Botan  2.1.0
Crypto and TLS for C++11
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

 ASN1
 
 Camellia_F
 
 Cert_Extension
 
 Charset
 
 CryptoBox
 
 CT
 
 FPE
 
 HTTP
 
 KeyPair
 
 OCSP
 
 OIDS
 
 OS
 
 PEM_Code
 
 PK_Ops
 
 PKCS11
 
 PKCS8
 
 PKIX
 
 SHA1_F
 
 SHA1_SSE2_F
 
 SHA2_32
 
 SHA2_64
 
 stlCompatibilityDetails
 
 TLS
 
 X509
 

Classes

class  Adler32
 
class  AEAD_Filter
 
class  AEAD_Mode
 
class  AES_128
 
class  AES_192
 
class  AES_256
 
struct  Algorithm_Not_Found
 
class  AlgorithmIdentifier
 
class  AlternativeName
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  ASN1_Object
 
class  ASN1_String
 
class  Atomic
 
class  Attribute
 
class  AutoSeeded_RNG
 
class  Base64_Decoder
 
class  Base64_Encoder
 
struct  BER_Bad_Tag
 
class  BER_Decoder
 
struct  BER_Decoding_Error
 
class  BER_Object
 
class  BigInt
 
struct  BitBucket
 
class  Blake2b
 
class  Blinded_Point_Multiply
 
class  Blinder
 
class  Block_Cipher_Fixed_Params
 
class  BlockCipher
 
class  BlockCipherModePaddingMethod
 
class  Blowfish
 
class  Buffered_Computation
 
class  Buffered_Filter
 
class  Bzip2_Compression
 
class  Bzip2_Decompression
 
struct  calendar_point
 
class  Camellia_128
 
class  Camellia_192
 
class  Camellia_256
 
class  Cascade_Cipher
 
class  CAST_128
 
class  CAST_256
 
class  CBC_Decryption
 
class  CBC_Encryption
 
class  CBC_MAC
 
class  CBC_Mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  CECPQ1_key
 
class  Certificate_Extension
 
class  Certificate_Store
 
class  Certificate_Store_In_Memory
 
class  Certificate_Store_In_SQL
 
class  Certificate_Store_In_SQLite
 
class  CFB_Decryption
 
class  CFB_Encryption
 
class  CFB_Mode
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  Chain
 
class  Cipher_Mode
 
class  Cipher_Mode_Filter
 
class  CMAC
 
class  Comb4P
 
class  Compression_Algorithm
 
class  Compression_Alloc_Info
 
class  Compression_Stream
 
class  CPUID
 
class  CRC24
 
class  CRC32
 
class  Credentials_Manager
 
class  CRL_Entry
 
class  CTR_BE
 
class  CTS_Decryption
 
class  CTS_Encryption
 
class  Curve25519_PrivateKey
 
class  Curve25519_PublicKey
 
class  CurveGFp
 
class  CurveGFp_Repr
 
class  Darwin_SecRandom
 
class  Data_Store
 
class  DataSink
 
class  DataSink_Stream
 
class  DataSource
 
class  DataSource_Memory
 
class  DataSource_Stream
 
struct  Decoding_Error
 
class  Decompression_Algorithm
 
class  Deflate_Compression
 
class  Deflate_Decompression
 
class  DER_Encoder
 
class  DES
 
class  DESX
 
class  Device_EntropySource
 
class  DH_PrivateKey
 
class  DH_PublicKey
 
class  DL_Group
 
class  DL_Scheme_PrivateKey
 
class  DL_Scheme_PublicKey
 
class  DLIES_Decryptor
 
class  DLIES_Encryptor
 
class  donna128
 
class  DSA_PrivateKey
 
class  DSA_PublicKey
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  EC_Group
 
class  EC_PrivateKey
 
class  EC_PublicKey
 
class  ECDH_PrivateKey
 
class  ECDH_PublicKey
 
class  ECDSA_PrivateKey
 
class  ECDSA_PublicKey
 
class  ECGDSA_PrivateKey
 
class  ECGDSA_PublicKey
 
class  ECIES_Decryptor
 
class  ECIES_Encryptor
 
class  ECIES_KA_Operation
 
class  ECIES_KA_Params
 
class  ECIES_System_Params
 
class  ECKCDSA_PrivateKey
 
class  ECKCDSA_PublicKey
 
class  ElGamal_PrivateKey
 
class  ElGamal_PublicKey
 
class  EME
 
class  EME_PKCS1v15
 
class  EME_Raw
 
class  EMSA
 
class  EMSA1
 
class  EMSA_PKCS1v15
 
class  EMSA_PKCS1v15_Raw
 
class  EMSA_Raw
 
class  EMSA_X931
 
struct  Encoding_Error
 
class  Entropy_Source
 
class  Entropy_Sources
 
class  ESP_Padding
 
class  Exception
 
class  Extensions
 
class  Fanout_Filter
 
class  File_Descriptor_Source
 
class  Filter
 
class  Fixed_Base_Power_Mod
 
class  Fixed_Exponent_Power_Mod
 
class  Fixed_Window_Exponentiator
 
class  Fork
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
class  GeneralName
 X.509 GeneralName Type. More...
 
class  GeneralSubtree
 A single Name Constraint. More...
 
class  Getentropy
 
class  GF2m_Field
 
class  GHASH
 
class  GMAC
 
class  GOST_28147_89
 
class  GOST_28147_89_Params
 
class  GOST_3410_PrivateKey
 
class  GOST_3410_PublicKey
 
class  GOST_34_11
 
class  Gzip_Compression
 
class  Gzip_Decompression
 
class  Hardware_RNG
 
class  Hash_Filter
 
class  HashFunction
 
class  Hex_Decoder
 
class  Hex_Encoder
 
class  HKDF
 
class  HKDF_Expand
 
class  HKDF_Extract
 
class  HMAC
 
class  HMAC_DRBG
 
class  IDEA
 
struct  Illegal_Point
 
struct  Illegal_Transformation
 
class  Integer_Overflow_Detected
 
struct  Integrity_Failure
 
class  Intel_Rdrand
 
class  Intel_Rdseed
 
struct  Internal_Error
 
struct  Invalid_Algorithm_Name
 
class  Invalid_Argument
 
struct  Invalid_IV_Length
 
struct  Invalid_Key_Length
 
struct  Invalid_OID
 
struct  Invalid_State
 
class  ISO_9796_DS2
 
class  ISO_9796_DS3
 
class  KASUMI
 
class  KDF
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 
class  Key_Length_Specification
 
class  Keyed_Filter
 
class  Lion
 
struct  Lookup_Error
 
class  LZMA_Compression
 
class  LZMA_Decompression
 
class  MAC_Filter
 
class  McEliece_PrivateKey
 
class  McEliece_PublicKey
 
class  MD4
 
class  MD5
 
class  MDx_HashFunction
 
class  MessageAuthenticationCode
 
class  MISTY1
 
class  mlock_allocator
 
class  Modular_Exponentiator
 
class  Modular_Reducer
 
class  Montgomery_Exponentiator
 
class  NameConstraints
 Name Constraints. More...
 
class  newhope_poly
 
struct  No_Filesystem_Access
 
struct  No_Provider_Found
 
class  Noekeon
 
struct  Not_Implemented
 
class  Null_Padding
 
class  Null_RNG
 
class  OAEP
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  OctetString
 
class  OFB
 
class  OID
 
class  OneAndZeros_Padding
 
class  OpenSSL_Error
 
class  Output_Buffers
 
class  Parallel
 
class  Path_Validation_Restrictions
 
class  Path_Validation_Result
 
class  PBKDF
 
class  Pipe
 
class  PK_Decryptor
 
class  PK_Decryptor_EME
 
class  PK_Encryptor
 
class  PK_Encryptor_EME
 
class  PK_KEM_Decryptor
 
class  PK_KEM_Encryptor
 
class  PK_Key_Agreement
 
class  PK_Key_Agreement_Key
 
class  PK_Signer
 
class  PK_Verifier
 
class  PKCS10_Request
 
class  PKCS5_PBKDF1
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
struct  PKCS8_Exception
 
class  PointGFp
 
struct  Policy_Violation
 
class  Poly1305
 
struct  polyn_gf2m
 
class  Power_Mod
 
class  Private_Key
 
struct  PRNG_Unseeded
 
class  ProcWalking_EntropySource
 
struct  Provider_Not_Found
 
class  PSSR
 
class  Public_Key
 
class  RandomNumberGenerator
 
class  RC4
 
class  RDRAND_RNG
 
class  RFC6979_Nonce_Generator
 
class  RIPEMD_160
 
class  RSA_PrivateKey
 
class  RSA_PublicKey
 
class  RTSS_Share
 
class  Salsa20
 
class  SCAN_Name
 
class  secure_allocator
 
class  SecureQueue
 
class  SEED
 
struct  Self_Test_Failure
 
class  Serpent
 
class  SHA_160
 
class  SHA_224
 
class  SHA_256
 
class  SHA_3
 
class  SHA_384
 
class  SHA_3_224
 
class  SHA_3_256
 
class  SHA_3_384
 
class  SHA_3_512
 
class  SHA_512
 
class  SHA_512_256
 
class  SHAKE_128
 
class  SHAKE_128_Cipher
 
class  SHAKE_256
 
class  SIMD_4x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  Skein_512
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56C
 
class  SQL_Database
 
class  Sqlite3_Database
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_Cipher_Mode
 
class  Stream_Compression
 
class  Stream_Decompression
 
struct  Stream_IO_Error
 
class  StreamCipher
 
class  StreamCipher_Filter
 
class  SymmetricAlgorithm
 
class  System_RNG
 
class  Threefish_512
 
class  Tiger
 
class  TLS_12_PRF
 
class  TLS_PRF
 
class  TPM_Context
 
class  TPM_Error
 
class  TPM_PrivateKey
 
class  TPM_RNG
 
class  TripleDES
 
class  Twofish
 
struct  Unsupported_Argument
 
class  UUID
 
class  Whirlpool
 
class  Win32_CAPI_EntropySource
 
class  Win32_EntropySource
 
class  X509_CA
 
class  X509_Cert_Options
 
class  X509_Certificate
 
class  X509_CRL
 
class  X509_DN
 
class  X509_Object
 
class  X509_Time
 
class  X942_PRF
 
class  XMSS_Address
 
class  XMSS_Common_Ops
 
class  XMSS_Hash
 
class  XMSS_Index_Registry
 
class  XMSS_Key_Pair
 
class  XMSS_Parameters
 
class  XMSS_PrivateKey
 
class  XMSS_PublicKey
 
class  XMSS_Signature
 
class  XMSS_Signature_Operation
 
class  XMSS_Tools
 
class  XMSS_Verification_Operation
 
class  XMSS_WOTS_Addressed_PrivateKey
 
class  XMSS_WOTS_Addressed_PublicKey
 
class  XMSS_WOTS_Common_Ops
 
class  XMSS_WOTS_Parameters
 
class  XMSS_WOTS_PrivateKey
 
class  XMSS_WOTS_PublicKey
 
class  XMSS_WOTS_Signature_Operation
 
class  XMSS_WOTS_Verification_Operation
 
class  XTEA
 
class  XTS_Decryption
 
class  XTS_Encryption
 
class  XTS_Mode
 
class  Zlib_Compression
 
class  Zlib_Decompression
 
class  Zlib_Style_Stream
 

Typedefs

using byte = std::uint8_t
 
typedef std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
 
typedef EC_Group EC_Domain_Params
 
typedef limb felem[5]
 
typedef uint16_t gf2m
 
using InitializationVector = OctetString
 
typedef uint64_t limb
 
typedef MessageAuthenticationCode MAC
 
typedef PK_Key_Agreement_Key PK_KA_Key
 
typedef Private_Key PKCS8_PrivateKey
 
typedef newhope_poly poly
 
typedef RandomNumberGenerator RNG
 
using s32bit = std::int32_t
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T >>
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T >>
 
typedef SHA_160 SHA_1
 
typedef SIMD_4x32 SIMD_32
 
using SymmetricKey = OctetString
 
typedef Cipher_Mode_Filter Transform_Filter
 
typedef Transform_Filter Transformation_Filter
 
using u16bit = std::uint16_t
 
using u32bit = std::uint32_t
 
using u64bit = std::uint64_t
 
typedef uint8_t u8
 
typedef donna128 uint128_t
 
typedef std::vector< secure_vector< uint8_t > > wots_keysig_t
 
typedef Public_Key X509_PublicKey
 

Enumerations

enum  ASN1_Tag {
  UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, CONSTRUCTED = 0x20,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC, EOC = 0x00, BOOLEAN = 0x01, INTEGER = 0x02,
  BIT_STRING = 0x03, OCTET_STRING = 0x04, NULL_TAG = 0x05, OBJECT_ID = 0x06,
  ENUMERATED = 0x0A, SEQUENCE = 0x10, SET = 0x11, UTF8_STRING = 0x0C,
  NUMERIC_STRING = 0x12, PRINTABLE_STRING = 0x13, T61_STRING = 0x14, IA5_STRING = 0x16,
  VISIBLE_STRING = 0x1A, BMP_STRING = 0x1E, UTC_TIME = 0x17, GENERALIZED_TIME = 0x18,
  UTC_OR_GENERALIZED_TIME = 0x19, NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01
}
 
enum  blake2b_constant { BLAKE2B_BLOCKBYTES = 128, BLAKE2B_OUTBYTES = 64, BLAKE2B_IVU64COUNT = 8 }
 
enum  Certificate_Status_Code {
  Certificate_Status_Code::OK = 0, Certificate_Status_Code::VERIFIED = 0, Certificate_Status_Code::OCSP_RESPONSE_GOOD = 1, Certificate_Status_Code::OCSP_SIGNATURE_OK = 2,
  Certificate_Status_Code::VALID_CRL_CHECKED = 3, Certificate_Status_Code::OCSP_NO_HTTP = 4, Certificate_Status_Code::FIRST_ERROR_STATUS = 1000, Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK = 1000,
  Certificate_Status_Code::UNTRUSTED_HASH = 1001, Certificate_Status_Code::NO_REVOCATION_DATA = 1002, Certificate_Status_Code::CERT_NOT_YET_VALID = 2000, Certificate_Status_Code::CERT_HAS_EXPIRED = 2001,
  Certificate_Status_Code::OCSP_NOT_YET_VALID = 2002, Certificate_Status_Code::OCSP_HAS_EXPIRED = 2003, Certificate_Status_Code::CRL_NOT_YET_VALID = 2004, Certificate_Status_Code::CRL_HAS_EXPIRED = 2005,
  Certificate_Status_Code::CERT_ISSUER_NOT_FOUND = 3000, Certificate_Status_Code::CANNOT_ESTABLISH_TRUST = 3001, Certificate_Status_Code::CERT_CHAIN_LOOP = 3002, Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT = 3003,
  Certificate_Status_Code::CHAIN_NAME_MISMATCH = 3004, Certificate_Status_Code::POLICY_ERROR = 4000, Certificate_Status_Code::INVALID_USAGE = 4001, Certificate_Status_Code::CERT_CHAIN_TOO_LONG = 4002,
  Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER = 4003, Certificate_Status_Code::NAME_CONSTRAINT_ERROR = 4004, Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER = 4005, Certificate_Status_Code::OCSP_CERT_NOT_LISTED = 4006,
  Certificate_Status_Code::OCSP_BAD_STATUS = 4007, Certificate_Status_Code::CERT_NAME_NOMATCH = 4008, Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION = 4009, Certificate_Status_Code::OCSP_SIGNATURE_ERROR = 4501,
  Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND = 4502, Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE = 4503, Certificate_Status_Code::OCSP_RESPONSE_INVALID = 4504, Certificate_Status_Code::CERT_IS_REVOKED = 5000,
  Certificate_Status_Code::CRL_BAD_SIGNATURE = 5001, Certificate_Status_Code::SIGNATURE_ERROR = 5002, Certificate_Status_Code::CERT_PUBKEY_INVALID = 5003
}
 
enum  Character_Set { LOCAL_CHARSET, UCS2_CHARSET, UTF8_CHARSET, LATIN1_CHARSET }
 
enum  Cipher_Dir { ENCRYPTION, DECRYPTION }
 
enum  CRL_Code {
  UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, AFFILIATION_CHANGED = 3,
  SUPERSEDED = 4, CESSATION_OF_OPERATION = 5, CERTIFICATE_HOLD = 6, REMOVE_FROM_CRL = 8,
  PRIVLEDGE_WITHDRAWN = 9, AA_COMPROMISE = 10, DELETE_CRL_ENTRY = 0xFF00, OCSP_GOOD = 0xFF01,
  OCSP_UNKNOWN = 0xFF02
}
 
enum  Decoder_Checking { NONE, IGNORE_WS, FULL_CHECK }
 
enum  EC_Group_Encoding { EC_DOMPAR_ENC_EXPLICIT = 0, EC_DOMPAR_ENC_IMPLICITCA = 1, EC_DOMPAR_ENC_OID = 2 }
 
enum  ECIES_Flags : uint32_t {
  ECIES_Flags::NONE = 0, ECIES_Flags::SINGLE_HASH_MODE = 1, ECIES_Flags::COFACTOR_MODE = 2, ECIES_Flags::OLD_COFACTOR_MODE = 4,
  ECIES_Flags::CHECK_MODE = 8
}
 
enum  Key_Constraints {
  NO_CONSTRAINTS = 0, DIGITAL_SIGNATURE = 1 << 15, NON_REPUDIATION = 1 << 14, KEY_ENCIPHERMENT = 1 << 13,
  DATA_ENCIPHERMENT = 1 << 12, KEY_AGREEMENT = 1 << 11, KEY_CERT_SIGN = 1 << 10, CRL_SIGN = 1 << 9,
  ENCIPHER_ONLY = 1 << 8, DECIPHER_ONLY = 1 << 7
}
 
enum  Newhope_Mode { Newhope_Mode::SHA3, Newhope_Mode::BoringSSL }
 
enum  Newhope_Params {
  NEWHOPE_SENDABYTES = 1824, NEWHOPE_SENDBBYTES = 2048, NEWHOPE_OFFER_BYTES = 1824, NEWHOPE_ACCEPT_BYTES = 2048,
  NEWHOPE_SHARED_KEY_BYTES = 32, CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32, CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32, CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
}
 
enum  Signature_Format { IEEE_1363, DER_SEQUENCE }
 
enum  TPM_Storage_Type { TPM_Storage_Type::User, TPM_Storage_Type::System }
 
enum  Usage_Type {
  Usage_Type::UNSPECIFIED, Usage_Type::TLS_SERVER_AUTH, Usage_Type::TLS_CLIENT_AUTH, Usage_Type::CERTIFICATE_AUTHORITY,
  Usage_Type::OCSP_RESPONDER
}
 
enum  X509_Encoding { RAW_BER, PEM }
 

Functions

BigInt abs (const BigInt &n)
 
size_t almost_montgomery_inverse (BigInt &result, const BigInt &a, const BigInt &p)
 
void aont_package (RandomNumberGenerator &rng, BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
void aont_unpackage (BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const std::string &input, bool ignore_ws)
 
size_t base64_decode_max_output (size_t input_length)
 
size_t base64_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base64_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base64_encode (const uint8_t input[], size_t input_length)
 
size_t base64_encode_max_output (size_t input_length)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
int32_t bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_abs (word cnd, word x[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word z[32], const word x[16])
 
void bigint_comba_sqr4 (word z[8], const word x[4])
 
void bigint_comba_sqr6 (word z[12], const word x[6])
 
void bigint_comba_sqr8 (word z[16], const word x[8])
 
void bigint_comba_sqr9 (word z[18], const word x[9])
 
word bigint_divop (word n1, word n0, word d)
 
void bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_mul (BigInt &z, const BigInt &x, const BigInt &y, const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_monty_sqr (BigInt &z, const BigInt &x, const word p[], size_t p_size, word p_dash, word workspace[])
 
void bigint_mul (BigInt &z, const BigInt &x, const BigInt &y, word workspace[])
 
void bigint_shl1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
uint32_t bit_size_to_32bit_size (uint32_t bit_size)
 
uint32_t bit_size_to_byte_size (uint32_t bit_size)
 
class BOTAN_DLL BOTAN_DEPRECATED ("LibraryInitializer is no longer required") LibraryInitializer
 
template<typename T >
void bswap_4 (T x[4])
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
 
uint64_t carry_shift (const donna128 &a, size_t shift)
 
void CECPQ1_accept (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], uint8_t send[CECPQ1_ACCEPT_BYTES], const uint8_t received[CECPQ1_OFFER_BYTES], RandomNumberGenerator &rng)
 
void BOTAN_DLL CECPQ1_accept (uint8_t *shared_key, uint8_t *accept_message, const uint8_t *offer_message, RandomNumberGenerator &rng)
 
void BOTAN_DLL CECPQ1_finish (uint8_t *shared_key, const CECPQ1_key &offer_key, const uint8_t *accept_message)
 
void CECPQ1_finish (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], const CECPQ1_key &offer_key, const uint8_t received[CECPQ1_ACCEPT_BYTES])
 
void CECPQ1_offer (uint8_t send[CECPQ1_OFFER_BYTES], CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
void BOTAN_DLL CECPQ1_offer (uint8_t *offer_message, CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
template<typename T >
size_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &pass, const std::string &hash)
 
bool check_passhash9 (const std::string &pass, const std::string &hash)
 
bool check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
size_t checked_add (size_t x, size_t y, const char *file, int line)
 
PK_Signerchoose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
 
std::string BOTAN_DLL clean_ws (const std::string &s)
 
void clear_bytes (void *ptr, size_t bytes)
 
template<typename T >
void clear_mem (T *ptr, size_t n)
 
uint64_t combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
AlternativeName create_alt_name (const Data_Store &info)
 
X509_DN create_dn (const Data_Store &info)
 
std::unique_ptr< Private_Keycreate_private_key (const std::string &alg_name, RandomNumberGenerator &rng, const std::string &params)
 
BigInt ct_inverse_mod_odd_modulus (const BigInt &n, const BigInt &mod)
 
template<typename T >
size_t ctz (T n)
 
void curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32])
 
void BOTAN_DLL curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
void curve25519_donna (u8 *mypublic, const u8 *secret, const u8 *basepoint)
 
gf2m decode_gf2m (const uint8_t *mem)
 
void divide (const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
 
size_t dl_exponent_size (size_t bits)
 
size_t dl_work_factor (size_t bits)
 
secure_vector< uint8_t > EC2OSP (const PointGFp &point, uint8_t format)
 
size_t ecp_work_factor (size_t bits)
 
uint32_t encode_gf2m (gf2m to_enc, uint8_t *mem)
 
std::string erase_chars (const std::string &str, const std::set< char > &chars)
 
template<typename T >
uint16_t expand_mask_16bit (T tst)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, uint32_t code_length)
 
BigInt gcd (const BigInt &a, const BigInt &b)
 
void gcm_multiply_clmul (uint8_t x[16], const uint8_t H[16])
 
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor)
 
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
 
std::vector< uint8_t > generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, uint32_t ext_deg, uint32_t code_length, uint32_t t)
 
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id)
 
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
 
AEAD_Modeget_aead (const std::string &algo, Cipher_Dir dir)
 
BlockCipherModePaddingMethodget_bc_pad (const std::string &algo_spec)
 
BlockCipherget_block_cipher (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_block_cipher_providers (const std::string &algo_spec)
 
template<typename T >
uint8_t get_byte (size_t byte_num, T input)
 
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
 
Cipher_Modeget_cipher_mode (const std::string &algo, Cipher_Dir direction)
 
EMEget_eme (const std::string &algo_spec)
 
EMSAget_emsa (const std::string &algo_spec)
 
std::vector< std::string > get_files_recursive (const std::string &dir)
 
HashFunctionget_hash (const std::string &algo_spec, const std::string &provider="")
 
HashFunctionget_hash_function (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_hash_function_providers (const std::string &algo_spec)
 
KDFget_kdf (const std::string &algo_spec)
 
MessageAuthenticationCodeget_mac (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_mac_providers (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
StreamCipherget_stream_cipher (const std::string &algo_spec, const std::string &provider="")
 
std::vector< std::string > get_stream_cipher_providers (const std::string &algo_spec)
 
gf2m gray_to_lex (gf2m gray)
 
template<typename T >
size_t hamming_weight (T n)
 
std::string hash_for_emsa (const std::string &algo_spec)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const char input[], size_t input_length, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const std::string &input, bool ignore_ws)
 
void hex_encode (char output[], const uint8_t input[], size_t input_length, bool uppercase)
 
std::string hex_encode (const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename Alloc >
std::string hex_encode (const std::vector< uint8_t, Alloc > &input, bool uppercase=true)
 
template<typename T >
size_t high_bit (T n)
 
bool host_wildcard_match (const std::string &issued, const std::string &host)
 
uint8_t ieee1363_hash_id (const std::string &name)
 
size_t if_work_factor (size_t bits)
 
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
 
std::string ipv4_to_string (uint32_t ip)
 
template<typename T >
bool is_power_of_2 (T arg)
 
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
 
int32_t jacobi (const BigInt &a, const BigInt &n)
 
std::string key_constraints_to_string (Key_Constraints constraints)
 
BigInt lcm (const BigInt &a, const BigInt &b)
 
gf2m lex_to_gray (gf2m lex)
 
template<typename T >
load_be (const uint8_t in[], size_t off)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_be (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_be< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_be< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_be< uint64_t > (const uint8_t in[], size_t off)
 
template<typename T >
load_le (const uint8_t in[], size_t off)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_le (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_le< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_le< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_le< uint64_t > (const uint8_t in[], size_t off)
 
std::unique_ptr< Private_Keyload_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
 
std::unique_ptr< Public_Keyload_public_key (const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
 
template<typename T >
size_t low_bit (T n)
 
size_t low_zero_bits (const BigInt &n)
 
std::unique_ptr< BlockCiphermake_block_cipher (const std::string &algo_spec, const std::string &provider="")
 
Compression_Algorithmmake_compressor (const std::string &name)
 
Decompression_Algorithmmake_decompressor (const std::string &name)
 
std::unique_ptr< HashFunctionmake_hash_function (const std::string &algo_spec, const std::string &provider="")
 
std::unique_ptr< MessageAuthenticationCodemake_message_auth (const std::string &algo_spec, const std::string &provider="")
 
std::unique_ptr< BlockCiphermake_openssl_block_cipher (const std::string &name)
 
std::unique_ptr< HashFunctionmake_openssl_hash (const std::string &name)
 
std::unique_ptr< StreamCiphermake_stream_cipher (const std::string &algo_spec, const std::string &provider="")
 
uint16_t make_uint16 (uint8_t i0, uint8_t i1)
 
uint32_t make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
 
uint64_t make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Single_object make_unique (Args &&...args)
 
template<class T >
stlCompatibilityDetails::_Unique_if< T >::_Unknown_bound make_unique (size_t n)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Known_bound make_unique (Args &&...)=delete
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
secure_vector< uint8_t > mceies_decrypt (const McEliece_PrivateKey &privkey, const uint8_t ct[], size_t ct_len, const uint8_t ad[], size_t ad_len, const std::string &algo)
 
secure_vector< uint8_t > mceies_encrypt (const McEliece_PublicKey &pubkey, const uint8_t pt[], size_t pt_len, const uint8_t ad[], size_t ad_len, RandomNumberGenerator &rng, const std::string &algo)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext, secure_vector< uint8_t > &error_mask, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
secure_vector< uint8_t > mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, uint32_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
 
size_t mceliece_work_factor (size_t n, size_t t)
 
void mgf1_mask (HashFunction &hash, const uint8_t in[], size_t in_len, uint8_t out[], size_t out_len)
 
word monty_inverse (word input)
 
void mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
 
BigInt mul_add (const BigInt &a, const BigInt &b, const BigInt &c)
 
BigInt mul_sub (const BigInt &a, const BigInt &b, const BigInt &c)
 
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
void newhope_keygen (uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_shareda (uint8_t *sharedkey, const poly *sk, const uint8_t *received, Newhope_Mode mode)
 
void newhope_sharedb (uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
 
BigInt normalized_montgomery_inverse (const BigInt &a, const BigInt &p)
 
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator!= (const OID &a, const OID &b)
 
bool operator!= (const OctetString &s1, const OctetString &s2)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
 
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
 
bool operator!= (const X509_Time &t1, const X509_Time &t2)
 
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
 
bool operator!= (const BigInt &a, const BigInt &b)
 
BigInt operator% (const BigInt &n, const BigInt &mod)
 
word operator% (const BigInt &n, word mod)
 
ECIES_Flags operator& (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator* (const donna128 &x, uint64_t y)
 
BigInt operator* (const BigInt &x, const BigInt &y)
 
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
 
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
 
BigInt operator+ (const BigInt &x, const BigInt &y)
 
OID operator+ (const OID &oid, uint32_t component)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
donna128 operator+ (const donna128 &x, uint64_t y)
 
OctetString operator+ (const OctetString &k1, const OctetString &k2)
 
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
BigInt operator- (const BigInt &x, const BigInt &y)
 
PointGFp operator- (const PointGFp &lhs)
 
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator/ (const BigInt &x, const BigInt &y)
 
bool operator< (const OID &a, const OID &b)
 
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator< (const X509_Time &t1, const X509_Time &t2)
 
bool operator< (const BigInt &a, const BigInt &b)
 
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
 
int operator<< (int fd, Pipe &pipe)
 
BigInt operator<< (const BigInt &x, size_t shift)
 
std::ostream & operator<< (std::ostream &os, const GeneralName &gn)
 
std::ostream & operator<< (std::ostream &os, const GeneralSubtree &gs)
 
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
 
BOTAN_DLL std::ostream & operator<< (std::ostream &out, Pipe &pipe)
 
bool operator<= (const X509_Time &t1, const X509_Time &t2)
 
bool operator<= (const BigInt &a, const BigInt &b)
 
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator== (const OctetString &s1, const OctetString &s2)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator== (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator== (const X509_Time &t1, const X509_Time &t2)
 
bool operator== (const BigInt &a, const BigInt &b)
 
bool operator> (const X509_Time &t1, const X509_Time &t2)
 
bool operator> (const BigInt &a, const BigInt &b)
 
bool operator>= (const X509_Time &t1, const X509_Time &t2)
 
bool operator>= (const BigInt &a, const BigInt &b)
 
int operator>> (int fd, Pipe &pipe)
 
std::istream & operator>> (std::istream &stream, BigInt &n)
 
BigInt operator>> (const BigInt &x, size_t shift)
 
std::istream & operator>> (std::istream &in, X509_DN &dn)
 
BOTAN_DLL std::istream & operator>> (std::istream &in, Pipe &pipe)
 
OctetString operator^ (const OctetString &k1, const OctetString &k2)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator^= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
ECIES_Flags operator| (ECIES_Flags a, ECIES_Flags b)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
template<typename Alloc >
PointGFp OS2ECP (const std::vector< uint8_t, Alloc > &data, const CurveGFp &curve)
 
PointGFp OS2ECP (const uint8_t data[], size_t data_len, const CurveGFp &curve)
 
std::vector< std::string > parse_algorithm_name (const std::string &namex)
 
std::vector< uint32_t > parse_asn1_oid (const std::string &oid)
 
secure_vector< uint8_t > pbes2_decrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, const std::vector< uint8_t > &params)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t pbkdf_iter, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
std::vector< uint8_t > pkcs_hash_id (const std::string &name)
 
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
 
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
 
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
 
const BigIntprime_p521 ()
 
template<typename T >
std::vector< std::string > probe_providers_of (const std::string &algo_spec, const std::vector< std::string > &possible)
 
bool quick_check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
gf2m random_code_element (unsigned code_length, RandomNumberGenerator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)
 
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
 
std::map< std::string, std::string > BOTAN_DLL read_cfg (std::istream &is)
 
void redc_p521 (BigInt &x, secure_vector< word > &ws)
 
std::string replace_char (const std::string &str, char from_char, char to_char)
 
std::string replace_chars (const std::string &str, const std::set< char > &chars, char to_char)
 
BigInt BOTAN_DLL ressol (const BigInt &x, const BigInt &p)
 
uint16_t reverse_bytes (uint16_t val)
 
uint32_t reverse_bytes (uint32_t val)
 
uint64_t reverse_bytes (uint64_t val)
 
secure_vector< uint8_t > rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
secure_vector< uint8_t > rfc3394_keywrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
template<typename T >
rotate_left (T input, size_t rot)
 
template<typename T >
rotate_right (T input, size_t rot)
 
template<typename T >
round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
void secure_scrub_memory (void *ptr, size_t n)
 
template<typename T >
void set_mem (T *ptr, size_t n, uint8_t val)
 
template<typename T >
size_t significant_bytes (T n)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
 
BigInt square (const BigInt &x)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng)
 
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
 
void store_be (uint16_t in, uint8_t out[2])
 
void store_be (uint32_t in, uint8_t out[4])
 
void store_be (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
void store_le (uint16_t in, uint8_t out[2])
 
void store_le (uint32_t in, uint8_t out[4])
 
void store_le (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
uint32_t string_to_ipv4 (const std::string &str)
 
BigInt sub_mul (const BigInt &a, const BigInt &b, const BigInt &c)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
RandomNumberGeneratorsystem_rng ()
 
uint32_t timespec_to_u32bit (const std::string &timespec)
 
std::vector< uint8_t > to_byte_vector (const std::string &s)
 
const char * to_string (Certificate_Status_Code code)
 
std::string to_string (const secure_vector< uint8_t > &bytes)
 
uint32_t to_u32bit (const std::string &str)
 
template<typename T >
std::vector< T > unlock (const secure_vector< T > &in)
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
void verify_cert_constraints_valid_for_key_type (const Public_Key &pub_key, Key_Constraints constraints)
 
bool verify_prime (const BigInt &n, RandomNumberGenerator &rng)
 
const char * version_cstr ()
 
uint32_t version_datestamp ()
 
uint32_t version_major ()
 
uint32_t version_minor ()
 
uint32_t version_patch ()
 
std::string version_string ()
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
word word_madd2 (word a, word b, word *c)
 
word word_madd3 (word a, word b, word c, word *d)
 
word word_sub (word x, word y, word *carry)
 
bool x500_name_cmp (const std::string &name1, const std::string &name2)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
 
template<typename T >
void xor_buf (T out[], const T in[], size_t length)
 
template<typename T >
void xor_buf (T out[], const T in[], const T in2[], size_t length)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const uint32_t CAST_SBOX1 [256]
 
const uint32_t CAST_SBOX2 [256]
 
const uint32_t CAST_SBOX3 [256]
 
const uint32_t CAST_SBOX4 [256]
 
const uint64_t DES_FPTAB1 [256]
 
const uint64_t DES_FPTAB2 [256]
 
const uint64_t DES_IPTAB1 [256]
 
const uint64_t DES_IPTAB2 [256]
 
const uint32_t DES_SPBOX1 [256]
 
const uint32_t DES_SPBOX2 [256]
 
const uint32_t DES_SPBOX3 [256]
 
const uint32_t DES_SPBOX4 [256]
 
const uint32_t DES_SPBOX5 [256]
 
const uint32_t DES_SPBOX6 [256]
 
const uint32_t DES_SPBOX7 [256]
 
const uint32_t DES_SPBOX8 [256]
 
const size_t HEX_CODEC_BUFFER_SIZE = 256
 
const size_t MP_WORD_BITS = BOTAN_MP_WORD_BITS
 
const word MP_WORD_MASK = ~static_cast<word>(0)
 
const word MP_WORD_MAX = MP_WORD_MASK
 
const word MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)
 
const size_t PRIME_TABLE_SIZE = 6541
 
const uint16_t BOTAN_DLL PRIMES []
 

Detailed Description

Ordinary applications should never need to include or use this header. It is exposed only for specialized applications which want to implement new versions of public key crypto without merging them as changes to the library. One actual example of such usage is an application which creates RSA signatures using a custom TPM library. Unless you're doing something like that, you don't need anything here. Instead use pubkey.h which wraps these types safely and provides a stable application-oriented API.

XMSS WOTS Addressed Private Key (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Addressed Public Key (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Common Ops Operations shared by XMSS WOTS signature generation and verification operations.

(C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Common Operations (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Signature Operation Signature generation operation for Winternitz One Time Signatures for use in Extended Hash-Based Signatures (XMSS).

This operation is not intended for stand-alone use and thus not registered in the Botan algorithm registry.

(C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Signature Operation (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Verification Operation Provides signature verification capabilities for Winternitz One Time Signatures used in Extended Hash-Based Signatures (XMSS).

This operation is not intended for stand-alone use and thus not registered in the Botan algorithm registry.

(C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS_WOTS_Verification_Operation.h (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

The primary namespace for the botan library

Typedef Documentation

using Botan::byte = typedef std::uint8_t

Definition at line 36 of file types.h.

This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.

Definition at line 29 of file x509path.h.

Definition at line 151 of file ec_group.h.

typedef limb Botan::felem[5]

Definition at line 40 of file donna.cpp.

typedef uint16_t Botan::gf2m

Definition at line 20 of file gf2m_small_m.h.

Alternate name for octet string showing intent to use as an IV

Definition at line 141 of file symkey.h.

typedef uint64_t Botan::limb

Definition at line 39 of file donna.cpp.

Definition at line 143 of file mac.h.

Definition at line 289 of file pk_keys.h.

Definition at line 291 of file pk_keys.h.

Definition at line 19 of file newhope.cpp.

Convenience typedef

Definition at line 174 of file rng.h.

using Botan::s32bit = typedef std::int32_t

Definition at line 40 of file types.h.

template<typename T >
using Botan::secure_deque = typedef std::deque<T, secure_allocator<T>>

Definition at line 122 of file secmem.h.

template<typename T >
using Botan::secure_vector = typedef std::vector<T, secure_allocator<T>>

Definition at line 121 of file secmem.h.

Definition at line 55 of file sha160.h.

Definition at line 650 of file simd_32.h.

Alternate name for octet string showing intent to use as a key

Definition at line 136 of file symkey.h.

Definition at line 67 of file cipher_filter.h.

Definition at line 68 of file cipher_filter.h.

using Botan::u16bit = typedef std::uint16_t

Definition at line 37 of file types.h.

using Botan::u32bit = typedef std::uint32_t

Definition at line 38 of file types.h.

using Botan::u64bit = typedef std::uint64_t

Definition at line 39 of file types.h.

typedef uint8_t Botan::u8

Definition at line 38 of file donna.cpp.

Definition at line 63 of file donna.cpp.

typedef std::vector< secure_vector< uint8_t > > Botan::wots_keysig_t

Definition at line 20 of file xmss_common_ops.h.

Definition at line 290 of file pk_keys.h.

Enumeration Type Documentation

ASN.1 Type and Class Tags

Enumerator
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
UTC_OR_GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

Definition at line 22 of file asn1_obj.h.

22  {
23  UNIVERSAL = 0x00,
24  APPLICATION = 0x40,
25  CONTEXT_SPECIFIC = 0x80,
26 
27  CONSTRUCTED = 0x20,
28 
30 
31  EOC = 0x00,
32  BOOLEAN = 0x01,
33  INTEGER = 0x02,
34  BIT_STRING = 0x03,
35  OCTET_STRING = 0x04,
36  NULL_TAG = 0x05,
37  OBJECT_ID = 0x06,
38  ENUMERATED = 0x0A,
39  SEQUENCE = 0x10,
40  SET = 0x11,
41 
42  UTF8_STRING = 0x0C,
43  NUMERIC_STRING = 0x12,
44  PRINTABLE_STRING = 0x13,
45  T61_STRING = 0x14,
46  IA5_STRING = 0x16,
47  VISIBLE_STRING = 0x1A,
48  BMP_STRING = 0x1E,
49 
50  UTC_TIME = 0x17,
51  GENERALIZED_TIME = 0x18,
53 
54  NO_OBJECT = 0xFF00,
55  DIRECTORY_STRING = 0xFF01
56 };
Enumerator
BLAKE2B_BLOCKBYTES 
BLAKE2B_OUTBYTES 
BLAKE2B_IVU64COUNT 

Definition at line 17 of file blake2b.h.

Certificate validation status code

Enumerator
OK 
VERIFIED 
OCSP_RESPONSE_GOOD 
OCSP_SIGNATURE_OK 
VALID_CRL_CHECKED 
OCSP_NO_HTTP 
FIRST_ERROR_STATUS 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
NO_REVOCATION_DATA 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
CHAIN_LACKS_TRUST_ROOT 
CHAIN_NAME_MISMATCH 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
OCSP_SIGNATURE_ERROR 
OCSP_ISSUER_NOT_FOUND 
OCSP_RESPONSE_MISSING_KEYUSAGE 
OCSP_RESPONSE_INVALID 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 
CERT_PUBKEY_INVALID 

Definition at line 18 of file cert_status.h.

18  {
19  OK = 0,
20  VERIFIED = 0,
21 
22  // Revocation status
26  OCSP_NO_HTTP = 4,
27 
28  // Errors
29  FIRST_ERROR_STATUS = 1000,
30 
32  UNTRUSTED_HASH = 1001,
33  NO_REVOCATION_DATA = 1002,
34 
35  // Time problems
36  CERT_NOT_YET_VALID = 2000,
37  CERT_HAS_EXPIRED = 2001,
38  OCSP_NOT_YET_VALID = 2002,
39  OCSP_HAS_EXPIRED = 2003,
40  CRL_NOT_YET_VALID = 2004,
41  CRL_HAS_EXPIRED = 2005,
42 
43  // Chain generation problems
44  CERT_ISSUER_NOT_FOUND = 3000,
46  CERT_CHAIN_LOOP = 3002,
48  CHAIN_NAME_MISMATCH = 3004,
49 
50  // Validation errors
51  POLICY_ERROR = 4000,
52  INVALID_USAGE = 4001,
53  CERT_CHAIN_TOO_LONG = 4002,
55  NAME_CONSTRAINT_ERROR = 4004,
56 
57  // Revocation errors
59  OCSP_CERT_NOT_LISTED = 4006,
60  OCSP_BAD_STATUS = 4007,
61 
62  // Other problems
63  CERT_NAME_NOMATCH = 4008,
65  OCSP_SIGNATURE_ERROR = 4501,
66  OCSP_ISSUER_NOT_FOUND = 4502,
68  OCSP_RESPONSE_INVALID = 4504,
69 
70  // Hard failures
71  CERT_IS_REVOKED = 5000,
72  CRL_BAD_SIGNATURE = 5001,
73  SIGNATURE_ERROR = 5002,
74  CERT_PUBKEY_INVALID = 5003,
75 };

The different charsets (nominally) supported by Botan.

Enumerator
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

Definition at line 19 of file charset.h.

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

Definition at line 212 of file cipher_mode.h.

X.509v2 CRL Reason Code.

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 20 of file crl_ent.h.

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 179 of file filter.h.

This class represents elliptic curce domain parameters

Enumerator
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 22 of file ec_group.h.

enum Botan::ECIES_Flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

Definition at line 28 of file ecies.h.

28  : uint32_t
29  {
30  NONE = 0,
31 
32  /// if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key
33  SINGLE_HASH_MODE = 1,
34 
35  /// (decryption only) if set: use cofactor multiplication during (ecdh) key agreement
36  COFACTOR_MODE = 2,
37 
38  /// if set: use ecdhc instead of ecdh
40 
41  /// (decryption only) if set: test if the (ephemeral) public key is on the curve
42  CHECK_MODE = 8
43  };
(decryption only) if set: test if the (ephemeral) public key is on the curve
if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key ...
if set: use ecdhc instead of ecdh
(decryption only) if set: use cofactor multiplication during (ecdh) key agreement ...

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 21 of file key_constraint.h.

21  {
22  NO_CONSTRAINTS = 0,
23  DIGITAL_SIGNATURE = 1 << 15,
24  NON_REPUDIATION = 1 << 14,
25  KEY_ENCIPHERMENT = 1 << 13,
26  DATA_ENCIPHERMENT = 1 << 12,
27  KEY_AGREEMENT = 1 << 11,
28  KEY_CERT_SIGN = 1 << 10,
29  CRL_SIGN = 1 << 9,
30  ENCIPHER_ONLY = 1 << 8,
31  DECIPHER_ONLY = 1 << 7
32 };
Definition: ffi.h:934
enum Botan::Newhope_Mode
strong

This chooses the XOF + hash for NewHope The official NewHope specification and reference implementation use SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode

Enumerator
SHA3 
BoringSSL 

Definition at line 52 of file newhope.h.

Enumerator
NEWHOPE_SENDABYTES 
NEWHOPE_SENDBBYTES 
NEWHOPE_OFFER_BYTES 
NEWHOPE_ACCEPT_BYTES 
NEWHOPE_SHARED_KEY_BYTES 
CECPQ1_OFFER_BYTES 
CECPQ1_ACCEPT_BYTES 
CECPQ1_SHARED_KEY_BYTES 

Definition at line 33 of file newhope.h.

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

Definition at line 29 of file pubkey.h.

Enumerator
User 
System 

Definition at line 100 of file tpm.h.

enum Botan::Usage_Type
strong
Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 

Definition at line 24 of file x509cert.h.

The two types of X509 encoding supported by Botan.

Enumerator
RAW_BER 
PEM 

Definition at line 21 of file x509_key.h.

Function Documentation

BigInt Botan::abs ( const BigInt n)
inline

Return the absolute value

Parameters
nan integer
Returns
absolute value of n

Definition at line 55 of file numthry.h.

References Botan::BigInt::abs().

55 { return n.abs(); }
size_t BOTAN_DLL Botan::almost_montgomery_inverse ( BigInt result,
const BigInt a,
const BigInt b 
)

Return a^-1 * 2^k mod b Returns k, between n and 2n Not const time

Definition at line 90 of file numthry.cpp.

References Botan::BigInt::is_even().

Referenced by normalized_montgomery_inverse().

93  {
94  size_t k = 0;
95 
96  BigInt u = p, v = a, r = 0, s = 1;
97 
98  while(v > 0)
99  {
100  if(u.is_even())
101  {
102  u >>= 1;
103  s <<= 1;
104  }
105  else if(v.is_even())
106  {
107  v >>= 1;
108  r <<= 1;
109  }
110  else if(u > v)
111  {
112  u -= v;
113  u >>= 1;
114  r += s;
115  s <<= 1;
116  }
117  else
118  {
119  v -= u;
120  v >>= 1;
121  s += r;
122  r <<= 1;
123  }
124 
125  ++k;
126  }
127 
128  if(r >= p)
129  {
130  r = r - p;
131  }
132 
133  result = p - r;
134 
135  return k;
136  }
void BOTAN_DLL Botan::aont_package ( RandomNumberGenerator rng,
BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform

Parameters
rngthe random number generator to use
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

Definition at line 16 of file package.cpp.

References Botan::OctetString::begin(), Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, clear_mem(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

20  {
21  const size_t BLOCK_SIZE = cipher->block_size();
22 
23  if(!cipher->valid_keylength(BLOCK_SIZE))
24  throw Invalid_Argument("AONT::package: Invalid cipher");
25 
26  // The all-zero string which is used both as the CTR IV and as K0
27  const std::string all_zeros(BLOCK_SIZE*2, '0');
28 
29  SymmetricKey package_key(rng, BLOCK_SIZE);
30 
31  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
32 
33  pipe.process_msg(input, input_len);
34  const size_t remaining = pipe.remaining();
35  BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
36 
37  // Set K0 (the all zero key)
38  cipher->set_key(SymmetricKey(all_zeros));
39 
40  secure_vector<uint8_t> buf(BLOCK_SIZE);
41 
42  const size_t blocks =
43  (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
44 
45  uint8_t* final_block = output + input_len;
46  clear_mem(final_block, BLOCK_SIZE);
47 
48  // XOR the hash blocks into the final block
49  for(size_t i = 0; i != blocks; ++i)
50  {
51  const size_t left = std::min<size_t>(BLOCK_SIZE,
52  input_len - BLOCK_SIZE * i);
53 
54  zeroise(buf);
55  copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);
56 
57  for(size_t j = 0; j != sizeof(i); ++j)
58  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
59 
60  cipher->encrypt(buf.data());
61 
62  xor_buf(final_block, buf.data(), BLOCK_SIZE);
63  }
64 
65  // XOR the random package key into the final block
66  xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
67  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
OctetString SymmetricKey
Definition: symkey.h:136
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211
void BOTAN_DLL Botan::aont_unpackage ( BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

Definition at line 69 of file package.cpp.

References Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

72  {
73  const size_t BLOCK_SIZE = cipher->block_size();
74 
75  if(!cipher->valid_keylength(BLOCK_SIZE))
76  throw Invalid_Argument("AONT::unpackage: Invalid cipher");
77 
78  if(input_len < BLOCK_SIZE)
79  throw Invalid_Argument("AONT::unpackage: Input too short");
80 
81  // The all-zero string which is used both as the CTR IV and as K0
82  const std::string all_zeros(BLOCK_SIZE*2, '0');
83 
84  cipher->set_key(SymmetricKey(all_zeros));
85 
86  secure_vector<uint8_t> package_key(BLOCK_SIZE);
87  secure_vector<uint8_t> buf(BLOCK_SIZE);
88 
89  // Copy the package key (masked with the block hashes)
90  copy_mem(package_key.data(),
91  input + (input_len - BLOCK_SIZE),
92  BLOCK_SIZE);
93 
94  const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
95 
96  // XOR the blocks into the package key bits
97  for(size_t i = 0; i != blocks; ++i)
98  {
99  const size_t left = std::min<size_t>(BLOCK_SIZE,
100  input_len - BLOCK_SIZE * (i+1));
101 
102  zeroise(buf);
103  copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);
104 
105  for(size_t j = 0; j != sizeof(i); ++j)
106  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
107 
108  cipher->encrypt(buf.data());
109 
110  xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
111  }
112 
113  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
114 
115  pipe.process_msg(input, input_len - BLOCK_SIZE);
116 
117  const size_t remaining = pipe.remaining();
118  BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
119  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
OctetString SymmetricKey
Definition: symkey.h:136
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211
BOTAN_NORETURN void BOTAN_DLL Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails

Definition at line 13 of file assert.cpp.

18  {
19  std::ostringstream format;
20 
21  format << "False assertion ";
22 
23  if(assertion_made && assertion_made[0] != 0)
24  format << "'" << assertion_made << "' (expression " << expr_str << ") ";
25  else
26  format << expr_str << " ";
27 
28  if(func)
29  format << "in " << func << " ";
30 
31  format << "@" << file << ":" << line;
32 
33  throw Exception(format.str());
34  }
size_t BOTAN_DLL Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 100 of file base64.cpp.

References clear_mem().

Referenced by base64_decode(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), and Botan::Base64_Decoder::write().

106  {
107  /*
108  * Base64 Decoder Lookup Table
109  * Warning: assumes ASCII encodings
110  */
111  static const uint8_t BASE64_TO_BIN[256] = {
112  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
113  0x80, 0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
114  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
115  0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
116  0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, 0x34, 0x35,
117  0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF,
118  0xFF, 0x81, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
119  0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
120  0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
121  0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C,
122  0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
123  0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
124  0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
127  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
129  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
131  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
132  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
133  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
134  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
135  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
136  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
137  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
138 
139  uint8_t* out_ptr = output;
140  uint8_t decode_buf[4];
141  size_t decode_buf_pos = 0;
142  size_t final_truncate = 0;
143 
144  clear_mem(output, input_length * 3 / 4);
145 
146  for(size_t i = 0; i != input_length; ++i)
147  {
148  const uint8_t bin = BASE64_TO_BIN[static_cast<uint8_t>(input[i])];
149 
150  if(bin <= 0x3F)
151  {
152  decode_buf[decode_buf_pos] = bin;
153  decode_buf_pos += 1;
154  }
155  else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws)))
156  {
157  std::string bad_char(1, input[i]);
158  if(bad_char == "\t")
159  bad_char = "\\t";
160  else if(bad_char == "\n")
161  bad_char = "\\n";
162  else if(bad_char == "\r")
163  bad_char = "\\r";
164 
165  throw Invalid_Argument(
166  std::string("base64_decode: invalid base64 character '") +
167  bad_char + "'");
168  }
169 
170  /*
171  * If we're at the end of the input, pad with 0s and truncate
172  */
173  if(final_inputs && (i == input_length - 1))
174  {
175  if(decode_buf_pos)
176  {
177  for(size_t j = decode_buf_pos; j != 4; ++j)
178  decode_buf[j] = 0;
179  final_truncate = (4 - decode_buf_pos);
180  decode_buf_pos = 4;
181  }
182  }
183 
184  if(decode_buf_pos == 4)
185  {
186  out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
187  out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
188  out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];
189 
190  out_ptr += 3;
191  decode_buf_pos = 0;
192  input_consumed = i+1;
193  }
194  }
195 
196  while(input_consumed < input_length &&
197  BASE64_TO_BIN[static_cast<uint8_t>(input[input_consumed])] == 0x80)
198  {
199  ++input_consumed;
200  }
201 
202  size_t written = (out_ptr - output) - final_truncate;
203 
204  return written;
205  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
size_t BOTAN_DLL Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 207 of file base64.cpp.

References base64_decode().

211  {
212  size_t consumed = 0;
213  size_t written = base64_decode(output, input, input_length,
214  consumed, true, ignore_ws);
215 
216  if(consumed != input_length)
217  throw Invalid_Argument("base64_decode: input did not have full bytes");
218 
219  return written;
220  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
size_t BOTAN_DLL Botan::base64_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 222 of file base64.cpp.

References base64_decode().

225  {
226  return base64_decode(output, input.data(), input.length(), ignore_ws);
227  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
secure_vector< uint8_t > BOTAN_DLL Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 229 of file base64.cpp.

References base64_decode(), and base64_decode_max_output().

232  {
233  const size_t output_length = base64_decode_max_output(input_length);
234  secure_vector<uint8_t> bin(output_length);
235 
236  size_t written = base64_decode(bin.data(),
237  input,
238  input_length,
239  ignore_ws);
240 
241  bin.resize(written);
242  return bin;
243  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
size_t base64_decode_max_output(size_t input_length)
Definition: base64.cpp:256
secure_vector< uint8_t > BOTAN_DLL Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 245 of file base64.cpp.

References base64_decode().

247  {
248  return base64_decode(input.data(), input.size(), ignore_ws);
249  }
secure_vector< uint8_t > base64_decode(const std::string &input, bool ignore_ws)
Definition: base64.cpp:245
size_t BOTAN_DLL Botan::base64_decode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_decode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 256 of file base64.cpp.

References round_up().

Referenced by base64_decode().

257  {
258  return (round_up(input_length, 4) * 3) / 4;
259  }
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
size_t BOTAN_DLL Botan::base64_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters
outputan array of at least base64_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 35 of file base64.cpp.

Referenced by Botan::OCSP::Request::base64_encode(), base64_encode(), Botan::PEM_Code::encode(), and generate_passhash9().

40  {
41  input_consumed = 0;
42 
43  size_t input_remaining = input_length;
44  size_t output_produced = 0;
45 
46  while(input_remaining >= 3)
47  {
48  do_base64_encode(out + output_produced, in + input_consumed);
49 
50  input_consumed += 3;
51  output_produced += 4;
52  input_remaining -= 3;
53  }
54 
55  if(final_inputs && input_remaining)
56  {
57  uint8_t remainder[3] = { 0 };
58  for(size_t i = 0; i != input_remaining; ++i)
59  remainder[i] = in[input_consumed + i];
60 
61  do_base64_encode(out + output_produced, remainder);
62 
63  size_t empty_bits = 8 * (3 - input_remaining);
64  size_t index = output_produced + 4 - 1;
65  while(empty_bits >= 8)
66  {
67  out[index--] = '=';
68  empty_bits -= 6;
69  }
70 
71  input_consumed += input_remaining;
72  output_produced += 4;
73  }
74 
75  return output_produced;
76  }
template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base64 encoding

Parameters
inputsome input
Returns
base64adecimal representation of input

Definition at line 50 of file base64.h.

References base64_encode().

51  {
52  return base64_encode(input.data(), input.size());
53  }
std::string base64_encode(const std::vector< uint8_t, Alloc > &input)
Definition: base64.h:50
std::string BOTAN_DLL Botan::base64_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base64adecimal representation of input

Definition at line 78 of file base64.cpp.

References base64_encode(), base64_encode_max_output(), and BOTAN_ASSERT_EQUAL.

80  {
81  const size_t output_length = base64_encode_max_output(input_length);
82  std::string output(output_length, 0);
83 
84  size_t consumed = 0;
85  size_t produced = 0;
86 
87  if (output_length > 0)
88  {
89  produced = base64_encode(&output.front(),
90  input, input_length,
91  consumed, true);
92  }
93 
94  BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
95  BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
96 
97  return output;
98  }
size_t base64_encode_max_output(size_t input_length)
Definition: base64.cpp:251
std::string base64_encode(const uint8_t input[], size_t input_length)
Definition: base64.cpp:78
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53
size_t BOTAN_DLL Botan::base64_encode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_encode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 251 of file base64.cpp.

References round_up().

Referenced by base64_encode().

252  {
253  return (round_up(input_length, 3) / 3) * 4;
254  }
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 138 of file mp_core.cpp.

References bigint_add2_nc().

Referenced by mul_add(), Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

139  {
140  if(bigint_add2_nc(x, x_size, y, y_size))
141  x[x_size] += 1;
142  }
word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:90
word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition with carry out

Definition at line 90 of file mp_core.cpp.

References BOTAN_ASSERT, word8_add2(), and word_add().

Referenced by bigint_add2().

91  {
92  word carry = 0;
93 
94  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
95 
96  const size_t blocks = y_size - (y_size % 8);
97 
98  for(size_t i = 0; i != blocks; i += 8)
99  carry = word8_add2(x + i, y + i, carry);
100 
101  for(size_t i = blocks; i != y_size; ++i)
102  x[i] = word_add(x[i], y[i], &carry);
103 
104  for(size_t i = y_size; i != x_size; ++i)
105  x[i] = word_add(x[i], 0, &carry);
106 
107  return carry;
108  }
word word8_add2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:138
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition

Definition at line 147 of file mp_core.cpp.

References bigint_add3_nc().

Referenced by operator+(), and operator-().

149  {
150  z[(x_size > y_size ? x_size : y_size)] +=
151  bigint_add3_nc(z, x, x_size, y, y_size);
152  }
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:113
word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition with carry out

Definition at line 113 of file mp_core.cpp.

References word8_add3(), and word_add().

Referenced by bigint_add3(), and redc_p521().

115  {
116  if(x_size < y_size)
117  { return bigint_add3_nc(z, y, y_size, x, x_size); }
118 
119  word carry = 0;
120 
121  const size_t blocks = y_size - (y_size % 8);
122 
123  for(size_t i = 0; i != blocks; i += 8)
124  carry = word8_add3(z + i, x + i, y + i, carry);
125 
126  for(size_t i = blocks; i != y_size; ++i)
127  z[i] = word_add(x[i], y[i], &carry);
128 
129  for(size_t i = y_size; i != x_size; ++i)
130  z[i] = word_add(x[i], 0, &carry);
131 
132  return carry;
133  }
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:113
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:200
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
int32_t Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Compare x and y

Definition at line 378 of file mp_core.cpp.

Referenced by Botan::BigInt::cmp(), operator+(), Botan::BigInt::operator+=(), operator-(), and Botan::BigInt::operator-=().

380  {
381  if(x_size < y_size) { return (-bigint_cmp(y, y_size, x, x_size)); }
382 
383  while(x_size > y_size)
384  {
385  if(x[x_size-1])
386  return 1;
387  x_size--;
388  }
389 
390  for(size_t i = x_size; i > 0; --i)
391  {
392  if(x[i-1] > y[i-1])
393  return 1;
394  if(x[i-1] < y[i-1])
395  return -1;
396  }
397 
398  return 0;
399  }
int32_t bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:378
BOTAN_DLL void Botan::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)

Definition at line 75 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

76  {
77  const word mask = CT::expand_mask(cnd);
78 
79  word carry = mask & 1;
80  for(size_t i = 0; i != size; ++i)
81  {
82  const word z = word_add(~x[i], 0, &carry);
83  x[i] = CT::select(mask, z, x[i]);
84  }
85  }
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
BOTAN_DLL word Botan::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 39 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_add().

Referenced by ct_inverse_mod_odd_modulus().

40  {
41  const word mask = CT::expand_mask(cnd);
42 
43  word carry = 0;
44  for(size_t i = 0; i != size; ++i)
45  {
46  /*
47  Here we are relying on asm version of word_add being
48  a single addcl or equivalent. Fix this.
49  */
50  const word z = word_add(x[i], y[i], &carry);
51  x[i] = CT::select(mask, z, x[i]);
52  }
53 
54  return carry & mask;
55  }
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
BOTAN_DLL word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

Definition at line 61 of file mp_core.cpp.

References Botan::CT::expand_mask(), Botan::CT::select(), and word_sub().

Referenced by ct_inverse_mod_odd_modulus().

62  {
63  const word mask = CT::expand_mask(cnd);
64 
65  word carry = 0;
66  for(size_t i = 0; i != size; ++i)
67  {
68  const word z = word_sub(x[i], y[i], &carry);
69  x[i] = CT::select(mask, z, x[i]);
70  }
71 
72  return carry & mask;
73  }
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
BOTAN_DLL void Botan::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)

Definition at line 22 of file mp_core.cpp.

References Botan::CT::expand_mask(), and Botan::CT::select().

Referenced by ct_inverse_mod_odd_modulus().

23  {
24  const word mask = CT::expand_mask(cnd);
25 
26  for(size_t i = 0; i != size; ++i)
27  {
28  word a = x[i];
29  word b = y[i];
30  x[i] = CT::select(mask, b, a);
31  y[i] = CT::select(mask, a, b);
32  }
33  }
T expand_mask(T x)
Definition: ct_utils.h:86
T select(T mask, T from0, T from1)
Definition: ct_utils.h:98
void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 805 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

806  {
807  word w2 = 0, w1 = 0, w0 = 0;
808 
809  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
810  z[ 0] = w0; w0 = 0;
811 
812  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
813  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
814  z[ 1] = w1; w1 = 0;
815 
816  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
817  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
818  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
819  z[ 2] = w2; w2 = 0;
820 
821  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
822  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
823  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
824  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
825  z[ 3] = w0; w0 = 0;
826 
827  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
828  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
829  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
830  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
831  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
832  z[ 4] = w1; w1 = 0;
833 
834  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
835  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
836  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
837  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
838  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
839  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
840  z[ 5] = w2; w2 = 0;
841 
842  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
843  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
844  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
845  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
846  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
847  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
848  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
849  z[ 6] = w0; w0 = 0;
850 
851  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
852  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
853  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
854  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
855  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
856  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
857  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
858  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
859  z[ 7] = w1; w1 = 0;
860 
861  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
862  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
863  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
864  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
865  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
866  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
867  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
868  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
869  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
870  z[ 8] = w2; w2 = 0;
871 
872  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
873  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
874  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
875  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
876  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
877  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
878  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
879  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
880  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
881  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
882  z[ 9] = w0; w0 = 0;
883 
884  word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
885  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
886  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
887  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
888  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
889  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
890  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
891  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
892  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
893  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
894  word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
895  z[10] = w1; w1 = 0;
896 
897  word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
898  word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
899  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
900  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
901  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
902  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
903  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
904  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
905  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
906  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
907  word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
908  word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
909  z[11] = w2; w2 = 0;
910 
911  word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
912  word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
913  word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
914  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
915  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
916  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
917  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
918  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
919  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
920  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
921  word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
922  word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
923  word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
924  z[12] = w0; w0 = 0;
925 
926  word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
927  word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
928  word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
929  word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
930  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
931  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
932  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
933  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
934  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
935  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
936  word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
937  word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
938  word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
939  word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
940  z[13] = w1; w1 = 0;
941 
942  word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
943  word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
944  word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
945  word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
946  word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
947  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
948  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
949  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
950  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
951  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
952  word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
953  word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
954  word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
955  word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
956  word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
957  z[14] = w2; w2 = 0;
958 
959  word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
960  word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
961  word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
962  word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
963  word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
964  word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
965  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
966  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
967  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
968  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
969  word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
970  word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
971  word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
972  word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
973  word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
974  word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
975  z[15] = w0; w0 = 0;
976 
977  word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
978  word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
979  word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
980  word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
981  word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
982  word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
983  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
984  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
985  word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
986  word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
987  word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
988  word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
989  word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
990  word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
991  word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
992  z[16] = w1; w1 = 0;
993 
994  word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
995  word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
996  word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
997  word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
998  word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
999  word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1000  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1001  word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1002  word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1003  word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1004  word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1005  word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1006  word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1007  word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1008  z[17] = w2; w2 = 0;
1009 
1010  word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1011  word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1012  word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1013  word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1014  word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1015  word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1016  word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1017  word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1018  word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1019  word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1020  word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1021  word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1022  word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1023  z[18] = w0; w0 = 0;
1024 
1025  word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1026  word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1027  word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1028  word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1029  word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1030  word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1031  word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1032  word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1033  word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1034  word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1035  word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1036  word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1037  z[19] = w1; w1 = 0;
1038 
1039  word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1040  word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1041  word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1042  word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1043  word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1044  word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1045  word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1046  word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1047  word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1048  word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1049  word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1050  z[20] = w2; w2 = 0;
1051 
1052  word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1053  word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1054  word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1055  word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1056  word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1057  word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1058  word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1059  word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1060  word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1061  word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1062  z[21] = w0; w0 = 0;
1063 
1064  word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1065  word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1066  word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1067  word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1068  word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1069  word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1070  word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1071  word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1072  word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1073  z[22] = w1; w1 = 0;
1074 
1075  word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1076  word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1077  word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1078  word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1079  word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1080  word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1081  word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1082  word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1083  z[23] = w2; w2 = 0;
1084 
1085  word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1086  word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1087  word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1088  word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1089  word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1090  word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1091  word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1092  z[24] = w0; w0 = 0;
1093 
1094  word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1095  word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1096  word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1097  word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1098  word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1099  word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1100  z[25] = w1; w1 = 0;
1101 
1102  word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1103  word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1104  word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1105  word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1106  word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1107  z[26] = w2; w2 = 0;
1108 
1109  word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1110  word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1111  word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1112  word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1113  z[27] = w0; w0 = 0;
1114 
1115  word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1116  word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1117  word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1118  z[28] = w1; w1 = 0;
1119 
1120  word3_muladd(&w1, &w0, &w2, x[14], y[15]);
1121  word3_muladd(&w1, &w0, &w2, x[15], y[14]);
1122  z[29] = w2; w2 = 0;
1123 
1124  word3_muladd(&w2, &w1, &w0, x[15], y[15]);
1125  z[30] = w0;
1126  z[31] = w1;
1127  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

Definition at line 50 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

51  {
52  word w2 = 0, w1 = 0, w0 = 0;
53 
54  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
55  z[ 0] = w0; w0 = 0;
56 
57  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
58  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
59  z[ 1] = w1; w1 = 0;
60 
61  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
62  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
63  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
64  z[ 2] = w2; w2 = 0;
65 
66  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
67  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
68  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
69  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
70  z[ 3] = w0; w0 = 0;
71 
72  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
73  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
74  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
75  z[ 4] = w1; w1 = 0;
76 
77  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
78  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
79  z[ 5] = w2; w2 = 0;
80 
81  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
82  z[ 6] = w0;
83  z[ 7] = w1;
84  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

Definition at line 141 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

142  {
143  word w2 = 0, w1 = 0, w0 = 0;
144 
145  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
146  z[ 0] = w0; w0 = 0;
147 
148  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
149  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
150  z[ 1] = w1; w1 = 0;
151 
152  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
153  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
154  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
155  z[ 2] = w2; w2 = 0;
156 
157  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
158  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
159  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
160  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
161  z[ 3] = w0; w0 = 0;
162 
163  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
164  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
165  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
166  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
167  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
168  z[ 4] = w1; w1 = 0;
169 
170  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
171  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
172  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
173  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
174  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
175  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
176  z[ 5] = w2; w2 = 0;
177 
178  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
179  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
180  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
181  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
182  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
183  z[ 6] = w0; w0 = 0;
184 
185  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
186  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
187  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
188  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
189  z[ 7] = w1; w1 = 0;
190 
191  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
192  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
193  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
194  z[ 8] = w2; w2 = 0;
195 
196  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
197  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
198  z[ 9] = w0; w0 = 0;
199 
200  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
201  z[10] = w1;
202  z[11] = w2;
203  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

Definition at line 283 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

284  {
285  word w2 = 0, w1 = 0, w0 = 0;
286 
287  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
288  z[ 0] = w0; w0 = 0;
289 
290  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
291  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
292  z[ 1] = w1; w1 = 0;
293 
294  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
295  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
296  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
297  z[ 2] = w2; w2 = 0;
298 
299  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
300  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
301  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
302  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
303  z[ 3] = w0; w0 = 0;
304 
305  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
306  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
307  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
308  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
309  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
310  z[ 4] = w1; w1 = 0;
311 
312  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
313  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
314  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
315  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
316  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
317  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
318  z[ 5] = w2; w2 = 0;
319 
320  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
321  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
322  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
323  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
324  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
325  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
326  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
327  z[ 6] = w0; w0 = 0;
328 
329  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
330  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
331  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
332  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
333  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
334  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
335  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
336  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
337  z[ 7] = w1; w1 = 0;
338 
339  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
340  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
341  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
342  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
343  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
344  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
345  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
346  z[ 8] = w2; w2 = 0;
347 
348  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
349  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
350  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
351  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
352  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
353  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
354  z[ 9] = w0; w0 = 0;
355 
356  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
357  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
358  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
359  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
360  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
361  z[10] = w1; w1 = 0;
362 
363  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
364  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
365  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
366  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
367  z[11] = w2; w2 = 0;
368 
369  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
370  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
371  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
372  z[12] = w0; w0 = 0;
373 
374  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
375  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
376  z[13] = w1; w1 = 0;
377 
378  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
379  z[14] = w2;
380  z[15] = w0;
381  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_mul9 ( word  z[18],
const word  x[9],
const word  y[9] 
)

Definition at line 474 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

475  {
476  word w2 = 0, w1 = 0, w0 = 0;
477 
478  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
479  z[ 0] = w0; w0 = 0;
480 
481  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
482  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
483  z[ 1] = w1; w1 = 0;
484 
485  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
486  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
487  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
488  z[ 2] = w2; w2 = 0;
489 
490  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
491  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
492  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
493  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
494  z[ 3] = w0; w0 = 0;
495 
496  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
497  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
498  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
499  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
500  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
501  z[ 4] = w1; w1 = 0;
502 
503  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
504  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
505  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
506  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
507  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
508  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
509  z[ 5] = w2; w2 = 0;
510 
511  word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
512  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
513  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
514  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
515  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
516  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
517  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
518  z[ 6] = w0; w0 = 0;
519 
520  word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
521  word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
522  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
523  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
524  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
525  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
526  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
527  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
528  z[ 7] = w1; w1 = 0;
529 
530  word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
531  word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
532  word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
533  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
534  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
535  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
536  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
537  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
538  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
539  z[ 8] = w2; w2 = 0;
540 
541  word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
542  word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
543  word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
544  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
545  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
546  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
547  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
548  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
549  z[ 9] = w0; w0 = 0;
550 
551  word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
552  word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
553  word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
554  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
555  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
556  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
557  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
558  z[10] = w1; w1 = 0;
559 
560  word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
561  word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
562  word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
563  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
564  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
565  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
566  z[11] = w2; w2 = 0;
567 
568  word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
569  word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
570  word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
571  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
572  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
573  z[12] = w0; w0 = 0;
574 
575  word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
576  word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
577  word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
578  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
579  z[13] = w1; w1 = 0;
580 
581  word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
582  word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
583  word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
584  z[14] = w2; w2 = 0;
585 
586  word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
587  word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
588  z[15] = w0; w0 = 0;
589 
590  word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
591  z[16] = w1;
592  z[17] = w2;
593  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void Botan::bigint_comba_sqr16 ( word  z[32],
const word  x[16] 
)

Definition at line 598 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

599  {
600  word w2 = 0, w1 = 0, w0 = 0;
601 
602  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
603  z[ 0] = w0; w0 = 0;
604 
605  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
606  z[ 1] = w1; w1 = 0;
607 
608  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
609  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
610  z[ 2] = w2; w2 = 0;
611 
612  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
613  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
614  z[ 3] = w0; w0 = 0;
615 
616  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
617  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
618  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
619  z[ 4] = w1; w1 = 0;
620 
621  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
622  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
623  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
624  z[ 5] = w2; w2 = 0;
625 
626  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
627  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
628  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
629  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
630  z[ 6] = w0; w0 = 0;
631 
632  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
633  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
634  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
635  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
636  z[ 7] = w1; w1 = 0;
637 
638  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
639  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
640  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
641  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
642  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
643  z[ 8] = w2; w2 = 0;
644 
645  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
646  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
647  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
648  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
649  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
650  z[ 9] = w0; w0 = 0;
651 
652  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
653  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
654  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
655  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
656  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
657  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
658  z[10] = w1; w1 = 0;
659 
660  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
661  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
662  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
663  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
664  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
665  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
666  z[11] = w2; w2 = 0;
667 
668  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
669  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
670  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[10]);
671  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]);
672  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
673  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
674  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
675  z[12] = w0; w0 = 0;
676 
677  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
678  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
679  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
680  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
681  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
682  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
683  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
684  z[13] = w1; w1 = 0;
685 
686  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
687  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
688  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
689  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
690  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
691  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
692  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
693  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
694  z[14] = w2; w2 = 0;
695 
696  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
697  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
698  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[13]);
699  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[12]);
700  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[11]);
701  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
702  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
703  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
704  z[15] = w0; w0 = 0;
705 
706  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
707  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
708  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
709  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
710  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
711  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
712  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
713  word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
714  z[16] = w1; w1 = 0;
715 
716  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
717  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
718  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
719  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
720  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
721  word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
722  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
723  z[17] = w2; w2 = 0;
724 
725  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
726  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
727  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[13]);
728  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]);
729  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
730  word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
731  word3_muladd (&w2, &w1, &w0, x[ 9], x[ 9]);
732  z[18] = w0; w0 = 0;
733 
734  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
735  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
736  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
737  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
738  word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
739  word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
740  z[19] = w1; w1 = 0;
741 
742  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
743  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
744  word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
745  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
746  word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
747  word3_muladd (&w1, &w0, &w2, x[10], x[10]);
748  z[20] = w2; w2 = 0;
749 
750  word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
751  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
752  word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
753  word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
754  word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
755  z[21] = w0; w0 = 0;
756 
757  word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
758  word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
759  word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
760  word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
761  word3_muladd (&w0, &w2, &w1, x[11], x[11]);
762  z[22] = w1; w1 = 0;
763 
764  word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
765  word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
766  word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
767  word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
768  z[23] = w2; w2 = 0;
769 
770  word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
771  word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
772  word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
773  word3_muladd (&w2, &w1, &w0, x[12], x[12]);
774  z[24] = w0; w0 = 0;
775 
776  word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
777  word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
778  word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
779  z[25] = w1; w1 = 0;
780 
781  word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
782  word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
783  word3_muladd (&w1, &w0, &w2, x[13], x[13]);
784  z[26] = w2; w2 = 0;
785 
786  word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
787  word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
788  z[27] = w0; w0 = 0;
789 
790  word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
791  word3_muladd (&w0, &w2, &w1, x[14], x[14]);
792  z[28] = w1; w1 = 0;
793 
794  word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
795  z[29] = w2; w2 = 0;
796 
797  word3_muladd (&w2, &w1, &w0, x[15], x[15]);
798  z[30] = w0;
799  z[31] = w1;
800  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr4 ( word  z[8],
const word  x[4] 
)

Definition at line 17 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

18  {
19  word w2 = 0, w1 = 0, w0 = 0;
20 
21  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
22  z[ 0] = w0; w0 = 0;
23 
24  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
25  z[ 1] = w1; w1 = 0;
26 
27  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
28  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
29  z[ 2] = w2; w2 = 0;
30 
31  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
32  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
33  z[ 3] = w0; w0 = 0;
34 
35  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
36  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
37  z[ 4] = w1; w1 = 0;
38 
39  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
40  z[ 5] = w2; w2 = 0;
41 
42  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
43  z[ 6] = w0;
44  z[ 7] = w1;
45  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr6 ( word  z[12],
const word  x[6] 
)

Definition at line 89 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

90  {
91  word w2 = 0, w1 = 0, w0 = 0;
92 
93  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
94  z[ 0] = w0; w0 = 0;
95 
96  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
97  z[ 1] = w1; w1 = 0;
98 
99  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
100  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
101  z[ 2] = w2; w2 = 0;
102 
103  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
104  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
105  z[ 3] = w0; w0 = 0;
106 
107  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
108  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
109  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
110  z[ 4] = w1; w1 = 0;
111 
112  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
113  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
114  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
115  z[ 5] = w2; w2 = 0;
116 
117  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
118  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
119  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
120  z[ 6] = w0; w0 = 0;
121 
122  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
123  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
124  z[ 7] = w1; w1 = 0;
125 
126  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
127  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
128  z[ 8] = w2; w2 = 0;
129 
130  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
131  z[ 9] = w0; w0 = 0;
132 
133  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
134  z[10] = w1;
135  z[11] = w2;
136  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr8 ( word  z[16],
const word  x[8] 
)

Definition at line 208 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

209  {
210  word w2 = 0, w1 = 0, w0 = 0;
211 
212  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
213  z[ 0] = w0; w0 = 0;
214 
215  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
216  z[ 1] = w1; w1 = 0;
217 
218  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
219  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
220  z[ 2] = w2; w2 = 0;
221 
222  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
223  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
224  z[ 3] = w0; w0 = 0;
225 
226  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
227  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
228  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
229  z[ 4] = w1; w1 = 0;
230 
231  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
232  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
233  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
234  z[ 5] = w2; w2 = 0;
235 
236  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
237  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
238  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
239  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
240  z[ 6] = w0; w0 = 0;
241 
242  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
243  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
244  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
245  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
246  z[ 7] = w1; w1 = 0;
247 
248  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
249  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
250  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
251  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
252  z[ 8] = w2; w2 = 0;
253 
254  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
255  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
256  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
257  z[ 9] = w0; w0 = 0;
258 
259  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
260  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
261  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
262  z[10] = w1; w1 = 0;
263 
264  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
265  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
266  z[11] = w2; w2 = 0;
267 
268  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
269  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
270  z[12] = w0; w0 = 0;
271 
272  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
273  z[13] = w1; w1 = 0;
274 
275  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
276  z[14] = w2;
277  z[15] = w0;
278  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
void Botan::bigint_comba_sqr9 ( word  z[18],
const word  x[9] 
)

Definition at line 386 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

387  {
388  word w2 = 0, w1 = 0, w0 = 0;
389 
390  word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
391  z[ 0] = w0; w0 = 0;
392 
393  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
394  z[ 1] = w1; w1 = 0;
395 
396  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
397  word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
398  z[ 2] = w2; w2 = 0;
399 
400  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
401  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
402  z[ 3] = w0; w0 = 0;
403 
404  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
405  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
406  word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
407  z[ 4] = w1; w1 = 0;
408 
409  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
410  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
411  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
412  z[ 5] = w2; w2 = 0;
413 
414  word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
415  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
416  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
417  word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
418  z[ 6] = w0; w0 = 0;
419 
420  word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
421  word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
422  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
423  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
424  z[ 7] = w1; w1 = 0;
425 
426  word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
427  word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
428  word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
429  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
430  word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
431  z[ 8] = w2; w2 = 0;
432 
433  word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
434  word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
435  word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
436  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
437  z[ 9] = w0; w0 = 0;
438 
439  word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
440  word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
441  word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
442  word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
443  z[10] = w1; w1 = 0;
444 
445  word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
446  word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
447  word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
448  z[11] = w2; w2 = 0;
449 
450  word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
451  word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
452  word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
453  z[12] = w0; w0 = 0;
454 
455  word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
456  word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
457  z[13] = w1; w1 = 0;
458 
459  word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
460  word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
461  z[14] = w2; w2 = 0;
462 
463  word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
464  z[15] = w0; w0 = 0;
465 
466  word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
467  z[16] = w1;
468  z[17] = w2;
469  }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:717
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition: mp_asmi.h:756
word Botan::bigint_divop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) / d

Definition at line 404 of file mp_core.cpp.

References MP_WORD_BITS, and MP_WORD_TOP_BIT.

Referenced by bigint_modop(), divide(), and monty_inverse().

405  {
406  if(d == 0)
407  throw Invalid_Argument("bigint_divop divide by zero");
408 
409  word high = n1 % d, quotient = 0;
410 
411  for(size_t i = 0; i != MP_WORD_BITS; ++i)
412  {
413  word high_top_bit = (high & MP_WORD_TOP_BIT);
414 
415  high <<= 1;
416  high |= (n0 >> (MP_WORD_BITS-1-i)) & 1;
417  quotient <<= 1;
418 
419  if(high_top_bit || high >= d)
420  {
421  high -= d;
422  quotient |= 1;
423  }
424  }
425 
426  return quotient;
427  }
const word MP_WORD_TOP_BIT
Definition: mp_types.h:28
const size_t MP_WORD_BITS
Definition: mp_core.h:21
void Botan::bigint_linmul2 ( word  x[],
size_t  x_size,
word  y 
)

Definition at line 222 of file mp_core.cpp.

References word8_linmul2(), and word_madd2().

Referenced by Botan::BigInt::operator*=().

223  {
224  const size_t blocks = x_size - (x_size % 8);
225 
226  word carry = 0;
227 
228  for(size_t i = 0; i != blocks; i += 8)
229  carry = word8_linmul2(x + i, y, carry);
230 
231  for(size_t i = blocks; i != x_size; ++i)
232  x[i] = word_madd2(x[i], y, &carry);
233 
234  x[x_size] = carry;
235  }
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word word8_linmul2(word x[8], word y, word carry)
Definition: mp_asmi.h:488
void Botan::bigint_linmul3 ( word  z[],
const word  x[],
size_t  x_size,
word  y 
)

Definition at line 240 of file mp_core.cpp.

References word8_linmul3(), and word_madd2().

Referenced by bigint_mul(), bigint_sqr(), operator*(), and Botan::BigInt::operator*=().

241  {
242  const size_t blocks = x_size - (x_size % 8);
243 
244  word carry = 0;
245 
246  for(size_t i = 0; i != blocks; i += 8)
247  carry = word8_linmul3(z + i, x + i, y, carry);
248 
249  for(size_t i = blocks; i != x_size; ++i)
250  z[i] = word_madd2(x[i], y, &carry);
251 
252  z[x_size] = carry;
253  }
word word8_linmul3(word z[8], const word x[8], word y, word carry)
Definition: mp_asmi.h:585
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word Botan::bigint_modop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) % d

Definition at line 432 of file mp_core.cpp.

References bigint_divop(), and word_madd2().

Referenced by operator%(), and Botan::BigInt::operator%=().

433  {
434  word z = bigint_divop(n1, n0, d);
435  word dummy = 0;
436  z = word_madd2(z, d, &dummy);
437  return (n0-z);
438  }
word bigint_divop(word n1, word n0, word d)
Definition: mp_core.cpp:404
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
void Botan::bigint_monty_mul ( BigInt z,
const BigInt x,
const BigInt y,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 97 of file mp_monty.cpp.

References bigint_monty_redc(), bigint_mul(), and Botan::BigInt::mutable_data().

Referenced by Botan::Montgomery_Exponentiator::execute(), and Botan::Montgomery_Exponentiator::set_base().

100  {
101  bigint_mul(z, x, y, &ws[0]);
102 
103  bigint_monty_redc(z.mutable_data(),
104  &p[0], p_size, p_dash,
105  &ws[0]);
106 
107  }
void bigint_mul(BigInt &z, const BigInt &x, const BigInt &y, word workspace[])
Definition: mp_karat.cpp:252
void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, word workspace[])
Definition: mp_monty.cpp:22
void Botan::bigint_monty_redc ( word  z[],
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Montgomery Reduction

Parameters
zinteger to reduce, of size exactly 2*(p_size+1). Output is in the first p_size+1 words, higher words are set to zero.
pmodulus
p_sizesize of p
p_dashMontgomery value
workspacearray of at least 2*(p_size+1) words

Definition at line 22 of file mp_monty.cpp.

References BOTAN_ASSERT, clear_mem(), Botan::CT::conditional_copy_mem(), copy_mem(), Botan::CT::poison(), Botan::CT::unpoison(), word8_madd3(), word_madd3(), and word_sub().

Referenced by bigint_monty_mul(), bigint_monty_sqr(), and Botan::Montgomery_Exponentiator::execute().

25  {
26  const size_t z_size = 2*(p_size+1);
27 
28  CT::poison(z, z_size);
29  CT::poison(p, p_size);
30  CT::poison(ws, 2*(p_size+1));
31 
32  const size_t blocks_of_8 = p_size - (p_size % 8);
33 
34  for(size_t i = 0; i != p_size; ++i)
35  {
36  word* z_i = z + i;
37 
38  const word y = z_i[0] * p_dash;
39 
40  /*
41  bigint_linmul3(ws, p, p_size, y);
42  bigint_add2(z_i, z_size - i, ws, p_size+1);
43  */
44 
45  word carry = 0;
46 
47  for(size_t j = 0; j != blocks_of_8; j += 8)
48  carry = word8_madd3(z_i + j, p + j, y, carry);
49 
50  for(size_t j = blocks_of_8; j != p_size; ++j)
51  z_i[j] = word_madd3(p[j], y, z_i[j], &carry);
52 
53  word z_sum = z_i[p_size] + carry;
54  carry = (z_sum < z_i[p_size]);
55  z_i[p_size] = z_sum;
56 
57  for(size_t j = p_size + 1; j < z_size - i; ++j)
58  {
59  z_i[j] += carry;
60  carry = carry & !z_i[j];
61  }
62  }
63 
64  /*
65  * The result might need to be reduced mod p. To avoid a timing
66  * channel, always perform the subtraction. If in the compution
67  * of x - p a borrow is required then x was already < p.
68  *
69  * x - p starts at ws[0] and is p_size+1 bytes long
70  * x starts at ws[p_size+1] and is also p_size+1 bytes log
71  * (that's the copy_mem)
72  *
73  * Select which address to copy from indexing off of the final
74  * borrow.
75  */
76 
77  word borrow = 0;
78  for(size_t i = 0; i != p_size; ++i)
79  ws[i] = word_sub(z[p_size + i], p[i], &borrow);
80 
81  ws[p_size] = word_sub(z[p_size+p_size], 0, &borrow);
82 
83  copy_mem(ws + p_size + 1, z + p_size, p_size + 1);
84 
85  CT::conditional_copy_mem(borrow, z, ws + (p_size + 1), ws, (p_size + 1));
86  clear_mem(z + p_size + 1, z_size - p_size - 1);
87 
88  CT::unpoison(z, z_size);
89  CT::unpoison(p, p_size);
90  CT::unpoison(ws, 2*(p_size+1));
91 
92  // This check comes after we've used it but that's ok here
93  CT::unpoison(&borrow, 1);
94  BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow");
95  }
void conditional_copy_mem(T value, T *to, const T *from0, const T *from1, size_t elems)
Definition: ct_utils.h:138
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
word word_madd3(word a, word b, word c, word *d)
Definition: mp_madd.h:105
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word word8_madd3(word z[8], const word x[8], word y, word carry)
Definition: mp_asmi.h:681
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57
void Botan::bigint_monty_sqr ( BigInt z,
const BigInt x,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 109 of file mp_monty.cpp.

References bigint_monty_redc(), bigint_sqr(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by Botan::Montgomery_Exponentiator::execute().

111  {
112  bigint_sqr(z.mutable_data(), z.size(), &ws[0],
113  x.data(), x.size(), x.sig_words());
114 
115  bigint_monty_redc(z.mutable_data(),
116  &p[0], p_size, p_dash,
117  &ws[0]);
118  }
void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
Definition: mp_karat.cpp:312
void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, word workspace[])
Definition: mp_monty.cpp:22
void Botan::bigint_mul ( BigInt z,
const BigInt x,
const BigInt y,
word  workspace[] 
)

Definition at line 252 of file mp_karat.cpp.

References bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_linmul3(), clear_mem(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by bigint_monty_mul(), mul_add(), operator*(), and Botan::BigInt::operator*=().

253  {
254  const size_t x_sig_words = x.sig_words();
255  const size_t y_sig_words = y.sig_words();
256 
257  clear_mem(z.mutable_data(), z.size());
258 
259  if(x_sig_words == 1)
260  {
261  bigint_linmul3(z.mutable_data(), y.data(), y_sig_words, x.data()[0]);
262  }
263  else if(y_sig_words == 1)
264  {
265  bigint_linmul3(z.mutable_data(), x.data(), x_sig_words, y.data()[0]);
266  }
267  else if(x_sig_words <= 4 && x.size() >= 4 &&
268  y_sig_words <= 4 && y.size() >= 4 && z.size() >= 8)
269  {
270  bigint_comba_mul4(z.mutable_data(), x.data(), y.data());
271  }
272  else if(x_sig_words <= 6 && x.size() >= 6 &&
273  y_sig_words <= 6 && y.size() >= 6 && z.size() >= 12)
274  {
275  bigint_comba_mul6(z.mutable_data(), x.data(), y.data());
276  }
277  else if(x_sig_words <= 8 && x.size() >= 8 &&
278  y_sig_words <= 8 && y.size() >= 8 && z.size() >= 16)
279  {
280  bigint_comba_mul8(z.mutable_data(), x.data(), y.data());
281  }
282  else if(x_sig_words <= 9 && x.size() >= 9 &&
283  y_sig_words <= 9 && y.size() >= 9 && z.size() >= 18)
284  {
285  bigint_comba_mul9(z.mutable_data(), x.data(), y.data());
286  }
287  else if(x_sig_words <= 16 && x.size() >= 16 &&
288  y_sig_words <= 16 && y.size() >= 16 && z.size() >= 32)
289  {
290  bigint_comba_mul16(z.mutable_data(), x.data(), y.data());
291  }
292  else if(x_sig_words < KARATSUBA_MULTIPLY_THRESHOLD ||
293  y_sig_words < KARATSUBA_MULTIPLY_THRESHOLD ||
294  !workspace)
295  {
296  basecase_mul(z.mutable_data(), x.data(), x_sig_words, y.data(), y_sig_words);
297  }
298  else
299  {
300  const size_t N = karatsuba_size(z.size(), x.size(), x_sig_words, y.size(), y_sig_words);
301 
302  if(N)
303  karatsuba_mul(z.mutable_data(), x.data(), y.data(), N, workspace);
304  else
305  basecase_mul(z.mutable_data(), x.data(), x_sig_words, y.data(), y_sig_words);
306  }
307  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
Definition: mp_comba.cpp:50
void bigint_comba_mul9(word z[18], const word x[9], const word y[9])
Definition: mp_comba.cpp:474
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition: mp_core.cpp:240
void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
Definition: mp_comba.cpp:283
void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
Definition: mp_comba.cpp:805
void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
Definition: mp_comba.cpp:141
void Botan::bigint_shl1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 258 of file mp_core.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by Botan::BigInt::operator-=(), and Botan::BigInt::operator<<=().

259  {
260  if(word_shift)
261  {
262  copy_mem(x + word_shift, x, x_size);
263  clear_mem(x, word_shift);
264  }
265 
266  if(bit_shift)
267  {
268  word carry = 0;
269  for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
270  {
271  word temp = x[j];
272  x[j] = (temp << bit_shift) | carry;
273  carry = (temp >> (MP_WORD_BITS - bit_shift));
274  }
275  }
276  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
const size_t MP_WORD_BITS
Definition: mp_core.h:21
void Botan::bigint_shl2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 336 of file mp_core.cpp.

References MP_WORD_BITS.

Referenced by operator-(), and operator<<().

338  {
339  for(size_t j = 0; j != x_size; ++j)
340  y[j + word_shift] = x[j];
341  if(bit_shift)
342  {
343  word carry = 0;
344  for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
345  {
346  word w = y[j];
347  y[j] = (w << bit_shift) | carry;
348  carry = (w >> (MP_WORD_BITS - bit_shift));
349  }
350  }
351  }
const size_t MP_WORD_BITS
Definition: mp_core.h:21
void Botan::bigint_shr1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 281 of file mp_core.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by ct_inverse_mod_odd_modulus(), and Botan::BigInt::operator>>=().

282  {
283  if(x_size < word_shift)
284  {
285  clear_mem(x, x_size);
286  return;
287  }
288 
289  if(word_shift)
290  {
291  copy_mem(x, x + word_shift, x_size - word_shift);
292  clear_mem(x + x_size - word_shift, word_shift);
293  }
294 
295  if(bit_shift)
296  {
297  word carry = 0;
298 
299  size_t top = x_size - word_shift;
300 
301  while(top >= 4)
302  {
303  word w = x[top-1];
304  x[top-1] = (w >> bit_shift) | carry;
305  carry = (w << (MP_WORD_BITS - bit_shift));
306 
307  w = x[top-2];
308  x[top-2] = (w >> bit_shift) | carry;
309  carry = (w << (MP_WORD_BITS - bit_shift));
310 
311  w = x[top-3];
312  x[top-3] = (w >> bit_shift) | carry;
313  carry = (w << (MP_WORD_BITS - bit_shift));
314 
315  w = x[top-4];
316  x[top-4] = (w >> bit_shift) | carry;
317  carry = (w << (MP_WORD_BITS - bit_shift));
318 
319  top -= 4;
320  }
321 
322  while(top)
323  {
324  word w = x[top-1];
325  x[top-1] = (w >> bit_shift) | carry;
326  carry = (w << (MP_WORD_BITS - bit_shift));
327 
328  top--;
329  }
330  }
331  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
const size_t MP_WORD_BITS
Definition: mp_core.h:21
void Botan::bigint_shr2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 356 of file mp_core.cpp.

References MP_WORD_BITS.

Referenced by operator>>(), and redc_p521().

358  {
359  if(x_size < word_shift) return;
360 
361  for(size_t j = 0; j != x_size - word_shift; ++j)
362  y[j] = x[j + word_shift];
363  if(bit_shift)
364  {
365  word carry = 0;
366  for(size_t j = x_size - word_shift; j > 0; --j)
367  {
368  word w = y[j-1];
369  y[j-1] = (w >> bit_shift) | carry;
370  carry = (w << (MP_WORD_BITS - bit_shift));
371  }
372  }
373  }
const size_t MP_WORD_BITS
Definition: mp_core.h:21
void Botan::bigint_sqr ( word  z[],
size_t  z_size,
word  workspace[],
const word  x[],
size_t  x_size,
size_t  x_sw 
)

Definition at line 312 of file mp_karat.cpp.

References bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_linmul3(), and BOTAN_ASSERT.

Referenced by bigint_monty_sqr(), and square().

314  {
315  BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient");
316 
317  if(x_sw == 1)
318  {
319  bigint_linmul3(z, x, x_sw, x[0]);
320  }
321  else if(x_sw <= 4 && x_size >= 4 && z_size >= 8)
322  {
323  bigint_comba_sqr4(z, x);
324  }
325  else if(x_sw <= 6 && x_size >= 6 && z_size >= 12)
326  {
327  bigint_comba_sqr6(z, x);
328  }
329  else if(x_sw <= 8 && x_size >= 8 && z_size >= 16)
330  {
331  bigint_comba_sqr8(z, x);
332  }
333  else if(x_sw == 9 && x_size >= 9 && z_size >= 18)
334  {
335  bigint_comba_sqr9(z, x);
336  }
337  else if(x_sw <= 16 && x_size >= 16 && z_size >= 32)
338  {
339  bigint_comba_sqr16(z, x);
340  }
341  else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace)
342  {
343  basecase_mul(z, x, x_sw, x, x_sw);
344  }
345  else
346  {
347  const size_t N = karatsuba_size(z_size, x_size, x_sw);
348 
349  if(N)
350  karatsuba_sqr(z, x, N, workspace);
351  else
352  basecase_mul(z, x, x_sw, x, x_sw);
353  }
354  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition: mp_core.cpp:240
void bigint_comba_sqr16(word z[32], const word x[16])
Definition: mp_comba.cpp:598
void bigint_comba_sqr9(word z[18], const word x[9])
Definition: mp_comba.cpp:386
void bigint_comba_sqr8(word z[16], const word x[8])
Definition: mp_comba.cpp:208
void bigint_comba_sqr4(word z[8], const word x[4])
Definition: mp_comba.cpp:17
void bigint_comba_sqr6(word z[12], const word x[6])
Definition: mp_comba.cpp:89
word Botan::bigint_sub2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand subtraction

Definition at line 157 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub2(), and word_sub().

Referenced by Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

158  {
159  word borrow = 0;
160 
161  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
162 
163  const size_t blocks = y_size - (y_size % 8);
164 
165  for(size_t i = 0; i != blocks; i += 8)
166  borrow = word8_sub2(x + i, y + i, borrow);
167 
168  for(size_t i = blocks; i != y_size; ++i)
169  x[i] = word_sub(x[i], y[i], &borrow);
170 
171  for(size_t i = y_size; i != x_size; ++i)
172  x[i] = word_sub(x[i], 0, &borrow);
173 
174  return borrow;
175  }
word word8_sub2(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:311
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
void Botan::bigint_sub2_rev ( word  x[],
const word  y[],
size_t  y_size 
)

Two operand subtraction, x = y - x; assumes y >= x

Definition at line 180 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub2_rev(), and word_sub().

Referenced by Botan::BigInt::operator-=().

181  {
182  word borrow = 0;
183 
184  const size_t blocks = y_size - (y_size % 8);
185 
186  for(size_t i = 0; i != blocks; i += 8)
187  borrow = word8_sub2_rev(x + i, y + i, borrow);
188 
189  for(size_t i = blocks; i != y_size; ++i)
190  x[i] = word_sub(y[i], x[i], &borrow);
191 
192  BOTAN_ASSERT(!borrow, "y must be greater than x");
193  }
word word8_sub2_rev(word x[8], const word y[8], word carry)
Definition: mp_asmi.h:381
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word Botan::bigint_sub3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand subtraction

Definition at line 198 of file mp_core.cpp.

References BOTAN_ASSERT, word8_sub3(), and word_sub().

Referenced by operator+(), Botan::BigInt::operator+=(), and operator-().

200  {
201  word borrow = 0;
202 
203  BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
204 
205  const size_t blocks = y_size - (y_size % 8);
206 
207  for(size_t i = 0; i != blocks; i += 8)
208  borrow = word8_sub3(z + i, x + i, y + i, borrow);
209 
210  for(size_t i = blocks; i != y_size; ++i)
211  z[i] = word_sub(x[i], y[i], &borrow);
212 
213  for(size_t i = y_size; i != x_size; ++i)
214  z[i] = word_sub(x[i], 0, &borrow);
215 
216  return borrow;
217  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition: mp_asmi.h:416
uint32_t Botan::bit_size_to_32bit_size ( uint32_t  bit_size)
inline

Definition at line 50 of file code_based_util.h.

Referenced by generate_mceliece_key(), mceliece_decrypt(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().

51  {
52  return (bit_size - 1) / 32 + 1;
53  }
uint32_t Botan::bit_size_to_byte_size ( uint32_t  bit_size)
inline

Definition at line 45 of file code_based_util.h.

Referenced by mceliece_decrypt().

46  {
47  return (bit_size - 1) / 8 + 1;
48  }
class BOTAN_DLL Botan::BOTAN_DEPRECATED ( "LibraryInitializer is no longer required"  )

Definition at line 22 of file init.h.

23  {
24  public:
25  explicit LibraryInitializer(const std::string& /*ignored*/ = "") { }
26 
27  static void initialize(const std::string& /*ignored*/ = "") {}
28  static void deinitialize() {}
29  };
template<typename T >
void Botan::bswap_4 ( x[4])
inline

Swap 4 Ts in an array

Definition at line 112 of file bswap.h.

References reverse_bytes().

Referenced by Botan::SIMD_4x32::load_be(), load_be(), Botan::SIMD_4x32::load_le(), and load_le().

113  {
114  x[0] = reverse_bytes(x[0]);
115  x[1] = reverse_bytes(x[1]);
116  x[2] = reverse_bytes(x[2]);
117  x[3] = reverse_bytes(x[3]);
118  }
uint64_t reverse_bytes(uint64_t val)
Definition: bswap.h:80
template<typename T , typename Alloc >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const T  input[],
size_t  input_length 
)

Definition at line 133 of file secmem.h.

References copy_mem(), and Botan::CT::min().

Referenced by Botan::MDx_HashFunction::add_data(), Botan::OFB::set_iv(), Botan::CTR_BE::set_iv(), Botan::Base64_Encoder::write(), and Botan::Hex_Encoder::write().

137  {
138  const size_t to_copy = std::min(input_length, buf.size() - buf_offset);
139  if (to_copy > 0)
140  {
141  copy_mem(&buf[buf_offset], input, to_copy);
142  }
143  return to_copy;
144  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
T min(T a, T b)
Definition: ct_utils.h:180
template<typename T , typename Alloc , typename Alloc2 >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const std::vector< T, Alloc2 > &  input 
)

Definition at line 147 of file secmem.h.

References copy_mem(), and Botan::CT::min().

150  {
151  const size_t to_copy = std::min(input.size(), buf.size() - buf_offset);
152  if (to_copy > 0)
153  {
154  copy_mem(&buf[buf_offset], input.data(), to_copy);
155  }
156  return to_copy;
157  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
T min(T a, T b)
Definition: ct_utils.h:180
BOTAN_DLL calendar_point Botan::calendar_value ( const std::chrono::system_clock::time_point &  time_point)

Convert a time_point to a calendar_point

Parameters
time_pointa time point from the system clock
Returns
calendar_point object representing this time point

Definition at line 177 of file calendar.cpp.

References Botan::calendar_point::calendar_point().

Referenced by Botan::X509_Time::X509_Time().

179  {
180  std::tm tm = do_gmtime(std::chrono::system_clock::to_time_t(time_point));
181 
182  return calendar_point(tm.tm_year + 1900,
183  tm.tm_mon + 1,
184  tm.tm_mday,
185  tm.tm_hour,
186  tm.tm_min,
187  tm.tm_sec);
188  }
uint64_t Botan::carry_shift ( const donna128 a,
size_t  shift 
)
inline

Definition at line 108 of file donna128.h.

109  {
110  return (a >> shift).lo();
111  }
void Botan::CECPQ1_accept ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
uint8_t  send[CECPQ1_ACCEPT_BYTES],
const uint8_t  received[CECPQ1_OFFER_BYTES],
RandomNumberGenerator rng 
)

Definition at line 25 of file cecpq1.cpp.

References BoringSSL, curve25519_basepoint(), curve25519_donna(), newhope_sharedb(), and Botan::RandomNumberGenerator::random_vec().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

29  {
30  secure_vector<uint8_t> x25519_key = rng.random_vec(32);
31 
32  curve25519_basepoint(send, x25519_key.data());
33 
34  curve25519_donna(shared_key, x25519_key.data(), received);
35 
36  newhope_sharedb(shared_key + 32, send + 32, received + 32,
37  rng, Newhope_Mode::BoringSSL);
38  }
void newhope_sharedb(uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:725
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:15
void BOTAN_DLL curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
void BOTAN_DLL Botan::CECPQ1_accept ( uint8_t *  shared_key,
uint8_t *  accept_message,
const uint8_t *  offer_message,
RandomNumberGenerator rng 
)
void BOTAN_DLL Botan::CECPQ1_finish ( uint8_t *  shared_key,
const CECPQ1_key offer_key,
const uint8_t *  accept_message 
)
void Botan::CECPQ1_finish ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
const CECPQ1_key offer_key,
const uint8_t  received[CECPQ1_ACCEPT_BYTES] 
)

Definition at line 40 of file cecpq1.cpp.

References BoringSSL, curve25519_donna(), Botan::CECPQ1_key::m_newhope, Botan::CECPQ1_key::m_x25519, and newhope_shareda().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

43  {
44  curve25519_donna(shared_key, offer_key.m_x25519.data(), received);
45 
46  newhope_shareda(shared_key + 32, &offer_key.m_newhope, received + 32,
47  Newhope_Mode::BoringSSL);
48  }
void newhope_shareda(uint8_t *sharedkey, const poly *sk, const uint8_t *received, Newhope_Mode mode)
Definition: newhope.cpp:766
void BOTAN_DLL curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
void Botan::CECPQ1_offer ( uint8_t  send[CECPQ1_OFFER_BYTES],
CECPQ1_key offer_key_output,
RandomNumberGenerator rng 
)

Definition at line 14 of file cecpq1.cpp.

References BoringSSL, curve25519_basepoint(), Botan::CECPQ1_key::m_newhope, Botan::CECPQ1_key::m_x25519, newhope_keygen(), and Botan::RandomNumberGenerator::random_vec().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

17  {
18  offer_key_output->m_x25519 = rng.random_vec(32);
19  curve25519_basepoint(send, offer_key_output->m_x25519.data());
20 
21  newhope_keygen(send + 32, &offer_key_output->m_newhope,
22  rng, Newhope_Mode::BoringSSL);
23  }
void newhope_keygen(uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:703
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:15
void BOTAN_DLL Botan::CECPQ1_offer ( uint8_t *  offer_message,
CECPQ1_key offer_key_output,
RandomNumberGenerator rng 
)
template<typename T >
size_t Botan::ceil_log2 ( x)

Definition at line 106 of file bit_ops.h.

Referenced by Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), and mceliece_work_factor().

107  {
108  if(x >> (sizeof(T)*8-1))
109  return sizeof(T)*8;
110 
111  size_t result = 0;
112  T compare = 1;
113 
114  while(compare < x)
115  {
116  compare <<= 1;
117  result++;
118  }
119 
120  return result;
121  }
bool BOTAN_DLL Botan::check_bcrypt ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 132 of file bcrypt.cpp.

References same_mem(), and to_u32bit().

Referenced by botan_bcrypt_is_valid().

133  {
134  if(hash.size() != 60 ||
135  hash[0] != '$' || hash[1] != '2' || hash[2] != 'a' ||
136  hash[3] != '$' || hash[6] != '$')
137  {
138  return false;
139  }
140 
141  const uint16_t workfactor = to_u32bit(hash.substr(4, 2));
142 
143  const std::vector<uint8_t> salt = bcrypt_base64_decode(hash.substr(7, 22));
144  if(salt.size() != 16)
145  return false;
146 
147  const std::string compare = make_bcrypt(pass, salt, workfactor);
148 
149  return same_mem(hash.data(), compare.data(), compare.size());
150  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:18
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
MechanismType hash
bool BOTAN_DLL Botan::check_passhash9 ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 75 of file passhash9.cpp.

References base64_decode(), Botan::OctetString::bits_of(), Botan::PBKDF::derive_key(), load_be< uint16_t >(), same_mem(), and Botan::ASN1::to_string().

76  {
77  const size_t BINARY_LENGTH =
78  ALGID_BYTES +
79  WORKFACTOR_BYTES +
80  PASSHASH9_PBKDF_OUTPUT_LEN +
81  SALT_BYTES;
82 
83  const size_t BASE64_LENGTH =
84  MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;
85 
86  if(hash.size() != BASE64_LENGTH)
87  return false;
88 
89  for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)
90  if(hash[i] != MAGIC_PREFIX[i])
91  return false;
92 
93  secure_vector<uint8_t> bin = base64_decode(hash.c_str() + MAGIC_PREFIX.size());
94 
95  if(bin.size() != BINARY_LENGTH)
96  return false;
97 
98  uint8_t alg_id = bin[0];
99 
100  const size_t work_factor = load_be<uint16_t>(&bin[ALGID_BYTES], 0);
101 
102  // Bug in the format, bad states shouldn't be representable, but are...
103  if(work_factor == 0)
104  return false;
105 
106  if(work_factor > 512)
107  throw Invalid_Argument("Requested Bcrypt work factor " +
108  std::to_string(work_factor) + " too large");
109 
110  const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
111 
112  std::unique_ptr<MessageAuthenticationCode> pbkdf_prf = get_pbkdf_prf(alg_id);
113 
114  if(!pbkdf_prf)
115  return false; // unknown algorithm, reject
116 
117  PKCS5_PBKDF2 kdf(pbkdf_prf.release()); // takes ownership of pointer
118 
119  secure_vector<uint8_t> cmp = kdf.derive_key(
120  PASSHASH9_PBKDF_OUTPUT_LEN,
121  pass,
122  &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,
123  kdf_iterations).bits_of();
124 
125  return same_mem(cmp.data(),
126  &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],
127  PASSHASH9_PBKDF_OUTPUT_LEN);
128  }
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
size_t base64_decode(uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:100
uint16_t load_be< uint16_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:145
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
MechanismType hash
bool Botan::check_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 174 of file numthry.h.

References is_prime().

175  { return is_prime(n, rng, 56); }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
size_t Botan::checked_add ( size_t  x,
size_t  y,
const char *  file,
int  line 
)
inline

Definition at line 24 of file safeint.h.

25  {
26  // TODO: use __builtin_x_overflow on GCC and Clang
27  size_t z = x + y;
28  if(z < x)
29  {
30  throw Integer_Overflow_Detected(file, line);
31  }
32  return z;
33  }
BOTAN_DLL PK_Signer * Botan::choose_sig_format ( const Private_Key key,
RandomNumberGenerator rng,
const std::string &  hash_fn,
AlgorithmIdentifier alg_id 
)

Choose the default signature format for a certain public key signature scheme.

Parameters
keywill be the key to choose a padding scheme for
rngthe random generator to use
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

Definition at line 228 of file x509_ca.cpp.

References Botan::Public_Key::algo_name(), Botan::Public_Key::algorithm_identifier(), Botan::HashFunction::create_or_throw(), DER_SEQUENCE, hash, IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, and Botan::AlgorithmIdentifier::parameters.

Referenced by Botan::X509::create_cert_req(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::X509_CA().

232  {
233  const std::string algo_name = key.algo_name();
234 
235  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn));
236 
237  std::string padding;
238  if(algo_name == "RSA")
239  {
240  padding = "EMSA3";
241  }
242  else if(algo_name == "DSA" ||
243  algo_name == "ECDSA" ||
244  algo_name == "ECGDSA" ||
245  algo_name == "ECKCDSA" ||
246  algo_name == "GOST-34.10")
247  {
248  padding = "EMSA1";
249  }
250  else
251  {
252  throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
253  }
254 
255  const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
256 
257  padding = padding + "(" + hash->name() + ")";
258 
259  sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
260  sig_algo.parameters = key.algorithm_identifier().parameters;
261 
262  return new PK_Signer(key, rng, padding, format);
263  }
Signature_Format
Definition: pubkey.h:29
std::string lookup(const OID &oid)
Definition: oids.cpp:18
MechanismType hash
size_t Botan::clamp ( size_t  n,
size_t  lower_bound,
size_t  upper_bound 
)
inline

Clamp

Definition at line 49 of file rounding.h.

50  {
51  if(n < lower_bound)
52  return lower_bound;
53  if(n > upper_bound)
54  return upper_bound;
55  return n;
56  }
std::string Botan::clean_ws ( const std::string &  s)

Definition at line 13 of file read_cfg.cpp.

Referenced by read_cfg().

14  {
15  const char* ws = " \t\n";
16  auto start = s.find_first_not_of(ws);
17  auto end = s.find_last_not_of(ws);
18 
19  if(start == std::string::npos)
20  return "";
21 
22  if(end == std::string::npos)
23  return s.substr(start, end);
24  else
25  return s.substr(start, start + end + 1);
26  }
void Botan::clear_bytes ( void *  ptr,
size_t  bytes 
)
inline

Zero out some bytes

Parameters
ptra pointer to memory to zero
bytesthe number of bytes to zero in ptr

Definition at line 39 of file mem_ops.h.

Referenced by clear_mem().

40  {
41  if(bytes > 0)
42  {
43  std::memset(ptr, 0, bytes);
44  }
45  }
template<typename T >
void Botan::clear_mem ( T *  ptr,
size_t  n 
)
inline

Zero memory before use. This simply calls memset and should not be used in cases where the compiler cannot see the call as a side-effecting operation (for example, if calling clear_mem before deallocating memory, the compiler would be allowed to omit the call to memset entirely under the as-if rule.)

Parameters
ptra pointer to an array of Ts to zero
nthe number of Ts pointed to by ptr

Definition at line 57 of file mem_ops.h.

References clear_bytes().

Referenced by Botan::mlock_allocator::allocate(), Botan::secure_allocator< T >::allocate(), aont_package(), base64_decode(), bigint_monty_redc(), bigint_mul(), bigint_shl1(), bigint_shr1(), hex_decode(), Botan::BigInt::mask_bits(), pbkdf2(), redc_p521(), Botan::polyn_gf2m::set_to_zero(), Botan::polyn_gf2m::sqmod_init(), zeroise(), Botan::Zlib_Style_Stream< Stream, ByteType >::Zlib_Style_Stream(), and Botan::Zlib_Style_Stream< Stream, ByteType >::~Zlib_Style_Stream().

58  {
59  clear_bytes(ptr, sizeof(T)*n);
60  }
void clear_bytes(void *ptr, size_t bytes)
Definition: mem_ops.h:39
uint64_t Botan::combine_lower ( const donna128 a,
size_t  s1,
const donna128 b,
size_t  s2 
)
inline

Definition at line 113 of file donna128.h.

References Botan::donna128::lo().

115  {
116  donna128 z = (a >> s1) | (b << s2);
117  return z.lo();
118  }
template<typename T >
void Botan::copy_mem ( T *  out,
const T *  in,
size_t  n 
)
inline
template<typename T >
void Botan::copy_out_be ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 661 of file loadstor.h.

References get_byte(), and store_be().

Referenced by copy_out_vec_be(), and Botan::SIMD_4x32::store_be().

662  {
663  while(out_bytes >= sizeof(T))
664  {
665  store_be(in[0], out);
666  out += sizeof(T);
667  out_bytes -= sizeof(T);
668  in += 1;
669  }
670 
671  for(size_t i = 0; i != out_bytes; ++i)
672  out[i] = get_byte(i%8, in[0]);
673  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void store_be(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:647
template<typename T >
void Botan::copy_out_le ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 682 of file loadstor.h.

References get_byte(), and store_le().

Referenced by Botan::SHAKE_128_Cipher::cipher(), copy_out_vec_le(), and Botan::SIMD_4x32::store_le().

683  {
684  while(out_bytes >= sizeof(T))
685  {
686  store_le(in[0], out);
687  out += sizeof(T);
688  out_bytes -= sizeof(T);
689  in += 1;
690  }
691 
692  for(size_t i = 0; i != out_bytes; ++i)
693  out[i] = get_byte(sizeof(T) - 1 - (i % 8), in[0]);
694  }
void store_le(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:621
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
template<typename T , typename Alloc >
void Botan::copy_out_vec_be ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 676 of file loadstor.h.

References copy_out_be().

677  {
678  copy_out_be(out, out_bytes, in.data());
679  }
void copy_out_be(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:661
template<typename T , typename Alloc >
void Botan::copy_out_vec_le ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 697 of file loadstor.h.

References copy_out_le().

Referenced by Botan::MD4::copy_out(), and Botan::MD5::copy_out().

698  {
699  copy_out_le(out, out_bytes, in.data());
700  }
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:682
BOTAN_DLL AlternativeName Botan::create_alt_name ( const Data_Store info)

Definition at line 692 of file x509cert.cpp.

References Botan::AlternativeName::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::PKCS10_Request::subject_alt_name().

693  {
694  auto names = info.search_for(
695  [](const std::string& key, const std::string&)
696  {
697  return (key == "RFC822" ||
698  key == "DNS" ||
699  key == "URI" ||
700  key == "IP");
701  });
702 
703  AlternativeName alt_name;
704 
705  for(auto i = names.begin(); i != names.end(); ++i)
706  alt_name.add_attribute(i->first, i->second);
707 
708  return alt_name;
709  }
BOTAN_DLL X509_DN Botan::create_dn ( const Data_Store info)

Definition at line 673 of file x509cert.cpp.

References Botan::X509_DN::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::X509_CRL::issuer_dn(), Botan::X509_Certificate::issuer_dn(), Botan::PKCS10_Request::subject_dn(), and Botan::X509_Certificate::subject_dn().

674  {
675  auto names = info.search_for(
676  [](const std::string& key, const std::string&)
677  {
678  return (key.find("X520.") != std::string::npos);
679  });
680 
681  X509_DN dn;
682 
683  for(auto i = names.begin(); i != names.end(); ++i)
684  dn.add_attribute(i->first, i->second);
685 
686  return dn;
687  }
BOTAN_DLL std::unique_ptr< Private_Key > Botan::create_private_key ( const std::string &  algo_name,
RandomNumberGenerator rng,
const std::string &  algo_params = "" 
)

Create a new key For ECC keys, algo_params specifies EC group (eg, "secp256r1") For DH/DSA/ElGamal keys, algo_params is DL group (eg, "modp/ietf/2048") For RSA, algo_params is integer keylength For McEliece, algo_params is n,t If algo_params is left empty, suitable default parameters are chosen.

Definition at line 204 of file pk_algs.cpp.

References split_on(), and to_u32bit().

Referenced by botan_privkey_create().

207  {
208  /*
209  * Default paramaters are chosen for work factor > 2**128 where possible
210  */
211 
212 #if defined(BOTAN_HAS_CURVE_25519)
213  if(alg_name == "Curve25519")
214  return std::unique_ptr<Private_Key>(new Curve25519_PrivateKey(rng));
215 #endif
216 
217 #if defined(BOTAN_HAS_RSA)
218  if(alg_name == "RSA")
219  {
220  const size_t rsa_bits = (params.empty() ? 3072 : to_u32bit(params));
221  return std::unique_ptr<Private_Key>(new RSA_PrivateKey(rng, rsa_bits));
222  }
223 #endif
224 
225 #if defined(BOTAN_HAS_MCELIECE)
226  if(alg_name == "McEliece")
227  {
228  std::vector<std::string> mce_param =
229  Botan::split_on(params.empty() ? "2960,57" : params, ',');
230 
231  if(mce_param.size() != 2)
232  throw Invalid_Argument("create_private_key bad McEliece parameters " + params);
233 
234  size_t mce_n = Botan::to_u32bit(mce_param[0]);
235  size_t mce_t = Botan::to_u32bit(mce_param[1]);
236 
237  return std::unique_ptr<Botan::Private_Key>(new Botan::McEliece_PrivateKey(rng, mce_n, mce_t));
238  }
239 #endif
240 
241 #if defined(BOTAN_HAS_XMSS)
242  if(alg_name == "XMSS")
243  {
244  return std::unique_ptr<Private_Key>(
245  new XMSS_PrivateKey(XMSS_Parameters(params.empty() ? "XMSS_SHA2-512_W16_H10" : params).oid(), rng));
246  }
247 #endif
248 
249  // ECC crypto
250 #if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO)
251 
252  if(alg_name == "ECDSA" ||
253  alg_name == "ECDH" ||
254  alg_name == "ECKCDSA" ||
255  alg_name == "ECGDSA" ||
256  alg_name == "GOST-34.10")
257  {
258  const EC_Group ec_group(params.empty() ? "secp256r1" : params);
259 
260 #if defined(BOTAN_HAS_ECDSA)
261  if(alg_name == "ECDSA")
262  return std::unique_ptr<Private_Key>(new ECDSA_PrivateKey(rng, ec_group));
263 #endif
264 
265 #if defined(BOTAN_HAS_ECDH)
266  if(alg_name == "ECDH")
267  return std::unique_ptr<Private_Key>(new ECDH_PrivateKey(rng, ec_group));
268 #endif
269 
270 #if defined(BOTAN_HAS_ECKCDSA)
271  if(alg_name == "ECKCDSA")
272  return std::unique_ptr<Private_Key>(new ECKCDSA_PrivateKey(rng, ec_group));
273 #endif
274 
275 #if defined(BOTAN_HAS_GOST_34_10_2001)
276  if(alg_name == "GOST-34.10")
277  return std::unique_ptr<Private_Key>(new GOST_3410_PrivateKey(rng, ec_group));
278 #endif
279 
280 #if defined(BOTAN_HAS_ECGDSA)
281  if(alg_name == "ECGDSA")
282  return std::unique_ptr<Private_Key>(new ECGDSA_PrivateKey(rng, ec_group));
283 #endif
284  }
285 #endif
286 
287  // DL crypto
288 #if defined(BOTAN_HAS_DL_GROUP)
289  if(alg_name == "DH" || alg_name == "DSA" || alg_name == "ElGamal")
290  {
291  std::string default_group = (alg_name == "DSA") ? "dsa/botan/2048" : "modp/ietf/2048";
292  DL_Group modp_group(params.empty() ? default_group : params);
293 
294 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
295  if(alg_name == "DH")
296  return std::unique_ptr<Private_Key>(new DH_PrivateKey(rng, modp_group));
297 #endif
298 
299 #if defined(BOTAN_HAS_DSA)
300  if(alg_name == "DSA")
301  return std::unique_ptr<Private_Key>(new DSA_PrivateKey(rng, modp_group));
302 #endif
303 
304 #if defined(BOTAN_HAS_ELGAMAL)
305  if(alg_name == "ElGamal")
306  return std::unique_ptr<Private_Key>(new ElGamal_PrivateKey(rng, modp_group));
307 #endif
308  }
309 #endif
310 
311  return std::unique_ptr<Private_Key>();
312  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:18
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
BigInt BOTAN_DLL Botan::ct_inverse_mod_odd_modulus ( const BigInt n,
const BigInt mod 
)

Const time modular inversion Requires the modulus be odd

Definition at line 153 of file numthry.cpp.

References bigint_cnd_abs(), bigint_cnd_add(), bigint_cnd_sub(), bigint_cnd_swap(), bigint_shr1(), Botan::BigInt::bits(), BOTAN_ASSERT, Botan::BigInt::data(), Botan::BigInt::get_word_vector(), Botan::BigInt::grow_to(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::CT::poison(), Botan::BigInt::sig_words(), and Botan::CT::unpoison().

Referenced by inverse_mod().

154  {
155  if(n.is_negative() || mod.is_negative())
156  throw Invalid_Argument("ct_inverse_mod_odd_modulus: arguments must be non-negative");
157  if(mod < 3 || mod.is_even())
158  throw Invalid_Argument("Bad modulus to ct_inverse_mod_odd_modulus");
159 
160  /*
161  This uses a modular inversion algorithm designed by Niels Möller
162  and implemented in Nettle. The same algorithm was later also
163  adapted to GMP in mpn_sec_invert.
164 
165  It can be easily implemented in a way that does not depend on
166  secret branches or memory lookups, providing resistance against
167  some forms of side channel attack.
168 
169  There is also a description of the algorithm in Appendix 5 of "Fast
170  Software Polynomial Multiplication on ARM Processors using the NEON Engine"
171  by Danilo Câmara, Conrado P. L. Gouvêa, Julio López, and Ricardo
172  Dahab in LNCS 8182
173  http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
174 
175  Thanks to Niels for creating the algorithm, explaining some things
176  about it, and the reference to the paper.
177  */
178 
179  // todo allow this to be pre-calculated and passed in as arg
180  BigInt mp1o2 = (mod + 1) >> 1;
181 
182  const size_t mod_words = mod.sig_words();
183  BOTAN_ASSERT(mod_words > 0, "Not empty");
184 
185  BigInt a = n;
186  BigInt b = mod;
187  BigInt u = 1, v = 0;
188 
189  a.grow_to(mod_words);
190  u.grow_to(mod_words);
191  v.grow_to(mod_words);
192  mp1o2.grow_to(mod_words);
193 
194  secure_vector<word>& a_w = a.get_word_vector();
195  secure_vector<word>& b_w = b.get_word_vector();
196  secure_vector<word>& u_w = u.get_word_vector();
197  secure_vector<word>& v_w = v.get_word_vector();
198 
199  CT::poison(a_w.data(), a_w.size());
200  CT::poison(b_w.data(), b_w.size());
201  CT::poison(u_w.data(), u_w.size());
202  CT::poison(v_w.data(), v_w.size());
203 
204  // Only n.bits() + mod.bits() iterations are required, but avoid leaking the size of n
205  size_t bits = 2 * mod.bits();
206 
207  while(bits--)
208  {
209  /*
210  const word odd = a.is_odd();
211  a -= odd * b;
212  const word underflow = a.is_negative();
213  b += a * underflow;
214  a.set_sign(BigInt::Positive);
215 
216  a >>= 1;
217 
218  if(underflow)
219  {
220  std::swap(u, v);
221  }
222 
223  u -= odd * v;
224  u += u.is_negative() * mod;
225 
226  const word odd_u = u.is_odd();
227 
228  u >>= 1;
229  u += mp1o2 * odd_u;
230  */
231 
232  const word odd_a = a_w[0] & 1;
233 
234  //if(odd_a) a -= b
235  word underflow = bigint_cnd_sub(odd_a, a_w.data(), b_w.data(), mod_words);
236 
237  //if(underflow) { b -= a; a = abs(a); swap(u, v); }
238  bigint_cnd_add(underflow, b_w.data(), a_w.data(), mod_words);
239  bigint_cnd_abs(underflow, a_w.data(), mod_words);
240  bigint_cnd_swap(underflow, u_w.data(), v_w.data(), mod_words);
241 
242  // a >>= 1
243  bigint_shr1(a_w.data(), mod_words, 0, 1);
244 
245  //if(odd_a) u -= v;
246  word borrow = bigint_cnd_sub(odd_a, u_w.data(), v_w.data(), mod_words);
247 
248  // if(borrow) u += p
249  bigint_cnd_add(borrow, u_w.data(), mod.data(), mod_words);
250 
251  const word odd_u = u_w[0] & 1;
252 
253  // u >>= 1
254  bigint_shr1(u_w.data(), mod_words, 0, 1);
255 
256  //if(odd_u) u += mp1o2;
257  bigint_cnd_add(odd_u, u_w.data(), mp1o2.data(), mod_words);
258  }
259 
260  CT::unpoison(a_w.data(), a_w.size());
261  CT::unpoison(b_w.data(), b_w.size());
262  CT::unpoison(u_w.data(), u_w.size());
263  CT::unpoison(v_w.data(), v_w.size());
264 
265  BOTAN_ASSERT(a.is_zero(), "A is zero");
266 
267  if(b != 1)
268  return 0;
269 
270  return v;
271  }
void bigint_shr1(word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:281
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.cpp:61
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
word bigint_cnd_add(word cnd, word x[], const word y[], size_t size)
Definition: mp_core.cpp:39
void bigint_cnd_abs(word cnd, word x[], size_t size)
Definition: mp_core.cpp:75
void bigint_cnd_swap(word cnd, word x[], word y[], size_t size)
Definition: mp_core.cpp:22
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57
template<typename T >
size_t Botan::ctz ( n)
inline

Count the trailing zero bits in n

Parameters
nan integer value
Returns
maximum x st 2^x divides n

Definition at line 97 of file bit_ops.h.

Referenced by low_zero_bits().

98  {
99  for(size_t i = 0; i != 8*sizeof(T); ++i)
100  if((n >> i) & 0x01)
101  return i;
102  return 8*sizeof(T);
103  }
void BOTAN_DLL Botan::curve25519_basepoint ( uint8_t  mypublic[32],
const uint8_t  secret[32] 
)

Exponentiate by the x25519 base point

Parameters
mypublicoutput value
secretrandom scalar

Definition at line 15 of file curve25519.cpp.

References curve25519_donna().

Referenced by CECPQ1_accept(), CECPQ1_offer(), Botan::Curve25519_PrivateKey::check_key(), and Botan::Curve25519_PrivateKey::Curve25519_PrivateKey().

16  {
17  const uint8_t basepoint[32] = { 9 };
18  curve25519_donna(mypublic, secret, basepoint);
19  }
void BOTAN_DLL curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
void BOTAN_DLL Botan::curve25519_donna ( uint8_t  mypublic[32],
const uint8_t  secret[32],
const uint8_t  basepoint[32] 
)
void Botan::curve25519_donna ( u8 mypublic,
const u8 secret,
const u8 basepoint 
)

Definition at line 437 of file donna.cpp.

References Botan::CT::poison(), and Botan::CT::unpoison().

437  {
438 
439  CT::poison(secret, 32);
440  CT::poison(basepoint, 32);
441 
442  limb bp[5], x[5], z[5], zmone[5];
443  uint8_t e[32];
444  int i;
445 
446  for (i = 0;i < 32;++i) e[i] = secret[i];
447  e[0] &= 248;
448  e[31] &= 127;
449  e[31] |= 64;
450 
451  fexpand(bp, basepoint);
452  cmult(x, z, e, bp);
453  crecip(zmone, z);
454  fmul(z, x, zmone);
455  fcontract(mypublic, z);
456 
457  CT::unpoison(secret, 32);
458  CT::unpoison(basepoint, 32);
459  CT::unpoison(mypublic, 32);
460 }
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
uint64_t limb
Definition: donna.cpp:39
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57
gf2m Botan::decode_gf2m ( const uint8_t *  mem)

Definition at line 104 of file gf2m_small_m.cpp.

Referenced by Botan::polyn_gf2m::polyn_gf2m().

105  {
106  gf2m result;
107  result = mem[0] << 8;
108  result |= mem[1];
109  return result;
110  }
uint16_t gf2m
Definition: gf2m_small_m.h:20
void BOTAN_DLL Botan::divide ( const BigInt x,
const BigInt y,
BigInt q,
BigInt r 
)

BigInt Division

Parameters
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

Definition at line 58 of file divide.cpp.

References bigint_divop(), Botan::BigInt::cmp(), Botan::BigInt::grow_to(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), MP_WORD_BITS, MP_WORD_MAX, MP_WORD_TOP_BIT, Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), and Botan::BigInt::word_at().

Referenced by botan_mp_div(), Botan::BigInt::encode(), operator%(), and operator/().

59  {
60  if(y_arg.is_zero())
61  throw BigInt::DivideByZero();
62 
63  BigInt y = y_arg;
64  const size_t y_words = y.sig_words();
65 
66  r = x;
67  q = 0;
68 
69  r.set_sign(BigInt::Positive);
70  y.set_sign(BigInt::Positive);
71 
72  int32_t compare = r.cmp(y);
73 
74  if(compare == 0)
75  {
76  q = 1;
77  r = 0;
78  }
79  else if(compare > 0)
80  {
81  size_t shifts = 0;
82  word y_top = y.word_at(y.sig_words()-1);
83  while(y_top < MP_WORD_TOP_BIT) { y_top <<= 1; ++shifts; }
84  y <<= shifts;
85  r <<= shifts;
86 
87  const size_t n = r.sig_words() - 1, t = y_words - 1;
88 
89  if(n < t)
90  throw Internal_Error("BigInt division word sizes");
91 
92  q.grow_to(n - t + 1);
93 
94  word* q_words = q.mutable_data();
95 
96  if(n <= t)
97  {
98  while(r > y) { r -= y; ++q; }
99  r >>= shifts;
100  sign_fixup(x, y_arg, q, r);
101  return;
102  }
103 
104  BigInt temp = y << (MP_WORD_BITS * (n-t));
105 
106  while(r >= temp) { r -= temp; q_words[n-t] += 1; }
107 
108  for(size_t j = n; j != t; --j)
109  {
110  const word x_j0 = r.word_at(j);
111  const word x_j1 = r.word_at(j-1);
112  const word y_t = y.word_at(t);
113 
114  if(x_j0 == y_t)
115  q_words[j-t-1] = MP_WORD_MAX;
116  else
117  q_words[j-t-1] = bigint_divop(x_j0, x_j1, y_t);
118 
119  while(division_check(q_words[j-t-1],
120  y_t, y.word_at(t-1),
121  x_j0, x_j1, r.word_at(j-2)))
122  {
123  q_words[j-t-1] -= 1;
124  }
125 
126  r -= (q_words[j-t-1] * y) << (MP_WORD_BITS * (j-t-1));
127 
128  if(r.is_negative())
129  {
130  r += y << (MP_WORD_BITS * (j-t-1));
131  q_words[j-t-1] -= 1;
132  }
133  }
134  r >>= shifts;
135  }
136 
137  sign_fixup(x, y_arg, q, r);
138  }
word bigint_divop(word n1, word n0, word d)
Definition: mp_core.cpp:404
const word MP_WORD_MAX
Definition: mp_types.h:29
const word MP_WORD_TOP_BIT
Definition: mp_types.h:28
const size_t MP_WORD_BITS
Definition: mp_core.h:21
BOTAN_DLL size_t Botan::dl_exponent_size ( size_t  prime_group_size)

Return the appropriate exponent size to use for a particular prime group. This is twice the size of the estimated cost of breaking the key using an index calculus attack; the assumption is that if an arbitrary discrete log on a group of size bits would take about 2^n effort, and thus using an exponent of size 2^(2*n) implies that all available attacks are about as easy (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) operations) while minimizing the exponent size for performance reasons.

Definition at line 40 of file workfactor.cpp.

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DL_Group::DL_Group(), and Botan::ElGamal_PrivateKey::ElGamal_PrivateKey().

41  {
42  /*
43  This uses a slightly tweaked version of the standard work factor
44  function above. It assumes k is 1 (thus overestimating the strength
45  of the prime group by 5-6 bits), and always returns at least 128 bits
46  (this only matters for very small primes).
47  */
48  const size_t MIN_WORKFACTOR = 64;
49  const double log2_e = std::log2(std::exp(1));
50  const double log_p = bits / log2_e;
51 
52  const double strength = 1.92 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0);
53 
54  return 2 * std::max<size_t>(MIN_WORKFACTOR, static_cast<size_t>(log2_e * strength));
55  }
BOTAN_DLL size_t Botan::dl_work_factor ( size_t  prime_group_size)

Estimate work factor for discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

Definition at line 34 of file workfactor.cpp.

References if_work_factor().

Referenced by Botan::DL_Scheme_PublicKey::estimated_strength().

35  {
36  // Lacking better estimates...
37  return if_work_factor(bits);
38  }
size_t if_work_factor(size_t bits)
Definition: workfactor.cpp:19
secure_vector< uint8_t > BOTAN_DLL Botan::EC2OSP ( const PointGFp point,
uint8_t  format 
)

Definition at line 470 of file point_gfp.cpp.

References Botan::BigInt::bytes(), Botan::PointGFp::COMPRESSED, Botan::BigInt::encode_1363(), Botan::PointGFp::get_affine_x(), Botan::PointGFp::get_affine_y(), Botan::BigInt::get_bit(), Botan::PointGFp::get_curve(), Botan::CurveGFp::get_p(), Botan::PointGFp::HYBRID, Botan::PointGFp::is_zero(), and Botan::PointGFp::UNCOMPRESSED.

Referenced by Botan::EC_Group::DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::ECIES_Encryptor::ECIES_Encryptor(), Botan::EC_PublicKey::public_key_bits(), and Botan::ECDH_PublicKey::public_value().

471  {
472  if(point.is_zero())
473  return secure_vector<uint8_t>(1); // single 0 byte
474 
475  const size_t p_bytes = point.get_curve().get_p().bytes();
476 
477  BigInt x = point.get_affine_x();
478  BigInt y = point.get_affine_y();
479 
480  secure_vector<uint8_t> bX = BigInt::encode_1363(x, p_bytes);
481  secure_vector<uint8_t> bY = BigInt::encode_1363(y, p_bytes);
482 
483  if(format == PointGFp::UNCOMPRESSED)
484  {
485  secure_vector<uint8_t> result;
486  result.push_back(0x04);
487 
488  result += bX;
489  result += bY;
490 
491  return result;
492  }
493  else if(format == PointGFp::COMPRESSED)
494  {
495  secure_vector<uint8_t> result;
496  result.push_back(0x02 | static_cast<uint8_t>(y.get_bit(0)));
497 
498  result += bX;
499 
500  return result;
501  }
502  else if(format == PointGFp::HYBRID)
503  {
504  secure_vector<uint8_t> result;
505  result.push_back(0x06 | static_cast<uint8_t>(y.get_bit(0)));
506 
507  result += bX;
508  result += bY;
509 
510  return result;
511  }
512  else
513  throw Invalid_Argument("EC2OSP illegal point encoding");
514  }
BOTAN_DLL size_t Botan::ecp_work_factor ( size_t  prime_group_size)

Estimate work factor for EC discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

Definition at line 14 of file workfactor.cpp.

Referenced by Botan::EC_PublicKey::estimated_strength().

15  {
16  return bits / 2;
17  }
uint32_t Botan::encode_gf2m ( gf2m  to_enc,
uint8_t *  mem 
)

Definition at line 97 of file gf2m_small_m.cpp.

98  {
99  mem[0] = to_enc >> 8;
100  mem[1] = to_enc & 0xFF;
101  return sizeof(to_enc);
102  }
BOTAN_DLL std::string Botan::erase_chars ( const std::string &  str,
const std::set< char > &  chars 
)

Erase characters from a string

Definition at line 302 of file parsing.cpp.

303  {
304  std::string out;
305 
306  for(auto c: str)
307  if(chars.count(c) == 0)
308  out += c;
309 
310  return out;
311  }
template<typename T >
uint16_t Botan::expand_mask_16bit ( tst)

Expand an input to a bit mask depending on it being being zero or non-zero

Parameters
tstthe input
Returns
the mask 0xFFFF if tst is non-zero and 0 otherwise

Definition at line 25 of file code_based_util.h.

Referenced by Botan::polyn_gf2m::calc_degree_secure(), Botan::polyn_gf2m::eea_with_coefficients(), and Botan::polyn_gf2m::patchup_deg_secure().

26  {
27  const uint16_t result = (tst != 0);
28  return ~(result - 1);
29  }
secure_vector< gf2m > Botan::find_roots_gf2m_decomp ( const polyn_gf2m polyn,
uint32_t  code_length 
)

Find the roots of a polynomial over GF(2^m) using the method by Federenko et al.

Definition at line 311 of file gf2m_rootfind_dcmp.cpp.

312  {
313  gf2m_decomp_rootfind_state state(polyn, code_length);
314  return state.find_roots(polyn);
315  }
uint32_t code_length
BigInt BOTAN_DLL Botan::gcd ( const BigInt x,
const BigInt y 
)

Compute the greatest common divisor

Parameters
xa positive integer
ya positive integer
Returns
gcd(x,y)

Definition at line 46 of file numthry.cpp.

References Botan::BigInt::is_nonzero(), Botan::BigInt::is_zero(), low_zero_bits(), Botan::CT::min(), Botan::BigInt::Positive, and Botan::BigInt::set_sign().

Referenced by botan_mp_gcd(), Botan::ECIES_Decryptor::ECIES_Decryptor(), lcm(), and random_prime().

47  {
48  if(a.is_zero() || b.is_zero()) return 0;
49  if(a == 1 || b == 1) return 1;
50 
51  BigInt x = a, y = b;
52  x.set_sign(BigInt::Positive);
53  y.set_sign(BigInt::Positive);
54  size_t shift = std::min(low_zero_bits(x), low_zero_bits(y));
55 
56  x >>= shift;
57  y >>= shift;
58 
59  while(x.is_nonzero())
60  {
61  x >>= low_zero_bits(x);
62  y >>= low_zero_bits(y);
63  if(x >= y) { x -= y; x >>= 1; }
64  else { y -= x; y >>= 1; }
65  }
66 
67  return (y << shift);
68  }
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:20
T min(T a, T b)
Definition: ct_utils.h:180
void Botan::gcm_multiply_clmul ( uint8_t  x[16],
const uint8_t  H[16] 
)

Definition at line 15 of file clmul.cpp.

16  {
17  /*
18  * Algorithms 1 and 5 from Intel's CLMUL guide
19  */
20  const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
21 
22  __m128i a = _mm_loadu_si128(reinterpret_cast<const __m128i*>(x));
23  __m128i b = _mm_loadu_si128(reinterpret_cast<const __m128i*>(H));
24 
25  a = _mm_shuffle_epi8(a, BSWAP_MASK);
26  b = _mm_shuffle_epi8(b, BSWAP_MASK);
27 
28  __m128i T0, T1, T2, T3, T4, T5;
29 
30  T0 = _mm_clmulepi64_si128(a, b, 0x00);
31  T1 = _mm_clmulepi64_si128(a, b, 0x01);
32  T2 = _mm_clmulepi64_si128(a, b, 0x10);
33  T3 = _mm_clmulepi64_si128(a, b, 0x11);
34 
35  T1 = _mm_xor_si128(T1, T2);
36  T2 = _mm_slli_si128(T1, 8);
37  T1 = _mm_srli_si128(T1, 8);
38  T0 = _mm_xor_si128(T0, T2);
39  T3 = _mm_xor_si128(T3, T1);
40 
41  T4 = _mm_srli_epi32(T0, 31);
42  T0 = _mm_slli_epi32(T0, 1);
43 
44  T5 = _mm_srli_epi32(T3, 31);
45  T3 = _mm_slli_epi32(T3, 1);
46 
47  T2 = _mm_srli_si128(T4, 12);
48  T5 = _mm_slli_si128(T5, 4);
49  T4 = _mm_slli_si128(T4, 4);
50  T0 = _mm_or_si128(T0, T4);
51  T3 = _mm_or_si128(T3, T5);
52  T3 = _mm_or_si128(T3, T2);
53 
54  T4 = _mm_slli_epi32(T0, 31);
55  T5 = _mm_slli_epi32(T0, 30);
56  T2 = _mm_slli_epi32(T0, 25);
57 
58  T4 = _mm_xor_si128(T4, T5);
59  T4 = _mm_xor_si128(T4, T2);
60  T5 = _mm_srli_si128(T4, 4);
61  T3 = _mm_xor_si128(T3, T5);
62  T4 = _mm_slli_si128(T4, 12);
63  T0 = _mm_xor_si128(T0, T4);
64  T3 = _mm_xor_si128(T3, T0);
65 
66  T4 = _mm_srli_epi32(T0, 1);
67  T1 = _mm_srli_epi32(T0, 2);
68  T2 = _mm_srli_epi32(T0, 7);
69  T3 = _mm_xor_si128(T3, T1);
70  T3 = _mm_xor_si128(T3, T2);
71  T3 = _mm_xor_si128(T3, T4);
72 
73  T3 = _mm_shuffle_epi8(T3, BSWAP_MASK);
74 
75  _mm_storeu_si128(reinterpret_cast<__m128i*>(x), T3);
76  }
std::string BOTAN_DLL Botan::generate_bcrypt ( const std::string &  password,
RandomNumberGenerator rng,
uint16_t  work_factor = 10 
)

Create a password hash using Bcrypt

Parameters
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
See also
http://www.usenix.org/events/usenix99/provos/provos_html/

Definition at line 125 of file bcrypt.cpp.

References Botan::RandomNumberGenerator::random_vec(), and unlock().

Referenced by botan_bcrypt_generate().

128  {
129  return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor);
130  }
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:125
bool BOTAN_DLL Botan::generate_dsa_primes ( RandomNumberGenerator rng,
BigInt p_out,
BigInt q_out,
size_t  pbits,
size_t  qbits,
const std::vector< uint8_t > &  seed,
size_t  offset = 0 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters
rnga random number generator
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
seedthe seed used to generate the parameters
offsetoptional offset from seed to start searching at
Returns
true if seed generated a valid DSA parameter set, otherwise false. p_out and q_out are only valid if true was returned.

Definition at line 39 of file dsa_gen.cpp.

References Botan::BigInt::binary_decode(), Botan::BigInt::bits(), Botan::HashFunction::create_or_throw(), hash, is_prime(), Botan::BigInt::set_bit(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group(), and generate_dsa_primes().

44  {
45  if(!fips186_3_valid_size(pbits, qbits))
46  throw Invalid_Argument(
47  "FIPS 186-3 does not allow DSA domain parameters of " +
48  std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");
49 
50  if(seed_c.size() * 8 < qbits)
51  throw Invalid_Argument(
52  "Generating a DSA parameter set with a " + std::to_string(qbits) +
53  "long q requires a seed at least as many bits long");
54 
55  const std::string hash_name = "SHA-" + std::to_string(qbits);
56  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_name));
57 
58  const size_t HASH_SIZE = hash->output_length();
59 
60  class Seed
61  {
62  public:
63  explicit Seed(const std::vector<uint8_t>& s) : m_seed(s) {}
64 
65  operator std::vector<uint8_t>& () { return m_seed; }
66 
67  Seed& operator++()
68  {
69  for(size_t j = m_seed.size(); j > 0; --j)
70  if(++m_seed[j-1])
71  break;
72  return (*this);
73  }
74  private:
75  std::vector<uint8_t> m_seed;
76  };
77 
78  Seed seed(seed_c);
79 
80  q.binary_decode(hash->process(seed));
81  q.set_bit(qbits-1);
82  q.set_bit(0);
83 
84  if(!is_prime(q, rng, 126))
85  return false;
86 
87  const size_t n = (pbits-1) / (HASH_SIZE * 8),
88  b = (pbits-1) % (HASH_SIZE * 8);
89 
90  BigInt X;
91  std::vector<uint8_t> V(HASH_SIZE * (n+1));
92 
93  for(size_t j = 0; j != 4*pbits; ++j)
94  {
95  for(size_t k = 0; k <= n; ++k)
96  {
97  ++seed;
98  hash->update(seed);
99  hash->final(&V[HASH_SIZE * (n-k)]);
100  }
101 
102  if(j >= offset)
103  {
104  X.binary_decode(&V[HASH_SIZE - 1 - b/8],
105  V.size() - (HASH_SIZE - 1 - b/8));
106  X.set_bit(pbits-1);
107 
108  p = X - (X % (2*q) - 1);
109 
110  if(p.bits() == pbits && is_prime(p, rng, 126))
111  return true;
112  }
113  }
114  return false;
115  }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
MechanismType hash
std::vector< uint8_t > BOTAN_DLL Botan::generate_dsa_primes ( RandomNumberGenerator rng,
BigInt p_out,
BigInt q_out,
size_t  pbits,
size_t  qbits 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters
rnga random number generator
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
Returns
random seed used to generate this parameter set

Definition at line 120 of file dsa_gen.cpp.

References generate_dsa_primes(), and Botan::RandomNumberGenerator::randomize().

123  {
124  while(true)
125  {
126  std::vector<uint8_t> seed(qbits / 8);
127  rng.randomize(seed.data(), seed.size());
128 
129  if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
130  return seed;
131  }
132  }
std::vector< uint8_t > generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
Definition: dsa_gen.cpp:120
McEliece_PrivateKey Botan::generate_mceliece_key ( RandomNumberGenerator rng,
uint32_t  ext_deg,
uint32_t  code_length,
uint32_t  t 
)

Definition at line 208 of file code_based_key_gen.cpp.

References bit_size_to_32bit_size(), code_length, Botan::polyn_gf2m::sqrt_mod_init(), store_le(), and syndrome_init().

Referenced by Botan::McEliece_PrivateKey::McEliece_PrivateKey().

209  {
210  uint32_t i, j, k, l;
211  std::unique_ptr<binary_matrix> R;
212 
213  uint32_t codimension = t * ext_deg;
214  if(code_length <= codimension)
215  {
216  throw Invalid_Argument("invalid McEliece parameters");
217  }
218  std::shared_ptr<GF2m_Field> sp_field ( new GF2m_Field(ext_deg ));
219 
220  //pick the support.........
221  std::vector<gf2m> L(code_length);
222 
223  for(i=0;i<code_length;i++)
224  {
225  L[i]=i;
226  }
227  randomize_support(L, rng);
228  polyn_gf2m g(sp_field); // create as zero
229  bool success = false;
230  do
231  {
232  // create a random irreducible polynomial
233  g = polyn_gf2m (t, rng, sp_field);
234 
235  try{
236  R = generate_R(L,&g, sp_field, code_length, t);
237  success = true;
238  }
239  catch(const Invalid_State &)
240  {
241  }
242  } while (!success);
243 
244  std::vector<polyn_gf2m> sqrtmod = polyn_gf2m::sqrt_mod_init( g);
245  std::vector<polyn_gf2m> F = syndrome_init(g, L, code_length);
246 
247  // Each F[i] is the (precomputed) syndrome of the error vector with
248  // a single '1' in i-th position.
249  // We do not store the F[i] as polynomials of degree t , but
250  // as binary vectors of length ext_deg * t (this will
251  // speed up the syndrome computation)
252  //
253  //
254  std::vector<uint32_t> H(bit_size_to_32bit_size(codimension) * code_length );
255  uint32_t* sk = H.data();
256  for (i = 0; i < code_length; ++i)
257  {
258  for (l = 0; l < t; ++l)
259  {
260  k = (l * ext_deg) / 32;
261  j = (l * ext_deg) % 32;
262  sk[k] ^= static_cast<uint32_t>(F[i].get_coef(l)) << j;
263  if (j + ext_deg > 32)
264  {
265  sk[k + 1] ^= F[i].get_coef( l) >> (32 - j);
266  }
267  }
268  sk += bit_size_to_32bit_size(codimension);
269  }
270 
271  // We need the support L for decoding (decryption). In fact the
272  // inverse is needed
273 
274  std::vector<gf2m> Linv(code_length) ;
275  for (i = 0; i < code_length; ++i)
276  {
277  Linv[L[i]] = i;
278  }
279  std::vector<uint8_t> pubmat (R->m_elem.size() * 4);
280  for(i = 0; i < R->m_elem.size(); i++)
281  {
282  store_le(R->m_elem[i], &pubmat[i*4]);
283  }
284 
285  return McEliece_PrivateKey(g, H, sqrtmod, Linv, pubmat);
286  }
uint32_t bit_size_to_32bit_size(uint32_t bit_size)
uint32_t code_length
std::vector< polyn_gf2m > syndrome_init(polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
Definition: polyn_gf2m.cpp:723
void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:457
std::string BOTAN_DLL Botan::generate_passhash9 ( const std::string &  password,
RandomNumberGenerator rng,
uint16_t  work_factor = 10,
uint8_t  alg_id = 1 
)

Create a password hash using PBKDF2

Parameters
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
alg_idspecifies which PRF to use with PBKDF2 0 is HMAC(SHA-1) 1 is HMAC(SHA-256) 2 is CMAC(Blowfish) 3 is HMAC(SHA-384) 4 is HMAC(SHA-512) all other values are currently undefined

Definition at line 43 of file passhash9.cpp.

References base64_encode(), get_byte(), Botan::RandomNumberGenerator::randomize(), and Botan::ASN1::to_string().

47  {
48  std::unique_ptr<MessageAuthenticationCode> prf = get_pbkdf_prf(alg_id);
49 
50  if(!prf)
51  throw Invalid_Argument("Passhash9: Algorithm id " +
52  std::to_string(alg_id) +
53  " is not defined");
54 
55  PKCS5_PBKDF2 kdf(prf.release()); // takes ownership of pointer
56 
57  secure_vector<uint8_t> salt(SALT_BYTES);
58  rng.randomize(salt.data(), salt.size());
59 
60  const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
61 
62  secure_vector<uint8_t> blob;
63  blob.push_back(alg_id);
64  blob.push_back(get_byte(0, work_factor));
65  blob.push_back(get_byte(1, work_factor));
66  blob += salt;
67  blob += kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,
68  pass,
69  salt.data(), salt.size(),
70  kdf_iterations).bits_of();
71 
72  return MAGIC_PREFIX + base64_encode(blob);
73  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:35
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
BigInt BOTAN_DLL Botan::generate_rfc6979_nonce ( const BigInt x,
const BigInt q,
const BigInt h,
const std::string &  hash 
)
Parameters
xthe secret (EC)DSA key
qthe group order
hthe message hash already reduced mod q
hashthe hash function used to generate h

Definition at line 49 of file rfc6979.cpp.

References Botan::RFC6979_Nonce_Generator::nonce_for().

53  {
54  RFC6979_Nonce_Generator gen(hash, q, x);
55  BigInt k = gen.nonce_for(h);
56  return k;
57  }
MechanismType hash
BigInt BOTAN_DLL Botan::generate_srp6_verifier ( const std::string &  identifier,
const std::string &  password,
const std::vector< uint8_t > &  salt,
const std::string &  group_id,
const std::string &  hash_id 
)

Generate a new SRP-6 verifier

Parameters
identifiera username or other client identifier
passwordthe secret used to authenticate user
salta randomly chosen value, at least 128 bits long
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function

Definition at line 110 of file srp6.cpp.

References Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), and power_mod().

115  {
116  const BigInt x = compute_x(hash_id, identifier, password, salt);
117 
118  DL_Group group(group_id);
119  return power_mod(group.get_g(), x, group.get_p());
120  }
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:373
BOTAN_DLL AEAD_Mode * Botan::get_aead ( const std::string &  name,
Cipher_Dir  direction 
)

Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX")

Parameters
nameAEAD name
directionENCRYPTION or DECRYPTION

Definition at line 41 of file aead.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::BlockCipher::create(), ENCRYPTION, parse_algorithm_name(), and split_on().

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), Botan::TLS::Session::encrypt(), get_cipher_mode(), mceies_decrypt(), and mceies_encrypt().

42  {
43 #if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
44  if(algo == "ChaCha20Poly1305")
45  {
46  if(dir == ENCRYPTION)
47  return new ChaCha20Poly1305_Encryption;
48  else
49  return new ChaCha20Poly1305_Decryption;
50 
51  }
52 #endif
53 
54  if(algo.find('/') != std::string::npos)
55  {
56  const std::vector<std::string> algo_parts = split_on(algo, '/');
57  const std::string cipher_name = algo_parts[0];
58  const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
59 
60  if(mode_info.empty())
61  return nullptr;
62 
63  std::ostringstream alg_args;
64 
65  alg_args << '(' << cipher_name;
66  for(size_t i = 1; i < mode_info.size(); ++i)
67  alg_args << ',' << mode_info[i];
68  for(size_t i = 2; i < algo_parts.size(); ++i)
69  alg_args << ',' << algo_parts[i];
70  alg_args << ')';
71 
72  const std::string mode_name = mode_info[0] + alg_args.str();
73  return get_aead(mode_name, dir);
74  }
75 
76 #if defined(BOTAN_HAS_BLOCK_CIPHER)
77 
78  SCAN_Name req(algo);
79 
80  if(req.arg_count() == 0)
81  {
82  return nullptr;
83  }
84 
85  std::unique_ptr<BlockCipher> bc(BlockCipher::create(req.arg(0)));
86 
87  if(!bc)
88  {
89  return nullptr;
90  }
91 
92 #if defined(BOTAN_HAS_AEAD_CCM)
93  if(req.algo_name() == "CCM")
94  {
95  size_t tag_len = req.arg_as_integer(1, 16);
96  size_t L_len = req.arg_as_integer(2, 3);
97  if(dir == ENCRYPTION)
98  return new CCM_Encryption(bc.release(), tag_len, L_len);
99  else
100  return new CCM_Decryption(bc.release(), tag_len, L_len);
101  }
102 #endif
103 
104 #if defined(BOTAN_HAS_AEAD_GCM)
105  if(req.algo_name() == "GCM")
106  {
107  size_t tag_len = req.arg_as_integer(1, 16);
108  if(dir == ENCRYPTION)
109  return new GCM_Encryption(bc.release(), tag_len);
110  else
111  return new GCM_Decryption(bc.release(), tag_len);
112  }
113 #endif
114 
115 #if defined(BOTAN_HAS_AEAD_OCB)
116  if(req.algo_name() == "OCB")
117  {
118  size_t tag_len = req.arg_as_integer(1, 16);
119  if(dir == ENCRYPTION)
120  return new OCB_Encryption(bc.release(), tag_len);
121  else
122  return new OCB_Decryption(bc.release(), tag_len);
123  }
124 #endif
125 
126 #if defined(BOTAN_HAS_AEAD_EAX)
127  if(req.algo_name() == "EAX")
128  {
129  size_t tag_len = req.arg_as_integer(1, bc->block_size());
130  if(dir == ENCRYPTION)
131  return new EAX_Encryption(bc.release(), tag_len);
132  else
133  return new EAX_Decryption(bc.release(), tag_len);
134  }
135 #endif
136 
137 #if defined(BOTAN_HAS_AEAD_SIV)
138  if(req.algo_name() == "SIV")
139  {
140  if(dir == ENCRYPTION)
141  return new SIV_Encryption(bc.release());
142  else
143  return new SIV_Decryption(bc.release());
144  }
145 #endif
146 
147 #endif
148 
149  return nullptr;
150  }
std::vector< std::string > parse_algorithm_name(const std::string &namex)
Definition: parsing.cpp:85
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
Definition: aead.cpp:41
BOTAN_DLL BlockCipherModePaddingMethod * Botan::get_bc_pad ( const std::string &  algo_spec)

Get a block cipher padding method by name

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Definition at line 18 of file mode_pad.cpp.

Referenced by get_cipher_mode().

19  {
20  if(algo_spec == "NoPadding")
21  return new Null_Padding;
22 
23  if(algo_spec == "PKCS7")
24  return new PKCS7_Padding;
25 
26  if(algo_spec == "OneAndZeros")
27  return new OneAndZeros_Padding;
28 
29  if(algo_spec == "X9.23")
30  return new ANSI_X923_Padding;
31 
32  if(algo_spec == "ESP")
33  return new ESP_Padding;
34 
35  return nullptr;
36  }
BlockCipher* Botan::get_block_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Block cipher factory method.

Parameters
algo_specthe name of the desired block cipher
providerthe provider to use
Returns
pointer to the block cipher object

Definition at line 41 of file lookup.h.

References Botan::BlockCipher::create().

43  {
44  return BlockCipher::create(algo_spec, provider).release();
45  }
std::vector<std::string> Botan::get_block_cipher_providers ( const std::string &  algo_spec)
inline

Definition at line 55 of file lookup.h.

References Botan::BlockCipher::providers().

56  {
57  return BlockCipher::providers(algo_spec);
58  }
template<typename T >
uint8_t Botan::get_byte ( size_t  byte_num,
input 
)
inline

Byte extraction

Parameters
byte_numwhich byte to extract, 0 == highest byte
inputthe value to extract from
Returns
byte byte_num of input

Definition at line 47 of file loadstor.h.

Referenced by aont_package(), aont_unpackage(), Botan::TLS::append_tls_length_value(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(), Botan::BigInt::byte_at(), copy_out_be(), copy_out_le(), Botan::CryptoBox::decrypt(), Botan::Twofish::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::DES::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::CCM_Mode::encode_length(), Botan::CryptoBox::encrypt(), Botan::Twofish::encrypt_n(), Botan::DES::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::SHA_3::expand(), Botan::TLS::Connection_Cipher_State::format_ad(), generate_passhash9(), ipv4_to_string(), Botan::TLS::Channel::key_material_export(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), Botan::RDRAND_RNG::randomize(), Botan::TLS::Server_Name_Indicator::serialize(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), Botan::TLS::Supported_Elliptic_Curves::serialize(), Botan::TLS::Signature_Algorithms::serialize(), Botan::TLS::SRTP_Protection_Profiles::serialize(), Botan::TLS::Extensions::serialize(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::CCM_Mode::set_associated_data(), significant_bytes(), Botan::RTSS_Share::split(), store_be(), store_le(), Botan::Buffered_Computation::update_be(), and Botan::TLS::write_record().

48  {
49  return static_cast<uint8_t>(
50  input >> (((~byte_num)&(sizeof(T)-1)) << 3)
51  );
52  }
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters. No key will be set in the filter.

Parameters
algo_specthe name of the desired cipher
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to the encryption or decryption filter

Definition at line 12 of file key_filt.cpp.

References get_cipher_mode().

Referenced by Botan::CryptoBox::decrypt(), Botan::CryptoBox::encrypt(), and get_cipher().

14  {
15  std::unique_ptr<Cipher_Mode> c(get_cipher_mode(algo_spec, direction));
16  if(c)
17  return new Cipher_Mode_Filter(c.release());
18  throw Algorithm_Not_Found(algo_spec);
19  }
Cipher_Mode * get_cipher_mode(const std::string &algo, Cipher_Dir direction)
Definition: cipher_mode.cpp:39
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey key,
const InitializationVector iv,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters.

Parameters
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
ivthe initialization vector to be used
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to newly allocated encryption or decryption filter

Definition at line 21 of file key_filt.cpp.

References get_cipher(), Botan::OctetString::length(), and Botan::Keyed_Filter::set_iv().

25  {
26  Keyed_Filter* cipher = get_cipher(algo_spec, key, direction);
27  if(iv.length())
28  cipher->set_iv(iv);
29  return cipher;
30  }
Keyed_Filter * get_cipher(const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
Definition: key_filt.cpp:32
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey key,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters.

Parameters
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to the encryption or decryption filter

Definition at line 32 of file key_filt.cpp.

References get_cipher(), and Botan::Keyed_Filter::set_key().

35  {
36  Keyed_Filter* cipher = get_cipher(algo_spec, direction);
37  cipher->set_key(key);
38  return cipher;
39  }
Keyed_Filter * get_cipher(const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
Definition: key_filt.cpp:32
BOTAN_DLL Cipher_Mode * Botan::get_cipher_mode ( const std::string &  algo_spec,
Cipher_Dir  direction 
)

Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS")

Parameters
algo_speccipher name
directionENCRYPTION or DECRYPTION

Definition at line 39 of file cipher_mode.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::BlockCipher::create(), Botan::StreamCipher::create(), ENCRYPTION, get_aead(), get_bc_pad(), parse_algorithm_name(), and split_on().

Referenced by botan_cipher_init(), Botan::ECIES_System_Params::create_cipher(), get_cipher(), and pbes2_decrypt().

40  {
41  if(auto sc = StreamCipher::create(algo))
42  {
43  return new Stream_Cipher_Mode(sc.release());
44  }
45 
46 #if defined(BOTAN_HAS_AEAD_MODES)
47  if(auto aead = get_aead(algo, direction))
48  {
49  return aead;
50  }
51 #endif
52 
53  if(algo.find('/') != std::string::npos)
54  {
55  const std::vector<std::string> algo_parts = split_on(algo, '/');
56  const std::string cipher_name = algo_parts[0];
57  const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
58 
59  if(mode_info.empty())
60  return nullptr;
61 
62  std::ostringstream alg_args;
63 
64  alg_args << '(' << cipher_name;
65  for(size_t i = 1; i < mode_info.size(); ++i)
66  alg_args << ',' << mode_info[i];
67  for(size_t i = 2; i < algo_parts.size(); ++i)
68  alg_args << ',' << algo_parts[i];
69  alg_args << ')';
70 
71  const std::string mode_name = mode_info[0] + alg_args.str();
72  return get_cipher_mode(mode_name, direction);
73  }
74 
75 #if defined(BOTAN_HAS_BLOCK_CIPHER)
76 
77  SCAN_Name spec(algo);
78 
79  if(spec.arg_count() == 0)
80  {
81  return nullptr;
82  }
83 
84  std::unique_ptr<BlockCipher> bc(BlockCipher::create(spec.arg(0)));
85 
86  if(!bc)
87  {
88  return nullptr;
89  }
90 
91 #if defined(BOTAN_HAS_MODE_CBC)
92  if(spec.algo_name() == "CBC")
93  {
94  const std::string padding = spec.arg(1, "PKCS7");
95 
96  if(padding == "CTS")
97  {
98  if(direction == ENCRYPTION)
99  return new CTS_Encryption(bc.release());
100  else
101  return new CTS_Decryption(bc.release());
102  }
103  else
104  {
105  std::unique_ptr<BlockCipherModePaddingMethod> pad(get_bc_pad(padding));
106 
107  if(pad)
108  {
109  if(direction == ENCRYPTION)
110  return new CBC_Encryption(bc.release(), pad.release());
111  else
112  return new CBC_Decryption(bc.release(), pad.release());
113  }
114  }
115  }
116 #endif
117 
118 #if defined(BOTAN_HAS_MODE_XTS)
119  if(spec.algo_name() == "XTS")
120  {
121  if(direction == ENCRYPTION)
122  return new XTS_Encryption(bc.release());
123  else
124  return new XTS_Decryption(bc.release());
125  }
126 #endif
127 
128 #if defined(BOTAN_HAS_MODE_CFB)
129  if(spec.algo_name() == "CFB")
130  {
131  const size_t feedback_bits = spec.arg_as_integer(1, 8*bc->block_size());
132  if(direction == ENCRYPTION)
133  return new CFB_Encryption(bc.release(), feedback_bits);
134  else
135  return new CFB_Decryption(bc.release(), feedback_bits);
136  }
137 #endif
138 
139 #endif
140 
141  return nullptr;
142  }
std::vector< std::string > parse_algorithm_name(const std::string &namex)
Definition: parsing.cpp:85
BlockCipherModePaddingMethod * get_bc_pad(const std::string &algo_spec)
Definition: mode_pad.cpp:18
Cipher_Mode * get_cipher_mode(const std::string &algo, Cipher_Dir direction)
Definition: cipher_mode.cpp:39
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
Definition: aead.cpp:41
BOTAN_DLL EME * Botan::get_eme ( const std::string &  algo_spec)

Factory method for EME (message-encoding methods for encryption) objects

Parameters
algo_specthe name of the EME to create
Returns
pointer to newly allocated object of that type

Definition at line 25 of file eme.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), and hash.

Referenced by Botan::PK_Ops::Decryption_with_EME::Decryption_with_EME(), and Botan::PK_Ops::Encryption_with_EME::Encryption_with_EME().

26  {
27 #if defined(BOTAN_HAS_EME_RAW)
28  if(algo_spec == "Raw")
29  return new EME_Raw;
30 #endif
31 
32 #if defined(BOTAN_HAS_EME_PKCS1v15)
33  if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5")
34  return new EME_PKCS1v15;
35 #endif
36 
37 #if defined(BOTAN_HAS_EME_OAEP)
38  SCAN_Name req(algo_spec);
39 
40  if(req.algo_name() == "OAEP" ||
41  req.algo_name() == "EME-OAEP" ||
42  req.algo_name() == "EME1")
43  {
44  if(req.arg_count() == 1 ||
45  (req.arg_count() == 2 && req.arg(1) == "MGF1"))
46  {
47  if(auto hash = HashFunction::create(req.arg(0)))
48  return new OAEP(hash.release());
49  }
50  }
51 #endif
52 
53  throw Algorithm_Not_Found(algo_spec);
54  }
MechanismType hash
BOTAN_DLL EMSA * Botan::get_emsa ( const std::string &  algo_spec)

Factory method for EMSA (message-encoding methods for signatures with appendix) objects

Parameters
algo_specthe name of the EMSA to create
Returns
pointer to newly allocated object of that type

Definition at line 36 of file emsa.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), Botan::HashFunction::create(), hash, and salt_size.

37  {
38  SCAN_Name req(algo_spec);
39 
40 #if defined(BOTAN_HAS_EMSA1)
41  if(req.algo_name() == "EMSA1" && req.arg_count() == 1)
42  {
43  if(auto hash = HashFunction::create(req.arg(0)))
44  return new EMSA1(hash.release());
45  }
46 #endif
47 
48 #if defined(BOTAN_HAS_EMSA_PKCS1)
49  if(req.algo_name() == "EMSA_PKCS1" ||
50  req.algo_name() == "EMSA-PKCS1-v1_5" ||
51  req.algo_name() == "EMSA3")
52  {
53  if(req.arg_count() == 1)
54  {
55  if(req.arg(0) == "Raw")
56  {
57  return new EMSA_PKCS1v15_Raw;
58  }
59  else
60  {
61  if(auto hash = HashFunction::create(req.arg(0)))
62  {
63  return new EMSA_PKCS1v15(hash.release());
64  }
65  }
66  }
67  }
68 #endif
69 
70 #if defined(BOTAN_HAS_EMSA_PSSR)
71  if(req.algo_name() == "PSSR" ||
72  req.algo_name() == "EMSA-PSS" ||
73  req.algo_name() == "PSS-MGF1" ||
74  req.algo_name() == "EMSA4")
75  {
76  if(req.arg_count_between(1, 3))
77  {
78  if(req.arg(1, "MGF1") != "MGF1")
79  return nullptr; // not supported
80 
81  if(auto h = HashFunction::create(req.arg(0)))
82  {
83  const size_t salt_size = req.arg_as_integer(2, h->output_length());
84  return new PSSR(h.release(), salt_size);
85  }
86  }
87  }
88 #endif
89 
90 #if defined(BOTAN_HAS_ISO_9796)
91  if(req.algo_name() == "ISO_9796_DS2")
92  {
93  if(req.arg_count_between(1, 3))
94  {
95  if(auto h = HashFunction::create(req.arg(0)))
96  {
97  const size_t salt_size = req.arg_as_integer(2, h->output_length());
98  const bool implicit = req.arg(1, "exp") == "imp";
99  return new ISO_9796_DS2(h.release(), implicit, salt_size);
100  }
101  }
102  }
103  //ISO-9796-2 DS 3 is deterministic and DS2 without a salt
104  if(req.algo_name() == "ISO_9796_DS3")
105  {
106  if(req.arg_count_between(1, 2))
107  {
108  if(auto h = HashFunction::create(req.arg(0)))
109  {
110  const bool implicit = req.arg(1, "exp") == "imp";
111  return new ISO_9796_DS3(h.release(), implicit);
112  }
113  }
114  }
115 #endif
116 
117 #if defined(BOTAN_HAS_EMSA_X931)
118  if(req.algo_name() == "EMSA_X931" ||
119  req.algo_name() == "EMSA2" ||
120  req.algo_name() == "X9.31")
121  {
122  if(req.arg_count() == 1)
123  {
124  if(auto hash = HashFunction::create(req.arg(0)))
125  {
126  return new EMSA_X931(hash.release());
127  }
128  }
129  }
130 #endif
131 
132 #if defined(BOTAN_HAS_EMSA_RAW)
133  if(req.algo_name() == "Raw" && req.arg_count() == 0)
134  {
135  return new EMSA_Raw;
136  }
137 #endif
138 
139  throw Algorithm_Not_Found(algo_spec);
140  }
size_t salt_size
MechanismType hash
BOTAN_DLL std::vector< std::string > Botan::get_files_recursive ( const std::string &  dir)

Definition at line 110 of file filesystem.cpp.

References BOTAN_UNUSED.

111  {
112  std::vector<std::string> files;
113 
114 #if defined(BOTAN_TARGET_OS_HAS_STL_FILESYSTEM_MSVC) && defined(BOTAN_BUILD_COMPILER_IS_MSVC)
115  files = impl_stl_filesystem(dir);
116 #elif defined(BOTAN_HAS_BOOST_FILESYSTEM)
117  files = impl_boost_filesystem(dir);
118 #elif defined(BOTAN_TARGET_OS_HAS_READDIR)
119  files = impl_readdir(dir);
120 #else
121  BOTAN_UNUSED(dir);
122  throw No_Filesystem_Access();
123 #endif
124 
125  std::sort(files.begin(), files.end());
126 
127  return files;
128  }
#define BOTAN_UNUSED(v)
Definition: assert.h:92
HashFunction* Botan::get_hash ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Definition at line 109 of file lookup.h.

References Botan::HashFunction::create().

111  {
112  return HashFunction::create(algo_spec, provider).release();
113  }
HashFunction* Botan::get_hash_function ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Hash function factory method.

Parameters
algo_specthe name of the desired hash function
providerthe provider to use
Returns
pointer to the hash function object

Definition at line 95 of file lookup.h.

References Botan::HashFunction::create().

97  {
98  return HashFunction::create(algo_spec, provider).release();
99  }
std::vector<std::string> Botan::get_hash_function_providers ( const std::string &  algo_spec)
inline

Definition at line 116 of file lookup.h.

References Botan::HashFunction::providers().

117  {
118  return HashFunction::providers(algo_spec);
119  }
BOTAN_DLL KDF * Botan::get_kdf ( const std::string &  algo_spec)

Factory method for KDF (key derivation function)

Parameters
algo_specthe name of the KDF to create
Returns
pointer to newly allocated object of that type

Definition at line 226 of file kdf.cpp.

References Botan::SCAN_Name::algo_name(), and Botan::KDF::create().

Referenced by botan_kdf(), Botan::PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(), Botan::PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(), Botan::PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(), and Botan::TLS::Handshake_State::protocol_specific_prf().

227  {
228  SCAN_Name request(algo_spec);
229 
230  if(request.algo_name() == "Raw")
231  return nullptr; // No KDF
232 
233  //return KDF::create_or_throw(algo_spec).release();
234  auto kdf = KDF::create(algo_spec);
235  if(!kdf)
236  throw Algorithm_Not_Found(algo_spec);
237  return kdf.release();
238  }
MessageAuthenticationCode* Botan::get_mac ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

MAC factory method.

Parameters
algo_specthe name of the desired MAC
providerthe provider to use
Returns
pointer to the MAC object

Definition at line 129 of file lookup.h.

References Botan::MessageAuthenticationCode::create().

131  {
132  return MessageAuthenticationCode::create(algo_spec, provider).release();
133  }
std::vector<std::string> Botan::get_mac_providers ( const std::string &  algo_spec)
inline

Definition at line 143 of file lookup.h.

References Botan::MessageAuthenticationCode::providers().

144  {
145  return MessageAuthenticationCode::providers(algo_spec);
146  }
PBKDF* Botan::get_pbkdf ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Password based key derivation function factory method

Parameters
algo_specthe name of the desired PBKDF algorithm
providerthe provider to use
Returns
pointer to newly allocated object of that type

Definition at line 216 of file pbkdf.h.

References Botan::PBKDF::create().

Referenced by botan_pbkdf(), botan_pbkdf_timed(), pbes2_decrypt(), and Botan::TLS::Session_Manager_SQL::Session_Manager_SQL().

218  {
219  std::unique_ptr<PBKDF> p(PBKDF::create(algo_spec, provider));
220  if(p)
221  return p.release();
222  throw Algorithm_Not_Found(algo_spec);
223  }
StreamCipher* Botan::get_stream_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Stream cipher factory method.

Parameters
algo_specthe name of the desired stream cipher
providerthe provider to use
Returns
pointer to the stream cipher object

Definition at line 68 of file lookup.h.

References Botan::StreamCipher::create().

70  {
71  return StreamCipher::create(algo_spec, provider).release();
72  }
std::vector<std::string> Botan::get_stream_cipher_providers ( const std::string &  algo_spec)
inline

Definition at line 82 of file lookup.h.

References Botan::StreamCipher::providers().

83  {
84  return StreamCipher::providers(algo_spec);
85  }
gf2m Botan::gray_to_lex ( gf2m  gray)
inline

Definition at line 31 of file code_based_util.h.

32  {
33  gf2m result = gray ^ (gray >> 8);
34  result ^= (result >> 4);
35  result ^= (result >> 2);
36  result ^= (result >> 1);
37  return result;
38  }
uint16_t gf2m
Definition: gf2m_small_m.h:20
template<typename T >
size_t Botan::hamming_weight ( n)
inline

Compute Hamming weights

Parameters
nan integer value
Returns
number of bits in n set to 1

Definition at line 80 of file bit_ops.h.

81  {
82  const uint8_t NIBBLE_WEIGHTS[] = {
83  0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 };
84 
85  size_t weight = 0;
86  for(size_t i = 0; i != 2*sizeof(T); ++i)
87  weight += NIBBLE_WEIGHTS[(n >> (4*i)) & 0x0F];
88  return weight;
89  }
BOTAN_DLL std::string Botan::hash_for_emsa ( const std::string &  algo_spec)

Returns the hash function used in the given EMSA scheme If the hash function is not specified or not understood, returns "SHA-512"

Parameters
algo_specthe name of the EMSA
Returns
hash function used in the given EMSA scheme

Definition at line 142 of file emsa.cpp.

References Botan::SCAN_Name::arg(), and Botan::SCAN_Name::arg_count().

Referenced by Botan::PKCS11::MechanismWrapper::create_ecdsa_mechanism().

143  {
144  SCAN_Name emsa_name(algo_spec);
145 
146  if(emsa_name.arg_count() > 0)
147  {
148  const std::string pos_hash = emsa_name.arg(0);
149  return pos_hash;
150  }
151 
152  return "SHA-512"; // safe default if nothing we understand
153  }
size_t BOTAN_DLL Botan::hex_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 49 of file hex.cpp.

References clear_mem().

Referenced by Botan::Hex_Decoder::end_msg(), Botan::Data_Store::get1_memvec(), hex_decode(), hex_decode_locked(), Botan::OctetString::OctetString(), Botan::X509_Certificate::subject_public_key_bits(), Botan::UUID::UUID(), and Botan::Hex_Decoder::write().

54  {
55  /*
56  * Mapping of hex characters to either their binary equivalent
57  * or to an error code.
58  * If valid hex (0-9 A-F a-f), the value.
59  * If whitespace, then 0x80
60  * Otherwise 0xFF
61  * Warning: this table assumes ASCII character encodings
62  */
63 
64  static const uint8_t HEX_TO_BIN[256] = {
65  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
66  0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
67  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
68  0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
69  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01,
70  0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xFF, 0xFF,
71  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
72  0x0F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
73  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
74  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0A, 0x0B, 0x0C,
75  0x0D, 0x0E, 0x0F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
76  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
77  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
78  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
79  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
80  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
81  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
82  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
83  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
84  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
85  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
86  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
87  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
88  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
89  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
90  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
91 
92  uint8_t* out_ptr = output;
93  bool top_nibble = true;
94 
95  clear_mem(output, input_length / 2);
96 
97  for(size_t i = 0; i != input_length; ++i)
98  {
99  const uint8_t bin = HEX_TO_BIN[static_cast<uint8_t>(input[i])];
100 
101  if(bin >= 0x10)
102  {
103  if(bin == 0x80 && ignore_ws)
104  continue;
105 
106  std::string bad_char(1, input[i]);
107  if(bad_char == "\t")
108  bad_char = "\\t";
109  else if(bad_char == "\n")
110  bad_char = "\\n";
111 
112  throw Invalid_Argument(
113  std::string("hex_decode: invalid hex character '") +
114  bad_char + "'");
115  }
116 
117  *out_ptr |= bin << (top_nibble*4);
118 
119  top_nibble = !top_nibble;
120  if(top_nibble)
121  ++out_ptr;
122  }
123 
124  input_consumed = input_length;
125  size_t written = (out_ptr - output);
126 
127  /*
128  * We only got half of a uint8_t at the end; zap the half-written
129  * output and mark it as unread
130  */
131  if(!top_nibble)
132  {
133  *out_ptr = 0;
134  input_consumed -= 1;
135  }
136 
137  return written;
138  }
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
size_t BOTAN_DLL Botan::hex_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 140 of file hex.cpp.

References hex_decode().

144  {
145  size_t consumed = 0;
146  size_t written = hex_decode(output, input, input_length,
147  consumed, ignore_ws);
148 
149  if(consumed != input_length)
150  throw Invalid_Argument("hex_decode: input did not have full bytes");
151 
152  return written;
153  }
std::vector< uint8_t > hex_decode(const std::string &input, bool ignore_ws)
Definition: hex.cpp:198
size_t BOTAN_DLL Botan::hex_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 155 of file hex.cpp.

References hex_decode().

158  {
159  return hex_decode(output, input.data(), input.length(), ignore_ws);
160  }
std::vector< uint8_t > hex_decode(const std::string &input, bool ignore_ws)
Definition: hex.cpp:198
std::vector< uint8_t > BOTAN_DLL Botan::hex_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 183 of file hex.cpp.

References hex_decode().

186  {
187  std::vector<uint8_t> bin(1 + input_length / 2);
188 
189  size_t written = hex_decode(bin.data(),
190  input,
191  input_length,
192  ignore_ws);
193 
194  bin.resize(written);
195  return bin;
196  }
std::vector< uint8_t > hex_decode(const std::string &input, bool ignore_ws)
Definition: hex.cpp:198
std::vector< uint8_t > BOTAN_DLL Botan::hex_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 198 of file hex.cpp.

References hex_decode().

200  {
201  return hex_decode(input.data(), input.size(), ignore_ws);
202  }
std::vector< uint8_t > hex_decode(const std::string &input, bool ignore_ws)
Definition: hex.cpp:198
secure_vector< uint8_t > BOTAN_DLL Botan::hex_decode_locked ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 162 of file hex.cpp.

References hex_decode().

Referenced by Botan::BigInt::decode(), hex_decode_locked(), and Botan::RTSS_Share::RTSS_Share().

165  {
166  secure_vector<uint8_t> bin(1 + input_length / 2);
167 
168  size_t written = hex_decode(bin.data(),
169  input,
170  input_length,
171  ignore_ws);
172 
173  bin.resize(written);
174  return bin;
175  }
std::vector< uint8_t > hex_decode(const std::string &input, bool ignore_ws)
Definition: hex.cpp:198
secure_vector< uint8_t > BOTAN_DLL Botan::hex_decode_locked ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 177 of file hex.cpp.

References hex_decode_locked().

179  {
180  return hex_decode_locked(input.data(), input.size(), ignore_ws);
181  }
secure_vector< uint8_t > hex_decode_locked(const std::string &input, bool ignore_ws)
Definition: hex.cpp:177
void BOTAN_DLL Botan::hex_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters
outputan array of at least input_length*2 bytes
inputis some binary data
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?

Definition at line 14 of file hex.cpp.

Referenced by Botan::Data_Store::add(), Botan::OctetString::as_string(), botan_hex_encode(), Botan::BigInt::encode(), Botan::Private_Key::fingerprint(), Botan::X509_Certificate::fingerprint(), hex_encode(), Botan::TLS::Session_Manager_SQL::load_from_session_id(), Botan::TLS::Session_Manager_In_Memory::load_from_session_id(), Botan::TLS::Session_Manager_SQL::remove_entry(), Botan::TLS::Session_Manager_In_Memory::remove_entry(), Botan::TLS::Session_Manager_SQL::save(), Botan::TLS::Session_Manager_In_Memory::save(), Botan::RTSS_Share::to_string(), Botan::UUID::to_string(), Botan::X509_Certificate::to_string(), and Botan::UUID::UUID().

18  {
19  static const uint8_t BIN_TO_HEX_UPPER[16] = {
20  '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
21  'A', 'B', 'C', 'D', 'E', 'F' };
22 
23  static const uint8_t BIN_TO_HEX_LOWER[16] = {
24  '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
25  'a', 'b', 'c', 'd', 'e', 'f' };
26 
27  const uint8_t* tbl = uppercase ? BIN_TO_HEX_UPPER : BIN_TO_HEX_LOWER;
28 
29  for(size_t i = 0; i != input_length; ++i)
30  {
31  uint8_t x = input[i];
32  output[2*i ] = tbl[(x >> 4) & 0x0F];
33  output[2*i+1] = tbl[(x ) & 0x0F];
34  }
35  }
std::string BOTAN_DLL Botan::hex_encode ( const uint8_t  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters
inputsome input
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?
Returns
hexadecimal representation of input

Definition at line 37 of file hex.cpp.

References hex_encode().

40  {
41  std::string output(2 * input_length, 0);
42 
43  if(input_length)
44  hex_encode(&output.front(), input, input_length, uppercase);
45 
46  return output;
47  }
std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:37
template<typename Alloc >
std::string Botan::hex_encode ( const std::vector< uint8_t, Alloc > &  input,
bool  uppercase = true 
)

Perform hex encoding

Parameters
inputsome input
uppercaseshould output be upper or lower case?
Returns
hexadecimal representation of input

Definition at line 46 of file hex.h.

References hex_encode().

48  {
49  return hex_encode(input.data(), input.size(), uppercase);
50  }
std::string hex_encode(const std::vector< uint8_t, Alloc > &input, bool uppercase=true)
Definition: hex.h:46
template<typename T >
size_t Botan::high_bit ( n)
inline

Return the index of the highest set bit T is an unsigned integer type

Parameters
nan integer value
Returns
index of the highest set bit in n

Definition at line 37 of file bit_ops.h.

Referenced by Botan::BigInt::bits(), and Botan::OID::encode_into().

38  {
39  for(size_t i = 8*sizeof(T); i > 0; --i)
40  if((n >> (i - 1)) & 0x01)
41  return i;
42  return 0;
43  }
bool BOTAN_DLL Botan::host_wildcard_match ( const std::string &  issued,
const std::string &  host 
)

Definition at line 337 of file parsing.cpp.

Referenced by Botan::X509_Certificate::matches_dns_name().

338  {
339  if(issued == host)
340  return true;
341 
342  if(issued.size() > 2 && issued[0] == '*' && issued[1] == '.')
343  {
344  size_t host_i = host.find('.');
345  if(host_i == std::string::npos || host_i == host.size() - 1)
346  return false;
347 
348  const std::string host_base = host.substr(host_i + 1);
349  const std::string issued_base = issued.substr(2);
350 
351  if(host_base == issued_base)
352  return true;
353  }
354 
355  return false;
356  }
BOTAN_DLL uint8_t Botan::ieee1363_hash_id ( const std::string &  hash_name)

Return the IEEE 1363 hash identifier

Parameters
hash_namethe name of the hash function
Returns
uint8_t code identifying the hash, or 0 if not known

Definition at line 104 of file hash_id.cpp.

Referenced by Botan::EMSA_X931::EMSA_X931().

105  {
106  if(name == "SHA-160") return 0x33;
107 
108  if(name == "SHA-224") return 0x38;
109  if(name == "SHA-256") return 0x34;
110  if(name == "SHA-384") return 0x36;
111  if(name == "SHA-512") return 0x35;
112 
113  if(name == "RIPEMD-160") return 0x31;
114 
115  if(name == "Whirlpool") return 0x37;
116 
117  return 0;
118  }
BOTAN_DLL size_t Botan::if_work_factor ( size_t  n_bits)

Estimate work factor for integer factorization

Parameters
n_bitssize of modulus in bits
Returns
estimated security level for this modulus

Definition at line 19 of file workfactor.cpp.

Referenced by dl_work_factor(), Botan::RSA_PublicKey::estimated_strength(), and Botan::TPM_PrivateKey::estimated_strength().

20  {
21  // RFC 3766: k * e^((1.92 + o(1)) * cubrt(ln(n) * (ln(ln(n)))^2))
22  // It estimates k at .02 and o(1) to be effectively zero for sizes of interest
23  const double k = .02;
24 
25  // approximates natural logarithm of p
26  const double log2_e = std::log2(std::exp(1));
27  const double log_p = bits / log2_e;
28 
29  const double est = 1.92 * std::pow(log_p * std::log(log_p) * std::log(log_p), 1.0/3.0);
30 
31  return static_cast<size_t>(std::log2(k) + log2_e * est);
32  }
BigInt BOTAN_DLL Botan::inverse_mod ( const BigInt x,
const BigInt modulus 
)

Modular inversion

Parameters
xa positive integer
modulusa positive integer
Returns
y st (x*y) % modulus == 1 or 0 if no such value Not const time

Definition at line 276 of file numthry.cpp.

References ct_inverse_mod_odd_modulus(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), and low_zero_bits().

Referenced by botan_mp_mod_inverse(), Botan::RSA_PrivateKey::check_key(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::PointGFp::get_affine_x(), Botan::PointGFp::get_affine_y(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

277  {
278  if(mod.is_zero())
279  throw BigInt::DivideByZero();
280  if(mod.is_negative() || n.is_negative())
281  throw Invalid_Argument("inverse_mod: arguments must be non-negative");
282 
283  if(n.is_zero() || (n.is_even() && mod.is_even()))
284  return 0; // fast fail checks
285 
286  if(mod.is_odd())
287  return ct_inverse_mod_odd_modulus(n, mod);
288 
289  BigInt u = mod, v = n;
290  BigInt A = 1, B = 0, C = 0, D = 1;
291 
292  while(u.is_nonzero())
293  {
294  const size_t u_zero_bits = low_zero_bits(u);
295  u >>= u_zero_bits;
296  for(size_t i = 0; i != u_zero_bits; ++i)
297  {
298  if(A.is_odd() || B.is_odd())
299  { A += n; B -= mod; }
300  A >>= 1; B >>= 1;
301  }
302 
303  const size_t v_zero_bits = low_zero_bits(v);
304  v >>= v_zero_bits;
305  for(size_t i = 0; i != v_zero_bits; ++i)
306  {
307  if(C.is_odd() || D.is_odd())
308  { C += n; D -= mod; }
309  C >>= 1; D >>= 1;
310  }
311 
312  if(u >= v) { u -= v; A -= C; B -= D; }
313  else { v -= u; C -= A; D -= B; }
314  }
315 
316  if(v != 1)
317  return 0; // no modular inverse
318 
319  while(D.is_negative()) D += mod;
320  while(D >= mod) D -= mod;
321 
322  return D;
323  }
BigInt ct_inverse_mod_odd_modulus(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:153
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:20
BOTAN_DLL std::string Botan::ipv4_to_string ( uint32_t  ip_addr)

Convert an IPv4 address to a string

Parameters
ip_addrthe IPv4 address to convert
Returns
string representation of the IPv4 address

Definition at line 288 of file parsing.cpp.

References get_byte(), and Botan::ASN1::to_string().

Referenced by Botan::AlternativeName::decode_from(), and Botan::GeneralName::decode_from().

289  {
290  std::string str;
291 
292  for(size_t i = 0; i != sizeof(ip); ++i)
293  {
294  if(i)
295  str += ".";
296  str += std::to_string(get_byte(i, ip));
297  }
298 
299  return str;
300  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
template<typename T >
bool Botan::is_power_of_2 ( arg)
inline

Power of 2 test. T should be an unsigned integer type

Parameters
argan integer value
Returns
true iff arg is 2^n for some n > 0

Definition at line 25 of file bit_ops.h.

Referenced by operator%(), Botan::BigInt::operator%=(), and Botan::BigInt::operator/=().

26  {
27  return ((arg != 0 && arg != 1) && ((arg & (arg-1)) == 0));
28  }
bool BOTAN_DLL Botan::is_prime ( const BigInt n,
RandomNumberGenerator rng,
size_t  prob = 56,
bool  is_random = false 
)

Check for primality

Parameters
na positive integer to test for primality
rnga random number generator
probchance of false positive is bounded by 1/2**prob
is_randomtrue if n was randomly chosen by us
Returns
true if all primality tests passed, otherwise false

Definition at line 441 of file numthry.cpp.

References Botan::BigInt::bits(), Botan::BigInt::is_even(), low_zero_bits(), PRIME_TABLE_SIZE, PRIMES, Botan::BigInt::random_integer(), and Botan::BigInt::word_at().

Referenced by botan_mp_is_prime(), Botan::RSA_PrivateKey::check_key(), check_prime(), Botan::DL_Group::DL_Group(), generate_dsa_primes(), quick_check_prime(), random_prime(), random_safe_prime(), Botan::DL_Group::verify_group(), Botan::EC_Group::verify_group(), and verify_prime().

443  {
444  if(n == 2)
445  return true;
446  if(n <= 1 || n.is_even())
447  return false;
448 
449  // Fast path testing for small numbers (<= 65521)
450  if(n <= PRIMES[PRIME_TABLE_SIZE-1])
451  {
452  const uint16_t num = static_cast<uint16_t>(n.word_at(0));
453 
454  return std::binary_search(PRIMES, PRIMES + PRIME_TABLE_SIZE, num);
455  }
456 
457  const size_t test_iterations = mr_test_iterations(n.bits(), prob, is_random);
458 
459  const BigInt n_minus_1 = n - 1;
460  const size_t s = low_zero_bits(n_minus_1);
461 
462  Fixed_Exponent_Power_Mod pow_mod(n_minus_1 >> s, n);
463  Modular_Reducer reducer(n);
464 
465  for(size_t i = 0; i != test_iterations; ++i)
466  {
467  const BigInt a = BigInt::random_integer(rng, 2, n_minus_1);
468  BigInt y = pow_mod(a);
469 
470  if(mr_witness(std::move(y), reducer, n_minus_1, s))
471  return false;
472  }
473 
474  return true;
475  }
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:240
const uint16_t BOTAN_DLL PRIMES[]
Definition: primes.cpp:12
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:20
int32_t BOTAN_DLL Botan::jacobi ( const BigInt a,
const BigInt n 
)

Compute the Jacobi symbol. If n is prime, this is equivalent to the Legendre symbol.

See also
http://mathworld.wolfram.com/JacobiSymbol.html
Parameters
ais a non-negative integer
nis an odd integer > 1
Returns
(n / m)

Definition at line 15 of file jacobi.cpp.

References Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), and low_zero_bits().

Referenced by Botan::DL_Group::DL_Group(), and ressol().

16  {
17  if(a.is_negative())
18  throw Invalid_Argument("jacobi: first argument must be non-negative");
19  if(n.is_even() || n < 2)
20  throw Invalid_Argument("jacobi: second argument must be odd and > 1");
21 
22  BigInt x = a, y = n;
23  int32_t J = 1;
24 
25  while(y > 1)
26  {
27  x %= y;
28  if(x > y / 2)
29  {
30  x = y - x;
31  if(y % 4 == 3)
32  J = -J;
33  }
34  if(x.is_zero())
35  return 0;
36 
37  size_t shifts = low_zero_bits(x);
38  x >>= shifts;
39  if(shifts % 2)
40  {
41  word y_mod_8 = y % 8;
42  if(y_mod_8 == 3 || y_mod_8 == 5)
43  J = -J;
44  }
45 
46  if(x % 4 == 3 && y % 4 == 3)
47  J = -J;
48  std::swap(x, y);
49  }
50  return J;
51  }
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:20
std::string BOTAN_DLL Botan::key_constraints_to_string ( Key_Constraints  constraints)

Definition at line 14 of file key_constraint.cpp.

References CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NO_CONSTRAINTS, and NON_REPUDIATION.

Referenced by verify_cert_constraints_valid_for_key_type().

15  {
16  std::vector<std::string> str;
17 
18  if(constraints == NO_CONSTRAINTS)
19  return "no_constraints";
20 
21  if(constraints & DIGITAL_SIGNATURE)
22  str.push_back("digital_signature");
23 
24  if(constraints & NON_REPUDIATION)
25  str.push_back("non_repudiation");
26 
27  if(constraints & KEY_ENCIPHERMENT)
28  str.push_back("key_encipherment");
29 
30  if(constraints & DATA_ENCIPHERMENT)
31  str.push_back("data_encipherment");
32 
33  if(constraints & KEY_AGREEMENT)
34  str.push_back("key_agreement");
35 
36  if(constraints & KEY_CERT_SIGN)
37  str.push_back("key_cert_sign");
38 
39  if(constraints & CRL_SIGN)
40  str.push_back("crl_sign");
41 
42  if(constraints & ENCIPHER_ONLY)
43  str.push_back("encipher_only");
44 
45  if(constraints & DECIPHER_ONLY)
46  str.push_back("decipher_only");
47 
48  // Not 0 (checked at start) but nothing matched above!
49  if(str.empty())
50  return "other_unknown_constraints";
51 
52  if(str.size() == 1)
53  return str[0];
54 
55  std::string out;
56  for(size_t i = 0; i < str.size() - 1; ++i)
57  {
58  out += str[i];
59  out += ',';
60  }
61  out += str[str.size() - 1];
62 
63  return out;
64  }
Definition: ffi.h:934
BigInt BOTAN_DLL Botan::lcm ( const BigInt x,
const BigInt y 
)

Least common multiple

Parameters
xa positive integer
ya positive integer
Returns
z, smallest integer such that z % x == 0 and z % y == 0

Definition at line 73 of file numthry.cpp.

References gcd().

Referenced by Botan::RSA_PrivateKey::check_key(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

74  {
75  return ((a * b) / gcd(a, b));
76  }
BigInt gcd(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:46
gf2m Botan::lex_to_gray ( gf2m  lex)
inline

Definition at line 40 of file code_based_util.h.

Referenced by syndrome_init().

41  {
42  return (lex >> 1) ^ lex;
43  }
template<typename T >
T Botan::load_be ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a big-endian value

Definition at line 113 of file loadstor.h.

Referenced by Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::XTEA::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), and Botan::SIMD_4x32::load_be().

114  {
115  in += off * sizeof(T);
116  T out = 0;
117  for(size_t i = 0; i != sizeof(T); ++i)
118  out = (out << 8) | in[i];
119  return out;
120  }
template<typename T >
void Botan::load_be ( const uint8_t  in[],
T &  x0,
T &  x1 
)
inline

Load two big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 353 of file loadstor.h.

354  {
355  x0 = load_be<T>(in, 0);
356  x1 = load_be<T>(in, 1);
357  }
template<typename T >
void Botan::load_be ( const uint8_t  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3 
)
inline

Load four big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 368 of file loadstor.h.

370  {
371  x0 = load_be<T>(in, 0);
372  x1 = load_be<T>(in, 1);
373  x2 = load_be<T>(in, 2);
374  x3 = load_be<T>(in, 3);
375  }
template<typename T >
void Botan::load_be ( const uint8_t  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3,
T &  x4,
T &  x5,
T &  x6,
T &  x7 
)
inline

Load eight big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 390 of file loadstor.h.

393  {
394  x0 = load_be<T>(in, 0);
395  x1 = load_be<T>(in, 1);
396  x2 = load_be<T>(in, 2);
397  x3 = load_be<T>(in, 3);
398  x4 = load_be<T>(in, 4);
399  x5 = load_be<T>(in, 5);
400  x6 = load_be<T>(in, 6);
401  x7 = load_be<T>(in, 7);
402  }
template<typename T >
void Botan::load_be ( out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of big-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 411 of file loadstor.h.

References bswap_4(), and reverse_bytes().

414  {
415  if(count > 0)
416  {
417 #if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
418  std::memcpy(out, in, sizeof(T)*count);
419 #elif defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
420  std::memcpy(out, in, sizeof(T)*count);
421  const size_t blocks = count - (count % 4);
422  const size_t left = count - blocks;
423 
424  for(size_t i = 0; i != blocks; i += 4)
425  bswap_4(out + i);
426 
427  for(size_t i = 0; i != left; ++i)
428  out[blocks+i] = reverse_bytes(out[blocks+i]);
429 #else
430  for(size_t i = 0; i != count; ++i)
431  out[i] = load_be<T>(in, i);
432 #endif
433  }
434  }
void bswap_4(T x[4])
Definition: bswap.h:112
uint16_t reverse_bytes(uint16_t val)
Definition: bswap.h:24
template<>
uint16_t Botan::load_be< uint16_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a big-endian value

Definition at line 145 of file loadstor.h.

References make_uint16().

Referenced by Botan::TLS::Datagram_Handshake_IO::add_record(), check_passhash9(), Botan::MISTY1::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::MISTY1::encrypt_n(), and Botan::KASUMI::encrypt_n().

146  {
147  in += off * sizeof(uint16_t);
148 
149 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
150  uint16_t x;
151  std::memcpy(&x, in, sizeof(x));
152  return BOTAN_ENDIAN_N2B(x);
153 #else
154  return make_uint16(in[0], in[1]);
155 #endif
156  }
uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition: loadstor.h:60
template<>
uint32_t Botan::load_be< uint32_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a big-endian value

Definition at line 185 of file loadstor.h.

References make_uint32().

Referenced by Botan::AlternativeName::decode_from(), Botan::GeneralName::decode_from(), Botan::SEED::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::CAST_256::encrypt_n(), and Botan::SEED::encrypt_n().

186  {
187  in += off * sizeof(uint32_t);
188 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
189  uint32_t x;
190  std::memcpy(&x, in, sizeof(x));
191  return BOTAN_ENDIAN_N2B(x);
192 #else
193  return make_uint32(in[0], in[1], in[2], in[3]);
194 #endif
195  }
uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition: loadstor.h:73
template<>
uint64_t Botan::load_be< uint64_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a big-endian value

Definition at line 223 of file loadstor.h.

References make_uint64().

Referenced by rfc3394_keyunwrap().

224  {
225  in += off * sizeof(uint64_t);
226 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
227  uint64_t x;
228  std::memcpy(&x, in, sizeof(x));
229  return BOTAN_ENDIAN_N2B(x);
230 #else
231  return make_uint64(in[0], in[1], in[2], in[3],
232  in[4], in[5], in[6], in[7]);
233 #endif
234  }
uint64_t make_uint64(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
Definition: loadstor.h:93
template<typename T >
T Botan::load_le ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a litte-endian value

Definition at line 129 of file loadstor.h.

Referenced by Botan::MD4::compress_n(), Botan::MD5::compress_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Twofish::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Serpent::encrypt_n(), and Botan::SIMD_4x32::load_le().

130  {
131  in += off * sizeof(T);
132  T out = 0;
133  for(size_t i = 0; i != sizeof(T); ++i)
134  out = (out << 8) | in[sizeof(T)-1-i];
135  return out;
136  }
template<typename T >
void Botan::load_le ( const uint8_t  in[],
T &  x0,
T &  x1 
)
inline

Load two little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 263 of file loadstor.h.

264  {
265  x0 = load_le<T>(in, 0);
266  x1 = load_le<T>(in, 1);
267  }
template<typename T >
void Botan::load_le ( const uint8_t  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3 
)
inline

Load four little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 278 of file loadstor.h.

280  {
281  x0 = load_le<T>(in, 0);
282  x1 = load_le<T>(in, 1);
283  x2 = load_le<T>(in, 2);
284  x3 = load_le<T>(in, 3);
285  }
template<typename T >
void Botan::load_le ( const uint8_t  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3,
T &  x4,
T &  x5,
T &  x6,
T &  x7 
)
inline

Load eight little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 300 of file loadstor.h.

303  {
304  x0 = load_le<T>(in, 0);
305  x1 = load_le<T>(in, 1);
306  x2 = load_le<T>(in, 2);
307  x3 = load_le<T>(in, 3);
308  x4 = load_le<T>(in, 4);
309  x5 = load_le<T>(in, 5);
310  x6 = load_le<T>(in, 6);
311  x7 = load_le<T>(in, 7);
312  }
template<typename T >
void Botan::load_le ( out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of little-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 321 of file loadstor.h.

References bswap_4(), and reverse_bytes().

324  {
325  if(count > 0)
326  {
327 #if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
328  std::memcpy(out, in, sizeof(T)*count);
329 #elif defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
330  std::memcpy(out, in, sizeof(T)*count);
331  const size_t blocks = count - (count % 4);
332  const size_t left = count - blocks;
333 
334  for(size_t i = 0; i != blocks; i += 4)
335  bswap_4(out + i);
336 
337  for(size_t i = 0; i != left; ++i)
338  out[blocks+i] = reverse_bytes(out[blocks+i]);
339 #else
340  for(size_t i = 0; i != count; ++i)
341  out[i] = load_le<T>(in, i);
342 #endif
343  }
344  }
void bswap_4(T x[4])
Definition: bswap.h:112
uint16_t reverse_bytes(uint16_t val)
Definition: bswap.h:24
template<>
uint16_t Botan::load_le< uint16_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a little-endian value

Definition at line 165 of file loadstor.h.

References make_uint16().

166  {
167  in += off * sizeof(uint16_t);
168 
169 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
170  uint16_t x;
171  std::memcpy(&x, in, sizeof(x));
172  return BOTAN_ENDIAN_N2L(x);
173 #else
174  return make_uint16(in[1], in[0]);
175 #endif
176  }
uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition: loadstor.h:60
template<>
uint32_t Botan::load_le< uint32_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a little-endian value

Definition at line 204 of file loadstor.h.

References make_uint32().

Referenced by Botan::GOST_28147_89::decrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::ChaCha::seek(), Botan::Salsa20::set_iv(), and Botan::ChaCha::set_iv().

205  {
206  in += off * sizeof(uint32_t);
207 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
208  uint32_t x;
209  std::memcpy(&x, in, sizeof(x));
210  return BOTAN_ENDIAN_N2L(x);
211 #else
212  return make_uint32(in[3], in[2], in[1], in[0]);
213 #endif
214  }
uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition: loadstor.h:73
template<>
uint64_t Botan::load_le< uint64_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a little-endian value

Definition at line 243 of file loadstor.h.

References make_uint64().

Referenced by Botan::SHA_3::absorb(), and Botan::Threefish_512::set_tweak().

244  {
245  in += off * sizeof(uint64_t);
246 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
247  uint64_t x;
248  std::memcpy(&x, in, sizeof(x));
249  return BOTAN_ENDIAN_N2L(x);
250 #else
251  return make_uint64(in[7], in[6], in[5], in[4],
252  in[3], in[2], in[1], in[0]);
253 #endif
254  }
uint64_t make_uint64(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
Definition: loadstor.h:93
BOTAN_DLL std::unique_ptr< Private_Key > Botan::load_private_key ( const AlgorithmIdentifier alg_id,
const secure_vector< uint8_t > &  key_bits 
)

Definition at line 133 of file pk_algs.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), and Botan::AlgorithmIdentifier::oid.

135  {
136  const std::string alg_name = OIDS::lookup(alg_id.oid);
137  if(alg_name == "")
138  throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string());
139 
140 #if defined(BOTAN_HAS_RSA)
141  if(alg_name == "RSA")
142  return std::unique_ptr<Private_Key>(new RSA_PrivateKey(alg_id, key_bits));
143 #endif
144 
145 #if defined(BOTAN_HAS_CURVE_25519)
146  if(alg_name == "Curve25519")
147  return std::unique_ptr<Private_Key>(new Curve25519_PrivateKey(alg_id, key_bits));
148 #endif
149 
150 #if defined(BOTAN_HAS_ECDSA)
151  if(alg_name == "ECDSA")
152  return std::unique_ptr<Private_Key>(new ECDSA_PrivateKey(alg_id, key_bits));
153 #endif
154 
155 #if defined(BOTAN_HAS_ECDH)
156  if(alg_name == "ECDH")
157  return std::unique_ptr<Private_Key>(new ECDH_PrivateKey(alg_id, key_bits));
158 #endif
159 
160 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
161  if(alg_name == "DH")
162  return std::unique_ptr<Private_Key>(new DH_PrivateKey(alg_id, key_bits));
163 #endif
164 
165 #if defined(BOTAN_HAS_DSA)
166  if(alg_name == "DSA")
167  return std::unique_ptr<Private_Key>(new DSA_PrivateKey(alg_id, key_bits));
168 #endif
169 
170 #if defined(BOTAN_HAS_MCELIECE)
171  if(alg_name == "McEliece")
172  return std::unique_ptr<Private_Key>(new McEliece_PrivateKey(key_bits));
173 #endif
174 
175 #if defined(BOTAN_HAS_ECGDSA)
176  if(alg_name == "ECGDSA")
177  return std::unique_ptr<Private_Key>(new ECGDSA_PrivateKey(alg_id, key_bits));
178 #endif
179 
180 #if defined(BOTAN_HAS_ECKCDSA)
181  if(alg_name == "ECKCDSA")
182  return std::unique_ptr<Private_Key>(new ECKCDSA_PrivateKey(alg_id, key_bits));
183 #endif
184 
185 #if defined(BOTAN_HAS_GOST_34_10_2001)
186  if(alg_name == "GOST-34.10")
187  return std::unique_ptr<Private_Key>(new GOST_3410_PrivateKey(alg_id, key_bits));
188 #endif
189 
190 #if defined(BOTAN_HAS_ELGAMAL)
191  if(alg_name == "ElGamal")
192  return std::unique_ptr<Private_Key>(new ElGamal_PrivateKey(alg_id, key_bits));
193 #endif
194 
195 #if defined(BOTAN_HAS_XMSS)
196  if(alg_name == "XMSS")
197  return std::unique_ptr<Private_Key>(new XMSS_PrivateKey(key_bits));
198 #endif
199 
200  throw Decoding_Error("Unhandled PK algorithm " + alg_name);
201  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
BOTAN_DLL std::unique_ptr< Public_Key > Botan::load_public_key ( const AlgorithmIdentifier alg_id,
const std::vector< uint8_t > &  key_bits 
)

Definition at line 62 of file pk_algs.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), and Botan::AlgorithmIdentifier::oid.

Referenced by Botan::X509::load_key().

64  {
65  const std::string alg_name = OIDS::lookup(alg_id.oid);
66  if(alg_name == "")
67  throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string());
68 
69 #if defined(BOTAN_HAS_RSA)
70  if(alg_name == "RSA")
71  return std::unique_ptr<Public_Key>(new RSA_PublicKey(alg_id, key_bits));
72 #endif
73 
74 #if defined(BOTAN_HAS_CURVE_25519)
75  if(alg_name == "Curve25519")
76  return std::unique_ptr<Public_Key>(new Curve25519_PublicKey(alg_id, key_bits));
77 #endif
78 
79 #if defined(BOTAN_HAS_MCELIECE)
80  if(alg_name == "McEliece")
81  return std::unique_ptr<Public_Key>(new McEliece_PublicKey(key_bits));
82 #endif
83 
84 #if defined(BOTAN_HAS_ECDSA)
85  if(alg_name == "ECDSA")
86  return std::unique_ptr<Public_Key>(new ECDSA_PublicKey(alg_id, key_bits));
87 #endif
88 
89 #if defined(BOTAN_HAS_ECDH)
90  if(alg_name == "ECDH")
91  return std::unique_ptr<Public_Key>(new ECDH_PublicKey(alg_id, key_bits));
92 #endif
93 
94 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
95  if(alg_name == "DH")
96  return std::unique_ptr<Public_Key>(new DH_PublicKey(alg_id, key_bits));
97 #endif
98 
99 #if defined(BOTAN_HAS_DSA)
100  if(alg_name == "DSA")
101  return std::unique_ptr<Public_Key>(new DSA_PublicKey(alg_id, key_bits));
102 #endif
103 
104 #if defined(BOTAN_HAS_ELGAMAL)
105  if(alg_name == "ElGamal")
106  return std::unique_ptr<Public_Key>(new ElGamal_PublicKey(alg_id, key_bits));
107 #endif
108 
109 #if defined(BOTAN_HAS_ECGDSA)
110  if(alg_name == "ECGDSA")
111  return std::unique_ptr<Public_Key>(new ECGDSA_PublicKey(alg_id, key_bits));
112 #endif
113 
114 #if defined(BOTAN_HAS_ECKCDSA)
115  if(alg_name == "ECKCDSA")
116  return std::unique_ptr<Public_Key>(new ECKCDSA_PublicKey(alg_id, key_bits));
117 #endif
118 
119 #if defined(BOTAN_HAS_GOST_34_10_2001)
120  if(alg_name == "GOST-34.10")
121  return std::unique_ptr<Public_Key>(new GOST_3410_PublicKey(alg_id, key_bits));
122 #endif
123 
124 #if defined(BOTAN_HAS_XMSS)
125  if(alg_name == "XMSS")
126  return std::unique_ptr<Public_Key>(new XMSS_PublicKey(key_bits));
127 #endif
128 
129  throw Decoding_Error("Unhandled PK algorithm " + alg_name);
130  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
template<typename T >
size_t Botan::low_bit ( n)
inline

Return the index of the lowest set bit T is an unsigned integer type

Parameters
nan integer value
Returns
index of the lowest set bit in n

Definition at line 52 of file bit_ops.h.

53  {
54  for(size_t i = 0; i != 8*sizeof(T); ++i)
55  if((n >> i) & 0x01)
56  return (i + 1);
57  return 0;
58  }
size_t BOTAN_DLL Botan::low_zero_bits ( const BigInt x)
Parameters
xa positive integer
Returns
count of the zero bits in x, or, equivalently, the largest value of n such that 2^n divides x evenly. Returns zero if n is less than or equal to zero.

Definition at line 20 of file numthry.cpp.

References ctz(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_positive(), Botan::BigInt::size(), and Botan::BigInt::word_at().

Referenced by gcd(), inverse_mod(), is_prime(), jacobi(), and ressol().

21  {
22  size_t low_zero = 0;
23 
24  if(n.is_positive() && n.is_nonzero())
25  {
26  for(size_t i = 0; i != n.size(); ++i)
27  {
28  const word x = n.word_at(i);
29 
30  if(x)
31  {
32  low_zero += ctz(x);
33  break;
34  }
35  else
36  low_zero += BOTAN_MP_WORD_BITS;
37  }
38  }
39 
40  return low_zero;
41  }
size_t ctz(T n)
Definition: bit_ops.h:97
std::unique_ptr<BlockCipher> Botan::make_block_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Definition at line 48 of file lookup.h.

References Botan::BlockCipher::create_or_throw().

50  {
51  return BlockCipher::create_or_throw(algo_spec, provider);
52  }
BOTAN_DLL Compression_Algorithm * Botan::make_compressor ( const std::string &  name)

Definition at line 26 of file compression.cpp.

References BOTAN_UNUSED.

27  {
28 #if defined(BOTAN_HAS_ZLIB)
29  if(name == "Zlib" || name == "zlib")
30  return new Zlib_Compression;
31  if(name == "Gzip" || name == "gzip" || name == "gz")
32  return new Gzip_Compression;
33  if(name == "Deflate" || name == "deflate")
34  return new Deflate_Compression;
35 #endif
36 
37 #if defined(BOTAN_HAS_BZIP2)
38  if(name == "bzip2" || name == "bz2" || name == "Bzip2")
39  return new Bzip2_Compression;
40 #endif
41 
42 #if defined(BOTAN_HAS_LZMA)
43  if(name == "lzma" || name == "xz" || name == "LZMA")
44  return new LZMA_Compression;
45 #endif
46 
47  BOTAN_UNUSED(name);
48  return nullptr;
49  }
#define BOTAN_UNUSED(v)
Definition: assert.h:92
BOTAN_DLL Decompression_Algorithm * Botan::make_decompressor ( const std::string &  name)

Definition at line 51 of file compression.cpp.

References BOTAN_UNUSED.

52  {
53 #if defined(BOTAN_HAS_ZLIB)
54  if(name == "Zlib" || name == "zlib")
55  return new Zlib_Decompression;
56  if(name == "Gzip" || name == "gzip" || name == "gz")
57  return new Gzip_Decompression;
58  if(name == "Deflate" || name == "deflate")
59  return new Deflate_Decompression;
60 #endif
61 
62 #if defined(BOTAN_HAS_BZIP2)
63  if(name == "bzip2" || name == "bz2" || name == "Bzip2")
64  return new Bzip2_Decompression;
65 #endif
66 
67 #if defined(BOTAN_HAS_LZMA)
68  if(name == "lzma" || name == "xz" || name == "LZMA")
69  return new LZMA_Decompression;
70 #endif
71 
72  BOTAN_UNUSED(name);
73  return nullptr;
74  }
#define BOTAN_UNUSED(v)
Definition: assert.h:92
std::unique_ptr<HashFunction> Botan::make_hash_function ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Definition at line 102 of file lookup.h.

References Botan::HashFunction::create_or_throw().

104  {
105  return HashFunction::create_or_throw(algo_spec, provider);
106  }
std::unique_ptr<MessageAuthenticationCode> Botan::make_message_auth ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Definition at line 136 of file lookup.h.

References Botan::MessageAuthenticationCode::create().

138  {
139  return MessageAuthenticationCode::create(algo_spec, provider);
140  }
std::unique_ptr< BlockCipher > Botan::make_openssl_block_cipher ( const std::string &  name)

Definition at line 157 of file openssl_block.cpp.

References MAKE_OPENSSL_BLOCK, and MAKE_OPENSSL_BLOCK_KEYLEN.

Referenced by Botan::BlockCipher::create().

158  {
159 #define MAKE_OPENSSL_BLOCK(evp_fn) \
160  std::unique_ptr<BlockCipher>(new OpenSSL_BlockCipher(name, evp_fn()))
161 #define MAKE_OPENSSL_BLOCK_KEYLEN(evp_fn, kl_min, kl_max, kl_mod) \
162  std::unique_ptr<BlockCipher>(new OpenSSL_BlockCipher(name, evp_fn(), kl_min, kl_max, kl_mod))
163 
164 #if defined(BOTAN_HAS_AES) && !defined(OPENSSL_NO_AES)
165  if(name == "AES-128")
166  return MAKE_OPENSSL_BLOCK(EVP_aes_128_ecb);
167  if(name == "AES-192")
168  return MAKE_OPENSSL_BLOCK(EVP_aes_192_ecb);
169  if(name == "AES-256")
170  return MAKE_OPENSSL_BLOCK(EVP_aes_256_ecb);
171 #endif
172 
173 #if defined(BOTAN_HAS_CAMELLIA) && !defined(OPENSSL_NO_CAMELLIA)
174  if(name == "Camellia-128")
175  return MAKE_OPENSSL_BLOCK(EVP_camellia_128_ecb);
176  if(name == "Camellia-192")
177  return MAKE_OPENSSL_BLOCK(EVP_camellia_192_ecb);
178  if(name == "Camellia-256")
179  return MAKE_OPENSSL_BLOCK(EVP_camellia_256_ecb);
180 #endif
181 
182 #if defined(BOTAN_HAS_DES) && !defined(OPENSSL_NO_DES)
183  if(name == "DES")
184  return MAKE_OPENSSL_BLOCK(EVP_des_ecb);
185  if(name == "TripleDES")
186  return MAKE_OPENSSL_BLOCK_KEYLEN(EVP_des_ede3_ecb, 16, 24, 8);
187 #endif
188 
189 #if defined(BOTAN_HAS_BLOWFISH) && !defined(OPENSSL_NO_BF)
190  if(name == "Blowfish")
191  return MAKE_OPENSSL_BLOCK_KEYLEN(EVP_bf_ecb, 1, 56, 1);
192 #endif
193 
194 #if defined(BOTAN_HAS_CAST) && !defined(OPENSSL_NO_CAST)
195  if(name == "CAST-128")
196  return MAKE_OPENSSL_BLOCK_KEYLEN(EVP_cast5_ecb, 1, 16, 1);
197 #endif
198 
199 #if defined(BOTAN_HAS_IDEA) && !defined(OPENSSL_NO_IDEA)
200  if(name == "IDEA")
201  return MAKE_OPENSSL_BLOCK(EVP_idea_ecb);
202 #endif
203 
204 #if defined(BOTAN_HAS_SEED) && !defined(OPENSSL_NO_SEED)
205  if(name == "SEED")
206  return MAKE_OPENSSL_BLOCK(EVP_seed_ecb);
207 #endif
208 
209  return nullptr;
210  }
#define MAKE_OPENSSL_BLOCK(evp_fn)
#define MAKE_OPENSSL_BLOCK_KEYLEN(evp_fn, kl_min, kl_max, kl_mod)
std::unique_ptr< HashFunction > Botan::make_openssl_hash ( const std::string &  name)

Definition at line 76 of file openssl_hash.cpp.

References MAKE_OPENSSL_HASH.

Referenced by Botan::HashFunction::create().

77  {
78 #define MAKE_OPENSSL_HASH(fn) \
79  std::unique_ptr<HashFunction>(new OpenSSL_HashFunction(name, fn ()))
80 
81 #if defined(BOTAN_HAS_SHA2_32) && !defined(OPENSSL_NO_SHA256)
82  if(name == "SHA-224")
83  return MAKE_OPENSSL_HASH(EVP_sha224);
84  if(name == "SHA-256")
85  return MAKE_OPENSSL_HASH(EVP_sha256);
86 #endif
87 
88 #if defined(BOTAN_HAS_SHA2_64) && !defined(OPENSSL_NO_SHA512)
89  if(name == "SHA-384")
90  return MAKE_OPENSSL_HASH(EVP_sha384);
91  if(name == "SHA-512")
92  return MAKE_OPENSSL_HASH(EVP_sha512);
93 #endif
94 
95 #if defined(BOTAN_HAS_SHA1) && !defined(OPENSSL_NO_SHA)
96  if(name == "SHA-160")
97  return MAKE_OPENSSL_HASH(EVP_sha1);
98 #endif
99 
100 #if defined(BOTAN_HAS_RIPEMD_160) && !defined(OPENSSL_NO_RIPEMD)
101  if(name == "RIPEMD-160")
102  return MAKE_OPENSSL_HASH(EVP_ripemd160);
103 #endif
104 
105 #if defined(BOTAN_HAS_MD5) && !defined(OPENSSL_NO_MD5)
106  if(name == "MD5")
107  return MAKE_OPENSSL_HASH(EVP_md5);
108  #endif
109 
110 #if defined(BOTAN_HAS_MD4) && !defined(OPENSSL_NO_MD4)
111  if(name == "MD4")
112  return MAKE_OPENSSL_HASH(EVP_md4);
113 #endif
114 
115  return nullptr;
116  }
#define MAKE_OPENSSL_HASH(fn)
std::unique_ptr<StreamCipher> Botan::make_stream_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Definition at line 75 of file lookup.h.

References Botan::StreamCipher::create_or_throw().

77  {
78  return StreamCipher::create_or_throw(algo_spec, provider);
79  }
uint16_t Botan::make_uint16 ( uint8_t  i0,
uint8_t  i1 
)
inline

Make a uint16_t from two bytes

Parameters
i0the first byte
i1the second byte
Returns
i0 || i1

Definition at line 60 of file loadstor.h.

Referenced by Botan::TLS::TLS_Data_Reader::get_uint16_t(), load_be< uint16_t >(), load_le< uint16_t >(), random_gf2m(), Botan::RTSS_Share::reconstruct(), Botan::TLS::Session_Manager_SQL::Session_Manager_SQL(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data().

61  {
62  return ((static_cast<uint16_t>(i0) << 8) | i1);
63  }
uint32_t Botan::make_uint32 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3 
)
inline

Make a uint32_t from four bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
Returns
i0 || i1 || i2 || i3

Definition at line 73 of file loadstor.h.

Referenced by Botan::TLS::Certificate::Certificate(), Botan::TLS::Certificate_Status::Certificate_Status(), Botan::TLS::Stream_Handshake_IO::get_next_record(), Botan::TLS::TLS_Data_Reader::get_uint32_t(), load_be< uint32_t >(), and load_le< uint32_t >().

74  {
75  return ((static_cast<uint32_t>(i0) << 24) |
76  (static_cast<uint32_t>(i1) << 16) |
77  (static_cast<uint32_t>(i2) << 8) |
78  (static_cast<uint32_t>(i3)));
79  }
uint64_t Botan::make_uint64 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3,
uint8_t  i4,
uint8_t  i5,
uint8_t  i6,
uint8_t  i7 
)
inline

Make a uint32_t from eight bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
i4the fifth byte
i5the sixth byte
i6the seventh byte
i7the eighth byte
Returns
i0 || i1 || i2 || i3 || i4 || i5 || i6 || i7

Definition at line 93 of file loadstor.h.

Referenced by load_be< uint64_t >(), and load_le< uint64_t >().

95  {
96  return ((static_cast<uint64_t>(i0) << 56) |
97  (static_cast<uint64_t>(i1) << 48) |
98  (static_cast<uint64_t>(i2) << 40) |
99  (static_cast<uint64_t>(i3) << 32) |
100  (static_cast<uint64_t>(i4) << 24) |
101  (static_cast<uint64_t>(i5) << 16) |
102  (static_cast<uint64_t>(i6) << 8) |
103  (static_cast<uint64_t>(i7)));
104  }
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if<T>::_Single_object Botan::make_unique ( Args &&...  args)

Definition at line 59 of file stl_compatibility.h.

60  {
61  return std::unique_ptr<T>(new T(std::forward<Args>(args)...));
62  }
template<class T >
stlCompatibilityDetails::_Unique_if<T>::_Unknown_bound Botan::make_unique ( size_t  n)

Definition at line 65 of file stl_compatibility.h.

References type.

66  {
67  typedef typename std::remove_extent<T>::type U;
68  return std::unique_ptr<T>(new U[n]());
69  }
MechanismType type
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if<T>::_Known_bound Botan::make_unique ( Args &&  ...)
delete
template<typename K , typename V >
std::set<K> Botan::map_keys_as_set ( const std::map< K, V > &  kv)

Return the keys of a map as a std::set

Definition at line 34 of file stl_util.h.

35  {
36  std::set<K> s;
37  for(auto&& i : kv)
38  {
39  s.insert(i.first);
40  }
41  return s;
42  }
template<typename T , typename Pred >
void Botan::map_remove_if ( Pred  pred,
T &  assoc 
)

Definition at line 96 of file stl_util.h.

Referenced by Botan::TLS::Channel::activate_session().

97  {
98  auto i = assoc.begin();
99  while(i != assoc.end())
100  {
101  if(pred(i->first))
102  assoc.erase(i++);
103  else
104  i++;
105  }
106  }
secure_vector< uint8_t > BOTAN_DLL Botan::mceies_decrypt ( const McEliece_PrivateKey privkey,
const uint8_t  ct[],
size_t  ct_len,
const uint8_t  ad[],
size_t  ad_len,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and decrypt/authenticate the ciphertext and AD using AES-256 in OCB mode.

Definition at line 70 of file mceies.cpp.

References Botan::PK_KEM_Decryptor::decrypt(), DECRYPTION, get_aead(), and Botan::McEliece_PublicKey::get_code_length().

Referenced by botan_mceies_decrypt().

74  {
75  try
76  {
77  Null_RNG null_rng;
78  PK_KEM_Decryptor kem_op(privkey, null_rng, "KDF1(SHA-512)");
79 
80  const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;
81 
82  std::unique_ptr<AEAD_Mode> aead(get_aead(algo, DECRYPTION));
83  if(!aead)
84  throw Exception("Unable to create AEAD instance '" + algo + "'");
85 
86  const size_t nonce_len = aead->default_nonce_length();
87 
88  if(ct_len < mce_code_bytes + nonce_len + aead->tag_size())
89  throw Exception("Input message too small to be valid");
90 
91  const secure_vector<uint8_t> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64);
92 
93  aead->set_key(aead_key(mce_key, *aead));
94  aead->set_associated_data(ad, ad_len);
95 
96  secure_vector<uint8_t> pt(ct + mce_code_bytes + nonce_len, ct + ct_len);
97 
98  aead->start(&ct[mce_code_bytes], nonce_len);
99  aead->finish(pt, 0);
100  return pt;
101  }
102  catch(Integrity_Failure&)
103  {
104  throw;
105  }
106  catch(std::exception& e)
107  {
108  throw Exception("mce_decrypt failed: " + std::string(e.what()));
109  }
110  }
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
Definition: aead.cpp:41
secure_vector< uint8_t > BOTAN_DLL Botan::mceies_encrypt ( const McEliece_PublicKey pubkey,
const uint8_t  pt[],
size_t  pt_len,
const uint8_t  ad[],
size_t  ad_len,
RandomNumberGenerator rng,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and encrypt/authenticate the plaintext and AD using AES-256 in OCB mode.

Definition at line 33 of file mceies.cpp.

References BOTAN_ASSERT, copy_mem(), Botan::PK_KEM_Encryptor::encrypt(), ENCRYPTION, get_aead(), Botan::McEliece_PublicKey::get_code_length(), and Botan::RandomNumberGenerator::random_vec().

Referenced by botan_mceies_encrypt().

38  {
39  PK_KEM_Encryptor kem_op(pubkey, rng, "KDF1(SHA-512)");
40 
41  secure_vector<uint8_t> mce_ciphertext, mce_key;
42  kem_op.encrypt(mce_ciphertext, mce_key, 64, rng);
43 
44  const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;
45 
46  BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");
47 
48  std::unique_ptr<AEAD_Mode> aead(get_aead(algo, ENCRYPTION));
49  if(!aead)
50  throw Exception("mce_encrypt unable to create AEAD instance '" + algo + "'");
51 
52  const size_t nonce_len = aead->default_nonce_length();
53 
54  aead->set_key(aead_key(mce_key, *aead));
55  aead->set_associated_data(ad, ad_len);
56 
57  const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len);
58 
59  secure_vector<uint8_t> msg(mce_ciphertext.size() + nonce.size() + pt_len);
60  copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size());
61  copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size());
62  copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt, pt_len);
63 
64  aead->start(nonce);
65  aead->finish(msg, mce_ciphertext.size() + nonce.size());
66  return msg;
67  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
Definition: aead.cpp:41
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
void Botan::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  ciphertext,
const McEliece_PrivateKey key 
)

Definition at line 127 of file goppa_code.cpp.

Referenced by Botan::McEliece_PrivateKey::check_key(), and mceliece_decrypt().

131  {
132  mceliece_decrypt(plaintext_out, error_mask_out, ciphertext.data(), ciphertext.size(), key);
133  }
secure_vector< uint8_t > mceliece_decrypt(secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, uint32_t ciphertext_len, const McEliece_PrivateKey &key)
Definition: goppa_code.cpp:163
void Botan::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext,
secure_vector< uint8_t > &  error_mask,
const uint8_t  ciphertext[],
size_t  ciphertext_len,
const McEliece_PrivateKey key 
)

Definition at line 135 of file goppa_code.cpp.

References Botan::McEliece_PublicKey::get_code_length(), and mceliece_decrypt().

141  {
142  secure_vector<gf2m> error_pos;
143  plaintext = mceliece_decrypt(error_pos, ciphertext, ciphertext_len, key);
144 
145  const size_t code_length = key.get_code_length();
146  secure_vector<uint8_t> result((code_length+7)/8);
147  for(auto&& pos : error_pos)
148  {
149  if(pos > code_length)
150  {
151  throw Invalid_Argument("error position larger than code size");
152  }
153  result[pos / 8] |= (1 << (pos % 8));
154  }
155 
156  error_mask = result;
157  }
secure_vector< uint8_t > mceliece_decrypt(secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, uint32_t ciphertext_len, const McEliece_PrivateKey &key)
Definition: goppa_code.cpp:163
uint32_t code_length
secure_vector< uint8_t > Botan::mceliece_decrypt ( secure_vector< gf2m > &  error_pos,
const uint8_t *  ciphertext,
uint32_t  ciphertext_len,
const McEliece_PrivateKey key 
)

p_err_pos_len must point to the available length of error_pos on input, the function will set it to the actual number of errors returned in the error_pos array

Definition at line 163 of file goppa_code.cpp.

References bit_size_to_32bit_size(), bit_size_to_byte_size(), copy_mem(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PrivateKey::get_codimension(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PrivateKey::get_dimension(), Botan::McEliece_PrivateKey::get_goppa_polyn(), Botan::McEliece_PrivateKey::get_H_coeffs(), Botan::McEliece_PrivateKey::get_Linv(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::polyn_gf2m::get_sp_field(), and Botan::McEliece_PrivateKey::get_sqrtmod().

167  {
168 
169  uint32_t dimension = key.get_dimension();
170  uint32_t codimension = key.get_codimension();
171  uint32_t t = key.get_goppa_polyn().get_degree();
172  polyn_gf2m syndrome_polyn(key.get_goppa_polyn().get_sp_field()); // init as zero polyn
173  const unsigned unused_pt_bits = dimension % 8;
174  const uint8_t unused_pt_bits_mask = (1 << unused_pt_bits) - 1;
175 
176  if(ciphertext_len != (key.get_code_length()+7)/8)
177  {
178  throw Invalid_Argument("wrong size of McEliece ciphertext");
179  }
180  uint32_t cleartext_len = (key.get_message_word_bit_length()+7)/8;
181 
182  if(cleartext_len != bit_size_to_byte_size(dimension))
183  {
184  throw Invalid_Argument("mce-decryption: wrong length of cleartext buffer");
185  }
186 
187  secure_vector<uint32_t> syndrome_vec(bit_size_to_32bit_size(codimension));
188  matrix_arr_mul(key.get_H_coeffs(),
189  key.get_code_length(),
190  bit_size_to_32bit_size(codimension),
191  ciphertext,
192  syndrome_vec.data(), syndrome_vec.size());
193 
194  secure_vector<uint8_t> syndrome_byte_vec(bit_size_to_byte_size(codimension));
195  uint32_t syndrome_byte_vec_size = syndrome_byte_vec.size();
196  for(uint32_t i = 0; i < syndrome_byte_vec_size; i++)
197  {
198  syndrome_byte_vec[i] = syndrome_vec[i/4] >> (8* (i % 4));
199  }
200 
201  syndrome_polyn = polyn_gf2m(t-1, syndrome_byte_vec.data(), bit_size_to_byte_size(codimension), key.get_goppa_polyn().get_sp_field());
202 
203  syndrome_polyn.get_degree();
204  error_pos = goppa_decode(syndrome_polyn, key.get_goppa_polyn(), key.get_sqrtmod(), key.get_Linv());
205 
206  uint32_t nb_err = error_pos.size();
207 
208  secure_vector<uint8_t> cleartext(cleartext_len);
209  copy_mem(cleartext.data(), ciphertext, cleartext_len);
210 
211  for(uint32_t i = 0; i < nb_err; i++)
212  {
213  gf2m current = error_pos[i];
214 
215  if(current >= cleartext_len * 8)
216  {
217  // an invalid position, this shouldn't happen
218  continue;
219  }
220  cleartext[current / 8] ^= (1 << (current % 8));
221  }
222 
223  if(unused_pt_bits)
224  {
225  cleartext[cleartext_len - 1] &= unused_pt_bits_mask;
226  }
227 
228  return cleartext;
229  }
uint32_t bit_size_to_32bit_size(uint32_t bit_size)
uint32_t bit_size_to_byte_size(uint32_t bit_size)
uint16_t gf2m
Definition: gf2m_small_m.h:20
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
void Botan::mceliece_encrypt ( secure_vector< uint8_t > &  ciphertext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  plaintext,
const McEliece_PublicKey key,
RandomNumberGenerator rng 
)

Definition at line 118 of file mceliece.cpp.

References Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PublicKey::get_public_matrix(), and Botan::McEliece_PublicKey::get_t().

Referenced by Botan::McEliece_PrivateKey::check_key().

123  {
124  secure_vector<uint8_t> error_mask = create_random_error_vector(key.get_code_length(), key.get_t(), rng);
125 
126  secure_vector<uint8_t> ciphertext = mult_by_pubkey(plaintext, key.get_public_matrix(),
127  key.get_code_length(), key.get_t());
128 
129  ciphertext ^= error_mask;
130 
131  ciphertext_out.swap(ciphertext);
132  error_mask_out.swap(error_mask);
133  }
BOTAN_DLL size_t Botan::mceliece_work_factor ( size_t  code_size,
size_t  t 
)

Estimate work factor for McEliece

Returns
estimated security level for these key parameters

Definition at line 95 of file mce_workfactor.cpp.

References ceil_log2(), and Botan::CT::min().

Referenced by Botan::McEliece_PublicKey::estimated_strength().

96  {
97  const size_t k = n - ceil_log2(n) * t;
98 
99  double min = cout_total(n, k, t, 0, 0); // correspond a p=1
100  for(size_t p = 0; p != t / 2; ++p)
101  {
102  double lwf = best_wf(n, k + 1, t, p);
103  if(lwf < 0)
104  break;
105 
106  min = std::min(min, lwf);
107  }
108 
109  return min;
110  }
size_t ceil_log2(T x)
Definition: bit_ops.h:106
T min(T a, T b)
Definition: ct_utils.h:180
void BOTAN_DLL Botan::mgf1_mask ( HashFunction hash,
const uint8_t  in[],
size_t  in_len,
uint8_t  out[],
size_t  out_len 
)

MGF1 from PKCS #1 v2.0

Parameters
hashhash function to use
ininput buffer
in_lensize of the input buffer in bytes
outoutput buffer
out_lensize of the output buffer in bytes

Definition at line 14 of file mgf1.cpp.

References Botan::Buffered_Computation::final(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().

17  {
18  uint32_t counter = 0;
19 
20  while(out_len)
21  {
22  hash.update(in, in_len);
23  hash.update_be(counter);
24  secure_vector<uint8_t> buffer = hash.final();
25 
26  size_t xored = std::min<size_t>(buffer.size(), out_len);
27  xor_buf(out, buffer.data(), xored);
28  out += xored;
29  out_len -= xored;
30 
31  ++counter;
32  }
33  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
MechanismType hash
word BOTAN_DLL Botan::monty_inverse ( word  input)

Definition at line 325 of file numthry.cpp.

References bigint_divop(), BOTAN_ASSERT_EQUAL, and MP_WORD_MAX.

Referenced by Botan::Montgomery_Exponentiator::Montgomery_Exponentiator().

326  {
327  if(input == 0)
328  throw Exception("monty_inverse: divide by zero");
329 
330  word b = input;
331  word x2 = 1, x1 = 0, y2 = 0, y1 = 1;
332 
333  // First iteration, a = n+1
334  word q = bigint_divop(1, 0, b);
335  word r = (MP_WORD_MAX - q*b) + 1;
336  word x = x2 - q*x1;
337  word y = y2 - q*y1;
338 
339  word a = b;
340  b = r;
341  x2 = x1;
342  x1 = x;
343  y2 = y1;
344  y1 = y;
345 
346  while(b > 0)
347  {
348  q = a / b;
349  r = a - q*b;
350  x = x2 - q*x1;
351  y = y2 - q*y1;
352 
353  a = b;
354  b = r;
355  x2 = x1;
356  x1 = x;
357  y2 = y1;
358  y1 = y;
359  }
360 
361  const word check = y2 * input;
362  BOTAN_ASSERT_EQUAL(check, 1, "monty_inverse result is inverse of input");
363 
364  // Now invert in addition space
365  y2 = (MP_WORD_MAX - y2) + 1;
366 
367  return y2;
368  }
word bigint_divop(word n1, word n0, word d)
Definition: mp_core.cpp:404
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53
const word MP_WORD_MAX
Definition: mp_types.h:29
void Botan::mul64x64_128 ( uint64_t  a,
uint64_t  b,
uint64_t *  lo,
uint64_t *  hi 
)
inline

Perform a 64x64->128 bit multiplication

Definition at line 83 of file mul128.h.

Referenced by operator*(), word_madd2(), and word_madd3().

84  {
85 #if defined(BOTAN_FAST_64X64_MUL)
86  BOTAN_FAST_64X64_MUL(a, b, lo, hi);
87 #else
88 
89  /*
90  * Do a 64x64->128 multiply using four 32x32->64 multiplies plus
91  * some adds and shifts. Last resort for CPUs like UltraSPARC (with
92  * 64-bit registers/ALU, but no 64x64->128 multiply) or 32-bit CPUs.
93  */
94  const size_t HWORD_BITS = 32;
95  const uint32_t HWORD_MASK = 0xFFFFFFFF;
96 
97  const uint32_t a_hi = (a >> HWORD_BITS);
98  const uint32_t a_lo = (a & HWORD_MASK);
99  const uint32_t b_hi = (b >> HWORD_BITS);
100  const uint32_t b_lo = (b & HWORD_MASK);
101 
102  uint64_t x0 = static_cast<uint64_t>(a_hi) * b_hi;
103  uint64_t x1 = static_cast<uint64_t>(a_lo) * b_hi;
104  uint64_t x2 = static_cast<uint64_t>(a_hi) * b_lo;
105  uint64_t x3 = static_cast<uint64_t>(a_lo) * b_lo;
106 
107  // this cannot overflow as (2^32-1)^2 + 2^32-1 < 2^64-1
108  x2 += x3 >> HWORD_BITS;
109 
110  // this one can overflow
111  x2 += x1;
112 
113  // propagate the carry if any
114  x0 += static_cast<uint64_t>(static_cast<bool>(x2 < x1)) << HWORD_BITS;
115 
116  *hi = x0 + (x2 >> HWORD_BITS);
117  *lo = ((x2 & HWORD_MASK) << HWORD_BITS) + (x3 & HWORD_MASK);
118 #endif
119  }
BigInt BOTAN_DLL Botan::mul_add ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused multiply-add

Parameters
aan integer
ban integer
can integer
Returns
(a*b)+c

Definition at line 35 of file mp_numth.cpp.

References bigint_add2(), bigint_mul(), Botan::BigInt::data(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::CT::max(), Botan::BigInt::mutable_data(), Botan::BigInt::Negative, Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::size().

36  {
37  if(c.is_negative() || c.is_zero())
38  throw Invalid_Argument("mul_add: Third argument must be > 0");
39 
40  BigInt::Sign sign = BigInt::Positive;
41  if(a.sign() != b.sign())
42  sign = BigInt::Negative;
43 
44  BigInt r(sign, std::max(a.size() + b.size(), c.sig_words()) + 1);
45  secure_vector<word> workspace(r.size());
46 
47  bigint_mul(r, a, b, workspace.data());
48 
49  const size_t r_size = std::max(r.sig_words(), c.sig_words());
50  bigint_add2(r.mutable_data(), r_size, c.data(), c.sig_words());
51  return r;
52  }
T max(T a, T b)
Definition: ct_utils.h:173
void bigint_add2(word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:138
void bigint_mul(BigInt &z, const BigInt &x, const BigInt &y, word workspace[])
Definition: mp_karat.cpp:252
BigInt BOTAN_DLL Botan::mul_sub ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused multiply-subtract

Parameters
aan integer
ban integer
can integer
Returns
(a*b)-c

Definition at line 71 of file mp_numth.cpp.

References Botan::BigInt::is_negative(), and Botan::BigInt::is_zero().

72  {
73  if(c.is_negative() || c.is_zero())
74  throw Invalid_Argument("mul_sub: Third argument must be > 0");
75 
76  BigInt r = a;
77  r *= b;
78  r -= c;
79  return r;
80  }
PointGFp Botan::multi_exponentiate ( const PointGFp p1,
const BigInt z1,
const PointGFp p2,
const BigInt z2 
)

Multiexponentiation

Parameters
p1a point
z1a scalar
p2a point
z2a scalar
Returns
(p1 * z1 + p2 * z2)

Definition at line 248 of file point_gfp.cpp.

References Botan::BigInt::bits(), Botan::BigInt::get_bit(), Botan::PointGFp::get_curve(), Botan::BigInt::is_negative(), and Botan::CT::max().

250  {
251  const PointGFp p3 = p1 + p2;
252 
253  PointGFp H(p1.get_curve()); // create as zero
254  size_t bits_left = std::max(z1.bits(), z2.bits());
255 
256  std::vector<BigInt> ws(9);
257 
258  while(bits_left)
259  {
260  H.mult2(ws);
261 
262  const bool z1_b = z1.get_bit(bits_left - 1);
263  const bool z2_b = z2.get_bit(bits_left - 1);
264 
265  if(z1_b == true && z2_b == true)
266  H.add(p3, ws);
267  else if(z1_b)
268  H.add(p1, ws);
269  else if(z2_b)
270  H.add(p2, ws);
271 
272  --bits_left;
273  }
274 
275  if(z1.is_negative() != z2.is_negative())
276  H.negate();
277 
278  return H;
279  }
T max(T a, T b)
Definition: ct_utils.h:173
template<typename K , typename V >
void Botan::multimap_insert ( std::multimap< K, V > &  multimap,
const K &  key,
const V &  value 
)
void BOTAN_DLL Botan::newhope_keygen ( uint8_t *  send,
poly sk,
RandomNumberGenerator rng,
Newhope_Mode  mode 
)

Definition at line 703 of file newhope.cpp.

References NEWHOPE_SEED_BYTES, and Botan::RandomNumberGenerator::randomize().

Referenced by CECPQ1_offer().

705 {
706  poly a, e, r, pk;
707  uint8_t seed[NEWHOPE_SEED_BYTES];
708 
709  rng.randomize(seed, NEWHOPE_SEED_BYTES);
710 
711  gen_a(&a, seed, mode);
712 
713  poly_getnoise(rng, sk);
714  poly_ntt(sk);
715 
716  poly_getnoise(rng, &e);
717  poly_ntt(&e);
718 
719  poly_pointwise(&r,sk,&a);
720  poly_add(&pk,&e,&r);
721 
722  encode_a(send, &pk, seed);
723 }
#define NEWHOPE_SEED_BYTES
Definition: newhope.cpp:26
newhope_poly poly
Definition: newhope.cpp:19
void BOTAN_DLL Botan::newhope_shareda ( uint8_t *  sharedkey,
const poly sk,
const uint8_t *  received,
Newhope_Mode  mode 
)

Definition at line 766 of file newhope.cpp.

References Botan::HashFunction::create(), hash, and SHA3.

Referenced by CECPQ1_finish().

768 {
769  poly v,bp, c;
770 
771  decode_b(&bp, &c, received);
772 
773  poly_pointwise(&v,sk,&bp);
774  poly_invntt(&v);
775 
776  rec(sharedkey, &v, &c);
777 
778  std::unique_ptr<HashFunction> hash(HashFunction::create(
779  (mode == Newhope_Mode::SHA3) ? "SHA-3(256)" : "SHA-256"));
780 
781  if(!hash)
782  throw Exception("NewHope hash function not available");
783 
784  hash->update(sharedkey, 32);
785  hash->final(sharedkey);
786 }
newhope_poly poly
Definition: newhope.cpp:19
MechanismType hash
void BOTAN_DLL Botan::newhope_sharedb ( uint8_t *  sharedkey,
uint8_t *  send,
const uint8_t *  received,
RandomNumberGenerator rng,
Newhope_Mode  mode 
)

Definition at line 725 of file newhope.cpp.

References Botan::HashFunction::create(), hash, NEWHOPE_SEED_BYTES, and SHA3.

Referenced by CECPQ1_accept().

728 {
729  poly sp, ep, v, a, pka, c, epp, bp;
730  uint8_t seed[NEWHOPE_SEED_BYTES];
731 
732  decode_a(&pka, seed, received);
733  gen_a(&a, seed, mode);
734 
735  poly_getnoise(rng, &sp);
736  poly_ntt(&sp);
737  poly_getnoise(rng, &ep);
738  poly_ntt(&ep);
739 
740  poly_pointwise(&bp, &a, &sp);
741  poly_add(&bp, &bp, &ep);
742 
743  poly_pointwise(&v, &pka, &sp);
744  poly_invntt(&v);
745 
746  poly_getnoise(rng, &epp);
747  poly_add(&v, &v, &epp);
748 
749  helprec(&c, &v, rng);
750 
751  encode_b(send, &bp, &c);
752 
753  rec(sharedkey, &v, &c);
754 
755  std::unique_ptr<HashFunction> hash(HashFunction::create(
756  (mode == Newhope_Mode::SHA3) ? "SHA-3(256)" : "SHA-256"));
757 
758  if(!hash)
759  throw Exception("NewHope hash function not available");
760 
761  hash->update(sharedkey, 32);
762  hash->final(sharedkey);
763 }
#define NEWHOPE_SEED_BYTES
Definition: newhope.cpp:26
newhope_poly poly
Definition: newhope.cpp:19
MechanismType hash
BigInt BOTAN_DLL Botan::normalized_montgomery_inverse ( const BigInt a,
const BigInt b 
)

Call almost_montgomery_inverse and correct the result to a^-1 mod b

Definition at line 138 of file numthry.cpp.

References almost_montgomery_inverse(), and Botan::BigInt::is_odd().

139  {
140  BigInt r;
141  size_t k = almost_montgomery_inverse(r, a, p);
142 
143  for(size_t i = 0; i != k; ++i)
144  {
145  if(r.is_odd())
146  r += p;
147  r >>= 1;
148  }
149 
150  return r;
151  }
size_t almost_montgomery_inverse(BigInt &result, const BigInt &a, const BigInt &p)
Definition: numthry.cpp:90
BOTAN_DLL bool Botan::operator!= ( const CRL_Entry ,
const CRL_Entry  
)

Test two CRL entries for inequality in at least one field.

Definition at line 55 of file crl_ent.cpp.

56  {
57  return !(a1 == a2);
58  }
bool BOTAN_DLL Botan::operator!= ( const AlgorithmIdentifier a1,
const AlgorithmIdentifier a2 
)

Definition at line 82 of file alg_id.cpp.

83  {
84  return !(a1 == a2);
85  }
bool BOTAN_DLL Botan::operator!= ( const OID a,
const OID b 
)

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is not equal to b

Definition at line 97 of file asn1_oid.cpp.

98  {
99  return !(a == b);
100  }
BOTAN_DLL bool Botan::operator!= ( const OctetString x,
const OctetString y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is not equal to y

Definition at line 103 of file symkey.cpp.

104  {
105  return !(s1 == s2);
106  }
template<typename T , typename U >
bool Botan::operator!= ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

Definition at line 118 of file secmem.h.

119  { return false; }
bool Botan::operator!= ( const EC_Group lhs,
const EC_Group rhs 
)
inline

Definition at line 144 of file ec_group.h.

146  {
147  return !(lhs == rhs);
148  }
bool BOTAN_DLL Botan::operator!= ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 164 of file x509_dn.cpp.

165  {
166  return !(dn1 == dn2);
167  }
bool Botan::operator!= ( const CurveGFp lhs,
const CurveGFp rhs 
)
inline

Definition at line 165 of file curve_gfp.h.

166  {
167  return !(lhs == rhs);
168  }
bool Botan::operator!= ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 248 of file point_gfp.h.

249  {
250  return !(rhs == lhs);
251  }
bool BOTAN_DLL Botan::operator!= ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 263 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

264  { return (t1.cmp(t2) != 0); }
BOTAN_DLL bool Botan::operator!= ( const X509_Certificate cert1,
const X509_Certificate cert2 
)

Check two certificates for inequality

Parameters
cert1The first certificate
cert2The second certificate
Returns
true if the arguments represent different certificates, false if they are binary identical

Definition at line 535 of file x509cert.cpp.

536  {
537  return !(cert1 == cert2);
538  }
bool Botan::operator!= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 600 of file bigint.h.

References Botan::BigInt::cmp().

601  { return (a.cmp(b) != 0); }
BigInt BOTAN_DLL Botan::operator% ( const BigInt n,
const BigInt mod 
)

Definition at line 118 of file big_ops3.cpp.

References divide(), Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), and Botan::BigInt::is_zero().

119  {
120  if(mod.is_zero())
121  throw BigInt::DivideByZero();
122  if(mod.is_negative())
123  throw Invalid_Argument("BigInt::operator%: modulus must be > 0");
124  if(n.is_positive() && mod.is_positive() && n < mod)
125  return n;
126 
127  BigInt q, r;
128  divide(n, mod, q, r);
129  return r;
130  }
void divide(const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
Definition: divide.cpp:58
word BOTAN_DLL Botan::operator% ( const BigInt n,
word  mod 
)

Definition at line 135 of file big_ops3.cpp.

References bigint_modop(), is_power_of_2(), Botan::BigInt::Negative, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::word_at().

136  {
137  if(mod == 0)
138  throw BigInt::DivideByZero();
139 
140  if(is_power_of_2(mod))
141  return (n.word_at(0) & (mod - 1));
142 
143  word remainder = 0;
144 
145  for(size_t j = n.sig_words(); j > 0; --j)
146  remainder = bigint_modop(remainder, n.word_at(j-1), mod);
147 
148  if(remainder && n.sign() == BigInt::Negative)
149  return mod - remainder;
150  return remainder;
151  }
word bigint_modop(word n1, word n0, word d)
Definition: mp_core.cpp:432
bool is_power_of_2(T arg)
Definition: bit_ops.h:25
ECIES_Flags Botan::operator& ( ECIES_Flags  a,
ECIES_Flags  b 
)
inline

Definition at line 50 of file ecies.h.

51  {
52  return static_cast<ECIES_Flags>(static_cast<uint32_t>(a) & static_cast<uint32_t>(b));
53  }
ECIES_Flags
Definition: ecies.h:28
donna128 Botan::operator* ( const donna128 x,
uint64_t  y 
)
inline

Definition at line 80 of file donna128.h.

References BOTAN_ASSERT, Botan::donna128::hi(), Botan::donna128::lo(), and mul64x64_128().

81  {
82  BOTAN_ASSERT(x.hi() == 0, "High 64 bits of donna128 set to zero during multiply");
83 
84  uint64_t lo = 0, hi = 0;
85  mul64x64_128(x.lo(), y, &lo, &hi);
86  return donna128(lo, hi);
87  }
void mul64x64_128(uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
Definition: mul128.h:83
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
BigInt BOTAN_DLL Botan::operator* ( const BigInt x,
const BigInt y 
)

Definition at line 84 of file big_ops3.cpp.

References bigint_linmul3(), bigint_mul(), Botan::BigInt::data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::size(), and Botan::BigInt::word_at().

85  {
86  const size_t x_sw = x.sig_words(), y_sw = y.sig_words();
87 
88  BigInt z(BigInt::Positive, x.size() + y.size());
89 
90  if(x_sw == 1 && y_sw)
91  bigint_linmul3(z.mutable_data(), y.data(), y_sw, x.word_at(0));
92  else if(y_sw == 1 && x_sw)
93  bigint_linmul3(z.mutable_data(), x.data(), x_sw, y.word_at(0));
94  else if(x_sw && y_sw)
95  {
96  secure_vector<word> workspace(z.size());
97  bigint_mul(z, x, y, workspace.data());
98  }
99 
100  if(x_sw && y_sw && x.sign() != y.sign())
101  z.flip_sign();
102  return z;
103  }
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition: mp_core.cpp:240
void bigint_mul(BigInt &z, const BigInt &x, const BigInt &y, word workspace[])
Definition: mp_karat.cpp:252
PointGFp Botan::operator* ( const PointGFp point,
const BigInt scalar 
)
inline

Definition at line 271 of file point_gfp.h.

272  {
273  return scalar * point;
274  }
PointGFp Botan::operator* ( const BigInt scalar,
const PointGFp point 
)

Multiplication Operator

Parameters
scalarthe scalar value
pointthe point value
Returns
scalar*point on the curve

Definition at line 281 of file point_gfp.cpp.

References Botan::BigInt::bits(), Botan::BigInt::get_bit(), Botan::PointGFp::get_curve(), and Botan::BigInt::is_negative().

282  {
283  //BOTAN_ASSERT(point.on_the_curve(), "Input is on the curve");
284 
285  const CurveGFp& curve = point.get_curve();
286 
287  const size_t scalar_bits = scalar.bits();
288 
289  std::vector<BigInt> ws(9);
290 
291  PointGFp R[2] = { PointGFp(curve), point };
292 
293  for(size_t i = scalar_bits; i > 0; i--)
294  {
295  const size_t b = scalar.get_bit(i - 1);
296  R[b ^ 1].add(R[b], ws);
297  R[b].mult2(ws);
298  }
299 
300  if(scalar.is_negative())
301  R[0].negate();
302 
303  //BOTAN_ASSERT(R[0].on_the_curve(), "Output is on the curve");
304 
305  return R[0];
306  }
BigInt BOTAN_DLL Botan::operator+ ( const BigInt x,
const BigInt y 
)

Definition at line 20 of file big_ops3.cpp.

References bigint_add3(), bigint_cmp(), bigint_sub3(), Botan::BigInt::data(), Botan::CT::max(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), and Botan::BigInt::sign().

21  {
22  const size_t x_sw = x.sig_words(), y_sw = y.sig_words();
23 
24  BigInt z(x.sign(), std::max(x_sw, y_sw) + 1);
25 
26  if((x.sign() == y.sign()))
27  bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
28  else
29  {
30  int32_t relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);
31 
32  if(relative_size < 0)
33  {
34  bigint_sub3(z.mutable_data(), y.data(), y_sw, x.data(), x_sw);
35  z.set_sign(y.sign());
36  }
37  else if(relative_size == 0)
38  z.set_sign(BigInt::Positive);
39  else if(relative_size > 0)
40  bigint_sub3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
41  }
42 
43  return z;
44  }
int32_t bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:378
word bigint_sub3(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:198
T max(T a, T b)
Definition: ct_utils.h:173
void bigint_add3(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:147
OID BOTAN_DLL Botan::operator+ ( const OID oid,
uint32_t  new_comp 
)

Append another component onto the OID.

Parameters
oidthe OID to add the new component to
new_compthe new component to add

Definition at line 87 of file asn1_oid.cpp.

88  {
89  OID new_oid(oid);
90  new_oid += component;
91  return new_oid;
92  }
donna128 Botan::operator+ ( const donna128 x,
const donna128 y 
)
inline

Definition at line 89 of file donna128.h.

90  {
91  donna128 z = x;
92  z += y;
93  return z;
94  }
donna128 Botan::operator+ ( const donna128 x,
uint64_t  y 
)
inline

Definition at line 96 of file donna128.h.

97  {
98  donna128 z = x;
99  z += y;
100  return z;
101  }
BOTAN_DLL OctetString Botan::operator+ ( const OctetString x,
const OctetString y 
)

Concatenate two strings

Parameters
xan octet string
yan octet string
Returns
x concatenated with y

Definition at line 111 of file symkey.cpp.

References Botan::OctetString::bits_of().

112  {
113  secure_vector<uint8_t> out;
114  out += k1.bits_of();
115  out += k2.bits_of();
116  return OctetString(out);
117  }
PointGFp Botan::operator+ ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 259 of file point_gfp.h.

260  {
261  PointGFp tmp(lhs);
262  return tmp += rhs;
263  }
template<typename T , typename Alloc , typename Alloc2 >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

Definition at line 161 of file secmem.h.

References copy_mem().

163  {
164  const size_t copy_offset = out.size();
165  out.resize(out.size() + in.size());
166  if (in.size() > 0)
167  {
168  copy_mem(&out[copy_offset], in.data(), in.size());
169  }
170  return out;
171  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
template<typename T , typename Alloc >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
in 
)

Definition at line 174 of file secmem.h.

175  {
176  out.push_back(in);
177  return out;
178  }
template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< const T *, L > &  in 
)

Definition at line 181 of file secmem.h.

References copy_mem().

183  {
184  const size_t copy_offset = out.size();
185  out.resize(out.size() + in.second);
186  if (in.second > 0)
187  {
188  copy_mem(&out[copy_offset], in.first, in.second);
189  }
190  return out;
191  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< T *, L > &  in 
)

Definition at line 194 of file secmem.h.

References copy_mem().

196  {
197  const size_t copy_offset = out.size();
198  out.resize(out.size() + in.second);
199  if (in.second > 0)
200  {
201  copy_mem(&out[copy_offset], in.first, in.second);
202  }
203  return out;
204  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
BigInt BOTAN_DLL Botan::operator- ( const BigInt x,
const BigInt y 
)

Definition at line 49 of file big_ops3.cpp.

References bigint_add3(), bigint_cmp(), bigint_shl2(), bigint_sub3(), Botan::BigInt::data(), Botan::CT::max(), Botan::BigInt::Positive, Botan::BigInt::reverse_sign(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

50  {
51  const size_t x_sw = x.sig_words(), y_sw = y.sig_words();
52 
53  int32_t relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);
54 
55  BigInt z(BigInt::Positive, std::max(x_sw, y_sw) + 1);
56 
57  if(relative_size < 0)
58  {
59  if(x.sign() == y.sign())
60  bigint_sub3(z.mutable_data(), y.data(), y_sw, x.data(), x_sw);
61  else
62  bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
63  z.set_sign(y.reverse_sign());
64  }
65  else if(relative_size == 0)
66  {
67  if(x.sign() != y.sign())
68  bigint_shl2(z.mutable_data(), x.data(), x_sw, 0, 1);
69  }
70  else if(relative_size > 0)
71  {
72  if(x.sign() == y.sign())
73  bigint_sub3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
74  else
75  bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
76  z.set_sign(x.sign());
77  }
78  return z;
79  }
int32_t bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:378
word bigint_sub3(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:198
T max(T a, T b)
Definition: ct_utils.h:173
void bigint_shl2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:336
void bigint_add3(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:147
PointGFp Botan::operator- ( const PointGFp lhs)
inline

Definition at line 254 of file point_gfp.h.

References Botan::PointGFp::negate().

255  {
256  return PointGFp(lhs).negate();
257  }
PointGFp Botan::operator- ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 265 of file point_gfp.h.

266  {
267  PointGFp tmp(lhs);
268  return tmp -= rhs;
269  }
BigInt BOTAN_DLL Botan::operator/ ( const BigInt x,
const BigInt y 
)

Definition at line 108 of file big_ops3.cpp.

References divide().

109  {
110  BigInt q, r;
111  divide(x, y, q, r);
112  return q;
113  }
void divide(const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
Definition: divide.cpp:58
bool BOTAN_DLL Botan::operator< ( const OID a,
const OID b 
)

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is lexicographically smaller than b

Definition at line 105 of file asn1_oid.cpp.

References Botan::OID::get_id().

106  {
107  const std::vector<uint32_t>& oid1 = a.get_id();
108  const std::vector<uint32_t>& oid2 = b.get_id();
109 
110  if(oid1.size() < oid2.size())
111  return true;
112  if(oid1.size() > oid2.size())
113  return false;
114  for(size_t i = 0; i != oid1.size(); ++i)
115  {
116  if(oid1[i] < oid2[i])
117  return true;
118  if(oid1[i] > oid2[i])
119  return false;
120  }
121  return false;
122  }
bool BOTAN_DLL Botan::operator< ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 172 of file x509_dn.cpp.

References Botan::X509_DN::get_attributes().

173  {
174  auto attr1 = dn1.get_attributes();
175  auto attr2 = dn2.get_attributes();
176 
177  if(attr1.size() < attr2.size()) return true;
178  if(attr1.size() > attr2.size()) return false;
179 
180  for(auto p1 = attr1.begin(); p1 != attr1.end(); ++p1)
181  {
182  auto p2 = attr2.find(p1->first);
183  if(p2 == attr2.end()) return false;
184  if(p1->second > p2->second) return false;
185  if(p1->second < p2->second) return true;
186  }
187  return false;
188  }
bool BOTAN_DLL Botan::operator< ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 271 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

272  { return (t1.cmp(t2) < 0); }
bool Botan::operator< ( const BigInt a,
const BigInt b 
)
inline

Definition at line 606 of file bigint.h.

References Botan::BigInt::cmp().

607  { return (a.cmp(b) < 0); }
BOTAN_DLL std::ostream & Botan::operator<< ( std::ostream &  stream,
const BigInt n 
)

Definition at line 16 of file big_io.cpp.

References Botan::BigInt::Decimal, Botan::BigInt::encode(), and Botan::BigInt::Hexadecimal.

17  {
18  BigInt::Base base = BigInt::Decimal;
19  if(stream.flags() & std::ios::hex)
20  base = BigInt::Hexadecimal;
21  else if(stream.flags() & std::ios::oct)
22  throw Exception("Octal output of BigInt not supported");
23 
24  if(n == 0)
25  stream.write("0", 1);
26  else
27  {
28  if(n < 0)
29  stream.write("-", 1);
30  const std::vector<uint8_t> buffer = BigInt::encode(n, base);
31  size_t skip = 0;
32  while(skip < buffer.size() && buffer[skip] == '0')
33  ++skip;
34  stream.write(reinterpret_cast<const char*>(buffer.data()) + skip,
35  buffer.size() - skip);
36  }
37  if(!stream.good())
38  throw Stream_IO_Error("BigInt output operator has failed");
39  return stream;
40  }
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
int BOTAN_DLL Botan::operator<< ( int  out,
Pipe pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters
outfile descriptor for an open output stream
pipethe pipe

Definition at line 17 of file fd_unix.cpp.

References Botan::Pipe::read(), and Botan::Pipe::remaining().

18  {
19  secure_vector<uint8_t> buffer(DEFAULT_BUFFERSIZE);
20  while(pipe.remaining())
21  {
22  size_t got = pipe.read(buffer.data(), buffer.size());
23  size_t position = 0;
24  while(got)
25  {
26  ssize_t ret = write(fd, &buffer[position], got);
27  if(ret == -1)
28  throw Stream_IO_Error("Pipe output operator (unixfd) has failed");
29  position += ret;
30  got -= ret;
31  }
32  }
33  return fd;
34  }
BigInt BOTAN_DLL Botan::operator<< ( const BigInt x,
size_t  shift 
)

Definition at line 156 of file big_ops3.cpp.

References bigint_shl2(), Botan::BigInt::data(), MP_WORD_BITS, Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

157  {
158  if(shift == 0)
159  return x;
160 
161  const size_t shift_words = shift / MP_WORD_BITS,
162  shift_bits = shift % MP_WORD_BITS;
163 
164  const size_t x_sw = x.sig_words();
165 
166  BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0));
167  bigint_shl2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
168  return y;
169  }
void bigint_shl2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:336
const size_t MP_WORD_BITS
Definition: mp_core.h:21
std::ostream & Botan::operator<< ( std::ostream &  os,
const GeneralName gn 
)

Definition at line 225 of file name_constraint.cpp.

References Botan::GeneralName::name(), and Botan::GeneralName::type().

226  {
227  os << gn.type() << ":" << gn.name();
228  return os;
229  }
std::ostream & Botan::operator<< ( std::ostream &  os,
const GeneralSubtree gs 
)

Definition at line 268 of file name_constraint.cpp.

References Botan::GeneralSubtree::base(), Botan::GeneralSubtree::maximum(), and Botan::GeneralSubtree::minimum().

269  {
270  os << gs.minimum() << "," << gs.maximum() << "," << gs.base();
271  return os;
272  }
BOTAN_DLL std::ostream & Botan::operator<< ( std::ostream &  out,
const X509_DN dn 
)

Definition at line 299 of file x509_dn.cpp.

References Botan::X509_DN::contents().

300  {
301  std::multimap<std::string, std::string> contents = dn.contents();
302 
303  for(std::multimap<std::string, std::string>::const_iterator i = contents.begin();
304  i != contents.end(); ++i)
305  {
306  out << to_short_form(i->first) << "=\"";
307  for(char c: i->second)
308  {
309  if(c == '\\' || c == '\"')
310  {
311  out << "\\";
312  }
313  out << c;
314  }
315  out << "\"";
316 
317  if(std::next(i) != contents.end())
318  {
319  out << ",";
320  }
321  }
322  return out;
323  }
std::ostream & Botan::operator<< ( std::ostream &  out,
Pipe pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters
outan output stream
pipethe pipe

Definition at line 16 of file pipe_io.cpp.

References Botan::Pipe::read(), and Botan::Pipe::remaining().

17  {
18  secure_vector<uint8_t> buffer(DEFAULT_BUFFERSIZE);
19  while(stream.good() && pipe.remaining())
20  {
21  size_t got = pipe.read(buffer.data(), buffer.size());
22  stream.write(reinterpret_cast<const char*>(buffer.data()), got);
23  }
24  if(!stream.good())
25  throw Stream_IO_Error("Pipe output operator (iostream) has failed");
26  return stream;
27  }
bool BOTAN_DLL Botan::operator<= ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 266 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

267  { return (t1.cmp(t2) <= 0); }
bool Botan::operator<= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 602 of file bigint.h.

References Botan::BigInt::cmp().

603  { return (a.cmp(b) <= 0); }
BOTAN_DLL bool Botan::operator== ( const CRL_Entry ,
const CRL_Entry  
)

Test two CRL entries for equality in all fields.

Definition at line 41 of file crl_ent.cpp.

References Botan::CRL_Entry::expire_time(), Botan::CRL_Entry::reason_code(), and Botan::CRL_Entry::serial_number().

42  {
43  if(a1.serial_number() != a2.serial_number())
44  return false;
45  if(a1.expire_time() != a2.expire_time())
46  return false;
47  if(a1.reason_code() != a2.reason_code())
48  return false;
49  return true;
50  }
bool BOTAN_DLL Botan::operator== ( const AlgorithmIdentifier a1,
const AlgorithmIdentifier a2 
)

Definition at line 67 of file alg_id.cpp.

References Botan::AlgorithmIdentifier::oid, and Botan::AlgorithmIdentifier::parameters.

68  {
69  if(a1.oid != a2.oid)
70  return false;
71 
72  if(param_null_or_empty(a1.parameters) &&
73  param_null_or_empty(a2.parameters))
74  return true;
75 
76  return (a1.parameters == a2.parameters);
77  }
BOTAN_DLL bool Botan::operator== ( const OctetString x,
const OctetString y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is equal to y

Definition at line 95 of file symkey.cpp.

References Botan::OctetString::bits_of().

96  {
97  return (s1.bits_of() == s2.bits_of());
98  }
template<typename T , typename U >
bool Botan::operator== ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

Definition at line 114 of file secmem.h.

115  { return true; }
bool BOTAN_DLL Botan::operator== ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 136 of file x509_dn.cpp.

References Botan::X509_DN::get_attributes(), and x500_name_cmp().

137  {
138  auto attr1 = dn1.get_attributes();
139  auto attr2 = dn2.get_attributes();
140 
141  if(attr1.size() != attr2.size()) return false;
142 
143  auto p1 = attr1.begin();
144  auto p2 = attr2.begin();
145 
146  while(true)
147  {
148  if(p1 == attr1.end() && p2 == attr2.end())
149  break;
150  if(p1 == attr1.end()) return false;
151  if(p2 == attr2.end()) return false;
152  if(p1->first != p2->first) return false;
153  if(!x500_name_cmp(p1->second, p2->second))
154  return false;
155  ++p1;
156  ++p2;
157  }
158  return true;
159  }
bool x500_name_cmp(const std::string &name1, const std::string &name2)
Definition: parsing.cpp:222
bool Botan::operator== ( const CurveGFp lhs,
const CurveGFp rhs 
)
inline

Equality operator

Parameters
lhsa curve
rhsa curve
Returns
true iff lhs is the same as rhs

Definition at line 158 of file curve_gfp.h.

References Botan::CurveGFp::get_a(), Botan::CurveGFp::get_b(), and Botan::CurveGFp::get_p().

159  {
160  return (lhs.get_p() == rhs.get_p()) &&
161  (lhs.get_a() == rhs.get_a()) &&
162  (lhs.get_b() == rhs.get_b());
163  }
bool BOTAN_DLL Botan::operator== ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 261 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

262  { return (t1.cmp(t2) == 0); }
bool Botan::operator== ( const BigInt a,
const BigInt b 
)
inline

Definition at line 598 of file bigint.h.

References Botan::BigInt::cmp().

599  { return (a.cmp(b) == 0); }
bool BOTAN_DLL Botan::operator> ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 273 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

274  { return (t1.cmp(t2) > 0); }
bool Botan::operator> ( const BigInt a,
const BigInt b 
)
inline

Definition at line 608 of file bigint.h.

References Botan::BigInt::cmp().

609  { return (a.cmp(b) > 0); }
bool BOTAN_DLL Botan::operator>= ( const X509_Time t1,
const X509_Time t2 
)

Definition at line 268 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

269  { return (t1.cmp(t2) >= 0); }
bool Botan::operator>= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 604 of file bigint.h.

References Botan::BigInt::cmp().

605  { return (a.cmp(b) >= 0); }
int BOTAN_DLL Botan::operator>> ( int  in,
Pipe pipe 
)

File descriptor input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters
infile descriptor for an open input stream
pipethe pipe

Definition at line 39 of file fd_unix.cpp.

References Botan::Pipe::write().

40  {
41  secure_vector<uint8_t> buffer(DEFAULT_BUFFERSIZE);
42  while(true)
43  {
44  ssize_t ret = read(fd, buffer.data(), buffer.size());
45  if(ret == 0) break;
46  if(ret == -1)
47  throw Stream_IO_Error("Pipe input operator (unixfd) has failed");
48  pipe.write(buffer.data(), ret);
49  }
50  return fd;
51  }
BOTAN_DLL std::istream & Botan::operator>> ( std::istream &  stream,
BigInt n 
)

Definition at line 45 of file big_io.cpp.

46  {
47  std::string str;
48  std::getline(stream, str);
49  if(stream.bad() || (stream.fail() && !stream.eof()))
50  throw Stream_IO_Error("BigInt input operator has failed");
51  n = BigInt(str);
52  return stream;
53  }
BigInt BOTAN_DLL Botan::operator>> ( const BigInt x,
size_t  shift 
)

Definition at line 174 of file big_ops3.cpp.

References bigint_shr2(), Botan::BigInt::bits(), Botan::BigInt::data(), MP_WORD_BITS, Botan::BigInt::sig_words(), and Botan::BigInt::sign().

175  {
176  if(shift == 0)
177  return x;
178  if(x.bits() <= shift)
179  return 0;
180 
181  const size_t shift_words = shift / MP_WORD_BITS,
182  shift_bits = shift % MP_WORD_BITS,
183  x_sw = x.sig_words();
184 
185  BigInt y(x.sign(), x_sw - shift_words);
186  bigint_shr2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
187  return y;
188  }
void bigint_shr2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:356
const size_t MP_WORD_BITS
Definition: mp_core.h:21
BOTAN_DLL std::istream & Botan::operator>> ( std::istream &  in,
X509_DN dn 
)

Definition at line 325 of file x509_dn.cpp.

References Botan::X509_DN::add_attribute(), and Botan::X509_DN::deref_info_field().

326  {
327  in >> std::noskipws;
328  do
329  {
330  std::string key;
331  std::string val;
332  char c;
333 
334  while(in.good())
335  {
336  in >> c;
337 
338  if(std::isspace(c) && key.empty())
339  continue;
340  else if(!std::isspace(c))
341  {
342  key.push_back(c);
343  break;
344  }
345  else
346  break;
347  }
348 
349  while(in.good())
350  {
351  in >> c;
352 
353  if(!std::isspace(c) && c != '=')
354  key.push_back(c);
355  else if(c == '=')
356  break;
357  else
358  throw Invalid_Argument("Ill-formed X.509 DN");
359  }
360 
361  bool in_quotes = false;
362  while(in.good())
363  {
364  in >> c;
365 
366  if(std::isspace(c))
367  {
368  if(!in_quotes && !val.empty())
369  break;
370  else if(in_quotes)
371  val.push_back(' ');
372  }
373  else if(c == '"')
374  in_quotes = !in_quotes;
375  else if(c == '\\')
376  {
377  if(in.good())
378  in >> c;
379  val.push_back(c);
380  }
381  else if(c == ',' && !in_quotes)
382  break;
383  else
384  val.push_back(c);
385  }
386 
387  if(!key.empty() && !val.empty())
388  dn.add_attribute(X509_DN::deref_info_field(key),val);
389  else
390  break;
391  }
392  while(in.good());
393  return in;
394  }
std::istream & Botan::operator>> ( std::istream &  in,
Pipe pipe 
)

Stream input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters
inthe input stream
pipethe pipe

Definition at line 32 of file pipe_io.cpp.

References Botan::Pipe::write().

33  {
34  secure_vector<uint8_t> buffer(DEFAULT_BUFFERSIZE);
35  while(stream.good())
36  {
37  stream.read(reinterpret_cast<char*>(buffer.data()), buffer.size());
38  pipe.write(buffer.data(), stream.gcount());
39  }
40  if(stream.bad() || (stream.fail() && !stream.eof()))
41  throw Stream_IO_Error("Pipe input operator (iostream) has failed");
42  return stream;
43  }
BOTAN_DLL OctetString Botan::operator^ ( const OctetString x,
const OctetString y 
)

XOR two strings

Parameters
xan octet string
yan octet string
Returns
x XORed with y

Definition at line 122 of file symkey.cpp.

References Botan::OctetString::begin(), copy_mem(), Botan::OctetString::length(), Botan::CT::max(), and xor_buf().

123  {
124  secure_vector<uint8_t> out(std::max(k1.length(), k2.length()));
125 
126  copy_mem(out.data(), k1.begin(), k1.length());
127  xor_buf(out.data(), k2.begin(), k2.length());
128  return OctetString(out);
129  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
T max(T a, T b)
Definition: ct_utils.h:173
template<typename T , typename Alloc , typename Alloc2 >
std::vector<T, Alloc>& Botan::operator^= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

Definition at line 168 of file mem_ops.h.

References xor_buf().

170  {
171  if(out.size() < in.size())
172  out.resize(in.size());
173 
174  xor_buf(out.data(), in.data(), in.size());
175  return out;
176  }
void xor_buf(std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
Definition: mem_ops.h:158
ECIES_Flags Botan::operator| ( ECIES_Flags  a,
ECIES_Flags  b 
)
inline

Definition at line 45 of file ecies.h.

46  {
47  return static_cast<ECIES_Flags>(static_cast<uint32_t>(a) | static_cast<uint32_t>(b));
48  }
ECIES_Flags
Definition: ecies.h:28
donna128 Botan::operator| ( const donna128 x,
const donna128 y 
)
inline

Definition at line 103 of file donna128.h.

References Botan::donna128::hi(), and Botan::donna128::lo().

104  {
105  return donna128(x.lo() | y.lo(), x.hi() | y.hi());
106  }
template<typename Alloc >
PointGFp Botan::OS2ECP ( const std::vector< uint8_t, Alloc > &  data,
const CurveGFp curve 
)

Definition at line 283 of file point_gfp.h.

References OS2ECP().

284  { return OS2ECP(data.data(), data.size(), curve); }
PointGFp OS2ECP(const std::vector< uint8_t, Alloc > &data, const CurveGFp &curve)
Definition: point_gfp.h:283
PointGFp BOTAN_DLL Botan::OS2ECP ( const uint8_t  data[],
size_t  data_len,
const CurveGFp curve 
)

Definition at line 544 of file point_gfp.cpp.

References Botan::BigInt::decode(), Botan::PointGFp::on_the_curve(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::EC_Group::EC_Group(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::ECIES_Encryptor::ECIES_Encryptor(), and OS2ECP().

546  {
547  if(data_len <= 1)
548  return PointGFp(curve); // return zero
549 
550  const uint8_t pc = data[0];
551 
552  BigInt x, y;
553 
554  if(pc == 2 || pc == 3)
555  {
556  //compressed form
557  x = BigInt::decode(&data[1], data_len - 1);
558 
559  const bool y_mod_2 = ((pc & 0x01) == 1);
560  y = decompress_point(y_mod_2, x, curve);
561  }
562  else if(pc == 4)
563  {
564  const size_t l = (data_len - 1) / 2;
565 
566  // uncompressed form
567  x = BigInt::decode(&data[1], l);
568  y = BigInt::decode(&data[l+1], l);
569  }
570  else if(pc == 6 || pc == 7)
571  {
572  const size_t l = (data_len - 1) / 2;
573 
574  // hybrid form
575  x = BigInt::decode(&data[1], l);
576  y = BigInt::decode(&data[l+1], l);
577 
578  const bool y_mod_2 = ((pc & 0x01) == 1);
579 
580  if(decompress_point(y_mod_2, x, curve) != y)
581  throw Illegal_Point("OS2ECP: Decoding error in hybrid format");
582  }
583  else
584  throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc));
585 
586  PointGFp result(curve, x, y);
587 
588  if(!result.on_the_curve())
589  throw Illegal_Point("OS2ECP: Decoded point was not on the curve");
590 
591  return result;
592  }
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
BOTAN_DLL std::vector< std::string > Botan::parse_algorithm_name ( const std::string &  scan_name)

Parse a SCAN-style algorithm name

Parameters
scan_namethe name
Returns
the name components

Definition at line 85 of file parsing.cpp.

Referenced by get_aead(), get_cipher_mode(), and Botan::X509_Object::hash_used_for_signature().

86  {
87  if(namex.find('(') == std::string::npos &&
88  namex.find(')') == std::string::npos)
89  return std::vector<std::string>(1, namex);
90 
91  std::string name = namex, substring;
92  std::vector<std::string> elems;
93  size_t level = 0;
94 
95  elems.push_back(name.substr(0, name.find('(')));
96  name = name.substr(name.find('('));
97 
98  for(auto i = name.begin(); i != name.end(); ++i)
99  {
100  char c = *i;
101 
102  if(c == '(')
103  ++level;
104  if(c == ')')
105  {
106  if(level == 1 && i == name.end() - 1)
107  {
108  if(elems.size() == 1)
109  elems.push_back(substring.substr(1));
110  else
111  elems.push_back(substring);
112  return elems;
113  }
114 
115  if(level == 0 || (level == 1 && i != name.end() - 1))
116  throw Invalid_Algorithm_Name(namex);
117  --level;
118  }
119 
120  if(c == ',' && level == 1)
121  {
122  if(elems.size() == 1)
123  elems.push_back(substring.substr(1));
124  else
125  elems.push_back(substring);
126  substring.clear();
127  }
128  else
129  substring += c;
130  }
131 
132  if(!substring.empty())
133  throw Invalid_Algorithm_Name(namex);
134 
135  return elems;
136  }
BOTAN_DLL std::vector< uint32_t > Botan::parse_asn1_oid ( const std::string &  oid)

Parse an ASN.1 OID

Parameters
oidthe OID in string form
Returns
OID components

Definition at line 189 of file parsing.cpp.

References to_u32bit().

Referenced by Botan::OID::OID().

190  {
191  std::string substring;
192  std::vector<uint32_t> oid_elems;
193 
194  for(auto i = oid.begin(); i != oid.end(); ++i)
195  {
196  char c = *i;
197 
198  if(c == '.')
199  {
200  if(substring.empty())
201  throw Invalid_OID(oid);
202  oid_elems.push_back(to_u32bit(substring));
203  substring.clear();
204  }
205  else
206  substring += c;
207  }
208 
209  if(substring.empty())
210  throw Invalid_OID(oid);
211  oid_elems.push_back(to_u32bit(substring));
212 
213  if(oid_elems.size() < 2)
214  throw Invalid_OID(oid);
215 
216  return oid_elems;
217  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:18
secure_vector< uint8_t > BOTAN_DLL Botan::pbes2_decrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
const std::vector< uint8_t > &  params 
)

Decrypt a PKCS #5 v2.0 encrypted stream

Parameters
key_bitsthe input
passphrasethe passphrase to use for decryption
paramsthe PBES2 parameters

Definition at line 164 of file pbes2.cpp.

References Botan::OID::as_string(), CONSTRUCTED, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_optional(), DECRYPTION, Botan::BER_Decoder::end_cons(), get_cipher_mode(), get_pbkdf(), INTEGER, Botan::OIDS::lookup(), OCTET_STRING, Botan::AlgorithmIdentifier::oid, Botan::AlgorithmIdentifier::parameters, SEQUENCE, split_on(), Botan::BER_Decoder::start_cons(), UNIVERSAL, Botan::AlgorithmIdentifier::USE_NULL_PARAM, and Botan::BER_Decoder::verify_end().

167  {
168  AlgorithmIdentifier kdf_algo, enc_algo;
169 
170  BER_Decoder(params)
171  .start_cons(SEQUENCE)
172  .decode(kdf_algo)
173  .decode(enc_algo)
174  .end_cons();
175 
176  AlgorithmIdentifier prf_algo;
177 
178  if(kdf_algo.oid != OIDS::lookup("PKCS5.PBKDF2"))
179  throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
180  kdf_algo.oid.as_string());
181 
182  secure_vector<uint8_t> salt;
183  size_t iterations = 0, key_length = 0;
184 
185  BER_Decoder(kdf_algo.parameters)
186  .start_cons(SEQUENCE)
187  .decode(salt, OCTET_STRING)
188  .decode(iterations)
189  .decode_optional(key_length, INTEGER, UNIVERSAL)
190  .decode_optional(prf_algo, SEQUENCE, CONSTRUCTED,
191  AlgorithmIdentifier("HMAC(SHA-160)",
192  AlgorithmIdentifier::USE_NULL_PARAM))
193  .end_cons();
194 
195  const std::string cipher = OIDS::lookup(enc_algo.oid);
196  const std::vector<std::string> cipher_spec = split_on(cipher, '/');
197  if(cipher_spec.size() != 2)
198  throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
199  if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM")
200  throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher);
201 
202  if(salt.size() < 8)
203  throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small");
204 
205  secure_vector<uint8_t> iv;
206  BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end();
207 
208  const std::string prf = OIDS::lookup(prf_algo.oid);
209 
210  std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(" + prf + ")"));
211 
212  std::unique_ptr<Cipher_Mode> dec(get_cipher_mode(cipher, DECRYPTION));
213  if(!dec)
214  throw Decoding_Error("PBE-PKCS5 cannot decrypt no cipher " + cipher);
215 
216  if(key_length == 0)
217  key_length = dec->key_spec().maximum_keylength();
218 
219  dec->set_key(pbkdf->pbkdf_iterations(key_length, passphrase, salt.data(), salt.size(), iterations));
220 
221  dec->start(iv);
222 
223  secure_vector<uint8_t> buf = key_bits;
224  dec->finish(buf);
225 
226  return buf;
227  }
Cipher_Mode * get_cipher_mode(const std::string &algo, Cipher_Dir direction)
Definition: cipher_mode.cpp:39
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
std::string lookup(const OID &oid)
Definition: oids.cpp:18
PBKDF * get_pbkdf(const std::string &algo_spec, const std::string &provider="")
Definition: pbkdf.h:216
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > BOTAN_DLL Botan::pbes2_encrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 121 of file pbes2.cpp.

127  {
128  size_t msec_in_iterations_out = msec.count();
129  return pbes2_encrypt_shared(key_bits, passphrase, &msec_in_iterations_out, 0, cipher, digest, rng);
130  // return value msec_in_iterations_out discarded
131  }
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > BOTAN_DLL Botan::pbes2_encrypt_iter ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
size_t  iterations,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
iterationshow many iterations to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 153 of file pbes2.cpp.

Referenced by Botan::PKCS8::BER_encode_encrypted_pbkdf_iter().

159  {
160  return pbes2_encrypt_shared(key_bits, passphrase, nullptr, pbkdf_iter, cipher, digest, rng);
161  }
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > BOTAN_DLL Botan::pbes2_encrypt_msec ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
size_t *  out_iterations_if_nonnull,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
out_iterations_if_nonnullif not null, set to the number of PBKDF iterations used
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 134 of file pbes2.cpp.

Referenced by Botan::PKCS8::BER_encode(), and Botan::PKCS8::BER_encode_encrypted_pbkdf_msec().

141  {
142  size_t msec_in_iterations_out = msec.count();
143 
144  auto ret = pbes2_encrypt_shared(key_bits, passphrase, &msec_in_iterations_out, 0, cipher, digest, rng);
145 
146  if(out_iterations_if_nonnull)
147  *out_iterations_if_nonnull = msec_in_iterations_out;
148 
149  return ret;
150  }
BOTAN_DLL size_t Botan::pbkdf2 ( MessageAuthenticationCode prf,
uint8_t  out[],
size_t  out_len,
const std::string &  passphrase,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations,
std::chrono::milliseconds  msec 
)

Definition at line 15 of file pbkdf2.cpp.

References clear_mem(), Botan::Buffered_Computation::final(), Botan::SymmetricAlgorithm::name(), Botan::Buffered_Computation::output_length(), round_up(), Botan::SymmetricAlgorithm::set_key(), Botan::ASN1::to_string(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().

Referenced by Botan::PKCS5_PBKDF2::pbkdf().

22  {
23  clear_mem(out, out_len);
24 
25  if(out_len == 0)
26  return 0;
27 
28  try
29  {
30  prf.set_key(reinterpret_cast<const uint8_t*>(passphrase.data()), passphrase.size());
31  }
32  catch(Invalid_Key_Length&)
33  {
34  throw Exception("PBKDF2 with " + prf.name() +
35  " cannot accept passphrases of length " +
36  std::to_string(passphrase.size()));
37  }
38 
39  const size_t prf_sz = prf.output_length();
40  secure_vector<uint8_t> U(prf_sz);
41 
42  const size_t blocks_needed = round_up(out_len, prf_sz) / prf_sz;
43 
44  std::chrono::microseconds usec_per_block =
45  std::chrono::duration_cast<std::chrono::microseconds>(msec) / blocks_needed;
46 
47  uint32_t counter = 1;
48  while(out_len)
49  {
50  const size_t prf_output = std::min<size_t>(prf_sz, out_len);
51 
52  prf.update(salt, salt_len);
53  prf.update_be(counter++);
54  prf.final(U.data());
55 
56  xor_buf(out, U.data(), prf_output);
57 
58  if(iterations == 0)
59  {
60  /*
61  If no iterations set, run the first block to calibrate based
62  on how long hashing takes on whatever machine we're running on.
63  */
64 
65  const auto start = std::chrono::high_resolution_clock::now();
66 
67  iterations = 1; // the first iteration we did above
68 
69  while(true)
70  {
71  prf.update(U);
72  prf.final(U.data());
73  xor_buf(out, U.data(), prf_output);
74  iterations++;
75 
76  /*
77  Only break on relatively 'even' iterations. For one it
78  avoids confusion, and likely some broken implementations
79  break on getting completely randomly distributed values
80  */
81  if(iterations % 10000 == 0)
82  {
83  auto time_taken = std::chrono::high_resolution_clock::now() - start;
84  auto usec_taken = std::chrono::duration_cast<std::chrono::microseconds>(time_taken);
85  if(usec_taken > usec_per_block)
86  break;
87  }
88  }
89  }
90  else
91  {
92  for(size_t i = 1; i != iterations; ++i)
93  {
94  prf.update(U);
95  prf.final(U.data());
96  xor_buf(out, U.data(), prf_output);
97  }
98  }
99 
100  out_len -= prf_output;
101  out += prf_output;
102  }
103 
104  return iterations;
105  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
BOTAN_DLL std::vector< uint8_t > Botan::pkcs_hash_id ( const std::string &  hash_name)

Return the PKCS #1 hash identifier

See also
RFC 3447 section 9.2
Parameters
hash_namethe name of the hash function
Returns
uint8_t sequence identifying the hash
Exceptions
Invalid_Argumentif the hash has no known PKCS #1 hash id

Definition at line 56 of file hash_id.cpp.

Referenced by Botan::EMSA_PKCS1v15::EMSA_PKCS1v15().

57  {
58  // Special case for SSL/TLS RSA signatures
59  if(name == "Parallel(MD5,SHA-160)")
60  return std::vector<uint8_t>();
61 
62  if(name == "MD5")
63  return std::vector<uint8_t>(MD5_PKCS_ID,
64  MD5_PKCS_ID + sizeof(MD5_PKCS_ID));
65 
66  if(name == "RIPEMD-160")
67  return std::vector<uint8_t>(RIPEMD_160_PKCS_ID,
68  RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID));
69 
70  if(name == "SHA-160")
71  return std::vector<uint8_t>(SHA_160_PKCS_ID,
72  SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID));
73 
74  if(name == "SHA-224")
75  return std::vector<uint8_t>(SHA_224_PKCS_ID,
76  SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID));
77 
78  if(name == "SHA-256")
79  return std::vector<uint8_t>(SHA_256_PKCS_ID,
80  SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID));
81 
82  if(name == "SHA-384")
83  return std::vector<uint8_t>(SHA_384_PKCS_ID,
84  SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID));
85 
86  if(name == "SHA-512")
87  return std::vector<uint8_t>(SHA_512_PKCS_ID,
88  SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID));
89 
90  if(name == "SHA-512-256")
91  return std::vector<uint8_t>(SHA_512_256_PKCS_ID,
92  SHA_512_256_PKCS_ID + sizeof(SHA_512_256_PKCS_ID));
93 
94  if(name == "Tiger(24,3)")
95  return std::vector<uint8_t>(TIGER_PKCS_ID,
96  TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID));
97 
98  throw Invalid_Argument("No PKCS #1 identifier for " + name);
99  }
BigInt BOTAN_DLL Botan::power_mod ( const BigInt b,
const BigInt x,
const BigInt m 
)

Modular exponentation

Parameters
ban integer base
xa positive exponent
ma positive modulus
Returns
(b^x) % m

Definition at line 373 of file numthry.cpp.

References Botan::Power_Mod::execute(), Botan::Power_Mod::set_base(), and Botan::Power_Mod::set_exponent().

Referenced by botan_mp_powmod(), Botan::DL_Scheme_PublicKey::check_key(), Botan::DL_Scheme_PrivateKey::check_key(), Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), generate_srp6_verifier(), ressol(), srp6_client_agree(), Botan::SRP6_Server_Session::step1(), Botan::SRP6_Server_Session::step2(), and Botan::DL_Group::verify_group().

374  {
375  Power_Mod pow_mod(mod);
376 
377  /*
378  * Calling set_base before set_exponent means we end up using a
379  * minimal window. This makes sense given that here we know that any
380  * precomputation is wasted.
381  */
382  pow_mod.set_base(base);
383  pow_mod.set_exponent(exp);
384  return pow_mod.execute();
385  }
template<typename T >
void Botan::prefetch_readonly ( const T *  addr,
size_t  length 
)
inline

Definition at line 16 of file prefetch.h.

References Botan::CPUID::cache_line_size().

17  {
18 #if defined(__GNUG__)
19  const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);
20 
21  for(size_t i = 0; i <= length; i += Ts_per_cache_line)
22  __builtin_prefetch(addr + i, 0);
23 #endif
24  }
template<typename T >
void Botan::prefetch_readwrite ( const T *  addr,
size_t  length 
)
inline

Definition at line 27 of file prefetch.h.

References Botan::CPUID::cache_line_size().

28  {
29 #if defined(__GNUG__)
30  const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);
31 
32  for(size_t i = 0; i <= length; i += Ts_per_cache_line)
33  __builtin_prefetch(addr + i, 1);
34 #endif
35  }
BOTAN_DLL const BigInt & Botan::prime_p521 ( )

NIST Prime reduction functions.

Reduces the value in place

ws is a workspace function which is used as a temporary, and will be resized as needed.

Definition at line 51 of file curve_nistp.cpp.

Referenced by redc_p521().

52  {
53  static const BigInt p521("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
54  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
55 
56  return p521;
57  }
template<typename T >
std::vector<std::string> Botan::probe_providers_of ( const std::string &  algo_spec,
const std::vector< std::string > &  possible 
)

Definition at line 101 of file scan_name.h.

103  {
104  std::vector<std::string> providers;
105  for(auto&& prov : possible)
106  {
107  std::unique_ptr<T> o(T::create(algo_spec, prov));
108  if(o)
109  {
110  providers.push_back(prov); // available
111  }
112  }
113  return providers;
114  }
bool Botan::quick_check_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 171 of file numthry.h.

References is_prime().

172  { return is_prime(n, rng, 32); }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
gf2m Botan::random_code_element ( unsigned  code_length,
RandomNumberGenerator rng 
)

Definition at line 71 of file polyn_gf2m.cpp.

References random_gf2m().

Referenced by Botan::polyn_gf2m::polyn_gf2m().

72  {
73  if(code_length == 0)
74  {
75  throw Invalid_Argument("random_code_element() was supplied a code length of zero");
76  }
77  const unsigned nlz = nlz_16bit(code_length-1);
78  const gf2m mask = (1 << (16-nlz)) -1;
79 
80  gf2m result;
81 
82  do
83  {
84  result = random_gf2m(rng);
85  result &= mask;
86  } while(result >= code_length); // rejection sampling
87 
88  return result;
89  }
uint16_t gf2m
Definition: gf2m_small_m.h:20
uint32_t code_length
gf2m random_gf2m(RandomNumberGenerator &rng)
Definition: polyn_gf2m.cpp:64
gf2m Botan::random_gf2m ( RandomNumberGenerator rng)

Definition at line 64 of file polyn_gf2m.cpp.

References make_uint16(), and Botan::RandomNumberGenerator::randomize().

Referenced by random_code_element().

65  {
66  uint8_t b[2];
67  rng.randomize(b, sizeof(b));
68  return make_uint16(b[1], b[0]);
69  }
uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition: loadstor.h:60
BigInt BOTAN_DLL Botan::random_prime ( RandomNumberGenerator rng,
size_t  bits,
const BigInt coprime = 1,
size_t  equiv = 1,
size_t  equiv_mod = 2 
)

Randomly generate a prime

Parameters
rnga random number generator
bitshow large the resulting prime should be in bits
coprimea positive integer the result should be coprime to
equiva non-negative number that the result should be equivalent to modulo equiv_mod
equiv_modthe modulus equiv should be checked against
Returns
random prime with the specified criteria

Definition at line 17 of file make_prm.cpp.

References Botan::BigInt::bits(), gcd(), is_prime(), Botan::CT::min(), Botan::RandomNumberGenerator::next_byte(), PRIME_TABLE_SIZE, PRIMES, Botan::BigInt::set_bit(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group(), random_safe_prime(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

20  {
21  if(coprime <= 0)
22  {
23  throw Invalid_Argument("random_prime: coprime must be > 0");
24  }
25  if(modulo % 2 == 1 || modulo == 0)
26  {
27  throw Invalid_Argument("random_prime: Invalid modulo value");
28  }
29  if(equiv >= modulo || equiv % 2 == 0)
30  {
31  throw Invalid_Argument("random_prime: equiv must be < modulo, and odd");
32  }
33 
34  // Handle small values:
35  if(bits <= 1)
36  {
37  throw Invalid_Argument("random_prime: Can't make a prime of " +
38  std::to_string(bits) + " bits");
39  }
40  else if(bits == 2)
41  {
42  return ((rng.next_byte() % 2) ? 2 : 3);
43  }
44  else if(bits == 3)
45  {
46  return ((rng.next_byte() % 2) ? 5 : 7);
47  }
48  else if(bits == 4)
49  {
50  return ((rng.next_byte() % 2) ? 11 : 13);
51  }
52 
53  while(true)
54  {
55  BigInt p(rng, bits);
56 
57  // Force lowest and two top bits on
58  p.set_bit(bits - 1);
59  p.set_bit(bits - 2);
60  p.set_bit(0);
61 
62  if(p % modulo != equiv)
63  p += (modulo - p % modulo) + equiv;
64 
65  const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE);
66  secure_vector<uint16_t> sieve(sieve_size);
67 
68  for(size_t j = 0; j != sieve.size(); ++j)
69  sieve[j] = static_cast<uint16_t>(p % PRIMES[j]);
70 
71  size_t counter = 0;
72  while(true)
73  {
74  ++counter;
75 
76  if(counter >= 4096)
77  {
78  break; // don't try forever, choose a new starting point
79  }
80 
81  p += modulo;
82 
83  if(p.bits() > bits)
84  break;
85 
86  bool passes_sieve = true;
87  for(size_t j = 0; j != sieve.size(); ++j)
88  {
89  sieve[j] = (sieve[j] + modulo) % PRIMES[j];
90  if(sieve[j] == 0)
91  {
92  passes_sieve = false;
93  break;
94  }
95  }
96 
97  if(!passes_sieve)
98  continue;
99 
100  if(gcd(p - 1, coprime) != 1)
101  continue;
102 
103  if(is_prime(p, rng, 128, true))
104  {
105  return p;
106  }
107  }
108  }
109  }
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:240
const uint16_t BOTAN_DLL PRIMES[]
Definition: primes.cpp:12
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
BigInt gcd(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:46
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
T min(T a, T b)
Definition: ct_utils.h:180
BigInt BOTAN_DLL Botan::random_safe_prime ( RandomNumberGenerator rng,
size_t  bits 
)

Return a 'safe' prime, of the form p=2*q+1 with q prime

Parameters
rnga random number generator
bitsis how long the resulting prime should be
Returns
prime randomly chosen from safe primes of length bits

Definition at line 114 of file make_prm.cpp.

References is_prime(), random_prime(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group().

115  {
116  if(bits <= 64)
117  throw Invalid_Argument("random_safe_prime: Can't make a prime of " +
118  std::to_string(bits) + " bits");
119 
120  BigInt p;
121  do
122  p = (random_prime(rng, bits - 1) << 1) + 1;
123  while(!is_prime(p, rng, 128, true));
124 
125  return p;
126  }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)
Definition: make_prm.cpp:17
std::map< std::string, std::string > Botan::read_cfg ( std::istream &  is)

Definition at line 28 of file read_cfg.cpp.

References clean_ws(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Text_Policy::Text_Policy().

29  {
30  std::map<std::string, std::string> kv;
31  size_t line = 0;
32 
33  while(is.good())
34  {
35  std::string s;
36 
37  std::getline(is, s);
38 
39  ++line;
40 
41  if(s.empty() || s[0] == '#')
42  continue;
43 
44  s = clean_ws(s.substr(0, s.find('#')));
45 
46  if(s.empty())
47  continue;
48 
49  auto eq = s.find("=");
50 
51  if(eq == std::string::npos || eq == 0 || eq == s.size() - 1)
52  throw Exception("Bad read_cfg input '" + s + "' on line " + std::to_string(line));
53 
54  const std::string key = clean_ws(s.substr(0, eq));
55  const std::string val = clean_ws(s.substr(eq + 1, std::string::npos));
56 
57  kv[key] = val;
58  }
59 
60  return kv;
61  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
std::string BOTAN_DLL clean_ws(const std::string &s)
Definition: read_cfg.cpp:13
BOTAN_DLL void Botan::redc_p521 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 59 of file curve_nistp.cpp.

References bigint_add3_nc(), bigint_shr2(), BOTAN_ASSERT_EQUAL, clear_mem(), Botan::BigInt::data(), Botan::BigInt::mask_bits(), MP_WORD_BITS, Botan::BigInt::mutable_data(), prime_p521(), and Botan::BigInt::sig_words().

60  {
61  const size_t p_full_words = 521 / MP_WORD_BITS;
62  const size_t p_top_bits = 521 % MP_WORD_BITS;
63  const size_t p_words = p_full_words + 1;
64 
65  const size_t x_sw = x.sig_words();
66 
67  if(x_sw < p_words)
68  return; // already smaller
69 
70  if(ws.size() < p_words + 1)
71  ws.resize(p_words + 1);
72 
73  clear_mem(ws.data(), ws.size());
74  bigint_shr2(ws.data(), x.data(), x_sw, p_full_words, p_top_bits);
75 
76  x.mask_bits(521);
77 
78  word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words);
79  BOTAN_ASSERT_EQUAL(carry, 0, "Final final carry in P-521 reduction");
80 
81  normalize(prime_p521(), x, ws, 1);
82  }
void bigint_shr2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition: mp_core.cpp:356
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:57
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition: mp_core.cpp:113
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53
const BigInt & prime_p521()
Definition: curve_nistp.cpp:51
const size_t MP_WORD_BITS
Definition: mp_core.h:21
BOTAN_DLL std::string Botan::replace_char ( const std::string &  str,
char  from_char,
char  to_char 
)

Replace a character in a string

Parameters
strthe input string
from_charthe character to replace
to_charthe character to replace it with
Returns
str with all instances of from_char replaced by to_char

Definition at line 326 of file parsing.cpp.

327  {
328  std::string out = str;
329 
330  for(size_t i = 0; i != out.size(); ++i)
331  if(out[i] == from_char)
332  out[i] = to_char;
333 
334  return out;
335  }
BOTAN_DLL std::string Botan::replace_chars ( const std::string &  str,
const std::set< char > &  from_chars,
char  to_char 
)

Replace a character in a string

Parameters
strthe input string
from_charsthe characters to replace
to_charthe character to replace it with
Returns
str with all instances of from_chars replaced by to_char

Definition at line 313 of file parsing.cpp.

316  {
317  std::string out = str;
318 
319  for(size_t i = 0; i != out.size(); ++i)
320  if(chars.count(out[i]))
321  out[i] = to_char;
322 
323  return out;
324  }
BigInt Botan::ressol ( const BigInt x,
const BigInt p 
)

Compute the square root of x modulo a prime using the Shanks-Tonnelli algorithm

Parameters
xthe input
pthe prime
Returns
y such that (y*y)p == x, or -1 if no such integer

Definition at line 17 of file ressol.cpp.

References Botan::BigInt::is_even(), jacobi(), low_zero_bits(), Botan::Modular_Reducer::multiply(), power_mod(), Botan::BigInt::power_of_2(), and Botan::Modular_Reducer::square().

18  {
19  if(a == 0)
20  return 0;
21  else if(a < 0)
22  throw Invalid_Argument("ressol: value to solve for must be positive");
23  else if(a >= p)
24  throw Invalid_Argument("ressol: value to solve for must be less than p");
25 
26  if(p == 2)
27  return a;
28  else if(p <= 1)
29  throw Invalid_Argument("ressol: prime must be > 1 a");
30  else if(p.is_even())
31  throw Invalid_Argument("ressol: invalid prime");
32 
33  if(jacobi(a, p) != 1) // not a quadratic residue
34  return -BigInt(1);
35 
36  if(p % 4 == 3)
37  return power_mod(a, ((p+1) >> 2), p);
38 
39  size_t s = low_zero_bits(p - 1);
40  BigInt q = p >> s;
41 
42  q -= 1;
43  q >>= 1;
44 
45  Modular_Reducer mod_p(p);
46 
47  BigInt r = power_mod(a, q, p);
48  BigInt n = mod_p.multiply(a, mod_p.square(r));
49  r = mod_p.multiply(r, a);
50 
51  if(n == 1)
52  return r;
53 
54  // find random non quadratic residue z
55  BigInt z = 2;
56  while(jacobi(z, p) == 1) // while z quadratic residue
57  ++z;
58 
59  BigInt c = power_mod(z, (q << 1) + 1, p);
60 
61  while(n > 1)
62  {
63  q = n;
64 
65  size_t i = 0;
66  while(q != 1)
67  {
68  q = mod_p.square(q);
69  ++i;
70 
71  if(i >= s)
72  {
73  return -BigInt(1);
74  }
75  }
76 
77  c = power_mod(c, BigInt::power_of_2(s-i-1), p);
78  r = mod_p.multiply(r, c);
79  c = mod_p.square(c);
80  n = mod_p.multiply(n, c);
81  s = i;
82  }
83 
84  return r;
85  }
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:20
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:373
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: jacobi.cpp:15
uint16_t Botan::reverse_bytes ( uint16_t  val)
inline

Swap a 16 bit integer

Definition at line 24 of file bswap.h.

References rotate_left().

Referenced by Botan::SIMD_4x32::bswap(), bswap_4(), load_be(), load_le(), and reverse_bytes().

25  {
26  return rotate_left(val, 8);
27  }
T rotate_left(T input, size_t rot)
Definition: rotate.h:21
uint32_t Botan::reverse_bytes ( uint32_t  val)
inline

Swap a 32 bit integer

Definition at line 32 of file bswap.h.

References rotate_left(), and rotate_right().

33  {
34 #if BOTAN_GCC_VERSION >= 430 && !defined(BOTAN_TARGET_ARCH_IS_ARM32)
35  /*
36  GCC intrinsic added in 4.3, works for a number of CPUs
37 
38  However avoid under ARM, as it branches to a function in libgcc
39  instead of generating inline asm, so slower even than the generic
40  rotate version below.
41  */
42  return __builtin_bswap32(val);
43 
44 #elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_CPU_IS_X86_FAMILY)
45 
46  // GCC-style inline assembly for x86 or x86-64
47  asm("bswapl %0" : "=r" (val) : "0" (val));
48  return val;
49 
50 #elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_ARCH_IS_ARM32)
51 
52  asm ("eor r3, %1, %1, ror #16\n\t"
53  "bic r3, r3, #0x00FF0000\n\t"
54  "mov %0, %1, ror #8\n\t"
55  "eor %0, %0, r3, lsr #8"
56  : "=r" (val)
57  : "0" (val)
58  : "r3", "cc");
59 
60  return val;
61 
62 #elif defined(_MSC_VER) && defined(BOTAN_TARGET_ARCH_IS_X86_32)
63 
64  // Visual C++ inline asm for 32-bit x86, by Yves Jerschow
65  __asm mov eax, val;
66  __asm bswap eax;
67 
68 #else
69 
70  // Generic implementation
71  return (rotate_right(val, 8) & 0xFF00FF00) |
72  (rotate_left (val, 8) & 0x00FF00FF);
73 
74 #endif
75  }
T rotate_left(T input, size_t rot)
Definition: rotate.h:21
T rotate_right(T input, size_t rot)
Definition: rotate.h:32
uint64_t Botan::reverse_bytes ( uint64_t  val)
inline

Swap a 64 bit integer

Definition at line 80 of file bswap.h.

References reverse_bytes().

81  {
82 #if BOTAN_GCC_VERSION >= 430
83 
84  // GCC intrinsic added in 4.3, works for a number of CPUs
85  return __builtin_bswap64(val);
86 
87 #elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_ARCH_IS_X86_64)
88  // GCC-style inline assembly for x86-64
89  asm("bswapq %0" : "=r" (val) : "0" (val));
90  return val;
91 
92 #else
93  /* Generic implementation. Defined in terms of 32-bit bswap so any
94  * optimizations in that version can help here (particularly
95  * useful for 32-bit x86).
96  */
97 
98  uint32_t hi = static_cast<uint32_t>(val >> 32);
99  uint32_t lo = static_cast<uint32_t>(val);
100 
101  hi = reverse_bytes(hi);
102  lo = reverse_bytes(lo);
103 
104  return (static_cast<uint64_t>(lo) << 32) | hi;
105 #endif
106  }
uint64_t reverse_bytes(uint64_t val)
Definition: bswap.h:80
secure_vector< uint8_t > BOTAN_DLL Botan::rfc3394_keyunwrap ( const secure_vector< uint8_t > &  key,
const SymmetricKey kek 
)

Decrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe encrypted key to decrypt
kekthe key encryption key
Returns
key decrypted under kek

Definition at line 60 of file rfc3394.cpp.

References copy_mem(), Botan::BlockCipher::create_or_throw(), load_be< uint64_t >(), Botan::OctetString::size(), store_be(), Botan::ASN1::to_string(), and xor_buf().

62  {
63  if(key.size() < 16 || key.size() % 8 != 0)
64  throw Invalid_Argument("Bad input key size for NIST key unwrap");
65 
66  if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32)
67  throw Invalid_Argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key unwrap");
68 
69  const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
70  std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
71  aes->set_key(kek);
72 
73  const size_t n = (key.size() - 8) / 8;
74 
75  secure_vector<uint8_t> R(n * 8);
76  secure_vector<uint8_t> A(16);
77 
78  for(size_t i = 0; i != 8; ++i)
79  A[i] = key[i];
80 
81  copy_mem(R.data(), &key[8], key.size() - 8);
82 
83  for(size_t j = 0; j <= 5; ++j)
84  {
85  for(size_t i = n; i != 0; --i)
86  {
87  const uint32_t t = (5 - j) * n + i;
88 
89  uint8_t t_buf[4] = { 0 };
90  store_be(t, t_buf);
91 
92  xor_buf(&A[4], t_buf, 4);
93 
94  copy_mem(&A[8], &R[8*(i-1)], 8);
95 
96  aes->decrypt(A.data());
97 
98  copy_mem(&R[8*(i-1)], &A[8], 8);
99  }
100  }
101 
102  if(load_be<uint64_t>(A.data(), 0) != 0xA6A6A6A6A6A6A6A6)
103  throw Integrity_Failure("NIST key unwrap failed");
104 
105  return R;
106  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:441
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:223
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
secure_vector< uint8_t > BOTAN_DLL Botan::rfc3394_keywrap ( const secure_vector< uint8_t > &  key,
const SymmetricKey kek 
)

Encrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe plaintext key to encrypt
kekthe key encryption key
Returns
key encrypted under kek

Definition at line 15 of file rfc3394.cpp.

References copy_mem(), Botan::BlockCipher::create_or_throw(), Botan::OctetString::size(), store_be(), Botan::ASN1::to_string(), and xor_buf().

17  {
18  if(key.size() % 8 != 0)
19  throw Invalid_Argument("Bad input key size for NIST key wrap");
20 
21  if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32)
22  throw Invalid_Argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key wrap");
23 
24  const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
25  std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
26  aes->set_key(kek);
27 
28  const size_t n = key.size() / 8;
29 
30  secure_vector<uint8_t> R((n + 1) * 8);
31  secure_vector<uint8_t> A(16);
32 
33  for(size_t i = 0; i != 8; ++i)
34  A[i] = 0xA6;
35 
36  copy_mem(&R[8], key.data(), key.size());
37 
38  for(size_t j = 0; j <= 5; ++j)
39  {
40  for(size_t i = 1; i <= n; ++i)
41  {
42  const uint32_t t = (n * j) + i;
43 
44  copy_mem(&A[8], &R[8*i], 8);
45 
46  aes->encrypt(A.data());
47  copy_mem(&R[8*i], &A[8], 8);
48 
49  uint8_t t_buf[4] = { 0 };
50  store_be(t, t_buf);
51  xor_buf(&A[4], t_buf, 4);
52  }
53  }
54 
55  copy_mem(R.data(), A.data(), 8);
56 
57  return R;
58  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:441
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
template<typename T >
T Botan::rotate_left ( input,
size_t  rot 
)
inline

Bit rotation left

Parameters
inputthe input word
rotthe number of bits to rotate
Returns
input rotated left by rot bits

Definition at line 21 of file rotate.h.

Referenced by Botan::DES::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::DES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::GOST_28147_89::GOST_28147_89(), Botan::SHA_3::permute(), reverse_bytes(), and Botan::SIMD_4x32::rotate_left().

22  {
23  return (rot == 0) ? input : static_cast<T>((input << rot) | (input >> (8*sizeof(T)-rot)));;
24  }
template<typename T >
T Botan::rotate_right ( input,
size_t  rot 
)
inline

Bit rotation right

Parameters
inputthe input word
rotthe number of bits to rotate
Returns
input rotated right by rot bits

Definition at line 32 of file rotate.h.

Referenced by Botan::Noekeon::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::Twofish::encrypt_n(), and reverse_bytes().

33  {
34  return (rot == 0) ? input : static_cast<T>((input >> rot) | (input << (8*sizeof(T)-rot)));
35  }
template<typename T >
T Botan::round_down ( n,
align_to 
)
inline

Round down

Parameters
nan integer
align_tothe alignment boundary
Returns
n rounded down to a multiple of align_to

Definition at line 38 of file rounding.h.

Referenced by botan_cipher_update(), and Botan::Buffered_Filter::write().

39  {
40  if(align_to == 0)
41  return n;
42 
43  return (n - (n % align_to));
44  }
size_t Botan::round_up ( size_t  n,
size_t  align_to 
)
inline

Round up

Parameters
na non-negative integer
align_tothe alignment boundary
Returns
n rounded up to a multiple of align_to

Definition at line 22 of file rounding.h.

References BOTAN_ASSERT.

Referenced by base64_decode_max_output(), base64_encode_max_output(), Botan::BigInt::BigInt(), Botan::BigInt::binary_decode(), Botan::BigInt::bytes(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::BigInt::grow_to(), Botan::CBC_Encryption::output_length(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), pbkdf2(), Botan::BigInt::randomize(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data(), and square().

23  {
24  BOTAN_ASSERT(align_to != 0, "align_to must not be 0");
25 
26  if(n % align_to)
27  n += align_to - (n % align_to);
28  return n;
29  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
BOTAN_DLL std::string Botan::runtime_version_check ( uint32_t  major,
uint32_t  minor,
uint32_t  patch 
)

Usable for checking that the DLL version loaded at runtime exactly matches the compile-time version. Call using BOTAN_VERSION_* macro values. Returns the empty string if an exact match, otherwise an appropriate message. Added with 1.11.26.

Definition at line 64 of file version.cpp.

References version_major(), version_minor(), and version_patch().

67  {
68  std::ostringstream oss;
69 
70  if(major != version_major() ||
71  minor != version_minor() ||
72  patch != version_patch())
73  {
74  oss << "Warning: linked version ("
75  << Botan::version_major() << '.'
76  << Botan::version_minor() << '.'
78  << ") does not match version built against ("
79  << major << '.' << minor << '.' << patch << ")\n";
80  }
81 
82  return oss.str();
83  }
uint32_t version_minor()
Definition: version.cpp:61
uint32_t version_major()
Definition: version.cpp:60
uint32_t version_patch()
Definition: version.cpp:62
template<typename T >
bool Botan::same_mem ( const T *  p1,
const T *  p2,
size_t  n 
)
inline

Memory comparison, input insensitive

Parameters
p1a pointer to an array
p2a pointer to another array
nthe number of Ts in p1 and p2
Returns
true iff p1[i] == p2[i] forall i in [0...n)

Definition at line 98 of file mem_ops.h.

Referenced by botan_same_mem(), check_bcrypt(), check_passhash9(), Botan::CryptoBox::decrypt(), Botan::ChaCha20Poly1305_Decryption::finish(), Botan::GCM_Decryption::finish(), Botan::EAX_Decryption::finish(), Botan::CCM_Decryption::finish(), Botan::OCB_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish(), Botan::RTSS_Share::reconstruct(), Botan::TLS::Finished::verify(), and Botan::MessageAuthenticationCode::verify_mac().

99  {
100  volatile T difference = 0;
101 
102  for(size_t i = 0; i != n; ++i)
103  difference |= (p1[i] ^ p2[i]);
104 
105  return difference == 0;
106  }
template<typename K , typename V >
V Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const V &  null_result = V() 
)
inline

Definition at line 52 of file stl_util.h.

Referenced by Botan::HTTP::http_sync().

55  {
56  auto i = mapping.find(key);
57  if(i == mapping.end())
58  return null_result;
59  return i->second;
60  }
template<typename K , typename V , typename R >
R Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const R &  null_result,
const R &  found_result 
)
inline

Definition at line 63 of file stl_util.h.

65  {
66  auto i = mapping.find(key);
67  if(i == mapping.end())
68  return null_result;
69  return found_result;
70  }
BOTAN_DLL void Botan::secure_scrub_memory ( void *  ptr,
size_t  n 
)

Scrub memory contents in a way that a compiler should not elide, using some system specific technique. Note that this function might not zero the memory (for example, in some hypothetical implementation it might combine the memory contents with the output of a system PRNG), but if you can detect any difference in behavior at runtime then the clearing is side-effecting and you can just use clear_mem.

Use this function to scrub memory just before deallocating it, or on a stack buffer before returning from the function.

Parameters
ptra pointer to memory to scrub
nthe number of bytes pointed to by ptr

Definition at line 17 of file mem_ops.cpp.

Referenced by Botan::secure_allocator< T >::deallocate(), Botan::OS::free_locked_pages(), and Botan::newhope_poly::~newhope_poly().

18  {
19 #if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY)
20  ::RtlSecureZeroMemory(ptr, n);
21 #elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1)
22  /*
23  Call memset through a static volatile pointer, which the compiler
24  should not elide. This construct should be safe in conforming
25  compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and
26  Clang 3.8 both create code that saves the memset address in the
27  data segment and uncondtionally loads and jumps to that address.
28  */
29  static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset;
30  (memset_ptr)(ptr, 0, n);
31 #else
32  volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr);
33 
34  for(size_t i = 0; i != n; ++i)
35  p[i] = 0;
36 #endif
37  }
template<typename T >
void Botan::set_mem ( T *  ptr,
size_t  n,
uint8_t  val 
)
inline

Set memory to a fixed value

Parameters
ptra pointer to an array
nthe number of Ts pointed to by ptr
valthe value to set each byte to

Definition at line 83 of file mem_ops.h.

84  {
85  if(n > 0)
86  {
87  std::memset(ptr, val, sizeof(T)*n);
88  }
89  }
template<typename T >
size_t Botan::significant_bytes ( n)
inline

Return the number of significant bytes in n

Parameters
nan integer value
Returns
number of significant bytes in n

Definition at line 66 of file bit_ops.h.

References get_byte().

67  {
68  for(size_t i = 0; i != sizeof(T); ++i)
69  if(get_byte(i, n))
70  return sizeof(T)-i;
71  return 0;
72  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
BOTAN_DLL std::vector< std::string > Botan::split_on ( const std::string &  str,
char  delim 
)

Split a string

Parameters
strthe input string
delimthe delimitor
Returns
string split by delim

Definition at line 138 of file parsing.cpp.

References split_on_pred().

Referenced by Botan::X509_Object::check_signature(), Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism(), create_private_key(), get_aead(), get_cipher_mode(), Botan::X509_Object::hash_used_for_signature(), pbes2_decrypt(), string_to_ipv4(), Botan::OCSP::Response::verify_signature(), Botan::Win32_CAPI_EntropySource::Win32_CAPI_EntropySource(), and Botan::X509_Cert_Options::X509_Cert_Options().

139  {
140  return split_on_pred(str, [delim](char c) { return c == delim; });
141  }
std::vector< std::string > split_on_pred(const std::string &str, std::function< bool(char)> pred)
Definition: parsing.cpp:143
BOTAN_DLL std::vector< std::string > Botan::split_on_pred ( const std::string &  str,
std::function< bool(char)>  pred 
)

Split a string on a character predicate

Parameters
strthe input string
predthe predicate

Definition at line 143 of file parsing.cpp.

Referenced by split_on().

145  {
146  std::vector<std::string> elems;
147  if(str.empty()) return elems;
148 
149  std::string substr;
150  for(auto i = str.begin(); i != str.end(); ++i)
151  {
152  if(pred(*i))
153  {
154  if(!substr.empty())
155  elems.push_back(substr);
156  substr.clear();
157  }
158  else
159  substr += *i;
160  }
161 
162  if(substr.empty())
163  throw Invalid_Argument("Unable to split string: " + str);
164  elems.push_back(substr);
165 
166  return elems;
167  }
BigInt BOTAN_DLL Botan::square ( const BigInt x)
Parameters
xan integer
Returns
(x*x)

Definition at line 19 of file mp_numth.cpp.

References bigint_sqr(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, round_up(), Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by Botan::Modular_Reducer::cube(), Botan::Modular_Reducer::Modular_Reducer(), and Botan::Modular_Reducer::square().

20  {
21  const size_t x_sw = x.sig_words();
22 
23  BigInt z(BigInt::Positive, round_up(2*x_sw, 16));
24  secure_vector<word> workspace(z.size());
25 
26  bigint_sqr(z.mutable_data(), z.size(),
27  workspace.data(),
28  x.data(), x.size(), x_sw);
29  return z;
30  }
void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
Definition: mp_karat.cpp:312
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:22
std::pair< BigInt, SymmetricKey > BOTAN_DLL Botan::srp6_client_agree ( const std::string &  username,
const std::string &  password,
const std::string &  group_id,
const std::string &  hash_id,
const std::vector< uint8_t > &  salt,
const BigInt B,
RandomNumberGenerator rng 
)

SRP6a Client side

Parameters
usernamethe username we are attempting login for
passwordthe password we are attempting to use
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function
saltis the salt value sent by the server
Bis the server's public value
rngis a random number generator
Returns
(A,K) the client public key and the shared secret key

Definition at line 76 of file srp6.cpp.

References Botan::BigInt::bytes(), Botan::BigInt::encode_1363(), Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), and power_mod().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

83  {
84  DL_Group group(group_id);
85  const BigInt& g = group.get_g();
86  const BigInt& p = group.get_p();
87 
88  const size_t p_bytes = group.get_p().bytes();
89 
90  if(B <= 0 || B >= p)
91  throw Exception("Invalid SRP parameter from server");
92 
93  BigInt k = hash_seq(hash_id, p_bytes, p, g);
94 
95  BigInt a(rng, 256);
96 
97  BigInt A = power_mod(g, a, p);
98 
99  BigInt u = hash_seq(hash_id, p_bytes, A, B);
100 
101  const BigInt x = compute_x(hash_id, identifier, password, salt);
102 
103  BigInt S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p);
104 
105  SymmetricKey Sk(BigInt::encode_1363(S, p_bytes));
106 
107  return std::make_pair(A, Sk);
108  }
OctetString SymmetricKey
Definition: symkey.h:136
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:373
std::string BOTAN_DLL Botan::srp6_group_identifier ( const BigInt N,
const BigInt g 
)

Return the group id for this SRP param set, or else thrown an exception

Parameters
Nthe group modulus
gthe group generator
Returns
group identifier

Definition at line 52 of file srp6.cpp.

References Botan::BigInt::bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

53  {
54  /*
55  This function assumes that only one 'standard' SRP parameter set has
56  been defined for a particular bitsize. As of this writing that is the case.
57  */
58  try
59  {
60  const std::string group_name = "modp/srp/" + std::to_string(N.bits());
61 
62  DL_Group group(group_name);
63 
64  if(group.get_p() == N && group.get_g() == g)
65  return group_name;
66 
67  throw Exception("Unknown SRP params");
68  }
69  catch(...)
70  {
71  throw Invalid_Argument("Bad SRP group parameters");
72  }
73  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
void Botan::store_be ( uint16_t  in,
uint8_t  out[2] 
)
inline
void Botan::store_be ( uint32_t  in,
uint8_t  out[4] 
)
inline

Store a big-endian uint32_t

Parameters
inthe input uint32_t
outthe byte array to write to

Definition at line 473 of file loadstor.h.

References get_byte().

474  {
475 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
476  uint32_t o = BOTAN_ENDIAN_B2N(in);
477  std::memcpy(out, &o, sizeof(o));
478 #else
479  out[0] = get_byte(0, in);
480  out[1] = get_byte(1, in);
481  out[2] = get_byte(2, in);
482  out[3] = get_byte(3, in);
483 #endif
484  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void Botan::store_be ( uint64_t  in,
uint8_t  out[8] 
)
inline

Store a big-endian uint64_t

Parameters
inthe input uint64_t
outthe byte array to write to

Definition at line 509 of file loadstor.h.

References get_byte().

510  {
511 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
512  uint64_t o = BOTAN_ENDIAN_B2N(in);
513  std::memcpy(out, &o, sizeof(o));
514 #else
515  out[0] = get_byte(0, in);
516  out[1] = get_byte(1, in);
517  out[2] = get_byte(2, in);
518  out[3] = get_byte(3, in);
519  out[4] = get_byte(4, in);
520  out[5] = get_byte(5, in);
521  out[6] = get_byte(6, in);
522  out[7] = get_byte(7, in);
523 #endif
524  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
template<typename T >
void Botan::store_be ( uint8_t  out[],
x0,
x1 
)
inline

Store two big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word

Definition at line 568 of file loadstor.h.

References store_be().

569  {
570  store_be(x0, out + (0 * sizeof(T)));
571  store_be(x1, out + (1 * sizeof(T)));
572  }
void store_be(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:647
template<typename T >
void Botan::store_be ( uint8_t  out[],
x0,
x1,
x2,
x3 
)
inline

Store four big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 600 of file loadstor.h.

References store_be().

601  {
602  store_be(x0, out + (0 * sizeof(T)));
603  store_be(x1, out + (1 * sizeof(T)));
604  store_be(x2, out + (2 * sizeof(T)));
605  store_be(x3, out + (3 * sizeof(T)));
606  }
void store_be(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:647
template<typename T >
void Botan::store_be ( uint8_t  out[],
x0,
x1,
x2,
x3,
x4,
x5,
x6,
x7 
)
inline

Store eight big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 647 of file loadstor.h.

References store_be().

649  {
650  store_be(x0, out + (0 * sizeof(T)));
651  store_be(x1, out + (1 * sizeof(T)));
652  store_be(x2, out + (2 * sizeof(T)));
653  store_be(x3, out + (3 * sizeof(T)));
654  store_be(x4, out + (4 * sizeof(T)));
655  store_be(x5, out + (5 * sizeof(T)));
656  store_be(x6, out + (6 * sizeof(T)));
657  store_be(x7, out + (7 * sizeof(T)));
658  }
void store_be(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:647
void Botan::store_le ( uint16_t  in,
uint8_t  out[2] 
)
inline

Store a little-endian uint16_t

Parameters
inthe input uint16_t
outthe byte array to write to

Definition at line 457 of file loadstor.h.

References get_byte().

Referenced by copy_out_le(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), generate_mceliece_key(), Botan::RDRAND_RNG::randomize(), Botan::Stateful_RNG::randomize_with_ts_input(), Botan::RandomNumberGenerator::randomize_with_ts_input(), Botan::ChaCha::seek(), Botan::SIMD_4x32::store_le(), store_le(), Botan::ChaCha20Poly1305_Mode::update_len(), and Botan::MDx_HashFunction::write_count().

458  {
459 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
460  uint16_t o = BOTAN_ENDIAN_N2L(in);
461  std::memcpy(out, &o, sizeof(o));
462 #else
463  out[0] = get_byte(1, in);
464  out[1] = get_byte(0, in);
465 #endif
466  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void Botan::store_le ( uint32_t  in,
uint8_t  out[4] 
)
inline

Store a little-endian uint32_t

Parameters
inthe input uint32_t
outthe byte array to write to

Definition at line 491 of file loadstor.h.

References get_byte().

492  {
493 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
494  uint32_t o = BOTAN_ENDIAN_L2N(in);
495  std::memcpy(out, &o, sizeof(o));
496 #else
497  out[0] = get_byte(3, in);
498  out[1] = get_byte(2, in);
499  out[2] = get_byte(1, in);
500  out[3] = get_byte(0, in);
501 #endif
502  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void Botan::store_le ( uint64_t  in,
uint8_t  out[8] 
)
inline

Store a little-endian uint64_t

Parameters
inthe input uint64_t
outthe byte array to write to

Definition at line 531 of file loadstor.h.

References get_byte().

532  {
533 #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
534  uint64_t o = BOTAN_ENDIAN_L2N(in);
535  std::memcpy(out, &o, sizeof(o));
536 #else
537  out[0] = get_byte(7, in);
538  out[1] = get_byte(6, in);
539  out[2] = get_byte(5, in);
540  out[3] = get_byte(4, in);
541  out[4] = get_byte(3, in);
542  out[5] = get_byte(2, in);
543  out[6] = get_byte(1, in);
544  out[7] = get_byte(0, in);
545 #endif
546  }
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
template<typename T >
void Botan::store_le ( uint8_t  out[],
x0,
x1 
)
inline

Store two little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word

Definition at line 555 of file loadstor.h.

References store_le().

556  {
557  store_le(x0, out + (0 * sizeof(T)));
558  store_le(x1, out + (1 * sizeof(T)));
559  }
void store_le(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:621
template<typename T >
void Botan::store_le ( uint8_t  out[],
x0,
x1,
x2,
x3 
)
inline

Store four little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 583 of file loadstor.h.

References store_le().

584  {
585  store_le(x0, out + (0 * sizeof(T)));
586  store_le(x1, out + (1 * sizeof(T)));
587  store_le(x2, out + (2 * sizeof(T)));
588  store_le(x3, out + (3 * sizeof(T)));
589  }
void store_le(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:621
template<typename T >
void Botan::store_le ( uint8_t  out[],
x0,
x1,
x2,
x3,
x4,
x5,
x6,
x7 
)
inline

Store eight little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 621 of file loadstor.h.

References store_le().

623  {
624  store_le(x0, out + (0 * sizeof(T)));
625  store_le(x1, out + (1 * sizeof(T)));
626  store_le(x2, out + (2 * sizeof(T)));
627  store_le(x3, out + (3 * sizeof(T)));
628  store_le(x4, out + (4 * sizeof(T)));
629  store_le(x5, out + (5 * sizeof(T)));
630  store_le(x6, out + (6 * sizeof(T)));
631  store_le(x7, out + (7 * sizeof(T)));
632  }
void store_le(uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
Definition: loadstor.h:621
BOTAN_DLL std::string Botan::string_join ( const std::vector< std::string > &  strs,
char  delim 
)

Join a string

Parameters
strsstrings to join
delimthe delimitor
Returns
string joined by delim

Definition at line 172 of file parsing.cpp.

Referenced by Botan::Parallel::name(), and Botan::CPUID::to_string().

173  {
174  std::string out = "";
175 
176  for(size_t i = 0; i != strs.size(); ++i)
177  {
178  if(i != 0)
179  out += delim;
180  out += strs[i];
181  }
182 
183  return out;
184  }
BOTAN_DLL uint32_t Botan::string_to_ipv4 ( const std::string &  ip_str)

Convert a string representation of an IPv4 address to a number

Parameters
ip_strthe string representation
Returns
integer IPv4 address

Definition at line 263 of file parsing.cpp.

References split_on(), and to_u32bit().

264  {
265  std::vector<std::string> parts = split_on(str, '.');
266 
267  if(parts.size() != 4)
268  throw Decoding_Error("Invalid IP string " + str);
269 
270  uint32_t ip = 0;
271 
272  for(auto part = parts.begin(); part != parts.end(); ++part)
273  {
274  uint32_t octet = to_u32bit(*part);
275 
276  if(octet > 255)
277  throw Decoding_Error("Invalid IP string " + str);
278 
279  ip = (ip << 8) | (octet & 0xFF);
280  }
281 
282  return ip;
283  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:18
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
BigInt BOTAN_DLL Botan::sub_mul ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused subtract-multiply

Parameters
aan integer
ban integer
can integer
Returns
(a-b)*c

Definition at line 57 of file mp_numth.cpp.

References Botan::BigInt::is_negative().

58  {
59  if(a.is_negative() || b.is_negative())
60  throw Invalid_Argument("sub_mul: First two arguments must be >= 0");
61 
62  BigInt r = a;
63  r -= b;
64  r *= c;
65  return r;
66  }
std::vector< polyn_gf2m > Botan::syndrome_init ( polyn_gf2m const &  generator,
std::vector< gf2m > const &  support,
int  n 
)

Definition at line 723 of file polyn_gf2m.cpp.

References Botan::polyn_gf2m::get_degree(), lex_to_gray(), and Botan::polyn_gf2m::msp_field.

Referenced by generate_mceliece_key().

724  {
725  int i,j,t;
726  gf2m a;
727 
728 
729  std::shared_ptr<GF2m_Field> msp_field = generator.msp_field;
730 
731  std::vector<polyn_gf2m> result;
732  t = generator.get_degree();
733 
734  //g(z)=g_t+g_(t-1).z^(t-1)+......+g_1.z+g_0
735  //f(z)=f_(t-1).z^(t-1)+......+f_1.z+f_0
736 
737  for(j=0;j<n;j++)
738  {
739  result.push_back(polyn_gf2m( t-1, msp_field));
740 
741  (*&result[j]).set_coef(t-1,1);
742  for(i=t-2;i>=0;i--)
743  {
744  (*&result[j]).set_coef(i, (generator)[i+1] ^
745  msp_field->gf_mul(lex_to_gray(support[j]),result[j][i+1]));
746  }
747  a = ((generator)[0] ^ msp_field->gf_mul(lex_to_gray(support[j]),result[j][0]));
748  for(i=0;i<t;i++)
749  {
750  (*&result[j]).set_coef(i, msp_field->gf_div(result[j][i],a));
751  }
752  }
753  return result;
754  }
gf2m lex_to_gray(gf2m lex)
uint16_t gf2m
Definition: gf2m_small_m.h:20
BOTAN_DLL RandomNumberGenerator & Botan::system_rng ( )

Return a shared reference to a global PRNG instance provided by the operating system. For instance might be instantiated by /dev/urandom or CryptGenRandom.

Definition at line 196 of file system_rng.cpp.

Referenced by Botan::System_RNG::add_entropy(), botan_pk_op_decrypt_create(), botan_pk_op_encrypt_create(), botan_pk_op_key_agreement_create(), botan_pk_op_sign_create(), botan_rng_reseed(), Botan::System_RNG::name(), and Botan::System_RNG::randomize().

197  {
198  static System_RNG_Impl g_system_rng;
199  return g_system_rng;
200  }
BOTAN_DLL uint32_t Botan::timespec_to_u32bit ( const std::string &  timespec)

Convert a time specification to a number

Parameters
timespecthe time specification
Returns
number of seconds represented by timespec

Definition at line 54 of file parsing.cpp.

References Botan::Charset::is_digit(), and to_u32bit().

55  {
56  if(timespec.empty())
57  return 0;
58 
59  const char suffix = timespec[timespec.size()-1];
60  std::string value = timespec.substr(0, timespec.size()-1);
61 
62  uint32_t scale = 1;
63 
64  if(Charset::is_digit(suffix))
65  value += suffix;
66  else if(suffix == 's')
67  scale = 1;
68  else if(suffix == 'm')
69  scale = 60;
70  else if(suffix == 'h')
71  scale = 60 * 60;
72  else if(suffix == 'd')
73  scale = 24 * 60 * 60;
74  else if(suffix == 'y')
75  scale = 365 * 24 * 60 * 60;
76  else
77  throw Decoding_Error("timespec_to_u32bit: Bad input " + timespec);
78 
79  return scale * to_u32bit(value);
80  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:18
bool is_digit(char c)
Definition: charset.cpp:128
std::vector<uint8_t> Botan::to_byte_vector ( const std::string &  s)
inline

Definition at line 20 of file stl_util.h.

Referenced by Botan::TLS::Channel::key_material_export().

21  {
22  return std::vector<uint8_t>(s.cbegin(), s.cend());
23  }
BOTAN_DLL const char * Botan::to_string ( Certificate_Status_Code  code)

Convert a status code to a human readable diagnostic message

Parameters
codethe certifcate status
Returns
string literal constant, or nullptr if code unknown

Definition at line 12 of file cert_status.cpp.

References CA_CERT_NOT_FOR_CERT_ISSUER, CA_CERT_NOT_FOR_CRL_ISSUER, CANNOT_ESTABLISH_TRUST, CERT_CHAIN_LOOP, CERT_CHAIN_TOO_LONG, CERT_HAS_EXPIRED, CERT_IS_REVOKED, CERT_ISSUER_NOT_FOUND, CERT_NAME_NOMATCH, CERT_NOT_YET_VALID, CERT_PUBKEY_INVALID, CHAIN_LACKS_TRUST_ROOT, CHAIN_NAME_MISMATCH, CRL_BAD_SIGNATURE, CRL_HAS_EXPIRED, CRL_NOT_YET_VALID, INVALID_USAGE, NAME_CONSTRAINT_ERROR, NO_REVOCATION_DATA, OCSP_BAD_STATUS, OCSP_CERT_NOT_LISTED, OCSP_HAS_EXPIRED, OCSP_ISSUER_NOT_FOUND, OCSP_NO_HTTP, OCSP_NOT_YET_VALID, OCSP_RESPONSE_GOOD, OCSP_RESPONSE_INVALID, OCSP_RESPONSE_MISSING_KEYUSAGE, OCSP_SIGNATURE_ERROR, OCSP_SIGNATURE_OK, POLICY_ERROR, SIGNATURE_ERROR, SIGNATURE_METHOD_TOO_WEAK, UNKNOWN_CRITICAL_EXTENSION, UNTRUSTED_HASH, VALID_CRL_CHECKED, and VERIFIED.

13  {
14  switch(code)
15  {
16  case Certificate_Status_Code::VERIFIED:
17  return "Verified";
18  case Certificate_Status_Code::OCSP_RESPONSE_GOOD:
19  return "OCSP response accepted as affirming unrevoked status for certificate";
20  case Certificate_Status_Code::OCSP_SIGNATURE_OK:
21  return "Signature on OCSP response was found valid";
22  case Certificate_Status_Code::VALID_CRL_CHECKED:
23  return "Valid CRL examined";
24 
25  case Certificate_Status_Code::NO_REVOCATION_DATA:
26  return "No revocation data";
27  case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
28  return "Signature method too weak";
29  case Certificate_Status_Code::UNTRUSTED_HASH:
30  return "Hash function used is considered too weak for security";
31 
32  case Certificate_Status_Code::CERT_NOT_YET_VALID:
33  return "Certificate is not yet valid";
34  case Certificate_Status_Code::CERT_HAS_EXPIRED:
35  return "Certificate has expired";
36  case Certificate_Status_Code::OCSP_NOT_YET_VALID:
37  return "OCSP is not yet valid";
38  case Certificate_Status_Code::OCSP_HAS_EXPIRED:
39  return "OCSP response has expired";
40  case Certificate_Status_Code::CRL_NOT_YET_VALID:
41  return "CRL response is not yet valid";
42  case Certificate_Status_Code::CRL_HAS_EXPIRED:
43  return "CRL has expired";
44 
45  case Certificate_Status_Code::CERT_ISSUER_NOT_FOUND:
46  return "Certificate issuer not found";
47  case Certificate_Status_Code::CANNOT_ESTABLISH_TRUST:
48  return "Cannot establish trust";
49  case Certificate_Status_Code::CERT_CHAIN_LOOP:
50  return "Loop in certificate chain";
51  case Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT:
52  return "Certificate chain does not end in a CA certificate";
53  case Certificate_Status_Code::CHAIN_NAME_MISMATCH:
54  return "Certificate issuer does not match subject of issuing cert";
55 
56  case Certificate_Status_Code::POLICY_ERROR:
57  return "Certificate policy error";
58  case Certificate_Status_Code::INVALID_USAGE:
59  return "Certificate does not allow the requested usage";
60  case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
61  return "Certificate chain too long";
62  case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
63  return "CA certificate not allowed to issue certs";
64  case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER:
65  return "CA certificate not allowed to issue CRLs";
66  case Certificate_Status_Code::OCSP_CERT_NOT_LISTED:
67  return "OCSP cert not listed";
68  case Certificate_Status_Code::OCSP_BAD_STATUS:
69  return "OCSP bad status";
70  case Certificate_Status_Code::CERT_NAME_NOMATCH:
71  return "Certificate does not match provided name";
72  case Certificate_Status_Code::NAME_CONSTRAINT_ERROR:
73  return "Certificate does not pass name constraint";
74  case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION:
75  return "Unknown critical extension encountered";
76  case Certificate_Status_Code::OCSP_SIGNATURE_ERROR:
77  return "OCSP signature error";
78  case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND:
79  return "Unable to find certificate issusing OCSP response";
80  case Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE:
81  return "OCSP issuer's keyusage prohibits OCSP";
82  case Certificate_Status_Code::OCSP_RESPONSE_INVALID:
83  return "OCSP parsing valid";
84  case Certificate_Status_Code::OCSP_NO_HTTP:
85  return "OCSP requests not available, no HTTP support compiled in";
86  case Certificate_Status_Code::CERT_IS_REVOKED:
87  return "Certificate is revoked";
88  case Certificate_Status_Code::CRL_BAD_SIGNATURE:
89  return "CRL bad signature";
90  case Certificate_Status_Code::SIGNATURE_ERROR:
91  return "Signature error";
92  case Certificate_Status_Code::CERT_PUBKEY_INVALID:
93  return "Certificate public key invalid";
94  // intentionally no default so we are warned
95  }
96 
97  return nullptr;
98  }
std::string Botan::to_string ( const secure_vector< uint8_t > &  bytes)
inline

Definition at line 25 of file stl_util.h.

Referenced by Botan::Path_Validation_Result::status_string().

26  {
27  return std::string(bytes.cbegin(), bytes.cend());
28  }
BOTAN_DLL uint32_t Botan::to_u32bit ( const std::string &  str)

Convert a string to a number

Parameters
strthe string to convert
Returns
number value of the string

Definition at line 18 of file parsing.cpp.

References Botan::CT::max(), and Botan::ASN1::to_string().

Referenced by Botan::SCAN_Name::arg_as_integer(), check_bcrypt(), create_private_key(), Botan::Data_Store::get1_uint32(), Botan::HTTP::http_sync(), parse_asn1_oid(), Botan::TLS::Text_Policy::srtp_profiles(), string_to_ipv4(), and timespec_to_u32bit().

19  {
20  try
21  {
22  // std::stoul is not strict enough. Ensure that str is digit only [0-9]*
23  for (const char chr : str)
24  {
25  if (chr < '0' || chr > '9')
26  {
27  auto chrAsString = std::string(1, chr);
28  throw Invalid_Argument("String contains non-digit char: " + chrAsString);
29  }
30  }
31 
32  const auto integerValue = std::stoul(str);
33 
34  // integerValue might be uint64
35  if (integerValue > std::numeric_limits<uint32_t>::max())
36  {
37  throw Invalid_Argument("Integer value exceeds 32 bit range: " + std::to_string(integerValue));
38  }
39 
40  return integerValue;
41  }
42  catch(std::exception& e)
43  {
44  auto message = std::string("Could not read '" + str + "' as decimal string");
45  auto exceptionMessage = std::string(e.what());
46  if (!exceptionMessage.empty()) message += ": " + exceptionMessage;
47  throw Exception(message);
48  }
49  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
T max(T a, T b)
Definition: ct_utils.h:173
template<typename T >
std::vector<T> Botan::unlock ( const secure_vector< T > &  in)
template<typename T >
bool Botan::value_exists ( const std::vector< T > &  vec,
const T &  val 
)

Existence check for values

Definition at line 86 of file stl_util.h.

Referenced by Botan::TLS::Policy::allowed_ecc_curve(), Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::Policy::choose_curve(), Botan::TLS::Policy::ciphersuite_list(), and Botan::TLS::Client_Hello::Client_Hello().

88  {
89  for(size_t i = 0; i != vec.size(); ++i)
90  if(vec[i] == val)
91  return true;
92  return false;
93  }
BOTAN_DLL void Botan::verify_cert_constraints_valid_for_key_type ( const Public_Key pub_key,
Key_Constraints  constraints 
)

Check that key constraints are permitted for a specific public key.

Parameters
pub_keythe public key on which the constraints shall be enforced on
constraintsthe constraints that shall be enforced on the key
Exceptions
Exceptionif the given constraints are not permitted for this key

Definition at line 69 of file key_constraint.cpp.

References Botan::Public_Key::algo_name(), CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, key_constraints_to_string(), KEY_ENCIPHERMENT, and NON_REPUDIATION.

Referenced by Botan::X509::create_cert_req(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::sign_request().

71  {
72  const std::string name = pub_key.algo_name();
73 
74  size_t permitted = 0;
75 
76  if(name == "DH" || name == "ECDH")
77  {
78  permitted |= KEY_AGREEMENT | ENCIPHER_ONLY | DECIPHER_ONLY;
79  }
80 
81  if(name == "RSA" || name == "ElGamal")
82  {
83  permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
84  }
85 
86  if(name == "RSA" || name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "GOST-34.10")
87  {
89  }
90 
91  if((constraints & permitted) != constraints)
92  {
93  throw Exception("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
94  }
95  }
Definition: ffi.h:934
std::string key_constraints_to_string(Key_Constraints constraints)
bool Botan::verify_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 177 of file numthry.h.

References is_prime().

178  { return is_prime(n, rng, 80); }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
BOTAN_DLL const char * Botan::version_cstr ( )

Definition at line 28 of file version.cpp.

References STR.

Referenced by botan_version_string(), and version_string().

29  {
30 #define QUOTE(name) #name
31 #define STR(macro) QUOTE(macro)
32 
33  /*
34  It is intentional that this string is a compile-time constant;
35  it makes it much easier to find in binaries.
36  */
37 
38  return "Botan " STR(BOTAN_VERSION_MAJOR) "."
39  STR(BOTAN_VERSION_MINOR) "."
40  STR(BOTAN_VERSION_PATCH) " ("
41 #if defined(BOTAN_UNSAFE_FUZZER_MODE)
42  "UNSAFE FUZZER MODE BUILD "
43 #endif
44  BOTAN_VERSION_RELEASE_TYPE
45 #if (BOTAN_VERSION_DATESTAMP != 0)
46  ", dated " STR(BOTAN_VERSION_DATESTAMP)
47 #endif
48  ", revision " BOTAN_VERSION_VC_REVISION
49  ", distribution " BOTAN_DISTRIBUTION_INFO ")";
50 
51 #undef STR
52 #undef QUOTE
53  }
#define STR(macro)
BOTAN_DLL uint32_t Botan::version_datestamp ( )

Return the date this version of botan was released, in an integer of the form YYYYMMDD. For instance a version released on May 21, 2013 would return the integer 20130521. If the currently running version is not an official release, this function will return 0 instead.

Returns
release date, or zero if unreleased

Definition at line 55 of file version.cpp.

Referenced by botan_version_datestamp().

55 { return BOTAN_VERSION_DATESTAMP; }
BOTAN_DLL uint32_t Botan::version_major ( )

Get the major version number.

Returns
major version number

Definition at line 60 of file version.cpp.

Referenced by botan_version_major(), and runtime_version_check().

60 { return BOTAN_VERSION_MAJOR; }
BOTAN_DLL uint32_t Botan::version_minor ( )

Get the minor version number.

Returns
minor version number

Definition at line 61 of file version.cpp.

Referenced by botan_version_minor(), and runtime_version_check().

61 { return BOTAN_VERSION_MINOR; }
BOTAN_DLL uint32_t Botan::version_patch ( )

Get the patch number.

Returns
patch number

Definition at line 62 of file version.cpp.

Referenced by botan_version_patch(), and runtime_version_check().

62 { return BOTAN_VERSION_PATCH; }
BOTAN_DLL std::string Botan::version_string ( )

Get a human-readable string identifying the version of Botan. No particular format should be assumed.

Returns
version string

Definition at line 23 of file version.cpp.

References version_cstr().

24  {
25  return std::string(version_cstr());
26  }
const char * version_cstr()
Definition: version.cpp:28
void Botan::word3_muladd ( word *  w2,
word *  w1,
word *  w0,
word  x,
word  y 
)
inline

Definition at line 717 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), and bigint_comba_sqr9().

718  {
719 #if defined(BOTAN_MP_USE_X86_32_ASM)
720  asm(
721  ASM("mull %[y]")
722 
723  ASM("addl %[x],%[w0]")
724  ASM("adcl %[y],%[w1]")
725  ASM("adcl $0,%[w2]")
726 
727  : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
728  : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2)
729  : "cc");
730 
731 #elif defined(BOTAN_MP_USE_X86_64_ASM)
732 
733  asm(
734  ASM("mulq %[y]")
735 
736  ASM("addq %[x],%[w0]")
737  ASM("adcq %[y],%[w1]")
738  ASM("adcq $0,%[w2]")
739 
740  : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
741  : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2)
742  : "cc");
743 
744 #else
745  word carry = *w0;
746  *w0 = word_madd2(x, y, &carry);
747  *w1 += carry;
748  *w2 += (*w1 < carry) ? 1 : 0;
749 #endif
750  }
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
void Botan::word3_muladd_2 ( word *  w2,
word *  w1,
word *  w0,
word  x,
word  y 
)
inline

Definition at line 756 of file mp_asmi.h.

References word_add(), and word_madd2().

Referenced by bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), and bigint_comba_sqr9().

757  {
758 #if defined(BOTAN_MP_USE_X86_32_ASM)
759  asm(
760  ASM("mull %[y]")
761 
762  ASM("addl %[x],%[w0]")
763  ASM("adcl %[y],%[w1]")
764  ASM("adcl $0,%[w2]")
765 
766  ASM("addl %[x],%[w0]")
767  ASM("adcl %[y],%[w1]")
768  ASM("adcl $0,%[w2]")
769 
770  : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
771  : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2)
772  : "cc");
773 
774 #elif defined(BOTAN_MP_USE_X86_64_ASM)
775 
776  asm(
777  ASM("mulq %[y]")
778 
779  ASM("addq %[x],%[w0]")
780  ASM("adcq %[y],%[w1]")
781  ASM("adcq $0,%[w2]")
782 
783  ASM("addq %[x],%[w0]")
784  ASM("adcq %[y],%[w1]")
785  ASM("adcq $0,%[w2]")
786 
787  : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
788  : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2)
789  : "cc");
790 
791 #else
792  word carry = 0;
793  x = word_madd2(x, y, &carry);
794  y = carry;
795 
796  word top = (y >> (BOTAN_MP_WORD_BITS-1));
797  y <<= 1;
798  y |= (x >> (BOTAN_MP_WORD_BITS-1));
799  x <<= 1;
800 
801  carry = 0;
802  *w0 = word_add(*w0, x, &carry);
803  *w1 = word_add(*w1, y, &carry);
804  *w2 = word_add(*w2, top, &carry);
805 #endif
806  }
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
word Botan::word8_add2 ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 138 of file mp_asmi.h.

References word_add().

Referenced by bigint_add2_nc().

139  {
140 #if defined(BOTAN_MP_USE_X86_32_ASM)
141  asm(
142  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcl"))
143  : [carry]"=r"(carry)
144  : [x]"r"(x), [y]"r"(y), "0"(carry)
145  : "cc", "memory");
146  return carry;
147 
148 #elif defined(BOTAN_MP_USE_X86_64_ASM)
149 
150  asm(
151  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq"))
152  : [carry]"=r"(carry)
153  : [x]"r"(x), [y]"r"(y), "0"(carry)
154  : "cc", "memory");
155  return carry;
156 
157 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
158 
159  __asm {
160  mov edx,[x]
161  mov esi,[y]
162  xor eax,eax
163  sub eax,[carry] //force CF=1 iff *carry==1
164  mov eax,[esi]
165  adc [edx],eax
166  mov eax,[esi+4]
167  adc [edx+4],eax
168  mov eax,[esi+8]
169  adc [edx+8],eax
170  mov eax,[esi+12]
171  adc [edx+12],eax
172  mov eax,[esi+16]
173  adc [edx+16],eax
174  mov eax,[esi+20]
175  adc [edx+20],eax
176  mov eax,[esi+24]
177  adc [edx+24],eax
178  mov eax,[esi+28]
179  adc [edx+28],eax
180  sbb eax,eax
181  neg eax
182  }
183 
184 #else
185  x[0] = word_add(x[0], y[0], &carry);
186  x[1] = word_add(x[1], y[1], &carry);
187  x[2] = word_add(x[2], y[2], &carry);
188  x[3] = word_add(x[3], y[3], &carry);
189  x[4] = word_add(x[4], y[4], &carry);
190  x[5] = word_add(x[5], y[5], &carry);
191  x[6] = word_add(x[6], y[6], &carry);
192  x[7] = word_add(x[7], y[7], &carry);
193  return carry;
194 #endif
195  }
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
word Botan::word8_add3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 200 of file mp_asmi.h.

References word_add().

Referenced by bigint_add3_nc().

202  {
203 #if defined(BOTAN_MP_USE_X86_32_ASM)
204  asm(
205  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcl"))
206  : [carry]"=r"(carry)
207  : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
208  : "cc", "memory");
209  return carry;
210 
211 #elif defined(BOTAN_MP_USE_X86_64_ASM)
212 
213  asm(
214  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq"))
215  : [carry]"=r"(carry)
216  : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
217  : "cc", "memory");
218  return carry;
219 
220 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
221 
222  __asm {
223  mov edi,[x]
224  mov esi,[y]
225  mov ebx,[z]
226  xor eax,eax
227  sub eax,[carry] //force CF=1 iff *carry==1
228  mov eax,[edi]
229  adc eax,[esi]
230  mov [ebx],eax
231 
232  mov eax,[edi+4]
233  adc eax,[esi+4]
234  mov [ebx+4],eax
235 
236  mov eax,[edi+8]
237  adc eax,[esi+8]
238  mov [ebx+8],eax
239 
240  mov eax,[edi+12]
241  adc eax,[esi+12]
242  mov [ebx+12],eax
243 
244  mov eax,[edi+16]
245  adc eax,[esi+16]
246  mov [ebx+16],eax
247 
248  mov eax,[edi+20]
249  adc eax,[esi+20]
250  mov [ebx+20],eax
251 
252  mov eax,[edi+24]
253  adc eax,[esi+24]
254  mov [ebx+24],eax
255 
256  mov eax,[edi+28]
257  adc eax,[esi+28]
258  mov [ebx+28],eax
259 
260  sbb eax,eax
261  neg eax
262  }
263 
264 #else
265  z[0] = word_add(x[0], y[0], &carry);
266  z[1] = word_add(x[1], y[1], &carry);
267  z[2] = word_add(x[2], y[2], &carry);
268  z[3] = word_add(x[3], y[3], &carry);
269  z[4] = word_add(x[4], y[4], &carry);
270  z[5] = word_add(x[5], y[5], &carry);
271  z[6] = word_add(x[6], y[6], &carry);
272  z[7] = word_add(x[7], y[7], &carry);
273  return carry;
274 #endif
275  }
word word_add(word x, word y, word *carry)
Definition: mp_asmi.h:107
word Botan::word8_linmul2 ( word  x[8],
word  y,
word  carry 
)
inline

Definition at line 488 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_linmul2().

489  {
490 #if defined(BOTAN_MP_USE_X86_32_ASM)
491  asm(
492  DO_8_TIMES(LINMUL_OP, "x")
493  : [carry]"=r"(carry)
494  : [x]"r"(x), [y]"rm"(y), "0"(carry)
495  : "cc", "%eax", "%edx");
496  return carry;
497 
498 #elif defined(BOTAN_MP_USE_X86_64_ASM)
499 
500  asm(
501  DO_8_TIMES(LINMUL_OP, "x")
502  : [carry]"=r"(carry)
503  : [x]"r"(x), [y]"rm"(y), "0"(carry)
504  : "cc", "%rax", "%rdx");
505  return carry;
506 
507 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
508 
509  __asm {
510  mov esi,[x]
511  mov eax,[esi] //load a
512  mul [y] //edx(hi):eax(lo)=a*b
513  add eax,[carry] //sum lo carry
514  adc edx,0 //sum hi carry
515  mov ecx,edx //store carry
516  mov [esi],eax //load a
517 
518  mov eax,[esi+4] //load a
519  mul [y] //edx(hi):eax(lo)=a*b
520  add eax,ecx //sum lo carry
521  adc edx,0 //sum hi carry
522  mov ecx,edx //store carry
523  mov [esi+4],eax //load a
524 
525  mov eax,[esi+8] //load a
526  mul [y] //edx(hi):eax(lo)=a*b
527  add eax,ecx //sum lo carry
528  adc edx,0 //sum hi carry
529  mov ecx,edx //store carry
530  mov [esi+8],eax //load a
531 
532  mov eax,[esi+12] //load a
533  mul [y] //edx(hi):eax(lo)=a*b
534  add eax,ecx //sum lo carry
535  adc edx,0 //sum hi carry
536  mov ecx,edx //store carry
537  mov [esi+12],eax //load a
538 
539  mov eax,[esi+16] //load a
540  mul [y] //edx(hi):eax(lo)=a*b
541  add eax,ecx //sum lo carry
542  adc edx,0 //sum hi carry
543  mov ecx,edx //store carry
544  mov [esi+16],eax //load a
545 
546  mov eax,[esi+20] //load a
547  mul [y] //edx(hi):eax(lo)=a*b
548  add eax,ecx //sum lo carry
549  adc edx,0 //sum hi carry
550  mov ecx,edx //store carry
551  mov [esi+20],eax //load a
552 
553  mov eax,[esi+24] //load a
554  mul [y] //edx(hi):eax(lo)=a*b
555  add eax,ecx //sum lo carry
556  adc edx,0 //sum hi carry
557  mov ecx,edx //store carry
558  mov [esi+24],eax //load a
559 
560  mov eax,[esi+28] //load a
561  mul [y] //edx(hi):eax(lo)=a*b
562  add eax,ecx //sum lo carry
563  adc edx,0 //sum hi carry
564  mov [esi+28],eax //load a
565 
566  mov eax,edx //store carry
567  }
568 
569 #else
570  x[0] = word_madd2(x[0], y, &carry);
571  x[1] = word_madd2(x[1], y, &carry);
572  x[2] = word_madd2(x[2], y, &carry);
573  x[3] = word_madd2(x[3], y, &carry);
574  x[4] = word_madd2(x[4], y, &carry);
575  x[5] = word_madd2(x[5], y, &carry);
576  x[6] = word_madd2(x[6], y, &carry);
577  x[7] = word_madd2(x[7], y, &carry);
578  return carry;
579 #endif
580  }
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word Botan::word8_linmul3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
)
inline

Definition at line 585 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_linmul3().

586  {
587 #if defined(BOTAN_MP_USE_X86_32_ASM)
588  asm(
589  DO_8_TIMES(LINMUL_OP, "z")
590  : [carry]"=r"(carry)
591  : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
592  : "cc", "%eax", "%edx");
593  return carry;
594 
595 #elif defined(BOTAN_MP_USE_X86_64_ASM)
596  asm(
597  DO_8_TIMES(LINMUL_OP, "z")
598  : [carry]"=r"(carry)
599  : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
600  : "cc", "%rax", "%rdx");
601  return carry;
602 
603 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
604 
605  __asm {
606  mov edi,[z]
607  mov esi,[x]
608  mov eax,[esi] //load a
609  mul [y] //edx(hi):eax(lo)=a*b
610  add eax,[carry] //sum lo carry
611  adc edx,0 //sum hi carry
612  mov ecx,edx //store carry
613  mov [edi],eax //load a
614 
615  mov eax,[esi+4] //load a
616  mul [y] //edx(hi):eax(lo)=a*b
617  add eax,ecx //sum lo carry
618  adc edx,0 //sum hi carry
619  mov ecx,edx //store carry
620  mov [edi+4],eax //load a
621 
622  mov eax,[esi+8] //load a
623  mul [y] //edx(hi):eax(lo)=a*b
624  add eax,ecx //sum lo carry
625  adc edx,0 //sum hi carry
626  mov ecx,edx //store carry
627  mov [edi+8],eax //load a
628 
629  mov eax,[esi+12] //load a
630  mul [y] //edx(hi):eax(lo)=a*b
631  add eax,ecx //sum lo carry
632  adc edx,0 //sum hi carry
633  mov ecx,edx //store carry
634  mov [edi+12],eax //load a
635 
636  mov eax,[esi+16] //load a
637  mul [y] //edx(hi):eax(lo)=a*b
638  add eax,ecx //sum lo carry
639  adc edx,0 //sum hi carry
640  mov ecx,edx //store carry
641  mov [edi+16],eax //load a
642 
643  mov eax,[esi+20] //load a
644  mul [y] //edx(hi):eax(lo)=a*b
645  add eax,ecx //sum lo carry
646  adc edx,0 //sum hi carry
647  mov ecx,edx //store carry
648  mov [edi+20],eax //load a
649 
650  mov eax,[esi+24] //load a
651  mul [y] //edx(hi):eax(lo)=a*b
652  add eax,ecx //sum lo carry
653  adc edx,0 //sum hi carry
654  mov ecx,edx //store carry
655  mov [edi+24],eax //load a
656 
657  mov eax,[esi+28] //load a
658  mul [y] //edx(hi):eax(lo)=a*b
659  add eax,ecx //sum lo carry
660  adc edx,0 //sum hi carry
661  mov [edi+28],eax //load a
662  mov eax,edx //store carry
663  }
664 
665 #else
666  z[0] = word_madd2(x[0], y, &carry);
667  z[1] = word_madd2(x[1], y, &carry);
668  z[2] = word_madd2(x[2], y, &carry);
669  z[3] = word_madd2(x[3], y, &carry);
670  z[4] = word_madd2(x[4], y, &carry);
671  z[5] = word_madd2(x[5], y, &carry);
672  z[6] = word_madd2(x[6], y, &carry);
673  z[7] = word_madd2(x[7], y, &carry);
674  return carry;
675 #endif
676  }
word word_madd2(word a, word b, word *c)
Definition: mp_madd.h:59
word Botan::word8_madd3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
)
inline

Definition at line 681 of file mp_asmi.h.

References word_madd3().

Referenced by bigint_monty_redc().

682  {
683 #if defined(BOTAN_MP_USE_X86_32_ASM)
684  asm(
685  DO_8_TIMES(MULADD_OP, "")
686  : [carry]"=r"(carry)
687  : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
688  : "cc", "%eax", "%edx");
689  return carry;
690 
691 #elif defined(BOTAN_MP_USE_X86_64_ASM)
692 
693  asm(
694  DO_8_TIMES(MULADD_OP, "")
695  : [carry]"=r"(carry)
696  : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
697  : "cc", "%rax", "%rdx");
698  return carry;
699 
700 #else
701  z[0] = word_madd3(x[0], y, z[0], &carry);
702  z[1] = word_madd3(x[1], y, z[1], &carry);
703  z[2] = word_madd3(x[2], y, z[2], &carry);
704  z[3] = word_madd3(x[3], y, z[3], &carry);
705  z[4] = word_madd3(x[4], y, z[4], &carry);
706  z[5] = word_madd3(x[5], y, z[5], &carry);
707  z[6] = word_madd3(x[6], y, z[6], &carry);
708  z[7] = word_madd3(x[7], y, z[7], &carry);
709  return carry;
710 #endif
711  }
word word_madd3(word a, word b, word c, word *d)
Definition: mp_madd.h:105
word Botan::word8_sub2 ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 311 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub2().

312  {
313 #if defined(BOTAN_MP_USE_X86_32_ASM)
314  asm(
315  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbl"))
316  : [carry]"=r"(carry)
317  : [x]"r"(x), [y]"r"(y), "0"(carry)
318  : "cc", "memory");
319  return carry;
320 
321 #elif defined(BOTAN_MP_USE_X86_64_ASM)
322 
323  asm(
324  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq"))
325  : [carry]"=r"(carry)
326  : [x]"r"(x), [y]"r"(y), "0"(carry)
327  : "cc", "memory");
328  return carry;
329 
330 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
331 
332  __asm {
333  mov edi,[x]
334  mov esi,[y]
335  xor eax,eax
336  sub eax,[carry] //force CF=1 iff *carry==1
337  mov eax,[edi]
338  sbb eax,[esi]
339  mov [edi],eax
340  mov eax,[edi+4]
341  sbb eax,[esi+4]
342  mov [edi+4],eax
343  mov eax,[edi+8]
344  sbb eax,[esi+8]
345  mov [edi+8],eax
346  mov eax,[edi+12]
347  sbb eax,[esi+12]
348  mov [edi+12],eax
349  mov eax,[edi+16]
350  sbb eax,[esi+16]
351  mov [edi+16],eax
352  mov eax,[edi+20]
353  sbb eax,[esi+20]
354  mov [edi+20],eax
355  mov eax,[edi+24]
356  sbb eax,[esi+24]
357  mov [edi+24],eax
358  mov eax,[edi+28]
359  sbb eax,[esi+28]
360  mov [edi+28],eax
361  sbb eax,eax
362  neg eax
363  }
364 
365 #else
366  x[0] = word_sub(x[0], y[0], &carry);
367  x[1] = word_sub(x[1], y[1], &carry);
368  x[2] = word_sub(x[2], y[2], &carry);
369  x[3] = word_sub(x[3], y[3], &carry);
370  x[4] = word_sub(x[4], y[4], &carry);
371  x[5] = word_sub(x[5], y[5], &carry);
372  x[6] = word_sub(x[6], y[6], &carry);
373  x[7] = word_sub(x[7], y[7], &carry);
374  return carry;
375 #endif
376  }
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word Botan::word8_sub2_rev ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 381 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub2_rev().

382  {
383 #if defined(BOTAN_MP_USE_X86_32_ASM)
384  asm(
385  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbl"))
386  : [carry]"=r"(carry)
387  : [x]"r"(y), [y]"r"(x), [z]"r"(x), "0"(carry)
388  : "cc", "memory");
389  return carry;
390 
391 #elif defined(BOTAN_MP_USE_X86_64_ASM)
392 
393  asm(
394  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq"))
395  : [carry]"=r"(carry)
396  : [x]"r"(y), [y]"r"(x), [z]"r"(x), "0"(carry)
397  : "cc", "memory");
398  return carry;
399 
400 #else
401  x[0] = word_sub(y[0], x[0], &carry);
402  x[1] = word_sub(y[1], x[1], &carry);
403  x[2] = word_sub(y[2], x[2], &carry);
404  x[3] = word_sub(y[3], x[3], &carry);
405  x[4] = word_sub(y[4], x[4], &carry);
406  x[5] = word_sub(y[5], x[5], &carry);
407  x[6] = word_sub(y[6], x[6], &carry);
408  x[7] = word_sub(y[7], x[7], &carry);
409  return carry;
410 #endif
411  }
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word Botan::word8_sub3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 416 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub3().

418  {
419 #if defined(BOTAN_MP_USE_X86_32_ASM)
420  asm(
421  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbl"))
422  : [carry]"=r"(carry)
423  : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
424  : "cc", "memory");
425  return carry;
426 
427 #elif defined(BOTAN_MP_USE_X86_64_ASM)
428 
429  asm(
430  ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq"))
431  : [carry]"=r"(carry)
432  : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
433  : "cc", "memory");
434  return carry;
435 
436 #elif defined(BOTAN_MP_USE_X86_32_MSVC_ASM)
437 
438  __asm {
439  mov edi,[x]
440  mov esi,[y]
441  xor eax,eax
442  sub eax,[carry] //force CF=1 iff *carry==1
443  mov ebx,[z]
444  mov eax,[edi]
445  sbb eax,[esi]
446  mov [ebx],eax
447  mov eax,[edi+4]
448  sbb eax,[esi+4]
449  mov [ebx+4],eax
450  mov eax,[edi+8]
451  sbb eax,[esi+8]
452  mov [ebx+8],eax
453  mov eax,[edi+12]
454  sbb eax,[esi+12]
455  mov [ebx+12],eax
456  mov eax,[edi+16]
457  sbb eax,[esi+16]
458  mov [ebx+16],eax
459  mov eax,[edi+20]
460  sbb eax,[esi+20]
461  mov [ebx+20],eax
462  mov eax,[edi+24]
463  sbb eax,[esi+24]
464  mov [ebx+24],eax
465  mov eax,[edi+28]
466  sbb eax,[esi+28]
467  mov [ebx+28],eax
468  sbb eax,eax
469  neg eax
470  }
471 
472 #else
473  z[0] = word_sub(x[0], y[0], &carry);
474  z[1] = word_sub(x[1], y[1], &carry);
475  z[2] = word_sub(x[2], y[2], &carry);
476  z[3] = word_sub(x[3], y[3], &carry);
477  z[4] = word_sub(x[4], y[4], &carry);
478  z[5] = word_sub(x[5], y[5], &carry);
479  z[6] = word_sub(x[6], y[6], &carry);
480  z[7] = word_sub(x[7], y[7], &carry);
481  return carry;
482 #endif
483  }
word word_sub(word x, word y, word *carry)
Definition: mp_asmi.h:280
word Botan::word_add ( word  x,
word  y,
word *  carry 
)
inline

Definition at line 107 of file mp_asmi.h.

Referenced by bigint_add2_nc(), bigint_add3_nc(), bigint_cnd_abs(), bigint_cnd_add(), word3_muladd_2(), word8_add2(), and word8_add3().

108  {
109 #if defined(BOTAN_MP_USE_X86_32_ASM)
110  asm(
111  ADD_OR_SUBTRACT(ASM("adcl %[y],%[x]"))
112  : [x]"=r"(x), [carry]"=r"(*carry)
113  : "0"(x), [y]"rm"(y), "1"(*carry)
114  : "cc");
115  return x;
116 
117 #elif defined(BOTAN_MP_USE_X86_64_ASM)
118 
119  asm(
120  ADD_OR_SUBTRACT(ASM("adcq %[y],%[x]"))
121  : [x]"=r"(x), [carry]"=r"(*carry)
122  : "0"(x), [y]"rm"(y), "1"(*carry)
123  : "cc");
124  return x;
125 
126 #else
127  word z = x + y;
128  word c1 = (z < x);
129  z += *carry;
130  *carry = c1 | (z < *carry);
131  return z;
132 #endif
133  }
word Botan::word_madd2 ( word  a,
word  b,
word *  c 
)
inline

Definition at line 59 of file mp_madd.h.

References mul64x64_128().

Referenced by bigint_linmul2(), bigint_linmul3(), bigint_modop(), word3_muladd(), word3_muladd_2(), word8_linmul2(), and word8_linmul3().

60  {
61 #if defined(BOTAN_MP_USE_X86_32_ASM)
62  asm(
63  ASM("mull %[b]")
64  ASM("addl %[c],%[a]")
65  ASM("adcl $0,%[carry]")
66 
67  : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c)
68  : "0"(a), "1"(b), [c]"g"(*c) : "cc");
69 
70  return a;
71 
72 #elif defined(BOTAN_MP_USE_X86_64_ASM)
73  asm(
74  ASM("mulq %[b]")
75  ASM("addq %[c],%[a]")
76  ASM("adcq $0,%[carry]")
77 
78  : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c)
79  : "0"(a), "1"(b), [c]"g"(*c) : "cc");
80 
81  return a;
82 
83 #elif defined(BOTAN_HAS_MP_DWORD)
84  const dword s = static_cast<dword>(a) * b + *c;
85  *c = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
86  return static_cast<word>(s);
87 #else
88  static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");
89 
90  word hi = 0, lo = 0;
91 
92  mul64x64_128(a, b, &lo, &hi);
93 
94  lo += *c;
95  hi += (lo < *c); // carry?
96 
97  *c = hi;
98  return lo;
99 #endif
100  }
void mul64x64_128(uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
Definition: mul128.h:83
word Botan::word_madd3 ( word  a,
word  b,
word  c,
word *  d 
)
inline

Definition at line 105 of file mp_madd.h.

References mul64x64_128().

Referenced by bigint_monty_redc(), and word8_madd3().

106  {
107 #if defined(BOTAN_MP_USE_X86_32_ASM)
108  asm(
109  ASM("mull %[b]")
110 
111  ASM("addl %[c],%[a]")
112  ASM("adcl $0,%[carry]")
113 
114  ASM("addl %[d],%[a]")
115  ASM("adcl $0,%[carry]")
116 
117  : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d)
118  : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc");
119 
120  return a;
121 
122 #elif defined(BOTAN_MP_USE_X86_64_ASM)
123  asm(
124  ASM("mulq %[b]")
125 
126  ASM("addq %[c],%[a]")
127  ASM("adcq $0,%[carry]")
128 
129  ASM("addq %[d],%[a]")
130  ASM("adcq $0,%[carry]")
131 
132  : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d)
133  : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc");
134 
135  return a;
136 
137 #elif defined(BOTAN_HAS_MP_DWORD)
138  const dword s = static_cast<dword>(a) * b + c + *d;
139  *d = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
140  return static_cast<word>(s);
141 #else
142  static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");
143 
144  word hi = 0, lo = 0;
145 
146  mul64x64_128(a, b, &lo, &hi);
147 
148  lo += c;
149  hi += (lo < c); // carry?
150 
151  lo += *d;
152  hi += (lo < *d); // carry?
153 
154  *d = hi;
155  return lo;
156 #endif
157  }
void mul64x64_128(uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
Definition: mul128.h:83
word Botan::word_sub ( word  x,
word  y,
word *  carry 
)
inline

Definition at line 280 of file mp_asmi.h.

Referenced by bigint_cnd_sub(), bigint_monty_redc(), bigint_sub2(), bigint_sub2_rev(), bigint_sub3(), word8_sub2(), word8_sub2_rev(), and word8_sub3().

281  {
282 #if defined(BOTAN_MP_USE_X86_32_ASM)
283  asm(
284  ADD_OR_SUBTRACT(ASM("sbbl %[y],%[x]"))
285  : [x]"=r"(x), [carry]"=r"(*carry)
286  : "0"(x), [y]"rm"(y), "1"(*carry)
287  : "cc");
288  return x;
289 
290 #elif defined(BOTAN_MP_USE_X86_64_ASM)
291 
292  asm(
293  ADD_OR_SUBTRACT(ASM("sbbq %[y],%[x]"))
294  : [x]"=r"(x), [carry]"=r"(*carry)
295  : "0"(x), [y]"rm"(y), "1"(*carry)
296  : "cc");
297  return x;
298 
299 #else
300  word t0 = x - y;
301  word c1 = (t0 > x);
302  word z = t0 - *carry;
303  *carry = c1 | (z > t0);
304  return z;
305 #endif
306  }
BOTAN_DLL bool Botan::x500_name_cmp ( const std::string &  name1,
const std::string &  name2 
)

Compare two names using the X.509 comparison algorithm

Parameters
name1the first name
name2the second name
Returns
true if name1 is the same as name2 by the X.509 comparison rules

Definition at line 222 of file parsing.cpp.

References Botan::Charset::caseless_cmp(), and Botan::Charset::is_space().

Referenced by operator==().

223  {
224  auto p1 = name1.begin();
225  auto p2 = name2.begin();
226 
227  while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
228  while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
229 
230  while(p1 != name1.end() && p2 != name2.end())
231  {
232  if(Charset::is_space(*p1))
233  {
234  if(!Charset::is_space(*p2))
235  return false;
236 
237  while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
238  while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
239 
240  if(p1 == name1.end() && p2 == name2.end())
241  return true;
242  if(p1 == name1.end() || p2 == name2.end())
243  return false;
244  }
245 
246  if(!Charset::caseless_cmp(*p1, *p2))
247  return false;
248  ++p1;
249  ++p2;
250  }
251 
252  while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
253  while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
254 
255  if((p1 != name1.end()) || (p2 != name2.end()))
256  return false;
257  return true;
258  }
bool caseless_cmp(char a, char b)
Definition: charset.cpp:193
bool is_space(char c)
Definition: charset.cpp:139
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions restrictions,
const std::vector< Certificate_Store * > &  trusted_roots,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response >> &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certscertificate chain to validate
restrictionspath validation restrictions
trusted_rootslist of certificate stores that contain trusted certificates
hostnameif not empty, compared against the DNS name in end_certs[0]
usageif not set to UNSPECIFIED, compared against the key usage in end_certs[0]
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 562 of file x509path.cpp.

References Botan::PKIX::build_certificate_path(), Botan::PKIX::check_chain(), Botan::PKIX::check_crl(), Botan::PKIX::check_ocsp(), Botan::PKIX::merge_revocation_status(), Botan::Path_Validation_Restrictions::minimum_key_strength(), Botan::Path_Validation_Restrictions::ocsp_all_intermediates(), OCSP_NO_HTTP, OK, Botan::Path_Validation_Restrictions::require_revocation_information(), and Botan::Path_Validation_Restrictions::trusted_hashes().

Referenced by Botan::TLS::Callbacks::tls_verify_cert_chain(), and x509_path_validate().

571  {
572  if(end_certs.empty())
573  throw Invalid_Argument("x509_path_validate called with no subjects");
574 
575  std::shared_ptr<const X509_Certificate> end_entity(std::make_shared<const X509_Certificate>(end_certs[0]));
576  std::vector<std::shared_ptr<const X509_Certificate>> end_entity_extra;
577  for(size_t i = 1; i < end_certs.size(); ++i)
578  {
579  end_entity_extra.push_back(std::make_shared<const X509_Certificate>(end_certs[i]));
580  }
581 
582  std::vector<std::shared_ptr<const X509_Certificate>> cert_path;
583  Certificate_Status_Code path_building_result =
584  PKIX::build_certificate_path(cert_path, trusted_roots, end_entity, end_entity_extra);
585 
586  // If we cannot successfully build a chain to a trusted self-signed root, stop now
587  if(path_building_result != Certificate_Status_Code::OK)
588  {
589  return Path_Validation_Result(path_building_result);
590  }
591 
593  PKIX::check_chain(cert_path, ref_time,
594  hostname, usage,
595  restrictions.minimum_key_strength(),
596  restrictions.trusted_hashes());
597 
598  CertificatePathStatusCodes crl_status =
599  PKIX::check_crl(cert_path, trusted_roots, ref_time);
600 
601  CertificatePathStatusCodes ocsp_status;
602 
603  if(ocsp_resp.size() > 0)
604  {
605  ocsp_status = PKIX::check_ocsp(cert_path, ocsp_resp, trusted_roots, ref_time);
606  }
607 
608  if(ocsp_status.empty() && ocsp_timeout != std::chrono::milliseconds(0))
609  {
610 #if defined(BOTAN_TARGET_OS_HAS_THREADS) && defined(BOTAN_HAS_HTTP_UTIL)
611  ocsp_status = PKIX::check_ocsp_online(cert_path, trusted_roots, ref_time,
612  ocsp_timeout, restrictions.ocsp_all_intermediates());
613 #else
614  ocsp_status.resize(1);
615  ocsp_status[0].insert(Certificate_Status_Code::OCSP_NO_HTTP);
616 #endif
617  }
618 
619  PKIX::merge_revocation_status(status, crl_status, ocsp_status,
620  restrictions.require_revocation_information(),
621  restrictions.ocsp_all_intermediates());
622 
623  return Path_Validation_Result(status, std::move(cert_path));
624  }
CertificatePathStatusCodes BOTAN_DLL check_chain(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, std::chrono::system_clock::time_point ref_time, const std::string &hostname, Usage_Type usage, size_t min_signature_algo_strength, const std::set< std::string > &trusted_hashes)
Definition: x509path.cpp:29
CertificatePathStatusCodes BOTAN_DLL check_ocsp(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &certstores, std::chrono::system_clock::time_point ref_time)
Definition: x509path.cpp:122
void BOTAN_DLL merge_revocation_status(CertificatePathStatusCodes &chain_status, const CertificatePathStatusCodes &crl_status, const CertificatePathStatusCodes &ocsp_status, bool require_rev_on_end_entity, bool require_rev_on_intermediates)
Definition: x509path.cpp:490
CertificatePathStatusCodes BOTAN_DLL check_crl(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, const std::vector< std::shared_ptr< const X509_CRL >> &crls, std::chrono::system_clock::time_point ref_time)
Definition: x509path.cpp:171
Certificate_Status_Code BOTAN_DLL build_certificate_path(std::vector< std::shared_ptr< const X509_Certificate >> &cert_path_out, const std::vector< Certificate_Store * > &trusted_certstores, const std::shared_ptr< const X509_Certificate > &end_entity, const std::vector< std::shared_ptr< const X509_Certificate >> &end_entity_extra)
Definition: x509path.cpp:414
std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
Definition: x509path.h:29
Certificate_Status_Code
Definition: cert_status.h:18
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const X509_Certificate end_cert,
const Path_Validation_Restrictions restrictions,
const std::vector< Certificate_Store * > &  trusted_roots,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response >> &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certcertificate to validate
restrictionspath validation restrictions
trusted_rootslist of stores that contain trusted certificates
hostnameif not empty, compared against the DNS name in end_cert
usageif not set to UNSPECIFIED, compared against the key usage in end_cert
validation_timewhat reference time to use for validation
ocsp_timeouttimeoutput for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 626 of file x509path.cpp.

References x509_path_validate().

635  {
636  std::vector<X509_Certificate> certs;
637  certs.push_back(end_cert);
638  return x509_path_validate(certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
639  }
Path_Validation_Result x509_path_validate(const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:657
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions restrictions,
const Certificate_Store store,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response >> &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certscertificate chain to validate
restrictionspath validation restrictions
storestore that contains trusted certificates
hostnameif not empty, compared against the DNS name in end_certs[0]
usageif not set to UNSPECIFIED, compared against the key usage in end_certs[0]
validation_timewhat reference time to use for validation
ocsp_timeouttimeoutput for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 641 of file x509path.cpp.

References x509_path_validate().

650  {
651  std::vector<Certificate_Store*> trusted_roots;
652  trusted_roots.push_back(const_cast<Certificate_Store*>(&store));
653 
654  return x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
655  }
Path_Validation_Result x509_path_validate(const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:657
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const X509_Certificate end_cert,
const Path_Validation_Restrictions restrictions,
const Certificate_Store store,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response >> &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certcertificate to validate
restrictionspath validation restrictions
storestore that contains trusted certificates
hostnameif not empty, compared against the DNS name in end_cert
usageif not set to UNSPECIFIED, compared against the key usage in end_cert
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 657 of file x509path.cpp.

References x509_path_validate().

666  {
667  std::vector<X509_Certificate> certs;
668  certs.push_back(end_cert);
669 
670  std::vector<Certificate_Store*> trusted_roots;
671  trusted_roots.push_back(const_cast<Certificate_Store*>(&store));
672 
673  return x509_path_validate(certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
674  }
Path_Validation_Result x509_path_validate(const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:657
template<typename T >
void Botan::xor_buf ( out[],
const T  in[],
size_t  length 
)
template<typename T >
void Botan::xor_buf ( out[],
const T  in[],
const T  in2[],
size_t  length 
)

XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length

Parameters
outthe output buffer
inthe first input buffer
in2the second output buffer
lengththe length of the three buffers

Definition at line 130 of file mem_ops.h.

134  {
135  for(size_t i = 0; i != length; ++i)
136  {
137  out[i] = in[i] ^ in2[i];
138  }
139  }
template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const std::vector< uint8_t, Alloc2 > &  in,
size_t  n 
)

Definition at line 142 of file mem_ops.h.

References xor_buf().

145  {
146  xor_buf(out.data(), in.data(), n);
147  }
void xor_buf(std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
Definition: mem_ops.h:158
template<typename Alloc >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const uint8_t *  in,
size_t  n 
)

Definition at line 150 of file mem_ops.h.

References xor_buf().

153  {
154  xor_buf(out.data(), in, n);
155  }
void xor_buf(std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
Definition: mem_ops.h:158
template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const uint8_t *  in,
const std::vector< uint8_t, Alloc2 > &  in2,
size_t  n 
)

Definition at line 158 of file mem_ops.h.

References xor_buf().

162  {
163  xor_buf(out.data(), in, in2.data(), n);
164  }
void xor_buf(std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
Definition: mem_ops.h:158
template<typename T , typename Alloc >
void Botan::zap ( std::vector< T, Alloc > &  vec)
template<typename T , typename Alloc >
void Botan::zeroise ( std::vector< T, Alloc > &  vec)

Variable Documentation

const uint32_t Botan::CAST_SBOX1[256]

Definition at line 15 of file cast_sboxes.h.

const uint32_t Botan::CAST_SBOX2[256]

Definition at line 60 of file cast_sboxes.h.

const uint32_t Botan::CAST_SBOX3[256]

Definition at line 105 of file cast_sboxes.h.

const uint32_t Botan::CAST_SBOX4[256]

Definition at line 150 of file cast_sboxes.h.

const uint64_t Botan::DES_FPTAB1
const uint64_t Botan::DES_FPTAB2
const uint64_t Botan::DES_IPTAB1
const uint64_t Botan::DES_IPTAB2
const uint32_t Botan::DES_SPBOX1

Definition at line 12 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX2

Definition at line 57 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX3

Definition at line 102 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX4

Definition at line 147 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX5

Definition at line 192 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX6

Definition at line 237 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX7

Definition at line 282 of file des_tab.cpp.

const uint32_t Botan::DES_SPBOX8

Definition at line 327 of file des_tab.cpp.

const size_t Botan::HEX_CODEC_BUFFER_SIZE = 256

Size used for internal buffer in hex encoder/decoder

Definition at line 20 of file hex_filt.cpp.

const size_t Botan::MP_WORD_BITS = BOTAN_MP_WORD_BITS
const word Botan::MP_WORD_MASK = ~static_cast<word>(0)

Definition at line 27 of file mp_types.h.

Referenced by Botan::BigInt::BigInt().

const word Botan::MP_WORD_MAX = MP_WORD_MASK

Definition at line 29 of file mp_types.h.

Referenced by divide(), and monty_inverse().

const word Botan::MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)

Definition at line 28 of file mp_types.h.

Referenced by bigint_divop(), and divide().

const size_t Botan::PRIME_TABLE_SIZE = 6541

The size of the PRIMES[] array

Definition at line 240 of file numthry.h.

Referenced by Botan::DL_Group::DL_Group(), is_prime(), and random_prime().

const uint16_t Botan::PRIMES

A const array of all primes less than 65535

Definition at line 12 of file primes.cpp.

Referenced by Botan::DL_Group::DL_Group(), is_prime(), and random_prime().