Botan  1.11.31
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

 ASN1
 
 Camellia_F
 
 Cert_Extension
 
 Charset
 
 CryptoBox
 
 CT
 
 FPE
 
 HAS_160_F
 
 HTTP
 
 KeyPair
 
 OCSP
 
 OIDS
 
 OS
 
 PEM_Code
 
 PK_Ops
 
 PKCS11
 
 PKCS8
 
 RIPEMD_128_F
 
 SHA1_F
 
 SHA1_SSE2_F
 
 SHA2_32
 
 SHA2_64
 
 TLS
 
 X509
 

Classes

class  Adler32
 
class  AEAD_Filter
 
class  AEAD_Mode
 
class  AES_128
 
class  AES_128_NI
 
class  AES_128_SSSE3
 
class  AES_192
 
class  AES_192_NI
 
class  AES_192_SSSE3
 
class  AES_256
 
class  AES_256_NI
 
class  AES_256_SSSE3
 
class  Algo_Registry
 
struct  Algorithm_Not_Found
 
class  AlgorithmIdentifier
 
class  AlternativeName
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  ANSI_X931_RNG
 
class  ASN1_Object
 
class  ASN1_String
 
class  Attribute
 
class  AutoSeeded_RNG
 
class  Base64_Decoder
 
class  Base64_Encoder
 
class  BeOS_EntropySource
 
struct  BER_Bad_Tag
 
class  BER_Decoder
 
struct  BER_Decoding_Error
 
class  BER_Object
 
class  BigInt
 
struct  BitBucket
 
class  Blake2b
 
class  Blinded_Point_Multiply
 
class  Blinder
 
class  Block_Cipher_Fixed_Params
 
class  BlockCipher
 
class  BlockCipherModePaddingMethod
 
class  Blowfish
 
class  Buffered_Computation
 
class  Buffered_Filter
 
class  Bzip2_Compression
 
class  Bzip2_Decompression
 
struct  calendar_point
 
class  Camellia_128
 
class  Camellia_192
 
class  Camellia_256
 
class  Cascade_Cipher
 
class  CAST_128
 
class  CAST_256
 
class  CBC_Decryption
 
class  CBC_Encryption
 
class  CBC_MAC
 
class  CBC_Mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  Certificate_Extension
 
class  Certificate_Store
 
class  Certificate_Store_In_Memory
 
class  Certificate_Store_Overlay
 
class  CFB_Decryption
 
class  CFB_Encryption
 
class  CFB_Mode
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  Chain
 
class  Cipher_Mode
 
class  Cipher_Mode_Filter
 
class  CMAC
 
class  Comb4P
 
class  Compression_Algorithm
 
class  Compression_Alloc_Info
 
class  Compression_Filter
 
class  Compression_Stream
 
class  CPUID
 
class  CRC24
 
class  CRC32
 
class  Credentials_Manager
 
class  CRL_Entry
 
class  CTR_BE
 
class  CTS_Decryption
 
class  CTS_Encryption
 
class  Curve25519_PrivateKey
 
class  Curve25519_PublicKey
 
class  CurveGFp
 
class  CurveGFp_Repr
 
class  Darwin_SecRandom
 
class  Data_Store
 
class  DataSink
 
class  DataSink_Stream
 
class  DataSource
 
class  DataSource_Memory
 
class  DataSource_Stream
 
struct  Decoding_Error
 
class  Decompression_Algorithm
 
class  Decompression_Filter
 
class  Deflate_Compression
 
class  Deflate_Decompression
 
class  DER_Encoder
 
class  DES
 
class  DESX
 
class  Device_EntropySource
 
class  DH_PrivateKey
 
class  DH_PublicKey
 
class  DL_Group
 
class  DL_Scheme_PrivateKey
 
class  DL_Scheme_PublicKey
 
class  DLIES_Decryptor
 
class  DLIES_Encryptor
 
class  donna128
 
class  DSA_PrivateKey
 
class  DSA_PublicKey
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  EC_Group
 
class  EC_PrivateKey
 
class  EC_PublicKey
 
class  ECB_Decryption
 
class  ECB_Encryption
 
class  ECB_Mode
 
class  ECDH_PrivateKey
 
class  ECDH_PublicKey
 
class  ECDSA_PrivateKey
 
class  ECDSA_PublicKey
 
class  ECGDSA_PrivateKey
 
class  ECGDSA_PublicKey
 
class  ECIES_Decryptor
 
class  ECIES_Encryptor
 
class  ECIES_KA_Operation
 
class  ECIES_KA_Params
 
class  ECIES_System_Params
 
class  ECKCDSA_PrivateKey
 
class  ECKCDSA_PublicKey
 
class  EGD_EntropySource
 
class  ElGamal_PrivateKey
 
class  ElGamal_PublicKey
 
class  EME
 
class  EME_PKCS1v15
 
class  EME_Raw
 
class  EMSA
 
class  EMSA1
 
class  EMSA_PKCS1v15
 
class  EMSA_PKCS1v15_Raw
 
class  EMSA_Raw
 
class  EMSA_X931
 
struct  Encoding_Error
 
class  Entropy_Source
 
class  Entropy_Sources
 
class  Exception
 
class  Extensions
 
class  Fanout_Filter
 
class  File_Descriptor_Source
 
class  Filter
 
class  Fixed_Base_Power_Mod
 
class  Fixed_Exponent_Power_Mod
 
class  Fixed_Window_Exponentiator
 
class  Fork
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
class  GeneralName
 X.509 GeneralName Type. More...
 
class  GeneralSubtree
 A single Name Constraints. More...
 
class  GF2m_Field
 
class  GHASH
 
class  GOST_28147_89
 
class  GOST_28147_89_Params
 
class  GOST_3410_PrivateKey
 
class  GOST_3410_PublicKey
 
class  GOST_34_11
 
class  Gzip_Compression
 
class  Gzip_Decompression
 
class  Hardware_RNG
 
class  HAS_160
 
class  Hash_Filter
 
class  HashFunction
 
class  Hex_Decoder
 
class  Hex_Encoder
 
class  HKDF
 
class  HMAC
 
class  HMAC_DRBG
 
class  HMAC_RNG
 
class  IDEA
 
class  IDEA_SSE2
 
class  IF_Scheme_PrivateKey
 
class  IF_Scheme_PublicKey
 
struct  Illegal_Point
 
struct  Illegal_Transformation
 
struct  Integrity_Failure
 
class  Intel_Rdrand
 
class  Intel_Rdseed
 
struct  Internal_Error
 
struct  Invalid_Algorithm_Name
 
class  Invalid_Argument
 
struct  Invalid_IV_Length
 
struct  Invalid_Key_Length
 
struct  Invalid_OID
 
struct  Invalid_State
 
class  KASUMI
 
class  KDF
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 
class  Key_Length_Specification
 
class  Keyed_Filter
 
class  LibraryInitializer
 
class  Lion
 
struct  Lookup_Error
 
class  LZMA_Compression
 
class  LZMA_Decompression
 
class  MAC_Filter
 
class  MARS
 
class  McEliece_PrivateKey
 
class  McEliece_PublicKey
 
class  MD2
 
class  MD4
 
class  MD5
 
class  MDx_HashFunction
 
class  MessageAuthenticationCode
 
class  MISTY1
 
class  mlock_allocator
 
class  Modular_Exponentiator
 
class  Modular_Reducer
 
class  Montgomery_Exponentiator
 
class  NameConstraints
 Name Constraints. More...
 
struct  No_Filesystem_Access
 
struct  No_Provider_Found
 
class  Noekeon
 
class  Noekeon_SIMD
 
struct  Not_Implemented
 
class  NR_PrivateKey
 
class  NR_PublicKey
 
class  Null_Padding
 
class  Null_RNG
 
class  OAEP
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  OctetString
 
class  OFB
 
class  OID
 
class  OneAndZeros_Padding
 
class  OpenSSL_Error
 
class  Output_Buffers
 
class  Parallel
 
class  Path_Validation_Restrictions
 
class  Path_Validation_Result
 
class  PBKDF
 
class  Pipe
 
class  PK_Decryptor
 
class  PK_Decryptor_EME
 
class  PK_Encryptor
 
class  PK_Encryptor_EME
 
class  PK_KEM_Decryptor
 
class  PK_KEM_Encryptor
 
class  PK_Key_Agreement
 
class  PK_Key_Agreement_Key
 
class  PK_Signer
 
class  PK_Verifier
 
class  PKCS10_Request
 
class  PKCS5_PBKDF1
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
struct  PKCS8_Exception
 
class  PointGFp
 
struct  Policy_Violation
 
class  Poly1305
 
struct  polyn_gf2m
 
class  Power_Mod
 
class  Private_Key
 
struct  PRNG_Unseeded
 
class  ProcWalking_EntropySource
 
class  PSSR
 
class  Public_Key
 
class  RandomNumberGenerator
 
class  RC2
 
class  RC4
 
class  RC5
 
class  RC6
 
class  RDRAND_RNG
 
class  RFC6979_Nonce_Generator
 
class  RIPEMD_128
 
class  RIPEMD_160
 
class  RSA_PrivateKey
 
class  RSA_PublicKey
 
class  RTSS_Share
 
class  RW_PrivateKey
 
class  RW_PublicKey
 
class  SAFER_SK
 
class  Salsa20
 
class  SCAN_Name
 
class  secure_allocator
 
class  SecureQueue
 
class  SEED
 
struct  Self_Test_Failure
 
class  Semaphore
 
class  Serialized_RNG
 
class  Serpent
 
class  Serpent_SIMD
 
class  SHA_160
 
class  SHA_160_SSE2
 
class  SHA_224
 
class  SHA_256
 
class  SHA_384
 
class  SHA_512
 
class  SHA_512_256
 
class  SIMD_4x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  Skein_512
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56C
 
class  SQL_Database
 
class  Sqlite3_Database
 
class  SRP6_Authenticator_File
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_Cipher_Mode
 
class  Stream_Compression
 
class  Stream_Decompression
 
struct  Stream_IO_Error
 
class  StreamCipher
 
class  StreamCipher_Filter
 
class  SymmetricAlgorithm
 
class  System_RNG
 
class  TEA
 
class  Threaded_Fork
 
class  Threefish_512
 
class  Threefish_512_AVX2
 
class  Tiger
 
class  TLS_12_PRF
 
class  TLS_PRF
 
class  TPM_Context
 
class  TPM_Error
 
class  TPM_PrivateKey
 
class  TPM_RNG
 
class  TripleDES
 
class  Twofish
 
class  Unix_EntropySource
 
class  UnixProcessInfo_EntropySource
 
struct  Unsupported_Argument
 
class  UUID
 
class  Whirlpool
 
class  Win32_CAPI_EntropySource
 
class  Win32_EntropySource
 
class  X509_CA
 
class  X509_Cert_Options
 
class  X509_Certificate
 
class  X509_CRL
 
class  X509_DN
 
class  X509_Object
 
class  X509_Time
 
class  X942_PRF
 
class  XTEA
 
class  XTEA_SIMD
 
class  XTS_Decryption
 
class  XTS_Encryption
 
class  XTS_Mode
 
class  Zlib_Compression
 
class  Zlib_Decompression
 
class  Zlib_Style_Stream
 

Typedefs

using byte = std::uint8_t
 
typedef EC_Group EC_Domain_Params
 
typedef limb felem[5]
 
typedef u16bit gf2m
 
using InitializationVector = OctetString
 
typedef u64bit limb
 
typedef MessageAuthenticationCode MAC
 
typedef PK_Key_Agreement_Key PK_KA_Key
 
typedef Private_Key PKCS8_PrivateKey
 
typedef RandomNumberGenerator RNG
 
using s32bit = std::int32_t
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T >>
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T >>
 
typedef SIMD_4x32 SIMD_32
 
using SymmetricKey = OctetString
 
typedef Cipher_Mode_Filter Transform_Filter
 
typedef Transform_Filter Transformation_Filter
 
using u16bit = std::uint16_t
 
using u32bit = std::uint32_t
 
using u64bit = std::uint64_t
 
typedef byte u8
 
typedef donna128 uint128_t
 
typedef Public_Key X509_PublicKey
 

Enumerations

enum  ASN1_Tag {
  UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, CONSTRUCTED = 0x20,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC, EOC = 0x00, BOOLEAN = 0x01, INTEGER = 0x02,
  BIT_STRING = 0x03, OCTET_STRING = 0x04, NULL_TAG = 0x05, OBJECT_ID = 0x06,
  ENUMERATED = 0x0A, SEQUENCE = 0x10, SET = 0x11, UTF8_STRING = 0x0C,
  NUMERIC_STRING = 0x12, PRINTABLE_STRING = 0x13, T61_STRING = 0x14, IA5_STRING = 0x16,
  VISIBLE_STRING = 0x1A, BMP_STRING = 0x1E, UTC_TIME = 0x17, GENERALIZED_TIME = 0x18,
  UTC_OR_GENERALIZED_TIME = 0x19, NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01
}
 
enum  blake2b_constant { BLAKE2B_BLOCKBYTES = 128, BLAKE2B_OUTBYTES = 64, BLAKE2B_IVU64COUNT = 8 }
 
enum  Certificate_Status_Code {
  Certificate_Status_Code::VERIFIED = 0x00000000, Certificate_Status_Code::OCSP_RESPONSE_GOOD, Certificate_Status_Code::NO_REVOCATION_DATA, Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK = 1000,
  Certificate_Status_Code::UNTRUSTED_HASH, Certificate_Status_Code::CERT_NOT_YET_VALID = 2000, Certificate_Status_Code::CERT_HAS_EXPIRED, Certificate_Status_Code::OCSP_NOT_YET_VALID,
  Certificate_Status_Code::OCSP_HAS_EXPIRED, Certificate_Status_Code::CRL_NOT_YET_VALID, Certificate_Status_Code::CRL_HAS_EXPIRED, Certificate_Status_Code::CERT_ISSUER_NOT_FOUND = 3000,
  Certificate_Status_Code::CANNOT_ESTABLISH_TRUST, Certificate_Status_Code::CERT_CHAIN_LOOP, Certificate_Status_Code::POLICY_ERROR = 4000, Certificate_Status_Code::INVALID_USAGE,
  Certificate_Status_Code::CERT_CHAIN_TOO_LONG, Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER, Certificate_Status_Code::NAME_CONSTRAINT_ERROR, Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER,
  Certificate_Status_Code::OCSP_CERT_NOT_LISTED, Certificate_Status_Code::OCSP_BAD_STATUS, Certificate_Status_Code::CERT_NAME_NOMATCH, Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION,
  Certificate_Status_Code::CERT_IS_REVOKED = 5000, Certificate_Status_Code::CRL_BAD_SIGNATURE, Certificate_Status_Code::SIGNATURE_ERROR
}
 
enum  Character_Set { LOCAL_CHARSET, UCS2_CHARSET, UTF8_CHARSET, LATIN1_CHARSET }
 
enum  Cipher_Dir { ENCRYPTION, DECRYPTION }
 
enum  CRL_Code {
  UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, AFFILIATION_CHANGED = 3,
  SUPERSEDED = 4, CESSATION_OF_OPERATION = 5, CERTIFICATE_HOLD = 6, REMOVE_FROM_CRL = 8,
  PRIVLEDGE_WITHDRAWN = 9, AA_COMPROMISE = 10, DELETE_CRL_ENTRY = 0xFF00, OCSP_GOOD = 0xFF01,
  OCSP_UNKNOWN = 0xFF02
}
 
enum  Decoder_Checking { NONE, IGNORE_WS, FULL_CHECK }
 
enum  EC_Group_Encoding { EC_DOMPAR_ENC_EXPLICIT = 0, EC_DOMPAR_ENC_IMPLICITCA = 1, EC_DOMPAR_ENC_OID = 2 }
 
enum  ECIES_Flags : uint32_t {
  ECIES_Flags::NONE = 0, ECIES_Flags::SINGLE_HASH_MODE = 1, ECIES_Flags::COFACTOR_MODE = 2, ECIES_Flags::OLD_COFACTOR_MODE = 4,
  ECIES_Flags::CHECK_MODE = 8
}
 
enum  Key_Constraints {
  NO_CONSTRAINTS = 0, DIGITAL_SIGNATURE = 1 << 15, NON_REPUDIATION = 1 << 14, KEY_ENCIPHERMENT = 1 << 13,
  DATA_ENCIPHERMENT = 1 << 12, KEY_AGREEMENT = 1 << 11, KEY_CERT_SIGN = 1 << 10, CRL_SIGN = 1 << 9,
  ENCIPHER_ONLY = 1 << 8, DECIPHER_ONLY = 1 << 7
}
 
enum  Signature_Format { IEEE_1363, DER_SEQUENCE }
 
enum  TPM_Storage_Type { TPM_Storage_Type::User, TPM_Storage_Type::System }
 
enum  Usage_Type {
  Usage_Type::UNSPECIFIED, Usage_Type::TLS_SERVER_AUTH, Usage_Type::TLS_CLIENT_AUTH, Usage_Type::CERTIFICATE_AUTHORITY,
  Usage_Type::OCSP_RESPONDER
}
 
enum  X509_Encoding { RAW_BER, PEM }
 

Functions

BigInt abs (const BigInt &n)
 
size_t almost_montgomery_inverse (BigInt &result, const BigInt &a, const BigInt &p)
 
void aont_package (RandomNumberGenerator &rng, BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
 
void aont_unpackage (BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
 
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
size_t base64_decode (byte output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base64_decode (byte output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base64_decode (byte output[], const std::string &input, bool ignore_ws)
 
secure_vector< bytebase64_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< bytebase64_decode (const std::string &input, bool ignore_ws)
 
size_t base64_encode (char out[], const byte in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base64_encode (const std::vector< byte, Alloc > &input)
 
std::string base64_encode (const byte input[], size_t input_length)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
s32bit bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_abs (word cnd, word x[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word z[32], const word x[16])
 
void bigint_comba_sqr4 (word z[8], const word x[4])
 
void bigint_comba_sqr6 (word z[12], const word x[6])
 
void bigint_comba_sqr8 (word z[16], const word x[8])
 
void bigint_comba_sqr9 (word z[18], const word x[9])
 
word bigint_divop (word n1, word n0, word d)
 
void bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_monty_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_mul (word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw)
 
void bigint_shl1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
u32bit bit_size_to_32bit_size (u32bit bit_size)
 
u32bit bit_size_to_byte_size (u32bit bit_size)
 
 BOTAN_REGISTER_COMPRESSION (LZMA_Compression, LZMA_Decompression)
 
 BOTAN_REGISTER_COMPRESSION (Zlib_Compression, Zlib_Decompression)
 
 BOTAN_REGISTER_COMPRESSION (Bzip2_Compression, Bzip2_Decompression)
 
 BOTAN_REGISTER_COMPRESSION (Gzip_Compression, Gzip_Decompression)
 
 BOTAN_REGISTER_COMPRESSION (Deflate_Compression, Deflate_Decompression)
 
 BOTAN_REGISTER_PK_KEY_AGREE_OP ("ECDH", ECDH_KA_Operation)
 
 BOTAN_REGISTER_PK_KEY_AGREE_OP ("ECIES", ECIES_ECDH_KA_Operation)
 
 BOTAN_REGISTER_PK_KEY_AGREE_OP ("DH", DH_KA_Operation)
 
 BOTAN_REGISTER_PK_SIGNATURE_OP ("NR", NR_Signature_Operation)
 
 BOTAN_REGISTER_PK_SIGNATURE_OP ("GOST-34.10", GOST_3410_Signature_Operation)
 
 BOTAN_REGISTER_PK_VERIFY_OP ("NR", NR_Verification_Operation)
 
 BOTAN_REGISTER_PK_VERIFY_OP ("GOST-34.10", GOST_3410_Verification_Operation)
 
 BOTAN_REGISTER_TYPE (PK_Ops::Signature, TPM_Signing_Operation,"RSA", TPM_Signing_Operation::make,"tpm", 100)
 
template<typename T >
void bswap_4 (T x[4])
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
 
u64bit carry_shift (const donna128 &a, size_t shift)
 
template<typename T >
size_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &pass, const std::string &hash)
 
bool check_passhash9 (const std::string &pass, const std::string &hash)
 
bool check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
PK_Signerchoose_sig_format (const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
 
std::string BOTAN_DLL clean_ws (const std::string &s)
 
template<typename T >
void clear_mem (T *ptr, size_t n)
 
u64bit combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (byte out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (byte out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (byte out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (byte out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
AlternativeName create_alt_name (const Data_Store &info)
 
X509_DN create_dn (const Data_Store &info)
 
BigInt ct_inverse_mod_odd_modulus (const BigInt &n, const BigInt &mod)
 
template<typename T >
size_t ctz (T n)
 
int BOTAN_DLL curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
int curve25519_donna (u8 *mypublic, const u8 *secret, const u8 *basepoint)
 
gf2m decode_gf2m (const byte *mem)
 
void divide (const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
 
size_t dl_exponent_size (size_t bits)
 
size_t dl_work_factor (size_t bits)
 
secure_vector< byteEC2OSP (const PointGFp &point, byte format)
 
size_t ecp_work_factor (size_t bits)
 
u32bit encode_gf2m (gf2m to_enc, byte *mem)
 
std::string erase_chars (const std::string &str, const std::set< char > &chars)
 
template<typename T >
u16bit expand_mask_16bit (T tst)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, u32bit code_length)
 
BigInt gcd (const BigInt &a, const BigInt &b)
 
void gcm_multiply_clmul (byte x[16], const byte H[16])
 
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, u16bit work_factor)
 
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< byte > &seed_c)
 
std::vector< bytegenerate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, u32bit ext_deg, u32bit code_length, u32bit t)
 
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, u16bit work_factor, byte alg_id)
 
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< byte > &salt, const std::string &group_id, const std::string &hash_id)
 
AEAD_Modeget_aead (const std::string &algo_spec, Cipher_Dir direction)
 
BlockCipherModePaddingMethodget_bc_pad (const std::string &algo_spec)
 
BlockCipherget_block_cipher (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_block_cipher_providers (const std::string &algo_spec)
 
template<typename T >
byte get_byte (size_t byte_num, T input)
 
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
 
Cipher_Modeget_cipher_mode (const std::string &algo_spec, Cipher_Dir direction)
 
EMEget_eme (const std::string &algo_spec)
 
EMSAget_emsa (const std::string &algo_spec)
 
std::vector< std::string > get_files_recursive (const std::string &dir)
 
HashFunctionget_hash (const std::string &algo_spec, const std::string &provider="")
 
HashFunctionget_hash_function (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_hash_function_providers (const std::string &algo_spec)
 
KDFget_kdf (const std::string &algo_spec)
 
MessageAuthenticationCodeget_mac (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_mac_providers (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
StreamCipherget_stream_cipher (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_stream_cipher_providers (const std::string &algo_spec)
 
gf2m gray_to_lex (gf2m gray)
 
template<typename T >
size_t hamming_weight (T n)
 
std::string hash_for_emsa (const std::string &algo_spec)
 
size_t hex_decode (byte output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
 
size_t hex_decode (byte output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t hex_decode (byte output[], const std::string &input, bool ignore_ws)
 
std::vector< bytehex_decode (const char input[], size_t input_length, bool ignore_ws)
 
std::vector< bytehex_decode (const std::string &input, bool ignore_ws)
 
secure_vector< bytehex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< bytehex_decode_locked (const std::string &input, bool ignore_ws)
 
void hex_encode (char output[], const byte input[], size_t input_length, bool uppercase)
 
std::string hex_encode (const byte input[], size_t input_length, bool uppercase)
 
template<typename Alloc >
std::string hex_encode (const std::vector< byte, Alloc > &input, bool uppercase=true)
 
template<typename T >
size_t high_bit (T n)
 
bool host_wildcard_match (const std::string &issued, const std::string &host)
 
byte ieee1363_hash_id (const std::string &name)
 
size_t if_work_factor (size_t bits)
 
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
 
std::string ipv4_to_string (u32bit ip)
 
template<typename T >
bool is_power_of_2 (T arg)
 
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
 
s32bit jacobi (const BigInt &a, const BigInt &n)
 
BigInt lcm (const BigInt &a, const BigInt &b)
 
gf2m lex_to_gray (gf2m lex)
 
template<typename T >
load_be (const byte in[], size_t off)
 
template<typename T >
void load_be (const byte in[], T &x0, T &x1)
 
template<typename T >
void load_be (const byte in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_be (const byte in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_be (T out[], const byte in[], size_t count)
 
template<>
u16bit load_be< u16bit > (const byte in[], size_t off)
 
template<>
u32bit load_be< u32bit > (const byte in[], size_t off)
 
template<>
u64bit load_be< u64bit > (const byte in[], size_t off)
 
template<typename T >
load_le (const byte in[], size_t off)
 
template<typename T >
void load_le (const byte in[], T &x0, T &x1)
 
template<typename T >
void load_le (const byte in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_le (const byte in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_le (T out[], const byte in[], size_t count)
 
template<>
u16bit load_le< u16bit > (const byte in[], size_t off)
 
template<>
u32bit load_le< u32bit > (const byte in[], size_t off)
 
template<>
u64bit load_le< u64bit > (const byte in[], size_t off)
 
template<typename T >
size_t low_bit (T n)
 
size_t low_zero_bits (const BigInt &n)
 
template<typename T >
T * make_a (const typename T::Spec &spec, const std::string &provider="")
 
std::unique_ptr< BlockCiphermake_block_cipher (const std::string &algo_spec, const std::string &provider="")
 
template<typename T >
T * make_block_cipher_mode (const Cipher_Mode::Spec &spec)
 
template<typename T , size_t LEN1>
T * make_block_cipher_mode_len (const Cipher_Mode::Spec &spec)
 
template<typename T , size_t LEN1, size_t LEN2>
T * make_block_cipher_mode_len2 (const Cipher_Mode::Spec &spec)
 
Compression_Algorithmmake_compressor (const std::string &type)
 
Decompression_Algorithmmake_decompressor (const std::string &type)
 
std::unique_ptr< HashFunctionmake_hash_function (const std::string &algo_spec, const std::string &provider="")
 
std::unique_ptr< MessageAuthenticationCodemake_message_auth (const std::string &algo_spec, const std::string &provider="")
 
template<typename T >
T * make_new_T (const typename Algo_Registry< T >::Spec &spec)
 
template<typename T , size_t DEF_VAL>
T * make_new_T_1len (const typename Algo_Registry< T >::Spec &spec)
 
template<typename T >
T * make_new_T_1str (const typename Algo_Registry< T >::Spec &spec, const std::string &def)
 
template<typename T >
T * make_new_T_1str_req (const typename Algo_Registry< T >::Spec &spec)
 
template<typename T , typename X >
T * make_new_T_1X (const typename Algo_Registry< T >::Spec &spec)
 
template<typename T , size_t DEF1, size_t DEF2>
T * make_new_T_2len (const typename Algo_Registry< T >::Spec &spec)
 
template<typename OP , typename T >
OP * make_pk_op (const typename T::Spec &spec)
 
Private_Keymake_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< byte > &key_bits, RandomNumberGenerator &rng)
 
Public_Keymake_public_key (const AlgorithmIdentifier &alg_id, const secure_vector< byte > &key_bits)
 
std::unique_ptr< StreamCiphermake_stream_cipher (const std::string &algo_spec, const std::string &provider="")
 
u16bit make_u16bit (byte i0, byte i1)
 
u32bit make_u32bit (byte i0, byte i1, byte i2, byte i3)
 
u64bit make_u64bit (byte i0, byte i1, byte i2, byte i3, byte i4, byte i5, byte i6, byte i7)
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
secure_vector< bytemceies_decrypt (const McEliece_PrivateKey &privkey, const byte ct[], size_t ct_len, const byte ad[], size_t ad_len, const std::string &algo)
 
secure_vector< bytemceies_encrypt (const McEliece_PublicKey &pubkey, const byte pt[], size_t pt_len, const byte ad[], size_t ad_len, RandomNumberGenerator &rng, const std::string &algo)
 
void mceliece_decrypt (secure_vector< byte > &plaintext_out, secure_vector< byte > &error_mask_out, const secure_vector< byte > &ciphertext, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< byte > &plaintext, secure_vector< byte > &error_mask, const byte ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
secure_vector< bytemceliece_decrypt (secure_vector< gf2m > &error_pos, const byte *ciphertext, u32bit ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< byte > &ciphertext_out, secure_vector< byte > &error_mask_out, const secure_vector< byte > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
 
BOTAN_DLL size_t mceliece_work_factor (size_t code_size, size_t t)
 
void mgf1_mask (HashFunction &hash, const byte in[], size_t in_len, byte out[], size_t out_len)
 
word monty_inverse (word input)
 
void mul64x64_128 (u64bit a, u64bit b, u64bit *lo, u64bit *hi)
 
BigInt mul_add (const BigInt &a, const BigInt &b, const BigInt &c)
 
BigInt mul_sub (const BigInt &a, const BigInt &b, const BigInt &c)
 
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
BigInt normalized_montgomery_inverse (const BigInt &a, const BigInt &p)
 
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator!= (const OID &a, const OID &b)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const OctetString &s1, const OctetString &s2)
 
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
 
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
 
bool operator!= (const X509_Time &t1, const X509_Time &t2)
 
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
 
bool operator!= (const BigInt &a, const BigInt &b)
 
BigInt operator% (const BigInt &n, const BigInt &mod)
 
word operator% (const BigInt &n, word mod)
 
ECIES_Flags operator& (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator* (const donna128 &x, u64bit y)
 
BigInt operator* (const BigInt &x, const BigInt &y)
 
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
 
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
 
BigInt operator+ (const BigInt &x, const BigInt &y)
 
OID operator+ (const OID &oid, u32bit component)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
donna128 operator+ (const donna128 &x, u64bit y)
 
OctetString operator+ (const OctetString &k1, const OctetString &k2)
 
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
BigInt operator- (const BigInt &x, const BigInt &y)
 
PointGFp operator- (const PointGFp &lhs)
 
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator/ (const BigInt &x, const BigInt &y)
 
bool operator< (const OID &a, const OID &b)
 
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator< (const X509_Time &t1, const X509_Time &t2)
 
bool operator< (const BigInt &a, const BigInt &b)
 
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
 
int operator<< (int fd, Pipe &pipe)
 
BigInt operator<< (const BigInt &x, size_t shift)
 
std::ostream & operator<< (std::ostream &os, const GeneralName &gn)
 
std::ostream & operator<< (std::ostream &os, const GeneralSubtree &gs)
 
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
 
BOTAN_DLL std::ostream & operator<< (std::ostream &out, Pipe &pipe)
 
bool operator<= (const X509_Time &t1, const X509_Time &t2)
 
bool operator<= (const BigInt &a, const BigInt &b)
 
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const OctetString &s1, const OctetString &s2)
 
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator== (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator== (const X509_Time &t1, const X509_Time &t2)
 
bool operator== (const BigInt &a, const BigInt &b)
 
bool operator> (const X509_Time &t1, const X509_Time &t2)
 
bool operator> (const BigInt &a, const BigInt &b)
 
bool operator>= (const X509_Time &t1, const X509_Time &t2)
 
bool operator>= (const BigInt &a, const BigInt &b)
 
int operator>> (int fd, Pipe &pipe)
 
std::istream & operator>> (std::istream &stream, BigInt &n)
 
BigInt operator>> (const BigInt &x, size_t shift)
 
std::istream & operator>> (std::istream &in, X509_DN &dn)
 
BOTAN_DLL std::istream & operator>> (std::istream &in, Pipe &pipe)
 
OctetString operator^ (const OctetString &k1, const OctetString &k2)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator^= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
ECIES_Flags operator| (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
template<typename Alloc >
PointGFp OS2ECP (const std::vector< byte, Alloc > &data, const CurveGFp &curve)
 
PointGFp OS2ECP (const byte data[], size_t data_len, const CurveGFp &curve)
 
std::vector< std::string > parse_algorithm_name (const std::string &namex)
 
std::vector< u32bitparse_asn1_oid (const std::string &oid)
 
secure_vector< bytepbes2_decrypt (const secure_vector< byte > &key_bits, const std::string &passphrase, const std::vector< byte > &params)
 
std::pair< AlgorithmIdentifier, std::vector< byte > > pbes2_encrypt (const secure_vector< byte > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
secure_vector< bytePGP_decode (DataSource &source, std::string &label, std::map< std::string, std::string > &headers)
 
secure_vector< bytePGP_decode (DataSource &source, std::string &label)
 
std::string PGP_encode (const byte input[], size_t length, const std::string &label, const std::map< std::string, std::string > &headers)
 
std::string PGP_encode (const byte input[], size_t length, const std::string &type)
 
std::vector< bytepkcs_hash_id (const std::string &name)
 
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
 
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
 
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
 
const BigIntprime_p521 ()
 
template<typename T >
std::vector< std::string > providers_of (const typename T::Spec &spec)
 
bool quick_check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
gf2m random_code_element (unsigned code_length, RandomNumberGenerator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)
 
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
 
std::map< std::string, std::string > BOTAN_DLL read_cfg (std::istream &is)
 
void redc_p521 (BigInt &x, secure_vector< word > &ws)
 
std::string replace_char (const std::string &str, char from_char, char to_char)
 
std::string replace_chars (const std::string &str, const std::set< char > &chars, char to_char)
 
BigInt BOTAN_DLL ressol (const BigInt &x, const BigInt &p)
 
u16bit reverse_bytes (u16bit val)
 
u32bit reverse_bytes (u32bit val)
 
u64bit reverse_bytes (u64bit val)
 
secure_vector< byterfc3394_keyunwrap (const secure_vector< byte > &key, const SymmetricKey &kek)
 
secure_vector< byterfc3394_keywrap (const secure_vector< byte > &key, const SymmetricKey &kek)
 
template<typename T >
rotate_left (T input, size_t rot)
 
template<typename T >
rotate_right (T input, size_t rot)
 
template<typename T >
round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (u32bit major, u32bit minor, u32bit patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
template<typename T >
void set_mem (T *ptr, size_t n, byte val)
 
template<typename T >
size_t significant_bytes (T n)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
 
BigInt square (const BigInt &x)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< byte > &salt, const BigInt &B, RandomNumberGenerator &rng)
 
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
 
void store_be (u16bit in, byte out[2])
 
void store_be (u32bit in, byte out[4])
 
void store_be (u64bit in, byte out[8])
 
template<typename T >
void store_be (byte out[], T x0, T x1)
 
template<typename T >
void store_be (byte out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_be (byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
void store_le (u16bit in, byte out[2])
 
void store_le (u32bit in, byte out[4])
 
void store_le (u64bit in, byte out[8])
 
template<typename T >
void store_le (byte out[], T x0, T x1)
 
template<typename T >
void store_le (byte out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_le (byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
u32bit string_to_ipv4 (const std::string &str)
 
BigInt sub_mul (const BigInt &a, const BigInt &b, const BigInt &c)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
RandomNumberGeneratorsystem_rng ()
 
u32bit timespec_to_u32bit (const std::string &timespec)
 
std::vector< byteto_byte_vector (const std::string &s)
 
std::string to_string (const secure_vector< byte > &bytes)
 
u32bit to_u32bit (const std::string &str)
 
template<typename T >
std::vector< T > unlock (const secure_vector< T > &in)
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
void verify_cert_constraints_valid_for_key_type (const Public_Key &pub_key, Key_Constraints constraints)
 
bool verify_prime (const BigInt &n, RandomNumberGenerator &rng)
 
const char * version_cstr ()
 
u32bit version_datestamp ()
 
u32bit version_major ()
 
u32bit version_minor ()
 
u32bit version_patch ()
 
std::string version_string ()
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
word word_madd2 (word a, word b, word *c)
 
word word_madd3 (word a, word b, word c, word *d)
 
word word_sub (word x, word y, word *carry)
 
bool x500_name_cmp (const std::string &name1, const std::string &name2)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &certstores, const std::string &hostname, Usage_Type usage)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &certstores, const std::string &hostname, Usage_Type usage)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage)
 
template<typename T >
void xor_buf (T out[], const T in[], size_t length)
 
template<typename T >
void xor_buf (T out[], const T in[], const T in2[], size_t length)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< byte, Alloc > &out, const std::vector< byte, Alloc2 > &in, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< byte, Alloc > &out, const byte *in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< byte, Alloc > &out, const byte *in, const std::vector< byte, Alloc2 > &in2, size_t n)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
BOTAN_DLL void zero_mem (void *ptr, size_t n)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const u32bit CAST_SBOX1 [256]
 
const u32bit CAST_SBOX2 [256]
 
const u32bit CAST_SBOX3 [256]
 
const u32bit CAST_SBOX4 [256]
 
const u64bit DES_FPTAB1 [256]
 
const u64bit DES_FPTAB2 [256]
 
const u64bit DES_IPTAB1 [256]
 
const u64bit DES_IPTAB2 [256]
 
const u32bit DES_SPBOX1 [256]
 
const u32bit DES_SPBOX2 [256]
 
const u32bit DES_SPBOX3 [256]
 
const u32bit DES_SPBOX4 [256]
 
const u32bit DES_SPBOX5 [256]
 
const u32bit DES_SPBOX6 [256]
 
const u32bit DES_SPBOX7 [256]
 
const u32bit DES_SPBOX8 [256]
 
const size_t HEX_CODEC_BUFFER_SIZE = 256
 
const size_t MP_WORD_BITS = BOTAN_MP_WORD_BITS
 
const word MP_WORD_MASK = ~static_cast<word>(0)
 
const word MP_WORD_MAX = MP_WORD_MASK
 
const word MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)
 
const size_t PRIME_TABLE_SIZE = 6541
 
const u16bit BOTAN_DLL PRIMES []
 

Detailed Description

(C) Copyright Projet SECRET, INRIA, Rocquencourt (C) Bhaskar Biswas and Nicolas Sendrier

(C) 2014 cryptosource GmbH (C) 2014 Falko Strenzke fstre.nosp@m.nzke.nosp@m.@cryp.nosp@m.toso.nosp@m.urce..nosp@m.de (C) 2015 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) Copyright Projet SECRET, INRIA, Rocquencourt (C) Bhaskar Biswas and Nicolas Sendrier

(C) 2014 cryptosource GmbH (C) 2014 Falko Strenzke fstre.nosp@m.nzke.nosp@m.@cryp.nosp@m.toso.nosp@m.urce..nosp@m.de

Botan is released under the Simplified BSD License (see license.txt)

(C) 2014 cryptosource GmbH (C) 2014 Falko Strenzke fstre.nosp@m.nzke.nosp@m.@cryp.nosp@m.toso.nosp@m.urce..nosp@m.de

Botan is released under the Simplified BSD License (see license.txt)

(C) Copyright Projet SECRET, INRIA, Rocquencourt (C) Bhaskar Biswas and Nicolas Sendrier (C) 2014 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

RDRAND RNG (C) 2016 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

Dynamically Loaded Object (C) 2010 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

The primary namespace for the botan library

Typedef Documentation

using Botan::byte = typedef std::uint8_t

Definition at line 31 of file types.h.

typedef EC_Group Botan::EC_Domain_Params

Definition at line 144 of file ec_group.h.

typedef limb Botan::felem[5]

Definition at line 40 of file donna.cpp.

typedef u16bit Botan::gf2m

Definition at line 20 of file gf2m_small_m.h.

using Botan::InitializationVector = typedef OctetString

Alternate name for octet string showing intent to use as an IV

Definition at line 141 of file symkey.h.

typedef u64bit Botan::limb

Definition at line 39 of file donna.cpp.

typedef MessageAuthenticationCode Botan::MAC

Definition at line 56 of file mac.h.

typedef PK_Key_Agreement_Key Botan::PK_KA_Key

Definition at line 143 of file pk_keys.h.

typedef Private_Key Botan::PKCS8_PrivateKey

Definition at line 145 of file pk_keys.h.

typedef RandomNumberGenerator Botan::RNG

Convenience typedef

Definition at line 166 of file rng.h.

using Botan::s32bit = typedef std::int32_t

Definition at line 35 of file types.h.

template<typename T >
using Botan::secure_deque = typedef std::deque<T, secure_allocator<T>>

Definition at line 102 of file secmem.h.

template<typename T >
using Botan::secure_vector = typedef std::vector<T, secure_allocator<T>>

Definition at line 101 of file secmem.h.

typedef SIMD_4x32 Botan::SIMD_32

Definition at line 482 of file simd_32.h.

using Botan::SymmetricKey = typedef OctetString

Alternate name for octet string showing intent to use as a key

Definition at line 136 of file symkey.h.

typedef Cipher_Mode_Filter Botan::Transform_Filter

Definition at line 67 of file cipher_filter.h.

typedef Transform_Filter Botan::Transformation_Filter

Definition at line 68 of file cipher_filter.h.

using Botan::u16bit = typedef std::uint16_t

Definition at line 32 of file types.h.

using Botan::u32bit = typedef std::uint32_t

Definition at line 33 of file types.h.

using Botan::u64bit = typedef std::uint64_t

Definition at line 34 of file types.h.

typedef byte Botan::u8

Definition at line 38 of file donna.cpp.

typedef donna128 Botan::uint128_t

Definition at line 43 of file donna.cpp.

typedef Public_Key Botan::X509_PublicKey

Definition at line 144 of file pk_keys.h.

Enumeration Type Documentation

enum Botan::ASN1_Tag

ASN.1 Type and Class Tags

Enumerator
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
UTC_OR_GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

Definition at line 22 of file asn1_obj.h.

22  {
23  UNIVERSAL = 0x00,
24  APPLICATION = 0x40,
25  CONTEXT_SPECIFIC = 0x80,
26 
27  CONSTRUCTED = 0x20,
28 
29  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC,
30 
31  EOC = 0x00,
32  BOOLEAN = 0x01,
33  INTEGER = 0x02,
34  BIT_STRING = 0x03,
35  OCTET_STRING = 0x04,
36  NULL_TAG = 0x05,
37  OBJECT_ID = 0x06,
38  ENUMERATED = 0x0A,
39  SEQUENCE = 0x10,
40  SET = 0x11,
41 
42  UTF8_STRING = 0x0C,
43  NUMERIC_STRING = 0x12,
44  PRINTABLE_STRING = 0x13,
45  T61_STRING = 0x14,
46  IA5_STRING = 0x16,
47  VISIBLE_STRING = 0x1A,
48  BMP_STRING = 0x1E,
49 
50  UTC_TIME = 0x17,
51  GENERALIZED_TIME = 0x18,
52  UTC_OR_GENERALIZED_TIME = 0x19,
53 
54  NO_OBJECT = 0xFF00,
55  DIRECTORY_STRING = 0xFF01
56 };
enum Botan::blake2b_constant
Enumerator
BLAKE2B_BLOCKBYTES 
BLAKE2B_OUTBYTES 
BLAKE2B_IVU64COUNT 

Definition at line 17 of file blake2b.h.

17  {
18  BLAKE2B_BLOCKBYTES = 128,
19  BLAKE2B_OUTBYTES = 64,
20  BLAKE2B_IVU64COUNT = 8
21 };
enum Botan::Certificate_Status_Code
strong
Enumerator
VERIFIED 
OCSP_RESPONSE_GOOD 
NO_REVOCATION_DATA 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 

Definition at line 13 of file cert_status.h.

13  {
14  VERIFIED = 0x00000000,
15  OCSP_RESPONSE_GOOD,
16  NO_REVOCATION_DATA,
17 
18  // Local policy failures
19  SIGNATURE_METHOD_TOO_WEAK = 1000,
20  UNTRUSTED_HASH,
21 
22  // Time problems
23  CERT_NOT_YET_VALID = 2000,
24  CERT_HAS_EXPIRED,
25  OCSP_NOT_YET_VALID,
26  OCSP_HAS_EXPIRED,
27  CRL_NOT_YET_VALID,
28  CRL_HAS_EXPIRED,
29 
30  // Chain generation problems
31  CERT_ISSUER_NOT_FOUND = 3000,
32  CANNOT_ESTABLISH_TRUST,
33 
34  CERT_CHAIN_LOOP,
35 
36  // Validation errors
37  POLICY_ERROR = 4000,
38  INVALID_USAGE,
39  CERT_CHAIN_TOO_LONG,
40  CA_CERT_NOT_FOR_CERT_ISSUER,
41  NAME_CONSTRAINT_ERROR,
42 
43  // Revocation errors
44  CA_CERT_NOT_FOR_CRL_ISSUER,
45  OCSP_CERT_NOT_LISTED,
46  OCSP_BAD_STATUS,
47 
48  CERT_NAME_NOMATCH,
49 
50  UNKNOWN_CRITICAL_EXTENSION,
51 
52  // Hard failures
53  CERT_IS_REVOKED = 5000,
54  CRL_BAD_SIGNATURE,
55  SIGNATURE_ERROR,
56 };
enum Botan::Character_Set

The different charsets (nominally) supported by Botan.

Enumerator
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

Definition at line 19 of file charset.h.

19  {
20  LOCAL_CHARSET,
21  UCS2_CHARSET,
22  UTF8_CHARSET,
23  LATIN1_CHARSET
24 };
enum Botan::Cipher_Dir

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

Definition at line 185 of file cipher_mode.h.

185 { ENCRYPTION, DECRYPTION };
enum Botan::CRL_Code

X.509v2 CRL Reason Code.

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 20 of file crl_ent.h.

20  {
21  UNSPECIFIED = 0,
22  KEY_COMPROMISE = 1,
23  CA_COMPROMISE = 2,
24  AFFILIATION_CHANGED = 3,
25  SUPERSEDED = 4,
26  CESSATION_OF_OPERATION = 5,
27  CERTIFICATE_HOLD = 6,
28  REMOVE_FROM_CRL = 8,
29  PRIVLEDGE_WITHDRAWN = 9,
30  AA_COMPROMISE = 10,
31 
32  DELETE_CRL_ENTRY = 0xFF00,
33  OCSP_GOOD = 0xFF01,
34  OCSP_UNKNOWN = 0xFF02
35 };
enum Botan::Decoder_Checking

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 179 of file filter.h.

179 { NONE, IGNORE_WS, FULL_CHECK };
enum Botan::EC_Group_Encoding

This class represents elliptic curce domain parameters

Enumerator
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 22 of file ec_group.h.

22  {
23  EC_DOMPAR_ENC_EXPLICIT = 0,
24  EC_DOMPAR_ENC_IMPLICITCA = 1,
25  EC_DOMPAR_ENC_OID = 2
26 };
enum Botan::ECIES_Flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

Definition at line 28 of file ecies.h.

28  : uint32_t
29  {
30  NONE = 0,
31 
32  /// if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key
33  SINGLE_HASH_MODE = 1,
34 
35  /// (decryption only) if set: use cofactor multiplication during (ecdh) key agreement
36  COFACTOR_MODE = 2,
37 
38  /// if set: use ecdhc instead of ecdh
39  OLD_COFACTOR_MODE = 4,
40 
41  /// (decryption only) if set: test if the (ephemeral) public key is on the curve
42  CHECK_MODE = 8
43  };
Botan::ECIES_Flags::CHECK_MODE
(decryption only) if set: test if the (ephemeral) public key is on the curve
Botan::ECIES_Flags::SINGLE_HASH_MODE
if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key ...
Botan::ECIES_Flags::OLD_COFACTOR_MODE
if set: use ecdhc instead of ecdh
Botan::ECIES_Flags::COFACTOR_MODE
(decryption only) if set: use cofactor multiplication during (ecdh) key agreement ...
enum Botan::Key_Constraints

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 20 of file key_constraint.h.

20  {
21  NO_CONSTRAINTS = 0,
22  DIGITAL_SIGNATURE = 1 << 15,
23  NON_REPUDIATION = 1 << 14,
24  KEY_ENCIPHERMENT = 1 << 13,
25  DATA_ENCIPHERMENT = 1 << 12,
26  KEY_AGREEMENT = 1 << 11,
27  KEY_CERT_SIGN = 1 << 10,
28  CRL_SIGN = 1 << 9,
29  ENCIPHER_ONLY = 1 << 8,
30  DECIPHER_ONLY = 1 << 7
31 };
CRL_SIGN
Definition: ffi.h:507
enum Botan::Signature_Format

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

Definition at line 24 of file pubkey.h.

24 { IEEE_1363, DER_SEQUENCE };
enum Botan::TPM_Storage_Type
strong
Enumerator
User 
System 

Definition at line 100 of file tpm.h.

100 { User, System };
enum Botan::Usage_Type
strong
Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 

Definition at line 24 of file x509cert.h.

25  {
26  UNSPECIFIED, // no restrictions
27  TLS_SERVER_AUTH,
28  TLS_CLIENT_AUTH,
29  CERTIFICATE_AUTHORITY,
30  OCSP_RESPONDER
31  };
enum Botan::X509_Encoding

The two types of X509 encoding supported by Botan.

Enumerator
RAW_BER 
PEM 

Definition at line 21 of file x509_key.h.

21 { RAW_BER, PEM };

Function Documentation

BigInt Botan::abs ( const BigInt n)
inline

Return the absolute value

Parameters
nan integer
Returns
absolute value of n

Definition at line 55 of file numthry.h.

References Botan::BigInt::abs(), almost_montgomery_inverse(), ct_inverse_mod_odd_modulus(), gcd(), inverse_mod(), is_prime(), jacobi(), lcm(), low_zero_bits(), monty_inverse(), normalized_montgomery_inverse(), power_mod(), ressol(), and square().

Referenced by Botan::BigInt::sign().

55 { return n.abs(); }
size_t BOTAN_DLL Botan::almost_montgomery_inverse ( BigInt result,
const BigInt a,
const BigInt b 
)

Return a^-1 * 2^k mod b Returns k, between n and 2n Not const time

Definition at line 90 of file numthry.cpp.

References Botan::BigInt::is_even().

Referenced by abs(), and normalized_montgomery_inverse().

93  {
94  size_t k = 0;
95 
96  BigInt u = p, v = a, r = 0, s = 1;
97 
98  while(v > 0)
99  {
100  if(u.is_even())
101  {
102  u >>= 1;
103  s <<= 1;
104  }
105  else if(v.is_even())
106  {
107  v >>= 1;
108  r <<= 1;
109  }
110  else if(u > v)
111  {
112  u -= v;
113  u >>= 1;
114  r += s;
115  s <<= 1;
116  }
117  else
118  {
119  v -= u;
120  v >>= 1;
121  s += r;
122  r <<= 1;
123  }
124 
125  ++k;
126  }
127 
128  if(r >= p)
129  {
130  r = r - p;
131  }
132 
133  result = p - r;
134 
135  return k;
136  }
void BOTAN_DLL Botan::aont_package ( RandomNumberGenerator rng,
BlockCipher cipher,
const byte  input[],
size_t  input_len,
byte  output[] 
)

Rivest's Package Tranform

Parameters
rngthe random number generator to use
cipherthe block cipher to use
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

Definition at line 16 of file package.cpp.

References Botan::OctetString::begin(), Botan::BlockCipher::block_size(), clear_mem(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

20  {
21  const size_t BLOCK_SIZE = cipher->block_size();
22 
23  if(!cipher->valid_keylength(BLOCK_SIZE))
24  throw Invalid_Argument("AONT::package: Invalid cipher");
25 
26  // The all-zero string which is used both as the CTR IV and as K0
27  const std::string all_zeros(BLOCK_SIZE*2, '0');
28 
29  SymmetricKey package_key(rng, BLOCK_SIZE);
30 
31  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
32 
33  pipe.process_msg(input, input_len);
34  pipe.read(output, pipe.remaining());
35 
36  // Set K0 (the all zero key)
37  cipher->set_key(SymmetricKey(all_zeros));
38 
39  secure_vector<byte> buf(BLOCK_SIZE);
40 
41  const size_t blocks =
42  (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
43 
44  byte* final_block = output + input_len;
45  clear_mem(final_block, BLOCK_SIZE);
46 
47  // XOR the hash blocks into the final block
48  for(size_t i = 0; i != blocks; ++i)
49  {
50  const size_t left = std::min<size_t>(BLOCK_SIZE,
51  input_len - BLOCK_SIZE * i);
52 
53  zeroise(buf);
54  copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);
55 
56  for(size_t j = 0; j != sizeof(i); ++j)
57  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
58 
59  cipher->encrypt(buf.data());
60 
61  xor_buf(final_block, buf.data(), BLOCK_SIZE);
62  }
63 
64  // XOR the random package key into the final block
65  xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
66  }
Botan::xor_buf
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90
Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
Botan::get_byte
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::SymmetricKey
OctetString SymmetricKey
Definition: symkey.h:136
Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:191
Botan::byte
std::uint8_t byte
Definition: types.h:31
void BOTAN_DLL Botan::aont_unpackage ( BlockCipher cipher,
const byte  input[],
size_t  input_len,
byte  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters
cipherthe block cipher to use
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

Definition at line 68 of file package.cpp.

References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

71  {
72  const size_t BLOCK_SIZE = cipher->block_size();
73 
74  if(!cipher->valid_keylength(BLOCK_SIZE))
75  throw Invalid_Argument("AONT::unpackage: Invalid cipher");
76 
77  if(input_len < BLOCK_SIZE)
78  throw Invalid_Argument("AONT::unpackage: Input too short");
79 
80  // The all-zero string which is used both as the CTR IV and as K0
81  const std::string all_zeros(BLOCK_SIZE*2, '0');
82 
83  cipher->set_key(SymmetricKey(all_zeros));
84 
85  secure_vector<byte> package_key(BLOCK_SIZE);
86  secure_vector<byte> buf(BLOCK_SIZE);
87 
88  // Copy the package key (masked with the block hashes)
89  copy_mem(package_key.data(),
90  input + (input_len - BLOCK_SIZE),
91  BLOCK_SIZE);
92 
93  const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
94 
95  // XOR the blocks into the package key bits
96  for(size_t i = 0; i != blocks; ++i)
97  {
98  const size_t left = std::min<size_t>(BLOCK_SIZE,
99  input_len - BLOCK_SIZE * (i+1));
100 
101  zeroise(buf);
102  copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);
103 
104  for(size_t j = 0; j != sizeof(i); ++j)
105  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
106 
107  cipher->encrypt(buf.data());
108 
109  xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
110  }
111 
112  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
113 
114  pipe.process_msg(input, input_len - BLOCK_SIZE);
115 
116  pipe.read(output, pipe.remaining());
117  }
Botan::xor_buf
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90
Botan::get_byte
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::SymmetricKey
OctetString SymmetricKey
Definition: symkey.h:136
Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:191
BOTAN_NORETURN void BOTAN_DLL Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails

Definition at line 13 of file assert.cpp.

18  {
19  std::ostringstream format;
20 
21  format << "False assertion ";
22 
23  if(assertion_made && assertion_made[0] != 0)
24  format << "'" << assertion_made << "' (expression " << expr_str << ") ";
25  else
26  format << expr_str << " ";
27 
28  if(func)
29  format << "in " << func << " ";
30 
31  format << "@" << file << ":" << line;
32 
33  throw Exception(format.str());
34  }
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least input_length*3/4 bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 100 of file base64.cpp.

References clear_mem().

Referenced by base64_decode(), base64_encode(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), Botan::SRP6_Authenticator_File::SRP6_Authenticator_File(), and Botan::Base64_Decoder::write().

106  {
107  /*
108  * Base64 Decoder Lookup Table
109  * Warning: assumes ASCII encodings
110  */
111  static const byte BASE64_TO_BIN[256] = {
112  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
113  0x80, 0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
114  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
115  0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
116  0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, 0x34, 0x35,
117  0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF,
118  0xFF, 0x81, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
119  0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
120  0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
121  0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C,
122  0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
123  0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
124  0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
127  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
129  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
131  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
132  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
133  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
134  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
135  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
136  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
137  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
138 
139  byte* out_ptr = output;
140  byte decode_buf[4];
141  size_t decode_buf_pos = 0;
142  size_t final_truncate = 0;
143 
144  clear_mem(output, input_length * 3 / 4);
145 
146  for(size_t i = 0; i != input_length; ++i)
147  {
148  const byte bin = BASE64_TO_BIN[static_cast<byte>(input[i])];
149 
150  if(bin <= 0x3F)
151  {
152  decode_buf[decode_buf_pos] = bin;
153  decode_buf_pos += 1;
154  }
155  else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws)))
156  {
157  std::string bad_char(1, input[i]);
158  if(bad_char == "\t")
159  bad_char = "\\t";
160  else if(bad_char == "\n")
161  bad_char = "\\n";
162  else if(bad_char == "\r")
163  bad_char = "\\r";
164 
165  throw Invalid_Argument(
166  std::string("base64_decode: invalid base64 character '") +
167  bad_char + "'");
168  }
169 
170  /*
171  * If we're at the end of the input, pad with 0s and truncate
172  */
173  if(final_inputs && (i == input_length - 1))
174  {
175  if(decode_buf_pos)
176  {
177  for(size_t j = decode_buf_pos; j != 4; ++j)
178  decode_buf[j] = 0;
179  final_truncate = (4 - decode_buf_pos);
180  decode_buf_pos = 4;
181  }
182  }
183 
184  if(decode_buf_pos == 4)
185  {
186  out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
187  out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
188  out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];
189 
190  out_ptr += 3;
191  decode_buf_pos = 0;
192  input_consumed = i+1;
193  }
194  }
195 
196  while(input_consumed < input_length &&
197  BASE64_TO_BIN[static_cast<byte>(input[input_consumed])] == 0x80)
198  {
199  ++input_consumed;
200  }
201 
202  size_t written = (out_ptr - output) - final_truncate;
203 
204  return written;
205  }
Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
Botan::byte
std::uint8_t byte
Definition: types.h:31
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least input_length*3/4 bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 207 of file base64.cpp.

References base64_decode().

211  {
212  size_t consumed = 0;
213  size_t written = base64_decode(output, input, input_length,
214  consumed, true, ignore_ws);
215 
216  if(consumed != input_length)
217  throw Invalid_Argument("base64_decode: input did not have full bytes");
218 
219  return written;
220  }
Botan::base64_decode
secure_vector< byte > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least input_length/3*4 bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 222 of file base64.cpp.

References base64_decode().

225  {
226  return base64_decode(output, input.data(), input.length(), ignore_ws);
227  }
Botan::base64_decode
secure_vector< byte > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
secure_vector< byte > BOTAN_DLL Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 229 of file base64.cpp.

References base64_decode(), and round_up().

232  {
233  const size_t output_length = (round_up(input_length, 4) * 3) / 4;
234  secure_vector<byte> bin(output_length);
235 
236  size_t written = base64_decode(bin.data(),
237  input,
238  input_length,
239  ignore_ws);
240 
241  bin.resize(written);
242  return bin;
243  }
Botan::base64_decode
secure_vector< byte > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
Botan::round_up
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
secure_vector< byte > BOTAN_DLL Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 245 of file base64.cpp.

References base64_decode().

247  {
248  return base64_decode(input.data(), input.size(), ignore_ws);
249  }
Botan::base64_decode
secure_vector< byte > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
size_t BOTAN_DLL Botan::base64_encode ( char  output[],
const byte  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters
outputan array of at least input_length*4/3 bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 35 of file base64.cpp.

Referenced by Botan::OCSP::Request::base64_encode(), base64_encode(), Botan::Base64_Encoder::Base64_Encoder(), Botan::PEM_Code::encode(), generate_passhash9(), and Botan::OCSP::Request::Request().

40  {
41  input_consumed = 0;
42 
43  size_t input_remaining = input_length;
44  size_t output_produced = 0;
45 
46  while(input_remaining >= 3)
47  {
48  do_base64_encode(out + output_produced, in + input_consumed);
49 
50  input_consumed += 3;
51  output_produced += 4;
52  input_remaining -= 3;
53  }
54 
55  if(final_inputs && input_remaining)
56  {
57  byte remainder[3] = { 0 };
58  for(size_t i = 0; i != input_remaining; ++i)
59  remainder[i] = in[input_consumed + i];
60 
61  do_base64_encode(out + output_produced, remainder);
62 
63  size_t empty_bits = 8 * (3 - input_remaining);
64  size_t index = output_produced + 4 - 1;
65  while(empty_bits >= 8)
66  {
67  out[index--] = '=';
68  empty_bits -= 6;
69  }
70 
71  input_consumed += input_remaining;
72  output_produced += 4;
73  }
74 
75  return output_produced;
76  }
Botan::byte
std::uint8_t byte
Definition: types.h:31
template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< byte, Alloc > &  input)

Perform base64 encoding

Parameters
inputsome input
Returns
base64adecimal representation of input

Definition at line 50 of file base64.h.

References base64_decode(), and base64_encode().

51  {
52  return base64_encode(input.data(), input.size());
53  }
Botan::base64_encode
std::string base64_encode(const std::vector< byte, Alloc > &input)
Definition: base64.h:50
std::string BOTAN_DLL Botan::base64_encode ( const byte  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base64adecimal representation of input

Definition at line 78 of file base64.cpp.

References base64_encode(), BOTAN_ASSERT_EQUAL, and round_up().

80  {
81  const size_t output_length = (round_up(input_length, 3) / 3) * 4;
82  std::string output(output_length, 0);
83 
84  size_t consumed = 0;
85  size_t produced = 0;
86 
87  if (output_length > 0)
88  {
89  produced = base64_encode(&output.front(),
90  input, input_length,
91  consumed, true);
92  }
93 
94  BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
95  BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
96 
97  return output;
98  }
Botan::base64_encode
std::string base64_encode(const byte input[], size_t input_length)
Definition: base64.cpp:78
BOTAN_ASSERT_EQUAL
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:40
Botan::round_up
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 138 of file mp_core.cpp.

References bigint_add2_nc().

Referenced by mul_add(), Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

139  {
140  if(bigint_add2_nc(x, x_size, y, y_size))
141  x[x_size] += 1;
142  }
Botan::bigint_add2_nc
word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:90
word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition with carry out

Definition at line 90 of file mp_core.cpp.

References BOTAN_ASSERT, word8_add2(), and word_add().

Referenced by bigint_add2().

91  {
92  word carry = 0;
93 
94  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
95 
96  const size_t blocks = y_size - (y_size % 8);
97 
98  for(size_t i = 0; i != blocks; i += 8)
99  carry = word8_add2(x + i, y + i, carry);
100 
101  for(size_t i = blocks; i != y_size; ++i)
102  x[i] = word_add(x[i], y[i], &carry);
103 
104  for(size_t i = y_size; i != x_size; ++i)
105  x[i] = word_add(x[i], 0, &carry);
106 
107  return carry;
108  }
Botan::word8_add2
word word8_add2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:138
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::word_add
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition

Definition at line 147 of file mp_core.cpp.

References bigint_add3_nc().

Referenced by operator+(), and operator-().

149  {
150  z[(x_size > y_size ? x_size : y_size)] +=
151  bigint_add3_nc(z, x, x_size, y, y_size);
152  }
Botan::bigint_add3_nc
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:113
word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition with carry out

Definition at line 113 of file mp_core.cpp.

References word8_add3(), and word_add().

Referenced by bigint_add3(), and redc_p521().

115  {
116  if(x_size < y_size)
117  { return bigint_add3_nc(z, y, y_size, x, x_size); }
118 
119  word carry = 0;
120 
121  const size_t blocks = y_size - (y_size % 8);
122 
123  for(size_t i = 0; i != blocks; i += 8)
124  carry = word8_add3(z + i, x + i, y + i, carry);
125 
126  for(size_t i = blocks; i != y_size; ++i)
127  z[i] = word_add(x[i], y[i], &carry);
128 
129  for(size_t i = y_size; i != x_size; ++i)
130  z[i] = word_add(x[i], 0, &carry);
131 
132  return carry;
133  }
Botan::bigint_add3_nc
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:113
Botan::word8_add3
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:200
Botan::word_add
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
s32bit Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Compare x and y

Definition at line 378 of file mp_core.cpp.

Referenced by Botan::BigInt::cmp(), operator+(), Botan::BigInt::operator+=(), operator-(), and Botan::BigInt::operator-=().

380  {
381  if(x_size < y_size) { return (-bigint_cmp(y, y_size, x, x_size)); }
382 
383  while(x_size > y_size)
384  {
385  if(x[x_size-1])
386  return 1;
387  x_size--;
388  }
389 
390  for(size_t i = x_size; i > 0; --i)
391  {
392  if(x[i-1] > y[i-1])
393  return 1;
394  if(x[i-1] < y[i-1])
395  return -1;
396  }
397 
398  return 0;
399  }
Botan::bigint_cmp
s32bit bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:378
BOTAN_DLL void Botan::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)

Definition at line 75 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

76  {
77  const word mask = CT::expand_mask(cnd);
78 
79  word carry = mask & 1;
80  for(size_t i = 0; i != size; ++i)
81  {
82  const word z = word_add(~x[i], 0, &carry);
83  x[i] = CT::select(mask, z, x[i]);
84  }
85  }
Botan::CT::expand_mask
T expand_mask(T x)
Definition: ct_utils.h:86
Botan::CT::select
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
Botan::word_add
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
BOTAN_DLL word Botan::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 39 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

40  {
41  const word mask = CT::expand_mask(cnd);
42 
43  word carry = 0;
44  for(size_t i = 0; i != size; ++i)
45  {
46  /*
47  Here we are relying on asm version of word_add being
48  a single addcl or equivalent. Fix this.
49  */
50  const word z = word_add(x[i], y[i], &carry);
51  x[i] = CT::select(mask, z, x[i]);
52  }
53 
54  return carry & mask;
55  }
Botan::CT::expand_mask
T expand_mask(T x)
Definition: ct_utils.h:86
Botan::CT::select
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
Botan::word_add
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
BOTAN_DLL word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 61 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_sub().

Referenced by ct_inverse_mod_odd_modulus().

62  {
63  const word mask = CT::expand_mask(cnd);
64 
65  word carry = 0;
66  for(size_t i = 0; i != size; ++i)
67  {
68  const word z = word_sub(x[i], y[i], &carry);
69  x[i] = CT::select(mask, z, x[i]);
70  }
71 
72  return carry & mask;
73  }
Botan::CT::expand_mask
T expand_mask(T x)
Definition: ct_utils.h:86
Botan::CT::select
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
Botan::word_sub
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
BOTAN_DLL void Botan::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)

Definition at line 22 of file mp_core.cpp.

References Botan::CT::expand_mask(), and Botan::CT::select().

Referenced by ct_inverse_mod_odd_modulus().

23  {
24  const word mask = CT::expand_mask(cnd);
25 
26  for(size_t i = 0; i != size; ++i)
27  {
28  word a = x[i];
29  word b = y[i];
30  x[i] = CT::select(mask, b, a);
31  y[i] = CT::select(mask, a, b);
32  }
33  }
Botan::CT::expand_mask
T expand_mask(T x)
Definition: ct_utils.h:86
Botan::CT::select
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 805 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

806  {
807  word w2 = 0, w1 = 0, w0 = 0;
808 
809  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
810  z[ 0] = w0; w0 = 0;
811 
812  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
813  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
814  z[ 1] = w1; w1 = 0;
815 
816  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
817  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
818  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
819  z[ 2] = w2; w2 = 0;
820 
821  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
822  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
823  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
824  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
825  z[ 3] = w0; w0 = 0;
826 
827  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
828  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
829  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
830  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
831  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
832  z[ 4] = w1; w1 = 0;
833 
834  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
835  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
836  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
837  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
838  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
839  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
840  z[ 5] = w2; w2 = 0;
841 
842  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
843  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
844  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
845  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
846  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
847  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
848  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
849  z[ 6] = w0; w0 = 0;
850 
851  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
852  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
853  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
854  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
855  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
856  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
857  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
858  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
859  z[ 7] = w1; w1 = 0;
860 
861  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
862  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
863  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
864  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
865  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
866  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
867  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
868  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
869  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
870  z[ 8] = w2; w2 = 0;
871 
872  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
873  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
874  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
875  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
876  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
877  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
878  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
879  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
880  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
881  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
882  z[ 9] = w0; w0 = 0;
883 
884  word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
885  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
886  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
887  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
888  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
889  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
890  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
891  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
892  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
893  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
894  word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
895  z[10] = w1; w1 = 0;
896 
897  word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
898  word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
899  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
900  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
901  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
902  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
903  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
904  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
905  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
906  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
907  word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
908  word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
909  z[11] = w2; w2 = 0;
910 
911  word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
912  word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
913  word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
914  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
915  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
916  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
917  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
918  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
919  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
920  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
921  word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
922  word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
923  word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
924  z[12] = w0; w0 = 0;
925 
926  word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
927  word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
928  word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
929  word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
930  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
931  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
932  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
933  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
934  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
935  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
936  word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
937  word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
938  word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
939  word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
940  z[13] = w1; w1 = 0;
941 
942  word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
943  word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
944  word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
945  word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
946  word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
947  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
948  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
949  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
950  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
951  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
952  word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
953  word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
954  word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
955  word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
956  word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
957  z[14] = w2; w2 = 0;
958 
959  word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
960  word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
961  word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
962  word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
963  word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
964  word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
965  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
966  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
967  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
968  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
969  word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
970  word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
971  word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
972  word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
973  word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
974  word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
975  z[15] = w0; w0 = 0;
976 
977  word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
978  word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
979  word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
980  word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
981  word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
982  word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
983  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
984  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
985  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
986  word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
987  word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
988  word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
989  word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
990  word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
991  word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
992  z[16] = w1; w1 = 0;
993 
994  word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
995  word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
996  word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
997  word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
998  word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
999  word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1000  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1001  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1002  word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1003  word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1004  word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1005  word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1006  word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1007  word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1008  z[17] = w2; w2 = 0;
1009 
1010  word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1011  word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1012  word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1013  word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1014  word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1015  word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1016  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1017  word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1018  word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1019  word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1020  word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1021  word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1022  word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1023  z[18] = w0; w0 = 0;
1024 
1025  word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1026  word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1027  word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1028  word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1029  word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1030  word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1031  word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1032  word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1033  word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1034  word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1035  word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1036  word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1037  z[19] = w1; w1 = 0;
1038 
1039  word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1040  word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1041  word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1042  word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1043  word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1044  word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1045  word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1046  word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1047  word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1048  word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1049  word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1050  z[20] = w2; w2 = 0;
1051 
1052  word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1053  word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1054  word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1055  word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1056  word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1057  word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1058  word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1059  word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1060  word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1061  word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1062  z[21] = w0; w0 = 0;
1063 
1064  word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1065  word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1066  word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1067  word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1068  word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1069  word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1070  word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1071  word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1072  word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1073  z[22] = w1; w1 = 0;
1074 
1075  word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1076  word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1077  word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1078  word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1079  word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1080  word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1081  word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1082  word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1083  z[23] = w2; w2 = 0;
1084 
1085  word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1086  word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1087  word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1088  word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1089  word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1090  word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1091  word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1092  z[24] = w0; w0 = 0;
1093 
1094  word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1095  word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1096  word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1097  word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1098  word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1099  word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1100  z[25] = w1; w1 = 0;
1101 
1102  word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1103  word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1104  word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1105  word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1106  word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1107  z[26] = w2; w2 = 0;
1108 
1109  word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1110  word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1111  word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1112  word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1113  z[27] = w0; w0 = 0;
1114 
1115  word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1116  word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1117  word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1118  z[28] = w1; w1 = 0;
1119 
1120  word3_muladd(&w1, &w0, &w2, x[14], y[15]);
1121  word3_muladd(&w1, &w0, &w2, x[15], y[14]);
1122  z[29] = w2; w2 = 0;
1123 
1124  word3_muladd(&w2, &w1, &w0, x[15], y[15]);
1125  z[30] = w0;
1126  z[31] = w1;
1127  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

Definition at line 50 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

51  {
52  word w2 = 0, w1 = 0, w0 = 0;
53 
54  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
55  z[ 0] = w0; w0 = 0;
56 
57  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
58  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
59  z[ 1] = w1; w1 = 0;
60 
61  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
62  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
63  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
64  z[ 2] = w2; w2 = 0;
65 
66  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
67  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
68  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
69  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
70  z[ 3] = w0; w0 = 0;
71 
72  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
73  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
74  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
75  z[ 4] = w1; w1 = 0;
76 
77  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
78  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
79  z[ 5] = w2; w2 = 0;
80 
81  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
82  z[ 6] = w0;
83  z[ 7] = w1;
84  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

Definition at line 141 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

142  {
143  word w2 = 0, w1 = 0, w0 = 0;
144 
145  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
146  z[ 0] = w0; w0 = 0;
147 
148  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
149  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
150  z[ 1] = w1; w1 = 0;
151 
152  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
153  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
154  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
155  z[ 2] = w2; w2 = 0;
156 
157  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
158  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
159  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
160  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
161  z[ 3] = w0; w0 = 0;
162 
163  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
164  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
165  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
166  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
167  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
168  z[ 4] = w1; w1 = 0;
169 
170  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
171  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
172  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
173  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
174  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
175  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
176  z[ 5] = w2; w2 = 0;
177 
178  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
179  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
180  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
181  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
182  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
183  z[ 6] = w0; w0 = 0;
184 
185  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
186  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
187  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
188  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
189  z[ 7] = w1; w1 = 0;
190 
191  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
192  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
193  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
194  z[ 8] = w2; w2 = 0;
195 
196  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
197  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
198  z[ 9] = w0; w0 = 0;
199 
200  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
201  z[10] = w1;
202  z[11] = w2;
203  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

Definition at line 283 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

284  {
285  word w2 = 0, w1 = 0, w0 = 0;
286 
287  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
288  z[ 0] = w0; w0 = 0;
289 
290  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
291  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
292  z[ 1] = w1; w1 = 0;
293 
294  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
295  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
296  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
297  z[ 2] = w2; w2 = 0;
298 
299  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
300  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
301  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
302  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
303  z[ 3] = w0; w0 = 0;
304 
305  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
306  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
307  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
308  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
309  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
310  z[ 4] = w1; w1 = 0;
311 
312  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
313  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
314  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
315  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
316  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
317  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
318  z[ 5] = w2; w2 = 0;
319 
320  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
321  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
322  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
323  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
324  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
325  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
326  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
327  z[ 6] = w0; w0 = 0;
328 
329  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
330  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
331  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
332  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
333  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
334  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
335  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
336  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
337  z[ 7] = w1; w1 = 0;
338 
339  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
340  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
341  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
342  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
343  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
344  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
345  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
346  z[ 8] = w2; w2 = 0;
347 
348  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
349  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
350  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
351  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
352  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
353  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
354  z[ 9] = w0; w0 = 0;
355 
356  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
357  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
358  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
359  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
360  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
361  z[10] = w1; w1 = 0;
362 
363  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
364  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
365  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
366  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
367  z[11] = w2; w2 = 0;
368 
369  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
370  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
371  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
372  z[12] = w0; w0 = 0;
373 
374  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
375  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
376  z[13] = w1; w1 = 0;
377 
378  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
379  z[14] = w2;
380  z[15] = w0;
381  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul9 ( word  z[18],
const word  x[9],
const word  y[9] 
)

Definition at line 474 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

475  {
476  word w2 = 0, w1 = 0, w0 = 0;
477 
478  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
479  z[ 0] = w0; w0 = 0;
480 
481  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
482  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
483  z[ 1] = w1; w1 = 0;
484 
485  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
486  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
487  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
488  z[ 2] = w2; w2 = 0;
489 
490  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
491  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
492  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
493  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
494  z[ 3] = w0; w0 = 0;
495 
496  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
497  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
498  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
499  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
500  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
501  z[ 4] = w1; w1 = 0;
502 
503  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
504  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
505  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
506  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
507  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
508  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
509  z[ 5] = w2; w2 = 0;
510 
511  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
512  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
513  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
514  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
515  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
516  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
517  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
518  z[ 6] = w0; w0 = 0;
519 
520  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
521  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
522  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
523  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
524  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
525  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
526  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
527  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
528  z[ 7] = w1; w1 = 0;
529 
530  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
531  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
532  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
533  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
534  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
535  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
536  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
537  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
538  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
539  z[ 8] = w2; w2 = 0;
540 
541  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
542  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
543  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
544  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
545  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
546  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
547  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
548  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
549  z[ 9] = w0; w0 = 0;
550 
551  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
552  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
553  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
554  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
555  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
556  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
557  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
558  z[10] = w1; w1 = 0;
559 
560  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
561  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
562  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
563  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
564  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
565  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
566  z[11] = w2; w2 = 0;
567 
568  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
569  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
570  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
571  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
572  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
573  z[12] = w0; w0 = 0;
574 
575  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
576  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
577  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
578  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
579  z[13] = w1; w1 = 0;
580 
581  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
582  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
583  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
584  z[14] = w2; w2 = 0;
585 
586  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
587  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
588  z[15] = w0; w0 = 0;
589 
590  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
591  z[16] = w1;
592  z[17] = w2;
593  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_sqr16 ( word  z[32],
const word  x[16] 
)

Definition at line 598 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

599  {
600  word w2 = 0, w1 = 0, w0 = 0;
601 
602  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
603  z[ 0] = w0; w0 = 0;
604 
605  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
606  z[ 1] = w1; w1 = 0;
607 
608  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
609  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
610  z[ 2] = w2; w2 = 0;
611 
612  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
613  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
614  z[ 3] = w0; w0 = 0;
615 
616  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
617  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
618  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
619  z[ 4] = w1; w1 = 0;
620 
621  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
622  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
623  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
624  z[ 5] = w2; w2 = 0;
625 
626  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
627  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
628  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
629  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
630  z[ 6] = w0; w0 = 0;
631 
632  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
633  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
634  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
635  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
636  z[ 7] = w1; w1 = 0;
637 
638  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
639  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
640  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
641  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
642  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
643  z[ 8] = w2; w2 = 0;
644 
645  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
646  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
647  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
648  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
649  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
650  z[ 9] = w0; w0 = 0;
651 
652  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
653  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
654  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
655  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
656  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
657  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
658  z[10] = w1; w1 = 0;
659 
660  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
661  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
662  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
663  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
664  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
665  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
666  z[11] = w2; w2 = 0;
667 
668  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
669  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
670  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[10]);
671  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]);
672  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
673  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
674  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
675  z[12] = w0; w0 = 0;
676 
677  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
678  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
679  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
680  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
681  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
682  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
683  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
684  z[13] = w1; w1 = 0;
685 
686  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
687  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
688  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
689  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
690  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
691  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
692  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
693  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
694  z[14] = w2; w2 = 0;
695 
696  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
697  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
698  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[13]);
699  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[12]);
700  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[11]);
701  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
702  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
703  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
704  z[15] = w0; w0 = 0;
705 
706  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
707  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
708  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
709  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
710  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
711  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
712  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
713  word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
714  z[16] = w1; w1 = 0;
715 
716  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
717  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
718  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
719  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
720  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
721  word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
722  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
723  z[17] = w2; w2 = 0;
724 
725  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
726  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
727  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[13]);
728  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]);
729  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
730  word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
731  word3_muladd (&w2, &w1, &w0, x[ 9], x[ 9]);
732  z[18] = w0; w0 = 0;
733 
734  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
735  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
736  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
737  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
738  word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
739  word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
740  z[19] = w1; w1 = 0;
741 
742  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
743  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
744  word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
745  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
746  word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
747  word3_muladd (&w1, &w0, &w2, x[10], x[10]);
748  z[20] = w2; w2 = 0;
749 
750  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
751  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
752  word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
753  word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
754  word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
755  z[21] = w0; w0 = 0;
756 
757  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
758  word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
759  word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
760  word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
761  word3_muladd (&w0, &w2, &w1, x[11], x[11]);
762  z[22] = w1; w1 = 0;
763 
764  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
765  word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
766  word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
767  word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
768  z[23] = w2; w2 = 0;
769 
770  word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
771  word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
772  word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
773  word3_muladd (&w2, &w1, &w0, x[12], x[12]);
774  z[24] = w0; w0 = 0;
775 
776  word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
777  word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
778  word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
779  z[25] = w1; w1 = 0;
780 
781  word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
782  word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
783  word3_muladd (&w1, &w0, &w2, x[13], x[13]);
784  z[26] = w2; w2 = 0;
785 
786  word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
787  word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
788  z[27] = w0; w0 = 0;
789 
790  word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
791  word3_muladd (&w0, &w2, &w1, x[14], x[14]);
792  z[28] = w1; w1 = 0;
793 
794  word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
795  z[29] = w2; w2 = 0;
796 
797  word3_muladd (&w2, &w1, &w0, x[15], x[15]);
798  z[30] = w0;
799  z[31] = w1;
800  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
Botan::word3_muladd_2
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr4 ( word  z[8],
const word  x[4] 
)

Definition at line 17 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

18  {
19  word w2 = 0, w1 = 0, w0 = 0;
20 
21  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
22  z[ 0] = w0; w0 = 0;
23 
24  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
25  z[ 1] = w1; w1 = 0;
26 
27  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
28  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
29  z[ 2] = w2; w2 = 0;
30 
31  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
32  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
33  z[ 3] = w0; w0 = 0;
34 
35  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
36  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
37  z[ 4] = w1; w1 = 0;
38 
39  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
40  z[ 5] = w2; w2 = 0;
41 
42  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
43  z[ 6] = w0;
44  z[ 7] = w1;
45  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
Botan::word3_muladd_2
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr6 ( word  z[12],
const word  x[6] 
)

Definition at line 89 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

90  {
91  word w2 = 0, w1 = 0, w0 = 0;
92 
93  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
94  z[ 0] = w0; w0 = 0;
95 
96  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
97  z[ 1] = w1; w1 = 0;
98 
99  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
100  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
101  z[ 2] = w2; w2 = 0;
102 
103  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
104  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
105  z[ 3] = w0; w0 = 0;
106 
107  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
108  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
109  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
110  z[ 4] = w1; w1 = 0;
111 
112  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
113  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
114  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
115  z[ 5] = w2; w2 = 0;
116 
117  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
118  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
119  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
120  z[ 6] = w0; w0 = 0;
121 
122  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
123  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
124  z[ 7] = w1; w1 = 0;
125 
126  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
127  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
128  z[ 8] = w2; w2 = 0;
129 
130  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
131  z[ 9] = w0; w0 = 0;
132 
133  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
134  z[10] = w1;
135  z[11] = w2;
136  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
Botan::word3_muladd_2
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr8 ( word  z[16],
const word  x[8] 
)

Definition at line 208 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

209  {
210  word w2 = 0, w1 = 0, w0 = 0;
211 
212  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
213  z[ 0] = w0; w0 = 0;
214 
215  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
216  z[ 1] = w1; w1 = 0;
217 
218  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
219  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
220  z[ 2] = w2; w2 = 0;
221 
222  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
223  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
224  z[ 3] = w0; w0 = 0;
225 
226  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
227  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
228  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
229  z[ 4] = w1; w1 = 0;
230 
231  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
232  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
233  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
234  z[ 5] = w2; w2 = 0;
235 
236  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
237  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
238  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
239  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
240  z[ 6] = w0; w0 = 0;
241 
242  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
243  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
244  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
245  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
246  z[ 7] = w1; w1 = 0;
247 
248  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
249  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
250  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
251  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
252  z[ 8] = w2; w2 = 0;
253 
254  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
255  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
256  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
257  z[ 9] = w0; w0 = 0;
258 
259  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
260  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
261  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
262  z[10] = w1; w1 = 0;
263 
264  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
265  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
266  z[11] = w2; w2 = 0;
267 
268  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
269  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
270  z[12] = w0; w0 = 0;
271 
272  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
273  z[13] = w1; w1 = 0;
274 
275  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
276  z[14] = w2;
277  z[15] = w0;
278  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
Botan::word3_muladd_2
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr9 ( word  z[18],
const word  x[9] 
)

Definition at line 386 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

387  {
388  word w2 = 0, w1 = 0, w0 = 0;
389 
390  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
391  z[ 0] = w0; w0 = 0;
392 
393  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
394  z[ 1] = w1; w1 = 0;
395 
396  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
397  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
398  z[ 2] = w2; w2 = 0;
399 
400  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
401  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
402  z[ 3] = w0; w0 = 0;
403 
404  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
405  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
406  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
407  z[ 4] = w1; w1 = 0;
408 
409  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
410  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
411  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
412  z[ 5] = w2; w2 = 0;
413 
414  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
415  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
416  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
417  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
418  z[ 6] = w0; w0 = 0;
419 
420  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
421  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
422  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
423  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
424  z[ 7] = w1; w1 = 0;
425 
426  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
427  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
428  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
429  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
430  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
431  z[ 8] = w2; w2 = 0;
432 
433  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
434  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
435  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
436  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
437  z[ 9] = w0; w0 = 0;
438 
439  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
440  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
441  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
442  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
443  z[10] = w1; w1 = 0;
444 
445  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
446  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
447  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
448  z[11] = w2; w2 = 0;
449 
450  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
451  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
452  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
453  z[12] = w0; w0 = 0;
454 
455  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
456  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
457  z[13] = w1; w1 = 0;
458 
459  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
460  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
461  z[14] = w2; w2 = 0;
462 
463  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
464  z[15] = w0; w0 = 0;
465 
466  word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
467  z[16] = w1;
468  z[17] = w2;
469  }
Botan::word3_muladd
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
Botan::word3_muladd_2
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
word Botan::bigint_divop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) / d

Definition at line 404 of file mp_core.cpp.

References MP_WORD_BITS, and MP_WORD_TOP_BIT.

Referenced by bigint_modop(), divide(), and monty_inverse().

405  {
406  if(d == 0)
407  throw Invalid_Argument("bigint_divop divide by zero");
408 
409  word high = n1 % d, quotient = 0;
410 
411  for(size_t i = 0; i != MP_WORD_BITS; ++i)
412  {
413  word high_top_bit = (high & MP_WORD_TOP_BIT);
414 
415  high <<= 1;
416  high |= (n0 >> (MP_WORD_BITS-1-i)) & 1;
417  quotient <<= 1;
418 
419  if(high_top_bit || high >= d)
420  {
421  high -= d;
422  quotient |= 1;
423  }
424  }
425 
426  return quotient;
427  }
Botan::MP_WORD_TOP_BIT
const word MP_WORD_TOP_BIT
Definition: mp_types.h:28
Botan::MP_WORD_BITS
const size_t MP_WORD_BITS
Definition: mp_core.h:19
void Botan::bigint_linmul2 ( word  x[],
size_t  x_size,
word  y 
)

Definition at line 222 of file mp_core.cpp.

References word8_linmul2(), and word_madd2().

Referenced by Botan::BigInt::operator*=().

223  {
224  const size_t blocks = x_size - (x_size % 8);
225 
226  word carry = 0;
227 
228  for(size_t i = 0; i != blocks; i += 8)
229  carry = word8_linmul2(x + i, y, carry);
230 
231  for(size_t i = blocks; i != x_size; ++i)
232  x[i] = word_madd2(x[i], y, &carry);
233 
234  x[x_size] = carry;
235  }
Botan::word_madd2
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
Botan::word8_linmul2
word word8_linmul2(word x[8], word y, word carry)
Definition: mp_asmi.h:488
void Botan::bigint_linmul3 ( word  z[],
const word  x[],
size_t  x_size,
word  y 
)

Definition at line 240 of file mp_core.cpp.

References word8_linmul3(), and word_madd2().

Referenced by bigint_mul(), bigint_sqr(), operator*(), and Botan::BigInt::operator*=().

241  {
242  const size_t blocks = x_size - (x_size % 8);
243 
244  word carry = 0;
245 
246  for(size_t i = 0; i != blocks; i += 8)
247  carry = word8_linmul3(z + i, x + i, y, carry);
248 
249  for(size_t i = blocks; i != x_size; ++i)
250  z[i] = word_madd2(x[i], y, &carry);
251 
252  z[x_size] = carry;
253  }
Botan::word8_linmul3
word word8_linmul3(word z[8], const word x[8], word y, word carry)
Definition: mp_asmi.h:585
Botan::word_madd2
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word Botan::bigint_modop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) % d

Definition at line 432 of file mp_core.cpp.

References bigint_divop(), and word_madd2().

Referenced by operator%(), and Botan::BigInt::operator%=().

433  {
434  word z = bigint_divop(n1, n0, d);
435  word dummy = 0;
436  z = word_madd2(z, d, &dummy);
437  return (n0-z);
438  }
Botan::bigint_divop
word bigint_divop(word n1, word n0, word d)
Definition: mp_core.cpp:404
Botan::word_madd2
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
void Botan::bigint_monty_mul ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 95 of file mp_monty.cpp.

References bigint_monty_redc(), and bigint_mul().

Referenced by Botan::Montgomery_Exponentiator::execute(), and Botan::Montgomery_Exponentiator::set_base().

100  {
101  bigint_mul(&z[0], z_size, &ws[0],
102  &x[0], x_size, x_sw,
103  &y[0], y_size, y_sw);
104 
105  bigint_monty_redc(&z[0],
106  &p[0], p_size, p_dash,
107  &ws[0]);
108  }
Botan::bigint_mul
void bigint_mul(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw)
Definition: mp_karat.cpp:255
Botan::bigint_monty_redc
void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, word workspace[])
Definition: mp_monty.cpp:20
void Botan::bigint_monty_redc ( word  z[],
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Montgomery Reduction

Parameters
zinteger to reduce, of size exactly 2*(p_size+1). Output is in the first p_size+1 words, higher words are set to zero.
pmodulus
p_sizesize of p
p_dashMontgomery value
workspacearray of at least 2*(p_size+1) words

Definition at line 20 of file mp_monty.cpp.

References BOTAN_ASSERT, clear_mem(), Botan::CT::conditional_copy_mem(), copy_mem(), Botan::CT::poison(), Botan::CT::unpoison(), word8_madd3(), word_madd3(), and word_sub().

Referenced by bigint_monty_mul(), bigint_monty_sqr(), and Botan::Montgomery_Exponentiator::execute().

23  {
24  const size_t z_size = 2*(p_size+1);
25 
26  CT::poison(z, z_size);
27  CT::poison(p, p_size);
28  CT::poison(ws, 2*(p_size+1));
29 
30  const size_t blocks_of_8 = p_size - (p_size % 8);
31 
32  for(size_t i = 0; i != p_size; ++i)
33  {
34  word* z_i = z + i;
35 
36  const word y = z_i[0] * p_dash;
37 
38  /*
39  bigint_linmul3(ws, p, p_size, y);
40  bigint_add2(z_i, z_size - i, ws, p_size+1);
41  */
42 
43  word carry = 0;
44 
45  for(size_t j = 0; j != blocks_of_8; j += 8)
46  carry = word8_madd3(z_i + j, p + j, y, carry);
47 
48  for(size_t j = blocks_of_8; j != p_size; ++j)
49  z_i[j] = word_madd3(p[j], y, z_i[j], &carry);
50 
51  word z_sum = z_i[p_size] + carry;
52  carry = (z_sum < z_i[p_size]);
53  z_i[p_size] = z_sum;
54 
55  for(size_t j = p_size + 1; j < z_size - i; ++j)
56  {
57  z_i[j] += carry;
58  carry = carry & !z_i[j];
59  }
60  }
61 
62  /*
63  * The result might need to be reduced mod p. To avoid a timing
64  * channel, always perform the subtraction. If in the compution
65  * of x - p a borrow is required then x was already < p.
66  *
67  * x - p starts at ws[0] and is p_size+1 bytes long
68  * x starts at ws[p_size+1] and is also p_size+1 bytes log
69  * (that's the copy_mem)
70  *
71  * Select which address to copy from indexing off of the final
72  * borrow.
73  */
74 
75  word borrow = 0;
76  for(size_t i = 0; i != p_size; ++i)
77  ws[i] = word_sub(z[p_size + i], p[i], &borrow);
78 
79  ws[p_size] = word_sub(z[p_size+p_size], 0, &borrow);
80 
81  copy_mem(ws + p_size + 1, z + p_size, p_size + 1);
82 
83  CT::conditional_copy_mem(borrow, z, ws + (p_size + 1), ws, (p_size + 1));
84  clear_mem(z + p_size + 1, z_size - p_size - 1);
85 
86  CT::unpoison(z, z_size);
87  CT::unpoison(p, p_size);
88  CT::unpoison(ws, 2*(p_size+1));
89 
90  // This check comes after we've used it but that's ok here
91  CT::unpoison(&borrow, 1);
92  BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow");
93  }
Botan::CT::conditional_copy_mem
void conditional_copy_mem(T value, T *to, const T *from0, const T *from1, size_t elems)
Definition: ct_utils.h:138
Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
Botan::word_madd3
word word_madd3(word a, word b, word c, word *d)
Definition: mp_madd.h:105
Botan::CT::poison
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::word8_madd3
word word8_madd3(word z[8], const word x[8], word y, word carry)
Definition: mp_asmi.h:681
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::word_sub
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
Botan::CT::unpoison
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57
void Botan::bigint_monty_sqr ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 110 of file mp_monty.cpp.

References bigint_monty_redc(), and bigint_sqr().

Referenced by Botan::Montgomery_Exponentiator::execute().

114  {
115  bigint_sqr(&z[0], z_size, &ws[0],
116  &x[0], x_size, x_sw);
117 
118  bigint_monty_redc(&z[0],
119  &p[0], p_size, p_dash,
120  &ws[0]);
121  }
Botan::bigint_sqr
void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
Definition: mp_karat.cpp:315
Botan::bigint_monty_redc
void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, word workspace[])
Definition: mp_monty.cpp:20
void Botan::bigint_mul ( word  z[],
size_t  z_size,
word  workspace[],
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw 
)

Definition at line 255 of file mp_karat.cpp.

References bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_linmul3(), and BOTAN_ASSERT.

Referenced by bigint_monty_mul(), mul_add(), operator*(), and Botan::BigInt::operator*=().

258  {
259  // checking that z_size >= x_sw + y_sw without overflow
260  BOTAN_ASSERT(z_size > x_sw && z_size > y_sw && z_size-x_sw >= y_sw, "Output size is sufficient");
261 
262  if(x_sw == 1)
263  {
264  bigint_linmul3(z, y, y_sw, x[0]);
265  }
266  else if(y_sw == 1)
267  {
268  bigint_linmul3(z, x, x_sw, y[0]);
269  }
270  else if(x_sw <= 4 && x_size >= 4 &&
271  y_sw <= 4 && y_size >= 4 && z_size >= 8)
272  {
273  bigint_comba_mul4(z, x, y);
274  }
275  else if(x_sw <= 6 && x_size >= 6 &&
276  y_sw <= 6 && y_size >= 6 && z_size >= 12)
277  {
278  bigint_comba_mul6(z, x, y);
279  }
280  else if(x_sw <= 8 && x_size >= 8 &&
281  y_sw <= 8 && y_size >= 8 && z_size >= 16)
282  {
283  bigint_comba_mul8(z, x, y);
284  }
285  else if(x_sw <= 9 && x_size >= 9 &&
286  y_sw <= 9 && y_size >= 9 && z_size >= 18)
287  {
288  bigint_comba_mul9(z, x, y);
289  }
290  else if(x_sw <= 16 && x_size >= 16 &&
291  y_sw <= 16 && y_size >= 16 && z_size >= 32)
292  {
293  bigint_comba_mul16(z, x, y);
294  }
295  else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
296  y_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
297  !workspace)
298  {
299  basecase_mul(z, x, x_sw, y, y_sw);
300  }
301  else
302  {
303  const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw);
304 
305  if(N)
306  karatsuba_mul(z, x, y, N, workspace);
307  else
308  basecase_mul(z, x, x_sw, y, y_sw);
309  }
310  }
Botan::bigint_comba_mul4
void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
Definition: mp_comba.cpp:50
Botan::bigint_comba_mul9
void bigint_comba_mul9(word z[18], const word x[9], const word y[9])
Definition: mp_comba.cpp:474
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::bigint_linmul3
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition: mp_core.cpp:240
Botan::bigint_comba_mul8
void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
Definition: mp_comba.cpp:283
Botan::bigint_comba_mul16
void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
Definition: mp_comba.cpp:805
Botan::bigint_comba_mul6
void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
Definition: mp_comba.cpp:141
void Botan::bigint_shl1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 258 of file mp_core.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by Botan::BigInt::operator-=(), and Botan::BigInt::operator<<=().

259  {
260  if(word_shift)
261  {
262  copy_mem(x + word_shift, x, x_size);
263  clear_mem(x, word_shift);
264  }
265 
266  if(bit_shift)
267  {
268  word carry = 0;
269  for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
270  {
271  word temp = x[j];
272  x[j] = (temp << bit_shift) | carry;
273  carry = (temp >> (MP_WORD_BITS - bit_shift));
274  }
275  }
276  }
Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::MP_WORD_BITS
const size_t MP_WORD_BITS
Definition: mp_core.h:19
void Botan::bigint_shl2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 336 of file mp_core.cpp.

References MP_WORD_BITS.

Referenced by operator-(), and operator<<().

338  {
339  for(size_t j = 0; j != x_size; ++j)
340  y[j + word_shift] = x[j];
341  if(bit_shift)
342  {
343  word carry = 0;
344  for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
345  {
346  word w = y[j];
347  y[j] = (w << bit_shift) | carry;
348  carry = (w >> (MP_WORD_BITS - bit_shift));
349  }
350  }
351  }
Botan::MP_WORD_BITS
const size_t MP_WORD_BITS
Definition: mp_core.h:19
void Botan::bigint_shr1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 281 of file mp_core.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by ct_inverse_mod_odd_modulus(), and Botan::BigInt::operator>>=().

282  {
283  if(x_size < word_shift)
284  {
285  clear_mem(x, x_size);
286  return;
287  }
288 
289  if(word_shift)
290  {
291  copy_mem(x, x + word_shift, x_size - word_shift);
292  clear_mem(x + x_size - word_shift, word_shift);
293  }
294 
295  if(bit_shift)
296  {
297  word carry = 0;
298 
299  size_t top = x_size - word_shift;
300 
301  while(top >= 4)
302  {
303  word w = x[top-1];
304  x[top-1] = (w >> bit_shift) | carry;
305  carry = (w << (MP_WORD_BITS - bit_shift));
306 
307  w = x[top-2];
308  x[top-2] = (w >> bit_shift) | carry;
309  carry = (w << (MP_WORD_BITS - bit_shift));
310 
311  w = x[top-3];
312  x[top-3] = (w >> bit_shift) | carry;
313  carry = (w << (MP_WORD_BITS - bit_shift));
314 
315  w = x[top-4];
316  x[top-4] = (w >> bit_shift) | carry;
317  carry = (w << (MP_WORD_BITS - bit_shift));
318 
319  top -= 4;
320  }
321 
322  while(top)
323  {
324  word w = x[top-1];
325  x[top-1] = (w >> bit_shift) | carry;
326  carry = (w << (MP_WORD_BITS - bit_shift));
327 
328  top--;
329  }
330  }
331  }
Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::MP_WORD_BITS
const size_t MP_WORD_BITS
Definition: mp_core.h:19
void Botan::bigint_shr2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 356 of file mp_core.cpp.

References MP_WORD_BITS.

Referenced by operator>>(), and redc_p521().

358  {
359  if(x_size < word_shift) return;
360 
361  for(size_t j = 0; j != x_size - word_shift; ++j)
362  y[j] = x[j + word_shift];
363  if(bit_shift)
364  {
365  word carry = 0;
366  for(size_t j = x_size - word_shift; j > 0; --j)
367  {
368  word w = y[j-1];
369  y[j-1] = (w >> bit_shift) | carry;
370  carry = (w << (MP_WORD_BITS - bit_shift));
371  }
372  }
373  }
Botan::MP_WORD_BITS
const size_t MP_WORD_BITS
Definition: mp_core.h:19
void Botan::bigint_sqr ( word  z[],
size_t  z_size,
word  workspace[],
const word  x[],
size_t  x_size,
size_t  x_sw 
)

Definition at line 315 of file mp_karat.cpp.

References bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_linmul3(), and BOTAN_ASSERT.

Referenced by bigint_monty_sqr(), and square().

317  {
318  BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient");
319 
320  if(x_sw == 1)
321  {
322  bigint_linmul3(z, x, x_sw, x[0]);
323  }
324  else if(x_sw <= 4 && x_size >= 4 && z_size >= 8)
325  {
326  bigint_comba_sqr4(z, x);
327  }
328  else if(x_sw <= 6 && x_size >= 6 && z_size >= 12)
329  {
330  bigint_comba_sqr6(z, x);
331  }
332  else if(x_sw <= 8 && x_size >= 8 && z_size >= 16)
333  {
334  bigint_comba_sqr8(z, x);
335  }
336  else if(x_sw == 9 && x_size >= 9 && z_size >= 18)
337  {
338  bigint_comba_sqr9(z, x);
339  }
340  else if(x_sw <= 16 && x_size >= 16 && z_size >= 32)
341  {
342  bigint_comba_sqr16(z, x);
343  }
344  else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace)
345  {
346  basecase_mul(z, x, x_sw, x, x_sw);
347  }
348  else
349  {
350  const size_t N = karatsuba_size(z_size, x_size, x_sw);
351 
352  if(N)
353  karatsuba_sqr(z, x, N, workspace);
354  else
355  basecase_mul(z, x, x_sw, x, x_sw);
356  }
357  }
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::bigint_linmul3
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition: mp_core.cpp:240
Botan::bigint_comba_sqr16
void bigint_comba_sqr16(word z[32], const word x[16])
Definition: mp_comba.cpp:598
Botan::bigint_comba_sqr9
void bigint_comba_sqr9(word z[18], const word x[9])
Definition: mp_comba.cpp:386
Botan::bigint_comba_sqr8
void bigint_comba_sqr8(word z[16], const word x[8])
Definition: mp_comba.cpp:208
Botan::bigint_comba_sqr4
void bigint_comba_sqr4(word z[8], const word x[4])
Definition: mp_comba.cpp:17
Botan::bigint_comba_sqr6
void bigint_comba_sqr6(word z[12], const word x[6])
Definition: mp_comba.cpp:89
word Botan::bigint_sub2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand subtraction

Definition at line 157 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub2(), and word_sub().

Referenced by Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

158  {
159  word borrow = 0;
160 
161  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
162 
163  const size_t blocks = y_size - (y_size % 8);
164 
165  for(size_t i = 0; i != blocks; i += 8)
166  borrow = word8_sub2(x + i, y + i, borrow);
167 
168  for(size_t i = blocks; i != y_size; ++i)
169  x[i] = word_sub(x[i], y[i], &borrow);
170 
171  for(size_t i = y_size; i != x_size; ++i)
172  x[i] = word_sub(x[i], 0, &borrow);
173 
174  return borrow;
175  }
Botan::word8_sub2
word word8_sub2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:311
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::word_sub
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
void Botan::bigint_sub2_rev ( word  x[],
const word  y[],
size_t  y_size 
)

Two operand subtraction, x = y - x; assumes y >= x

Definition at line 180 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub2_rev(), and word_sub().

Referenced by Botan::BigInt::operator-=().

181  {
182  word borrow = 0;
183 
184  const size_t blocks = y_size - (y_size % 8);
185 
186  for(size_t i = 0; i != blocks; i += 8)
187  borrow = word8_sub2_rev(x + i, y + i, borrow);
188 
189  for(size_t i = blocks; i != y_size; ++i)
190  x[i] = word_sub(y[i], x[i], &borrow);
191 
192  BOTAN_ASSERT(!borrow, "y must be greater than x");
193  }
Botan::word8_sub2_rev
word word8_sub2_rev(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:381
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::word_sub
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word Botan::bigint_sub3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand subtraction

Definition at line 198 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub3(), and word_sub().

Referenced by operator+(), Botan::BigInt::operator+=(), and operator-().

200  {
201  word borrow = 0;
202 
203  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
204 
205  const size_t blocks = y_size - (y_size % 8);
206 
207  for(size_t i = 0; i != blocks; i += 8)
208  borrow = word8_sub3(z + i, x + i, y + i, borrow);
209 
210  for(size_t i = blocks; i != y_size; ++i)
211  z[i] = word_sub(x[i], y[i], &borrow);
212 
213  for(size_t i = y_size; i != x_size; ++i)
214  z[i] = word_sub(x[i], 0, &borrow);
215 
216  return borrow;
217  }
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::word_sub
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
Botan::word8_sub3
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:416
u32bit Botan::bit_size_to_32bit_size ( u32bit  bit_size)
inline

Definition at line 50 of file code_based_util.h.

Referenced by generate_mceliece_key(), mceliece_decrypt(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().

51  {
52  return (bit_size - 1) / 32 + 1;
53  }
u32bit Botan::bit_size_to_byte_size ( u32bit  bit_size)
inline

Definition at line 45 of file code_based_util.h.

Referenced by mceliece_decrypt().

46  {
47  return (bit_size - 1) / 8 + 1;
48  }
Botan::BOTAN_REGISTER_COMPRESSION ( LZMA_Compression  ,
LZMA_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Zlib_Compression  ,
Zlib_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Bzip2_Compression  ,
Bzip2_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Gzip_Compression  ,
Gzip_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Deflate_Compression  ,
Deflate_Decompression   
)
Botan::BOTAN_REGISTER_PK_KEY_AGREE_OP ( "ECDH"  ,
ECDH_KA_Operation   
)
Botan::BOTAN_REGISTER_PK_KEY_AGREE_OP ( "ECIES"  ,
ECIES_ECDH_KA_Operation   
)
Botan::BOTAN_REGISTER_PK_KEY_AGREE_OP ( "DH"  ,
DH_KA_Operation   
)

Referenced by Botan::Curve25519_PrivateKey::agree(), Botan::ECDH_PublicKey::ECDH_PublicKey(), and Botan::DH_PrivateKey::public_value().

Botan::BOTAN_REGISTER_PK_SIGNATURE_OP ( "NR"  ,
NR_Signature_Operation   
)
Botan::BOTAN_REGISTER_PK_SIGNATURE_OP ( "GOST-34.10"  ,
GOST_3410_Signature_Operation   
)

Referenced by Botan::NR_PrivateKey::check_key(), Botan::DSA_PrivateKey::check_key(), Botan::RW_PrivateKey::check_key(), Botan::ECKCDSA_PrivateKey::check_key(), Botan::ECGDSA_PrivateKey::check_key(), Botan::ECDSA_PrivateKey::check_key(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

Botan::BOTAN_REGISTER_PK_VERIFY_OP ( "NR"  ,
NR_Verification_Operation   
)
Botan::BOTAN_REGISTER_PK_VERIFY_OP ( "GOST-34.10"  ,
GOST_3410_Verification_Operation   
)

Referenced by Botan::NR_PrivateKey::check_key(), Botan::DSA_PrivateKey::check_key(), Botan::RW_PrivateKey::check_key(), Botan::ECKCDSA_PrivateKey::check_key(), Botan::ECGDSA_PrivateKey::check_key(), Botan::ECDSA_PrivateKey::check_key(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

Botan::BOTAN_REGISTER_TYPE ( PK_Ops::Signature  ,
TPM_Signing_Operation  ,
"RSA"  ,
TPM_Signing_Operation::make  ,
"tpm"  ,
100   
)

Referenced by Botan::TPM_PrivateKey::check_key().

template<typename T >
void Botan::bswap_4 ( x[4])
inline

Swap 4 Ts in an array

Definition at line 112 of file bswap.h.

References reverse_bytes().

Referenced by load_be(), and load_le().

113  {
114  x[0] = reverse_bytes(x[0]);
115  x[1] = reverse_bytes(x[1]);
116  x[2] = reverse_bytes(x[2]);
117  x[3] = reverse_bytes(x[3]);
118  }
Botan::reverse_bytes
u64bit reverse_bytes(u64bit val)
Definition: bswap.h:80
template<typename T , typename Alloc >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const T  input[],
size_t  input_length 
)

Definition at line 113 of file secmem.h.

References copy_mem(), and Botan::CT::min().

Referenced by Botan::MDx_HashFunction::add_data(), Botan::GOST_34_11::clear(), Botan::Poly1305::clear(), Botan::Skein_512::clear(), Botan::DLIES_Encryptor::DLIES_Encryptor(), Botan::ECIES_Encryptor::ECIES_Encryptor(), Botan::OAEP::make(), Botan::EMSA_PKCS1v15::make(), Botan::PSSR::make(), Botan::CMAC::poly_double(), Botan::OFB::set_iv(), Botan::CTR_BE::set_iv(), Botan::Base64_Encoder::write(), and Botan::Hex_Encoder::write().

117  {
118  const size_t to_copy = std::min(input_length, buf.size() - buf_offset);
119  if (to_copy > 0)
120  {
121  copy_mem(&buf[buf_offset], input, to_copy);
122  }
123  return to_copy;
124  }
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::CT::min
T min(T a, T b)
Definition: ct_utils.h:180
template<typename T , typename Alloc , typename Alloc2 >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const std::vector< T, Alloc2 > &  input 
)

Definition at line 127 of file secmem.h.

References copy_mem(), and Botan::CT::min().

130  {
131  const size_t to_copy = std::min(input.size(), buf.size() - buf_offset);
132  if (to_copy > 0)
133  {
134  copy_mem(&buf[buf_offset], input.data(), to_copy);
135  }
136  return to_copy;
137  }
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Botan::CT::min
T min(T a, T b)
Definition: ct_utils.h:180
BOTAN_DLL calendar_point Botan::calendar_value ( const std::chrono::system_clock::time_point &  time_point)

Convert a time_point to a calendar_point

Parameters
time_pointa time point from the system clock
Returns
calendar_point object representing this time point

Definition at line 176 of file calendar.cpp.

Referenced by Botan::calendar_point::calendar_point(), and Botan::X509_Time::X509_Time().

178  {
179  std::tm tm = do_gmtime(std::chrono::system_clock::to_time_t(time_point));
180 
181  return calendar_point(tm.tm_year + 1900,
182  tm.tm_mon + 1,
183  tm.tm_mday,
184  tm.tm_hour,
185  tm.tm_min,
186  tm.tm_sec);
187  }
u64bit Botan::carry_shift ( const donna128 a,
size_t  shift 
)
inline

Definition at line 108 of file donna128.h.

Referenced by combine_lower().

109  {
110  return (a >> shift).lo();
111  }
template<typename T >
size_t Botan::ceil_log2 ( x)

Definition at line 106 of file bit_ops.h.

Referenced by Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), and mceliece_work_factor().

107  {
108  if(x >> (sizeof(T)*8-1))
109  return sizeof(T)*8;
110 
111  size_t result = 0;
112  T compare = 1;
113 
114  while(compare < x)
115  {
116  compare <<= 1;
117  result++;
118  }
119 
120  return result;
121  }
bool BOTAN_DLL Botan::check_bcrypt ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 132 of file bcrypt.cpp.

References same_mem(), and to_u32bit().

Referenced by botan_bcrypt_is_valid().

133  {
134  if(hash.size() != 60 ||
135  hash[0] != '$' || hash[1] != '2' || hash[2] != 'a' ||
136  hash[3] != '$' || hash[6] != '$')
137  {
138  return false;
139  }
140 
141  const u16bit workfactor = to_u32bit(hash.substr(4, 2));
142 
143  const std::vector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22));
144  if(salt.size() != 16)
145  return false;
146 
147  const std::string compare = make_bcrypt(pass, salt, workfactor);
148 
149  return same_mem(hash.data(), compare.data(), compare.size());
150  }
Botan::same_mem
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:73
Botan::u16bit
std::uint16_t u16bit
Definition: types.h:32
Botan::to_u32bit
u32bit to_u32bit(const std::string &str)
Definition: parsing.cpp:18
hash
MechanismType hash
Definition: p11_mechanism.cpp:61
bool BOTAN_DLL Botan::check_passhash9 ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 75 of file passhash9.cpp.

References base64_decode(), Botan::OctetString::bits_of(), Botan::PBKDF::derive_key(), load_be< u16bit >(), same_mem(), and Botan::ASN1::to_string().

76  {
77  const size_t BINARY_LENGTH =
78  ALGID_BYTES +
79  WORKFACTOR_BYTES +
80  PASSHASH9_PBKDF_OUTPUT_LEN +
81  SALT_BYTES;
82 
83  const size_t BASE64_LENGTH =
84  MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;
85 
86  if(hash.size() != BASE64_LENGTH)
87  return false;
88 
89  for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)
90  if(hash[i] != MAGIC_PREFIX[i])
91  return false;
92 
93  secure_vector<byte> bin = base64_decode(hash.c_str() + MAGIC_PREFIX.size());
94 
95  if(bin.size() != BINARY_LENGTH)
96  return false;
97 
98  byte alg_id = bin[0];
99 
100  const size_t work_factor = load_be<u16bit>(&bin[ALGID_BYTES], 0);
101 
102  // Bug in the format, bad states shouldn't be representable, but are...
103  if(work_factor == 0)
104  return false;
105 
106  if(work_factor > 512)
107  throw Invalid_Argument("Requested Bcrypt work factor " +
108  std::to_string(work_factor) + " too large");
109 
110  const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
111 
112  std::unique_ptr<MessageAuthenticationCode> pbkdf_prf = get_pbkdf_prf(alg_id);
113 
114  if(!pbkdf_prf)
115  return false; // unknown algorithm, reject
116 
117  PKCS5_PBKDF2 kdf(pbkdf_prf.release()); // takes ownership of pointer
118 
119  secure_vector<byte> cmp = kdf.derive_key(
120  PASSHASH9_PBKDF_OUTPUT_LEN,
121  pass,
122  &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,
123  kdf_iterations).bits_of();
124 
125  return same_mem(cmp.data(),
126  &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],
127  PASSHASH9_PBKDF_OUTPUT_LEN);
128  }
Botan::base64_decode
size_t base64_decode(byte output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:100
Botan::same_mem
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:73
Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
Botan::load_be< u16bit >
u16bit load_be< u16bit >(const byte in[], size_t off)
Definition: loadstor.h:145
hash
MechanismType hash
Definition: p11_mechanism.cpp:61
Botan::byte
std::uint8_t byte
Definition: types.h:31
bool Botan::check_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 174 of file numthry.h.

References is_prime().

175  { return is_prime(n, rng, 56); }
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:438
BOTAN_DLL PK_Signer * Botan::choose_sig_format ( const Private_Key key,
const std::string &  hash_fn,
AlgorithmIdentifier alg_id 
)

Choose the default signature format for a certain public key signature scheme.

Parameters
keywill be the key to choose a padding scheme for
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

Definition at line 227 of file x509_ca.cpp.

References Botan::Public_Key::algo_name(), Botan::Public_Key::algorithm_identifier(), Botan::HashFunction::create(), DER_SEQUENCE, hash, IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::max_input_bits(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, and Botan::AlgorithmIdentifier::parameters.

Referenced by Botan::X509::create_cert_req(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::X509_CA().

230  {
231  const std::string algo_name = key.algo_name();
232 
233  std::unique_ptr<HashFunction> hash(HashFunction::create(hash_fn));
234  if(!hash)
235  throw Algorithm_Not_Found(hash_fn);
236 
237  if(key.max_input_bits() < hash->output_length() * 8)
238  throw Invalid_Argument("Key is too small for chosen hash function");
239 
240  std::string padding;
241  if(algo_name == "RSA")
242  {
243  padding = "EMSA3";
244  }
245  else if(algo_name == "DSA" || algo_name == "ECDSA" || algo_name == "ECGDSA" || algo_name == "ECKCDSA")
246  {
247  padding = "EMSA1";
248  }
249  else
250  {
251  throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
252  }
253 
254  const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
255 
256  padding = padding + "(" + hash->name() + ")";
257 
258  sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
259  sig_algo.parameters = key.algorithm_identifier().parameters;
260 
261  return new PK_Signer(key, padding, format);
262  }
Botan::Signature_Format
Signature_Format
Definition: pubkey.h:24
Botan::OIDS::lookup
std::string lookup(const OID &oid)
Definition: oids.cpp:155
hash
MechanismType hash
Definition: p11_mechanism.cpp:61
size_t Botan::clamp ( size_t  n,
size_t  lower_bound,
size_t  upper_bound 
)
inline

Clamp

Definition at line 49 of file rounding.h.

50  {
51  if(n < lower_bound)
52  return lower_bound;
53  if(n > upper_bound)
54  return upper_bound;
55  return n;
56  }
std::string Botan::clean_ws ( const std::string &  s)

Definition at line 13 of file read_cfg.cpp.

Referenced by read_cfg().

14  {
15  const char* ws = " \t\n";
16  auto start = s.find_first_not_of(ws);
17  auto end = s.find_last_not_of(ws);
18 
19  if(start == std::string::npos)
20  return "";
21 
22  if(end == std::string::npos)
23  return s.substr(start, end);
24  else
25  return s.substr(start, start + end + 1);
26  }
template<typename T >
void Botan::clear_mem ( T *  ptr,
size_t  n 
)
inline

Zeroize memory

Parameters
ptra pointer to an array
nthe number of Ts pointed to by ptr

Definition at line 29 of file mem_ops.h.

Referenced by Botan::mlock_allocator::allocate(), Botan::secure_allocator< T >::allocate(), aont_package(), base64_decode(), bigint_monty_redc(), bigint_shl1(), bigint_shr1(), Botan::Poly1305::clear(), Botan::GOST_34_11::clear(), hex_decode(), Botan::CPUID::initialize(), Botan::BigInt::mask_bits(), pbkdf2(), redc_p521(), Botan::polyn_gf2m::set_to_zero(), Botan::polyn_gf2m::sqmod_init(), zeroise(), Botan::Zlib_Style_Stream< Stream, ByteType >::Zlib_Style_Stream(), and Botan::Zlib_Style_Stream< Stream, ByteType >::~Zlib_Style_Stream().

30  {
31  if(n > 0)
32  {
33  std::memset(ptr, 0, sizeof(T)*n);
34  }
35  }
u64bit Botan::combine_lower ( const donna128 a,
size_t  s1,
const donna128 b,
size_t  s2 
)
inline

Definition at line 113 of file donna128.h.

References carry_shift(), and Botan::donna128::lo().

115  {
116  donna128 z = (a >> s1) | (b << s2);
117  return z.lo();
118  }
template<typename T >
void Botan::copy_mem ( T *  out,
const T *  in,
size_t  n 
)
inline

Copy memory

Parameters
outthe destination array
inthe source array
nthe number of elements of in/out

Definition at line 43 of file mem_ops.h.

Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), aont_package(), aont_unpackage(), bigint_monty_redc(), bigint_shl1(), bigint_shr1(), botan_cipher_update(), buffer_insert(), Botan::GOST_34_11::clear(), Botan::Comb4P::clear(), Botan::Stream_Compression::clear(), Botan::Stream_Decompression::clear(), Botan::BER_Decoder::decode(), Botan::RC2::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Lion::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Blowfish::eks_key_schedule(), Botan::CryptoBox::encrypt(), Botan::TLS::Stream_Handshake_IO::format(), Botan::CCM_Mode::format_b0(), Botan::CCM_Mode::format_c0(), Botan::TLS::Datagram_Handshake_IO::get_next_record(), Botan::X942_PRF::kdf(), Botan::KDF1::kdf(), Botan::KDF1_18033::kdf(), Botan::KDF2::kdf(), Botan::HKDF::kdf(), Botan::CBC_MAC::make(), mceies_encrypt(), mceliece_decrypt(), operator+=(), operator^(), Botan::PKCS5_PBKDF1::pbkdf(), Botan::DataSource_Memory::peek(), Botan::CMAC::poly_double(), Botan::ANSI_X931_RNG::randomize(), Botan::HMAC_RNG::randomize(), Botan::HMAC_DRBG::randomize_with_input(), Botan::DataSource_Memory::read(), rfc3394_keyunwrap(), rfc3394_keywrap(), Botan::GCM_Mode::set_associated_data(), Botan::OCB_Mode::set_associated_data(), Botan::polyn_gf2m::sqmod_init(), unlock(), Botan::CFB_Encryption::update(), Botan::CFB_Decryption::update(), Botan::CBC_Decryption::update(), Botan::XTS_Mode::valid_nonce_length(), Botan::Buffered_Filter::write(), Botan::Base64_Encoder::write(), Botan::Hex_Encoder::write(), Botan::Hex_Decoder::write(), Botan::Base64_Decoder::write(), and Botan::TLS::write_record().

44  {
45  if(n > 0)
46  {
47  std::memmove(out, in, sizeof(T)*n);
48  }
49  }
template<typename T >
void Botan::copy_out_be ( byte  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 665 of file loadstor.h.

References get_byte(), and store_be().

Referenced by copy_out_vec_be().

666  {
667  while(out_bytes >= sizeof(T))
668  {
669  store_be(in[0], out);
670  out += sizeof(T);
671  out_bytes -= sizeof(T);
672  in += 1;
673  }
674 
675  for(size_t i = 0; i != out_bytes; ++i)
676  out[i] = get_byte(i%8, in[0]);
677  }
Botan::get_byte
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
Botan::store_be
void store_be(byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:651
template<typename T >
void Botan::copy_out_le ( byte  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 686 of file loadstor.h.

References get_byte(), and store_le().

Referenced by copy_out_vec_le().

687  {
688  while(out_bytes >= sizeof(T))
689  {
690  store_le(in[0], out);
691  out += sizeof(T);
692  out_bytes -= sizeof(T);
693  in += 1;
694  }
695 
696  for(size_t i = 0; i != out_bytes; ++i)
697  out[i] = get_byte(sizeof(T) - 1 - (i % 8), in[0]);
698  }
Botan::store_le
void store_le(byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:625
Botan::get_byte
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
template<typename T , typename Alloc >
void Botan::copy_out_vec_be ( byte  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 680 of file loadstor.h.

References copy_out_be().

Referenced by Botan::SHA_224::clear(), and Botan::SHA_160::copy_out().

681  {
682  copy_out_be(out, out_bytes, in.data());
683  }
Botan::copy_out_be
void copy_out_be(byte out[], size_t out_bytes, const T in[])
Definition: loadstor.h:665
template<typename T , typename Alloc >
void Botan::copy_out_vec_le ( byte  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 701 of file loadstor.h.

References copy_out_le().

Referenced by Botan::Skein_512::clear(), Botan::MD4::copy_out(), Botan::MD5::copy_out(), Botan::RIPEMD_128_F::F4(), and Botan::HAS_160_F::F4().

702  {
703  copy_out_le(out, out_bytes, in.data());
704  }
Botan::copy_out_le
void copy_out_le(byte out[], size_t out_bytes, const T in[])
Definition: loadstor.h:686
BOTAN_DLL AlternativeName Botan::create_alt_name ( const Data_Store info)

Definition at line 675 of file x509cert.cpp.

References Botan::AlternativeName::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::PKCS10_Request::subject_alt_name().

676  {
677  auto names = info.search_for(
678  [](const std::string& key, const std::string&)
679  {
680  return (key == "RFC822" ||
681  key == "DNS" ||
682  key == "URI" ||
683  key == "IP");
684  });
685 
686  AlternativeName alt_name;
687 
688  for(auto i = names.begin(); i != names.end(); ++i)
689  alt_name.add_attribute(i->first, i->second);
690 
691  return alt_name;
692  }
BOTAN_DLL X509_DN Botan::create_dn ( const Data_Store info)

Definition at line 656 of file x509cert.cpp.

References Botan::X509_DN::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::X509_CRL::issuer_dn(), Botan::X509_Certificate::issuer_dn(), Botan::PKCS10_Request::subject_dn(), and Botan::X509_Certificate::subject_dn().

657  {
658  auto names = info.search_for(
659  [](const std::string& key, const std::string&)
660  {
661  return (key.find("X520.") != std::string::npos);
662  });
663 
664  X509_DN dn;
665 
666  for(auto i = names.begin(); i != names.end(); ++i)
667  dn.add_attribute(i->first, i->second);
668 
669  return dn;
670  }
BigInt BOTAN_DLL Botan::ct_inverse_mod_odd_modulus ( const BigInt n,
const BigInt mod 
)

Const time modular inversion Requires the modulus be odd

Definition at line 153 of file numthry.cpp.

References bigint_cnd_abs(), bigint_cnd_add(), bigint_cnd_sub(), bigint_cnd_swap(), bigint_shr1(), Botan::BigInt::bits(), BOTAN_ASSERT, Botan::BigInt::data(), Botan::BigInt::get_word_vector(), Botan::BigInt::grow_to(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::CT::poison(), Botan::BigInt::sig_words(), and Botan::CT::unpoison().

Referenced by abs(), and inverse_mod().

154  {
155  if(n.is_negative() || mod.is_negative())
156  throw Invalid_Argument("ct_inverse_mod_odd_modulus: arguments must be non-negative");
157  if(mod < 3 || mod.is_even())
158  throw Invalid_Argument("Bad modulus to ct_inverse_mod_odd_modulus");
159 
160  /*
161  This uses a modular inversion algorithm designed by Niels Möller
162  and implemented in Nettle. The same algorithm was later also
163  adapted to GMP in mpn_sec_invert.
164 
165  It can be easily implemented in a way that does not depend on
166  secret branches or memory lookups, providing resistance against
167  some forms of side channel attack.
168 
169  There is also a description of the algorithm in Appendix 5 of "Fast
170  Software Polynomial Multiplication on ARM Processors using the NEON Engine"
171  by Danilo Câmara, Conrado P. L. Gouvêa, Julio López, and Ricardo
172  Dahab in LNCS 8182
173  http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
174 
175  Thanks to Niels for creating the algorithm, explaining some things
176  about it, and the reference to the paper.
177  */
178 
179  // todo allow this to be pre-calculated and passed in as arg
180  BigInt mp1o2 = (mod + 1) >> 1;
181 
182  const size_t mod_words = mod.sig_words();
183  BOTAN_ASSERT(mod_words > 0, "Not empty");
184 
185  BigInt a = n;
186  BigInt b = mod;
187  BigInt u = 1, v = 0;
188 
189  a.grow_to(mod_words);
190  u.grow_to(mod_words);
191  v.grow_to(mod_words);
192  mp1o2.grow_to(mod_words);
193 
194  secure_vector<word>& a_w = a.get_word_vector();
195  secure_vector<word>& b_w = b.get_word_vector();
196  secure_vector<word>& u_w = u.get_word_vector();
197  secure_vector<word>& v_w = v.get_word_vector();
198 
199  CT::poison(a_w.data(), a_w.size());
200  CT::poison(b_w.data(), b_w.size());
201  CT::poison(u_w.data(), u_w.size());
202  CT::poison(v_w.data(), v_w.size());
203 
204  // Only n.bits() + mod.bits() iterations are required, but avoid leaking the size of n
205  size_t bits = 2 * mod.bits();
206 
207  while(bits--)
208  {
209  /*
210  const word odd = a.is_odd();
211  a -= odd * b;
212  const word underflow = a.is_negative();
213  b += a * underflow;
214  a.set_sign(BigInt::Positive);
215 
216  a >>= 1;
217 
218  if(underflow)
219  {
220  std::swap(u, v);
221  }
222 
223  u -= odd * v;
224  u += u.is_negative() * mod;
225 
226  const word odd_u = u.is_odd();
227 
228  u >>= 1;
229  u += mp1o2 * odd_u;
230  */
231 
232  const word odd_a = a_w[0] & 1;
233 
234  //if(odd_a) a -= b
235  word underflow = bigint_cnd_sub(odd_a, a_w.data(), b_w.data(), mod_words);
236 
237  //if(underflow) { b -= a; a = abs(a); swap(u, v); }
238  bigint_cnd_add(underflow, b_w.data(), a_w.data(), mod_words);
239  bigint_cnd_abs(underflow, a_w.data(), mod_words);
240  bigint_cnd_swap(underflow, u_w.data(), v_w.data(), mod_words);
241 
242  // a >>= 1
243  bigint_shr1(a_w.data(), mod_words, 0, 1);
244 
245  //if(odd_a) u -= v;
246  word borrow = bigint_cnd_sub(odd_a, u_w.data(), v_w.data(), mod_words);
247 
248  // if(borrow) u += p
249  bigint_cnd_add(borrow, u_w.data(), mod.data(), mod_words);
250 
251  const word odd_u = u_w[0] & 1;
252 
253  // u >>= 1
254  bigint_shr1(u_w.data(), mod_words, 0, 1);
255 
256  //if(odd_u) u += mp1o2;
257  bigint_cnd_add(odd_u, u_w.data(), mp1o2.data(), mod_words);
258  }
259 
260  CT::unpoison(a_w.data(), a_w.size());
261  CT::unpoison(b_w.data(), b_w.size());
262  CT::unpoison(u_w.data(), u_w.size());
263  CT::unpoison(v_w.data(), v_w.size());
264 
265  BOTAN_ASSERT(a.is_zero(), "A is zero");
266 
267  if(b != 1)
268  return 0;
269 
270  return v;
271  }
Botan::bigint_shr1
void bigint_shr1(word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:281
Botan::CT::poison
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
Botan::bigint_cnd_sub
word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.cpp:61
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
Botan::bigint_cnd_add
word bigint_cnd_add(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.cpp:39
Botan::bigint_cnd_abs
void bigint_cnd_abs(word cnd, word x[], size_t size)
Definition: mp_core.cpp:75
Botan::bigint_cnd_swap
void bigint_cnd_swap(word cnd, word x[], word y[], size_t size)
Definition: mp_core.cpp:22
Botan::CT::unpoison
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57
template<typename T >
size_t Botan::ctz ( n)
inline

Count the trailing zero bits in n

Parameters
nan integer value
Returns
maximum x st 2^x divides n

Definition at line 97 of file bit_ops.h.

Referenced by low_zero_bits().

98  {
99  for(size_t i = 0; i != 8*sizeof(T); ++i)
100