Botan  2.7.0
Crypto and TLS for C++11
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

 ARIA_F
 
 ASN1
 
 Camellia_F
 
 Cert_Extension
 
 Charset
 
 CryptoBox
 
 CT
 
 FPE
 
 HTTP
 
 KeyPair
 
 OCSP
 
 OIDS
 
 OS
 
 PEM_Code
 
 PK_Ops
 
 PKCS11
 
 PKCS8
 
 PKIX
 
 SHA1_F
 
 SHA1_SSE2_F
 
 stlCompatibilityDetails
 
 TLS
 
 X509
 

Classes

class  Adler32
 
class  AEAD_Filter
 
class  AEAD_Mode
 
class  AES_128
 
class  AES_192
 
class  AES_256
 
class  Algorithm_Not_Found
 
class  AlgorithmIdentifier
 
class  Allocator_Initializer
 
class  AlternativeName
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  ARIA_128
 
class  ARIA_192
 
class  ARIA_256
 
class  ASN1_Formatter
 
class  ASN1_Object
 
class  ASN1_Pretty_Printer
 
class  ASN1_String
 
class  Atomic
 
class  Attribute
 
class  AutoSeeded_RNG
 
class  Barrier
 
class  Base64_Decoder
 
class  Base64_Encoder
 
class  BearSSL_Error
 
class  BER_Bad_Tag
 
class  BER_Decoder
 
class  BER_Decoding_Error
 
class  BER_Object
 
class  BigInt
 
class  BitBucket
 
class  Blake2b
 
class  Blinded_Point_Multiply
 
class  Blinder
 
class  Block_Cipher_Fixed_Params
 
class  BlockCipher
 
class  BlockCipherModePaddingMethod
 
class  Blowfish
 
class  Buffered_Computation
 
class  Buffered_Filter
 
class  Bzip2_Compression
 
class  Bzip2_Decompression
 
class  calendar_point
 
class  Camellia_128
 
class  Camellia_192
 
class  Camellia_256
 
class  Cascade_Cipher
 
class  CAST_128
 
class  CAST_256
 
class  CBC_Decryption
 
class  CBC_Encryption
 
class  CBC_MAC
 
class  CBC_Mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  CECPQ1_key
 
class  Certificate_Extension
 
class  Certificate_Store
 
class  Certificate_Store_In_Memory
 
class  Certificate_Store_In_SQL
 
class  Certificate_Store_In_SQLite
 
class  CFB_Decryption
 
class  CFB_Encryption
 
class  CFB_Mode
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  ChaCha_RNG
 
class  Chain
 
class  Cipher_Mode
 
class  Cipher_Mode_Filter
 
class  CMAC
 
class  Comb4P
 
class  Compression_Algorithm
 
class  Compression_Alloc_Info
 
class  Compression_Stream
 
class  CPUID
 
class  CRC24
 
class  CRC32
 
class  Credentials_Manager
 
class  CRL_Entry
 
class  CTR_BE
 
class  CTS_Decryption
 
class  CTS_Encryption
 
class  Curve25519_PrivateKey
 
class  Curve25519_PublicKey
 
class  CurveGFp
 
class  CurveGFp_Repr
 
class  Darwin_SecRandom
 
class  Data_Store
 
class  DataSink
 
class  DataSink_Stream
 
class  DataSource
 
class  DataSource_Memory
 
class  DataSource_Stream
 
class  Decoding_Error
 
class  Decompression_Algorithm
 
class  Deflate_Compression
 
class  Deflate_Decompression
 
class  DER_Encoder
 
class  DES
 
class  DESX
 
class  Device_EntropySource
 
class  DH_PrivateKey
 
class  DH_PublicKey
 
class  DL_Group
 
class  DL_Scheme_PrivateKey
 
class  DL_Scheme_PublicKey
 
class  DLIES_Decryptor
 
class  DLIES_Encryptor
 
class  donna128
 
class  DSA_PrivateKey
 
class  DSA_PublicKey
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  EC_Group
 
class  EC_PrivateKey
 
class  EC_PublicKey
 
class  ECDH_PrivateKey
 
class  ECDH_PublicKey
 
class  ECDSA_PrivateKey
 
class  ECDSA_PublicKey
 
class  ECGDSA_PrivateKey
 
class  ECGDSA_PublicKey
 
class  ECIES_Decryptor
 
class  ECIES_Encryptor
 
class  ECIES_KA_Operation
 
class  ECIES_KA_Params
 
class  ECIES_System_Params
 
class  ECKCDSA_PrivateKey
 
class  ECKCDSA_PublicKey
 
class  Ed25519_PrivateKey
 
class  Ed25519_PublicKey
 
class  ElGamal_PrivateKey
 
class  ElGamal_PublicKey
 
class  EME
 
class  EME_PKCS1v15
 
class  EME_Raw
 
class  EMSA
 
class  EMSA1
 
class  EMSA_PKCS1v15
 
class  EMSA_PKCS1v15_Raw
 
class  EMSA_Raw
 
class  EMSA_X931
 
class  Encoding_Error
 
class  Encrypted_PSK_Database
 
class  Encrypted_PSK_Database_SQL
 
class  Entropy_Source
 
class  Entropy_Sources
 
class  ESP_Padding
 
class  Exception
 
class  Extensions
 
class  Fanout_Filter
 
class  FE_25519
 
class  File_Descriptor_Source
 
class  Filter
 
class  Fixed_Base_Power_Mod
 
class  Fixed_Exponent_Power_Mod
 
class  Fixed_Window_Exponentiator
 
class  Fork
 
class  FPE_FE1
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
struct  ge_p3
 
class  GeneralName
 X.509 GeneralName Type. More...
 
class  GeneralSubtree
 A single Name Constraint. More...
 
class  Getentropy
 
class  GF2m_Field
 
class  GHASH
 
class  GMAC
 
class  GOST_28147_89
 
class  GOST_28147_89_Params
 
class  GOST_3410_PrivateKey
 
class  GOST_3410_PublicKey
 
class  GOST_34_11
 
class  Gzip_Compression
 
class  Gzip_Decompression
 
class  Hardware_RNG
 
class  HashFunction
 
class  Hex_Decoder
 
class  Hex_Encoder
 
class  HKDF
 
class  HKDF_Expand
 
class  HKDF_Extract
 
class  HMAC
 
class  HMAC_DRBG
 
class  HOTP
 
class  IDEA
 
class  Illegal_Point
 
class  Illegal_Transformation
 
class  Integer_Overflow_Detected
 
class  Integrity_Failure
 
class  Intel_Rdrand
 
class  Intel_Rdseed
 
class  Internal_Error
 
class  Invalid_Algorithm_Name
 
class  Invalid_Argument
 
class  Invalid_IV_Length
 
class  Invalid_Key_Length
 
class  Invalid_OID
 
class  Invalid_State
 
class  ISO_9796_DS2
 
class  ISO_9796_DS3
 
class  KASUMI
 
class  KDF
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 
class  Key_Length_Specification
 
class  Key_Not_Set
 
class  Keyed_Filter
 
class  LibraryInitializer
 
class  Lion
 
class  lock_guard
 
class  Lookup_Error
 
class  LZMA_Compression
 
class  LZMA_Decompression
 
class  McEliece_PrivateKey
 
class  McEliece_PublicKey
 
class  MD4
 
class  MD5
 
class  MDx_HashFunction
 
class  Memory_Pool
 
class  MessageAuthenticationCode
 
class  MISTY1
 
class  mlock_allocator
 
class  Modular_Exponentiator
 
class  Modular_Reducer
 
class  Montgomery_Exponentiator
 
class  Montgomery_Int
 
class  Montgomery_Params
 
class  NameConstraints
 Name Constraints. More...
 
class  newhope_poly
 
class  No_Filesystem_Access
 
class  No_Provider_Found
 
class  Noekeon
 
class  noop_mutex
 
class  Not_Implemented
 
class  Null_Padding
 
class  Null_RNG
 
class  OAEP
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  OctetString
 
class  OFB
 
class  OID
 
class  OneAndZeros_Padding
 
class  OpenPGP_S2K
 
class  OpenSSL_Error
 
class  Output_Buffers
 
class  Parallel
 
class  Path_Validation_Restrictions
 
class  Path_Validation_Result
 
class  PBKDF
 
class  Pipe
 
class  PK_Decryptor
 
class  PK_Decryptor_EME
 
class  PK_Encryptor
 
class  PK_Encryptor_EME
 
class  PK_KEM_Decryptor
 
class  PK_KEM_Encryptor
 
class  PK_Key_Agreement
 
class  PK_Key_Agreement_Key
 
class  PK_Signer
 
class  PK_Verifier
 
class  PKCS10_Request
 
class  PKCS5_PBKDF1
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
class  PKCS8_Exception
 
class  PointGFp
 
class  PointGFp_Base_Point_Precompute
 
class  PointGFp_Multi_Point_Precompute
 
class  PointGFp_Var_Point_Precompute
 
class  Policy_Violation
 
class  Poly1305
 
class  polyn_gf2m
 
class  Power_Mod
 
class  Private_Key
 
class  PRNG_Unseeded
 
class  ProcWalking_EntropySource
 
class  Provider_Not_Found
 
class  PSK_Database
 
class  PSSR
 
class  PSSR_Raw
 
class  Public_Key
 
class  RandomNumberGenerator
 
class  RC4
 
class  RDRAND_RNG
 
class  RFC6979_Nonce_Generator
 
class  RIPEMD_160
 
class  RSA_PrivateKey
 
class  RSA_PublicKey
 
class  RTSS_Share
 
class  Salsa20
 
class  SCAN_Name
 
class  Scrypt_Params
 
class  secure_allocator
 
class  SecureQueue
 
class  SEED
 
class  Self_Test_Failure
 
class  Semaphore
 
class  Serpent
 
class  SHA_160
 
class  SHA_224
 
class  SHA_256
 
class  SHA_3
 
class  SHA_384
 
class  SHA_3_224
 
class  SHA_3_256
 
class  SHA_3_384
 
class  SHA_3_512
 
class  SHA_512
 
class  SHA_512_256
 
class  SHACAL2
 
class  SHAKE_128
 
class  SHAKE_128_Cipher
 
class  SHAKE_256
 
class  SIMD_4x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  Skein_512
 
class  SM2_Encryption_PrivateKey
 
class  SM2_Encryption_PublicKey
 
class  SM2_Signature_PrivateKey
 
class  SM2_Signature_PublicKey
 
class  SM3
 
class  SM4
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56A_Hash
 
class  SP800_56A_HMAC
 
class  SP800_56C
 
class  SQL_Database
 
class  Sqlite3_Database
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_Compression
 
class  Stream_Decompression
 
class  Stream_IO_Error
 
class  StreamCipher
 
class  Streebog
 
class  Streebog_256
 
class  Streebog_512
 
class  SymmetricAlgorithm
 
class  System_RNG
 
class  Threefish_512
 
class  Tiger
 
class  TLS_12_PRF
 
class  TLS_PRF
 
class  TOTP
 
class  TPM_Context
 
class  TPM_Error
 
class  TPM_PrivateKey
 
class  TPM_RNG
 
class  TripleDES
 
class  Twofish
 
class  Unsupported_Argument
 
class  UUID
 
class  Whirlpool
 
class  Win32_EntropySource
 
class  X509_CA
 
class  X509_Cert_Options
 
class  X509_Certificate
 
class  X509_CRL
 
class  X509_DN
 
class  X509_Object
 
class  X509_Time
 
class  X942_PRF
 
class  XMSS_Address
 
class  XMSS_Common_Ops
 
class  XMSS_Hash
 
class  XMSS_Index_Registry
 
class  XMSS_Key_Pair
 
class  XMSS_Parameters
 
class  XMSS_PrivateKey
 
class  XMSS_PublicKey
 
class  XMSS_Signature
 
class  XMSS_Signature_Operation
 
class  XMSS_Tools
 
class  XMSS_Verification_Operation
 
class  XMSS_WOTS_Addressed_PrivateKey
 
class  XMSS_WOTS_Addressed_PublicKey
 
class  XMSS_WOTS_Parameters
 
class  XMSS_WOTS_PrivateKey
 
class  XMSS_WOTS_PublicKey
 
class  XTEA
 
class  XTS_Decryption
 
class  XTS_Encryption
 
class  XTS_Mode
 
class  Zlib_Compression
 
class  Zlib_Decompression
 
class  Zlib_Style_Stream
 

Typedefs

typedef X509_Time ASN1_Time
 
using byte = std::uint8_t
 
typedef std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
 
typedef EC_Group EC_Domain_Params
 
typedef FE_25519 fe
 
typedef uint16_t gf2m
 
using InitializationVector = OctetString
 
template<typename T >
using lock_guard_type = lock_guard< T >
 
typedef MessageAuthenticationCode MAC
 
typedef noop_mutex mutex_type
 
typedef PK_Key_Agreement_Key PK_KA_Key
 
typedef Private_Key PKCS8_PrivateKey
 
typedef newhope_poly poly
 
typedef RandomNumberGenerator RNG
 
typedef PBKDF S2K
 
using s32bit = std::int32_t
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T > >
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T > >
 
template<typename T >
using SecureVector = secure_vector< T >
 
typedef SHA_160 SHA_1
 
typedef SIMD_4x32 SIMD_32
 
using SymmetricKey = OctetString
 
typedef Cipher_Mode_Filter Transform_Filter
 
typedef Transform_Filter Transformation_Filter
 
using u16bit = std::uint16_t
 
using u32bit = std::uint32_t
 
using u64bit = std::uint64_t
 
typedef std::vector< secure_vector< uint8_t > > wots_keysig_t
 
typedef Public_Key X509_PublicKey
 

Enumerations

enum  { SM3_BLOCK_BYTES = 64, SM3_DIGEST_BYTES = 32 }
 
enum  ASN1_Tag : uint32_t {
  UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, CONSTRUCTED = 0x20,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC, EOC = 0x00, BOOLEAN = 0x01, INTEGER = 0x02,
  BIT_STRING = 0x03, OCTET_STRING = 0x04, NULL_TAG = 0x05, OBJECT_ID = 0x06,
  ENUMERATED = 0x0A, SEQUENCE = 0x10, SET = 0x11, UTF8_STRING = 0x0C,
  NUMERIC_STRING = 0x12, PRINTABLE_STRING = 0x13, T61_STRING = 0x14, IA5_STRING = 0x16,
  VISIBLE_STRING = 0x1A, UNIVERSAL_STRING = 0x1C, BMP_STRING = 0x1E, UTC_TIME = 0x17,
  GENERALIZED_TIME = 0x18, UTC_OR_GENERALIZED_TIME = 0x19, NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01
}
 
enum  Certificate_Status_Code {
  Certificate_Status_Code::OK = 0, Certificate_Status_Code::VERIFIED = 0, Certificate_Status_Code::OCSP_RESPONSE_GOOD = 1, Certificate_Status_Code::OCSP_SIGNATURE_OK = 2,
  Certificate_Status_Code::VALID_CRL_CHECKED = 3, Certificate_Status_Code::OCSP_NO_HTTP = 4, Certificate_Status_Code::FIRST_WARNING_STATUS = 500, Certificate_Status_Code::CERT_SERIAL_NEGATIVE = 500,
  Certificate_Status_Code::DN_TOO_LONG = 501, Certificate_Status_Code::OSCP_NO_REVOCATION_URL = 502, Certificate_Status_Code::OSCP_SERVER_NOT_AVAILABLE = 503, Certificate_Status_Code::FIRST_ERROR_STATUS = 1000,
  Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK = 1000, Certificate_Status_Code::UNTRUSTED_HASH = 1001, Certificate_Status_Code::NO_REVOCATION_DATA = 1002, Certificate_Status_Code::NO_MATCHING_CRLDP = 1003,
  Certificate_Status_Code::CERT_NOT_YET_VALID = 2000, Certificate_Status_Code::CERT_HAS_EXPIRED = 2001, Certificate_Status_Code::OCSP_NOT_YET_VALID = 2002, Certificate_Status_Code::OCSP_HAS_EXPIRED = 2003,
  Certificate_Status_Code::CRL_NOT_YET_VALID = 2004, Certificate_Status_Code::CRL_HAS_EXPIRED = 2005, Certificate_Status_Code::CERT_ISSUER_NOT_FOUND = 3000, Certificate_Status_Code::CANNOT_ESTABLISH_TRUST = 3001,
  Certificate_Status_Code::CERT_CHAIN_LOOP = 3002, Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT = 3003, Certificate_Status_Code::CHAIN_NAME_MISMATCH = 3004, Certificate_Status_Code::POLICY_ERROR = 4000,
  Certificate_Status_Code::INVALID_USAGE = 4001, Certificate_Status_Code::CERT_CHAIN_TOO_LONG = 4002, Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER = 4003, Certificate_Status_Code::NAME_CONSTRAINT_ERROR = 4004,
  Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER = 4005, Certificate_Status_Code::OCSP_CERT_NOT_LISTED = 4006, Certificate_Status_Code::OCSP_BAD_STATUS = 4007, Certificate_Status_Code::CERT_NAME_NOMATCH = 4008,
  Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION = 4009, Certificate_Status_Code::DUPLICATE_CERT_EXTENSION = 4010, Certificate_Status_Code::OCSP_SIGNATURE_ERROR = 4501, Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND = 4502,
  Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE = 4503, Certificate_Status_Code::OCSP_RESPONSE_INVALID = 4504, Certificate_Status_Code::EXT_IN_V1_V2_CERT = 4505, Certificate_Status_Code::DUPLICATE_CERT_POLICY = 4506,
  Certificate_Status_Code::CERT_IS_REVOKED = 5000, Certificate_Status_Code::CRL_BAD_SIGNATURE = 5001, Certificate_Status_Code::SIGNATURE_ERROR = 5002, Certificate_Status_Code::CERT_PUBKEY_INVALID = 5003,
  Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN = 5004, Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS = 5005
}
 
enum  Character_Set { LOCAL_CHARSET, UCS2_CHARSET, UTF8_CHARSET, LATIN1_CHARSET }
 
enum  Cipher_Dir : int { ENCRYPTION, DECRYPTION }
 
enum  CRL_Code : uint32_t {
  UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, AFFILIATION_CHANGED = 3,
  SUPERSEDED = 4, CESSATION_OF_OPERATION = 5, CERTIFICATE_HOLD = 6, REMOVE_FROM_CRL = 8,
  PRIVLEDGE_WITHDRAWN = 9, AA_COMPROMISE = 10, DELETE_CRL_ENTRY = 0xFF00, OCSP_GOOD = 0xFF01,
  OCSP_UNKNOWN = 0xFF02
}
 
enum  Decoder_Checking { NONE, IGNORE_WS, FULL_CHECK }
 
enum  EC_Group_Encoding { EC_DOMPAR_ENC_EXPLICIT = 0, EC_DOMPAR_ENC_IMPLICITCA = 1, EC_DOMPAR_ENC_OID = 2 }
 
enum  ECIES_Flags : uint32_t {
  ECIES_Flags::NONE = 0, ECIES_Flags::SINGLE_HASH_MODE = 1, ECIES_Flags::COFACTOR_MODE = 2, ECIES_Flags::OLD_COFACTOR_MODE = 4,
  ECIES_Flags::CHECK_MODE = 8
}
 
enum  Key_Constraints {
  NO_CONSTRAINTS = 0, DIGITAL_SIGNATURE = 1 << 15, NON_REPUDIATION = 1 << 14, KEY_ENCIPHERMENT = 1 << 13,
  DATA_ENCIPHERMENT = 1 << 12, KEY_AGREEMENT = 1 << 11, KEY_CERT_SIGN = 1 << 10, CRL_SIGN = 1 << 9,
  ENCIPHER_ONLY = 1 << 8, DECIPHER_ONLY = 1 << 7
}
 
enum  Newhope_Mode { Newhope_Mode::SHA3, Newhope_Mode::BoringSSL }
 
enum  Newhope_Params {
  NEWHOPE_SENDABYTES = 1824, NEWHOPE_SENDBBYTES = 2048, NEWHOPE_OFFER_BYTES = 1824, NEWHOPE_ACCEPT_BYTES = 2048,
  NEWHOPE_SHARED_KEY_BYTES = 32, NEWHOPE_SEED_BYTES = 32, NEWHOPE_POLY_BYTES = 1792, CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
  CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32, CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
}
 
enum  Signature_Format { IEEE_1363, DER_SEQUENCE }
 
enum  TPM_Storage_Type { TPM_Storage_Type::User, TPM_Storage_Type::System }
 
enum  Usage_Type {
  Usage_Type::UNSPECIFIED, Usage_Type::TLS_SERVER_AUTH, Usage_Type::TLS_CLIENT_AUTH, Usage_Type::CERTIFICATE_AUTHORITY,
  Usage_Type::OCSP_RESPONDER
}
 
enum  X509_Encoding { RAW_BER, PEM }
 

Functions

BigInt abs (const BigInt &n)
 
BOTAN_MALLOC_FN void * allocate_memory (size_t elems, size_t elem_size)
 
size_t almost_montgomery_inverse (BigInt &result, const BigInt &a, const BigInt &p)
 
void aont_package (RandomNumberGenerator &rng, BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
void aont_unpackage (BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
std::string asn1_class_to_string (ASN1_Tag type)
 
std::string asn1_tag_to_string (ASN1_Tag type)
 
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
size_t base32_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > base32_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base32_decode (const std::string &input, bool ignore_ws)
 
template<typename Alloc >
std::string base32_encode (const std::vector< uint8_t, Alloc > &input)
 
size_t base32_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
std::string base32_encode (const uint8_t input[], size_t input_length)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const std::string &input, bool ignore_ws)
 
size_t base64_decode_max_output (size_t input_length)
 
size_t base64_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base64_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base64_encode (const uint8_t input[], size_t input_length)
 
size_t base64_encode_max_output (size_t input_length)
 
template<typename Base >
size_t base_decode (Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
 
template<class Base >
size_t base_encode (Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
int32_t bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_abs (word cnd, word x[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
void bigint_cnd_addsub (word mask, word x[], const word y[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul24 (word z[48], const word x[24], const word y[24])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word z[32], const word x[16])
 
void bigint_comba_sqr24 (word z[48], const word x[24])
 
void bigint_comba_sqr4 (word z[8], const word x[4])
 
void bigint_comba_sqr6 (word z[12], const word x[6])
 
void bigint_comba_sqr8 (word z[16], const word x[8])
 
void bigint_comba_sqr9 (word z[18], const word x[9])
 
word bigint_divop (word n1, word n0, word d)
 
void bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[], size_t ws_size)
 
void bigint_monty_redc_16 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_16 (word z[], const word p[16], word p_dash, word ws[])
 
void bigint_monty_redc_24 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_24 (word z[], const word p[24], word p_dash, word ws[])
 
void bigint_monty_redc_32 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_32 (word z[], const word p[32], word p_dash, word ws[])
 
void bigint_monty_redc_4 (word z[], const word p[4], word p_dash, word ws[])
 
void bigint_monty_redc_4 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_6 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_6 (word z[], const word p[6], word p_dash, word ws[])
 
void bigint_monty_redc_8 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_8 (word z[], const word p[8], word p_dash, word ws[])
 
void bigint_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
 
void bigint_shl1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_sub_abs (word z[], const word x[], const word y[], size_t N, word ws[])
 
uint32_t bit_size_to_32bit_size (uint32_t bit_size)
 
uint32_t bit_size_to_byte_size (uint32_t bit_size)
 
template<typename T >
void bswap_4 (T x[4])
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
 
template<size_t S, int64_t MUL = 1>
void carry (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int32_t &h0, int32_t &h1)
 
uint64_t carry_shift (const donna128 &a, size_t shift)
 
const uint8_t * cast_char_ptr_to_uint8 (const char *s)
 
uint8_t * cast_char_ptr_to_uint8 (char *s)
 
const char * cast_uint8_ptr_to_char (const uint8_t *b)
 
char * cast_uint8_ptr_to_char (uint8_t *b)
 
void CECPQ1_accept (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], uint8_t send[CECPQ1_ACCEPT_BYTES], const uint8_t received[CECPQ1_OFFER_BYTES], RandomNumberGenerator &rng)
 
void CECPQ1_accept (uint8_t *shared_key, uint8_t *accept_message, const uint8_t *offer_message, RandomNumberGenerator &rng)
 
void CECPQ1_finish (uint8_t *shared_key, const CECPQ1_key &offer_key, const uint8_t *accept_message)
 
void CECPQ1_finish (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], const CECPQ1_key &offer_key, const uint8_t received[CECPQ1_ACCEPT_BYTES])
 
void CECPQ1_offer (uint8_t send[CECPQ1_OFFER_BYTES], CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
void CECPQ1_offer (uint8_t *offer_message, CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
template<typename T >
size_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &pass, const std::string &hash)
 
bool check_passhash9 (const std::string &pass, const std::string &hash)
 
bool check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
size_t checked_add (size_t x, size_t y, const char *file, int line)
 
PK_Signerchoose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
PK_Signerchoose_sig_format (const Private_Key &key, const std::map< std::string, std::string > &opts, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
 
std::string clean_ws (const std::string &s)
 
void clear_bytes (void *ptr, size_t bytes)
 
template<typename T >
void clear_mem (T *ptr, size_t n)
 
uint64_t combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
bool constant_time_compare (const uint8_t x[], const uint8_t y[], size_t len)
 
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
AlternativeName create_alt_name (const Data_Store &info)
 
X509_DN create_dn (const Data_Store &info)
 
std::string create_hex_fingerprint (const uint8_t bits[], size_t bits_len, const std::string &hash_name)
 
template<typename Alloc >
std::string create_hex_fingerprint (const std::vector< uint8_t, Alloc > &vec, const std::string &hash_name)
 
std::unique_ptr< Private_Keycreate_private_key (const std::string &alg_name, RandomNumberGenerator &rng, const std::string &params, const std::string &provider)
 
BigInt ct_inverse_mod_odd_modulus (const BigInt &n, const BigInt &mod)
 
template<typename T >
size_t ctz (T n)
 
void curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32])
 
void curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
void curve25519_donna (uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint)
 
void deallocate_memory (void *p, size_t elems, size_t elem_size)
 
gf2m decode_gf2m (const uint8_t *mem)
 
void divide (const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
 
size_t dl_exponent_size (size_t bits)
 
size_t dl_work_factor (size_t bits)
 
secure_vector< uint8_t > EC2OSP (const PointGFp &point, uint8_t format)
 
size_t ecp_work_factor (size_t bits)
 
void ed25519_gen_keypair (uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
 
void ed25519_gen_keypair (uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32])
 
void ed25519_sign (uint8_t sig[64], const uint8_t *m, size_t mlen, const uint8_t *sk)
 
void ed25519_sign (uint8_t sig[64], const uint8_t msg[], size_t msg_len, const uint8_t sk[64])
 
bool ed25519_verify (const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk)
 
bool ed25519_verify (const uint8_t msg[], size_t msg_len, const uint8_t sig[64], const uint8_t pk[32])
 
uint32_t encode_gf2m (gf2m to_enc, uint8_t *mem)
 
std::string erase_chars (const std::string &str, const std::set< char > &chars)
 
template<typename T >
uint16_t expand_mask_16bit (T tst)
 
void fe_0 (fe &x)
 
void fe_1 (fe &x)
 
void fe_add (fe &x, const fe &a, const fe &b)
 
void fe_copy (fe &a, const fe &b)
 
void fe_frombytes (fe &x, const uint8_t *b)
 
void fe_invert (fe &x, const fe &z)
 
int fe_isnegative (const fe &x)
 
int fe_isnonzero (const fe &x)
 
void fe_mul (fe &x, const fe &a, const fe &b)
 
void fe_neg (fe &x, const fe &z)
 
void fe_pow22523 (fe &x, const fe &y)
 
void fe_sq (fe &x, const fe &z)
 
void fe_sq2 (fe &x, const fe &z)
 
void fe_sq_iter (fe &x, const fe &z, size_t iter)
 
void fe_sub (fe &x, const fe &a, const fe &b)
 
void fe_tobytes (uint8_t *b, const fe &x)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, uint32_t code_length)
 
BigInt gcd (const BigInt &a, const BigInt &b)
 
void gcm_clmul_precompute (const uint8_t H_bytes[16], uint64_t H_pow[4 *2])
 
void gcm_multiply_clmul (uint8_t x[16], const uint64_t H_pow[4 *2], const uint8_t input[], size_t blocks)
 
void gcm_multiply_clmul (uint8_t x[16], const uint64_t H_pow[8], const uint8_t input_bytes[], size_t blocks)
 
void gcm_multiply_pmull (uint8_t x[16], const uint64_t H64[8], const uint8_t input[], size_t blocks)
 
void gcm_multiply_ssse3 (uint8_t x[16], const uint64_t HM[256], const uint8_t input_bytes[], size_t blocks)
 
void gcm_pmull_precompute (const uint8_t H_bytes[16], uint64_t H_pow[4 *2])
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t *a, const ge_p3 *A, const uint8_t *b)
 
int ge_frombytes_negate_vartime (ge_p3 *, const uint8_t *)
 
void ge_scalarmult_base (uint8_t out[32], const uint8_t in[32])
 
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, char version)
 
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
 
std::vector< uint8_t > generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, uint32_t ext_deg, uint32_t code_length, uint32_t t)
 
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id)
 
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
 
BigInt generate_rsa_prime (RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
 
AEAD_Modeget_aead (const std::string &name, Cipher_Dir direction)
 
BlockCipherModePaddingMethodget_bc_pad (const std::string &algo_spec)
 
template<typename T >
uint8_t get_byte (size_t byte_num, T input)
 
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
 
Cipher_Modeget_cipher_mode (const std::string &algo_spec, Cipher_Dir direction, const std::string &provider="")
 
EMEget_eme (const std::string &algo_spec)
 
EMSAget_emsa (const std::string &algo_spec)
 
std::vector< std::string > get_files_recursive (const std::string &dir)
 
KDFget_kdf (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
PBKDFget_s2k (const std::string &algo_spec)
 
const std::vector< std::string > get_sig_paddings (const std::string algo)
 
gf2m gray_to_lex (gf2m gray)
 
template<typename T >
size_t hamming_weight (T n)
 
bool has_filesystem_impl ()
 
std::string hash_for_emsa (const std::string &algo_spec)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const char input[], size_t input_length, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const std::string &input, bool ignore_ws)
 
void hex_encode (char output[], const uint8_t input[], size_t input_length, bool uppercase)
 
std::string hex_encode (const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename Alloc >
std::string hex_encode (const std::vector< uint8_t, Alloc > &input, bool uppercase=true)
 
template<typename T >
size_t high_bit (T n)
 
secure_vector< uint8_t > hkdf_expand_label (const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
 
bool host_wildcard_match (const std::string &issued_, const std::string &host_)
 
uint8_t ieee1363_hash_id (const std::string &name)
 
size_t if_work_factor (size_t bits)
 
void initialize_allocator ()
 
BigInt inverse_euclid (const BigInt &n, const BigInt &mod)
 
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
 
std::string ipv4_to_string (uint32_t ip)
 
bool is_passhash9_alg_supported (uint8_t alg_id)
 
template<typename T >
bool is_power_of_2 (T arg)
 
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
 
int32_t jacobi (const BigInt &a, const BigInt &n)
 
std::string key_constraints_to_string (Key_Constraints constraints)
 
BigInt lcm (const BigInt &a, const BigInt &b)
 
gf2m lex_to_gray (gf2m lex)
 
uint64_t load_3 (const uint8_t in[3])
 
uint64_t load_4 (const uint8_t *in)
 
template<typename T >
T load_be (const uint8_t in[], size_t off)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_be (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_be< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_be< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_be< uint64_t > (const uint8_t in[], size_t off)
 
template<typename T >
T load_le (const uint8_t in[], size_t off)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_le (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_le< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_le< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_le< uint64_t > (const uint8_t in[], size_t off)
 
std::unique_ptr< Private_Keyload_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
 
std::unique_ptr< Public_Keyload_public_key (const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
 
template<typename T >
size_t low_bit (T n)
 
size_t low_zero_bits (const BigInt &n)
 
std::unique_ptr< HashFunctionmake_bearssl_hash (const std::string &name)
 
Compression_Algorithmmake_compressor (const std::string &name)
 
Decompression_Algorithmmake_decompressor (const std::string &name)
 
std::unique_ptr< BlockCiphermake_openssl_block_cipher (const std::string &name)
 
Cipher_Modemake_openssl_cipher_mode (const std::string &name, Cipher_Dir direction)
 
std::unique_ptr< HashFunctionmake_openssl_hash (const std::string &name)
 
uint16_t make_uint16 (uint8_t i0, uint8_t i1)
 
uint32_t make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
 
uint64_t make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Single_object make_unique (Args &&... args)
 
template<class T >
stlCompatibilityDetails::_Unique_if< T >::_Unknown_bound make_unique (size_t n)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Known_bound make_unique (Args &&...)=delete
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
secure_vector< uint8_t > mceies_decrypt (const McEliece_PrivateKey &privkey, const uint8_t ct[], size_t ct_len, const uint8_t ad[], size_t ad_len, const std::string &algo)
 
secure_vector< uint8_t > mceies_encrypt (const McEliece_PublicKey &pubkey, const uint8_t pt[], size_t pt_len, const uint8_t ad[], size_t ad_len, RandomNumberGenerator &rng, const std::string &algo)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext, secure_vector< uint8_t > &error_mask, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
secure_vector< uint8_t > mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, uint32_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
 
size_t mceliece_work_factor (size_t n, size_t t)
 
void mgf1_mask (HashFunction &hash, const uint8_t in[], size_t in_len, uint8_t out[], size_t out_len)
 
BigInt monty_execute (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
 
BigInt monty_execute_vartime (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
 
word monty_inverse (word input)
 
BigInt monty_multi_exp (std::shared_ptr< const Montgomery_Params > params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
 
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute (std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
 
void mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
 
BigInt mul_add (const BigInt &a, const BigInt &b, const BigInt &c)
 
BigInt mul_sub (const BigInt &a, const BigInt &b, const BigInt &c)
 
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
void newhope_keygen (uint8_t send[NEWHOPE_SENDABYTES], newhope_poly *sk, RandomNumberGenerator &rng, Newhope_Mode=Newhope_Mode::SHA3)
 
void newhope_keygen (uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_shareda (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], const newhope_poly *ska, const uint8_t *received, Newhope_Mode mode=Newhope_Mode::SHA3)
 
void newhope_shareda (uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
 
void newhope_sharedb (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], uint8_t send[], const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode=Newhope_Mode::SHA3)
 
void newhope_sharedb (uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
 
secure_vector< uint8_t > nist_key_unwrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
secure_vector< uint8_t > nist_key_unwrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
BigInt normalized_montgomery_inverse (const BigInt &a, const BigInt &p)
 
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator!= (const OID &a, const OID &b)
 
bool operator!= (const OctetString &s1, const OctetString &s2)
 
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator!= (const X509_Time &t1, const X509_Time &t2)
 
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
 
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
 
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
 
bool operator!= (const BigInt &a, const BigInt &b)
 
bool operator!= (const BigInt &a, word b)
 
BigInt operator% (const BigInt &n, const BigInt &mod)
 
word operator% (const BigInt &n, word mod)
 
ECIES_Flags operator& (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator* (const donna128 &x, uint64_t y)
 
donna128 operator* (uint64_t y, const donna128 &x)
 
BigInt operator* (const BigInt &x, const BigInt &y)
 
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
 
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
 
BigInt operator+ (const BigInt &x, const BigInt &y)
 
BigInt operator+ (const BigInt &x, word y)
 
OID operator+ (const OID &oid, uint32_t component)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
donna128 operator+ (const donna128 &x, uint64_t y)
 
OctetString operator+ (const OctetString &k1, const OctetString &k2)
 
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator+ (word x, const BigInt &y)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
BigInt operator- (const BigInt &x, const BigInt &y)
 
BigInt operator- (const BigInt &x, word y)
 
PointGFp operator- (const PointGFp &lhs)
 
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator/ (const BigInt &x, const BigInt &y)
 
bool operator< (const OID &a, const OID &b)
 
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator< (const X509_Time &t1, const X509_Time &t2)
 
bool operator< (const BigInt &a, const BigInt &b)
 
bool operator< (const BigInt &a, word b)
 
int operator<< (int fd, Pipe &pipe)
 
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
 
BigInt operator<< (const BigInt &x, size_t shift)
 
std::ostream & operator<< (std::ostream &os, const GeneralName &gn)
 
std::ostream & operator<< (std::ostream &os, const GeneralSubtree &gs)
 
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
 
std::ostream & operator<< (std::ostream &out, Pipe &pipe)
 
bool operator<= (const X509_Time &t1, const X509_Time &t2)
 
bool operator<= (const BigInt &a, const BigInt &b)
 
bool operator<= (const BigInt &a, word b)
 
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const OctetString &s1, const OctetString &s2)
 
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator== (const X509_Time &t1, const X509_Time &t2)
 
bool operator== (const BigInt &a, const BigInt &b)
 
bool operator== (const BigInt &a, word b)
 
bool operator> (const X509_Time &t1, const X509_Time &t2)
 
bool operator> (const BigInt &a, const BigInt &b)
 
bool operator> (const BigInt &a, word b)
 
bool operator>= (const X509_Time &t1, const X509_Time &t2)
 
bool operator>= (const BigInt &a, const BigInt &b)
 
bool operator>= (const BigInt &a, word b)
 
int operator>> (int fd, Pipe &pipe)
 
std::istream & operator>> (std::istream &stream, BigInt &n)
 
BigInt operator>> (const BigInt &x, size_t shift)
 
std::istream & operator>> (std::istream &in, X509_DN &dn)
 
std::istream & operator>> (std::istream &in, Pipe &pipe)
 
OctetString operator^ (const OctetString &k1, const OctetString &k2)
 
template<typename Alloc , typename Alloc2 >
std::vector< uint8_t, Alloc > & operator^= (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in)
 
ECIES_Flags operator| (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
template<typename Alloc >
PointGFp OS2ECP (const std::vector< uint8_t, Alloc > &data, const CurveGFp &curve)
 
PointGFp OS2ECP (const uint8_t data[], size_t data_len, const CurveGFp &curve)
 
std::pair< BigInt, BigIntOS2ECP (const uint8_t data[], size_t data_len, const BigInt &curve_p, const BigInt &curve_a, const BigInt &curve_b)
 
std::vector< std::string > parse_algorithm_name (const std::string &namex)
 
std::vector< uint32_t > parse_asn1_oid (const std::string &oid)
 
secure_vector< uint8_t > pbes2_decrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, const std::vector< uint8_t > &params)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t pbkdf_iter, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
std::vector< uint8_t > pkcs_hash_id (const std::string &name)
 
void poly_double_n (uint8_t buf[], size_t n)
 
void poly_double_n (uint8_t out[], const uint8_t in[], size_t n)
 
void poly_double_n_le (uint8_t out[], const uint8_t in[], size_t n)
 
bool poly_double_supported_size (size_t n)
 
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
 
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
 
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
 
const BigIntprime_p521 ()
 
std::vector< std::string > probe_provider_private_key (const std::string &alg_name, const std::vector< std::string > possible)
 
template<typename T >
std::vector< std::string > probe_providers_of (const std::string &algo_spec, const std::vector< std::string > &possible)
 
bool quick_check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
gf2m random_code_element (unsigned code_length, RandomNumberGenerator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
 
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
 
std::map< std::string, std::string > read_cfg (std::istream &is)
 
void redc_mul (int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
 
void redc_p521 (BigInt &x, secure_vector< word > &ws)
 
std::string replace_char (const std::string &str, char from_char, char to_char)
 
std::string replace_chars (const std::string &str, const std::set< char > &chars, char to_char)
 
BigInt ressol (const BigInt &x, const BigInt &p)
 
uint16_t reverse_bytes (uint16_t val)
 
uint32_t reverse_bytes (uint32_t val)
 
uint64_t reverse_bytes (uint64_t val)
 
secure_vector< uint8_t > rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
secure_vector< uint8_t > rfc3394_keywrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
template<typename T >
T rotate_left (T input, size_t rot)
 
template<typename T >
T rotate_right (T input, size_t rot)
 
template<size_t ROT, typename T >
T rotl (T input)
 
template<typename T >
T rotl_var (T input, size_t rot)
 
template<size_t ROT, typename T >
T rotr (T input)
 
template<typename T >
T rotr_var (T input, size_t rot)
 
template<typename T >
T round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
void sc_muladd (uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
 
void sc_reduce (uint8_t *)
 
void scrypt (uint8_t output[], size_t output_len, const std::string &password, const uint8_t salt[], size_t salt_len, const Scrypt_Params &params)
 
void scrypt (uint8_t output[], size_t output_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
void secure_scrub_memory (void *ptr, size_t n)
 
template<typename T >
void set_mem (T *ptr, size_t n, uint8_t val)
 
const char * short_version_cstr ()
 
std::string short_version_string ()
 
bool sig_algo_and_pad_ok (const std::string algo, const std::string padding)
 
template<typename T >
size_t significant_bytes (T n)
 
std::vector< uint8_t > sm2_compute_za (HashFunction &hash, const std::string &user_id, const EC_Group &domain, const PointGFp &pubkey)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
 
BigInt square (const BigInt &x)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng)
 
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
 
void store_be (uint16_t in, uint8_t out[2])
 
void store_be (uint32_t in, uint8_t out[4])
 
void store_be (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
void store_le (uint16_t in, uint8_t out[2])
 
void store_le (uint32_t in, uint8_t out[4])
 
void store_le (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
uint32_t string_to_ipv4 (const std::string &str)
 
BigInt sub_mul (const BigInt &a, const BigInt &b, const BigInt &c)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
RandomNumberGeneratorsystem_rng ()
 
void throw_invalid_argument (const char *message, const char *func, const char *file)
 
uint32_t timespec_to_u32bit (const std::string &timespec)
 
std::vector< uint8_t > to_byte_vector (const std::string &s)
 
const char * to_string (Certificate_Status_Code code)
 
std::string to_string (const secure_vector< uint8_t > &bytes)
 
uint32_t to_u32bit (const std::string &str)
 
uint16_t to_uint16 (const std::string &str)
 
std::string ucs2_to_utf8 (const uint8_t ucs2[], size_t len)
 
std::string ucs4_to_utf8 (const uint8_t ucs4[], size_t len)
 
template<typename T >
std::vector< Tunlock (const secure_vector< T > &in)
 
std::string utf8_to_latin1 (const std::string &utf8)
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
void verify_cert_constraints_valid_for_key_type (const Public_Key &pub_key, Key_Constraints constraints)
 
bool verify_prime (const BigInt &n, RandomNumberGenerator &rng)
 
const char * version_cstr ()
 
uint32_t version_datestamp ()
 
uint32_t version_major ()
 
uint32_t version_minor ()
 
uint32_t version_patch ()
 
std::string version_string ()
 
void word3_add (word *w2, word *w1, word *w0, word x)
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
word word_madd2 (word a, word b, word *c)
 
word word_madd3 (word a, word b, word c, word *d)
 
word word_sub (word x, word y, word *carry)
 
bool x500_name_cmp (const std::string &name1, const std::string &name2)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
void xor_buf (uint8_t out[], const uint8_t in[], size_t length)
 
void xor_buf (uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const std::map< const std::string, std::vector< std::string > > allowed_signature_paddings
 
const uint32_t CAST_SBOX1 [256]
 
const uint32_t CAST_SBOX2 [256]
 
const uint32_t CAST_SBOX3 [256]
 
const uint32_t CAST_SBOX4 [256]
 
const uint64_t DES_FPTAB1 [256]
 
const uint64_t DES_FPTAB2 [256]
 
const uint64_t DES_IPTAB1 [256]
 
const uint64_t DES_IPTAB2 [256]
 
const uint32_t DES_SPBOX1 [256]
 
const uint32_t DES_SPBOX2 [256]
 
const uint32_t DES_SPBOX3 [256]
 
const uint32_t DES_SPBOX4 [256]
 
const uint32_t DES_SPBOX5 [256]
 
const uint32_t DES_SPBOX6 [256]
 
const uint32_t DES_SPBOX7 [256]
 
const uint32_t DES_SPBOX8 [256]
 
const size_t HEX_CODEC_BUFFER_SIZE = 256
 
const word MP_WORD_MASK = ~static_cast<word>(0)
 
const word MP_WORD_MAX = MP_WORD_MASK
 
const word MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)
 
const size_t PRIME_TABLE_SIZE = 6541
 
const uint16_t PRIMES []
 
const uint64_t STREEBOG_Ax [8][256]
 
const uint64_t STREEBOG_C [12][8]
 

Detailed Description

(C) 2018 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

Ordinary applications should never need to include or use this header. It is exposed only for specialized applications which want to implement new versions of public key crypto without merging them as changes to the library. One actual example of such usage is an application which creates RSA signatures using a custom TPM library. Unless you're doing something like that, you don't need anything here. Instead use pubkey.h which wraps these types safely and provides a stable application-oriented API.

XMSS WOTS Addressed Private Key (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Addressed Public Key (C) 2016,2017 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

Typedef Documentation

◆ ASN1_Time

Definition at line 75 of file asn1_time.h.

◆ byte

using Botan::byte = typedef std::uint8_t

Definition at line 89 of file types.h.

◆ CertificatePathStatusCodes

This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.

Definition at line 29 of file x509path.h.

◆ EC_Domain_Params

Definition at line 368 of file ec_group.h.

◆ fe

Definition at line 135 of file ed25519_fe.h.

◆ gf2m

typedef uint16_t Botan::gf2m

Definition at line 20 of file gf2m_small_m.h.

◆ InitializationVector

Alternate name for octet string showing intent to use as an IV

Definition at line 141 of file symkey.h.

◆ lock_guard_type

template<typename T >
using Botan::lock_guard_type = typedef lock_guard<T>

Definition at line 52 of file mutex.h.

◆ MAC

Definition at line 139 of file mac.h.

◆ mutex_type

Definition at line 51 of file mutex.h.

◆ PK_KA_Key

Definition at line 299 of file pk_keys.h.

◆ PKCS8_PrivateKey

Definition at line 301 of file pk_keys.h.

◆ poly

Definition at line 20 of file newhope.cpp.

◆ RNG

Convenience typedef

Definition at line 173 of file rng.h.

◆ S2K

typedef PBKDF Botan::S2K

Definition at line 221 of file pbkdf.h.

◆ s32bit

using Botan::s32bit = typedef std::int32_t

Definition at line 93 of file types.h.

◆ secure_deque

template<typename T >
using Botan::secure_deque = typedef std::deque<T, secure_allocator<T> >

Definition at line 89 of file secmem.h.

◆ secure_vector

template<typename T >
using Botan::secure_vector = typedef std::vector<T, secure_allocator<T> >

Definition at line 88 of file secmem.h.

◆ SecureVector

template<typename T >
using Botan::SecureVector = typedef secure_vector<T>

Definition at line 92 of file secmem.h.

◆ SHA_1

Definition at line 69 of file sha160.h.

◆ SIMD_32

Definition at line 695 of file simd_32.h.

◆ SymmetricKey

Alternate name for octet string showing intent to use as a key

Definition at line 136 of file symkey.h.

◆ Transform_Filter

Definition at line 53 of file cipher_filter.h.

◆ Transformation_Filter

Definition at line 54 of file cipher_filter.h.

◆ u16bit

using Botan::u16bit = typedef std::uint16_t

Definition at line 90 of file types.h.

◆ u32bit

using Botan::u32bit = typedef std::uint32_t

Definition at line 91 of file types.h.

◆ u64bit

using Botan::u64bit = typedef std::uint64_t

Definition at line 92 of file types.h.

◆ wots_keysig_t

typedef std::vector< secure_vector< uint8_t > > Botan::wots_keysig_t

Definition at line 19 of file xmss_common_ops.h.

◆ X509_PublicKey

Definition at line 300 of file pk_keys.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
SM3_BLOCK_BYTES 
SM3_DIGEST_BYTES 

Definition at line 15 of file sm3.h.

15  {
16  SM3_BLOCK_BYTES = 64,
17  SM3_DIGEST_BYTES = 32
18 };

◆ ASN1_Tag

enum Botan::ASN1_Tag : uint32_t

ASN.1 Type and Class Tags

Enumerator
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
UNIVERSAL_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
UTC_OR_GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

Definition at line 22 of file asn1_obj.h.

22  : uint32_t {
23  UNIVERSAL = 0x00,
24  APPLICATION = 0x40,
25  CONTEXT_SPECIFIC = 0x80,
26 
27  CONSTRUCTED = 0x20,
28 
30 
31  EOC = 0x00,
32  BOOLEAN = 0x01,
33  INTEGER = 0x02,
34  BIT_STRING = 0x03,
35  OCTET_STRING = 0x04,
36  NULL_TAG = 0x05,
37  OBJECT_ID = 0x06,
38  ENUMERATED = 0x0A,
39  SEQUENCE = 0x10,
40  SET = 0x11,
41 
42  UTF8_STRING = 0x0C,
43  NUMERIC_STRING = 0x12,
44  PRINTABLE_STRING = 0x13,
45  T61_STRING = 0x14,
46  IA5_STRING = 0x16,
47  VISIBLE_STRING = 0x1A,
48  UNIVERSAL_STRING = 0x1C,
49  BMP_STRING = 0x1E,
50 
51  UTC_TIME = 0x17,
52  GENERALIZED_TIME = 0x18,
54 
55  NO_OBJECT = 0xFF00,
56  DIRECTORY_STRING = 0xFF01
57 };

◆ Certificate_Status_Code

Certificate validation status code

Enumerator
OK 
VERIFIED 
OCSP_RESPONSE_GOOD 
OCSP_SIGNATURE_OK 
VALID_CRL_CHECKED 
OCSP_NO_HTTP 
FIRST_WARNING_STATUS 
CERT_SERIAL_NEGATIVE 
DN_TOO_LONG 
OSCP_NO_REVOCATION_URL 
OSCP_SERVER_NOT_AVAILABLE 
FIRST_ERROR_STATUS 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
NO_REVOCATION_DATA 
NO_MATCHING_CRLDP 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
CHAIN_LACKS_TRUST_ROOT 
CHAIN_NAME_MISMATCH 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
DUPLICATE_CERT_EXTENSION 
OCSP_SIGNATURE_ERROR 
OCSP_ISSUER_NOT_FOUND 
OCSP_RESPONSE_MISSING_KEYUSAGE 
OCSP_RESPONSE_INVALID 
EXT_IN_V1_V2_CERT 
DUPLICATE_CERT_POLICY 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 
CERT_PUBKEY_INVALID 
SIGNATURE_ALGO_UNKNOWN 
SIGNATURE_ALGO_BAD_PARAMS 

Definition at line 18 of file cert_status.h.

18  {
19  OK = 0,
20  VERIFIED = 0,
21 
22  // Revocation status
26  OCSP_NO_HTTP = 4,
27 
28  // Warnings
31  DN_TOO_LONG = 501,
34 
35  // Errors
36  FIRST_ERROR_STATUS = 1000,
37 
39  UNTRUSTED_HASH = 1001,
40  NO_REVOCATION_DATA = 1002,
41  NO_MATCHING_CRLDP = 1003,
42 
43  // Time problems
44  CERT_NOT_YET_VALID = 2000,
45  CERT_HAS_EXPIRED = 2001,
46  OCSP_NOT_YET_VALID = 2002,
47  OCSP_HAS_EXPIRED = 2003,
48  CRL_NOT_YET_VALID = 2004,
49  CRL_HAS_EXPIRED = 2005,
50 
51  // Chain generation problems
52  CERT_ISSUER_NOT_FOUND = 3000,
54  CERT_CHAIN_LOOP = 3002,
56  CHAIN_NAME_MISMATCH = 3004,
57 
58  // Validation errors
59  POLICY_ERROR = 4000,
60  INVALID_USAGE = 4001,
61  CERT_CHAIN_TOO_LONG = 4002,
63  NAME_CONSTRAINT_ERROR = 4004,
64 
65  // Revocation errors
67  OCSP_CERT_NOT_LISTED = 4006,
68  OCSP_BAD_STATUS = 4007,
69 
70  // Other problems
71  CERT_NAME_NOMATCH = 4008,
74  OCSP_SIGNATURE_ERROR = 4501,
75  OCSP_ISSUER_NOT_FOUND = 4502,
77  OCSP_RESPONSE_INVALID = 4504,
78  EXT_IN_V1_V2_CERT = 4505,
79  DUPLICATE_CERT_POLICY = 4506,
80 
81  // Hard failures
82  CERT_IS_REVOKED = 5000,
83  CRL_BAD_SIGNATURE = 5001,
84  SIGNATURE_ERROR = 5002,
85  CERT_PUBKEY_INVALID = 5003,
88 };

◆ Character_Set

The different charsets (nominally) supported by Botan.

Enumerator
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

Definition at line 41 of file charset.h.

◆ Cipher_Dir

enum Botan::Cipher_Dir : int

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

Definition at line 24 of file cipher_mode.h.

◆ CRL_Code

enum Botan::CRL_Code : uint32_t

X.509v2 CRL Reason Code.

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 22 of file crl_ent.h.

◆ Decoder_Checking

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 179 of file filter.h.

◆ EC_Group_Encoding

This class represents elliptic curce domain parameters

Enumerator
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 23 of file ec_group.h.

◆ ECIES_Flags

enum Botan::ECIES_Flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

Definition at line 28 of file ecies.h.

28  : uint32_t
29  {
30  NONE = 0,
31 
32  /// if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key
33  SINGLE_HASH_MODE = 1,
34 
35  /// (decryption only) if set: use cofactor multiplication during (ecdh) key agreement
36  COFACTOR_MODE = 2,
37 
38  /// if set: use ecdhc instead of ecdh
40 
41  /// (decryption only) if set: test if the (ephemeral) public key is on the curve
42  CHECK_MODE = 8
43  };
(decryption only) if set: test if the (ephemeral) public key is on the curve
if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key ...
if set: use ecdhc instead of ecdh
(decryption only) if set: use cofactor multiplication during (ecdh) key agreement ...

◆ Key_Constraints

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 21 of file key_constraint.h.

21  {
22  NO_CONSTRAINTS = 0,
23  DIGITAL_SIGNATURE = 1 << 15,
24  NON_REPUDIATION = 1 << 14,
25  KEY_ENCIPHERMENT = 1 << 13,
26  DATA_ENCIPHERMENT = 1 << 12,
27  KEY_AGREEMENT = 1 << 11,
28  KEY_CERT_SIGN = 1 << 10,
29  CRL_SIGN = 1 << 9,
30  ENCIPHER_ONLY = 1 << 8,
31  DECIPHER_ONLY = 1 << 7
32 };
Definition: ffi.h:1171

◆ Newhope_Mode

enum Botan::Newhope_Mode
strong

This chooses the XOF + hash for NewHope The official NewHope specification and reference implementation use SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode

Enumerator
SHA3 
BoringSSL 

Definition at line 58 of file newhope.h.

◆ Newhope_Params

Enumerator
NEWHOPE_SENDABYTES 
NEWHOPE_SENDBBYTES 
NEWHOPE_OFFER_BYTES 
NEWHOPE_ACCEPT_BYTES 
NEWHOPE_SHARED_KEY_BYTES 
NEWHOPE_SEED_BYTES 
NEWHOPE_POLY_BYTES 
CECPQ1_OFFER_BYTES 
CECPQ1_ACCEPT_BYTES 
CECPQ1_SHARED_KEY_BYTES 

Definition at line 35 of file newhope.h.

◆ Signature_Format

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

Definition at line 27 of file pubkey.h.

◆ TPM_Storage_Type

Enumerator
User 
System 

Definition at line 99 of file tpm.h.

◆ Usage_Type

enum Botan::Usage_Type
strong
Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 

Definition at line 25 of file x509cert.h.

◆ X509_Encoding

The two types of X509 encoding supported by Botan. This enum is not used anymore, and will be removed in a future major release.

Enumerator
RAW_BER 
PEM 

Definition at line 25 of file x509_key.h.

Function Documentation

◆ abs()

BigInt Botan::abs ( const BigInt n)
inline

Return the absolute value

Parameters
nan integer
Returns
absolute value of n

Definition at line 55 of file numthry.h.

References Botan::BigInt::abs().

55 { return n.abs(); }

◆ allocate_memory()

BOTAN_MALLOC_FN void * Botan::allocate_memory ( size_t  elems,
size_t  elem_size 
)

Allocate a memory buffer by some method. This should only be used for primitive types (uint8_t, uint32_t, etc).

Parameters
elemsthe number of elements
elem_sizethe size of each element
Returns
pointer to allocated and zeroed memory, or throw std::bad_alloc on failure

Definition at line 16 of file mem_ops.cpp.

References Botan::mlock_allocator::instance().

Referenced by Botan::secure_allocator< T >::allocate().

17  {
18 #if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
19  if(void* p = mlock_allocator::instance().allocate(elems, elem_size))
20  return p;
21 #endif
22 
23  void* ptr = std::calloc(elems, elem_size);
24  if(!ptr)
25  throw std::bad_alloc();
26  return ptr;
27  }

◆ almost_montgomery_inverse()

size_t Botan::almost_montgomery_inverse ( BigInt result,
const BigInt a,
const BigInt b 
)

Return a^-1 * 2^k mod b Returns k, between n and 2n Not const time

Definition at line 100 of file numthry.cpp.

References Botan::BigInt::is_even().

Referenced by normalized_montgomery_inverse().

103  {
104  size_t k = 0;
105 
106  BigInt u = p, v = a, r = 0, s = 1;
107 
108  while(v > 0)
109  {
110  if(u.is_even())
111  {
112  u >>= 1;
113  s <<= 1;
114  }
115  else if(v.is_even())
116  {
117  v >>= 1;
118  r <<= 1;
119  }
120  else if(u > v)
121  {
122  u -= v;
123  u >>= 1;
124  r += s;
125  s <<= 1;
126  }
127  else
128  {
129  v -= u;
130  v >>= 1;
131  s += r;
132  r <<= 1;
133  }
134 
135  ++k;
136  }
137 
138  if(r >= p)
139  {
140  r -= p;
141  }
142 
143  result = p - r;
144 
145  return k;
146  }

◆ aont_package()

void Botan::aont_package ( RandomNumberGenerator rng,
BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform

Parameters
rngthe random number generator to use
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

Definition at line 17 of file package.cpp.

References Botan::OctetString::begin(), Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, clear_mem(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

21  {
22  if(input_len <= 1)
23  throw Encoding_Error("Package transform cannot encode small inputs");
24 
25  const size_t BLOCK_SIZE = cipher->block_size();
26 
27  if(!cipher->valid_keylength(BLOCK_SIZE))
28  throw Invalid_Argument("AONT::package: Invalid cipher");
29 
30  // The all-zero string which is used both as the CTR IV and as K0
31  const std::string all_zeros(BLOCK_SIZE*2, '0');
32 
33  SymmetricKey package_key(rng, BLOCK_SIZE);
34 
35  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
36 
37  pipe.process_msg(input, input_len);
38  const size_t remaining = pipe.remaining();
39  BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
40 
41  // Set K0 (the all zero key)
42  cipher->set_key(SymmetricKey(all_zeros));
43 
44  secure_vector<uint8_t> buf(BLOCK_SIZE);
45 
46  const size_t blocks =
47  (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
48 
49  uint8_t* final_block = output + input_len;
50  clear_mem(final_block, BLOCK_SIZE);
51 
52  // XOR the hash blocks into the final block
53  for(size_t i = 0; i != blocks; ++i)
54  {
55  const size_t left = std::min<size_t>(BLOCK_SIZE,
56  input_len - BLOCK_SIZE * i);
57 
58  zeroise(buf);
59  copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);
60 
61  for(size_t j = 0; j != sizeof(i); ++j)
62  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
63 
64  cipher->encrypt(buf.data());
65 
66  xor_buf(final_block, buf.data(), BLOCK_SIZE);
67  }
68 
69  // XOR the random package key into the final block
70  xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
71  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:97
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:69
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108
OctetString SymmetricKey
Definition: symkey.h:136
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183

◆ aont_unpackage()

void Botan::aont_unpackage ( BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

Definition at line 73 of file package.cpp.

References Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

76  {
77  const size_t BLOCK_SIZE = cipher->block_size();
78 
79  if(!cipher->valid_keylength(BLOCK_SIZE))
80  throw Invalid_Argument("AONT::unpackage: Invalid cipher");
81 
82  if(input_len < BLOCK_SIZE)
83  throw Invalid_Argument("AONT::unpackage: Input too short");
84 
85  // The all-zero string which is used both as the CTR IV and as K0
86  const std::string all_zeros(BLOCK_SIZE*2, '0');
87 
88  cipher->set_key(SymmetricKey(all_zeros));
89 
90  secure_vector<uint8_t> package_key(BLOCK_SIZE);
91  secure_vector<uint8_t> buf(BLOCK_SIZE);
92 
93  // Copy the package key (masked with the block hashes)
94  copy_mem(package_key.data(),
95  input + (input_len - BLOCK_SIZE),
96  BLOCK_SIZE);
97 
98  const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
99 
100  // XOR the blocks into the package key bits
101  for(size_t i = 0; i != blocks; ++i)
102  {
103  const size_t left = std::min<size_t>(BLOCK_SIZE,
104  input_len - BLOCK_SIZE * (i+1));
105 
106  zeroise(buf);
107  copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);
108 
109  for(size_t j = 0; j != sizeof(i); ++j)
110  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
111 
112  cipher->encrypt(buf.data());
113 
114  xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
115  }
116 
117  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
118 
119  pipe.process_msg(input, input_len - BLOCK_SIZE);
120 
121  const size_t remaining = pipe.remaining();
122  BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
123  }
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:69
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108
OctetString SymmetricKey
Definition: symkey.h:136
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183

◆ asn1_class_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_class_to_string ( ASN1_Tag  type)

Definition at line 87 of file asn1_obj.cpp.

References APPLICATION, CONSTRUCTED, CONTEXT_SPECIFIC, NO_OBJECT, Botan::ASN1::to_string(), type, and UNIVERSAL.

Referenced by Botan::BER_Object::assert_is_a().

88  {
89  switch(type)
90  {
91  case UNIVERSAL:
92  return "UNIVERSAL";
93  case CONSTRUCTED:
94  return "CONSTRUCTED";
95  case CONTEXT_SPECIFIC:
96  return "CONTEXT_SPECIFIC";
97  case APPLICATION:
98  return "APPLICATION";
100  return "PRIVATE";
101  case Botan::NO_OBJECT:
102  return "NO_OBJECT";
103  default:
104  return "CLASS(" + std::to_string(static_cast<size_t>(type)) + ")";
105  }
106  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
MechanismType type

◆ asn1_tag_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_tag_to_string ( ASN1_Tag  type)

Definition at line 108 of file asn1_obj.cpp.

References BIT_STRING, BMP_STRING, BOOLEAN, ENUMERATED, GENERALIZED_TIME, IA5_STRING, INTEGER, NO_OBJECT, NULL_TAG, NUMERIC_STRING, OBJECT_ID, OCTET_STRING, PRINTABLE_STRING, SEQUENCE, SET, T61_STRING, Botan::ASN1::to_string(), type, UTC_TIME, UTF8_STRING, and VISIBLE_STRING.

Referenced by Botan::BER_Object::assert_is_a().

109  {
110  switch(type)
111  {
112  case Botan::SEQUENCE:
113  return "SEQUENCE";
114 
115  case Botan::SET:
116  return "SET";
117 
119  return "PRINTABLE STRING";
120 
122  return "NUMERIC STRING";
123 
124  case Botan::IA5_STRING:
125  return "IA5 STRING";
126 
127  case Botan::T61_STRING:
128  return "T61 STRING";
129 
130  case Botan::UTF8_STRING:
131  return "UTF8 STRING";
132 
134  return "VISIBLE STRING";
135 
136  case Botan::BMP_STRING:
137  return "BMP STRING";
138 
139  case Botan::UTC_TIME:
140  return "UTC TIME";
141 
143  return "GENERALIZED TIME";
144 
145  case Botan::OCTET_STRING:
146  return "OCTET STRING";
147 
148  case Botan::BIT_STRING:
149  return "BIT STRING";
150 
151  case Botan::ENUMERATED:
152  return "ENUMERATED";
153 
154  case Botan::INTEGER:
155  return "INTEGER";
156 
157  case Botan::NULL_TAG:
158  return "NULL";
159 
160  case Botan::OBJECT_ID:
161  return "OBJECT";
162 
163  case Botan::BOOLEAN:
164  return "BOOLEAN";
165 
166  case Botan::NO_OBJECT:
167  return "NO_OBJECT";
168 
169  default:
170  return "TAG(" + std::to_string(static_cast<size_t>(type)) + ")";
171  }
172  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
MechanismType type

◆ assertion_failure()

BOTAN_NORETURN void Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails Throws an Exception object

Definition at line 24 of file assert.cpp.

29  {
30  std::ostringstream format;
31 
32  format << "False assertion ";
33 
34  if(assertion_made && assertion_made[0] != 0)
35  format << "'" << assertion_made << "' (expression " << expr_str << ") ";
36  else
37  format << expr_str << " ";
38 
39  if(func)
40  format << "in " << func << " ";
41 
42  format << "@" << file << ":" << line;
43 
44  throw Exception(format.str());
45  }

◆ base32_decode() [1/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 197 of file base32.cpp.

References base_decode().

Referenced by base32_decode().

203  {
204  return base_decode(Base32(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
205  }
size_t base_decode(Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
Definition: codec_base.h:99

◆ base32_decode() [2/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 207 of file base32.cpp.

References base32_decode().

211  {
212  size_t consumed = 0;
213  size_t written = base32_decode(output, input, input_length,
214  consumed, true, ignore_ws);
215 
216  if(consumed != input_length)
217  { throw Invalid_Argument("base32_decode: input did not have full bytes"); }
218 
219  return written;
220  }
secure_vector< uint8_t > base32_decode(const std::string &input, bool ignore_ws)
Definition: base32.cpp:245

◆ base32_decode() [3/5]

size_t Botan::base32_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 222 of file base32.cpp.

References base32_decode().

225  {
226  return base32_decode(output, input.data(), input.length(), ignore_ws);
227  }
secure_vector< uint8_t > base32_decode(const std::string &input, bool ignore_ws)
Definition: base32.cpp:245

◆ base32_decode() [4/5]

secure_vector< uint8_t > Botan::base32_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 229 of file base32.cpp.

References base32_decode().

232  {
233  const size_t output_length = Base32::decode_max_output(input_length);
234  secure_vector<uint8_t> bin(output_length);
235 
236  size_t written = base32_decode(bin.data(),
237  input,
238  input_length,
239  ignore_ws);
240 
241  bin.resize(written);
242  return bin;
243  }
secure_vector< uint8_t > base32_decode(const std::string &input, bool ignore_ws)
Definition: base32.cpp:245

◆ base32_decode() [5/5]

secure_vector< uint8_t > Botan::base32_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 245 of file base32.cpp.

References base32_decode().

247  {
248  return base32_decode(input.data(), input.size(), ignore_ws);
249  }
secure_vector< uint8_t > base32_decode(const std::string &input, bool ignore_ws)
Definition: base32.cpp:245

◆ base32_encode() [1/3]

template<typename Alloc >
std::string Botan::base32_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base32 encoding

Parameters
inputsome input
Returns
base32 representation of input

Definition at line 50 of file base32.h.

References base32_encode().

51  {
52  return base32_encode(input.data(), input.size());
53  }
std::string base32_encode(const std::vector< uint8_t, Alloc > &input)
Definition: base32.h:50

◆ base32_encode() [2/3]

size_t Botan::base32_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base32 encoding

Parameters
outputan array of at least base32_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 166 of file base32.cpp.

References base_encode().

Referenced by base32_encode().

171  {
172  return base_encode(Base32(), out, in, input_length, input_consumed, final_inputs);
173  }
size_t base_encode(Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: codec_base.h:32

◆ base32_encode() [3/3]

std::string Botan::base32_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base32 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base32 representation of input

Definition at line 175 of file base32.cpp.

References base32_encode(), and BOTAN_ASSERT_EQUAL.

177  {
178  const size_t output_length = Base32::encode_max_output(input_length);
179  std::string output(output_length, 0);
180 
181  size_t consumed = 0;
182  size_t produced = 0;
183 
184  if(output_length > 0)
185  {
186  produced = base32_encode(&output.front(),
187  input, input_length,
188  consumed, true);
189  }
190 
191  BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
192  BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
193 
194  return output;
195  }
std::string base32_encode(const uint8_t input[], size_t input_length)
Definition: base32.cpp:175
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:69

◆ base64_decode() [1/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 100 of file base64.cpp.

References clear_mem().

Referenced by base64_decode(), botan_base64_decode(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::list_names(), and Botan::Base64_Decoder::write().

106  {
107  /*
108  * Base64 Decoder Lookup Table
109  * Warning: assumes ASCII encodings
110  */
111  static const uint8_t BASE64_TO_BIN[256] = {
112  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
113  0x80, 0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
114  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
115  0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
116  0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, 0x34, 0x35,
117  0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF,
118  0xFF, 0x81, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
119  0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
120  0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
121  0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C,
122  0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
123  0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
124  0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
127  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
129  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
131  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
132  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
133  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
134  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
135  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
136  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
137  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
138 
139  uint8_t* out_ptr = output;
140  uint8_t decode_buf[4];
141  size_t decode_buf_pos = 0;
142  size_t final_truncate = 0;
143 
144  clear_mem(output, input_length * 3 / 4);
145 
146  for(size_t i = 0; i != input_length; ++i)
147  {
148  const uint8_t bin = BASE64_TO_BIN[static_cast<uint8_t>(input[i])];
149 
150  if(bin <= 0x3F)
151  {
152  decode_buf[decode_buf_pos] = bin;
153  decode_buf_pos += 1;
154  }
155  else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws)))
156  {
157  std::string bad_char(1, input[i]);
158  if(bad_char == "\t")
159  bad_char = "\\t";
160  else if(bad_char == "\n")
161  bad_char = "\\n";
162  else if(bad_char == "\r")
163  bad_char = "\\r";
164 
165  throw Invalid_Argument(
166  std::string("base64_decode: invalid base64 character '") +
167  bad_char + "'");
168  }
169 
170  /*
171  * If we're at the end of the input, pad with 0s and truncate
172  */
173  if(final_inputs && (i == input_length - 1))
174  {
175  if(decode_buf_pos)
176  {
177  for(size_t j = decode_buf_pos; j != 4; ++j)
178  decode_buf[j] = 0;
179  final_truncate = (4 - decode_buf_pos);
180  decode_buf_pos = 4;
181  }
182  }
183 
184  if(decode_buf_pos == 4)
185  {
186  out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
187  out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
188  out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];
189 
190  out_ptr += 3;
191  decode_buf_pos = 0;
192  input_consumed = i+1;
193  }
194  }
195 
196  while(input_consumed < input_length &&
197  BASE64_TO_BIN[static_cast<uint8_t>(input[input_consumed])] == 0x80)
198  {
199  ++input_consumed;
200  }
201 
202  size_t written = (out_ptr - output) - final_truncate;
203 
204  return written;
205  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:97

◆ base64_decode() [2/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 207 of file base64.cpp.

References base64_decode().

211  {
212  size_t consumed = 0;
213  size_t written = base64_decode(output, input, input_length,
214  consumed, true, ignore_ws);
215 
216  if(consumed != input_length)
217  throw Invalid_Argument("base64_decode: input did not have full bytes");
218 
219  return written;
220  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245

◆ base64_decode() [3/5]

size_t Botan::base64_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 222 of file base64.cpp.

References base64_decode().

225  {
226  return base64_decode(output, input.data(), input.length(), ignore_ws);
227  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245

◆ base64_decode() [4/5]

secure_vector< uint8_t > Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 229 of file base64.cpp.

References base64_decode(), and base64_decode_max_output().

232  {
233  const size_t output_length = base64_decode_max_output(input_length);
234  secure_vector<uint8_t> bin(output_length);
235 
236  size_t written = base64_decode(bin.data(),
237  input,
238  input_length,
239  ignore_ws);
240 
241  bin.resize(written);
242  return bin;
243  }
size_t base64_decode_max_output(size_t input_length)
Definition: base64.cpp:256
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245

◆ base64_decode() [5/5]

secure_vector< uint8_t > Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 245 of file base64.cpp.

References base64_decode().

247  {
248  return base64_decode(input.data(), input.size(), ignore_ws);
249  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245

◆ base64_decode_max_output()

size_t Botan::base64_decode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_decode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 256 of file base64.cpp.

References round_up().

Referenced by base64_decode(), and botan_base64_decode().

257  {
258  return (round_up(input_length, 4) * 3) / 4;
259  }
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:21

◆ base64_encode() [1/3]

size_t Botan::base64_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters
outputan array of at least base64_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 35 of file base64.cpp.

Referenced by Botan::OCSP::Request::base64_encode(), base64_encode(), botan_base64_encode(), Botan::PEM_Code::encode(), generate_passhash9(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::remove(), and Botan::Encrypted_PSK_Database::set().

40  {
41  input_consumed = 0;
42 
43  size_t input_remaining = input_length;
44  size_t output_produced = 0;
45 
46  while(input_remaining >= 3)
47  {
48  do_base64_encode(out + output_produced, in + input_consumed);
49 
50  input_consumed += 3;
51  output_produced += 4;
52  input_remaining -= 3;
53  }
54 
55  if(final_inputs && input_remaining)
56  {
57  uint8_t remainder[3] = { 0 };
58  for(size_t i = 0; i != input_remaining; ++i)
59  remainder[i] = in[input_consumed + i];
60 
61  do_base64_encode(out + output_produced, remainder);
62 
63  size_t empty_bits = 8 * (3 - input_remaining);
64  size_t index = output_produced + 4 - 1;
65  while(empty_bits >= 8)
66  {
67  out[index--] = '=';
68  empty_bits -= 6;
69  }
70 
71  input_consumed += input_remaining;
72  output_produced += 4;
73  }
74 
75  return output_produced;
76  }

◆ base64_encode() [2/3]

template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base64 encoding

Parameters
inputsome input
Returns
base64adecimal representation of input

Definition at line 50 of file base64.h.

References base64_encode().

51  {
52  return base64_encode(input.data(), input.size());
53  }
std::string base64_encode(const std::vector< uint8_t, Alloc > &input)
Definition: base64.h:50

◆ base64_encode() [3/3]

std::string Botan::base64_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base64adecimal representation of input

Definition at line 78 of file base64.cpp.

References base64_encode(), base64_encode_max_output(), and BOTAN_ASSERT_EQUAL.

80  {
81  const size_t output_length = base64_encode_max_output(input_length);
82  std::string output(output_length, 0);
83 
84  size_t consumed = 0;
85  size_t produced = 0;
86 
87  if (output_length > 0)
88  {
89  produced = base64_encode(&output.front(),
90  input, input_length,
91  consumed, true);
92  }
93 
94  BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
95  BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
96 
97  return output;
98  }
size_t base64_encode_max_output(size_t input_length)
Definition: base64.cpp:251
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:69
std::string base64_encode(const uint8_t input[], size_t input_length)
Definition: base64.cpp:78

◆ base64_encode_max_output()

size_t Botan::base64_encode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_encode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 251 of file base64.cpp.

References round_up().

Referenced by base64_encode().

252  {
253  return (round_up(input_length, 3) / 3) * 4;
254  }
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:21

◆ base_decode()

template<typename Base >
size_t Botan::base_decode ( Base &&  base,
uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform decoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least base.decode_max_output bytes
inputsome base input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 99 of file codec_base.h.

References clear_mem().

Referenced by base32_decode().

106  {
107  const size_t decoding_bytes_in = base.decoding_bytes_in();
108  const size_t decoding_bytes_out = base.decoding_bytes_out();
109 
110  uint8_t* out_ptr = output;
111  std::vector<uint8_t> decode_buf(decoding_bytes_in, 0);
112  size_t decode_buf_pos = 0;
113  size_t final_truncate = 0;
114 
115  clear_mem(output, base.decode_max_output(input_length));
116 
117  for(size_t i = 0; i != input_length; ++i)
118  {
119  const uint8_t bin = base.lookup_binary_value(input[i]);
120 
121  if(base.check_bad_char(bin, input[i], ignore_ws)) // May throw Invalid_Argument
122  {
123  decode_buf[decode_buf_pos] = bin;
124  ++decode_buf_pos;
125  }
126 
127  /*
128  * If we're at the end of the input, pad with 0s and truncate
129  */
130  if(final_inputs && (i == input_length - 1))
131  {
132  if(decode_buf_pos)
133  {
134  for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j)
135  { decode_buf[j] = 0; }
136 
137  final_truncate = decoding_bytes_in - decode_buf_pos;
138  decode_buf_pos = decoding_bytes_in;
139  }
140  }
141 
142  if(decode_buf_pos == decoding_bytes_in)
143  {
144  base.decode(out_ptr, decode_buf.data());
145 
146  out_ptr += decoding_bytes_out;
147  decode_buf_pos = 0;
148  input_consumed = i+1;
149  }
150  }
151 
152  while(input_consumed < input_length &&
153  base.lookup_binary_value(input[input_consumed]) == 0x80)
154  {
155  ++input_consumed;
156  }
157 
158  size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate);
159 
160  return written;
161  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:97

◆ base_encode()

template<class Base >
size_t Botan::base_encode ( Base &&  base,
char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform encoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least base.encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 32 of file codec_base.h.

Referenced by base32_encode().

38  {
39  input_consumed = 0;
40 
41  const size_t encoding_bytes_in = base.encoding_bytes_in();
42  const size_t encoding_bytes_out = base.encoding_bytes_out();
43 
44  size_t input_remaining = input_length;
45  size_t output_produced = 0;
46 
47  while(input_remaining >= encoding_bytes_in)
48  {
49  base.encode(output + output_produced, input + input_consumed);
50 
51  input_consumed += encoding_bytes_in;
52  output_produced += encoding_bytes_out;
53  input_remaining -= encoding_bytes_in;
54  }
55 
56  if(final_inputs && input_remaining)
57  {
58  std::vector<uint8_t> remainder(encoding_bytes_in, 0);
59  for(size_t i = 0; i != input_remaining; ++i)
60  { remainder[i] = input[input_consumed + i]; }
61 
62  base.encode(output + output_produced, remainder.data());
63 
64  const size_t bits_consumed = base.bits_consumed();
65  const size_t remaining_bits_before_padding = base.remaining_bits_before_padding();
66 
67  size_t empty_bits = 8 * (encoding_bytes_in - input_remaining);
68  size_t index = output_produced + encoding_bytes_out - 1;
69  while(empty_bits >= remaining_bits_before_padding)
70  {
71  output[index--] = '=';
72  empty_bits -= bits_consumed;
73  }
74 
75  input_consumed += input_remaining;
76  output_produced += encoding_bytes_out;
77  }
78 
79  return output_produced;
80  }

◆ bigint_add2()

void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 186 of file mp_core.cpp.

References bigint_add2_nc().

Referenced by Botan::BigInt::add(), mul_add(), and Botan::BigInt::sub().

187  {
188  x[x_size] += bigint_add2_nc(x, x_size, y, y_size);
189  }
word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:138

◆ bigint_add2_nc()

word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition with carry out

Definition at line 138 of file mp_core.cpp.

References BOTAN_ASSERT, carry(), word8_add2(), and word_add().

Referenced by bigint_add2(), and Botan::BigInt::mod_sub().

139  {
140  word carry = 0;
141 
142  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
143 
144  const size_t blocks = y_size - (y_size % 8);
145 
146  for(size_t i = 0; i != blocks; i += 8)
147  carry = word8_add2(x + i, y + i, carry);
148 
149  for(size_t i = blocks; i != y_size; ++i)
150  x[i] = word_add(x[i], y[i], &carry);
151 
152  for(size_t i = y_size; i != x_size; ++i)
153  x[i] = word_add(x[i], 0, &carry);
154 
155  return carry;
156  }
word word8_add2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:138
void carry(int64_t &h0, int64_t &h1)
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107

◆ bigint_add3()

void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition

Definition at line 194 of file mp_core.cpp.

References bigint_add3_nc().

196  {
197  z[x_size > y_size ? x_size : y_size] +=
198  bigint_add3_nc(z, x, x_size, y, y_size);
199  }
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:161

◆ bigint_add3_nc()

word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition with carry out

Definition at line 161 of file mp_core.cpp.

References carry(), word8_add3(), and word_add().

Referenced by bigint_add3(), and redc_p521().

163  {
164  if(x_size < y_size)
165  { return bigint_add3_nc(z, y, y_size, x, x_size); }
166 
167  word carry = 0;
168 
169  const size_t blocks = y_size - (y_size % 8);
170 
171  for(size_t i = 0; i != blocks; i += 8)
172  carry = word8_add3(z + i, x + i, y + i, carry);
173 
174  for(size_t i = blocks; i != y_size; ++i)
175  z[i] = word_add(x[i], y[i], &carry);
176 
177  for(size_t i = y_size; i != x_size; ++i)
178  z[i] = word_add(x[i], 0, &carry);
179 
180  return carry;
181  }
void carry(int64_t &h0, int64_t &h1)
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:161
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:200
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107

◆ bigint_cmp()

int32_t Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Compare x and y returning early

Definition at line 456 of file mp_core.cpp.

Referenced by Botan::BigInt::add(), Botan::BigInt::cmp(), Botan::BigInt::cmp_word(), Botan::BigInt::mod_sub(), Botan::BigInt::rev_sub(), and Botan::BigInt::sub().

458  {
459  if(x_size < y_size) { return (-bigint_cmp(y, y_size, x, x_size)); }
460 
461  while(x_size > y_size)
462  {
463  if(x[x_size-1])
464  return 1;
465  x_size--;
466  }
467 
468  for(size_t i = x_size; i > 0; --i)
469  {
470  if(x[i-1] > y[i-1])
471  return 1;
472  if(x[i-1] < y[i-1])
473  return -1;
474  }
475 
476  return 0;
477  }
int32_t bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:456

◆ bigint_cnd_abs()

BOTAN_TEST_API void Botan::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)

Definition at line 123 of file mp_core.cpp.

References carry(), Botan::CT::expand_mask(), Botan::CT::select(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

124  {
125  const word mask = CT::expand_mask(cnd);
126 
127  word carry = mask & 1;
128  for(size_t i = 0; i != size; ++i)
129  {
130  const word z = word_add(~x[i], 0, &carry);
131  x[i] = CT::select(mask, z, x[i]);
132  }
133  }
void carry(int64_t &h0, int64_t &h1)
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:106
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107

◆ bigint_cnd_add()

BOTAN_TEST_API word Botan::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 39 of file mp_core.cpp.

References carry(), Botan::CT::expand_mask(), Botan::CT::select(), word8_add3(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

40  {
41  const word mask = CT::expand_mask(cnd);
42 
43  word carry = 0;
44 
45  const size_t blocks = size - (size % 8);
46  word z[8] = { 0 };
47 
48  for(size_t i = 0; i != blocks; i += 8)
49  {
50  carry = word8_add3(z, x + i, y + i, carry);
51 
52  for(size_t j = 0; j != 8; ++j)
53  x[i+j] = CT::select(mask, z[j], x[i+j]);
54  }
55 
56  for(size_t i = blocks; i != size; ++i)
57  {
58  z[0] = word_add(x[i], y[i], &carry);
59  x[i] = CT::select(mask, z[0], x[i]);
60  }
61 
62  return carry & mask;
63  }
void carry(int64_t &h0, int64_t &h1)
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:106
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:200
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107

◆ bigint_cnd_addsub()

void Botan::bigint_cnd_addsub ( word  mask,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 95 of file mp_core.cpp.

References carry(), Botan::CT::select(), word8_add3(), word8_sub3(), word_add(), and word_sub().

96  {
97  const size_t blocks = size - (size % 8);
98 
99  word carry = 0;
100  word borrow = 0;
101 
102  word t0[8] = { 0 };
103  word t1[8] = { 0 };
104 
105  for(size_t i = 0; i != blocks; i += 8)
106  {
107  carry = word8_add3(t0, x + i, y + i, carry);
108  borrow = word8_sub3(t1, x + i, y + i, borrow);
109 
110  for(size_t j = 0; j != 8; ++j)
111  x[i+j] = CT::select(mask, t0[j], t1[j]);
112  }
113 
114  for(size_t i = blocks; i != size; ++i)
115  {
116  const word a = word_add(x[i], y[i], &carry);
117  const word s = word_sub(x[i], y[i], &borrow);
118 
119  x[i] = CT::select(mask, a, s);
120  }
121  }
void carry(int64_t &h0, int64_t &h1)
T select(T mask, T from0, T from1)
Definition: ct_utils.h:106
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:200
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:416

◆ bigint_cnd_sub()

BOTAN_TEST_API word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 69 of file mp_core.cpp.

References carry(), Botan::CT::expand_mask(), Botan::CT::select(), word8_sub3(), and word_sub().

Referenced by ct_inverse_mod_odd_modulus().

70  {
71  const word mask = CT::expand_mask(cnd);
72 
73  word carry = 0;
74 
75  const size_t blocks = size - (size % 8);
76  word z[8] = { 0 };
77 
78  for(size_t i = 0; i != blocks; i += 8)
79  {
80  carry = word8_sub3(z, x + i, y + i, carry);
81 
82  for(size_t j = 0; j != 8; ++j)
83  x[i+j] = CT::select(mask, z[j], x[i+j]);
84  }
85 
86  for(size_t i = blocks; i != size; ++i)
87  {
88  z[0] = word_sub(x[i], y[i], &carry);
89  x[i] = CT::select(mask, z[0], x[i]);
90  }
91 
92  return carry & mask;
93  }
void carry(int64_t &h0, int64_t &h1)
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:106
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:416

◆ bigint_cnd_swap()

BOTAN_TEST_API void Botan::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)

Definition at line 22 of file mp_core.cpp.

References Botan::CT::expand_mask(), and Botan::CT::select().

Referenced by ct_inverse_mod_odd_modulus().

23  {
24  const word mask = CT::expand_mask(cnd);
25 
26  for(size_t i = 0; i != size; ++i)
27  {
28  const word a = x[i];
29  const word b = y[i];
30  x[i] = CT::select(mask, b, a);
31  y[i] = CT::select(mask, a, b);
32  }
33  }
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:106

◆ bigint_comba_mul16()

void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 805 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

806  {
807  word w2 = 0, w1 = 0, w0 = 0;
808 
809  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
810  z[ 0] = w0; w0 = 0;
811 
812  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
813  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
814  z[ 1] = w1; w1 = 0;
815 
816  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
817  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
818  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
819  z[ 2] = w2; w2 = 0;
820 
821  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
822  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
823  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
824  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
825  z[ 3] = w0; w0 = 0;
826 
827  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
828  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
829  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
830  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
831  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
832  z[ 4] = w1; w1 = 0;
833 
834  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
835  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
836  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
837  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
838  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
839  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
840  z[ 5] = w2; w2 = 0;
841 
842  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
843  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
844  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
845  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
846  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
847  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
848  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
849  z[ 6] = w0; w0 = 0;
850 
851  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
852  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
853  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
854  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
855  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
856  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
857  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
858  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
859  z[ 7] = w1; w1 = 0;
860 
861  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
862  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
863  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
864  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
865  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
866  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
867  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
868  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
869  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
870  z[ 8] = w2; w2 = 0;
871 
872  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
873  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
874  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
875  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
876  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
877  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
878  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
879  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
880  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
881  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
882  z[ 9] = w0; w0 = 0;
883 
884  word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
885  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
886  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
887  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
888  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
889  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
890  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
891  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
892  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
893  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
894  word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
895  z[10] = w1; w1 = 0;
896 
897  word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
898  word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
899  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
900  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
901  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
902  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
903  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
904  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
905  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
906  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
907  word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
908  word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
909  z[11] = w2; w2 = 0;
910 
911  word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
912  word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
913  word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
914  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
915  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
916  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
917  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
918  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
919  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
920  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
921  word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
922  word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
923  word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
924  z[12] = w0; w0 = 0;
925 
926  word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
927  word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
928  word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
929  word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
930  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
931  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
932  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
933  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
934  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
935  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
936  word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
937  word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
938  word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
939  word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
940  z[13] = w1; w1 = 0;
941 
942  word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
943  word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
944  word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
945  word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
946  word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
947  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
948  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
949  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
950  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
951  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
952  word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
953  word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
954  word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
955  word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
956  word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
957  z[14] = w2; w2 = 0;
958 
959  word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
960  word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
961  word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
962  word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
963  word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
964  word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
965  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
966  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
967  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
968  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
969  word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
970  word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
971  word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
972  word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
973  word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
974  word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
975  z[15] = w0; w0 = 0;
976 
977  word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
978  word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
979  word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
980  word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
981  word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
982  word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
983  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
984  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
985  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
986  word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
987  word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
988  word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
989  word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
990  word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
991  word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
992  z[16] = w1; w1 = 0;
993 
994  word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
995  word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
996  word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
997  word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
998  word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
999  word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1000  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1001  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1002  word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1003  word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1004  word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1005  word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1006  word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1007  word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1008  z[17] = w2; w2 = 0;
1009 
1010  word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1011  word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1012  word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1013  word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1014  word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1015  word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1016  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1017  word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1018  word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1019  word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1020  word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1021  word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1022  word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1023  z[18] = w0; w0 = 0;
1024 
1025  word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1026  word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1027  word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1028  word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1029  word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1030  word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1031  word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1032  word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1033  word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1034  word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1035  word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1036  word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1037  z[19] = w1; w1 = 0;
1038 
1039  word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1040  word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1041  word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1042  word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1043  word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1044  word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1045  word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1046  word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1047  word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1048  word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1049  word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1050  z[20] = w2; w2 = 0;
1051 
1052  word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1053  word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1054  word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1055  word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1056  word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1057  word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1058  word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1059  word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1060  word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1061  word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1062  z[21] = w0; w0 = 0;
1063 
1064  word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1065  word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1066  word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1067  word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1068  word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1069  word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1070  word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1071  word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1072  word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1073  z[22] = w1; w1 = 0;
1074 
1075  word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1076  word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1077  word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1078  word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1079  word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1080  word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1081  word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1082  word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1083  z[23] = w2; w2 = 0;
1084 
1085  word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1086  word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1087  word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1088  word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1089  word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1090  word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1091  word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1092  z[24] = w0; w0 = 0;
1093 
1094  word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1095  word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1096  word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1097  word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1098  word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1099  word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1100  z[25] = w1; w1 = 0;
1101 
1102  word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1103  word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1104  word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1105  word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1106  word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1107  z[26] = w2; w2 = 0;
1108 
1109  word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1110  word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1111  word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1112  word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1113  z[27] = w0; w0 = 0;
1114 
1115  word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1116  word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1117  word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1118  z[28] = w1; w1 = 0;
1119 
1120  word3_muladd(&w1, &w0, &w2, x[14], y[15]);
1121  word3_muladd(&w1, &w0, &w2, x[15], y[14]);
1122  z[29] = w2; w2 = 0;
1123 
1124  word3_muladd(&w2, &w1, &w0, x[15], y[15]);
1125  z[30] = w0;
1126  z[31] = w1;
1127  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717

◆ bigint_comba_mul24()

void Botan::bigint_comba_mul24 ( word  z[48],
const word  x[24],
const word  y[24] 
)

Definition at line 1535 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

1536  {
1537  word w2 = 0, w1 = 0, w0 = 0;
1538 
1539  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
1540  z[ 0] = w0; w0 = 0;
1541 
1542  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
1543  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
1544  z[ 1] = w1; w1 = 0;
1545 
1546  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
1547  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
1548  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
1549  z[ 2] = w2; w2 = 0;
1550 
1551  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
1552  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
1553  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
1554  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
1555  z[ 3] = w0; w0 = 0;
1556 
1557  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
1558  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
1559  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
1560  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
1561  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
1562  z[ 4] = w1; w1 = 0;
1563 
1564  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
1565  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
1566  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
1567  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
1568  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
1569  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
1570  z[ 5] = w2; w2 = 0;
1571 
1572  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
1573  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
1574  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
1575  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
1576  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
1577  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
1578  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
1579  z[ 6] = w0; w0 = 0;
1580 
1581  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
1582  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
1583  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
1584  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
1585  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
1586  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
1587  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
1588  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
1589  z[ 7] = w1; w1 = 0;
1590 
1591  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
1592  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
1593  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
1594  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
1595  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
1596  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
1597  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
1598  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
1599  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
1600  z[ 8] = w2; w2 = 0;
1601 
1602  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
1603  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
1604  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
1605  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
1606  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
1607  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
1608  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
1609  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
1610  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
1611  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
1612  z[ 9] = w0; w0 = 0;
1613 
1614  word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
1615  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
1616  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
1617  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
1618  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
1619  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
1620  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
1621  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
1622  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
1623  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
1624  word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
1625  z[10] = w1; w1 = 0;
1626 
1627  word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
1628  word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
1629  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
1630  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
1631  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
1632  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
1633  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
1634  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
1635  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
1636  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
1637  word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
1638  word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
1639  z[11] = w2; w2 = 0;
1640 
1641  word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
1642  word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
1643  word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
1644  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
1645  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
1646  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
1647  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
1648  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
1649  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
1650  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
1651  word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
1652  word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
1653  word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
1654  z[12] = w0; w0 = 0;
1655 
1656  word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
1657  word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
1658  word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
1659  word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
1660  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
1661  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
1662  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
1663  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
1664  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
1665  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
1666  word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
1667  word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
1668  word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
1669  word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
1670  z[13] = w1; w1 = 0;
1671 
1672  word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
1673  word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
1674  word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
1675  word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
1676  word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
1677  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
1678  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
1679  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
1680  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
1681  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
1682  word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
1683  word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
1684  word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
1685  word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
1686  word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
1687  z[14] = w2; w2 = 0;
1688 
1689  word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
1690  word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
1691  word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
1692  word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
1693  word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
1694  word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
1695  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
1696  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
1697  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
1698  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
1699  word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
1700  word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
1701  word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
1702  word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
1703  word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
1704  word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
1705  z[15] = w0; w0 = 0;
1706 
1707  word3_muladd(&w0, &w2, &w1, x[ 0], y[16]);
1708  word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
1709  word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
1710  word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
1711  word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
1712  word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
1713  word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
1714  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
1715  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
1716  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
1717  word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
1718  word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
1719  word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
1720  word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
1721  word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
1722  word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
1723  word3_muladd(&w0, &w2, &w1, x[16], y[ 0]);
1724  z[16] = w1; w1 = 0;
1725 
1726  word3_muladd(&w1, &w0, &w2, x[ 0], y[17]);
1727  word3_muladd(&w1, &w0, &w2, x[ 1], y[16]);
1728  word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
1729  word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
1730  word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
1731  word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
1732  word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
1733  word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1734  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1735  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1736  word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1737  word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1738  word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1739  word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1740  word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1741  word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1742  word3_muladd(&w1, &w0, &w2, x[16], y[ 1]);
1743  word3_muladd(&w1, &w0, &w2, x[17], y[ 0]);
1744  z[17] = w2; w2 = 0;
1745 
1746  word3_muladd(&w2, &w1, &w0, x[ 0], y[18]);
1747  word3_muladd(&w2, &w1, &w0, x[ 1], y[17]);
1748  word3_muladd(&w2, &w1, &w0, x[ 2], y[16]);
1749  word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1750  word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1751  word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1752  word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1753  word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1754  word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1755  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1756  word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1757  word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1758  word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1759  word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1760  word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1761  word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1762  word3_muladd(&w2, &w1, &w0, x[16], y[ 2]);
1763  word3_muladd(&w2, &w1, &w0, x[17], y[ 1]);
1764  word3_muladd(&w2, &w1, &w0, x[18], y[ 0]);
1765  z[18] = w0; w0 = 0;
1766 
1767  word3_muladd(&w0, &w2, &w1, x[ 0], y[19]);
1768  word3_muladd(&w0, &w2, &w1, x[ 1], y[18]);
1769  word3_muladd(&w0, &w2, &w1, x[ 2], y[17]);
1770  word3_muladd(&w0, &w2, &w1, x[ 3], y[16]);
1771  word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1772  word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1773  word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1774  word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1775  word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1776  word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1777  word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1778  word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1779  word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1780  word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1781  word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1782  word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1783  word3_muladd(&w0, &w2, &w1, x[16], y[ 3]);
1784  word3_muladd(&w0, &w2, &w1, x[17], y[ 2]);
1785  word3_muladd(&w0, &w2, &w1, x[18], y[ 1]);
1786  word3_muladd(&w0, &w2, &w1, x[19], y[ 0]);
1787  z[19] = w1; w1 = 0;
1788 
1789  word3_muladd(&w1, &w0, &w2, x[ 0], y[20]);
1790  word3_muladd(&w1, &w0, &w2, x[ 1], y[19]);
1791  word3_muladd(&w1, &w0, &w2, x[ 2], y[18]);
1792  word3_muladd(&w1, &w0, &w2, x[ 3], y[17]);
1793  word3_muladd(&w1, &w0, &w2, x[ 4], y[16]);
1794  word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1795  word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1796  word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1797  word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1798  word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1799  word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1800  word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1801  word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1802  word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1803  word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1804  word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1805  word3_muladd(&w1, &w0, &w2, x[16], y[ 4]);
1806  word3_muladd(&w1, &w0, &w2, x[17], y[ 3]);
1807  word3_muladd(&w1, &w0, &w2, x[18], y[ 2]);
1808  word3_muladd(&w1, &w0, &w2, x[19], y[ 1]);
1809  word3_muladd(&w1, &w0, &w2, x[20], y[ 0]);
1810  z[20] = w2; w2 = 0;
1811 
1812  word3_muladd(&w2, &w1, &w0, x[ 0], y[21]);
1813  word3_muladd(&w2, &w1, &w0, x[ 1], y[20]);
1814  word3_muladd(&w2, &w1, &w0, x[ 2], y[19]);
1815  word3_muladd(&w2, &w1, &w0, x[ 3], y[18]);
1816  word3_muladd(&w2, &w1, &w0, x[ 4], y[17]);
1817  word3_muladd(&w2, &w1, &w0, x[ 5], y[16]);
1818  word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1819  word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1820  word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1821  word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1822  word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1823  word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1824  word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1825  word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1826  word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1827  word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1828  word3_muladd(&w2, &w1, &w0, x[16], y[ 5]);
1829  word3_muladd(&w2, &w1, &w0, x[17], y[ 4]);
1830  word3_muladd(&w2, &w1, &w0, x[18], y[ 3]);
1831  word3_muladd(&w2, &w1, &w0, x[19], y[ 2]);
1832  word3_muladd(&w2, &w1, &w0, x[20], y[ 1]);
1833  word3_muladd(&w2, &w1, &w0, x[21], y[ 0]);
1834  z[21] = w0; w0 = 0;
1835 
1836  word3_muladd(&w0, &w2, &w1, x[ 0], y[22]);
1837  word3_muladd(&w0, &w2, &w1, x[ 1], y[21]);
1838  word3_muladd(&w0, &w2, &w1, x[ 2], y[20]);
1839  word3_muladd(&w0, &w2, &w1, x[ 3], y[19]);
1840  word3_muladd(&w0, &w2, &w1, x[ 4], y[18]);
1841  word3_muladd(&w0, &w2, &w1, x[ 5], y[17]);
1842  word3_muladd(&w0, &w2, &w1, x[ 6], y[16]);
1843  word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1844  word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1845  word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1846  word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1847  word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1848  word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1849  word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1850  word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1851  word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1852  word3_muladd(&w0, &w2, &w1, x[16], y[ 6]);
1853  word3_muladd(&w0, &w2, &w1, x[17], y[ 5]);
1854  word3_muladd(&w0, &w2, &w1, x[18], y[ 4]);
1855  word3_muladd(&w0, &w2, &w1, x[19], y[ 3]);
1856  word3_muladd(&w0, &w2, &w1, x[20], y[ 2]);
1857  word3_muladd(&w0, &w2, &w1, x[21], y[ 1]);
1858  word3_muladd(&w0, &w2, &w1, x[22], y[ 0]);
1859  z[22] = w1; w1 = 0;
1860 
1861  word3_muladd(&w1, &w0, &w2, x[ 0], y[23]);
1862  word3_muladd(&w1, &w0, &w2, x[ 1], y[22]);
1863  word3_muladd(&w1, &w0, &w2, x[ 2], y[21]);
1864  word3_muladd(&w1, &w0, &w2, x[ 3], y[20]);
1865  word3_muladd(&w1, &w0, &w2, x[ 4], y[19]);
1866  word3_muladd(&w1, &w0, &w2, x[ 5], y[18]);
1867  word3_muladd(&w1, &w0, &w2, x[ 6], y[17]);
1868  word3_muladd(&w1, &w0, &w2, x[ 7], y[16]);
1869  word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1870  word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1871  word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1872  word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1873  word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1874  word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1875  word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1876  word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1877  word3_muladd(&w1, &w0, &w2, x[16], y[ 7]);
1878  word3_muladd(&w1, &w0, &w2, x[17], y[ 6]);
1879  word3_muladd(&w1, &w0, &w2, x[18], y[ 5]);
1880  word3_muladd(&w1, &w0, &w2, x[19], y[ 4]);
1881  word3_muladd(&w1, &w0, &w2, x[20], y[ 3]);
1882  word3_muladd(&w1, &w0, &w2, x[21], y[ 2]);
1883  word3_muladd(&w1, &w0, &w2, x[22], y[ 1]);
1884  word3_muladd(&w1, &w0, &w2, x[23], y[ 0]);
1885  z[23] = w2; w2 = 0;
1886 
1887  word3_muladd(&w2, &w1, &w0, x[ 1], y[23]);
1888  word3_muladd(&w2, &w1, &w0, x[ 2], y[22]);
1889  word3_muladd(&w2, &w1, &w0, x[ 3], y[21]);
1890  word3_muladd(&w2, &w1, &w0, x[ 4], y[20]);
1891  word3_muladd(&w2, &w1, &w0, x[ 5], y[19]);
1892  word3_muladd(&w2, &w1, &w0, x[ 6], y[18]);
1893  word3_muladd(&w2, &w1, &w0, x[ 7], y[17]);
1894  word3_muladd(&w2, &w1, &w0, x[ 8], y[16]);
1895  word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1896  word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1897  word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1898  word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1899  word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1900  word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1901  word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1902  word3_muladd(&w2, &w1, &w0, x[16], y[ 8]);
1903  word3_muladd(&w2, &w1, &w0, x[17], y[ 7]);
1904  word3_muladd(&w2, &w1, &w0, x[18], y[ 6]);
1905  word3_muladd(&w2, &w1, &w0, x[19], y[ 5]);
1906  word3_muladd(&w2, &w1, &w0, x[20], y[ 4]);
1907  word3_muladd(&w2, &w1, &w0, x[21], y[ 3]);
1908  word3_muladd(&w2, &w1, &w0, x[22], y[ 2]);
1909  word3_muladd(&w2, &w1, &w0, x[23], y[ 1]);
1910  z[24] = w0; w0 = 0;
1911 
1912  word3_muladd(&w0, &w2, &w1, x[ 2], y[23]);
1913  word3_muladd(&w0, &w2, &w1, x[ 3], y[22]);
1914  word3_muladd(&w0, &w2, &w1, x[ 4], y[21]);
1915  word3_muladd(&w0, &w2, &w1, x[ 5], y[20]);
1916  word3_muladd(&w0, &w2, &w1, x[ 6], y[19]);
1917  word3_muladd(&w0, &w2, &w1, x[ 7], y[18]);
1918  word3_muladd(&w0, &w2, &w1, x[ 8], y[17]);
1919  word3_muladd(&w0, &w2, &w1, x[ 9], y[16]);
1920  word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1921  word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1922  word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1923  word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1924  word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1925  word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1926  word3_muladd(&w0, &w2, &w1, x[16], y[ 9]);
1927  word3_muladd(&w0, &w2, &w1, x[17], y[ 8]);
1928  word3_muladd(&w0, &w2, &w1, x[18], y[ 7]);
1929  word3_muladd(&w0, &w2, &w1, x[19], y[ 6]);
1930  word3_muladd(&w0, &w2, &w1, x[20], y[ 5]);
1931  word3_muladd(&w0, &w2, &w1, x[21], y[ 4]);
1932  word3_muladd(&w0, &w2, &w1, x[22], y[ 3]);
1933  word3_muladd(&w0, &w2, &w1, x[23], y[ 2]);
1934  z[25] = w1; w1 = 0;
1935 
1936  word3_muladd(&w1, &w0, &w2, x[ 3], y[23]);
1937  word3_muladd(&w1, &w0, &w2, x[ 4], y[22]);
1938  word3_muladd(&w1, &w0, &w2, x[ 5], y[21]);
1939  word3_muladd(&w1, &w0, &w2, x[ 6], y[20]);
1940  word3_muladd(&w1, &w0, &w2, x[ 7], y[19]);
1941  word3_muladd(&w1, &w0, &w2, x[ 8], y[18]);
1942  word3_muladd(&w1, &w0, &w2, x[ 9], y[17]);
1943  word3_muladd(&w1, &w0, &w2, x[10], y[16]);
1944  word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1945  word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1946  word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1947  word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1948  word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1949  word3_muladd(&w1, &w0, &w2, x[16], y[10]);
1950  word3_muladd(&w1, &w0, &w2, x[17], y[ 9]);
1951  word3_muladd(&w1, &w0, &w2, x[18], y[ 8]);
1952  word3_muladd(&w1, &w0, &w2, x[19], y[ 7]);
1953  word3_muladd(&w1, &w0, &w2, x[20], y[ 6]);
1954  word3_muladd(&w1, &w0, &w2, x[21], y[ 5]);
1955  word3_muladd(&w1, &w0, &w2, x[22], y[ 4]);
1956  word3_muladd(&w1, &w0, &w2, x[23], y[ 3]);
1957  z[26] = w2; w2 = 0;
1958 
1959  word3_muladd(&w2, &w1, &w0, x[ 4], y[23]);
1960  word3_muladd(&w2, &w1, &w0, x[ 5], y[22]);
1961  word3_muladd(&w2, &w1, &w0, x[ 6], y[21]);
1962  word3_muladd(&w2, &w1, &w0, x[ 7], y[20]);
1963  word3_muladd(&w2, &w1, &w0, x[ 8], y[19]);
1964  word3_muladd(&w2, &w1, &w0, x[ 9], y[18]);
1965  word3_muladd(&w2, &w1, &w0, x[10], y[17]);
1966  word3_muladd(&w2, &w1, &w0, x[11], y[16]);
1967  word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1968  word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1969  word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1970  word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1971  word3_muladd(&w2, &w1, &w0, x[16], y[11]);
1972  word3_muladd(&w2, &w1, &w0, x[17], y[10]);
1973  word3_muladd(&w2, &w1, &w0, x[18], y[ 9]);
1974  word3_muladd(&w2, &w1, &w0, x[19], y[ 8]);
1975  word3_muladd(&w2, &w1, &w0, x[20], y[ 7]);
1976  word3_muladd(&w2, &w1, &w0, x[21], y[ 6]);
1977  word3_muladd(&w2, &w1, &w0, x[22], y[ 5]);
1978  word3_muladd(&w2, &w1, &w0, x[23], y[ 4]);
1979  z[27] = w0; w0 = 0;
1980 
1981  word3_muladd(&w0, &w2, &w1, x[ 5], y[23]);
1982  word3_muladd(&w0, &w2, &w1, x[ 6], y[22]);
1983  word3_muladd(&w0, &w2, &w1, x[ 7], y[21]);
1984  word3_muladd(&w0, &w2, &w1, x[ 8], y[20]);
1985  word3_muladd(&w0, &w2, &w1, x[ 9], y[19]);
1986  word3_muladd(&w0, &w2, &w1, x[10], y[18]);
1987  word3_muladd(&w0, &w2, &w1, x[11], y[17]);
1988  word3_muladd(&w0, &w2, &w1, x[12], y[16]);
1989  word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1990  word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1991  word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1992  word3_muladd(&w0, &w2, &w1, x[16], y[12]);
1993  word3_muladd(&w0, &w2, &w1, x[17], y[11]);
1994  word3_muladd(&w0, &w2, &w1, x[18], y[10]);
1995  word3_muladd(&w0, &w2, &w1, x[19], y[ 9]);
1996  word3_muladd(&w0, &w2, &w1, x[20], y[ 8]);
1997  word3_muladd(&w0, &w2, &w1, x[21], y[ 7]);
1998  word3_muladd(&w0, &w2, &w1, x[22], y[ 6]);
1999  word3_muladd(&w0, &w2, &w1, x[23], y[ 5]);
2000  z[28] = w1; w1 = 0;
2001 
2002  word3_muladd(&w1, &w0, &w2, x[ 6], y[23]);
2003  word3_muladd(&w1, &w0, &w2, x[ 7], y[22]);
2004  word3_muladd(&w1, &w0, &w2, x[ 8], y[21]);
2005  word3_muladd(&w1, &w0, &w2, x[ 9], y[20]);
2006  word3_muladd(&w1, &w0, &w2, x[10], y[19]);
2007  word3_muladd(&w1, &w0, &w2, x[11], y[18]);
2008  word3_muladd(&w1, &w0, &w2, x[12], y[17]);
2009  word3_muladd(&w1, &w0, &w2, x[13], y[16]);
2010  word3_muladd(&w1, &w0, &w2, x[14], y[15]);
2011  word3_muladd(&w1, &w0, &w2, x[15], y[14]);
2012  word3_muladd(&w1, &w0, &w2, x[16], y[13]);
2013  word3_muladd(&w1, &w0, &w2, x[17], y[12]);
2014  word3_muladd(&w1, &w0, &w2, x[18], y[11]);
2015  word3_muladd(&w1, &w0, &w2, x[19], y[10]);
2016  word3_muladd(&w1, &w0, &w2, x[20], y[ 9]);
2017  word3_muladd(&w1, &w0, &w2, x[21], y[ 8]);
2018  word3_muladd(&w1, &w0, &w2, x[22], y[ 7]);
2019  word3_muladd(&w1, &w0, &w2, x[23], y[ 6]);
2020  z[29] = w2; w2 = 0;
2021 
2022  word3_muladd(&w2, &w1, &w0, x[ 7], y[23]);
2023  word3_muladd(&w2, &w1, &w0, x[ 8], y[22]);
2024  word3_muladd(&w2, &w1, &w0, x[ 9], y[21]);
2025  word3_muladd(&w2, &w1, &w0, x[10], y[20]);
2026  word3_muladd(&w2, &w1, &w0, x[11], y[19]);
2027  word3_muladd(&w2, &w1, &w0, x[12], y[18]);
2028  word3_muladd(&w2, &w1, &w0, x[13], y[17]);
2029  word3_muladd(&w2, &w1, &w0, x[14], y[16]);
2030  word3_muladd(&w2, &w1, &w0, x[15], y[15]);
2031  word3_muladd(&w2, &w1, &w0, x[16], y[14]);
2032  word3_muladd(&w2, &w1, &w0, x[17], y[13]);
2033  word3_muladd(&w2, &w1, &w0, x[18], y[12]);
2034  word3_muladd(&w2, &w1, &w0, x[19], y[11]);
2035  word3_muladd(&w2, &w1, &w0, x[20], y[10]);
2036  word3_muladd(&w2, &w1, &w0, x[21], y[ 9]);
2037  word3_muladd(&w2, &w1, &w0, x[22], y[ 8]);
2038  word3_muladd(&w2, &w1, &w0, x[23], y[ 7]);
2039  z[30] = w0; w0 = 0;
2040 
2041  word3_muladd(&w0, &w2, &w1, x[ 8], y[23]);
2042  word3_muladd(&w0, &w2, &w1, x[ 9], y[22]);
2043  word3_muladd(&w0, &w2, &w1, x[10], y[21]);
2044  word3_muladd(&w0, &w2, &w1, x[11], y[20]);
2045  word3_muladd(&w0, &w2, &w1, x[12], y[19]);
2046  word3_muladd(&w0, &w2, &w1, x[13], y[18]);
2047  word3_muladd(&w0, &w2, &w1, x[14], y[17]);
2048  word3_muladd(&w0, &w2, &w1, x[15], y[16]);
2049  word3_muladd(&w0, &w2, &w1, x[16], y[15]);
2050  word3_muladd(&w0, &w2, &w1, x[17], y[14]);
2051  word3_muladd(&w0, &w2, &w1, x[18], y[13]);
2052  word3_muladd(&w0, &w2, &w1, x[19], y[12]);
2053  word3_muladd(&w0, &w2, &w1, x[20], y[11]);
2054  word3_muladd(&w0, &w2, &w1, x[21], y[10]);
2055  word3_muladd(&w0, &w2, &w1, x[22], y[ 9]);
2056  word3_muladd(&w0, &w2, &w1, x[23], y[ 8]);
2057  z[31] = w1; w1 = 0;
2058 
2059  word3_muladd(&w1, &w0, &w2, x[ 9], y[23]);
2060  word3_muladd(&w1, &w0, &w2, x[10], y[22]);
2061  word3_muladd(&w1, &w0, &w2, x[11], y[21]);
2062  word3_muladd(&w1, &w0, &w2, x[12], y[20]);
2063  word3_muladd(&w1, &w0, &w2, x[13], y[19]);
2064  word3_muladd(&w1, &w0, &w2, x[14], y[18]);
2065  word3_muladd(&w1, &w0, &w2, x[15], y[17]);
2066  word3_muladd(&w1, &w0, &w2, x[16], y[16]);
2067  word3_muladd(&w1, &w0, &w2, x[17], y[15]);
2068  word3_muladd(&w1, &w0, &w2, x[18], y[14]);
2069  word3_muladd(&w1, &w0, &w2, x[19], y[13]);
2070  word3_muladd(&w1, &w0, &w2, x[20], y[12]);
2071  word3_muladd(&w1, &w0, &w2, x[21], y[11]);
2072  word3_muladd(&w1, &w0, &w2, x[22], y[10]);
2073  word3_muladd(&w1, &w0, &w2, x[23], y[ 9]);
2074  z[32] = w2; w2 = 0;
2075 
2076  word3_muladd(&w2, &w1, &w0, x[10], y[23]);
2077  word3_muladd(&w2, &w1, &w0, x[11], y[22]);
2078  word3_muladd(&w2, &w1, &w0, x[12], y[21]);
2079  word3_muladd(&w2, &w1, &w0, x[13], y[20]);
2080  word3_muladd(&w2, &w1, &w0, x[14], y[19]);
2081  word3_muladd(&w2, &w1, &w0, x[15], y[18]);
2082  word3_muladd(&w2, &w1, &w0, x[16], y[17]);
2083  word3_muladd(&w2, &w1, &w0, x[17], y[16]);
2084  word3_muladd(&w2, &w1, &w0, x[18], y[15]);
2085  word3_muladd(&w2, &w1, &w0, x[19], y[14]);
2086  word3_muladd(&w2, &w1, &w0, x[20], y[13]);
2087  word3_muladd(&w2, &w1, &w0, x[21], y[12]);
2088  word3_muladd(&w2, &w1, &w0, x[22], y[11]);
2089  word3_muladd(&w2, &w1, &w0, x[23], y[10]);
2090  z[33] = w0; w0 = 0;
2091 
2092  word3_muladd(&w0, &w2, &w1, x[11], y[23]);
2093  word3_muladd(&w0, &w2, &w1, x[12], y[22]);
2094  word3_muladd(&w0, &w2, &w1, x[13], y[21]);
2095  word3_muladd(&w0, &w2, &w1, x[14], y[20]);
2096  word3_muladd(&w0, &w2, &w1, x[15], y[19]);
2097  word3_muladd(&w0, &w2, &w1, x[16], y[18]);
2098  word3_muladd(&w0, &w2, &w1, x[17], y[17]);
2099  word3_muladd(&w0, &w2, &w1, x[18], y[16]);
2100  word3_muladd(&w0, &w2, &w1, x[19], y[15]);
2101  word3_muladd(&w0, &w2, &w1, x[20], y[14]);
2102  word3_muladd(&w0, &w2, &w1, x[21], y[13]);
2103  word3_muladd(&w0, &w2, &w1, x[22], y[12]);
2104  word3_muladd(&w0, &w2, &w1, x[23], y[11]);
2105  z[34] = w1; w1 = 0;
2106 
2107  word3_muladd(&w1, &w0, &w2, x[12], y[23]);
2108  word3_muladd(&w1, &w0, &w2, x[13], y[22]);
2109  word3_muladd(&w1, &w0, &w2, x[14], y[21]);
2110  word3_muladd(&w1, &w0, &w2, x[15], y[20]);
2111  word3_muladd(&w1, &w0, &w2, x[16], y[19]);
2112  word3_muladd(&w1, &w0, &w2, x[17], y[18]);
2113  word3_muladd(&w1, &w0, &w2, x[18], y[17]);
2114  word3_muladd(&w1, &w0, &w2, x[19], y[16]);
2115  word3_muladd(&w1, &w0, &w2, x[20], y[15]);
2116  word3_muladd(&w1, &w0, &w2, x[21], y[14]);
2117  word3_muladd(&w1, &w0, &w2, x[22], y[13]);
2118  word3_muladd(&w1, &w0, &w2, x[23], y[12]);
2119  z[35] = w2; w2 = 0;
2120 
2121  word3_muladd(&w2, &w1, &w0, x[13], y[23]);
2122  word3_muladd(&w2, &w1, &w0, x[14], y[22]);
2123  word3_muladd(&w2, &w1, &w0, x[15], y[21]);
2124  word3_muladd(&w2, &w1, &w0, x[16], y[20]);
2125  word3_muladd(&w2, &w1, &w0, x[17], y[19]);
2126  word3_muladd(&w2, &w1, &w0, x[18], y[18]);
2127  word3_muladd(&w2, &w1, &w0, x[19], y[17]);
2128  word3_muladd(&w2, &w1, &w0, x[20], y[16]);
2129  word3_muladd(&w2, &w1, &w0, x[21], y[15]);
2130  word3_muladd(&w2, &w1, &w0, x[22], y[14]);
2131  word3_muladd(&w2, &w1, &w0, x[23], y[13]);
2132  z[36] = w0; w0 = 0;
2133 
2134  word3_muladd(&w0, &w2, &w1, x[14], y[23]);
2135  word3_muladd(&w0, &w2, &w1, x[15], y[22]);
2136  word3_muladd(&w0, &w2, &w1, x[16], y[21]);
2137  word3_muladd(&w0, &w2, &w1, x[17], y[20]);
2138  word3_muladd(&w0, &w2, &w1, x[18], y[19]);
2139  word3_muladd(&w0, &w2, &w1, x[19], y[18]);
2140  word3_muladd(&w0, &w2, &w1, x[20], y[17]);
2141  word3_muladd(&w0, &w2, &w1, x[21], y[16]);
2142  word3_muladd(&w0, &w2, &w1, x[22], y[15]);
2143  word3_muladd(&w0, &w2, &w1, x[23], y[14]);
2144  z[37] = w1; w1 = 0;
2145 
2146  word3_muladd(&w1, &w0, &w2, x[15], y[23]);
2147  word3_muladd(&w1, &w0, &w2, x[16], y[22]);
2148  word3_muladd(&w1, &w0, &w2, x[17], y[21]);
2149  word3_muladd(&w1, &w0, &w2, x[18], y[20]);
2150  word3_muladd(&w1, &w0, &w2, x[19], y[19]);
2151  word3_muladd(&w1, &w0, &w2, x[20], y[18]);
2152  word3_muladd(&w1, &w0, &w2, x[21], y[17]);
2153  word3_muladd(&w1, &w0, &w2, x[22], y[16]);
2154  word3_muladd(&w1, &w0, &w2, x[23], y[15]);
2155  z[38] = w2; w2 = 0;
2156 
2157  word3_muladd(&w2, &w1, &w0, x[16], y[23]);
2158  word3_muladd(&w2, &w1, &w0, x[17], y[22]);
2159  word3_muladd(&w2, &w1, &w0, x[18], y[21]);
2160  word3_muladd(&w2, &w1, &w0, x[19], y[20]);
2161  word3_muladd(&w2, &w1, &w0, x[20], y[19]);
2162  word3_muladd(&w2, &w1, &w0, x[21], y[18]);
2163  word3_muladd(&w2, &w1, &w0, x[22], y[17]);
2164  word3_muladd(&w2, &w1, &w0, x[23], y[16]);
2165  z[39] = w0; w0 = 0;
2166 
2167  word3_muladd(&w0, &w2, &w1, x[17], y[23]);
2168  word3_muladd(&w0, &w2, &w1, x[18], y[22]);
2169  word3_muladd(&w0, &w2, &w1, x[19], y[21]);
2170  word3_muladd(&w0, &w2, &w1, x[20], y[20]);
2171  word3_muladd(&w0, &w2, &w1, x[21], y[19]);
2172  word3_muladd(&w0, &w2, &w1, x[22], y[18]);
2173  word3_muladd(&w0, &w2, &w1, x[23], y[17]);
2174  z[40] = w1; w1 = 0;
2175 
2176  word3_muladd(&w1, &w0, &w2, x[18], y[23]);
2177  word3_muladd(&w1, &w0, &w2, x[19], y[22]);
2178  word3_muladd(&w1, &w0, &w2, x[20], y[21]);
2179  word3_muladd(&w1, &w0, &w2, x[21], y[20]);
2180  word3_muladd(&w1, &w0, &w2, x[22], y[19]);
2181  word3_muladd(&w1, &w0, &w2, x[23], y[18]);
2182  z[41] = w2; w2 = 0;
2183 
2184  word3_muladd(&w2, &w1, &w0, x[19], y[23]);
2185  word3_muladd(&w2, &w1, &w0, x[20], y[22]);
2186  word3_muladd(&w2, &w1, &w0, x[21], y[21]);
2187  word3_muladd(&w2, &w1, &w0, x[22], y[20]);
2188  word3_muladd(&w2, &w1, &w0, x[23], y[19]);
2189  z[42] = w0; w0 = 0;
2190 
2191  word3_muladd(&w0, &w2, &w1, x[20], y[23]);
2192  word3_muladd(&w0, &w2, &w1, x[21], y[22]);
2193  word3_muladd(&w0, &w2, &w1, x[22], y[21]);
2194  word3_muladd(&w0, &w2, &w1, x[23], y[20]);
2195  z[43] = w1; w1 = 0;
2196 
2197  word3_muladd(&w1, &w0, &w2, x[21], y[23]);
2198  word3_muladd(&w1, &w0, &w2, x[22], y[22]);
2199  word3_muladd(&w1, &w0, &w2, x[23], y[21]);
2200  z[44] = w2; w2 = 0;
2201 
2202  word3_muladd(&w2, &w1, &w0, x[22], y[23]);
2203  word3_muladd(&w2, &w1, &w0, x[23], y[22]);
2204  z[45] = w0; w0 = 0;
2205 
2206  word3_muladd(&w0, &w2, &w1, x[23], y[23]);
2207  z[46] = w1;
2208  z[47] = w2;
2209  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717

◆ bigint_comba_mul4()

void Botan::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

Definition at line 50 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

51  {
52  word w2 = 0, w1 = 0, w0 = 0;
53 
54  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
55  z[ 0] = w0; w0 = 0;
56 
57  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
58  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
59  z[ 1] = w1; w1 = 0;
60 
61  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
62  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
63  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
64  z[ 2] = w2; w2 = 0;
65 
66  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
67  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
68  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
69  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
70  z[ 3] = w0; w0 = 0;
71 
72  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
73  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
74  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
75  z[ 4] = w1; w1 = 0;
76 
77  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
78  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
79  z[ 5] = w2; w2 = 0;
80 
81  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
82  z[ 6] = w0;
83  z[ 7] = w1;
84  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717

◆ bigint_comba_mul6()

void Botan::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

Definition at line 141 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

142  {
143  word w2 = 0, w1 = 0, w0 = 0;
144 
145  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
146  z[ 0] = w0; w0 = 0;
147 
148  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
149  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
150  z[ 1] = w1; w1 = 0;
151 
152  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
153  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
154  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
155  z[ 2] = w2; w2 = 0;
156 
157  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
158  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
159  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
160  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
161  z[ 3] = w0; w0 = 0;
162 
163  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
164  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
165  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
166  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
167  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
168  z[ 4] = w1; w1 = 0;
169 
170  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
171  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
172  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
173  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
174  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
175  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
176  z[ 5] = w2; w2 = 0;
177 
178  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
179  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
180  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
181  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
182  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
183  z[ 6] = w0; w0 = 0;
184 
185  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
186  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
187  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
188  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
189  z[ 7] = w1; w1 = 0;
190 
191  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
192  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
193  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
194  z[ 8] = w2; w2 = 0;
195 
196  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
197  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
198  z[ 9] = w0; w0 = 0;
199 
200  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
201  z[10] = w1;
202  z[11] = w2;
203  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717

◆ bigint_comba_mul8()

void Botan::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

Definition at line 283 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

284  {
285  word w2 = 0, w1 = 0, w0 = 0;
286 
287  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
288  z[ 0] = w0; w0 = 0;
289 
290  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);