7#include <botan/sodium.h>
9#include <botan/mem_ops.h>
10#include <botan/system_rng.h>
11#include <botan/internal/chacha.h>
12#include <botan/internal/ct_utils.h>
13#include <botan/internal/loadstor.h>
14#include <botan/internal/os_utils.h>
24 if(upper_bound <= 1) {
31 return x % upper_bound;
35 const unsigned char nonce[12] = {
'L',
'i',
'b',
's',
'o',
'd',
'i',
'u',
'm',
'D',
'R',
'G'};
39 chacha.
set_iv(nonce,
sizeof(nonce));
44 return static_cast<int>(
CT::is_equal(x, y, 16).select(1, 0));
48 return static_cast<int>(
CT::is_equal(x, y, 32).select(1, 0));
52 return static_cast<int>(
CT::is_equal(x, y, 64).select(1, 0));
60 const auto same =
CT::is_equal(
static_cast<const uint8_t*
>(x),
static_cast<const uint8_t*
>(y), len);
62 return static_cast<int>(same.select(1, 0)) - 1;
66 const uint8_t LT =
static_cast<uint8_t
>(-1);
72 for(
size_t i = 0; i != len; ++i) {
75 result = is_eq.select(result, is_lt.select(LT, GT));
78 return static_cast<int8_t
>(result);
83 for(
size_t i = 0; i != len; ++i) {
91 for(
size_t i = 0; i != len; ++i) {
99 for(
size_t i = 0; i != len; ++i) {
100 a[i] += b[i] +
carry;
101 carry = (a[i] < b[i]);
106 const uint64_t len = size;
108 if(size +
sizeof(len) < size) {
113 uint8_t* p =
static_cast<uint8_t*
>(std::calloc(size +
sizeof(len), 1));
123 uint8_t* p =
static_cast<uint8_t*
>(ptr) - 8;
131 const size_t bytes = count * size;
132 if(bytes < count || bytes < size) {
static constexpr Mask< T > expand(T v)
static constexpr Mask< T > is_equal(T x, T y)
static constexpr Mask< T > is_lt(T x, T y)
void randomize(std::span< uint8_t > output)
void set_iv(const uint8_t iv[], size_t iv_len)
void write_keystream(uint8_t out[], size_t len)
void set_key(const SymmetricKey &key)
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
void page_allow_access(void *page)
void page_prohibit_access(void *page)
int crypto_verify_32(const uint8_t x[32], const uint8_t y[32])
int crypto_verify_16(const uint8_t x[16], const uint8_t y[16])
void * sodium_allocarray(size_t count, size_t size)
int sodium_memcmp(const void *x, const void *y, size_t len)
int crypto_verify_64(const uint8_t x[64], const uint8_t y[64])
void sodium_add(uint8_t a[], const uint8_t b[], size_t len)
void * sodium_malloc(size_t size)
void sodium_increment(uint8_t n[], size_t nlen)
int sodium_compare(const uint8_t x[], const uint8_t y[], size_t len)
int sodium_mprotect_noaccess(void *ptr)
void randombytes_buf_deterministic(void *buf, size_t size, const uint8_t seed[randombytes_SEEDBYTES])
int sodium_is_zero(const uint8_t nonce[], size_t nlen)
void sodium_free(void *ptr)
uint32_t randombytes_uniform(uint32_t upper_bound)
int sodium_mprotect_readwrite(void *ptr)
void sodium_memzero(void *ptr, size_t len)
void randombytes_buf(void *buf, size_t size)
RandomNumberGenerator & system_rng()
void secure_scrub_memory(void *ptr, size_t n)
constexpr auto store_le(ParamTs &&... params)
void carry(int64_t &h0, int64_t &h1)
constexpr auto load_le(ParamTs &&... params)