|
Botan
2.13.0
Crypto and TLS for C++11
|
#include <ct_utils.h>
Public Member Functions | |
| T | if_not_set_return (T x) const |
| T | if_set_return (T x) const |
| void | if_set_zero_out (T buf[], size_t elems) |
| bool | is_set () const |
| Mask (const Mask< T > &other)=default | |
| template<typename U > | |
| Mask (Mask< U > o) | |
| Mask< T > & | operator&= (Mask< T > o) |
| Mask< T > & | operator= (const Mask< T > &other)=default |
| Mask< T > & | operator^= (Mask< T > o) |
| Mask< T > & | operator|= (Mask< T > o) |
| Mask< T > | operator~ () const |
| T | select (T x, T y) const |
| T | select_and_unpoison (T x, T y) const |
| Mask< T > | select_mask (Mask< T > x, Mask< T > y) const |
| void | select_n (T output[], const T x[], const T y[], size_t len) const |
| T | unpoisoned_value () const |
| T | value () const |
Static Public Member Functions | |
| static Mask< T > | cleared () |
| static Mask< T > | expand (T v) |
| template<typename U > | |
| static Mask< T > | expand (Mask< U > m) |
| static Mask< T > | is_equal (T x, T y) |
| static Mask< T > | is_gt (T x, T y) |
| static Mask< T > | is_gte (T x, T y) |
| static Mask< T > | is_lt (T x, T y) |
| static Mask< T > | is_lte (T x, T y) |
| static Mask< T > | is_zero (T x) |
| static Mask< T > | set () |
Friends | |
| Mask< T > | operator& (Mask< T > x, Mask< T > y) |
| Mask< T > | operator^ (Mask< T > x, Mask< T > y) |
| Mask< T > | operator| (Mask< T > x, Mask< T > y) |
A Mask type used for constant-time operations. A Mask<T> always has value either 0 (all bits cleared) or ~0 (all bits set). All operations in a Mask<T> are intended to compile to code which does not contain conditional jumps. This must be verified with tooling (eg binary disassembly or using valgrind) since you never know what a compiler might do.
Definition at line 87 of file ct_utils.h.
|
default |
|
inlinestatic |
Return a Mask<T> with all bits cleared
Definition at line 115 of file ct_utils.h.
Referenced by Botan::oaep_find_delim(), Botan::EME_PKCS1v15::unpad(), and Botan::OneAndZeros_Padding::unpad().
|
inlinestatic |
Return a Mask<T> which is set if v is != 0
Definition at line 123 of file ct_utils.h.
Referenced by Botan::bigint_cnd_abs(), Botan::bigint_cnd_add(), Botan::bigint_cnd_sub(), Botan::bigint_cnd_swap(), Botan::bigint_ct_is_lt(), Botan::bigint_shl1(), Botan::bigint_shl2(), Botan::bigint_shr1(), Botan::bigint_shr2(), Botan::BigInt::cond_flip_sign(), Botan::CT::conditional_copy_mem(), Botan::CT::conditional_swap(), Botan::BigInt::ct_cond_assign(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish(), Botan::gcd(), Botan::redc_p521(), Botan::Sodium::sodium_is_zero(), Botan::ANSI_X923_Padding::unpad(), and Botan::OneAndZeros_Padding::unpad().
|
inlinestatic |
Return a Mask<T> which is set if m is set
Definition at line 132 of file ct_utils.h.
References T, and Botan::CT::Mask< T >::value().
|
inline |
Return x if the mask is cleared, or otherwise zero
Definition at line 256 of file ct_utils.h.
Referenced by Botan::CT::Mask< T >::if_set_zero_out(), and Botan::EME_PKCS1v15::unpad().
|
inline |
Return x if the mask is set, or otherwise zero
Definition at line 248 of file ct_utils.h.
Referenced by Botan::oaep_find_delim().
|
inline |
If this mask is set, zero out buf, otherwise do nothing
Definition at line 298 of file ct_utils.h.
References Botan::CT::Mask< T >::if_not_set_return().
Referenced by Botan::CT::copy_output().
Return a Mask<T> which is set if x == y
Definition at line 149 of file ct_utils.h.
References Botan::CT::Mask< T >::is_zero().
Referenced by Botan::bigint_cmp(), Botan::bigint_ct_is_lt(), Botan::TLS::check_tls_cbc_padding(), Botan::BigInt::const_time_lookup(), Botan::CT::copy_output(), Botan::PK_Decryptor::decrypt_or_random(), Botan::divide(), Botan::PointGFp_Base_Point_Precompute::mul(), Botan::PointGFp_Var_Point_Precompute::mul(), Botan::oaep_find_delim(), Botan::redc_p521(), Botan::Sodium::sodium_compare(), Botan::PKCS7_Padding::unpad(), Botan::OneAndZeros_Padding::unpad(), and Botan::ESP_Padding::unpad().
Return a Mask<T> which is set if x > y
Definition at line 165 of file ct_utils.h.
References Botan::CT::Mask< T >::is_lt().
Referenced by Botan::PKCS7_Padding::unpad(), Botan::ANSI_X923_Padding::unpad(), and Botan::ESP_Padding::unpad().
Return a Mask<T> which is set if x >= y
Definition at line 181 of file ct_utils.h.
Referenced by Botan::ct_divide_u8(), Botan::PKCS7_Padding::unpad(), and Botan::ANSI_X923_Padding::unpad().
Return a Mask<T> which is set if x < y
Definition at line 157 of file ct_utils.h.
Referenced by Botan::bigint_cmp(), Botan::bigint_ct_is_lt(), Botan::TLS::check_tls_cbc_padding(), Botan::CT::Mask< T >::is_gt(), Botan::Sodium::sodium_compare(), and Botan::EME_PKCS1v15::unpad().
Return a Mask<T> which is set if x <= y
Definition at line 173 of file ct_utils.h.
Referenced by Botan::TLS::check_tls_cbc_padding(), Botan::CT::copy_output(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().
|
inline |
Return true iff this mask is set
Definition at line 319 of file ct_utils.h.
References Botan::CT::Mask< T >::unpoisoned_value().
|
inlinestatic |
Return a Mask<T> which is set if v is == 0 or cleared otherwise
Definition at line 141 of file ct_utils.h.
Referenced by Botan::bigint_cmp(), Botan::bigint_ct_is_eq(), Botan::bigint_ct_is_lt(), Botan::ct_compare_u8(), Botan::BigInt::ct_reduce_below(), Botan::PK_Decryptor::decrypt_or_random(), Botan::CT::Mask< T >::is_equal(), Botan::oaep_find_delim(), Botan::CT::strip_leading_zeros(), Botan::EME_PKCS1v15::unpad(), Botan::OneAndZeros_Padding::unpad(), and Botan::ESP_Padding::unpad().
AND-combine two masks
Definition at line 189 of file ct_utils.h.
References Botan::CT::Mask< T >::value().
XOR-combine two masks
Definition at line 198 of file ct_utils.h.
References Botan::CT::Mask< T >::value().
OR-combine two masks
Definition at line 207 of file ct_utils.h.
References Botan::CT::Mask< T >::value().
|
inline |
Negate this mask
Definition at line 240 of file ct_utils.h.
References Botan::CT::Mask< T >::value().
|
inline |
If this mask is set, return x, otherwise return y
Definition at line 264 of file ct_utils.h.
References T, and Botan::CT::Mask< T >::value().
Referenced by Botan::bigint_cnd_add_or_sub(), Botan::bigint_cnd_addsub(), Botan::CT::Mask< T >::select_and_unpoison(), Botan::CT::Mask< T >::select_mask(), and Botan::CT::Mask< T >::select_n().
|
inline |
Definition at line 270 of file ct_utils.h.
References Botan::CT::Mask< T >::select(), T, and Botan::CT::unpoison().
|
inline |
If this mask is set, return x, otherwise return y
Definition at line 280 of file ct_utils.h.
References Botan::CT::Mask< T >::select(), and Botan::CT::Mask< T >::value().
|
inline |
Conditionally set output to x or y, depending on if mask is set or cleared (resp)
Definition at line 289 of file ct_utils.h.
References Botan::CT::Mask< T >::select().
|
inlinestatic |
Return a Mask<T> with all bits set
Definition at line 107 of file ct_utils.h.
References T.
Referenced by Botan::oaep_find_delim(), and Botan::CT::strip_leading_zeros().
|
inline |
Return the value of the mask, unpoisoned
Definition at line 309 of file ct_utils.h.
References T, Botan::CT::unpoison(), and Botan::CT::Mask< T >::value().
Referenced by Botan::CT::Mask< T >::is_set().
|
inline |
Return the underlying value of the mask
Definition at line 327 of file ct_utils.h.
Referenced by Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::operator&=(), Botan::CT::Mask< T >::operator^=(), Botan::CT::Mask< T >::operator|=(), Botan::CT::Mask< T >::operator~(), Botan::CT::Mask< T >::select(), Botan::CT::Mask< T >::select_mask(), and Botan::CT::Mask< T >::unpoisoned_value().
AND-combine two masks
Definition at line 216 of file ct_utils.h.
XOR-combine two masks
Definition at line 224 of file ct_utils.h.
OR-combine two masks
Definition at line 232 of file ct_utils.h.
1.8.9.1