_count (size_t desired_iterations)
 
size_t RFC4880_round_iterations (size_t iterations)
 
template<size_t R>
SIMD_4x32 rotl (SIMD_4x32 input)
 
template<size_t R>
SIMD_8x32 rotl (SIMD_8x32 input)
 
template<size_t ROT, typename T >
constexpr T rotl (T input)
 
template<typename T >
constexpr T rotl_var (T input, size_t rot)
 
template<size_t R>
SIMD_4x32 rotr (SIMD_4x32 input)
 
template<size_t R>
SIMD_8x32 rotr (SIMD_8x32 input)
 
template<size_t ROT, typename T >
constexpr T rotr (T input)
 
template<typename T >
constexpr T rotr_var (T input, size_t rot)
 
template<typename T >
constexpr T round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
void sc_muladd (uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
 
void sc_reduce (uint8_t *)
 
void scrypt (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 
void scrypt (uint8_t output[], size_t output_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
void secure_scrub_memory (void *ptr, size_t n)
 
constexpr void set_mem (uint8_t *ptr, size_t n, uint8_t val)
 
void SHA3_round (uint64_t T[25], const uint64_t A[25], uint64_t RC)
 
template<size_t S>
SIMD_4x32 shl (SIMD_4x32 input)
 
template<size_t S>
SIMD_8x32 shl (SIMD_8x32 input)
 
const char * short_version_cstr ()
 
std::string short_version_string ()
 
bool sig_algo_and_pad_ok (const std::string &algo, const std::string &padding)
 
template<typename T >
constexpr size_t significant_bytes (T n)
 
std::vector< uint8_t > sm2_compute_za (HashFunction &hash, const std::string &user_id, const EC_Group &domain, const PointGFp &pubkey)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
BigInt sqrt_modulo_prime (const BigInt &a, const BigInt &p)
 
BigInt square (const BigInt &x)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const DL_Group &group, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, const size_t a_bits, RandomNumberGenerator &rng)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng)
 
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
 
constexpr void store_be (uint16_t in, uint8_t out[2])
 
constexpr void store_be (uint32_t in, uint8_t out[4])
 
constexpr void store_be (uint64_t in, uint8_t out[8])
 
template<typename T >
constexpr void store_be (uint8_t out[], T x0, T x1)
 
template<typename T >
constexpr void store_be (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
constexpr void store_be (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
constexpr void store_le (uint16_t in, uint8_t out[2])
 
constexpr void store_le (uint32_t in, uint8_t out[4])
 
constexpr void store_le (uint64_t in, uint8_t out[8])
 
template<typename T >
constexpr void store_le (uint8_t out[], T x0, T x1)
 
template<typename T >
constexpr void store_le (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
constexpr void store_le (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
uint32_t string_to_ipv4 (const std::string &str)
 
template<typename T >
constexpr void swap_bits (T &x, T &y, T mask, size_t shift)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
RandomNumberGeneratorsystem_rng ()
 
void theta (SIMD_4x32 &A0, SIMD_4x32 &A1, SIMD_4x32 &A2, SIMD_4x32 &A3, const SIMD_4x32 &K0, const SIMD_4x32 &K1, const SIMD_4x32 &K2, const SIMD_4x32 &K3)
 
void throw_invalid_argument (const char *message, const char *func, const char *file)
 
void throw_invalid_state (const char *expr, const char *func, const char *file)
 
std::vector< uint8_t > to_byte_vector (const std::string &s)
 
const char * to_string (Certificate_Status_Code code)
 
std::string to_string (const secure_vector< uint8_t > &bytes)
 
std::string to_string (ErrorType type)
 Convert an ErrorType to string. More...
 
uint32_t to_u32bit (const std::string &str)
 
uint16_t to_uint16 (const std::string &str)
 
std::string tolower_string (const std::string &in)
 
template<class To , class From >
constexpr To typecast_copy (const From *src) noexcept
 
template<typename T >
constexpr void typecast_copy (T &out, const uint8_t in[])
 
template<typename T >
constexpr void typecast_copy (T out[], const uint8_t in[], size_t N)
 
template<typename T >
constexpr void typecast_copy (uint8_t out[], T in)
 
template<typename T >
constexpr void typecast_copy (uint8_t out[], T in[], size_t N)
 
std::string ucs2_to_utf8 (const uint8_t ucs2[], size_t len)
 
std::string ucs4_to_utf8 (const uint8_t ucs4[], size_t len)
 
template<typename T >
std::vector< Tunlock (const secure_vector< T > &in)
 
BOTAN_FORCE_INLINE void unreachable ()
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
constexpr size_t var_ctz32 (uint32_t n)
 
void vartime_divide (const BigInt &x, const BigInt &y_arg, BigInt &q_out, BigInt &r_out)
 
void verify_cert_constraints_valid_for_key_type (const Public_Key &pub_key, Key_Constraints constraints)
 
const char * version_cstr ()
 
uint32_t version_datestamp ()
 
uint32_t version_major ()
 
uint32_t version_minor ()
 
uint32_t version_patch ()
 
std::string version_string ()
 
void word3_add (word *w2, word *w1, word *w0, word x)
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
word word_madd2 (word a, word b, word *c)
 
word word_madd3 (word a, word b, word c, word *d)
 
word word_sub (word x, word y, word *carry)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n)
 
void xor_buf (uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length)
 
void xor_buf (uint8_t out[], const uint8_t in[], size_t length)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const std::map< const std::string, std::vector< std::string > > allowed_signature_paddings
 
const size_t HEX_CODEC_BUFFER_SIZE = 256
 
const word MP_WORD_MAX = ~static_cast<word>(0)
 
const size_t PRIME_TABLE_SIZE = 6541
 
const uint16_t PRIMES []
 
const uint64_t STREEBOG_Ax [8][256]
 
const uint64_t STREEBOG_C [12][8]
 

Detailed Description

(C) 2019 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018,2019,2021 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018,2019,2022 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018,2019 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2022 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018 Jack Lloyd (C) 2018 Ribose Inc

Botan is released under the Simplified BSD License (see license.txt)

Ordinary applications should never need to include or use this header. It is exposed only for specialized applications which want to implement new versions of public key crypto without merging them as changes to the library. One actual example of such usage is an application which creates RSA signatures using a custom TPM library. Unless you're doing something like that, you don't need anything here. Instead use pubkey.h which wraps these types safely and provides a stable application-oriented API.

XMSS WOTS Addressed Private Key (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Addressed Public Key (C) 2016,2017 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

Typedef Documentation

◆ Altivec32x4

typedef __vector unsigned int Botan::Altivec32x4

Definition at line 22 of file aes_power8.cpp.

◆ Altivec64x2

typedef __vector unsigned long long Botan::Altivec64x2

Definition at line 21 of file aes_power8.cpp.

◆ Altivec8x16

typedef __vector unsigned char Botan::Altivec8x16

Definition at line 23 of file aes_power8.cpp.

◆ Blake2b

Definition at line 68 of file blake2b.h.

◆ Blake2bMac

Definition at line 60 of file blake2bmac.h.

◆ byte

using Botan::byte = typedef std::uint8_t

Definition at line 89 of file types.h.

◆ CCCryptorStatus

typedef int32_t Botan::CCCryptorStatus

Definition at line 23 of file commoncrypto.h.

◆ CertificatePathStatusCodes

This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.

Definition at line 29 of file x509path.h.

◆ EC_Domain_Params

Definition at line 414 of file ec_group.h.

◆ fe

Definition at line 134 of file ed25519_fe.h.

◆ gf2m

typedef uint16_t Botan::gf2m

Definition at line 20 of file gf2m_small_m.h.

◆ InitializationVector

Alternate name for octet string showing intent to use as an IV

Definition at line 148 of file symkey.h.

◆ Integrity_Failure

For compatability with older versions

Definition at line 289 of file exceptn.h.

◆ lock_guard_type

template<typename T >
using Botan::lock_guard_type = typedef lock_guard<T>

Definition at line 54 of file mutex.h.

◆ MAC

Definition at line 154 of file mac.h.

◆ mutex_type

Definition at line 52 of file mutex.h.

◆ PK_KA_Key

Definition at line 313 of file pk_keys.h.

◆ PKCS8_PrivateKey

Definition at line 315 of file pk_keys.h.

◆ poly

Definition at line 25 of file newhope.cpp.

◆ recursive_mutex_type

Definition at line 53 of file mutex.h.

◆ RNG

Convenience typedef

Definition at line 211 of file rng.h.

◆ S2K

typedef PBKDF Botan::S2K

Definition at line 232 of file pbkdf.h.

◆ s32bit

using Botan::s32bit = typedef std::int32_t

Definition at line 93 of file types.h.

◆ secure_deque

template<typename T >
using Botan::secure_deque = typedef std::deque<T, secure_allocator<T> >

Definition at line 66 of file secmem.h.

◆ secure_vector

template<typename T >
using Botan::secure_vector = typedef std::vector<T, secure_allocator<T> >

Definition at line 65 of file secmem.h.

◆ SecureVector

template<typename T >
using Botan::SecureVector = typedef secure_vector<T>

Definition at line 69 of file secmem.h.

◆ SHA_1

Definition at line 69 of file sha160.h.

◆ SM2_Encryption_PrivateKey

Definition at line 122 of file sm2.h.

◆ SM2_Encryption_PublicKey

Definition at line 119 of file sm2.h.

◆ SM2_Signature_PrivateKey

Definition at line 121 of file sm2.h.

◆ SM2_Signature_PublicKey

Definition at line 118 of file sm2.h.

◆ SymmetricKey

Alternate name for octet string showing intent to use as a key

Definition at line 143 of file symkey.h.

◆ u16bit

using Botan::u16bit = typedef std::uint16_t

Definition at line 90 of file types.h.

◆ u32bit

using Botan::u32bit = typedef std::uint32_t

Definition at line 91 of file types.h.

◆ u64bit

using Botan::u64bit = typedef std::uint64_t

Definition at line 92 of file types.h.

◆ wots_keysig_t

typedef std::vector< secure_vector< uint8_t > > Botan::wots_keysig_t

Definition at line 20 of file xmss_common_ops.h.

◆ X25519_PrivateKey

Definition at line 105 of file curve25519.h.

◆ X25519_PublicKey

Definition at line 104 of file curve25519.h.

◆ X509_PublicKey

Definition at line 314 of file pk_keys.h.

◆ X509_Time

Definition at line 389 of file asn1_obj.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
SM3_BLOCK_BYTES 
SM3_DIGEST_BYTES 

Definition at line 15 of file sm3.h.

15 {
16 SM3_BLOCK_BYTES = 64,
18};
@ SM3_DIGEST_BYTES
Definition: sm3.h:17
@ SM3_BLOCK_BYTES
Definition: sm3.h:16

◆ ASN1_Class

enum class Botan::ASN1_Class : uint32_t
strong

ASN.1 Class Tags

Enumerator
Universal 
Application 
ContextSpecific 
Private 
Constructed 
ExplicitContextSpecific 
NoObject 

Definition at line 24 of file asn1_obj.h.

24 : uint32_t {
25 Universal = 0b0000'0000,
26 Application = 0b0100'0000,
27 ContextSpecific = 0b1000'0000,
28 Private = 0b1100'0000,
29
30 Constructed = 0b0010'0000,
32
33 NoObject = 0xFF00
34};

◆ ASN1_Type

enum class Botan::ASN1_Type : uint32_t
strong

ASN.1 Type Tags

Enumerator
Eoc 
Boolean 
Integer 
BitString 
OctetString 
Null 
ObjectId 
Enumerated 
Sequence 
Set 
Utf8String 
NumericString 
PrintableString 
TeletexString 
Ia5String 
VisibleString 
UniversalString 
BmpString 
UtcTime 
GeneralizedTime 
NoObject 

Definition at line 39 of file asn1_obj.h.

39 : uint32_t {
40 Eoc = 0x00,
41 Boolean = 0x01,
42 Integer = 0x02,
43 BitString = 0x03,
44 OctetString = 0x04,
45 Null = 0x05,
46 ObjectId = 0x06,
47 Enumerated = 0x0A,
48 Sequence = 0x10,
49 Set = 0x11,
50
51 Utf8String = 0x0C,
52 NumericString = 0x12,
53 PrintableString = 0x13,
54 TeletexString = 0x14,
55 Ia5String = 0x16,
56 VisibleString = 0x1A,
57 UniversalString = 0x1C,
58 BmpString = 0x1E,
59
60 UtcTime = 0x17,
61 GeneralizedTime = 0x18,
62
63 NoObject = 0xFF00,
64};

◆ Certificate_Status_Code

enum class Botan::Certificate_Status_Code
strong

Certificate validation status code

Enumerator
OK 
VERIFIED 
OCSP_RESPONSE_GOOD 
OCSP_SIGNATURE_OK 
VALID_CRL_CHECKED 
OCSP_NO_HTTP 
FIRST_WARNING_STATUS 
CERT_SERIAL_NEGATIVE 
DN_TOO_LONG 
OCSP_NO_REVOCATION_URL 
OCSP_SERVER_NOT_AVAILABLE 
FIRST_ERROR_STATUS 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
NO_REVOCATION_DATA 
NO_MATCHING_CRLDP 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
OCSP_IS_TOO_OLD 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
CHAIN_LACKS_TRUST_ROOT 
CHAIN_NAME_MISMATCH 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
DUPLICATE_CERT_EXTENSION 
OCSP_SIGNATURE_ERROR 
OCSP_ISSUER_NOT_FOUND 
OCSP_RESPONSE_MISSING_KEYUSAGE 
OCSP_RESPONSE_INVALID 
EXT_IN_V1_V2_CERT 
DUPLICATE_CERT_POLICY 
V2_IDENTIFIERS_IN_V1_CERT 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 
CERT_PUBKEY_INVALID 
SIGNATURE_ALGO_UNKNOWN 
SIGNATURE_ALGO_BAD_PARAMS 

Definition at line 17 of file pkix_enums.h.

17 {
18 OK = 0,
19 VERIFIED = 0,
20
21 // Revocation status
25 OCSP_NO_HTTP = 4,
26
27 // Warnings
30 DN_TOO_LONG = 501,
33
34 // Errors
35 FIRST_ERROR_STATUS = 1000,
36
38 UNTRUSTED_HASH = 1001,
39 NO_REVOCATION_DATA = 1002,
40 NO_MATCHING_CRLDP = 1003,
41
42 // Time problems
43 CERT_NOT_YET_VALID = 2000,
44 CERT_HAS_EXPIRED = 2001,
45 OCSP_NOT_YET_VALID = 2002,
46 OCSP_HAS_EXPIRED = 2003,
47 CRL_NOT_YET_VALID = 2004,
48 CRL_HAS_EXPIRED = 2005,
49 OCSP_IS_TOO_OLD = 2006,
50
51 // Chain generation problems
54 CERT_CHAIN_LOOP = 3002,
57
58 // Validation errors
59 POLICY_ERROR = 4000,
60 INVALID_USAGE = 4001,
64
65 // Revocation errors
68 OCSP_BAD_STATUS = 4007,
69
70 // Other problems
71 CERT_NAME_NOMATCH = 4008,
78 EXT_IN_V1_V2_CERT = 4505,
81
82 // Hard failures
83 CERT_IS_REVOKED = 5000,
84 CRL_BAD_SIGNATURE = 5001,
85 SIGNATURE_ERROR = 5002,
89};

◆ Cipher_Dir

enum Botan::Cipher_Dir : int

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

Definition at line 23 of file cipher_mode.h.

23: int { ENCRYPTION, DECRYPTION };
@ DECRYPTION
Definition: cipher_mode.h:23
@ ENCRYPTION
Definition: cipher_mode.h:23

◆ CRL_Code

enum class Botan::CRL_Code : uint32_t
strong

X.509v2 CRL Reason Code.

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
PRIVILEGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 118 of file pkix_enums.h.

◆ Decoder_Checking

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 166 of file filter.h.

@ FULL_CHECK
Definition: filter.h:166
@ NONE
Definition: filter.h:166
@ IGNORE_WS
Definition: filter.h:166

◆ DL_Group_Format

enum class Botan::DL_Group_Format
strong

The DL group encoding format variants.

Enumerator
ANSI_X9_42 
ANSI_X9_57 
PKCS_3 
DSA_PARAMETERS 
DH_PARAMETERS 
ANSI_X9_42_DH_PARAMETERS 
PKCS3_DH_PARAMETERS 

Definition at line 27 of file dl_group.h.

◆ DL_Group_Source

enum class Botan::DL_Group_Source
strong
Enumerator
Builtin 
RandomlyGenerated 
ExternalSource 

Definition at line 18 of file dl_group.h.

◆ EC_Group_Encoding

enum class Botan::EC_Group_Encoding
strong

This class represents elliptic curce domain parameters

Enumerator
Explicit 
ImplicitCA 
NamedCurve 
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 23 of file ec_group.h.

◆ EC_Group_Source

enum class Botan::EC_Group_Source
strong
Enumerator
Builtin 
ExternalSource 

Definition at line 33 of file ec_group.h.

33 {
34 Builtin,
36};

◆ ECIES_Flags

enum class Botan::ECIES_Flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

Definition at line 27 of file ecies.h.

28 {
29 NONE = 0,
30
31 /// if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key
33
34 /// (decryption only) if set: use cofactor multiplication during (ecdh) key agreement
35 COFACTOR_MODE = 2,
36
37 /// if set: use ecdhc instead of ecdh
39
40 /// (decryption only) if set: test if the (ephemeral) public key is on the curve
41 CHECK_MODE = 8
42 };
@ OLD_COFACTOR_MODE
if set: use ecdhc instead of ecdh
@ CHECK_MODE
(decryption only) if set: test if the (ephemeral) public key is on the curve
@ COFACTOR_MODE
(decryption only) if set: use cofactor multiplication during (ecdh) key agreement
@ SINGLE_HASH_MODE
if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

◆ ErrorType

enum class Botan::ErrorType
strong

Different types of errors that might occur

Enumerator
Unknown 

Some unknown error

SystemError 

An error while calling a system interface

NotImplemented 

An operation seems valid, but not supported by the current version

OutOfMemory 

Memory allocation failure

InternalError 

An internal error occurred

IoError 

An I/O error occurred

InvalidObjectState 

Invalid object state

KeyNotSet 

A key was not set on an object when this is required

InvalidArgument 

The application provided an argument which is invalid

InvalidKeyLength 

A key with invalid length was provided

InvalidNonceLength 

A nonce with invalid length was provided

LookupError 

An object type was requested but cannot be found

EncodingFailure 

Encoding a message or datum failed

DecodingFailure 

Decoding a message or datum failed

TLSError 

A TLS error (error_code will be the alert type)

HttpError 

An error during an HTTP operation

InvalidTag 

A message with an invalid authentication tag was detected

RoughtimeError 

An error during Roughtime validation

CommonCryptoError 

An error when interacting with CommonCrypto API

Pkcs11Error 

An error when interacting with a PKCS11 device

TPMError 

An error when interacting with a TPM device

DatabaseError 

An error when interacting with a database

ZlibError 

An error when interacting with zlib

Bzip2Error 

An error when interacting with bzip2

LzmaError 

An error when interacting with lzma

Definition at line 20 of file exceptn.h.

20 {
21 /** Some unknown error */
22 Unknown = 1,
23 /** An error while calling a system interface */
25 /** An operation seems valid, but not supported by the current version */
27 /** Memory allocation failure */
29 /** An internal error occurred */
31 /** An I/O error occurred */
32 IoError,
33
34 /** Invalid object state */
36 /** A key was not set on an object when this is required */
38 /** The application provided an argument which is invalid */
40 /** A key with invalid length was provided */
42 /** A nonce with invalid length was provided */
44 /** An object type was requested but cannot be found */
46 /** Encoding a message or datum failed */
48 /** Decoding a message or datum failed */
50 /** A TLS error (error_code will be the alert type) */
52 /** An error during an HTTP operation */
54 /** A message with an invalid authentication tag was detected */
56 /** An error during Roughtime validation */
58
59 /** An error when interacting with CommonCrypto API */
61 /** An error when interacting with a PKCS11 device */
63 /** An error when interacting with a TPM device */
65 /** An error when interacting with a database */
67
68 /** An error when interacting with zlib */
69 ZlibError = 300,
70 /** An error when interacting with bzip2 */
72 /** An error when interacting with lzma */
74
75};

◆ Key_Constraints

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 102 of file pkix_enums.h.

102 {
103 NO_CONSTRAINTS = 0,
104 DIGITAL_SIGNATURE = 1 << 15,
105 NON_REPUDIATION = 1 << 14,
106 KEY_ENCIPHERMENT = 1 << 13,
107 DATA_ENCIPHERMENT = 1 << 12,
108 KEY_AGREEMENT = 1 << 11,
109 KEY_CERT_SIGN = 1 << 10,
110 CRL_SIGN = 1 << 9,
111 ENCIPHER_ONLY = 1 << 8,
112 DECIPHER_ONLY = 1 << 7
113};
@ KEY_ENCIPHERMENT
Definition: ffi.h:1579
@ NO_CONSTRAINTS
Definition: ffi.h:1576
@ CRL_SIGN
Definition: ffi.h:1583
@ DIGITAL_SIGNATURE
Definition: ffi.h:1577
@ KEY_AGREEMENT
Definition: ffi.h:1581
@ DATA_ENCIPHERMENT
Definition: ffi.h:1580
@ KEY_CERT_SIGN
Definition: ffi.h:1582
@ ENCIPHER_ONLY
Definition: ffi.h:1584
@ NON_REPUDIATION
Definition: ffi.h:1578
@ DECIPHER_ONLY
Definition: ffi.h:1585

◆ KyberKeyEncoding

enum class Botan::KyberKeyEncoding
strong
Enumerator
Raw 
Full 

Definition at line 59 of file kyber.h.

60 {
61 Raw, // as implemented in the reference implementation
62 Full // as described in draft-uni-qsckeys-00 Section 4.3 (private key), 4.5 (public key)
63 };

◆ Newhope_Mode

enum class Botan::Newhope_Mode
strong

This chooses the XOF + hash for NewHope The official NewHope specification and reference implementation use SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode

Enumerator
SHA3 
BoringSSL 

Definition at line 58 of file newhope.h.

◆ Newhope_Params

Enumerator
NEWHOPE_SENDABYTES 
NEWHOPE_SENDBBYTES 
NEWHOPE_OFFER_BYTES 
NEWHOPE_ACCEPT_BYTES 
NEWHOPE_SHARED_KEY_BYTES 
NEWHOPE_SEED_BYTES 
NEWHOPE_POLY_BYTES 
CECPQ1_OFFER_BYTES 
CECPQ1_ACCEPT_BYTES 
CECPQ1_SHARED_KEY_BYTES 

Definition at line 35 of file newhope.h.

36 {
37 NEWHOPE_SENDABYTES = 1824,
38 NEWHOPE_SENDBBYTES = 2048,
39
43
45 NEWHOPE_POLY_BYTES = 1792,
46
50 };
@ NEWHOPE_SHARED_KEY_BYTES
Definition: newhope.h:42
@ NEWHOPE_SENDABYTES
Definition: newhope.h:37
@ CECPQ1_ACCEPT_BYTES
Definition: newhope.h:48
@ NEWHOPE_POLY_BYTES
Definition: newhope.h:45
@ NEWHOPE_SENDBBYTES
Definition: newhope.h:38
@ CECPQ1_SHARED_KEY_BYTES
Definition: newhope.h:49
@ CECPQ1_OFFER_BYTES
Definition: newhope.h:47
@ NEWHOPE_OFFER_BYTES
Definition: newhope.h:40
@ NEWHOPE_SEED_BYTES
Definition: newhope.h:44
@ NEWHOPE_ACCEPT_BYTES
Definition: newhope.h:41

◆ Signature_Format

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

Definition at line 23 of file pk_keys.h.

@ DER_SEQUENCE
Definition: pk_keys.h:23
@ IEEE_1363
Definition: pk_keys.h:23

◆ TPM_Storage_Type

enum class Botan::TPM_Storage_Type
strong
Enumerator
User 
System 

Definition at line 103 of file tpm.h.

103{ User, System };

◆ Usage_Type

enum class Botan::Usage_Type
strong
Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 
ENCRYPTION 

Definition at line 22 of file x509cert.h.

Function Documentation

◆ abs()

BigInt Botan::abs ( const BigInt n)
inline

Return the absolute value

Parameters
nan integer
Returns
absolute value of n

Definition at line 22 of file numthry.h.

22{ return n.abs(); }
BigInt abs() const
Definition: bigint.cpp:388

References Botan::BigInt::abs().

Referenced by gcd().

◆ allocate_memory()

BOTAN_MALLOC_FN void * Botan::allocate_memory ( size_t  elems,
size_t  elem_size 
)

Allocate a memory buffer by some method. This should only be used for primitive types (uint8_t, uint32_t, etc).

Parameters
elemsthe number of elements
elem_sizethe size of each element
Returns
pointer to allocated and zeroed memory, or throw std::bad_alloc on failure

Definition at line 18 of file mem_ops.cpp.

19 {
20 if(elems == 0 || elem_size == 0)
21 return nullptr;
22
23 // Some calloc implementations do not check for overflow (?!?)
24 const size_t total_size = elems * elem_size;
25
26 if(total_size < elems || total_size < elem_size)
27 throw std::bad_alloc();
28
29#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
30 if(void* p = mlock_allocator::instance().allocate(elems, elem_size))
31 return p;
32#endif
33
34#if defined(BOTAN_TARGET_OS_HAS_ALLOC_CONCEAL)
35 void *ptr = ::calloc_conceal(elems, elem_size);
36#else
37 void* ptr = std::calloc(elems, elem_size);
38#endif
39 if(!ptr)
40 throw std::bad_alloc();
41 return ptr;
42 }

References Botan::mlock_allocator::instance().

Referenced by Botan::secure_allocator< T >::allocate().

◆ argon2()

void Botan::argon2 ( uint8_t  output[],
size_t  output_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  key[],
size_t  key_len,
const uint8_t  ad[],
size_t  ad_len,
uint8_t  y,
size_t  p,
size_t  M,
size_t  t 
)
inline

Argon2 key derivation function

Parameters
outputthe output will be placed here
output_lenlength of output
passwordthe user password
password_lenthe length of password
saltthe salt
salt_lenlength of salt
keyan optional secret key
key_lenthe length of key
adan optional additional input
ad_lenthe length of ad
ythe Argon2 variant (0 = Argon2d, 1 = Argon2i, 2 = Argon2id)
pthe parallelization parameter
Mthe amount of memory to use in Kb
tthe number of iterations to use

Definition at line 113 of file argon2.h.

119 {
120 std::unique_ptr<PasswordHashFamily> pwdhash_fam;
121
122 if(y == 0)
123 pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2d");
124 else if(y == 1)
125 pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2i");
126 else if(y == 2)
127 pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2id");
128 else
129 throw Not_Implemented("Unknown Argon2 family type");
130
131 auto pwdhash = pwdhash_fam->from_params(M, t, p);
132
133 pwdhash->derive_key(output, output_len,
134 password, password_len,
135 salt, salt_len,
136 ad, ad_len,
137 key, key_len);
138 }
size_t salt_len
Definition: x509_obj.cpp:25

References salt_len.

◆ argon2_check_pwhash()

bool Botan::argon2_check_pwhash ( const char *  password,
size_t  password_len,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
password_lenthe length of password
hashthe stored hash to check against

Definition at line 73 of file argon2fmt.cpp.

75 {
76 const std::vector<std::string> parts = split_on(input_hash, '$');
77
78 if(parts.size() != 5)
79 return false;
80
81 uint8_t family = 0;
82
83 if(parts[0] == "argon2d")
84 family = 0;
85 else if(parts[0] == "argon2i")
86 family = 1;
87 else if(parts[0] == "argon2id")
88 family = 2;
89 else
90 return false;
91
92 if(parts[1] != "v=19")
93 return false;
94
95 const std::vector<std::string> params = split_on(parts[2], ',');
96
97 if(params.size() != 3)
98 return false;
99
100 size_t M = 0, t = 0, p = 0;
101
102 for(const auto& param_str : params)
103 {
104 const std::vector<std::string> param = split_on(param_str, '=');
105
106 if(param.size() != 2)
107 return false;
108
109 const std::string key = param[0];
110 const size_t val = to_u32bit(param[1]);
111 if(key == "m")
112 M = val;
113 else if(key == "t")
114 t = val;
115 else if(key == "p")
116 p = val;
117 else
118 return false;
119 }
120
121 std::vector<uint8_t> salt(base64_decode_max_output(parts[3].size()));
122 salt.resize(base64_decode(salt.data(), parts[3], false));
123
124 std::vector<uint8_t> hash(base64_decode_max_output(parts[4].size()));
125 hash.resize(base64_decode(hash.data(), parts[4], false));
126
127 if(hash.size() < 4)
128 return false;
129
130 std::vector<uint8_t> generated(hash.size());
131 auto pwdhash_fam = PasswordHashFamily::create_or_throw(argon2_family(family));
132 auto pwdhash = pwdhash_fam->from_params(M, t, p);
133
134 pwdhash->derive_key(generated.data(), generated.size(),
135 password, password_len,
136 salt.data(), salt.size());
137
138 return constant_time_compare(generated.data(), hash.data(), generated.size());
139 }
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:200
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition: mem_ops.h:82
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:111
size_t base64_decode_max_output(size_t input_length)
Definition: base64.cpp:243
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:29
MechanismType hash

References base64_decode(), base64_decode_max_output(), constant_time_compare(), Botan::PasswordHashFamily::create_or_throw(), hash, split_on(), and to_u32bit().

◆ argon2_generate_pwhash()

std::string Botan::argon2_generate_pwhash ( const char *  password,
size_t  password_len,
RandomNumberGenerator rng,
size_t  p,
size_t  M,
size_t  t,
uint8_t  y,
size_t  salt_len,
size_t  output_len 
)

Definition at line 39 of file argon2fmt.cpp.

43 {
44 std::vector<uint8_t> salt(salt_len);
45 rng.randomize(salt.data(), salt.size());
46
47 std::vector<uint8_t> output(output_len);
48
49 auto pwdhash_fam = PasswordHashFamily::create_or_throw(argon2_family(y));
50 auto pwdhash = pwdhash_fam->from_params(M, t, p);
51
52 pwdhash->derive_key(output.data(), output.size(),
53 password, password_len,
54 salt.data(), salt.size());
55
56 std::ostringstream oss;
57
58 if(y == 0)
59 oss << "$argon2d$";
60 else if(y == 1)
61 oss << "$argon2i$";
62 else
63 oss << "$argon2id$";
64
65 oss << "v=19$m=" << std::to_string(M)
66 << ",t=" << std::to_string(t)
67 << ",p=" << std::to_string(p) << "$";
68 oss << strip_padding(base64_encode(salt)) << "$" << strip_padding(base64_encode(output));
69
70 return oss.str();
71 }
virtual void randomize(uint8_t output[], size_t length)=0
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:185

References base64_encode(), Botan::PasswordHashFamily::create_or_throw(), Botan::RandomNumberGenerator::randomize(), salt_len, and Botan::ASN1::to_string().

◆ asn1_class_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_class_to_string ( ASN1_Class  type)

Definition at line 87 of file asn1_obj.cpp.

88 {
89 switch(type)
90 {
91 case ASN1_Class::Universal:
92 return "UNIVERSAL";
93 case ASN1_Class::Constructed:
94 return "CONSTRUCTED";
95 case ASN1_Class::ContextSpecific:
96 return "CONTEXT_SPECIFIC";
97 case ASN1_Class::Application:
98 return "APPLICATION";
99 case ASN1_Class::Private:
100 return "PRIVATE";
101 case ASN1_Class::NoObject:
102 return "NO_OBJECT";
103 default:
104 return "CLASS(" + std::to_string(static_cast<size_t>(type)) + ")";
105 }
106 }
MechanismType type

References Application, Constructed, ContextSpecific, NoObject, Private, Botan::ASN1::to_string(), type, and Universal.

Referenced by Botan::BER_Object::assert_is_a().

◆ asn1_tag_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_tag_to_string ( ASN1_Type  type)

Definition at line 108 of file asn1_obj.cpp.

109 {
110 switch(type)
111 {
112 case ASN1_Type::Sequence:
113 return "SEQUENCE";
114
115 case ASN1_Type::Set:
116 return "SET";
117
118 case ASN1_Type::PrintableString:
119 return "PRINTABLE STRING";
120
121 case ASN1_Type::NumericString:
122 return "NUMERIC STRING";
123
124 case ASN1_Type::Ia5String:
125 return "IA5 STRING";
126
127 case ASN1_Type::TeletexString:
128 return "T61 STRING";
129
130 case ASN1_Type::Utf8String:
131 return "UTF8 STRING";
132
133 case ASN1_Type::VisibleString:
134 return "VISIBLE STRING";
135
136 case ASN1_Type::BmpString:
137 return "BMP STRING";
138
139 case ASN1_Type::UniversalString:
140 return "UNIVERSAL STRING";
141
142 case ASN1_Type::UtcTime:
143 return "UTC TIME";
144
145 case ASN1_Type::GeneralizedTime:
146 return "GENERALIZED TIME";
147
148 case ASN1_Type::OctetString:
149 return "OCTET STRING";
150
151 case ASN1_Type::BitString:
152 return "BIT STRING";
153
154 case ASN1_Type::Enumerated:
155 return "ENUMERATED";
156
157 case ASN1_Type::Integer:
158 return "INTEGER";
159
160 case ASN1_Type::Null:
161 return "NULL";
162
163 case ASN1_Type::ObjectId:
164 return "OBJECT";
165
166 case ASN1_Type::Boolean:
167 return "BOOLEAN";
168
169 case ASN1_Type::NoObject:
170 return "NO_OBJECT";
171
172 default:
173 return "TAG(" + std::to_string(static_cast<uint32_t>(type)) + ")";
174 }
175 }

References BitString, BmpString, Boolean, Enumerated, GeneralizedTime, Ia5String, Integer, NoObject, Null, NumericString, ObjectId, OctetString, PrintableString, Sequence, Set, TeletexString, Botan::ASN1::to_string(), type, UniversalString, UtcTime, Utf8String, and VisibleString.

Referenced by Botan::BER_Object::assert_is_a().

◆ assertion_failure()

void Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails Throws an Exception object

Definition at line 37 of file assert.cpp.

42 {
43 std::ostringstream format;
44
45 format << "False assertion ";
46
47 if(assertion_made && assertion_made[0] != 0)
48 format << "'" << assertion_made << "' (expression " << expr_str << ") ";
49 else
50 format << expr_str << " ";
51
52 if(func)
53 format << "in " << func << " ";
54
55 format << "@" << file << ":" << line;
56
57#if defined(BOTAN_TERMINATE_ON_ASSERTS)
58 std::cerr << format.str() << '\n';
59 std::abort();
60#else
61 throw Internal_Error(format.str());
62#endif
63 }

◆ base32_decode() [1/5]

secure_vector< uint8_t > Botan::base32_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 220 of file base32.cpp.

223 {
224 return base_decode_to_vec<secure_vector<uint8_t>>(Base32(), input, input_length, ignore_ws);
225 }

◆ base32_decode() [2/5]

secure_vector< uint8_t > Botan::base32_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 227 of file base32.cpp.

229 {
230 return base32_decode(input.data(), input.size(), ignore_ws);
231 }
secure_vector< uint8_t > base32_decode(const std::string &input, bool ignore_ws)
Definition: base32.cpp:227

References base32_decode().

◆ base32_decode() [3/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 195 of file base32.cpp.

201 {
202 return base_decode(Base32(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
203 }
size_t base_decode(Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
Definition: codec_base.h:124

References base_decode().

Referenced by base32_decode().

◆ base32_decode() [4/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 205 of file base32.cpp.

209 {
210 return base_decode_full(Base32(), output, input, input_length, ignore_ws);
211 }
size_t base_decode_full(Base &&base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
Definition: codec_base.h:189

References base_decode_full().

◆ base32_decode() [5/5]

size_t Botan::base32_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 213 of file base32.cpp.

216 {
217 return base32_decode(output, input.data(), input.length(), ignore_ws);
218 }

References base32_decode().

◆ base32_encode() [1/3]

size_t Botan::base32_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base32 encoding

Parameters
outputan array of at least base32_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 180 of file base32.cpp.

185 {
186 return base_encode(Base32(), out, in, input_length, input_consumed, final_inputs);
187 }
size_t base_encode(Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: codec_base.h:34

References base_encode().

Referenced by base32_encode().

◆ base32_encode() [2/3]

template<typename Alloc >
std::string Botan::base32_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base32 encoding

Parameters
inputsome input
Returns
base32 representation of input

Definition at line 50 of file base32.h.

51 {
52 return base32_encode(input.data(), input.size());
53 }
std::string base32_encode(const std::vector< uint8_t, Alloc > &input)
Definition: base32.h:50

References base32_encode().

◆ base32_encode() [3/3]

std::string Botan::base32_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base32 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base32 representation of input

Definition at line 189 of file base32.cpp.

191 {
192 return base_encode_to_string(Base32(), input, input_length);
193 }
std::string base_encode_to_string(Base &&base, const uint8_t input[], size_t input_length)
Definition: codec_base.h:86

References base_encode_to_string().

◆ base58_check_decode() [1/2]

std::vector< uint8_t > Botan::base58_check_decode ( const char  input[],
size_t  input_length 
)

Perform base58 decoding with checksum

Definition at line 171 of file base58.cpp.

172 {
173 std::vector<uint8_t> dec = base58_decode(input, input_length);
174
175 if(dec.size() < 4)
176 throw Decoding_Error("Invalid base58 too short for checksum");
177
178 const uint32_t computed_checksum = sha256_d_checksum(dec.data(), dec.size() - 4);
179 const uint32_t checksum = load_be<uint32_t>(&dec[dec.size()-4], 0);
180
181 if(checksum != computed_checksum)
182 throw Decoding_Error("Invalid base58 checksum");
183
184 dec.resize(dec.size() - 4);
185
186 return dec;
187 }
constexpr uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:190
std::vector< uint8_t > base58_decode(const char input[], size_t input_length)
Definition: base58.cpp:144

References base58_decode(), and load_be< uint32_t >().

Referenced by base58_check_decode().

◆ base58_check_decode() [2/2]

std::vector< uint8_t > Botan::base58_check_decode ( const std::string &  s)
inline

Definition at line 69 of file base58.h.

70 {
71 return base58_check_decode(s.data(), s.size());
72 }
std::vector< uint8_t > base58_check_decode(const std::string &s)
Definition: base58.h:69

References base58_check_decode().

◆ base58_check_encode() [1/2]

template<typename Alloc >
std::string Botan::base58_check_encode ( const std::vector< uint8_t, Alloc > &  vec)
inline

Definition at line 59 of file base58.h.

60 {
61 return base58_check_encode(vec.data(), vec.size());
62 }
std::string base58_check_encode(const std::vector< uint8_t, Alloc > &vec)
Definition: base58.h:59

References base58_check_encode().

◆ base58_check_encode() [2/2]

std::string Botan::base58_check_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base58 encoding with checksum

Definition at line 136 of file base58.cpp.

137 {
138 BigInt v(input, input_length);
139 v <<= 32;
140 v += sha256_d_checksum(input, input_length);
141 return base58_encode(v, count_leading_zeros(input, input_length, 0));
142 }
Polynomial v
Definition: kyber.cpp:822
std::string base58_encode(const uint8_t input[], size_t input_length)
Definition: base58.cpp:130

References base58_encode(), and v.

Referenced by base58_check_encode().

◆ base58_decode() [1/2]

std::vector< uint8_t > Botan::base58_decode ( const char  input[],
size_t  input_length 
)

Perform base58 decoding

This is raw base58 encoding, without the checksum

Definition at line 144 of file base58.cpp.

145 {
146 const size_t leading_zeros = count_leading_zeros(input, input_length, '1');
147
148 BigInt v;
149
150 for(size_t i = leading_zeros; i != input_length; ++i)
151 {
152 const char c = input[i];
153
154 if(c == ' ' || c == '\n')
155 continue;
156
157 const uint8_t idx = base58_value_of(c);
158
159 if(idx == 0xFF)
160 throw Decoding_Error("Invalid base58");
161
162 v *= 58;
163 v += idx;
164 }
165
166 std::vector<uint8_t> output(v.bytes() + leading_zeros);
167 v.binary_encode(output.data() + leading_zeros);
168 return output;
169 }

References v.

Referenced by base58_check_decode(), and base58_decode().

◆ base58_decode() [2/2]

std::vector< uint8_t > Botan::base58_decode ( const std::string &  s)
inline

Definition at line 64 of file base58.h.

65 {
66 return base58_decode(s.data(), s.size());
67 }
std::vector< uint8_t > base58_decode(const std::string &s)
Definition: base58.h:64

References base58_decode().

◆ base58_encode() [1/2]

template<typename Alloc >
std::string Botan::base58_encode ( const std::vector< uint8_t, Alloc > &  vec)
inline

Definition at line 53 of file base58.h.

54 {
55 return base58_encode(vec.data(), vec.size());
56 }
std::string base58_encode(const std::vector< uint8_t, Alloc > &vec)
Definition: base58.h:53

References base58_encode().

◆ base58_encode() [2/2]

std::string Botan::base58_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base58 encoding

This is raw base58 encoding, without the checksum

Definition at line 130 of file base58.cpp.

131 {
132 BigInt v(input, input_length);
133 return base58_encode(v, count_leading_zeros(input, input_length, 0));
134 }

References base58_encode(), and v.

Referenced by base58_check_encode(), and base58_encode().

◆ base64_decode() [1/5]

secure_vector< uint8_t > Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 225 of file base64.cpp.

228 {
229 return base_decode_to_vec<secure_vector<uint8_t>>(Base64(), input, input_length, ignore_ws);
230 }

◆ base64_decode() [2/5]

secure_vector< uint8_t > Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 232 of file base64.cpp.

234 {
235 return base64_decode(input.data(), input.size(), ignore_ws);
236 }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:232

References base64_decode().

◆ base64_decode() [3/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 200 of file base64.cpp.

206 {
207 return base_decode(Base64(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
208 }

References base_decode().

Referenced by argon2_check_pwhash(), base64_decode(), botan_base64_decode(), Botan::Roughtime::Chain::Chain(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::list_names(), Botan::Roughtime::servers_from_str(), and Botan::Base64_Decoder::write().

◆ base64_decode() [4/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 210 of file base64.cpp.

214 {
215 return base_decode_full(Base64(), output, input, input_length, ignore_ws);
216 }

References base_decode_full().

◆ base64_decode() [5/5]

size_t Botan::base64_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 218 of file base64.cpp.

221 {
222 return base64_decode(output, input.data(), input.length(), ignore_ws);
223 }

References base64_decode().

◆ base64_decode_max_output()

size_t Botan::base64_decode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_decode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 243 of file base64.cpp.

244 {
245 return Base64::decode_max_output(input_length);
246 }

Referenced by argon2_check_pwhash(), and botan_base64_decode().

◆ base64_encode() [1/3]

size_t Botan::base64_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters
outputan array of at least base64_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 185 of file base64.cpp.

190 {
191 return base_encode(Base64(), out, in, input_length, input_consumed, final_inputs);
192 }

References base_encode().

Referenced by argon2_generate_pwhash(), Botan::OCSP::Request::base64_encode(), base64_encode(), botan_base64_encode(), Botan::PEM_Code::encode(), generate_passhash9(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::remove(), Botan::Encrypted_PSK_Database::set(), and Botan::Roughtime::Chain::to_string().

◆ base64_encode() [2/3]

template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base64 encoding

Parameters
inputsome input
Returns
base64adecimal representation of input

Definition at line 50 of file base64.h.

51 {
52 return base64_encode(input.data(), input.size());
53 }
std::string base64_encode(const std::vector< uint8_t, Alloc > &input)
Definition: base64.h:50

References base64_encode().

◆ base64_encode() [3/3]

std::string Botan::base64_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base64adecimal representation of input

Definition at line 194 of file base64.cpp.

196 {
197 return base_encode_to_string(Base64(), input, input_length);
198 }

References base_encode_to_string().

◆ base64_encode_max_output()

size_t Botan::base64_encode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_encode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 238 of file base64.cpp.

239 {
240 return Base64::encode_max_output(input_length);
241 }

◆ base_decode()

template<typename Base >
size_t Botan::base_decode ( Base &&  base,
uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform decoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least Base::decode_max_output bytes
inputsome base input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 124 of file codec_base.h.

131 {
132 const size_t decoding_bytes_in = base.decoding_bytes_in();
133 const size_t decoding_bytes_out = base.decoding_bytes_out();
134
135 uint8_t* out_ptr = output;
136 std::vector<uint8_t> decode_buf(decoding_bytes_in, 0);
137 size_t decode_buf_pos = 0;
138 size_t final_truncate = 0;
139
140 clear_mem(output, base.decode_max_output(input_length));
141
142 for(size_t i = 0; i != input_length; ++i)
143 {
144 const uint8_t bin = base.lookup_binary_value(input[i]);
145
146 if(base.check_bad_char(bin, input[i], ignore_ws)) // May throw Invalid_Argument
147 {
148 decode_buf[decode_buf_pos] = bin;
149 ++decode_buf_pos;
150 }
151
152 /*
153 * If we're at the end of the input, pad with 0s and truncate
154 */
155 if(final_inputs && (i == input_length - 1))
156 {
157 if(decode_buf_pos)
158 {
159 for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j)
160 { decode_buf[j] = 0; }
161
162 final_truncate = decoding_bytes_in - decode_buf_pos;
163 decode_buf_pos = decoding_bytes_in;
164 }
165 }
166
167 if(decode_buf_pos == decoding_bytes_in)
168 {
169 base.decode(out_ptr, decode_buf.data());
170
171 out_ptr += decoding_bytes_out;
172 decode_buf_pos = 0;
173 input_consumed = i+1;
174 }
175 }
176
177 while(input_consumed < input_length &&
178 base.lookup_binary_value(input[input_consumed]) == 0x80)
179 {
180 ++input_consumed;
181 }
182
183 size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate);
184
185 return written;
186 }
constexpr void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:115

References clear_mem().

Referenced by base32_decode(), base64_decode(), and base_decode_full().

◆ base_decode_full()

template<typename Base >
size_t Botan::base_decode_full ( Base &&  base,
uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws 
)

Definition at line 189 of file codec_base.h.

190 {
191 size_t consumed = 0;
192 const size_t written = base_decode(base, output, input, input_length, consumed, true, ignore_ws);
193
194 if(consumed != input_length)
195 {
196 throw Invalid_Argument(base.name() + " decoding failed, input did not have full bytes");
197 }
198
199 return written;
200 }

References base_decode().

Referenced by base32_decode(), base64_decode(), and base_decode_to_vec().

◆ base_decode_to_vec()

template<typename Vector , typename Base >
Vector Botan::base_decode_to_vec ( Base &&  base,
const char  input[],
size_t  input_length,
bool  ignore_ws 
)

Definition at line 203 of file codec_base.h.

207 {
208 const size_t output_length = base.decode_max_output(input_length);
209 Vector bin(output_length);
210
211 const size_t written =
212 base_decode_full(base, bin.data(), input, input_length, ignore_ws);
213
214 bin.resize(written);
215 return bin;
216 }

References base_decode_full().

◆ base_encode()

template<class Base >
size_t Botan::base_encode ( Base &&  base,
char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform encoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least base.encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 34 of file codec_base.h.

40 {
41 input_consumed = 0;
42
43 const size_t encoding_bytes_in = base.encoding_bytes_in();
44 const size_t encoding_bytes_out = base.encoding_bytes_out();
45
46 size_t input_remaining = input_length;
47 size_t output_produced = 0;
48
49 while(input_remaining >= encoding_bytes_in)
50 {
51 base.encode(output + output_produced, input + input_consumed);
52
53 input_consumed += encoding_bytes_in;
54 output_produced += encoding_bytes_out;
55 input_remaining -= encoding_bytes_in;
56 }
57
58 if(final_inputs && input_remaining)
59 {
60 std::vector<uint8_t> remainder(encoding_bytes_in, 0);
61 for(size_t i = 0; i != input_remaining; ++i)
62 { remainder[i] = input[input_consumed + i]; }
63
64 base.encode(output + output_produced, remainder.data());
65
66 const size_t bits_consumed = base.bits_consumed();
67 const size_t remaining_bits_before_padding = base.remaining_bits_before_padding();
68
69 size_t empty_bits = 8 * (encoding_bytes_in - input_remaining);
70 size_t index = output_produced + encoding_bytes_out - 1;
71 while(empty_bits >= remaining_bits_before_padding)
72 {
73 output[index--] = '=';
74 empty_bits -= bits_consumed;
75 }
76
77 input_consumed += input_remaining;
78 output_produced += encoding_bytes_out;
79 }
80
81 return output_produced;
82 }

Referenced by base32_encode(), base64_encode(), and base_encode_to_string().

◆ base_encode_to_string()

template<typename Base >
std::string Botan::base_encode_to_string ( Base &&  base,
const uint8_t  input[],
size_t  input_length 
)

Definition at line 86 of file codec_base.h.

87 {
88 const size_t output_length = base.encode_max_output(input_length);
89 std::string output(output_length, 0);
90
91 size_t consumed = 0;
92 size_t produced = 0;
93
94 if(output_length > 0)
95 {
96 produced = base_encode(base, &output.front(),
97 input, input_length,
98 consumed, true);
99 }
100
101 BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
102 BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
103
104 return output;
105 }
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:80

References base_encode(), and BOTAN_ASSERT_EQUAL.

Referenced by base32_encode(), and base64_encode().

◆ bcrypt_pbkdf()

void Botan::bcrypt_pbkdf ( uint8_t  output[],
size_t  output_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
size_t  rounds 
)
inline

Bcrypt PBKDF compatible with OpenBSD bcrypt_pbkdf

Definition at line 71 of file bcrypt_pbkdf.h.

75 {
76 auto pwdhash_fam = PasswordHashFamily::create_or_throw("Bcrypt-PBKDF");
77 auto pwdhash = pwdhash_fam->from_params(rounds);
78 pwdhash->derive_key(output, output_len,
79 password, password_len,
80 salt, salt_len);
81 }

References salt_len.

◆ bigint_add2()

void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 280 of file mp_core.h.

282 {
283 x[x_size] += bigint_add2_nc(x, x_size, y, y_size);
284 }
word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.h:227

References bigint_add2_nc().

Referenced by Botan::BigInt::add().

◆ bigint_add2_nc()

word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Two operand addition with carry out

Definition at line 227 of file mp_core.h.

228 {
229 word carry = 0;
230
231 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
232
233 const size_t blocks = y_size - (y_size % 8);
234
235 for(size_t i = 0; i != blocks; i += 8)
236 carry = word8_add2(x + i, y + i, carry);
237
238 for(size_t i = blocks; i != y_size; ++i)
239 x[i] = word_add(x[i], y[i], &carry);
240
241 for(size_t i = y_size; i != x_size; ++i)
242 x[i] = word_add(x[i], 0, &carry);
243
244 return carry;
245 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
word word8_add2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:268
void carry(int64_t &h0, int64_t &h1)
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:237

References BOTAN_ASSERT, carry(), word8_add2(), and word_add().

Referenced by bigint_add2().

◆ bigint_add3()

void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Three operand addition

Definition at line 289 of file mp_core.h.

292 {
293 z[x_size > y_size ? x_size : y_size] +=
294 bigint_add3_nc(z, x, x_size, y, y_size);
295 }
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.h:250

References bigint_add3_nc().

Referenced by Botan::BigInt::add2().

◆ bigint_add3_nc()

word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Three operand addition with carry out

Definition at line 250 of file mp_core.h.

253 {
254 if(x_size < y_size)
255 { return bigint_add3_nc(z, y, y_size, x, x_size); }
256
257 word carry = 0;
258
259 const size_t blocks = y_size - (y_size % 8);
260
261 for(size_t i = 0; i != blocks; i += 8)
262 carry = word8_add3(z + i, x + i, y + i, carry);
263
264 for(size_t i = blocks; i != y_size; ++i)
265 z[i] = word_add(x[i], y[i], &carry);
266
267 for(size_t i = y_size; i != x_size; ++i)
268 z[i] = word_add(x[i], 0, &carry);
269
270 return carry;
271 }
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:302

References bigint_add3_nc(), carry(), word8_add3(), and word_add().

Referenced by bigint_add3(), bigint_add3_nc(), Botan::BigInt::mod_add(), and redc_p521().

◆ bigint_cmp()

int32_t Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Compare x and y Return -1 if x < y Return 0 if x == y Return 1 if x > y

Definition at line 525 of file mp_core.h.

527 {
528 static_assert(sizeof(word) >= sizeof(uint32_t), "Size assumption");
529
530 const word LT = static_cast<word>(-1);
531 const word EQ = 0;
532 const word GT = 1;
533
534 const size_t common_elems = std::min(x_size, y_size);
535
536 word result = EQ; // until found otherwise
537
538 for(size_t i = 0; i != common_elems; i++)
539 {
540 const auto is_eq = CT::Mask<word>::is_equal(x[i], y[i]);
541 const auto is_lt = CT::Mask<word>::is_lt(x[i], y[i]);
542
543 result = is_eq.select(result, is_lt.select(LT, GT));
544 }
545
546 if(x_size < y_size)
547 {
548 word mask = 0;
549 for(size_t i = x_size; i != y_size; i++)
550 mask |= y[i];
551
552 // If any bits were set in high part of y, then x < y
553 result = CT::Mask<word>::is_zero(mask).select(result, LT);
554 }
555 else if(y_size < x_size)
556 {
557 word mask = 0;
558 for(size_t i = y_size; i != x_size; i++)
559 mask |= x[i];
560
561 // If any bits were set in high part of x, then x > y
562 result = CT::Mask<word>::is_zero(mask).select(result, GT);
563 }
564
565 CT::unpoison(result);
566 BOTAN_DEBUG_ASSERT(result == LT || result == GT || result == EQ);
567 return static_cast<int32_t>(result);
568 }
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:122
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:58

References BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), Botan::CT::Mask< T >::is_zero(), and Botan::CT::unpoison().

Referenced by Botan::BigInt::add(), bigint_sub_abs(), Botan::BigInt::cmp(), and Botan::BigInt::cmp_word().

◆ bigint_cnd_abs()

void Botan::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)
inline

Definition at line 212 of file mp_core.h.

213 {
214 const auto mask = CT::Mask<word>::expand(cnd);
215
216 word carry = mask.if_set_return(1);
217 for(size_t i = 0; i != size; ++i)
218 {
219 const word z = word_add(~x[i], 0, &carry);
220 x[i] = mask.select(z, x[i]);
221 }
222 }

References carry(), Botan::CT::Mask< T >::expand(), and word_add().

◆ bigint_cnd_add() [1/2]

word Botan::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 79 of file mp_core.h.

80 {
81 return bigint_cnd_add(cnd, x, size, y, size);
82 }
word bigint_cnd_add(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.h:79

References bigint_cnd_add().

◆ bigint_cnd_add() [2/2]

word Botan::bigint_cnd_add ( word  cnd,
word  x[],
word  x_size,
const word  y[],
size_t  y_size 
)
inline

Definition at line 42 of file mp_core.h.

44 {
45 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
46
47 const auto mask = CT::Mask<word>::expand(cnd);
48
49 word carry = 0;
50
51 const size_t blocks = y_size - (y_size % 8);
52 word z[8] = { 0 };
53
54 for(size_t i = 0; i != blocks; i += 8)
55 {
56 carry = word8_add3(z, x + i, y + i, carry);
57 mask.select_n(x + i, z, x + i, 8);
58 }
59
60 for(size_t i = blocks; i != y_size; ++i)
61 {
62 z[0] = word_add(x[i], y[i], &carry);
63 x[i] = mask.select(z[0], x[i]);
64 }
65
66 for(size_t i = y_size; i != x_size; ++i)
67 {
68 z[0] = word_add(x[i], 0, &carry);
69 x[i] = mask.select(z[0], x[i]);
70 }
71
72 return mask.if_set_return(carry);
73 }

References BOTAN_ASSERT, carry(), Botan::CT::Mask< T >::expand(), word8_add3(), and word_add().

Referenced by bigint_cnd_add(), Botan::BigInt::ct_cond_add(), redc_p192(), redc_p224(), redc_p256(), and redc_p384().

◆ bigint_cnd_add_or_sub()

void Botan::bigint_cnd_add_or_sub ( CT::Mask< word >  mask,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 139 of file mp_core.h.

140 {
141 const size_t blocks = size - (size % 8);
142
143 word carry = 0;
144 word borrow = 0;
145
146 word t0[8] = { 0 };
147 word t1[8] = { 0 };
148
149 for(size_t i = 0; i != blocks; i += 8)
150 {
151 carry = word8_add3(t0, x + i, y + i, carry);
152 borrow = word8_sub3(t1, x + i, y + i, borrow);
153
154 for(size_t j = 0; j != 8; ++j)
155 x[i+j] = mask.select(t0[j], t1[j]);
156 }
157
158 for(size_t i = blocks; i != size; ++i)
159 {
160 const word a = word_add(x[i], y[i], &carry);
161 const word s = word_sub(x[i], y[i], &borrow);
162
163 x[i] = mask.select(a, s);
164 }
165 }
T select(T x, T y) const
Definition: ct_utils.h:286
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:432
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:336

References carry(), Botan::CT::Mask< T >::select(), word8_add3(), word8_sub3(), word_add(), and word_sub().

◆ bigint_cnd_addsub()

word Botan::bigint_cnd_addsub ( CT::Mask< word >  mask,
word  x[],
const word  y[],
const word  z[],
size_t  size 
)
inline

Definition at line 176 of file mp_core.h.

179 {
180 const size_t blocks = size - (size % 8);
181
182 word carry = 0;
183 word borrow = 0;
184
185 word t0[8] = { 0 };
186 word t1[8] = { 0 };
187
188 for(size_t i = 0; i != blocks; i += 8)
189 {
190 carry = word8_add3(t0, x + i, y + i, carry);
191 borrow = word8_sub3(t1, x + i, z + i, borrow);
192
193 for(size_t j = 0; j != 8; ++j)
194 x[i+j] = mask.select(t0[j], t1[j]);
195 }
196
197 for(size_t i = blocks; i != size; ++i)
198 {
199 t0[0] = word_add(x[i], y[i], &carry);
200 t1[0] = word_sub(x[i], z[i], &borrow);
201 x[i] = mask.select(t0[0], t1[0]);
202 }
203
204 return mask.select(carry, borrow);
205 }

References carry(), Botan::CT::Mask< T >::select(), word8_add3(), word8_sub3(), word_add(), and word_sub().

Referenced by bigint_mod_sub().

◆ bigint_cnd_sub() [1/2]

word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 126 of file mp_core.h.

127 {
128 return bigint_cnd_sub(cnd, x, size, y, size);
129 }
word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.h:126

References bigint_cnd_sub().

◆ bigint_cnd_sub() [2/2]

word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Definition at line 88 of file mp_core.h.

91 {
92 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
93
94 const auto mask = CT::Mask<word>::expand(cnd);
95
96 word carry = 0;
97
98 const size_t blocks = y_size - (y_size % 8);
99 word z[8] = { 0 };
100
101 for(size_t i = 0; i != blocks; i += 8)
102 {
103 carry = word8_sub3(z, x + i, y + i, carry);
104 mask.select_n(x + i, z, x + i, 8);
105 }
106
107 for(size_t i = blocks; i != y_size; ++i)
108 {
109 z[0] = word_sub(x[i], y[i], &carry);
110 x[i] = mask.select(z[0], x[i]);
111 }
112
113 for(size_t i = y_size; i != x_size; ++i)
114 {
115 z[0] = word_sub(x[i], 0, &carry);
116 x[i] = mask.select(z[0], x[i]);
117 }
118
119 return mask.if_set_return(carry);
120 }

References BOTAN_ASSERT, carry(), Botan::CT::Mask< T >::expand(), word8_sub3(), and word_sub().

Referenced by bigint_cnd_sub(), and redc_p521().

◆ bigint_cnd_swap()

void Botan::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)
inline

Definition at line 29 of file mp_core.h.

30 {
31 const auto mask = CT::Mask<word>::expand(cnd);
32
33 for(size_t i = 0; i != size; ++i)
34 {
35 const word a = x[i];
36 const word b = y[i];
37 x[i] = mask.select(b, a);
38 y[i] = mask.select(a, b);
39 }
40 }
PolynomialVector b
Definition: kyber.cpp:821

References b, and Botan::CT::Mask< T >::expand().

Referenced by Botan::BigInt::ct_cond_swap().

◆ bigint_comba_mul16()

void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 804 of file mp_comba.cpp.

805 {
806 word w2 = 0, w1 = 0, w0 = 0;
807
808 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
809 z[ 0] = w0; w0 = 0;
810
811 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
812 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
813 z[ 1] = w1; w1 = 0;
814
815 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
816 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
817 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
818 z[ 2] = w2; w2 = 0;
819
820 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
821 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
822 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
823 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
824 z[ 3] = w0; w0 = 0;
825
826 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
827 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
828 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
829 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
830 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
831 z[ 4] = w1; w1 = 0;
832
833 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
834 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
835 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
836 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
837 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
838 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
839 z[ 5] = w2; w2 = 0;
840
841 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
842 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
843 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
844 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
845 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
846 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
847 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
848 z[ 6] = w0; w0 = 0;
849
850 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
851 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
852 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
853 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
854 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
855 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
856 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
857 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
858 z[ 7] = w1; w1 = 0;
859
860 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
861 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
862 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
863 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
864 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
865 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
866 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
867 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
868 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
869 z[ 8] = w2; w2 = 0;
870
871 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
872 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
873 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
874 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
875 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
876 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
877 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
878 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
879 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
880 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
881 z[ 9] = w0; w0 = 0;
882
883 word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
884 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
885 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
886 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
887 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
888 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
889 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
890 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
891 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
892 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
893 word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
894 z[10] = w1; w1 = 0;
895
896 word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
897 word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
898 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
899 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
900 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
901 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
902 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
903 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
904 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
905 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
906 word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
907 word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
908 z[11] = w2; w2 = 0;
909
910 word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
911 word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
912 word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
913 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
914 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
915 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
916 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
917 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
918 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
919 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
920 word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
921 word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
922 word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
923 z[12] = w0; w0 = 0;
924
925 word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
926 word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
927 word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
928 word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
929 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
930 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
931 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
932 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
933 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
934 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
935 word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
936 word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
937 word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
938 word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
939 z[13] = w1; w1 = 0;
940
941 word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
942 word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
943 word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
944 word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
945 word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
946 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
947 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
948 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
949 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
950 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
951 word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
952 word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
953 word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
954 word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
955 word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
956 z[14] = w2; w2 = 0;
957
958 word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
959 word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
960 word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
961 word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
962 word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
963 word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
964 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
965 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
966 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
967 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
968 word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
969 word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
970 word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
971 word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
972 word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
973 word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
974 z[15] = w0; w0 = 0;
975
976 word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
977 word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
978 word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
979 word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
980 word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
981 word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
982 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
983 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
984 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
985 word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
986 word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
987 word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
988 word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
989 word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
990 word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
991 z[16] = w1; w1 = 0;
992
993 word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
994 word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
995 word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
996 word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
997 word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
998 word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
999 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1000 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1001 word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1002 word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1003 word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1004 word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1005 word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1006 word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1007 z[17] = w2; w2 = 0;
1008
1009 word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1010 word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1011 word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1012 word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1013 word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1014 word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1015 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1016 word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1017 word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1018 word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1019 word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1020 word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1021 word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1022 z[18] = w0; w0 = 0;
1023
1024 word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1025 word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1026 word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1027 word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1028 word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1029 word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1030 word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1031 word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1032 word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1033 word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1034 word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1035 word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1036 z[19] = w1; w1 = 0;
1037
1038 word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1039 word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1040 word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1041 word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1042 word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1043 word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1044 word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1045 word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1046 word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1047 word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1048 word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1049 z[20] = w2; w2 = 0;
1050
1051 word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1052 word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1053 word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1054 word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1055 word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1056 word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1057 word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1058 word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1059 word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1060 word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1061 z[21] = w0; w0 = 0;
1062
1063 word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1064 word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1065 word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1066 word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1067 word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1068 word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1069 word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1070 word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1071 word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1072 z[22] = w1; w1 = 0;
1073
1074 word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1075 word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1076 word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1077 word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1078 word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1079 word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1080 word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1081 word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1082 z[23] = w2; w2 = 0;
1083
1084 word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1085 word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1086 word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1087 word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1088 word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1089 word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1090 word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1091 z[24] = w0; w0 = 0;
1092
1093 word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1094 word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1095 word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1096 word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1097 word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1098 word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1099 z[25] = w1; w1 = 0;
1100
1101 word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1102 word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1103 word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1104 word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1105 word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1106 z[26] = w2; w2 = 0;
1107
1108 word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1109 word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1110 word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1111 word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1112 z[27] = w0; w0 = 0;
1113
1114 word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1115 word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1116 word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1117 z[28] = w1; w1 = 0;
1118
1119 word3_muladd(&w1, &w0, &w2, x[14], y[15]);
1120 word3_muladd(&w1, &w0, &w2, x[15], y[14]);
1121 z[29] = w2; w2 = 0;
1122
1123 word3_muladd(&w2, &w1, &w0, x[15], y[15]);
1124 z[30] = w0;
1125 z[31] = w1;
1126 }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:566

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul24()

void Botan::bigint_comba_mul24 ( word  z[48],
const word  x[24],
const word  y[24] 
)

Definition at line 1534 of file mp_comba.cpp.

1535 {
1536 word w2 = 0, w1 = 0, w0 = 0;
1537
1538 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
1539 z[ 0] = w0; w0 = 0;
1540
1541 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
1542 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
1543 z[ 1] = w1; w1 = 0;
1544
1545 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
1546 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
1547 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
1548 z[ 2] = w2; w2 = 0;
1549
1550 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
1551 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
1552 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
1553 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
1554 z[ 3] = w0; w0 = 0;
1555
1556 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
1557 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
1558 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
1559 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
1560 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
1561 z[ 4] = w1; w1 = 0;
1562
1563 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
1564 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
1565 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
1566 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
1567 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
1568 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
1569 z[ 5] = w2; w2 = 0;
1570
1571 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
1572 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
1573 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
1574 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
1575 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
1576 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
1577 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
1578 z[ 6] = w0; w0 = 0;
1579
1580 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
1581 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
1582 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
1583 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
1584 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
1585 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
1586 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
1587 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
1588 z[ 7] = w1; w1 = 0;
1589
1590 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
1591 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
1592 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
1593 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
1594 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
1595 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
1596 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
1597 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
1598 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
1599 z[ 8] = w2; w2 = 0;
1600
1601 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
1602 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
1603 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
1604 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
1605 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
1606 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
1607 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
1608 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
1609 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
1610 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
1611 z[ 9] = w0; w0 = 0;
1612
1613 word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
1614 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
1615 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
1616 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
1617 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
1618 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
1619 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
1620 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
1621 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
1622 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
1623 word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
1624 z[10] = w1; w1 = 0;
1625
1626 word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
1627 word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
1628 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
1629 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
1630 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
1631 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
1632 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
1633 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
1634 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
1635 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
1636 word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
1637 word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
1638 z[11] = w2; w2 = 0;
1639
1640 word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
1641 word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
1642 word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
1643 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
1644 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
1645 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
1646 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
1647 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
1648 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
1649 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
1650 word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
1651 word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
1652 word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
1653 z[12] = w0; w0 = 0;
1654
1655 word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
1656 word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
1657 word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
1658 word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
1659 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
1660 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
1661 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
1662 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
1663 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
1664 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
1665 word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
1666 word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
1667 word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
1668 word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
1669 z[13] = w1; w1 = 0;
1670
1671 word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
1672 word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
1673 word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
1674 word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
1675 word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
1676 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
1677 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
1678 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
1679 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
1680 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
1681 word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
1682 word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
1683 word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
1684 word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
1685 word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
1686 z[14] = w2; w2 = 0;
1687
1688 word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
1689 word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
1690 word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
1691 word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
1692 word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
1693 word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
1694 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
1695 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
1696 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
1697 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
1698 word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
1699 word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
1700 word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
1701 word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
1702 word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
1703 word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
1704 z[15] = w0; w0 = 0;
1705
1706 word3_muladd(&w0, &w2, &w1, x[ 0], y[16]);
1707 word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
1708 word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
1709 word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
1710 word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
1711 word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
1712 word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
1713 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
1714 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
1715 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
1716 word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
1717 word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
1718 word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
1719 word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
1720 word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
1721 word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
1722 word3_muladd(&w0, &w2, &w1, x[16], y[ 0]);
1723 z[16] = w1; w1 = 0;
1724
1725 word3_muladd(&w1, &w0, &w2, x[ 0], y[17]);
1726 word3_muladd(&w1, &w0, &w2, x[ 1], y[16]);
1727 word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
1728 word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
1729 word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
1730 word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
1731 word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
1732 word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1733 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1734 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1735 word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1736 word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1737 word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1738 word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1739 word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1740 word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1741 word3_muladd(&w1, &w0, &w2, x[16], y[ 1]);
1742 word3_muladd(&w1, &w0, &w2, x[17], y[ 0]);
1743 z[17] = w2; w2 = 0;
1744
1745 word3_muladd(&w2, &w1, &w0, x[ 0], y[18]);
1746 word3_muladd(&w2, &w1, &w0, x[ 1], y[17]);
1747 word3_muladd(&w2, &w1, &w0, x[ 2], y[16]);
1748 word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1749 word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1750 word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1751 word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1752 word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1753 word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1754 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1755 word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1756 word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1757 word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1758 word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1759 word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1760 word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1761 word3_muladd(&w2, &w1, &w0, x[16], y[ 2]);
1762 word3_muladd(&w2, &w1, &w0, x[17], y[ 1]);
1763 word3_muladd(&w2, &w1, &w0, x[18], y[ 0]);
1764 z[18] = w0; w0 = 0;
1765
1766 word3_muladd(&w0, &w2, &w1, x[ 0], y[19]);
1767 word3_muladd(&w0, &w2, &w1, x[ 1], y[18]);
1768 word3_muladd(&w0, &w2, &w1, x[ 2], y[17]);
1769 word3_muladd(&w0, &w2, &w1, x[ 3], y[16]);
1770 word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1771 word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1772 word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1773 word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1774 word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1775 word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1776 word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1777 word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1778 word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1779 word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1780 word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1781 word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1782 word3_muladd(&w0, &w2, &w1, x[16], y[ 3]);
1783 word3_muladd(&w0, &w2, &w1, x[17], y[ 2]);
1784 word3_muladd(&w0, &w2, &w1, x[18], y[ 1]);
1785 word3_muladd(&w0, &w2, &w1, x[19], y[ 0]);
1786 z[19] = w1; w1 = 0;
1787
1788 word3_muladd(&w1, &w0, &w2, x[ 0], y[20]);
1789 word3_muladd(&w1, &w0, &w2, x[ 1], y[19]);
1790 word3_muladd(&w1, &w0, &w2, x[ 2], y[18]);
1791 word3_muladd(&w1, &w0, &w2, x[ 3], y[17]);
1792 word3_muladd(&w1, &w0, &w2, x[ 4], y[16]);
1793 word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1794 word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1795 word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1796 word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1797 word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1798 word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1799 word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1800 word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1801 word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1802 word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1803 word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1804 word3_muladd(&w1, &w0, &w2, x[16], y[ 4]);
1805 word3_muladd(&w1, &w0, &w2, x[17], y[ 3]);
1806 word3_muladd(&w1, &w0, &w2, x[18], y[ 2]);
1807 word3_muladd(&w1, &w0, &w2, x[19], y[ 1]);
1808 word3_muladd(&w1, &w0, &w2, x[20], y[ 0]);
1809 z[20] = w2; w2 = 0;
1810
1811 word3_muladd(&w2, &w1, &w0, x[ 0], y[21]);
1812 word3_muladd(&w2, &w1, &w0, x[ 1], y[20]);
1813 word3_muladd(&w2, &w1, &w0, x[ 2], y[19]);
1814 word3_muladd(&w2, &w1, &w0, x[ 3], y[18]);
1815 word3_muladd(&w2, &w1, &w0, x[ 4], y[17]);
1816 word3_muladd(&w2, &w1, &w0, x[ 5], y[16]);
1817 word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1818 word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1819 word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1820 word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1821 word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1822 word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1823 word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1824 word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1825 word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1826 word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1827 word3_muladd(&w2, &w1, &w0, x[16], y[ 5]);
1828 word3_muladd(&w2, &w1, &w0, x[17], y[ 4]);
1829 word3_muladd(&w2, &w1, &w0, x[18], y[ 3]);
1830 word3_muladd(&w2, &w1, &w0, x[19], y[ 2]);
1831 word3_muladd(&w2, &w1, &w0, x[20], y[ 1]);
1832 word3_muladd(&w2, &w1, &w0, x[21], y[ 0]);
1833 z[21] = w0; w0 = 0;
1834
1835 word3_muladd(&w0, &w2, &w1, x[ 0], y[22]);
1836 word3_muladd(&w0, &w2, &w1, x[ 1], y[21]);
1837 word3_muladd(&w0, &w2, &w1, x[ 2], y[20]);
1838 word3_muladd(&w0, &w2, &w1, x[ 3], y[19]);
1839 word3_muladd(&w0, &w2, &w1, x[ 4], y[18]);
1840 word3_muladd(&w0, &w2, &w1, x[ 5], y[17]);
1841 word3_muladd(&w0, &w2, &w1, x[ 6], y[16]);
1842 word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1843 word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1844 word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1845 word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1846 word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1847 word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1848 word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1849 word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1850 word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1851 word3_muladd(&w0, &w2, &w1, x[16], y[ 6]);
1852 word3_muladd(&w0, &w2, &w1, x[17], y[ 5]);
1853 word3_muladd(&w0, &w2, &w1, x[18], y[ 4]);
1854 word3_muladd(&w0, &w2, &w1, x[19], y[ 3]);
1855 word3_muladd(&w0, &w2, &w1, x[20], y[ 2]);
1856 word3_muladd(&w0, &w2, &w1, x[21], y[ 1]);
1857 word3_muladd(&w0, &w2, &w1, x[22], y[ 0]);
1858 z[22] = w1; w1 = 0;
1859
1860 word3_muladd(&w1, &w0, &w2, x[ 0], y[23]);
1861 word3_muladd(&w1, &w0, &w2, x[ 1], y[22]);
1862 word3_muladd(&w1, &w0, &w2, x[ 2], y[21]);
1863 word3_muladd(&w1, &w0, &w2, x[ 3], y[20]);
1864 word3_muladd(&w1, &w0, &w2, x[ 4], y[19]);
1865 word3_muladd(&w1, &w0, &w2, x[ 5], y[18]);
1866 word3_muladd(&w1, &w0, &w2, x[ 6], y[17]);
1867 word3_muladd(&w1, &w0, &w2, x[ 7], y[16]);
1868 word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1869 word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1870 word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1871 word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1872 word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1873 word3_muladd(&w1, &w0, &w2, x[13], y[10]