Botan
2.1.0
Crypto and TLS for C++11
|
Functions | |
template<typename T > | |
void | cond_zero_mem (T cond, T *array, size_t elems) |
template<typename T > | |
void | conditional_copy_mem (T value, T *to, const T *from0, const T *from1, size_t elems) |
template<typename T > | |
T | expand_mask (T x) |
template<typename T > | |
T | expand_top_bit (T a) |
template<typename T > | |
T | is_equal (T x, T y) |
template<typename T > | |
T | is_less (T x, T y) |
template<typename T > | |
T | is_lte (T x, T y) |
template<typename T > | |
T | is_zero (T x) |
template<typename T > | |
T | max (T a, T b) |
template<typename T > | |
T | min (T a, T b) |
template<typename T > | |
void | poison (const T *p, size_t n) |
template<typename T > | |
T | select (T mask, T from0, T from1) |
secure_vector< uint8_t > | strip_leading_zeros (const uint8_t in[], size_t length) |
secure_vector< uint8_t > | strip_leading_zeros (const secure_vector< uint8_t > &in) |
template<typename T > | |
void | unpoison (const T *p, size_t n) |
template<typename T > | |
void | unpoison (T &p) |
template<typename PredT , typename ValT > | |
ValT | val_or_zero (PredT pred_val, ValT val) |
|
inline |
|
inline |
Definition at line 138 of file ct_utils.h.
References expand_mask(), and select().
Referenced by Botan::bigint_monty_redc(), Botan::PK_Decryptor::decrypt_or_random(), Botan::PKCS7_Padding::unpad(), Botan::ANSI_X923_Padding::unpad(), Botan::OneAndZeros_Padding::unpad(), and Botan::ESP_Padding::unpad().
|
inline |
Definition at line 86 of file ct_utils.h.
Referenced by Botan::bigint_cnd_abs(), Botan::bigint_cnd_add(), Botan::bigint_cnd_sub(), Botan::bigint_cnd_swap(), cond_zero_mem(), conditional_copy_mem(), is_zero(), Botan::PKCS7_Padding::unpad(), Botan::ANSI_X923_Padding::unpad(), and Botan::ESP_Padding::unpad().
|
inline |
Definition at line 167 of file ct_utils.h.
|
inline |
Definition at line 116 of file ct_utils.h.
References is_zero().
Referenced by Botan::PK_Decryptor::decrypt_or_random(), and Botan::PKCS7_Padding::unpad().
|
inline |
Definition at line 122 of file ct_utils.h.
|
inline |
Definition at line 132 of file ct_utils.h.
|
inline |
Definition at line 110 of file ct_utils.h.
References expand_mask().
Referenced by Botan::EC_PublicKey::check_key(), is_equal(), Botan::BigInt::is_nonzero(), Botan::PointGFp::negate(), strip_leading_zeros(), and Botan::ANSI_X923_Padding::unpad().
|
inline |
Definition at line 173 of file ct_utils.h.
References expand_top_bit(), and select().
Referenced by Botan::GeneralSubtree::decode_from(), Botan::Device_EntropySource::Device_EntropySource(), Botan::GeneralSubtree::GeneralSubtree(), Botan::XMSS_Index_Registry::get(), Botan::mul_add(), Botan::multi_exponentiate(), Botan::operator+(), Botan::BigInt::operator+=(), Botan::operator-(), Botan::BigInt::operator-=(), Botan::operator^(), Botan::GOST_3410_PublicKey::public_key_bits(), and Botan::to_u32bit().
|
inline |
Definition at line 180 of file ct_utils.h.
References expand_top_bit(), and select().
Referenced by Botan::SHA_3::absorb(), Botan::buffer_insert(), Botan::XMSS_Tools::concat(), Botan::DataSource::discard_next(), Botan::gcd(), Botan::GeneralSubtree::GeneralSubtree(), Botan::OS::get_memory_locking_limit(), Botan::GHASH::ghash_update(), Botan::X942_PRF::kdf(), Botan::KDF2::kdf(), Botan::KDF1_18033::kdf(), Botan::HKDF_Extract::kdf(), Botan::HKDF_Expand::kdf(), Botan::mceliece_work_factor(), Botan::OctetString::operator^=(), Botan::DataSource_Memory::peek(), Botan::XTS_Encryption::process(), Botan::CFB_Encryption::process(), Botan::XTS_Decryption::process(), Botan::CFB_Decryption::process(), Botan::CBC_Decryption::process(), Botan::random_prime(), Botan::HMAC_DRBG::randomize_with_input(), Botan::TLS::Blocking_Client::read(), Botan::TLS::Datagram_Handshake_IO::timeout_check(), Botan::TLS::Protocol_Version::to_string(), and Botan::Buffered_Filter::write().
|
inline |
Use valgrind to mark the contents of memory as being undefined. Valgrind will accept operations which manipulate undefined values, but will warn if an undefined value is used to decided a conditional jump or a load/store address. So if we poison all of our inputs we can confirm that the operations in question are truly const time when compiled by whatever compiler is in use.
Even better, the VALGRIND_MAKE_MEM_* macros work even when the program is not run under valgrind (though with a few cycles of overhead, which is unfortunate in final binaries as these annotations tend to be used in fairly important loops).
This approach was first used in ctgrind (https://github.com/agl/ctgrind) but calling the valgrind mecheck API directly works just as well and doesn't require a custom patched valgrind.
Definition at line 46 of file ct_utils.h.
References BOTAN_UNUSED.
Referenced by Botan::bigint_monty_redc(), Botan::ct_inverse_mod_odd_modulus(), Botan::curve25519_donna(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish(), Botan::PKCS7_Padding::unpad(), Botan::ANSI_X923_Padding::unpad(), Botan::OneAndZeros_Padding::unpad(), and Botan::ESP_Padding::unpad().
|
inline |
Definition at line 98 of file ct_utils.h.
Referenced by Botan::bigint_cnd_abs(), Botan::bigint_cnd_add(), Botan::bigint_cnd_sub(), Botan::bigint_cnd_swap(), cond_zero_mem(), conditional_copy_mem(), max(), min(), Botan::Device_EntropySource::poll(), and val_or_zero().
|
inline |
Definition at line 186 of file ct_utils.h.
References is_zero().
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), and strip_leading_zeros().
|
inline |
Definition at line 201 of file ct_utils.h.
References strip_leading_zeros().
|
inline |
Definition at line 57 of file ct_utils.h.
References BOTAN_UNUSED.
Referenced by Botan::bigint_monty_redc(), Botan::ct_inverse_mod_odd_modulus(), Botan::curve25519_donna(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish(), Botan::PKCS7_Padding::unpad(), Botan::ANSI_X923_Padding::unpad(), Botan::OneAndZeros_Padding::unpad(), and Botan::ESP_Padding::unpad().
|
inline |
|
inline |