Botan  1.11.15
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

namespace  ASN1
namespace  BER
namespace  Camellia_F
namespace  Cert_Extension
namespace  Charset
namespace  CryptoBox
namespace  CVC_EAC
namespace  DE_EAC
namespace  FPE
namespace  gf2m_small_m
namespace  HAS_160_F
namespace  HTTP
namespace  KeyPair
namespace  OCSP
namespace  OIDS
namespace  PEM_Code
namespace  PK_Ops
namespace  PKCS8
namespace  RIPEMD_128_F
namespace  SHA1_F
namespace  SHA1_SSE2_F
namespace  SHA2_32
namespace  SHA2_64
namespace  TA_CM
namespace  TLS
namespace  X509

Classes

class  Adler32
class  AEAD_Filter
class  AEAD_Mode
class  AES_128
class  AES_128_NI
class  AES_128_SSSE3
class  AES_192
class  AES_192_NI
class  AES_192_SSSE3
class  AES_256
class  AES_256_NI
class  AES_256_SSSE3
class  Algo_Registry
struct  Algorithm_Not_Found
class  AlgorithmIdentifier
class  AlternativeName
class  ANSI_X919_MAC
class  ANSI_X923_Padding
class  ANSI_X931_RNG
class  ASN1_Car
class  ASN1_Ced
class  ASN1_Cex
class  ASN1_Chr
class  ASN1_EAC_String
class  ASN1_Object
class  ASN1_String
class  Attribute
class  AutoSeeded_RNG
class  Base64_Decoder
class  Base64_Encoder
class  BeOS_EntropySource
struct  BER_Bad_Tag
class  BER_Decoder
struct  BER_Decoding_Error
class  BER_Object
class  BigInt
struct  binary_matrix
struct  BitBucket
class  Blinder
class  Block_Cipher_Fixed_Params
class  BlockCipher
class  BlockCipherModePaddingMethod
class  Blowfish
class  Buffered_Computation
class  Buffered_Filter
class  Bzip2_Compression
class  Bzip2_Decompression
struct  calendar_point
class  Camellia_128
class  Camellia_192
class  Camellia_256
class  Cascade_Cipher
class  CAST_128
class  CAST_256
class  CBC_Decryption
class  CBC_Encryption
class  CBC_MAC
class  CBC_Mode
class  CCM_Decryption
class  CCM_Encryption
class  CCM_Mode
class  Certificate_Extension
class  Certificate_Store
class  Certificate_Store_In_Memory
class  Certificate_Store_Overlay
class  CFB_Decryption
class  CFB_Encryption
class  CFB_Mode
class  ChaCha
class  ChaCha20Poly1305_Decryption
class  ChaCha20Poly1305_Encryption
class  ChaCha20Poly1305_Mode
class  Chain
class  Cipher_Mode
class  CMAC
class  Comb4P
class  Compression_Alloc_Info
class  Compression_Decompression_Filter
class  Compression_Filter
class  Compression_Stream
class  Compressor_Transform
class  CPUID
class  CRC24
class  CRC32
class  Credentials_Manager
class  CRL_Entry
class  CTR_BE
class  CTS_Decryption
class  CTS_Encryption
class  Curve25519_PrivateKey
class  Curve25519_PublicKey
class  CurveGFp
class  CurveGFp_NIST
class  CurveGFp_P521
class  CurveGFp_Repr
class  Data_Store
class  DataSink
class  DataSink_Stream
class  DataSource
class  DataSource_Memory
class  DataSource_Stream
struct  Decoding_Error
class  Decompression_Filter
class  Deflate_Compression
class  Deflate_Decompression
class  DER_Encoder
class  DES
class  DESX
class  Device_EntropySource
class  DH_PrivateKey
class  DH_PublicKey
class  DL_Group
class  DL_Scheme_PrivateKey
class  DL_Scheme_PublicKey
class  DLIES_Decryptor
class  DLIES_Encryptor
class  donna128
class  DSA_PrivateKey
class  DSA_PublicKey
class  Dynamically_Loaded_Library
class  EAC1_1_ADO
class  EAC1_1_CVC
class  EAC1_1_CVC_Options
class  EAC1_1_gen_CVC
class  EAC1_1_obj
class  EAC1_1_Req
class  EAC_Signed_Object
class  EAC_Time
class  EAX_Decryption
class  EAX_Encryption
class  EAX_Mode
class  EC_Group
class  EC_PrivateKey
class  EC_PublicKey
class  ECB_Decryption
class  ECB_Encryption
class  ECB_Mode
class  ECDH_PrivateKey
class  ECDH_PublicKey
class  ECDSA_PrivateKey
class  ECDSA_PublicKey
class  ECDSA_Signature
class  EGD_EntropySource
class  ElGamal_PrivateKey
class  ElGamal_PublicKey
class  EME
class  EME_PKCS1v15
class  EMSA
class  EMSA1
class  EMSA1_BSI
class  EMSA_PKCS1v15
class  EMSA_PKCS1v15_Raw
class  EMSA_Raw
class  EMSA_X931
struct  Encoding_Error
class  Entropy_Accumulator
class  EntropySource
class  Extensions
class  Fanout_Filter
class  File_Descriptor_Source
class  Filter
class  Fixed_Base_Power_Mod
class  Fixed_Exponent_Power_Mod
class  Fixed_Window_Exponentiator
class  Fork
class  GCM_Decryption
class  GCM_Encryption
class  GCM_Mode
class  GHASH
class  GOST_28147_89
class  GOST_28147_89_Params
class  GOST_3410_PrivateKey
class  GOST_3410_PublicKey
class  GOST_34_11
class  Gzip_Compression
class  Gzip_Decompression
class  HAS_160
class  Hash_Filter
class  HashFunction
class  Hex_Decoder
class  Hex_Encoder
class  High_Resolution_Timestamp
class  HKDF
class  HMAC
class  HMAC_DRBG
class  HMAC_RNG
class  IDEA
class  IDEA_SSE2
class  IF_Scheme_PrivateKey
class  IF_Scheme_PublicKey
struct  Illegal_Point
struct  Illegal_Transformation
struct  Integrity_Failure
class  Intel_Rdrand
struct  Internal_Error
struct  Invalid_Algorithm_Name
struct  Invalid_IV_Length
struct  Invalid_Key_Length
struct  Invalid_OID
struct  Invalid_State
class  KASUMI
class  KDF
class  KDF1
class  KDF2
class  Keccak_1600
class  Key_Length_Specification
class  Keyed_Filter
class  Keyed_Transform
class  LibraryInitializer
class  Lion
struct  Lookup_Error
class  LZMA_Compression
class  LZMA_Decompression
class  MAC_Filter
class  MARS
class  McEliece_KEM_Decryptor
class  McEliece_KEM_Encryptor
class  mceliece_message_parts
class  McEliece_Private_Operation
class  McEliece_PrivateKey
class  McEliece_Public_Operation
class  McEliece_PublicKey
class  MD2
class  MD4
class  MD4_X86_32
class  MD5
class  MD5_X86_32
class  MDx_HashFunction
struct  Memory_Exhaustion
class  MessageAuthenticationCode
class  MISTY1
class  mlock_allocator
class  Modular_Exponentiator
class  Modular_Reducer
class  Montgomery_Exponentiator
class  Noekeon
class  Noekeon_SIMD
class  NR_PrivateKey
class  NR_PublicKey
class  Null_Padding
class  Null_RNG
class  OAEP
class  OCB_Decryption
class  OCB_Encryption
class  OCB_Mode
class  OctetString
class  OFB
class  OID
class  OneAndZeros_Padding
class  Output_Buffers
class  Parallel
class  Path_Validation_Restrictions
class  Path_Validation_Result
class  PBKDF
class  Pipe
class  PK_Decryptor
class  PK_Decryptor_EME
class  PK_Encryptor
class  PK_Encryptor_EME
class  PK_Key_Agreement
class  PK_Key_Agreement_Key
class  PK_Signer
class  PK_Verifier
class  PKCS10_Request
class  PKCS5_PBKDF1
class  PKCS5_PBKDF2
class  PKCS7_Padding
struct  PKCS8_Exception
class  PointGFp
struct  Policy_Violation
class  Poly1305
struct  polyn_gf2m
class  Power_Mod
class  Private_Key
struct  PRNG_Unseeded
class  ProcWalking_EntropySource
class  PSSR
class  Public_Key
class  RandomNumberGenerator
class  RC2
class  RC4
class  RC5
class  RC6
class  RIPEMD_128
class  RIPEMD_160
class  RSA_PrivateKey
class  RSA_PublicKey
class  RTSS_Share
class  RW_PrivateKey
class  RW_PublicKey
class  SAFER_SK
class  Salsa20
class  SCAN_Name
class  secure_allocator
class  SecureQueue
class  SEED
struct  Self_Test_Failure
class  Semaphore
class  Serialized_RNG
class  Serpent
class  Serpent_SIMD
class  Serpent_X86_32
class  SHA_160
class  SHA_160_SSE2
class  SHA_160_X86_32
class  SHA_160_X86_64
class  SHA_224
class  SHA_256
class  SHA_384
class  SHA_512
class  SHA_512_256
class  SIMD_Scalar
class  SipHash
class  SIV_Decryption
class  SIV_Encryption
class  SIV_Mode
class  Skein_512
class  SQL_Database
class  Sqlite3_Database
class  SRP6_Authenticator_File
class  SRP6_Server_Session
class  Stream_Cipher_Mode
class  Stream_Compression
class  Stream_Decompression
struct  Stream_IO_Error
class  StreamCipher
class  StreamCipher_Filter
class  SymmetricAlgorithm
class  TEA
class  Threaded_Fork
class  Threefish_512
class  Threefish_512_AVX2
class  Tiger
class  TLS_12_PRF
class  TLS_PRF
class  Transform
class  Transform_Filter
class  TripleDES
class  Twofish
class  Unix_EntropySource
class  UnixProcessInfo_EntropySource
class  Whirlpool
class  Win32_CAPI_EntropySource
class  Win32_EntropySource
class  X509_CA
class  X509_Cert_Options
class  X509_Certificate
class  X509_CRL
class  X509_DN
class  X509_Object
class  X509_Time
class  X942_PRF
class  XTEA
class  XTEA_SIMD
class  XTS_Decryption
class  XTS_Encryption
class  XTS_Mode
class  Zlib_Compression
class  Zlib_Decompression
class  Zlib_Style_Stream

Typedefs

typedef uint8_t byte
typedef EC_Group EC_Domain_Params
typedef std::runtime_error Exception
typedef limb felem [5]
typedef OctetString InitializationVector
typedef std::invalid_argument Invalid_Argument
typedef u64bit limb
typedef PK_Key_Agreement_Key PK_KA_Key
typedef Private_Key PKCS8_PrivateKey
typedef int32_t s32bit
typedef OctetString SymmetricKey
typedef Transform Transformation
typedef Transform_Filter Transformation_Filter
typedef uint16_t u16bit
typedef uint32_t u32bit
typedef uint64_t u64bit
typedef byte u8
typedef donna128 uint128_t
typedef Public_Key X509_PublicKey

Enumerations

enum  ASN1_Tag {
  UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, CONSTRUCTED = 0x20,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC, EOC = 0x00, BOOLEAN = 0x01, INTEGER = 0x02,
  BIT_STRING = 0x03, OCTET_STRING = 0x04, NULL_TAG = 0x05, OBJECT_ID = 0x06,
  ENUMERATED = 0x0A, SEQUENCE = 0x10, SET = 0x11, UTF8_STRING = 0x0C,
  NUMERIC_STRING = 0x12, PRINTABLE_STRING = 0x13, T61_STRING = 0x14, IA5_STRING = 0x16,
  VISIBLE_STRING = 0x1A, BMP_STRING = 0x1E, UTC_TIME = 0x17, GENERALIZED_TIME = 0x18,
  NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01
}
enum  Certificate_Status_Code {
  VERIFIED = 0x00000000, OCSP_RESPONSE_GOOD, NO_REVOCATION_DATA, SIGNATURE_METHOD_TOO_WEAK = 1000,
  UNTRUSTED_HASH, CERT_NOT_YET_VALID = 2000, CERT_HAS_EXPIRED, OCSP_NOT_YET_VALID,
  OCSP_HAS_EXPIRED, CRL_NOT_YET_VALID, CRL_HAS_EXPIRED, CERT_ISSUER_NOT_FOUND = 3000,
  CANNOT_ESTABLISH_TRUST, POLICY_ERROR = 4000, INVALID_USAGE, CERT_CHAIN_TOO_LONG,
  CA_CERT_NOT_FOR_CERT_ISSUER, CA_CERT_NOT_FOR_CRL_ISSUER, OCSP_CERT_NOT_LISTED, OCSP_BAD_STATUS,
  CERT_IS_REVOKED = 5000, CRL_BAD_SIGNATURE, SIGNATURE_ERROR
}
enum  Character_Set { LOCAL_CHARSET, UCS2_CHARSET, UTF8_CHARSET, LATIN1_CHARSET }
enum  Cipher_Dir { ENCRYPTION, DECRYPTION }
enum  CRL_Code {
  UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, AFFILIATION_CHANGED = 3,
  SUPERSEDED = 4, CESSATION_OF_OPERATION = 5, CERTIFICATE_HOLD = 6, REMOVE_FROM_CRL = 8,
  PRIVLEDGE_WITHDRAWN = 9, AA_COMPROMISE = 10, DELETE_CRL_ENTRY = 0xFF00, OCSP_GOOD = 0xFF01,
  OCSP_UNKNOWN = 0xFF02
}
enum  Decoder_Checking { NONE, IGNORE_WS, FULL_CHECK }
enum  EC_Group_Encoding { EC_DOMPAR_ENC_EXPLICIT = 0, EC_DOMPAR_ENC_IMPLICITCA = 1, EC_DOMPAR_ENC_OID = 2 }
enum  Fault_Protection { ENABLE_FAULT_PROTECTION, DISABLE_FAULT_PROTECTION }
enum  Key_Constraints {
  NO_CONSTRAINTS = 0, DIGITAL_SIGNATURE = 32768, NON_REPUDIATION = 16384, KEY_ENCIPHERMENT = 8192,
  DATA_ENCIPHERMENT = 4096, KEY_AGREEMENT = 2048, KEY_CERT_SIGN = 1024, CRL_SIGN = 512,
  ENCIPHER_ONLY = 256, DECIPHER_ONLY = 128
}
enum  Signature_Format { IEEE_1363, DER_SEQUENCE }
enum  X509_Encoding { RAW_BER, PEM }

Functions

BigInt abs (const BigInt &n)
std::map< std::string, double > algorithm_benchmark (const std::string &name, RandomNumberGenerator &rng, std::chrono::milliseconds milliseconds, size_t buf_size)
void aont_package (RandomNumberGenerator &rng, BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
void aont_unpackage (BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
size_t base64_decode (byte output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
size_t base64_decode (byte output[], const char input[], size_t input_length, bool ignore_ws)
size_t base64_decode (byte output[], const std::string &input, bool ignore_ws)
secure_vector< bytebase64_decode (const char input[], size_t input_length, bool ignore_ws)
secure_vector< bytebase64_decode (const std::string &input, bool ignore_ws)
size_t base64_encode (char out[], const byte in[], size_t input_length, size_t &input_consumed, bool final_inputs)
template<typename Alloc >
std::string base64_encode (const std::vector< byte, Alloc > &input)
std::string base64_encode (const byte input[], size_t input_length)
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
s32bit bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
void bigint_comba_sqr16 (word z[32], const word x[16])
void bigint_comba_sqr4 (word z[8], const word x[4])
void bigint_comba_sqr6 (word z[12], const word x[6])
void bigint_comba_sqr8 (word z[16], const word x[8])
void bigint_comba_sqr9 (word z[18], const word x[9])
word bigint_divop (word n1, word n0, word d)
void bigint_linmul2 (word x[], size_t x_size, word y)
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
word bigint_modop (word n1, word n0, word d)
void bigint_monty_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, const word p[], size_t p_size, word p_dash, word workspace[])
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[])
void bigint_monty_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word p[], size_t p_size, word p_dash, word workspace[])
void bigint_mul (word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw)
void bigint_shl1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
void bigint_simple_mul (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
void bigint_simple_sqr (word z[], const word x[], size_t x_size)
void bigint_sqr (word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw)
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
u32bit bit_size_to_32bit_size (u32bit bit_size)
u32bit bit_size_to_byte_size (u32bit bit_size)
void botan_md4_x86_32_compress (u32bit digest[4], const byte input[64], u32bit M[16])
 BOTAN_REGISTER_BLOCK_CIPHER_1LEN (RC5, 12)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE (XTS_Encryption, XTS_Decryption)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE (SIV_Encryption, SIV_Decryption)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN (OCB_Encryption, OCB_Decryption, 16)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN (CFB_Encryption, CFB_Decryption, 0)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN (EAX_Encryption, EAX_Decryption, 0)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN (GCM_Encryption, GCM_Decryption, 16)
 BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2 (CCM_Encryption, CCM_Decryption, 16, 3)
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_1STR (GOST_28147_89,"GOST-28147-89","R3411_94_TestParam")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (Threefish_512,"Threefish-512")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (Camellia_128,"Camellia-128")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (CAST_256,"CAST-256")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (CAST_128,"CAST-128")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (AES_128,"AES-128")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (Camellia_192,"Camellia-192")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (AES_192,"AES-192")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (Camellia_256,"Camellia-256")
 BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS (AES_256,"AES-256")
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (DESX)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (IDEA)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (MARS)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (KASUMI)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (Noekeon)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (RC2)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (SEED)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (TEA)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (RC6)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (XTEA)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (Blowfish)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (MISTY1)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (Serpent)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (DES)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (Twofish)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS (TripleDES)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (SIMD_32::enabled(), Noekeon_SIMD,"Noekeon","simd32", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (SIMD_32::enabled(), XTEA_SIMD,"XTEA","simd32", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_sse2(), IDEA_SSE2,"IDEA","sse2", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (SIMD_32::enabled(), Serpent_SIMD,"Serpent","simd32", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_avx2(), Threefish_512_AVX2,"Threefish-512","avx2", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_aes_ni(), AES_128_NI,"AES-128","aes_ni", 16)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_aes_ni(), AES_192_NI,"AES-192","aes_ni", 16)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_aes_ni(), AES_256_NI,"AES-256","aes_ni", 16)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_ssse3(), AES_128_SSSE3,"AES-128","ssse3", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_ssse3(), AES_192_SSSE3,"AES-192","ssse3", 64)
 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF (CPUID::has_ssse3(), AES_256_SSSE3,"AES-256","ssse3", 64)
 BOTAN_REGISTER_COMPRESSION (LZMA_Compression, LZMA_Decompression)
 BOTAN_REGISTER_COMPRESSION (Zlib_Compression, Zlib_Decompression)
 BOTAN_REGISTER_COMPRESSION (Bzip2_Compression, Bzip2_Decompression)
 BOTAN_REGISTER_COMPRESSION (Gzip_Compression, Gzip_Decompression)
 BOTAN_REGISTER_COMPRESSION (Deflate_Compression, Deflate_Decompression)
 BOTAN_REGISTER_EME_NAMED_NOARGS (EME_PKCS1v15,"PKCS1v15")
 BOTAN_REGISTER_EMSA_1HASH (EMSA1,"EMSA1")
 BOTAN_REGISTER_EMSA_1HASH (EMSA_X931,"EMSA_X931")
 BOTAN_REGISTER_EMSA_1HASH (EMSA1_BSI,"EMSA1_BSI")
 BOTAN_REGISTER_EMSA_NAMED_NOARGS (EMSA_Raw,"Raw")
 BOTAN_REGISTER_HASH_NAMED_1LEN (Keccak_1600,"Keccak-1600", 512)
 BOTAN_REGISTER_HASH_NAMED_NOARGS (HAS_160,"HAS-160")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (RIPEMD_128,"RIPEMD-128")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (RIPEMD_160,"RIPEMD-160")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_160,"SHA-160")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_384,"SHA-384")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (GOST_34_11,"GOST-R-34.11-94")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_224,"SHA-224")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_512,"SHA-512")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_256,"SHA-256")
 BOTAN_REGISTER_HASH_NAMED_NOARGS (SHA_512_256,"SHA-512-256")
 BOTAN_REGISTER_HASH_NOARGS (Adler32)
 BOTAN_REGISTER_HASH_NOARGS (CRC32)
 BOTAN_REGISTER_HASH_NOARGS (MD4)
 BOTAN_REGISTER_HASH_NOARGS (MD5)
 BOTAN_REGISTER_HASH_NOARGS (Whirlpool)
 BOTAN_REGISTER_HASH_NOARGS (CRC24)
 BOTAN_REGISTER_HASH_NOARGS (MD2)
 BOTAN_REGISTER_HASH_NOARGS_IF (CPUID::has_sse2(), SHA_160_SSE2,"SHA-160","sse2", 64)
 BOTAN_REGISTER_KDF_1HASH (KDF1,"KDF1")
 BOTAN_REGISTER_KDF_1HASH (KDF2,"KDF2")
 BOTAN_REGISTER_KDF_NAMED_1STR (X942_PRF,"X9.42-PRF")
 BOTAN_REGISTER_KDF_NOARGS (TLS_PRF,"TLS-PRF")
 BOTAN_REGISTER_MAC_NAMED_NOARGS (ANSI_X919_MAC,"X9.19-MAC")
 BOTAN_REGISTER_MAC_NOARGS (Poly1305)
 BOTAN_REGISTER_NAMED_T (KDF,"HKDF", HKDF, HKDF::make)
 BOTAN_REGISTER_NAMED_T (StreamCipher,"CTR-BE", CTR_BE, CTR_BE::make)
 BOTAN_REGISTER_NAMED_T (StreamCipher,"RC4", RC4, RC4::make)
 BOTAN_REGISTER_NAMED_T (StreamCipher,"OFB", OFB, OFB::make)
 BOTAN_REGISTER_NAMED_T (BlockCipher,"Cascade", Cascade_Cipher, Cascade_Cipher::make)
 BOTAN_REGISTER_NAMED_T (HashFunction,"Comb4P", Comb4P, Comb4P::make)
 BOTAN_REGISTER_NAMED_T (HashFunction,"Parallel", Parallel, Parallel::make)
 BOTAN_REGISTER_NAMED_T (PBKDF,"PBKDF2", PKCS5_PBKDF2, PKCS5_PBKDF2::make)
 BOTAN_REGISTER_NAMED_T (HashFunction,"Skein-512", Skein_512, Skein_512::make)
 BOTAN_REGISTER_NAMED_T (MessageAuthenticationCode,"CBC-MAC", CBC_MAC, CBC_MAC::make)
 BOTAN_REGISTER_NAMED_T (MessageAuthenticationCode,"CMAC", CMAC, CMAC::make)
 BOTAN_REGISTER_NAMED_T (MessageAuthenticationCode,"HMAC", HMAC, HMAC::make)
 BOTAN_REGISTER_NAMED_T (KDF,"TLS-12-PRF", TLS_12_PRF, TLS_12_PRF::make)
 BOTAN_REGISTER_NAMED_T (EMSA,"EMSA_PKCS1", EMSA_PCS1v15, make_pkcs1v15)
 BOTAN_REGISTER_NAMED_T (EMSA,"PSSR", PSSR, PSSR::make)
 BOTAN_REGISTER_NAMED_T (EME,"OAEP", OAEP, OAEP::make)
 BOTAN_REGISTER_NAMED_T (BlockCipher,"Lion", Lion, make_lion)
 BOTAN_REGISTER_NAMED_T_2LEN (MessageAuthenticationCode, SipHash,"SipHash","builtin", 2, 4)
 BOTAN_REGISTER_NAMED_T_2LEN (HashFunction, Tiger,"Tiger","builtin", 24, 3)
 BOTAN_REGISTER_NAMED_T_NOARGS (HashFunction, MD4_X86_32,"MD4","x86-32")
 BOTAN_REGISTER_NAMED_T_NOARGS (HashFunction, MD5_X86_32,"MD5","x86-32")
 BOTAN_REGISTER_NAMED_T_NOARGS (BlockCipher, Serpent_X86_32,"Serpent","x86-32")
 BOTAN_REGISTER_NAMED_T_NOARGS (HashFunction, SHA_160_X86_32,"SHA-160","x86-32")
 BOTAN_REGISTER_NAMED_T_NOARGS (HashFunction, SHA_160_X86_64,"SHA-160","x86-64")
 BOTAN_REGISTER_PK_KEY_AGREE_OP ("ECDH", ECDH_KA_Operation)
 BOTAN_REGISTER_PK_KEY_AGREE_OP ("DH", DH_KA_Operation)
 BOTAN_REGISTER_PK_SIGNATURE_OP ("NR", NR_Signature_Operation)
 BOTAN_REGISTER_PK_SIGNATURE_OP ("GOST-34.10", GOST_3410_Signature_Operation)
 BOTAN_REGISTER_PK_VERIFY_OP ("NR", NR_Verification_Operation)
 BOTAN_REGISTER_PK_VERIFY_OP ("GOST-34.10", GOST_3410_Verification_Operation)
 BOTAN_REGISTER_STREAM_CIPHER_NOARGS (ChaCha)
 BOTAN_REGISTER_STREAM_CIPHER_NOARGS (Salsa20)
 BOTAN_REGISTER_TRANSFORM (ECB_Encryption, make_ecb_mode< ECB_Encryption >)
 BOTAN_REGISTER_TRANSFORM (ECB_Decryption, make_ecb_mode< ECB_Decryption >)
 BOTAN_REGISTER_TRANSFORM (CBC_Encryption,(make_cbc_mode< CBC_Encryption, CTS_Encryption >))
 BOTAN_REGISTER_TRANSFORM (CBC_Decryption,(make_cbc_mode< CBC_Decryption, CTS_Decryption >))
 BOTAN_REGISTER_TRANSFORM_NOARGS (ChaCha20Poly1305_Encryption)
 BOTAN_REGISTER_TRANSFORM_NOARGS (ChaCha20Poly1305_Decryption)
 BOTAN_REGISTER_TYPE (StreamCipher, OpenSSL_RC4,"RC4", make_new_T< OpenSSL_RC4 >,"openssl", 64)
void botan_serpent_x86_32_decrypt (const byte in[16], byte out[16], const u32bit ks[132])
void botan_serpent_x86_32_encrypt (const byte in[16], byte out[16], const u32bit ks[132])
void botan_serpent_x86_32_key_schedule (u32bit ks[140])
template<typename T >
void bswap_4 (T x[4])
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
u64bit carry_shift (const donna128 &a, size_t shift)
template<typename T >
size_t ceil_log2 (T x)
bool check_bcrypt (const std::string &pass, const std::string &hash)
bool check_passhash9 (const std::string &pass, const std::string &hash)
bool check_prime (const BigInt &n, RandomNumberGenerator &rng)
PK_Signerchoose_sig_format (const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
std::string BOTAN_DLL clean_ws (const std::string &s)
template<typename T >
void clear_mem (T *ptr, size_t n)
u64bit combine_lower (const donna128 a, size_t s1, const donna128 b, size_t s2)
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
template<typename T >
void copy_out_be (byte out[], size_t out_bytes, const T in[])
template<typename T >
void copy_out_le (byte out[], size_t out_bytes, const T in[])
template<typename T , typename Alloc >
void copy_out_vec_be (byte out[], size_t out_bytes, const std::vector< T, Alloc > &in)
template<typename T , typename Alloc >
void copy_out_vec_le (byte out[], size_t out_bytes, const std::vector< T, Alloc > &in)
AlternativeName create_alt_name (const Data_Store &info)
X509_DN create_dn (const Data_Store &info)
secure_vector< gf2mcreate_random_error_positions (unsigned code_length, unsigned error_weight, RandomNumberGenerator &rng)
template<typename T >
size_t ctz (T n)
int BOTAN_DLL curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
int curve25519_donna (u8 *mypublic, const u8 *secret, const u8 *basepoint)
ECDSA_Signature decode_concatenation (const std::vector< byte > &concat)
ECDSA_PublicKeydecode_eac1_1_key (const std::vector< byte > &, AlgorithmIdentifier &)
void divide (const BigInt &x, const BigInt &y_arg, BigInt &q, BigInt &r)
size_t dl_work_factor (size_t bits)
secure_vector< byteEC2OSP (const PointGFp &point, byte format)
size_t ecp_work_factor (size_t bits)
std::string erase_chars (const std::string &str, const std::set< char > &chars)
template<typename T >
u16bit expand_mask_16bit (T tst)
Key_Constraints find_constraints (const Public_Key &pub_key, Key_Constraints limits)
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, u32bit code_length)
BigInt gcd (const BigInt &a, const BigInt &b)
void gcm_multiply_clmul (byte x[16], const byte H[16])
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, u16bit work_factor)
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< byte > &seed_c)
std::vector< bytegenerate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, u32bit ext_deg, u32bit code_length, u32bit t)
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, u16bit work_factor, byte alg_id)
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< byte > &salt, const std::string &group_id, const std::string &hash_id)
AEAD_Modeget_aead (const std::string &algo_spec, Cipher_Dir direction)
BlockCipherModePaddingMethodget_bc_pad (const std::string &algo_spec)
BlockCipherget_block_cipher (const std::string &algo_spec, const std::string &provider)
std::vector< std::string > get_block_cipher_providers (const std::string &algo_spec)
template<typename T >
byte get_byte (size_t byte_num, T input)
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
Cipher_Modeget_cipher_mode (const std::string &algo_spec, Cipher_Dir direction)
BOTAN_DLL EMEget_eme (const std::string &algo_spec)
BOTAN_DLL EMSAget_emsa (const std::string &algo_spec)
HashFunctionget_hash (const std::string &algo_spec, const std::string &provider="")
HashFunctionget_hash_function (const std::string &algo_spec, const std::string &provider)
std::vector< std::string > get_hash_function_providers (const std::string &algo_spec)
KDFget_kdf (const std::string &algo_spec)
MessageAuthenticationCodeget_mac (const std::string &algo_spec, const std::string &provider)
std::vector< std::string > get_mac_providers (const std::string &algo_spec)
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider)
StreamCipherget_stream_cipher (const std::string &algo_spec, const std::string &provider)
std::vector< std::string > get_stream_cipher_providers (const std::string &algo_spec)
Transformget_transform (const std::string &specstr, const std::string &provider, const std::string &dirstr)
gf2m_small_m::gf2m gray_to_lex (gf2m_small_m::gf2m gray)
template<typename T >
size_t hamming_weight (T n)
std::string hash_for_deterministic_signature (const std::string &emsa)
size_t hex_decode (byte output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
size_t hex_decode (byte output[], const char input[], size_t input_length, bool ignore_ws)
size_t hex_decode (byte output[], const std::string &input, bool ignore_ws)
std::vector< bytehex_decode (const char input[], size_t input_length, bool ignore_ws)
std::vector< bytehex_decode (const std::string &input, bool ignore_ws)
secure_vector< bytehex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
secure_vector< bytehex_decode_locked (const std::string &input, bool ignore_ws)
void hex_encode (char output[], const byte input[], size_t input_length, bool uppercase)
std::string hex_encode (const byte input[], size_t input_length, bool uppercase)
template<typename Alloc >
std::string hex_encode (const std::vector< byte, Alloc > &input, bool uppercase=true)
template<typename T >
size_t high_bit (T n)
byte ieee1363_hash_id (const std::string &name)
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
std::string ipv4_to_string (u32bit ip)
template<typename T >
bool is_power_of_2 (T arg)
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
s32bit jacobi (const BigInt &a, const BigInt &n)
BigInt lcm (const BigInt &a, const BigInt &b)
gf2m_small_m::gf2m lex_to_gray (gf2m_small_m::gf2m lex)
std::vector< std::string > list_all_readable_files_in_or_under (const std::string &dir_path)
template<typename T >
load_be (const byte in[], size_t off)
template<typename T >
void load_be (const byte in[], T &x0, T &x1)
template<typename T >
void load_be (const byte in[], T &x0, T &x1, T &x2, T &x3)
template<typename T >
void load_be (const byte in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
template<typename T >
void load_be (T out[], const byte in[], size_t count)
template<>
u16bit load_be< u16bit > (const byte in[], size_t off)
template<>
u32bit load_be< u32bit > (const byte in[], size_t off)
template<>
u64bit load_be< u64bit > (const byte in[], size_t off)
template<typename T >
load_le (const byte in[], size_t off)
template<typename T >
void load_le (const byte in[], T &x0, T &x1)
template<typename T >
void load_le (const byte in[], T &x0, T &x1, T &x2, T &x3)
template<typename T >
void load_le (const byte in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
template<typename T >
void load_le (T out[], const byte in[], size_t count)
template<>
u16bit load_le< u16bit > (const byte in[], size_t off)
template<>
u32bit load_le< u32bit > (const byte in[], size_t off)
template<>
u64bit load_le< u64bit > (const byte in[], size_t off)
template<typename T >
size_t low_bit (T n)
size_t low_zero_bits (const BigInt &n)
template<typename T >
T * make_a (const typename T::Spec &spec, const std::string provider="")
template<typename T >
T * make_block_cipher_mode (const Transform::Spec &spec)
template<typename T , size_t LEN1>
T * make_block_cipher_mode_len (const Transform::Spec &spec)
template<typename T , size_t LEN1, size_t LEN2>
T * make_block_cipher_mode_len2 (const Transform::Spec &spec)
template<typename CBC_T , typename CTS_T >
Transformmake_cbc_mode (const Transform::Spec &spec)
Transformmake_compressor (const std::string &type, size_t level)
EAC1_1_CVC make_cvc_cert (PK_Signer &signer, const std::vector< byte > &public_key, ASN1_Car const &car, ASN1_Chr const &chr, byte holder_auth_templ, ASN1_Ced ced, ASN1_Cex cex, RandomNumberGenerator &rng)
Transformmake_decompressor (const std::string &type)
template<typename T >
Transformmake_ecb_mode (const Transform::Spec &spec)
template<typename T >
T * make_new_T (const typename Algo_Registry< T >::Spec &)
template<typename T , size_t DEF_VAL>
T * make_new_T_1len (const typename Algo_Registry< T >::Spec &spec)
template<typename T >
T * make_new_T_1str (const typename Algo_Registry< T >::Spec &spec, const std::string &def)
template<typename T >
T * make_new_T_1str_req (const typename Algo_Registry< T >::Spec &spec)
template<typename T , typename X >
T * make_new_T_1X (const typename Algo_Registry< T >::Spec &spec)
template<typename T , size_t DEF1, size_t DEF2>
T * make_new_T_2len (const typename Algo_Registry< T >::Spec &spec)
template<typename OP , typename T >
OP * make_pk_op (const typename T::Spec &spec)
Private_Keymake_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< byte > &key_bits, RandomNumberGenerator &rng)
Public_Keymake_public_key (const AlgorithmIdentifier &alg_id, const secure_vector< byte > &key_bits)
u16bit make_u16bit (byte i0, byte i1)
u32bit make_u32bit (byte i0, byte i1, byte i2, byte i3)
u64bit make_u64bit (byte i0, byte i1, byte i2, byte i3, byte i4, byte i5, byte i6, byte i7)
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
secure_vector< bytemceies_decrypt (const McEliece_PrivateKey &privkey, const secure_vector< byte > &ct, byte ad[], size_t ad_len)
secure_vector< bytemceies_encrypt (const McEliece_PublicKey &pubkey, const secure_vector< byte > &pt, byte ad[], size_t ad_len, RandomNumberGenerator &rng)
secure_vector< bytemceliece_decrypt (secure_vector< gf2m > &error_pos, const byte *ciphertext, u32bit ciphertext_len, const McEliece_PrivateKey &key)
std::vector< bytemceliece_encrypt (const secure_vector< byte > &cleartext, const std::vector< byte > &public_matrix, const secure_vector< gf2m > &err_pos, u32bit code_length)
BOTAN_DLL size_t mceliece_work_factor (size_t code_size, size_t k, size_t t)
void mgf1_mask (HashFunction &hash, const byte in[], size_t in_len, byte out[], size_t out_len)
word monty_inverse (word input)
void mul64x64_128 (u64bit a, u64bit b, u64bit *lo, u64bit *hi)
BigInt mul_add (const BigInt &a, const BigInt &b, const BigInt &c)
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
bool operator!= (EAC1_1_Req const &lhs, EAC1_1_Req const &rhs)
bool operator!= (const ECDSA_Signature &lhs, const ECDSA_Signature &rhs)
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
bool operator!= (EAC1_1_CVC const &lhs, EAC1_1_CVC const &rhs)
bool operator!= (EAC1_1_ADO const &lhs, EAC1_1_ADO const &rhs)
template<typename T >
bool operator!= (const secure_allocator< T > &, const secure_allocator< T > &)
bool operator!= (const OID &a, const OID &b)
bool operator!= (const OctetString &s1, const OctetString &s2)
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
bool operator!= (const EAC_Time &t1, const EAC_Time &t2)
bool operator!= (const ASN1_EAC_String &lhs, const ASN1_EAC_String &rhs)
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
bool operator!= (const X509_Time &t1, const X509_Time &t2)
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
bool operator!= (const BigInt &a, const BigInt &b)
BigInt operator% (const BigInt &n, const BigInt &mod)
word operator% (const BigInt &n, word mod)
donna128 operator* (const donna128 &x, u64bit y)
BigInt operator* (const BigInt &x, const BigInt &y)
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
BigInt operator+ (const BigInt &x, const BigInt &y)
donna128 operator+ (const donna128 &x, const donna128 &y)
OID operator+ (const OID &oid, u32bit component)
donna128 operator+ (const donna128 &x, u64bit y)
OctetString operator+ (const OctetString &k1, const OctetString &k2)
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
BigInt operator- (const BigInt &x, const BigInt &y)
PointGFp operator- (const PointGFp &lhs)
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
BigInt operator/ (const BigInt &x, const BigInt &y)
bool operator< (const OID &a, const OID &b)
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
bool operator< (const EAC_Time &t1, const EAC_Time &t2)
bool operator< (const X509_Time &t1, const X509_Time &t2)
bool operator< (const BigInt &a, const BigInt &b)
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
int operator<< (int fd, Pipe &pipe)
BigInt operator<< (const BigInt &x, size_t shift)
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
BOTAN_DLL std::ostream & operator<< (std::ostream &out, Pipe &pipe)
bool operator<= (const EAC_Time &t1, const EAC_Time &t2)
bool operator<= (const X509_Time &t1, const X509_Time &t2)
bool operator<= (const BigInt &a, const BigInt &b)
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
template<typename T >
bool operator== (const secure_allocator< T > &, const secure_allocator< T > &)
bool operator== (const OctetString &s1, const OctetString &s2)
bool operator== (const ASN1_EAC_String &lhs, const ASN1_EAC_String &rhs)
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
bool operator== (const CurveGFp &lhs, const CurveGFp &rhs)
bool operator== (const EAC_Time &t1, const EAC_Time &t2)
bool operator== (const X509_Time &t1, const X509_Time &t2)
bool operator== (const BigInt &a, const BigInt &b)
bool operator> (const EAC_Time &t1, const EAC_Time &t2)
bool operator> (const X509_Time &t1, const X509_Time &t2)
bool operator> (const BigInt &a, const BigInt &b)
bool operator>= (const EAC_Time &t1, const EAC_Time &t2)
bool operator>= (const X509_Time &t1, const X509_Time &t2)
bool operator>= (const BigInt &a, const BigInt &b)
int operator>> (int fd, Pipe &pipe)
std::istream & operator>> (std::istream &stream, BigInt &n)
BigInt operator>> (const BigInt &x, size_t shift)
BOTAN_DLL std::istream & operator>> (std::istream &in, Pipe &pipe)
OctetString operator^ (const OctetString &k1, const OctetString &k2)
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator^= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
donna128 operator| (const donna128 &x, const donna128 &y)
template<typename Alloc >
PointGFp OS2ECP (const std::vector< byte, Alloc > &data, const CurveGFp &curve)
PointGFp OS2ECP (const byte data[], size_t data_len, const CurveGFp &curve)
std::vector< std::string > parse_algorithm_name (const std::string &namex)
std::vector< u32bitparse_asn1_oid (const std::string &oid)
secure_vector< bytepbes2_decrypt (const secure_vector< byte > &key_bits, const std::string &passphrase, const std::vector< byte > &params)
std::pair< AlgorithmIdentifier,
std::vector< byte > > 
pbes2_encrypt (const secure_vector< byte > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
size_t pbkdf2 (MessageAuthenticationCode &prf, byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
secure_vector< bytePGP_decode (DataSource &source, std::string &label, std::map< std::string, std::string > &headers)
secure_vector< bytePGP_decode (DataSource &source, std::string &label)
std::string PGP_encode (const byte input[], size_t length, const std::string &label, const std::map< std::string, std::string > &headers)
std::string PGP_encode (const byte input[], size_t length, const std::string &type)
std::vector< bytepkcs_hash_id (const std::string &name)
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
template<typename T >
std::vector< std::string > providers_of (const typename T::Spec &spec)
bool quick_check_prime (const BigInt &n, RandomNumberGenerator &rng)
gf2m random_code_element (unsigned code_length, Botan::RandomNumberGenerator &rng)
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
std::map< std::string,
std::string > BOTAN_DLL 
read_cfg (std::istream &is)
std::string replace_char (const std::string &str, char from_char, char to_char)
std::string replace_chars (const std::string &str, const std::set< char > &chars, char to_char)
BigInt BOTAN_DLL ressol (const BigInt &x, const BigInt &p)
u16bit reverse_bytes (u16bit val)
u32bit reverse_bytes (u32bit val)
u64bit reverse_bytes (u64bit val)
secure_vector< byterfc3394_keyunwrap (const secure_vector< byte > &key, const SymmetricKey &kek)
secure_vector< byterfc3394_keywrap (const secure_vector< byte > &key, const SymmetricKey &kek)
template<typename T >
rotate_left (T input, size_t rot)
template<typename T >
rotate_right (T input, size_t rot)
template<typename T >
round_down (T n, T align_to)
template<typename T >
round_up (T n, T align_to)
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
template<typename T >
void set_mem (T *ptr, size_t n, byte val)
template<typename T >
size_t significant_bytes (T n)
std::vector< std::string > split_on (const std::string &str, char delim)
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
BigInt square (const BigInt &x)
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< byte > &salt, const BigInt &B, RandomNumberGenerator &rng)
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
void store_be (u16bit in, byte out[2])
void store_be (u32bit in, byte out[4])
void store_be (u64bit in, byte out[8])
template<typename T >
void store_be (byte out[], T x0, T x1)
template<typename T >
void store_be (byte out[], T x0, T x1, T x2, T x3)
template<typename T >
void store_be (byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
void store_le (u16bit in, byte out[2])
void store_le (u32bit in, byte out[4])
void store_le (u64bit in, byte out[8])
template<typename T >
void store_le (byte out[], T x0, T x1)
template<typename T >
void store_le (byte out[], T x0, T x1, T x2, T x3)
template<typename T >
void store_le (byte out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
std::string string_join (const std::vector< std::string > &strs, char delim)
u32bit string_to_ipv4 (const std::string &str)
BigInt sub_mul (const BigInt &a, const BigInt &b, const BigInt &c)
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
RandomNumberGeneratorsystem_rng ()
u32bit timespec_to_u32bit (const std::string &timespec)
std::vector< byteto_byte_vector (const std::string &s)
u32bit to_u32bit (const std::string &str)
template<typename T >
std::vector< T > unlock (const secure_vector< T > &in)
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
bool verify_prime (const BigInt &n, RandomNumberGenerator &rng)
const char * version_cstr ()
u32bit version_datestamp ()
u32bit version_major ()
u32bit version_minor ()
u32bit version_patch ()
std::string version_string ()
void word3_muladd (word *w2, word *w1, word *w0, word a, word b)
void word3_muladd_2 (word *w2, word *w1, word *w0, word a, word b)
word word8_add2 (word x[8], const word y[8], word carry)
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
word word8_linmul2 (word x[8], word y, word carry)
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
word word8_linmul3 (word z[4], const word x[4], word y, word carry)
word word8_madd3 (word z[8], const word x[8], word y, word carry)
word word8_muladd (word z[8], const word x[8], word y, word carry)
word word8_sub2 (word x[8], const word y[8], word carry)
word word8_sub2_rev (word x[8], const word y[8], word carry)
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
word word_add (word x, word y, word *carry)
word word_madd2 (word a, word b, word *c)
word word_madd3 (word a, word b, word c, word *d)
word word_sub (word x, word y, word *carry)
bool x500_name_cmp (const std::string &name1, const std::string &name2)
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &certstores)
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &certstores)
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store)
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store)
template<typename T >
void xor_buf (T out[], const T in[], size_t length)
template<typename T >
void xor_buf (T out[], const T in[], const T in2[], size_t length)
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< byte, Alloc > &out, const std::vector< byte, Alloc2 > &in, size_t n)
template<typename Alloc >
void xor_buf (std::vector< byte, Alloc > &out, const byte *in, size_t n)
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< byte, Alloc > &out, const byte *in, const std::vector< byte, Alloc2 > &in2, size_t n)
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
BOTAN_DLL void zero_mem (void *ptr, size_t n)
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)

Variables

const u64bit Camellia_SBOX1 [256]
const u64bit Camellia_SBOX2 [256]
const u64bit Camellia_SBOX3 [256]
const u64bit Camellia_SBOX4 [256]
const u64bit Camellia_SBOX5 [256]
const u64bit Camellia_SBOX6 [256]
const u64bit Camellia_SBOX7 [256]
const u64bit Camellia_SBOX8 [256]
const u32bit CAST_SBOX1 [256]
const u32bit CAST_SBOX2 [256]
const u32bit CAST_SBOX3 [256]
const u32bit CAST_SBOX4 [256]
const u64bit DES_FPTAB1 [256]
const u64bit DES_FPTAB2 [256]
const u64bit DES_IPTAB1 [256]
const u64bit DES_IPTAB2 [256]
const u32bit DES_SPBOX1 [256]
const u32bit DES_SPBOX2 [256]
const u32bit DES_SPBOX3 [256]
const u32bit DES_SPBOX4 [256]
const u32bit DES_SPBOX5 [256]
const u32bit DES_SPBOX6 [256]
const u32bit DES_SPBOX7 [256]
const u32bit DES_SPBOX8 [256]
const size_t HEX_CODEC_BUFFER_SIZE = 256
const size_t MP_WORD_BITS = BOTAN_MP_WORD_BITS
const word MP_WORD_MASK = ~static_cast<word>(0)
const word MP_WORD_MAX = MP_WORD_MASK
const word MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)
const size_t PRIME_TABLE_SIZE = 6541
const u16bit BOTAN_DLL PRIMES []

Detailed Description

(C) Copyright Projet SECRET, INRIA, Rocquencourt (C) Bhaskar Biswas and Nicolas Sendrier

(C) 2014 cryptosource GmbH (C) 2014 Falko Strenzke fstrenzke@cryptosource.de

Botan is released under the Simplified BSD License (see license.txt)

(C) 2014 cryptosource GmbH (C) 2014 Falko Strenzke fstrenzke@cryptosource.de

Botan is released under the Simplified BSD License (see license.txt)

(C) Copyright Projet SECRET, INRIA, Rocquencourt (C) Bhaskar Biswas and Nicolas Sendrier (C) 2014 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

Dynamically Loaded Object (C) 2010 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

The primary namespace for the botan library


Typedef Documentation

typedef uint8_t Botan::byte

Definition at line 31 of file types.h.

Definition at line 144 of file ec_group.h.

typedef std::runtime_error Botan::Exception

Definition at line 19 of file exceptn.h.

typedef limb Botan::felem[5]

Definition at line 39 of file donna.cpp.

Alternate name for octet string showing intent to use as an IV

Definition at line 139 of file symkey.h.

typedef std::invalid_argument Botan::Invalid_Argument

Definition at line 20 of file exceptn.h.

Definition at line 38 of file donna.cpp.

Definition at line 143 of file pk_keys.h.

Definition at line 145 of file pk_keys.h.

typedef int32_t Botan::s32bit

Definition at line 36 of file types.h.

Alternate name for octet string showing intent to use as a key

Definition at line 134 of file symkey.h.

Definition at line 174 of file transform.h.

Definition at line 66 of file transform_filter.h.

typedef uint16_t Botan::u16bit

Definition at line 32 of file types.h.

typedef uint32_t Botan::u32bit

Definition at line 33 of file types.h.

typedef uint64_t Botan::u64bit

Definition at line 34 of file types.h.

typedef byte Botan::u8

Definition at line 37 of file donna.cpp.

Definition at line 42 of file donna.cpp.

Definition at line 144 of file pk_keys.h.


Enumeration Type Documentation

ASN.1 Type and Class Tags

Enumerator:
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

Definition at line 19 of file asn1_obj.h.

              {
   UNIVERSAL        = 0x00,
   APPLICATION      = 0x40,
   CONTEXT_SPECIFIC = 0x80,

   CONSTRUCTED      = 0x20,

   PRIVATE          = CONSTRUCTED | CONTEXT_SPECIFIC,

   EOC              = 0x00,
   BOOLEAN          = 0x01,
   INTEGER          = 0x02,
   BIT_STRING       = 0x03,
   OCTET_STRING     = 0x04,
   NULL_TAG         = 0x05,
   OBJECT_ID        = 0x06,
   ENUMERATED       = 0x0A,
   SEQUENCE         = 0x10,
   SET              = 0x11,

   UTF8_STRING      = 0x0C,
   NUMERIC_STRING   = 0x12,
   PRINTABLE_STRING = 0x13,
   T61_STRING       = 0x14,
   IA5_STRING       = 0x16,
   VISIBLE_STRING   = 0x1A,
   BMP_STRING       = 0x1E,

   UTC_TIME         = 0x17,
   GENERALIZED_TIME = 0x18,

   NO_OBJECT        = 0xFF00,
   DIRECTORY_STRING = 0xFF01
};
Enumerator:
VERIFIED 
OCSP_RESPONSE_GOOD 
NO_REVOCATION_DATA 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 

Definition at line 13 of file cert_status.h.

The different charsets (nominally) supported by Botan.

Enumerator:
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

Definition at line 19 of file charset.h.

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator:
ENCRYPTION 
DECRYPTION 

Definition at line 38 of file cipher_mode.h.

X.509v2 CRL Reason Code.

Enumerator:
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 19 of file crl_ent.h.

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator:
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 179 of file filter.h.

This class represents elliptic curce domain parameters

Enumerator:
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 22 of file ec_group.h.

Enum marking if protection against fault attacks should be used

Enumerator:
ENABLE_FAULT_PROTECTION 
DISABLE_FAULT_PROTECTION 

Definition at line 29 of file pubkey.h.

X.509v3 Key Constraints.

Enumerator:
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 18 of file key_constraint.h.

The two types of signature format supported by Botan.

Enumerator:
IEEE_1363 
DER_SEQUENCE 

Definition at line 24 of file pubkey.h.

The two types of X509 encoding supported by Botan.

Enumerator:
RAW_BER 
PEM 

Definition at line 21 of file x509_key.h.

{ RAW_BER, PEM };

Function Documentation

BigInt Botan::abs ( const BigInt &  n) [inline]

Return the absolute value

Parameters:
nan integer
Returns:
absolute value of n

Definition at line 44 of file numthry.h.

References Botan::BigInt::abs().

{ return n.abs(); }
std::map< std::string, double > BOTAN_DLL Botan::algorithm_benchmark ( const std::string &  name,
RandomNumberGenerator &  rng,
std::chrono::milliseconds  milliseconds,
size_t  buf_size 
)

Algorithm benchmark

Parameters:
namethe name of the algorithm to test (cipher, hash, or MAC)
afthe algorithm factory used to create objects
rngthe rng to use to generate random inputs
millisecondstotal time for the benchmark to run
buf_sizesize of buffer to benchmark against, in KiB
Returns:
results a map from provider to speed in mebibytes per second

Definition at line 150 of file benchmark.cpp.

   {
   //Algorithm_Factory& af = global_state().algorithm_factory();
   const auto providers = get_all_providers_of(name);

   std::map<std::string, double> all_results; // provider -> ops/sec

   if(!providers.empty())
      {
      const std::chrono::nanoseconds ns_per_provider = milliseconds / providers.size();

      for(auto provider : providers)
         {
         auto results = time_algorithm_ops(name, provider, rng, ns_per_provider, buf_size);
         all_results[provider] = find_first_in(results, { "", "update", "encrypt" });
         }
      }

   return all_results;
   }
void BOTAN_DLL Botan::aont_package ( RandomNumberGenerator &  rng,
BlockCipher *  cipher,
const byte  input[],
size_t  input_len,
byte  output[] 
)

Rivest's Package Tranform

Parameters:
rngthe random number generator to use
cipherthe block cipher to use
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

Definition at line 17 of file package.cpp.

References Botan::OctetString::begin(), Botan::BlockCipher::block_size(), clear_mem(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

   {
   const size_t BLOCK_SIZE = cipher->block_size();

   if(!cipher->valid_keylength(BLOCK_SIZE))
      throw Invalid_Argument("AONT::package: Invalid cipher");

   // The all-zero string which is used both as the CTR IV and as K0
   const std::string all_zeros(BLOCK_SIZE*2, '0');

   SymmetricKey package_key(rng, BLOCK_SIZE);

   Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));

   pipe.process_msg(input, input_len);
   pipe.read(output, pipe.remaining());

   // Set K0 (the all zero key)
   cipher->set_key(SymmetricKey(all_zeros));

   secure_vector<byte> buf(BLOCK_SIZE);

   const size_t blocks =
      (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;

   byte* final_block = output + input_len;
   clear_mem(final_block, BLOCK_SIZE);

   // XOR the hash blocks into the final block
   for(size_t i = 0; i != blocks; ++i)
      {
      const size_t left = std::min<size_t>(BLOCK_SIZE,
                                           input_len - BLOCK_SIZE * i);

      zeroise(buf);
      copy_mem(&buf[0], output + (BLOCK_SIZE * i), left);

      for(size_t j = 0; j != sizeof(i); ++j)
         buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);

      cipher->encrypt(&buf[0]);

      xor_buf(&final_block[0], &buf[0], BLOCK_SIZE);
      }

   // XOR the random package key into the final block
   xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE);
   }
void BOTAN_DLL Botan::aont_unpackage ( BlockCipher *  cipher,
const byte  input[],
size_t  input_len,
byte  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters:
cipherthe block cipher to use
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

Definition at line 69 of file package.cpp.

References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

   {
   const size_t BLOCK_SIZE = cipher->block_size();

   if(!cipher->valid_keylength(BLOCK_SIZE))
      throw Invalid_Argument("AONT::unpackage: Invalid cipher");

   if(input_len < BLOCK_SIZE)
      throw Invalid_Argument("AONT::unpackage: Input too short");

   // The all-zero string which is used both as the CTR IV and as K0
   const std::string all_zeros(BLOCK_SIZE*2, '0');

   cipher->set_key(SymmetricKey(all_zeros));

   secure_vector<byte> package_key(BLOCK_SIZE);
   secure_vector<byte> buf(BLOCK_SIZE);

   // Copy the package key (masked with the block hashes)
   copy_mem(&package_key[0],
            input + (input_len - BLOCK_SIZE),
            BLOCK_SIZE);

   const size_t blocks = ((input_len - 1) / BLOCK_SIZE);

   // XOR the blocks into the package key bits
   for(size_t i = 0; i != blocks; ++i)
      {
      const size_t left = std::min<size_t>(BLOCK_SIZE,
                                           input_len - BLOCK_SIZE * (i+1));

      zeroise(buf);
      copy_mem(&buf[0], input + (BLOCK_SIZE * i), left);

      for(size_t j = 0; j != sizeof(i); ++j)
         buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);

      cipher->encrypt(&buf[0]);

      xor_buf(&package_key[0], &buf[0], BLOCK_SIZE);
      }

   Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));

   pipe.process_msg(input, input_len - BLOCK_SIZE);

   pipe.read(output, pipe.remaining());
   }
void BOTAN_DLL Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails

Definition at line 13 of file assert.cpp.

   {
   std::ostringstream format;

   format << "False assertion ";

   if(assertion_made && assertion_made[0] != 0)
      format << "'" << assertion_made << "' (expression " << expr_str << ") ";
   else
      format << expr_str << " ";

   if(func)
      format << "in " << func << " ";

   format << "@" << file << ":" << line;

   throw std::runtime_error(format.str());
   }
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters:
outputan array of at least input_length*3/4 bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 97 of file base64.cpp.

References clear_mem().

Referenced by base64_decode(), check_passhash9(), Botan::Base64_Decoder::end_msg(), Botan::SRP6_Authenticator_File::SRP6_Authenticator_File(), and Botan::Base64_Decoder::write().

   {
   /*
   * Base64 Decoder Lookup Table
   * Warning: assumes ASCII encodings
   */
   static const byte BASE64_TO_BIN[256] = {
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
      0x80, 0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, 0x34, 0x35,
      0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF,
      0xFF, 0x81, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
      0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
      0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
      0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C,
      0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
      0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
      0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };

   byte* out_ptr = output;
   byte decode_buf[4];
   size_t decode_buf_pos = 0;
   size_t final_truncate = 0;

   clear_mem(output, input_length * 3 / 4);

   for(size_t i = 0; i != input_length; ++i)
      {
      const byte bin = BASE64_TO_BIN[static_cast<byte>(input[i])];

      if(bin <= 0x3F)
         {
         decode_buf[decode_buf_pos] = bin;
         decode_buf_pos += 1;
         }
      else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws)))
         {
         std::string bad_char(1, input[i]);
         if(bad_char == "\t")
           bad_char = "\\t";
         else if(bad_char == "\n")
           bad_char = "\\n";
         else if(bad_char == "\r")
           bad_char = "\\r";

         throw std::invalid_argument(
           std::string("base64_decode: invalid base64 character '") +
           bad_char + "'");
         }

      /*
      * If we're at the end of the input, pad with 0s and truncate
      */
      if(final_inputs && (i == input_length - 1))
         {
         if(decode_buf_pos)
            {
            for(size_t j = decode_buf_pos; j != 4; ++j)
               decode_buf[j] = 0;
            final_truncate = (4 - decode_buf_pos);
            decode_buf_pos = 4;
            }
         }

      if(decode_buf_pos == 4)
         {
         out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
         out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
         out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];

         out_ptr += 3;
         decode_buf_pos = 0;
         input_consumed = i+1;
         }
      }

   while(input_consumed < input_length &&
         BASE64_TO_BIN[static_cast<byte>(input[input_consumed])] == 0x80)
      {
      ++input_consumed;
      }

   size_t written = (out_ptr - output) - final_truncate;

   return written;
   }
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters:
outputan array of at least input_length*3/4 bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 204 of file base64.cpp.

References base64_decode().

   {
   size_t consumed = 0;
   size_t written = base64_decode(output, input, input_length,
                                  consumed, true, ignore_ws);

   if(consumed != input_length)
      throw std::invalid_argument("base64_decode: input did not have full bytes");

   return written;
   }
size_t BOTAN_DLL Botan::base64_decode ( byte  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters:
outputan array of at least input_length/3*4 bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 219 of file base64.cpp.

References base64_decode().

   {
   return base64_decode(output, input.data(), input.length(), ignore_ws);
   }
secure_vector< byte > BOTAN_DLL Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters:
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded base64 output

Definition at line 226 of file base64.cpp.

References base64_decode().

   { 
   const size_t output_length = (input_length == 0)
           ? 0
           : (round_up<size_t>(input_length, 4) * 3) / 4;
   secure_vector<byte> bin(output_length);

   size_t written = base64_decode(&bin[0],
                                  input,
                                  input_length,
                                  ignore_ws);

   bin.resize(written);
   return bin;
   }
secure_vector< byte > BOTAN_DLL Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters:
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded base64 output

Definition at line 244 of file base64.cpp.

References base64_decode().

   {
   return base64_decode(input.data(), input.size(), ignore_ws);
   }
size_t BOTAN_DLL Botan::base64_encode ( char  output[],
const byte  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters:
outputan array of at least input_length*4/3 bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns:
number of bytes written to output

Definition at line 35 of file base64.cpp.

Referenced by base64_encode(), and generate_passhash9().

   {
   input_consumed = 0;

   size_t input_remaining = input_length;
   size_t output_produced = 0;

   while(input_remaining >= 3)
      {
      do_base64_encode(out + output_produced, in + input_consumed);

      input_consumed += 3;
      output_produced += 4;
      input_remaining -= 3;
      }

   if(final_inputs && input_remaining)
      {
      byte remainder[3] = { 0 };
      for(size_t i = 0; i != input_remaining; ++i)
         remainder[i] = in[input_consumed + i];

      do_base64_encode(out + output_produced, remainder);

      size_t empty_bits = 8 * (3 - input_remaining);
      size_t index = output_produced + 4 - 1;
      while(empty_bits >= 8)
         {
         out[index--] = '=';
         empty_bits -= 6;
         }

      input_consumed += input_remaining;
      output_produced += 4;
      }

   return output_produced;
   }
template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< byte, Alloc > &  input)

Perform base64 encoding

Parameters:
inputsome input
Returns:
base64adecimal representation of input

Definition at line 50 of file base64.h.

References base64_encode().

   {
   return base64_encode(&input[0], input.size());
   }
std::string BOTAN_DLL Botan::base64_encode ( const byte  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters:
inputsome input
input_lengthlength of input in bytes
Returns:
base64adecimal representation of input

Definition at line 78 of file base64.cpp.

References base64_encode(), and BOTAN_ASSERT_EQUAL.

   {
   const size_t output_length = (input_length == 0)
           ? 0
           : (round_up<size_t>(input_length, 3) / 3) * 4;
   std::string output(output_length, 0);

   size_t consumed = 0;
   size_t produced = base64_encode(&output[0],
                                   input, input_length,
                                   consumed, true);

   BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
   BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");

   return output;
   }
void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition

Parameters:
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 70 of file mp_asm.cpp.

References bigint_add2_nc().

Referenced by mul_add(), Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

   {
   if(bigint_add2_nc(x, x_size, y, y_size))
      x[x_size] += 1;
   }
word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition with carry out

Definition at line 22 of file mp_asm.cpp.

References BOTAN_ASSERT, word8_add2(), and word_add().

Referenced by bigint_add2().

   {
   word carry = 0;

   BOTAN_ASSERT(x_size >= y_size, "Expected sizes");

   const size_t blocks = y_size - (y_size % 8);

   for(size_t i = 0; i != blocks; i += 8)
      carry = word8_add2(x + i, y + i, carry);

   for(size_t i = blocks; i != y_size; ++i)
      x[i] = word_add(x[i], y[i], &carry);

   for(size_t i = y_size; i != x_size; ++i)
      x[i] = word_add(x[i], 0, &carry);

   return carry;
   }
void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition

Definition at line 79 of file mp_asm.cpp.

References bigint_add3_nc().

Referenced by operator+(), and operator-().

   {
   z[(x_size > y_size ? x_size : y_size)] +=
      bigint_add3_nc(z, x, x_size, y, y_size);
   }
word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition with carry out

Definition at line 45 of file mp_asm.cpp.

References word8_add3(), and word_add().

Referenced by bigint_add3().

   {
   if(x_size < y_size)
      { return bigint_add3_nc(z, y, y_size, x, x_size); }

   word carry = 0;

   const size_t blocks = y_size - (y_size % 8);

   for(size_t i = 0; i != blocks; i += 8)
      carry = word8_add3(z + i, x + i, y + i, carry);

   for(size_t i = blocks; i != y_size; ++i)
      z[i] = word_add(x[i], y[i], &carry);

   for(size_t i = y_size; i != x_size; ++i)
      z[i] = word_add(x[i], 0, &carry);

   return carry;
   }
s32bit Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Compare x and y

Definition at line 18 of file mp_misc.cpp.

Referenced by Botan::BigInt::cmp(), operator+(), Botan::BigInt::operator+=(), operator-(), and Botan::BigInt::operator-=().

   {
   if(x_size < y_size) { return (-bigint_cmp(y, y_size, x, x_size)); }

   while(x_size > y_size)
      {
      if(x[x_size-1])
         return 1;
      x_size--;
      }

   for(size_t i = x_size; i > 0; --i)
      {
      if(x[i-1] > y[i-1])
         return 1;
      if(x[i-1] < y[i-1])
         return -1;
      }

   return 0;
   }
void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 806 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
   z[ 1] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
   z[ 2] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
   z[ 3] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
   z[ 4] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
   z[ 6] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
   z[ 7] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
   z[ 8] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
   z[ 9] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
   z[10] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
   z[11] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
   z[12] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
   z[13] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
   z[14] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
   z[15] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
   z[16] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
   word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
   z[17] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
   word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
   word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
   z[18] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
   word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
   word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
   word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
   z[19] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
   word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
   word3_muladd(&w1, &w0, &w2, x[10], y[10]);
   word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
   word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
   z[20] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
   word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
   word3_muladd(&w2, &w1, &w0, x[10], y[11]);
   word3_muladd(&w2, &w1, &w0, x[11], y[10]);
   word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
   word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
   z[21] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
   word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
   word3_muladd(&w0, &w2, &w1, x[10], y[12]);
   word3_muladd(&w0, &w2, &w1, x[11], y[11]);
   word3_muladd(&w0, &w2, &w1, x[12], y[10]);
   word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
   word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
   z[22] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
   word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
   word3_muladd(&w1, &w0, &w2, x[10], y[13]);
   word3_muladd(&w1, &w0, &w2, x[11], y[12]);
   word3_muladd(&w1, &w0, &w2, x[12], y[11]);
   word3_muladd(&w1, &w0, &w2, x[13], y[10]);
   word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
   word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
   z[23] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
   word3_muladd(&w2, &w1, &w0, x[10], y[14]);
   word3_muladd(&w2, &w1, &w0, x[11], y[13]);
   word3_muladd(&w2, &w1, &w0, x[12], y[12]);
   word3_muladd(&w2, &w1, &w0, x[13], y[11]);
   word3_muladd(&w2, &w1, &w0, x[14], y[10]);
   word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
   z[24] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[10], y[15]);
   word3_muladd(&w0, &w2, &w1, x[11], y[14]);
   word3_muladd(&w0, &w2, &w1, x[12], y[13]);
   word3_muladd(&w0, &w2, &w1, x[13], y[12]);
   word3_muladd(&w0, &w2, &w1, x[14], y[11]);
   word3_muladd(&w0, &w2, &w1, x[15], y[10]);
   z[25] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[11], y[15]);
   word3_muladd(&w1, &w0, &w2, x[12], y[14]);
   word3_muladd(&w1, &w0, &w2, x[13], y[13]);
   word3_muladd(&w1, &w0, &w2, x[14], y[12]);
   word3_muladd(&w1, &w0, &w2, x[15], y[11]);
   z[26] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[12], y[15]);
   word3_muladd(&w2, &w1, &w0, x[13], y[14]);
   word3_muladd(&w2, &w1, &w0, x[14], y[13]);
   word3_muladd(&w2, &w1, &w0, x[15], y[12]);
   z[27] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[13], y[15]);
   word3_muladd(&w0, &w2, &w1, x[14], y[14]);
   word3_muladd(&w0, &w2, &w1, x[15], y[13]);
   z[28] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[14], y[15]);
   word3_muladd(&w1, &w0, &w2, x[15], y[14]);
   z[29] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[15], y[15]);
   z[30] = w0;
   z[31] = w1;
   }
void Botan::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

Definition at line 51 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
   z[ 1] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
   z[ 2] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
   z[ 3] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
   z[ 4] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
   z[ 6] = w0;
   z[ 7] = w1;
   }
void Botan::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

Definition at line 142 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
   z[ 1] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
   z[ 2] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
   z[ 3] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
   z[ 4] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
   z[ 6] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
   z[ 7] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
   z[ 8] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
   z[ 9] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
   z[10] = w1;
   z[11] = w2;
   }
void Botan::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

Definition at line 284 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
   z[ 1] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
   z[ 2] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
   z[ 3] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
   z[ 4] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
   z[ 6] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
   z[ 7] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
   z[ 8] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
   z[ 9] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
   z[10] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
   z[11] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
   z[12] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
   z[13] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
   z[14] = w2;
   z[15] = w0;
   }
void Botan::bigint_comba_mul9 ( word  z[18],
const word  x[9],
const word  y[9] 
)

Definition at line 475 of file mp_comba.cpp.

References word3_muladd().

Referenced by bigint_mul().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
   z[ 1] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
   z[ 2] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
   z[ 3] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
   z[ 4] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
   z[ 6] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
   z[ 7] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
   z[ 8] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
   z[ 9] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
   z[10] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
   z[11] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
   z[12] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
   word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
   word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
   z[13] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
   word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
   z[14] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
   word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
   z[15] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
   z[16] = w1;
   z[17] = w2;
   }
void Botan::bigint_comba_sqr16 ( word  z[32],
const word  x[16] 
)

Definition at line 599 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
   z[ 1] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
   z[ 2] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
   z[ 3] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
   z[ 4] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
   z[ 5] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
   z[ 6] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
   z[ 7] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
   z[ 8] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
   z[ 9] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
   z[10] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
   word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
   z[11] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[10]);
   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
   word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]);
   z[12] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
   word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
   word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
   z[13] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
   word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
   word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]);
   z[14] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[13]);
   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[12]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[11]);
   word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
   word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
   word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
   z[15] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
   word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
   word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
   word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
   word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]);
   z[16] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
   word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
   word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
   word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
   word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
   z[17] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
   word3_muladd_2(&w2, &w1, &w0, x[ 5], x[13]);
   word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]);
   word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
   word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
   word3_muladd(&w2, &w1, &w0, x[ 9], x[ 9]);
   z[18] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
   word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
   word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
   word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
   word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
   word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
   z[19] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
   word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
   word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
   word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
   word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
   word3_muladd(&w1, &w0, &w2, x[10], x[10]);
   z[20] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
   word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
   word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
   word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
   word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
   z[21] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
   word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
   word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
   word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
   word3_muladd(&w0, &w2, &w1, x[11], x[11]);
   z[22] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
   word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
   word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
   word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
   z[23] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
   word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
   word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
   word3_muladd(&w2, &w1, &w0, x[12], x[12]);
   z[24] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
   word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
   word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
   z[25] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
   word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
   word3_muladd(&w1, &w0, &w2, x[13], x[13]);
   z[26] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
   word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
   z[27] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
   word3_muladd(&w0, &w2, &w1, x[14], x[14]);
   z[28] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
   z[29] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[15], x[15]);
   z[30] = w0;
   z[31] = w1;
   }
void Botan::bigint_comba_sqr4 ( word  z[8],
const word  x[4] 
)

Definition at line 18 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
   z[ 1] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
   z[ 2] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
   z[ 3] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
   z[ 4] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
   z[ 5] = w2; w2 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
   z[ 6] = w0;
   z[ 7] = w1;
   }
void Botan::bigint_comba_sqr6 ( word  z[12],
const word  x[6] 
)

Definition at line 90 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
   z[ 1] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
   z[ 2] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
   z[ 3] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
   z[ 4] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
   z[ 5] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
   z[ 6] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
   z[ 7] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
   z[ 8] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
   z[ 9] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
   z[10] = w1;
   z[11] = w2;
   }
void Botan::bigint_comba_sqr8 ( word  z[16],
const word  x[8] 
)

Definition at line 209 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
   z[ 1] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
   z[ 2] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
   z[ 3] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
   z[ 4] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
   z[ 5] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
   z[ 6] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
   z[ 7] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
   z[ 8] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
   z[ 9] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
   z[10] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
   z[11] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]);
   z[12] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
   z[13] = w1; w1 = 0;

   word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]);
   z[14] = w2;
   z[15] = w0;
   }
void Botan::bigint_comba_sqr9 ( word  z[18],
const word  x[9] 
)

Definition at line 387 of file mp_comba.cpp.

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

   {
   word w2 = 0, w1 = 0, w0 = 0;

   word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
   z[ 0] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
   z[ 1] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
   word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
   z[ 2] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
   z[ 3] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
   word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
   z[ 4] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
   z[ 5] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
   word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
   z[ 6] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
   z[ 7] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
   word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
   word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
   z[ 8] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
   word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
   word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
   z[ 9] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
   word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
   word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
   word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
   z[10] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
   word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
   word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
   z[11] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
   word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
   word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]);
   z[12] = w0; w0 = 0;

   word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
   word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
   z[13] = w1; w1 = 0;

   word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
   word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]);
   z[14] = w2; w2 = 0;

   word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
   z[15] = w0; w0 = 0;

   word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]);
   z[16] = w1;
   z[17] = w2;
   }
word Botan::bigint_divop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) / d

Definition at line 44 of file mp_misc.cpp.

References MP_WORD_BITS, and MP_WORD_TOP_BIT.

Referenced by bigint_modop(), divide(), and monty_inverse().

   {
   word high = n1 % d, quotient = 0;

   for(size_t i = 0; i != MP_WORD_BITS; ++i)
      {
      word high_top_bit = (high & MP_WORD_TOP_BIT);

      high <<= 1;
      high |= (n0 >> (MP_WORD_BITS-1-i)) & 1;
      quotient <<= 1;

      if(high_top_bit || high >= d)
         {
         high -= d;
         quotient |= 1;
         }
      }

   return quotient;
   }
void Botan::bigint_linmul2 ( word  x[],
size_t  x_size,
word  y 
)

Definition at line 154 of file mp_asm.cpp.

References word8_linmul2(), and word_madd2().

Referenced by Botan::BigInt::operator*=().

   {
   const size_t blocks = x_size - (x_size % 8);

   word carry = 0;

   for(size_t i = 0; i != blocks; i += 8)
      carry = word8_linmul2(x + i, y, carry);

   for(size_t i = blocks; i != x_size; ++i)
      x[i] = word_madd2(x[i], y, &carry);

   x[x_size] = carry;
   }
void Botan::bigint_linmul3 ( word  z[],
const word  x[],
size_t  x_size,
word  y 
)

Definition at line 172 of file mp_asm.cpp.

References word8_linmul3(), and word_madd2().

Referenced by bigint_mul(), bigint_sqr(), operator*(), and Botan::BigInt::operator*=().

   {
   const size_t blocks = x_size - (x_size % 8);

   word carry = 0;

   for(size_t i = 0; i != blocks; i += 8)
      carry = word8_linmul3(z + i, x + i, y, carry);

   for(size_t i = blocks; i != x_size; ++i)
      z[i] = word_madd2(x[i], y, &carry);

   z[x_size] = carry;
   }
word Botan::bigint_modop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) % d

Definition at line 69 of file mp_misc.cpp.

References bigint_divop(), and word_madd2().

Referenced by operator%(), and Botan::BigInt::operator%=().

   {
   word z = bigint_divop(n1, n0, d);
   word dummy = 0;
   z = word_madd2(z, d, &dummy);
   return (n0-z);
   }
void Botan::bigint_monty_mul ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 86 of file mp_monty.cpp.

References bigint_monty_redc(), and bigint_mul().

Referenced by Botan::Montgomery_Exponentiator::execute(), and Botan::Montgomery_Exponentiator::set_base().

   {
   bigint_mul(&z[0], z_size, &ws[0],
              &x[0], x_size, x_sw,
              &y[0], y_size, y_sw);

   bigint_monty_redc(&z[0],
                     &p[0], p_size, p_dash,
                     &ws[0]);
   }
void Botan::bigint_monty_redc ( word  z[],
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Montgomery Reduction

Parameters:
zinteger to reduce, of size exactly 2*(p_size+1). Output is in the first p_size+1 words, higher words are set to zero.
pmodulus
p_sizesize of p
p_dashMontgomery value
workspacearray of at least 2*(p_size+1) words

Definition at line 21 of file mp_monty.cpp.

References BOTAN_ASSERT, clear_mem(), copy_mem(), word8_madd3(), word_madd3(), word_sub(), and y.

Referenced by bigint_monty_mul(), bigint_monty_sqr(), and Botan::Montgomery_Exponentiator::execute().

   {
   const size_t z_size = 2*(p_size+1);

   const size_t blocks_of_8 = p_size - (p_size % 8);

   for(size_t i = 0; i != p_size; ++i)
      {
      word* z_i = z + i;

      const word y = z_i[0] * p_dash;

      /*
      bigint_linmul3(ws, p, p_size, y);
      bigint_add2(z_i, z_size - i, ws, p_size+1);
      */

      word carry = 0;

      for(size_t j = 0; j != blocks_of_8; j += 8)
         carry = word8_madd3(z_i + j, p + j, y, carry);

      for(size_t j = blocks_of_8; j != p_size; ++j)
         z_i[j] = word_madd3(p[j], y, z_i[j], &carry);

      word z_sum = z_i[p_size] + carry;
      carry = (z_sum < z_i[p_size]);
      z_i[p_size] = z_sum;

      for(size_t j = p_size + 1; carry && j != z_size - i; ++j)
         {
         ++z_i[j];
         carry = !z_i[j];
         }
      }

   /*
   * The result might need to be reduced mod p. To avoid a timing
   * channel, always perform the subtraction. If in the compution
   * of x - p a borrow is required then x was already < p.
   *
   * x - p starts at ws[0] and is p_size+1 bytes long
   * x starts at ws[p_size+1] and is also p_size+1 bytes log
   * (that's the copy_mem)
   *
   * Select which address to copy from indexing off of the final
   * borrow.
   */

   word borrow = 0;
   for(size_t i = 0; i != p_size; ++i)
      ws[i] = word_sub(z[p_size + i], p[i], &borrow);

   ws[p_size] = word_sub(z[p_size+p_size], 0, &borrow);

   BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow");

   copy_mem(ws + p_size + 1, z + p_size, p_size + 1);

   copy_mem(z, ws + borrow*(p_size+1), p_size + 1);
   clear_mem(z + p_size + 1, z_size - p_size - 1);
   }
void Botan::bigint_monty_sqr ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[] 
)

Definition at line 101 of file mp_monty.cpp.

References bigint_monty_redc(), and bigint_sqr().

Referenced by Botan::Montgomery_Exponentiator::execute().

   {
   bigint_sqr(&z[0], z_size, &ws[0],
              &x[0], x_size, x_sw);

   bigint_monty_redc(&z[0],
                     &p[0], p_size, p_dash,
                     &ws[0]);
   }
void Botan::bigint_mul ( word  z[],
size_t  z_size,
word  workspace[],
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw 
)

Definition at line 224 of file mp_karat.cpp.

References bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_linmul3(), and bigint_simple_mul().

Referenced by bigint_monty_mul(), Botan::CurveGFp_NIST::curve_mul(), mul_add(), operator*(), and Botan::BigInt::operator*=().

   {
   if(x_sw == 1)
      {
      bigint_linmul3(z, y, y_sw, x[0]);
      }
   else if(y_sw == 1)
      {
      bigint_linmul3(z, x, x_sw, y[0]);
      }
   else if(x_sw <= 4 && x_size >= 4 &&
           y_sw <= 4 && y_size >= 4 && z_size >= 8)
      {
      bigint_comba_mul4(z, x, y);
      }
   else if(x_sw <= 6 && x_size >= 6 &&
           y_sw <= 6 && y_size >= 6 && z_size >= 12)
      {
      bigint_comba_mul6(z, x, y);
      }
   else if(x_sw <= 8 && x_size >= 8 &&
           y_sw <= 8 && y_size >= 8 && z_size >= 16)
      {
      bigint_comba_mul8(z, x, y);
      }
   else if(x_sw <= 9 && x_size >= 9 &&
           y_sw <= 9 && y_size >= 9 && z_size >= 18)
      {
      bigint_comba_mul9(z, x, y);
      }
   else if(x_sw <= 16 && x_size >= 16 &&
           y_sw <= 16 && y_size >= 16 && z_size >= 32)
      {
      bigint_comba_mul16(z, x, y);
      }
   else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
           y_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
           !workspace)
      {
      bigint_simple_mul(z, x, x_sw, y, y_sw);
      }
   else
      {
      const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw);

      if(N)
         karatsuba_mul(z, x, y, N, workspace);
      else
         bigint_simple_mul(z, x, x_sw, y, y_sw);
      }
   }
void Botan::bigint_shl1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 18 of file mp_shift.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by Botan::BigInt::operator-=(), and Botan::BigInt::operator<<=().

   {
   if(word_shift)
      {
      copy_mem(x + word_shift, x, x_size);
      clear_mem(x, word_shift);
      }

   if(bit_shift)
      {
      word carry = 0;
      for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
         {
         word temp = x[j];
         x[j] = (temp << bit_shift) | carry;
         carry = (temp >> (MP_WORD_BITS - bit_shift));
         }
      }
   }
void Botan::bigint_shl2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 96 of file mp_shift.cpp.

References MP_WORD_BITS.

Referenced by operator-(), and operator<<().

   {
   for(size_t j = 0; j != x_size; ++j)
      y[j + word_shift] = x[j];
   if(bit_shift)
      {
      word carry = 0;
      for(size_t j = word_shift; j != x_size + word_shift + 1; ++j)
         {
         word w = y[j];
         y[j] = (w << bit_shift) | carry;
         carry = (w >> (MP_WORD_BITS - bit_shift));
         }
      }
   }
void Botan::bigint_shr1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 41 of file mp_shift.cpp.

References clear_mem(), copy_mem(), and MP_WORD_BITS.

Referenced by Botan::BigInt::operator>>=().

   {
   if(x_size < word_shift)
      {
      clear_mem(x, x_size);
      return;
      }

   if(word_shift)
      {
      copy_mem(x, x + word_shift, x_size - word_shift);
      clear_mem(x + x_size - word_shift, word_shift);
      }

   if(bit_shift)
      {
      word carry = 0;

      size_t top = x_size - word_shift;

      while(top >= 4)
         {
         word w = x[top-1];
         x[top-1] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));

         w = x[top-2];
         x[top-2] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));

         w = x[top-3];
         x[top-3] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));

         w = x[top-4];
         x[top-4] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));

         top -= 4;
         }

      while(top)
         {
         word w = x[top-1];
         x[top-1] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));

         top--;
         }
      }
   }
void Botan::bigint_shr2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

Definition at line 116 of file mp_shift.cpp.

References MP_WORD_BITS.

Referenced by operator>>().

   {
   if(x_size < word_shift) return;

   for(size_t j = 0; j != x_size - word_shift; ++j)
      y[j] = x[j + word_shift];
   if(bit_shift)
      {
      word carry = 0;
      for(size_t j = x_size - word_shift; j > 0; --j)
         {
         word w = y[j-1];
         y[j-1] = (w >> bit_shift) | carry;
         carry = (w << (MP_WORD_BITS - bit_shift));
         }
      }
   }
void Botan::bigint_simple_mul ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Definition at line 20 of file mp_mulop.cpp.

References clear_mem(), word8_madd3(), and word_madd3().

Referenced by bigint_mul().

   {
   const size_t x_size_8 = x_size - (x_size % 8);

   clear_mem(z, x_size + y_size);

   for(size_t i = 0; i != y_size; ++i)
      {
      const word y_i = y[i];

      word carry = 0;

      for(size_t j = 0; j != x_size_8; j += 8)
         carry = word8_madd3(z + i + j, x + j, y_i, carry);

      for(size_t j = x_size_8; j != x_size; ++j)
         z[i+j] = word_madd3(x[j], y_i, z[i+j], &carry);

      z[x_size+i] = carry;
      }
   }
void Botan::bigint_simple_sqr ( word  z[],
const word  x[],
size_t  x_size 
)

Definition at line 54 of file mp_mulop.cpp.

References clear_mem(), word8_madd3(), and word_madd3().

Referenced by bigint_sqr().

   {
   const size_t x_size_8 = x_size - (x_size % 8);

   clear_mem(z, 2*x_size);

   for(size_t i = 0; i != x_size; ++i)
      {
      const word x_i = x[i];
      word carry = 0;

      for(size_t j = 0; j != x_size_8; j += 8)
         carry = word8_madd3(z + i + j, x + j, x_i, carry);

      for(size_t j = x_size_8; j != x_size; ++j)
         z[i+j] = word_madd3(x[j], x_i, z[i+j], &carry);

      z[x_size+i] = carry;
      }
   }
void Botan::bigint_sqr ( word  z[],
size_t  z_size,
word  workspace[],
const word  x[],
size_t  x_size,
size_t  x_sw 
)

Definition at line 281 of file mp_karat.cpp.

References bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_linmul3(), and bigint_simple_sqr().

Referenced by bigint_monty_sqr(), Botan::CurveGFp_NIST::curve_sqr(), and square().

   {
   if(x_sw == 1)
      {
      bigint_linmul3(z, x, x_sw, x[0]);
      }
   else if(x_sw <= 4 && x_size >= 4 && z_size >= 8)
      {
      bigint_comba_sqr4(z, x);
      }
   else if(x_sw <= 6 && x_size >= 6 && z_size >= 12)
      {
      bigint_comba_sqr6(z, x);
      }
   else if(x_sw <= 8 && x_size >= 8 && z_size >= 16)
      {
      bigint_comba_sqr8(z, x);
      }
   else if(x_sw == 9 && x_size >= 9 && z_size >= 18)
      {
      bigint_comba_sqr9(z, x);
      }
   else if(x_sw <= 16 && x_size >= 16 && z_size >= 32)
      {
      bigint_comba_sqr16(z, x);
      }
   else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace)
      {
      bigint_simple_sqr(z, x, x_sw);
      }
   else
      {
      const size_t N = karatsuba_size(z_size, x_size, x_sw);

      if(N)
         karatsuba_sqr(z, x, N, workspace);
      else
         bigint_simple_sqr(z, x, x_sw);
      }
   }
word Botan::bigint_sub2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand subtraction

Definition at line 89 of file mp_asm.cpp.

References BOTAN_ASSERT, word8_sub2(), and word_sub().

Referenced by Botan::BigInt::operator+=(), and Botan::BigInt::operator-=().

   {
   word borrow = 0;

   BOTAN_ASSERT(x_size >= y_size, "Expected sizes");

   const size_t blocks = y_size - (y_size % 8);

   for(size_t i = 0; i != blocks; i += 8)
      borrow = word8_sub2(x + i, y + i, borrow);

   for(size_t i = blocks; i != y_size; ++i)
      x[i] = word_sub(x[i], y[i], &borrow);

   for(size_t i = y_size; i != x_size; ++i)
      x[i] = word_sub(x[i], 0, &borrow);

   return borrow;
   }
void Botan::bigint_sub2_rev ( word  x[],
const word  y[],
size_t  y_size 
)

Two operand subtraction, x = y - x; assumes y >= x

Definition at line 112 of file mp_asm.cpp.

References BOTAN_ASSERT, word8_sub2_rev(), and word_sub().

Referenced by Botan::BigInt::operator-=().

   {
   word borrow = 0;

   const size_t blocks = y_size - (y_size % 8);

   for(size_t i = 0; i != blocks; i += 8)
      borrow = word8_sub2_rev(x + i, y + i, borrow);

   for(size_t i = blocks; i != y_size; ++i)
      x[i] = word_sub(y[i], x[i], &borrow);

   BOTAN_ASSERT(!borrow, "y must be greater than x");
   }
word Botan::bigint_sub3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand subtraction

Definition at line 130 of file mp_asm.cpp.

References BOTAN_ASSERT, word8_sub3(), and word_sub().

Referenced by operator+(), Botan::BigInt::operator+=(), and operator-().

   {
   word borrow = 0;

   BOTAN_ASSERT(x_size >= y_size, "Expected sizes");

   const size_t blocks = y_size - (y_size % 8);

   for(size_t i = 0; i != blocks; i += 8)
      borrow = word8_sub3(z + i, x + i, y + i, borrow);

   for(size_t i = blocks; i != y_size; ++i)
      z[i] = word_sub(x[i], y[i], &borrow);

   for(size_t i = y_size; i != x_size; ++i)
      z[i] = word_sub(x[i], 0, &borrow);

   return borrow;
   }
u32bit Botan::bit_size_to_32bit_size ( u32bit  bit_size) [inline]

Definition at line 50 of file code_based_util.h.

Referenced by generate_mceliece_key(), mceliece_decrypt(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().

   {
   return (bit_size - 1) / 32 + 1;
   }
u32bit Botan::bit_size_to_byte_size ( u32bit  bit_size) [inline]

Definition at line 45 of file code_based_util.h.

Referenced by mceliece_decrypt().

   {
   return (bit_size - 1) / 8 + 1;
   }
void Botan::botan_md4_x86_32_compress ( u32bit  digest[4],
const byte  input[64],
u32bit  M[16] 
)

MD4 compression function in x86-32 asm

Parameters:
digestthe current digest
inputthe input block
Mthe message buffer
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE ( XTS_Encryption  ,
XTS_Decryption   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE ( SIV_Encryption  ,
SIV_Decryption   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN ( OCB_Encryption  ,
OCB_Decryption  ,
16   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN ( CFB_Encryption  ,
CFB_Decryption  ,
 
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN ( EAX_Encryption  ,
EAX_Decryption  ,
 
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN ( GCM_Encryption  ,
GCM_Decryption  ,
16   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2 ( CCM_Encryption  ,
CCM_Decryption  ,
16  ,
 
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_1STR ( GOST_28147_89  ,
"GOST-28147-89"  ,
"R3411_94_TestParam"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( Threefish_512  ,
"Threefish-512"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( Camellia_128  ,
"Camellia-128"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( CAST_256  ,
"CAST-256"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( CAST_128  ,
"CAST-128"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( AES_128  ,
"AES-128"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( Camellia_192  ,
"Camellia-192"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( AES_192  ,
"AES-192"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( Camellia_256  ,
"Camellia-256"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NAMED_NOARGS ( AES_256  ,
"AES-256"   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( SIMD_32::  enabled(),
Noekeon_SIMD  ,
"Noekeon"  ,
"simd32"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( SIMD_32::  enabled(),
XTEA_SIMD  ,
"XTEA"  ,
"simd32"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_sse2(),
IDEA_SSE2  ,
"IDEA"  ,
"sse2"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( SIMD_32::  enabled(),
Serpent_SIMD  ,
"Serpent"  ,
"simd32"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_avx2(),
Threefish_512_AVX2  ,
"Threefish-512"  ,
"avx2"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_aes_ni(),
AES_128_NI  ,
"AES-128"  ,
"aes_ni"  ,
16   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_aes_ni(),
AES_192_NI  ,
"AES-192"  ,
"aes_ni"  ,
16   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_aes_ni(),
AES_256_NI  ,
"AES-256"  ,
"aes_ni"  ,
16   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_ssse3(),
AES_128_SSSE3  ,
"AES-128"  ,
"ssse3"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_ssse3(),
AES_192_SSSE3  ,
"AES-192"  ,
"ssse3"  ,
64   
)
Botan::BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF ( CPUID::  has_ssse3(),
AES_256_SSSE3  ,
"AES-256"  ,
"ssse3"  ,
64   
)
Botan::BOTAN_REGISTER_COMPRESSION ( LZMA_Compression  ,
LZMA_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Zlib_Compression  ,
Zlib_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Bzip2_Compression  ,
Bzip2_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Gzip_Compression  ,
Gzip_Decompression   
)
Botan::BOTAN_REGISTER_COMPRESSION ( Deflate_Compression  ,
Deflate_Decompression   
)
Botan::BOTAN_REGISTER_EME_NAMED_NOARGS ( EME_PKCS1v15  ,
"PKCS1v15"   
)
Botan::BOTAN_REGISTER_EMSA_1HASH ( EMSA1  ,
"EMSA1"   
)
Botan::BOTAN_REGISTER_EMSA_1HASH ( EMSA_X931  ,
"EMSA_X931"   
)
Botan::BOTAN_REGISTER_EMSA_1HASH ( EMSA1_BSI  ,
"EMSA1_BSI"   
)
Botan::BOTAN_REGISTER_EMSA_NAMED_NOARGS ( EMSA_Raw  ,
"Raw"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_1LEN ( Keccak_1600  ,
"Keccak-1600"  ,
512   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( HAS_160  ,
"HAS-160"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( RIPEMD_128  ,
"RIPEMD-128"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( RIPEMD_160  ,
"RIPEMD-160"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_160  ,
"SHA-160"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_384  ,
"SHA-384"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( GOST_34_11  ,
"GOST-R-34.11-94"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_224  ,
"SHA-224"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_512  ,
"SHA-512"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_256  ,
"SHA-256"   
)
Botan::BOTAN_REGISTER_HASH_NAMED_NOARGS ( SHA_512_256  ,
"SHA-512-256"   
)
Botan::BOTAN_REGISTER_HASH_NOARGS_IF ( CPUID::  has_sse2(),
SHA_160_SSE2  ,
"SHA-160"  ,
"sse2"  ,
64   
)
Botan::BOTAN_REGISTER_KDF_1HASH ( KDF1  ,
"KDF1"   
)
Botan::BOTAN_REGISTER_KDF_1HASH ( KDF2  ,
"KDF2"   
)
Botan::BOTAN_REGISTER_KDF_NAMED_1STR ( X942_PRF  ,
"X9.42-PRF"   
)
Botan::BOTAN_REGISTER_KDF_NOARGS ( TLS_PRF  ,
"TLS-PRF"   
)
Botan::BOTAN_REGISTER_MAC_NAMED_NOARGS ( ANSI_X919_MAC  ,
"X9.19-MAC"   
)
Botan::BOTAN_REGISTER_NAMED_T ( KDF  ,
"HKDF"  ,
HKDF  ,
HKDF::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( StreamCipher  ,
"CTR-BE"  ,
CTR_BE  ,
CTR_BE::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( StreamCipher  ,
"RC4"  ,
RC4  ,
RC4::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( StreamCipher  ,
"OFB"  ,
OFB  ,
OFB::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( BlockCipher  ,
"Cascade"  ,
Cascade_Cipher  ,
Cascade_Cipher::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( HashFunction  ,
"Comb4P"  ,
Comb4P  ,
Comb4P::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( HashFunction  ,
"Parallel"  ,
Parallel  ,
Parallel::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( PBKDF  ,
"PBKDF2"  ,
PKCS5_PBKDF2  ,
PKCS5_PBKDF2::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( HashFunction  ,
"Skein-512"  ,
Skein_512  ,
Skein_512::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( MessageAuthenticationCode  ,
"CBC-MAC"  ,
CBC_MAC  ,
CBC_MAC::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( MessageAuthenticationCode  ,
"CMAC"  ,
CMAC  ,
CMAC::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( MessageAuthenticationCode  ,
"HMAC"  ,
HMAC  ,
HMAC::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( KDF  ,
"TLS-12-PRF"  ,
TLS_12_PRF  ,
TLS_12_PRF::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( EMSA  ,
"EMSA_PKCS1"  ,
EMSA_PCS1v15  ,
make_pkcs1v15   
)
Botan::BOTAN_REGISTER_NAMED_T ( EMSA  ,
"PSSR"  ,
PSSR  ,
PSSR::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( EME  ,
"OAEP"  ,
OAEP  ,
OAEP::make   
)
Botan::BOTAN_REGISTER_NAMED_T ( BlockCipher  ,
"Lion"  ,
Lion  ,
make_lion   
)
Botan::BOTAN_REGISTER_NAMED_T_2LEN ( MessageAuthenticationCode  ,
SipHash  ,
"SipHash"  ,
"builtin"  ,
,
 
)
Botan::BOTAN_REGISTER_NAMED_T_2LEN ( HashFunction  ,
Tiger  ,
"Tiger"  ,
"builtin"  ,
24  ,
 
)
Botan::BOTAN_REGISTER_NAMED_T_NOARGS ( HashFunction  ,
MD4_X86_32  ,
"MD4"  ,
"x86-32"   
)
Botan::BOTAN_REGISTER_NAMED_T_NOARGS ( HashFunction  ,
MD5_X86_32  ,
"MD5"  ,
"x86-32"   
)
Botan::BOTAN_REGISTER_NAMED_T_NOARGS ( BlockCipher  ,
Serpent_X86_32  ,
"Serpent"  ,
"x86-32"   
)
Botan::BOTAN_REGISTER_NAMED_T_NOARGS ( HashFunction  ,
SHA_160_X86_32  ,
"SHA-160"  ,
"x86-32"   
)
Botan::BOTAN_REGISTER_NAMED_T_NOARGS ( HashFunction  ,
SHA_160_X86_64  ,
"SHA-160"  ,
"x86-64"   
)
Botan::BOTAN_REGISTER_PK_KEY_AGREE_OP ( "ECDH"  ,
ECDH_KA_Operation   
)
Botan::BOTAN_REGISTER_PK_KEY_AGREE_OP ( "DH"  ,
DH_KA_Operation   
)
Botan::BOTAN_REGISTER_PK_SIGNATURE_OP ( "NR"  ,
NR_Signature_Operation   
)
Botan::BOTAN_REGISTER_PK_SIGNATURE_OP ( "GOST-34.10"  ,
GOST_3410_Signature_Operation   
)
Botan::BOTAN_REGISTER_PK_VERIFY_OP ( "NR"  ,
NR_Verification_Operation   
)
Botan::BOTAN_REGISTER_PK_VERIFY_OP ( "GOST-34.10"  ,
GOST_3410_Verification_Operation   
)
Botan::BOTAN_REGISTER_TRANSFORM ( ECB_Encryption  ,
make_ecb_mode< ECB_Encryption >   
)
Botan::BOTAN_REGISTER_TRANSFORM ( ECB_Decryption  ,
make_ecb_mode< ECB_Decryption >   
)
Botan::BOTAN_REGISTER_TRANSFORM ( CBC_Encryption  ,
(make_cbc_mode< CBC_Encryption, CTS_Encryption >)   
)
Botan::BOTAN_REGISTER_TRANSFORM ( CBC_Decryption  ,
(make_cbc_mode< CBC_Decryption, CTS_Decryption >)   
)
Botan::BOTAN_REGISTER_TRANSFORM_NOARGS ( ChaCha20Poly1305_Encryption  )
Botan::BOTAN_REGISTER_TRANSFORM_NOARGS ( ChaCha20Poly1305_Decryption  )
Botan::BOTAN_REGISTER_TYPE ( StreamCipher  ,
OpenSSL_RC4  ,
"RC4"  ,
make_new_T< OpenSSL_RC4 >  ,
"openssl"  ,
64   
)
void Botan::botan_serpent_x86_32_decrypt ( const byte  in[16],
byte  out[16],
const u32bit  ks[132] 
)

Entry point for Serpent decryption in x86 asm

Parameters:
inthe input block
outthe output block
ksthe key schedule

Referenced by Botan::Serpent_X86_32::decrypt_n().

void Botan::botan_serpent_x86_32_encrypt ( const byte  in[16],
byte  out[16],
const u32bit  ks[132] 
)

Entry point for Serpent encryption in x86 asm

Parameters:
inthe input block
outthe output block
ksthe key schedule

Referenced by Botan::Serpent_X86_32::encrypt_n().

void Botan::botan_serpent_x86_32_key_schedule ( u32bit  ks[140])

Entry point for Serpent key schedule in x86 asm

Parameters:
ksholds the initial working key (padded), and is set to the final key schedule
template<typename T >
void Botan::bswap_4 ( x[4]) [inline]

Swap 4 Ts in an array

Definition at line 112 of file bswap.h.

References reverse_bytes().

Referenced by load_be(), and load_le().

   {
   x[0] = reverse_bytes(x[0]);
   x[1] = reverse_bytes(x[1]);
   x[2] = reverse_bytes(x[2]);
   x[3] = reverse_bytes(x[3]);
   }
template<typename T , typename Alloc >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const T  input[],
size_t  input_length 
)

Definition at line 105 of file secmem.h.

References copy_mem().

Referenced by Botan::MDx_HashFunction::add_data(), Botan::OFB::set_iv(), Botan::CTR_BE::set_iv(), Botan::Base64_Encoder::write(), and Botan::Hex_Encoder::write().

   {
   const size_t to_copy = std::min(input_length, buf.size() - buf_offset);
   copy_mem(&buf[buf_offset], input, to_copy);
   return to_copy;
   }
template<typename T , typename Alloc , typename Alloc2 >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const std::vector< T, Alloc2 > &  input 
)

Definition at line 116 of file secmem.h.

References copy_mem().

   {
   const size_t to_copy = std::min(input.size(), buf.size() - buf_offset);
   copy_mem(&buf[buf_offset], &input[0], to_copy);
   return to_copy;
   }
BOTAN_DLL calendar_point Botan::calendar_value ( const std::chrono::system_clock::time_point &  time_point)

Definition at line 39 of file calendar.cpp.

Referenced by Botan::EAC_Time::EAC_Time(), and Botan::X509_Time::X509_Time().

   {
   std::tm tm = do_gmtime(std::chrono::system_clock::to_time_t(time_point));

   return calendar_point(tm.tm_year + 1900,
                         tm.tm_mon + 1,
                         tm.tm_mday,
                         tm.tm_hour,
                         tm.tm_min,
                         tm.tm_sec);
   }
u64bit Botan::carry_shift ( const donna128 &  a,
size_t  shift 
) [inline]

Definition at line 102 of file donna128.h.

   {
   return (a >> shift).lo();
   }
template<typename T >
size_t Botan::ceil_log2 ( x)

Definition at line 106 of file bit_ops.h.

Referenced by Botan::McEliece_PublicKey::estimated_strength(), Botan::McEliece_PublicKey::get_message_word_bit_length(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().

   {
   if(x >> (sizeof(T)*8-1))
      return sizeof(T)*8;

   size_t result = 0;
   T compare = 1;

   while(compare < x)
      {
      compare <<= 1;
      result++;
      }

   return result;
   }
bool BOTAN_DLL Botan::check_bcrypt ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters:
passwordthe password to check against
hashthe stored hash to check against

Definition at line 132 of file bcrypt.cpp.

References same_mem(), and to_u32bit().

   {
   if(hash.size() != 60 ||
      hash[0] != '$' || hash[1] != '2' || hash[2] != 'a' ||
      hash[3] != '$' || hash[6] != '$')
      {
      return false;
      }

   const u16bit workfactor = to_u32bit(hash.substr(4, 2));

   const std::vector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22));
   if(salt.size() != 16)
      return false;

   const std::string compare = make_bcrypt(pass, salt, workfactor);

   return same_mem(hash.data(), compare.data(), compare.size());
   }
bool BOTAN_DLL Botan::check_passhash9 ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters:
passwordthe password to check against
hashthe stored hash to check against

Definition at line 81 of file passhash9.cpp.

References base64_decode(), Botan::OctetString::bits_of(), Botan::PBKDF::derive_key(), load_be< u16bit >(), same_mem(), and Botan::ASN1::to_string().

   {
   const size_t BINARY_LENGTH =
     ALGID_BYTES +
     WORKFACTOR_BYTES +
     PASSHASH9_PBKDF_OUTPUT_LEN +
     SALT_BYTES;

   const size_t BASE64_LENGTH =
      MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;

   if(hash.size() != BASE64_LENGTH)
      return false;

   for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)
      if(hash[i] != MAGIC_PREFIX[i])
         return false;

   secure_vector<byte> bin = base64_decode(hash.c_str() + MAGIC_PREFIX.size());

   if(bin.size() != BINARY_LENGTH)
      return false;

   byte alg_id = bin[0];

   const size_t work_factor = load_be<u16bit>(&bin[ALGID_BYTES], 0);

   // Bug in the format, bad states shouldn't be representable, but are...
   if(work_factor == 0)
      return false;

   if(work_factor > 512)
      throw std::invalid_argument("Requested Bcrypt work factor " +
                                  std::to_string(work_factor) + " too large");

   const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;

   MessageAuthenticationCode* pbkdf_prf = get_pbkdf_prf(alg_id);

   if(!pbkdf_prf)
      return false; // unknown algorithm, reject

   PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer

   secure_vector<byte> cmp = kdf.derive_key(
      PASSHASH9_PBKDF_OUTPUT_LEN,
      pass,
      &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,
      kdf_iterations).bits_of();

   return same_mem(&cmp[0],
                   &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],
                   PASSHASH9_PBKDF_OUTPUT_LEN);
   }
bool Botan::check_prime ( const BigInt &  n,
RandomNumberGenerator &  rng 
) [inline]

Definition at line 141 of file numthry.h.

References is_prime().

   { return is_prime(n, rng, 56); }
BOTAN_DLL PK_Signer * Botan::choose_sig_format ( const Private_Key &  key,
const std::string &  hash_fn,
AlgorithmIdentifier &  alg_id 
)

Choose the default signature format for a certain public key signature scheme.

Parameters:
keywill be the key to choose a padding scheme for
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns:
A PK_Signer object for generating signatures

Definition at line 218 of file x509_ca.cpp.

References Botan::Public_Key::algo_name(), Botan::Public_Key::algorithm_identifier(), DER_SEQUENCE, get_hash(), IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::max_input_bits(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, and Botan::AlgorithmIdentifier::parameters.

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::X509_CA().

   {
   const std::string algo_name = key.algo_name();

   std::unique_ptr<HashFunction> hash(get_hash(hash_fn));
   if(!hash)
      throw Algorithm_Not_Found(hash_fn);

   if(key.max_input_bits() < hash->output_length() * 8)
      throw Invalid_Argument("Key is too small for chosen hash function");

   std::string padding;
   if(algo_name == "RSA")
      padding = "EMSA3";
   else if(algo_name == "DSA")
      padding = "EMSA1";
   else if(algo_name == "ECDSA")
      padding = "EMSA1_BSI";
   else
      throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);

   const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;

   padding = padding + '(' + hash->name() + ')';

   sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
   sig_algo.parameters = key.algorithm_identifier().parameters;

   return new PK_Signer(key, padding, format);
   }
size_t Botan::clamp ( size_t  n,
size_t  lower_bound,
size_t  upper_bound 
) [inline]

Clamp

Definition at line 50 of file rounding.h.

References n.

   {
   if(n < lower_bound)
      return lower_bound;
   if(n > upper_bound)
      return upper_bound;
   return n;
   }
std::string Botan::clean_ws ( const std::string &  s)

Definition at line 12 of file read_cfg.cpp.

Referenced by read_cfg().

   {
   const char* ws = " \t\n";
   auto start = s.find_first_not_of(ws);
   auto end = s.find_last_not_of(ws);

   if(start == std::string::npos)
      return "";

   if(end == std::string::npos)
      return s.substr(start, end);
   else
      return s.substr(start, start + end + 1);
   }
template<typename T >
void Botan::clear_mem ( T *  ptr,
size_t  n 
) [inline]
u64bit Botan::combine_lower ( const donna128  a,
size_t  s1,
const donna128  b,
size_t  s2 
) [inline]

Definition at line 107 of file donna128.h.

References Botan::donna128::lo().

   {
   donna128 z = (a >> s1) | (b << s2);
   return z.lo();
   }
template<typename T >
void Botan::copy_mem ( T *  out,
const T *  in,
size_t  n 
) [inline]
template<typename T >
void Botan::copy_out_be ( byte  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 627 of file loadstor.h.

References get_byte(), and store_be().

Referenced by copy_out_vec_be().

   {
   while(out_bytes >= sizeof(T))
      {
      store_be(in[0], out);
      out += sizeof(T);
      out_bytes -= sizeof(T);
      in += 1;
   }

   for(size_t i = 0; i != out_bytes; ++i)
      out[i] = get_byte(i%8, in[0]);
   }
template<typename T >
void Botan::copy_out_le ( byte  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 648 of file loadstor.h.

References get_byte(), and store_le().

Referenced by copy_out_vec_le().

   {
   while(out_bytes >= sizeof(T))
      {
      store_le(in[0], out);
      out += sizeof(T);
      out_bytes -= sizeof(T);
      in += 1;
   }

   for(size_t i = 0; i != out_bytes; ++i)
      out[i] = get_byte(sizeof(T) - 1 - (i % 8), in[0]);
   }
template<typename T , typename Alloc >
void Botan::copy_out_vec_be ( byte  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 642 of file loadstor.h.

References copy_out_be().

Referenced by Botan::SHA_160::copy_out().

   {
   copy_out_be(out, out_bytes, &in[0]);
   }
template<typename T , typename Alloc >
void Botan::copy_out_vec_le ( byte  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 663 of file loadstor.h.

References copy_out_le().

Referenced by Botan::MD4::copy_out(), and Botan::MD5::copy_out().

   {
   copy_out_le(out, out_bytes, &in[0]);
   }
BOTAN_DLL AlternativeName Botan::create_alt_name ( const Data_Store &  info)

Definition at line 568 of file x509cert.cpp.

References Botan::AlternativeName::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::PKCS10_Request::subject_alt_name().

   {
   auto names = info.search_for(
      [](const std::string& key, const std::string&)
      {
         return (key == "RFC822" ||
                 key == "DNS" ||
                 key == "URI" ||
                 key == "IP");
      });

   AlternativeName alt_name;

   for(auto i = names.begin(); i != names.end(); ++i)
      alt_name.add_attribute(i->first, i->second);

   return alt_name;
   }
BOTAN_DLL X509_DN Botan::create_dn ( const Data_Store &  info)

Definition at line 549 of file x509cert.cpp.

References Botan::X509_DN::add_attribute(), and Botan::Data_Store::search_for().

Referenced by Botan::X509_Certificate::issuer_dn(), Botan::X509_CRL::issuer_dn(), Botan::PKCS10_Request::subject_dn(), and Botan::X509_Certificate::subject_dn().

   {
   auto names = info.search_for(
      [](const std::string& key, const std::string&)
      {
         return (key.find("X520.") != std::string::npos);
      });

   X509_DN dn;

   for(auto i = names.begin(); i != names.end(); ++i)
      dn.add_attribute(i->first, i->second);

   return dn;
   }
secure_vector< gf2m > BOTAN_DLL Botan::create_random_error_positions ( unsigned  code_length,
unsigned  error_weight,
RandomNumberGenerator &  rng 
)

Definition at line 92 of file mceliece.cpp.

References random_code_element().

Referenced by Botan::McEliece_PrivateKey::check_key(), and Botan::McEliece_KEM_Encryptor::encrypt().

   {
   secure_vector<gf2m> result(error_weight);
   gf2m i;
   for(i = 0; i < result.size(); i++)
      {
      unsigned j;
      char try_again = 0;
      do
         {
         try_again = 0;
         gf2m new_pos = random_code_element(code_length, rng);
         for(j = 0; j < i; j++)
            {
            if(new_pos == result[j])
               {
               try_again = 1;
               break;
               }
            }
         result[i] = new_pos;
         } while(try_again);
      }
   return result;
   }
template<typename T >
size_t Botan::ctz ( n) [inline]

Count the trailing zero bits in n

Parameters:
nan integer value
Returns:
maximum x st 2^x divides n

Definition at line 97 of file bit_ops.h.

Referenced by low_zero_bits().

   {
   for(size_t i = 0; i != 8*sizeof(T); ++i)
      if((n >> i) & 0x01)
         return i;
   return 8*sizeof(T);
   }
int BOTAN_DLL Botan::curve25519_donna ( uint8_t  mypublic[32],
const uint8_t  secret[32],
const uint8_t  basepoint[32] 
)
int Botan::curve25519_donna ( u8 *  mypublic,
const u8 *  secret,
const u8 *  basepoint 
)

Definition at line 420 of file donna.cpp.

References x.

                                                                      {
  limb bp[5], x[5], z[5], zmone[5];
  uint8_t e[32];
  int i;

  for (i = 0;i < 32;++i) e[i] = secret[i];
  e[0] &= 248;
  e[31] &= 127;
  e[31] |= 64;

  fexpand(bp, basepoint);
  cmult(x, z, e, bp);
  crecip(zmone, z);
  fmul(z, x, zmone);
  fcontract(mypublic, z);
  return 0;
}
ECDSA_Signature Botan::decode_concatenation ( const std::vector< byte > &  concat)

Definition at line 46 of file ecdsa_sig.cpp.

References Botan::BigInt::decode().

Referenced by Botan::EAC1_1_gen_CVC< Derived >::decode_info().

   {
   if(concat.size() % 2 != 0)
      throw Invalid_Argument("Erroneous length of signature");

   const size_t rs_len = concat.size() / 2;

   BigInt r = BigInt::decode(&concat[0], rs_len);
   BigInt s = BigInt::decode(&concat[rs_len], rs_len);

   return ECDSA_Signature(r, s);
   }
BOTAN_DLL ECDSA_PublicKey * Botan::decode_eac1_1_key ( const std::vector< byte > &  enc_key,
AlgorithmIdentifier &  sig_algo 
)

Decode an EAC encoding ECDSA key

Definition at line 91 of file cvc_cert.cpp.

   {
   throw Internal_Error("decode_eac1_1_key: Unimplemented");
   return 0;
   }
void BOTAN_DLL Botan::divide ( const BigInt &  x,
const BigInt &  y,
BigInt &  q,
BigInt &  r 
)

BigInt Division

Parameters:
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

Definition at line 58 of file divide.cpp.

References bigint_divop(), Botan::BigInt::cmp(), Botan::BigInt::grow_to(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), MP_WORD_BITS, MP_WORD_MAX, MP_WORD_TOP_BIT, Botan::BigInt::mutable_data(), n, Botan::BigInt::Positive, q, Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), Botan::BigInt::word_at(), x, and y.

Referenced by Botan::BigInt::encode(), operator%(), and operator/().

   {
   if(y_arg.is_zero())
      throw BigInt::DivideByZero();

   BigInt y = y_arg;
   const size_t y_words = y.sig_words();

   r = x;
   q = 0;

   r.set_sign(BigInt::Positive);
   y.set_sign(BigInt::Positive);

   s32bit compare = r.cmp(y);

   if(compare == 0)
      {
      q = 1;
      r = 0;
      }
   else if(compare > 0)
      {
      size_t shifts = 0;
      word y_top = y.word_at(y.sig_words()-1);
      while(y_top < MP_WORD_TOP_BIT) { y_top <<= 1; ++shifts; }
      y <<= shifts;
      r <<= shifts;

      const size_t n = r.sig_words() - 1, t = y_words - 1;

      if(n < t)
         throw Internal_Error("BigInt division word sizes");

      q.grow_to(n - t + 1);

      word* q_words = q.mutable_data();

      if(n <= t)
         {
         while(r > y) { r -= y; ++q; }
         r >>= shifts;
         sign_fixup(x, y_arg, q, r);
         return;
         }

      BigInt temp = y << (MP_WORD_BITS * (n-t));

      while(r >= temp) { r -= temp; q_words[n-t] += 1; }

      for(size_t j = n; j != t; --j)
         {
         const word x_j0  = r.word_at(j);
         const word x_j1 = r.word_at(j-1);
         const word y_t  = y.word_at(t);

         if(x_j0 == y_t)
            q_words[j-t-1] = MP_WORD_MAX;
         else
            q_words[j-t-1] = bigint_divop(x_j0, x_j1, y_t);

         while(division_check(q_words[j-t-1],
                              y_t, y.word_at(t-1),
                              x_j0, x_j1, r.word_at(j-2)))
            {
            q_words[j-t-1] -= 1;
            }

         r -= (q_words[j-t-1] * y) << (MP_WORD_BITS * (j-t-1));

         if(r.is_negative())
            {
            r += y << (MP_WORD_BITS * (j-t-1));
            q_words[j-t-1] -= 1;
            }
         }
      r >>= shifts;
      }

   sign_fixup(x, y_arg, q, r);
   }
size_t Botan::dl_work_factor ( size_t  prime_group_size)

Estimate work factor for discrete logarithm

Parameters:
prime_group_sizesize of the group in bits
Returns:
estimated security level for this group

Definition at line 19 of file workfactor.cpp.

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DL_Group::DL_Group(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::IF_Scheme_PublicKey::estimated_strength(), and Botan::DL_Scheme_PublicKey::estimated_strength().

   {
   /*
   Based on GNFS work factors. Constant is 1.43 times the asymptotic
   value; I'm not sure but I believe that came from a paper on 'real
   world' runtimes, but I don't remember where now.

   Sample return values:
      |512|  -> 64
      |1024| -> 86
      |1536| -> 102
      |2048| -> 116
      |3072| -> 138
      |4096| -> 155
      |8192| -> 206

   For DL algos, we use an exponent of twice the size of the result;
   the assumption is that an arbitrary discrete log on a group of size
   bits would take about 2^n effort, and thus using an exponent of
   size 2^(2*n) implies that all available attacks are about as easy
   (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x)
   operations) while minimizing the exponent size for performance
   reasons.
   */

   const size_t MIN_WORKFACTOR = 64;

   // approximates natural logarithm of p
   const double log_p = bits / 1.4426;

   const double strength =
      2.76 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0);

   return std::max(static_cast<size_t>(strength), MIN_WORKFACTOR);
   }
secure_vector< byte > BOTAN_DLL Botan::EC2OSP ( const PointGFp &  point,
byte  format 
)

Definition at line 424 of file point_gfp.cpp.

References Botan::BigInt::bytes(), Botan::PointGFp::COMPRESSED, Botan::BigInt::encode_1363(), Botan::PointGFp::get_affine_x(), Botan::PointGFp::get_affine_y(), Botan::BigInt::get_bit(), Botan::PointGFp::get_curve(), Botan::CurveGFp::get_p(), Botan::PointGFp::HYBRID, Botan::PointGFp::is_zero(), and Botan::PointGFp::UNCOMPRESSED.

Referenced by Botan::EC_Group::DER_encode(), Botan::ECDH_PublicKey::public_value(), and Botan::EC_PublicKey::x509_subject_public_key().

   {
   if(point.is_zero())
      return secure_vector<byte>(1); // single 0 byte

   const size_t p_bytes = point.get_curve().get_p().bytes();

   BigInt x = point.get_affine_x();
   BigInt y = point.get_affine_y();

   secure_vector<byte> bX = BigInt::encode_1363(x, p_bytes);
   secure_vector<byte> bY = BigInt::encode_1363(y, p_bytes);

   if(format == PointGFp::UNCOMPRESSED)
      {
      secure_vector<byte> result;
      result.push_back(0x04);

      result += bX;
      result += bY;

      return result;
      }
   else if(format == PointGFp::COMPRESSED)
      {
      secure_vector<byte> result;
      result.push_back(0x02 | static_cast<byte>(y.get_bit(0)));

      result += bX;

      return result;
      }
   else if(format == PointGFp::HYBRID)
      {
      secure_vector<byte> result;
      result.push_back(0x06 | static_cast<byte>(y.get_bit(0)));

      result += bX;
      result += bY;

      return result;
      }
   else
      throw Invalid_Argument("EC2OSP illegal point encoding");
   }
size_t Botan::ecp_work_factor ( size_t  prime_group_size)

Estimate work factor for EC discrete logarithm

Parameters:
prime_group_sizesize of the group in bits
Returns:
estimated security level for this group

Definition at line 14 of file workfactor.cpp.

Referenced by Botan::EC_PublicKey::estimated_strength().

   {
   return bits / 2;
   }
BOTAN_DLL std::string Botan::erase_chars ( const std::string &  str,
const std::set< char > &  chars 
)

Erase characters from a string

Definition at line 278 of file parsing.cpp.

References c.

Referenced by Botan::TLS::Ciphersuite::to_string().

   {
   std::string out;

   for(auto c: str)
      if(chars.count(c) == 0)
         out += c;

   return out;
   }
template<typename T >
u16bit Botan::expand_mask_16bit ( tst)

Expand an input to a bit mask depending on it being being zero or non-zero @ param tst the input

Returns:
the mask 0xFFFF if tst is non-zero and 0 otherwise

Definition at line 25 of file code_based_util.h.

Referenced by Botan::polyn_gf2m::calc_degree_secure(), Botan::polyn_gf2m::eea_with_coefficients(), and Botan::polyn_gf2m::patchup_deg_secure().

   {
   const u16bit result = (tst != 0);
   return ~(result - 1);
   }
BOTAN_DLL Key_Constraints Botan::find_constraints ( const Public_Key &  pub_key,
Key_Constraints  limits 
)

Create the key constraints for a specific public key.

Parameters:
pub_keythe public key from which the basic set of constraints to be placed in the return value is derived
limitsadditional limits that will be incorporated into the return value
Returns:
combination of key type specific constraints and additional limits

Definition at line 46 of file key_constraint.cpp.

References Botan::Public_Key::algo_name(), DATA_ENCIPHERMENT, DIGITAL_SIGNATURE, KEY_AGREEMENT, KEY_ENCIPHERMENT, and NON_REPUDIATION.

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::sign_request().

   {
   const std::string name = pub_key.algo_name();

   size_t constraints = 0;

   if(name == "DH" || name == "ECDH")
      constraints |= KEY_AGREEMENT;

   if(name == "RSA" || name == "ElGamal")
      constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;

   if(name == "RSA" || name == "RW" || name == "NR" ||
      name == "DSA" || name == "ECDSA")
      constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;

   if(limits)
      constraints &= limits;

   return Key_Constraints(constraints);
   }
secure_vector< gf2m > Botan::find_roots_gf2m_decomp ( const polyn_gf2m &  polyn,
u32bit  code_length 
)

Find the roots of a polynomial over GF(2^m) using the method by Federenko et al.

Definition at line 92 of file gf2m_rootfind_dcmp.cpp.

{
  gf2m_decomp_rootfind_state state(polyn, code_length);
  return state.find_roots(polyn);

}
BigInt BOTAN_DLL Botan::gcd ( const BigInt &  x,
const BigInt &  y 
)

Compute the greatest common divisor

Parameters:
xa positive integer
ya positive integer
Returns:
gcd(x,y)

Definition at line 45 of file numthry.cpp.

References Botan::BigInt::is_nonzero(), Botan::BigInt::is_zero(), low_zero_bits(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), x, and y.

Referenced by lcm(), and random_prime().

   {
   if(a.is_zero() || b.is_zero()) return 0;
   if(a == 1 || b == 1)           return 1;

   BigInt x = a, y = b;
   x.set_sign(BigInt::Positive);
   y.set_sign(BigInt::Positive);
   size_t shift = std::min(low_zero_bits(x), low_zero_bits(y));

   x >>= shift;
   y >>= shift;

   while(x.is_nonzero())
      {
      x >>= low_zero_bits(x);
      y >>= low_zero_bits(y);
      if(x >= y) { x -= y; x >>= 1; }
      else       { y -= x; y >>= 1; }
      }

   return (y << shift);
   }
void Botan::gcm_multiply_clmul ( byte  x[16],
const byte  H[16] 
)

Definition at line 14 of file clmul.cpp.

   {
   /*
   * Algorithms 1 and 5 from Intel's CLMUL guide
   */
   const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);

   __m128i a = _mm_loadu_si128(reinterpret_cast<const __m128i*>(&x[0]));
   __m128i b = _mm_loadu_si128(reinterpret_cast<const __m128i*>(&H[0]));

   a = _mm_shuffle_epi8(a, BSWAP_MASK);
   b = _mm_shuffle_epi8(b, BSWAP_MASK);

   __m128i T0, T1, T2, T3, T4, T5;

   T0 = _mm_clmulepi64_si128(a, b, 0x00);
   T1 = _mm_clmulepi64_si128(a, b, 0x01);
   T2 = _mm_clmulepi64_si128(a, b, 0x10);
   T3 = _mm_clmulepi64_si128(a, b, 0x11);

   T1 = _mm_xor_si128(T1, T2);
   T2 = _mm_slli_si128(T1, 8);
   T1 = _mm_srli_si128(T1, 8);
   T0 = _mm_xor_si128(T0, T2);
   T3 = _mm_xor_si128(T3, T1);

   T4 = _mm_srli_epi32(T0, 31);
   T0 = _mm_slli_epi32(T0, 1);

   T5 = _mm_srli_epi32(T3, 31);
   T3 = _mm_slli_epi32(T3, 1);

   T2 = _mm_srli_si128(T4, 12);
   T5 = _mm_slli_si128(T5, 4);
   T4 = _mm_slli_si128(T4, 4);
   T0 = _mm_or_si128(T0, T4);
   T3 = _mm_or_si128(T3, T5);
   T3 = _mm_or_si128(T3, T2);

   T4 = _mm_slli_epi32(T0, 31);
   T5 = _mm_slli_epi32(T0, 30);
   T2 = _mm_slli_epi32(T0, 25);

   T4 = _mm_xor_si128(T4, T5);
   T4 = _mm_xor_si128(T4, T2);
   T5 = _mm_srli_si128(T4, 4);
   T3 = _mm_xor_si128(T3, T5);
   T4 = _mm_slli_si128(T4, 12);
   T0 = _mm_xor_si128(T0, T4);
   T3 = _mm_xor_si128(T3, T0);

   T4 = _mm_srli_epi32(T0, 1);
   T1 = _mm_srli_epi32(T0, 2);
   T2 = _mm_srli_epi32(T0, 7);
   T3 = _mm_xor_si128(T3, T1);
   T3 = _mm_xor_si128(T3, T2);
   T3 = _mm_xor_si128(T3, T4);

   T3 = _mm_shuffle_epi8(T3, BSWAP_MASK);

   _mm_storeu_si128(reinterpret_cast<__m128i*>(&x[0]), T3);
   }
std::string BOTAN_DLL Botan::generate_bcrypt ( const std::string &  password,
RandomNumberGenerator &  rng,
u16bit  work_factor = 10 
)

Create a password hash using Bcrypt

Parameters:
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
See also:
http://www.usenix.org/events/usenix99/provos/provos_html/

Definition at line 125 of file bcrypt.cpp.

References Botan::RandomNumberGenerator::random_vec(), and unlock().

   {
   return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor);
   }
bool BOTAN_DLL Botan::generate_dsa_primes ( RandomNumberGenerator &  rng,
BigInt &  p_out,
BigInt &  q_out,
size_t  pbits,
size_t  qbits,
const std::vector< byte > &  seed 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters:
rnga random number generator
afan algorithm factory
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
seedthe seed used to generate the parameters
Returns:
true if seed generated a valid DSA parameter set, otherwise false. p_out and q_out are only valid if true was returned.

Definition at line 40 of file dsa_gen.cpp.

References Botan::BigInt::binary_decode(), Botan::BigInt::bits(), get_hash(), is_prime(), n, q, Botan::BigInt::set_bit(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group(), and generate_dsa_primes().

   {
   if(!fips186_3_valid_size(pbits, qbits))
      throw Invalid_Argument(
         "FIPS 186-3 does not allow DSA domain parameters of " +
         std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");

   if(seed_c.size() * 8 < qbits)
      throw Invalid_Argument(
         "Generating a DSA parameter set with a " + std::to_string(qbits) +
         "long q requires a seed at least as many bits long");

   std::unique_ptr<HashFunction> hash(get_hash("SHA-" + std::to_string(qbits)));

   const size_t HASH_SIZE = hash->output_length();

   class Seed
      {
      public:
         Seed(const std::vector<byte>& s) : seed(s) {}

         operator std::vector<byte>& () { return seed; }

         Seed& operator++()
            {
            for(size_t j = seed.size(); j > 0; --j)
               if(++seed[j-1])
                  break;
            return (*this);
            }
      private:
         std::vector<byte> seed;
      };

   Seed seed(seed_c);

   q.binary_decode(hash->process(seed));
   q.set_bit(qbits-1);
   q.set_bit(0);

   if(!is_prime(q, rng))
      return false;

   const size_t n = (pbits-1) / (HASH_SIZE * 8),
                b = (pbits-1) % (HASH_SIZE * 8);

   BigInt X;
   std::vector<byte> V(HASH_SIZE * (n+1));

   for(size_t j = 0; j != 4096; ++j)
      {
      for(size_t k = 0; k <= n; ++k)
         {
         ++seed;
         hash->update(seed);
         hash->final(&V[HASH_SIZE * (n-k)]);
         }

      X.binary_decode(&V[HASH_SIZE - 1 - b/8],
                      V.size() - (HASH_SIZE - 1 - b/8));
      X.set_bit(pbits-1);

      p = X - (X % (2*q) - 1);

      if(p.bits() == pbits && is_prime(p, rng))
         return true;
      }
   return false;
   }
std::vector< byte > BOTAN_DLL Botan::generate_dsa_primes ( RandomNumberGenerator &  rng,
BigInt &  p_out,
BigInt &  q_out,
size_t  pbits,
size_t  qbits 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters:
rnga random number generator
afan algorithm factory
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
Returns:
random seed used to generate this parameter set

Definition at line 116 of file dsa_gen.cpp.

References generate_dsa_primes(), and Botan::RandomNumberGenerator::randomize().

   {
   while(true)
      {
      std::vector<byte> seed(qbits / 8);
      rng.randomize(&seed[0], seed.size());

      if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
         return seed;
      }
   }
McEliece_PrivateKey Botan::generate_mceliece_key ( RandomNumberGenerator &  rng,
u32bit  ext_deg,
u32bit  code_length,
u32bit  t 
)

Definition at line 105 of file code_based_key_gen.cpp.

References bit_size_to_32bit_size(), code_length, Botan::polyn_gf2m::sqrt_mod_init(), store_le(), and syndrome_init().

Referenced by Botan::McEliece_PrivateKey::McEliece_PrivateKey().

   {
   u32bit i, j, k, l;
   std::unique_ptr<binary_matrix> R;

   u32bit codimension = t * ext_deg;
   if(code_length <= codimension)
      {
      throw Invalid_Argument("invalid McEliece parameters");
      }
   std::shared_ptr<gf2m_small_m::Gf2m_Field> sp_field ( new Gf2m_Field(ext_deg ));

   //pick the support.........
   std::vector<gf2m> L(code_length);

   for(i=0;i<code_length;i++)
      {
      L[i]=i;
      }
   randomize_support(code_length,L,rng);
   polyn_gf2m g(sp_field); // create as zero
   bool success = false;
   do
      {
      // create a random irreducible polynomial
      g = polyn_gf2m (t, rng, sp_field);

      try{
      R = generate_R(L,&g, sp_field, code_length, t);
      success = true;
      }
      catch(const Invalid_State &)
         {
         }
      } while (!success);

   std::vector<polyn_gf2m> sqrtmod = polyn_gf2m::sqrt_mod_init( g);
   std::vector<polyn_gf2m> F = syndrome_init(g, L, code_length);

   // Each F[i] is the (precomputed) syndrome of the error vector with
   // a single '1' in i-th position.
   // We do not store the F[i] as polynomials of degree t , but
   // as binary vectors of length ext_deg * t (this will
   // speed up the syndrome computation)
   //
   //
   std::vector<u32bit> H(bit_size_to_32bit_size(codimension) * code_length );
   u32bit* sk = &H[0];
   for (i = 0; i < code_length; ++i)
      {
      for (l = 0; l < t; ++l)
         {
         k = (l * ext_deg) / 32;
         j = (l * ext_deg) % 32;
         sk[k] ^= F[i].get_coef( l) << j;
         if (j + ext_deg > 32)
            {
            sk[k + 1] ^= F[i].get_coef( l) >> (32 - j);
            }
         }
      sk += bit_size_to_32bit_size(codimension);
      }

   // We need the support L for decoding (decryption). In fact the
   // inverse is needed

   std::vector<gf2m> Linv(code_length) ;
   for (i = 0; i < code_length; ++i)
      {
      Linv[L[i]] = i;
      }
   std::vector<byte> pubmat (R->m_elem.size() * 4);
   for(i = 0; i < R->m_elem.size(); i++)
      {
      store_le(R->m_elem[i], &pubmat[i*4]);
      }

   return McEliece_PrivateKey(g, H, sqrtmod, Linv, pubmat);
   }
std::string BOTAN_DLL Botan::generate_passhash9 ( const std::string &  password,
RandomNumberGenerator &  rng,
u16bit  work_factor = 10,
byte  alg_id = 1 
)

Create a password hash using PBKDF2

Parameters:
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
alg_idspecifies which PRF to use with PBKDF2 0 is HMAC(SHA-1) 1 is HMAC(SHA-256) 2 is CMAC(Blowfish) 3 is HMAC(SHA-384) 4 is HMAC(SHA-512) all other values are currently undefined

Definition at line 49 of file passhash9.cpp.

References base64_encode(), Botan::PBKDF::derive_key(), get_byte(), Botan::RandomNumberGenerator::randomize(), and Botan::ASN1::to_string().

   {
   MessageAuthenticationCode* prf = get_pbkdf_prf(alg_id);

   if(!prf)
      throw Invalid_Argument("Passhash9: Algorithm id " +
                             std::to_string(alg_id) +
                             " is not defined");

   PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer

   secure_vector<byte> salt(SALT_BYTES);
   rng.randomize(&salt[0], salt.size());

   const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;

   secure_vector<byte> blob;
   blob.push_back(alg_id);
   blob.push_back(get_byte(0, work_factor));
   blob.push_back(get_byte(1, work_factor));
   blob += salt;
   blob += kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,
                          pass,
                          &salt[0], salt.size(),
                          kdf_iterations).bits_of();

   return MAGIC_PREFIX + base64_encode(blob);
   }
BigInt BOTAN_DLL Botan::generate_rfc6979_nonce ( const BigInt &  x,
const BigInt &  q,
const BigInt &  h,
const std::string &  hash 
)
Parameters:
xthe secret (EC)DSA key
qthe group order
hthe message hash already reduced mod q
hashthe hash function used to generate h

Definition at line 28 of file rfc6979.cpp.

References Botan::BigInt::bits(), Botan::BigInt::decode(), Botan::BigInt::encode_1363(), and Botan::Algo_Registry< T >::global_registry().

   {
   auto& macs = Algo_Registry<MessageAuthenticationCode>::global_registry();
   HMAC_DRBG rng(macs.make("HMAC(" + hash + ")"), nullptr);

   const size_t qlen = q.bits();
   const size_t rlen = qlen / 8 + (qlen % 8 ? 1 : 0);

   secure_vector<byte> input = BigInt::encode_1363(x, rlen);

   input += BigInt::encode_1363(h, rlen);

   rng.add_entropy(&input[0], input.size());

   BigInt k;

   secure_vector<byte> kbits(rlen);

   while(k == 0 || k >= q)
      {
      rng.randomize(&kbits[0], kbits.size());
      k = BigInt::decode(kbits) >> (8*rlen - qlen);
      }

   return k;
   }
BigInt BOTAN_DLL Botan::generate_srp6_verifier ( const std::string &  identifier,
const std::string &  password,
const std::vector< byte > &  salt,
const std::string &  group_id,
const std::string &  hash_id 
)

Generate a new SRP-6 verifier

Parameters:
identifiera username or other client identifier
passwordthe secret used to authenticate user
salta randomly chosen value, at least 128 bits long
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function

Definition at line 111 of file srp6.cpp.

References Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), power_mod(), and x.

   {
   const BigInt x = compute_x(hash_id, identifier, password, salt);

   DL_Group group(group_id);
   return power_mod(group.get_g(), x, group.get_p());
   }
BOTAN_DLL AEAD_Mode * Botan::get_aead ( const std::string &  name,
Cipher_Dir  direction 
)

Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX")

Definition at line 12 of file aead.cpp.

References get_cipher_mode().

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), Botan::TLS::Session::encrypt(), mceies_decrypt(), and mceies_encrypt().

   {
   std::unique_ptr<Cipher_Mode> mode(get_cipher_mode(algo_spec, direction));

   if(AEAD_Mode* aead = dynamic_cast<AEAD_Mode*>(mode.get()))
      {
      mode.release();
      return aead;
      }

   return nullptr;
   }
BlockCipherModePaddingMethod * Botan::get_bc_pad ( const std::string &  algo_spec)

Get a block cipher padding method by name

Definition at line 16 of file mode_pad.cpp.

Referenced by make_cbc_mode(), and make_ecb_mode().

   {
   if(algo_spec == "NoPadding")
      return new Null_Padding;

   if(algo_spec == "PKCS7")
      return new PKCS7_Padding;

   if(algo_spec == "OneAndZeros")
      return new OneAndZeros_Padding;

   if(algo_spec == "X9.23")
      return new ANSI_X923_Padding;

   return nullptr;
   }
BOTAN_DLL BlockCipher * Botan::get_block_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)

Block cipher factory method.

Parameters:
algo_specthe name of the desired block cipher
Returns:
pointer to the block cipher object

Definition at line 27 of file lookup.cpp.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

   {
   return make_a<BlockCipher>(algo_spec, provider);
   }
BOTAN_DLL std::vector< std::string > Botan::get_block_cipher_providers ( const std::string &  algo_spec)

Definition at line 47 of file lookup.cpp.

   {
   return providers_of<BlockCipher>(BlockCipher::Spec(algo_spec));
   }
template<typename T >
byte Botan::get_byte ( size_t  byte_num,
input 
) [inline]
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters. No key will be set in the filter.

Parameters:
algo_specthe name of the desired cipher
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns:
pointer to the encryption or decryption filter

Definition at line 12 of file key_filt.cpp.

References c, and get_cipher_mode().

Referenced by Botan::CryptoBox::decrypt(), Botan::CryptoBox::encrypt(), and get_cipher().

   {
   std::unique_ptr<Cipher_Mode> c(get_cipher_mode(algo_spec, direction));
   if(c)
      return new Transform_Filter(c.release());
   throw Algorithm_Not_Found(algo_spec);
   }
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey &  key,
const InitializationVector &  iv,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters.

Parameters:
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
ivthe initialization vector to be used
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns:
pointer to newly allocated encryption or decryption filter

Definition at line 21 of file key_filt.cpp.

References get_cipher(), Botan::OctetString::length(), and Botan::Keyed_Filter::set_iv().

   {
   Keyed_Filter* cipher = get_cipher(algo_spec, key, direction);
   if(iv.length())
      cipher->set_iv(iv);
   return cipher;
   }
BOTAN_DLL Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey &  key,
Cipher_Dir  direction 
)

Factory method for general symmetric cipher filters.

Parameters:
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns:
pointer to the encryption or decryption filter

Definition at line 32 of file key_filt.cpp.

References get_cipher(), and Botan::Keyed_Filter::set_key().

   {
   Keyed_Filter* cipher = get_cipher(algo_spec, direction);
   cipher->set_key(key);
   return cipher;
   }
BOTAN_DLL Cipher_Mode * Botan::get_cipher_mode ( const std::string &  algo_spec,
Cipher_Dir  direction 
)

Definition at line 15 of file cipher_mode.cpp.

References cipher_name, ENCRYPTION, get_stream_cipher(), get_transform(), parse_algorithm_name(), and split_on().

Referenced by botan_cipher_init(), get_aead(), get_cipher(), pbes2_decrypt(), and pbes2_encrypt().

   {
   const std::string provider = "";

   const char* dir_string = (direction == ENCRYPTION) ? "_Encryption" : "_Decryption";

   std::unique_ptr<Transform> t;

   t.reset(get_transform(algo_spec, provider, dir_string));

   if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get()))
      {
      t.release();
      return cipher;
      }

   const std::vector<std::string> algo_parts = split_on(algo_spec, '/');
   if(algo_parts.size() < 2)
      return nullptr;

   const std::string cipher_name = algo_parts[0];
   const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);

   if(mode_info.empty())
      return nullptr;

   std::ostringstream alg_args;

   alg_args << '(' << cipher_name;
   for(size_t i = 1; i < mode_info.size(); ++i)
      alg_args << ',' << mode_info[i];
   for(size_t i = 2; i < algo_parts.size(); ++i)
      alg_args << ',' << algo_parts[i];
   alg_args << ')';

   const std::string mode_name = mode_info[0] + alg_args.str();
   const std::string mode_name_directional = mode_info[0] + dir_string + alg_args.str();

   t.reset(get_transform(mode_name_directional, provider));

   if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get()))
      {
      t.release();
      return cipher;
      }

   t.reset(get_transform(mode_name, provider));

   if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get()))
      {
      t.release();
      return cipher;
      }

   if(StreamCipher* stream_cipher = get_stream_cipher(mode_name, provider))
      return new Stream_Cipher_Mode(stream_cipher);

   return nullptr;
   }
EME * Botan::get_eme ( const std::string &  algo_spec)

Factory method for EME (message-encoding methods for encryption) objects

Parameters:
algo_specthe name of the EME to create
Returns:
pointer to newly allocated object of that type

Definition at line 25 of file get_pk_pad.cpp.

References Botan::SCAN_Name::algo_name().

Referenced by Botan::PK_Decryptor_EME::PK_Decryptor_EME(), and Botan::PK_Encryptor_EME::PK_Encryptor_EME().

   {
   SCAN_Name request(algo_spec);

   if(EME* eme = make_a<EME>(algo_spec))
      return eme;

   if(request.algo_name() == "Raw")
      return nullptr; // No padding

   throw Algorithm_Not_Found(algo_spec);
   }
EMSA * Botan::get_emsa ( const std::string &  algo_spec)

Factory method for EMSA (message-encoding methods for signatures with appendix) objects

Parameters:
algo_specthe name of the EME to create
Returns:
pointer to newly allocated object of that type

Definition at line 15 of file get_pk_pad.cpp.

Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().

   {
   SCAN_Name request(algo_spec);

   if(EMSA* emsa = make_a<EMSA>(algo_spec))
      return emsa;

   throw Algorithm_Not_Found(algo_spec);
   }
HashFunction* Botan::get_hash ( const std::string &  algo_spec,
const std::string &  provider = "" 
) [inline]
BOTAN_DLL HashFunction * Botan::get_hash_function ( const std::string &  algo_spec,
const std::string &  provider = "" 
)

Hash function factory method.

Parameters:
algo_specthe name of the desired hash function
Returns:
pointer to the hash function object

Definition at line 37 of file lookup.cpp.

Referenced by botan_hash_init(), and get_hash().

   {
   return make_a<HashFunction>(algo_spec, provider);
   }
BOTAN_DLL std::vector< std::string > Botan::get_hash_function_providers ( const std::string &  algo_spec)

Definition at line 57 of file lookup.cpp.

   {
   return providers_of<HashFunction>(HashFunction::Spec(algo_spec));
   }
BOTAN_DLL KDF * Botan::get_kdf ( const std::string &  algo_spec)

Factory method for KDF (key derivation function)

Parameters:
algo_specthe name of the KDF to create
Returns:
pointer to newly allocated object of that type

Definition at line 14 of file kdf.cpp.

References Botan::SCAN_Name::algo_name().

Referenced by botan_kdf(), Botan::PK_Key_Agreement::PK_Key_Agreement(), and Botan::TLS::Handshake_State::protocol_specific_prf().

   {
   SCAN_Name request(algo_spec);

   if(request.algo_name() == "Raw")
      return nullptr; // No KDF

   if(KDF* kdf = make_a<KDF>(algo_spec))
      return kdf;
   throw Algorithm_Not_Found(algo_spec);
   }
BOTAN_DLL MessageAuthenticationCode * Botan::get_mac ( const std::string &  algo_spec,
const std::string &  provider = "" 
)

MAC factory method.

Parameters:
algo_specthe name of the desired MAC
Returns:
pointer to the MAC object

Definition at line 42 of file lookup.cpp.

Referenced by botan_mac_init(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), and Botan::TLS::Hello_Verify_Request::Hello_Verify_Request().

   {
   return make_a<MessageAuthenticationCode>(algo_spec, provider);
   }
BOTAN_DLL std::vector< std::string > Botan::get_mac_providers ( const std::string &  algo_spec)

Definition at line 62 of file lookup.cpp.

   {
   return providers_of<MessageAuthenticationCode>(MessageAuthenticationCode::Spec(algo_spec));
   }
BOTAN_DLL PBKDF * Botan::get_pbkdf ( const std::string &  algo_spec,
const std::string &  provider = "" 
)

Password based key derivation function factory method

Parameters:
algo_specthe name of the desired PBKDF algorithm
Returns:
pointer to newly allocated object of that type

Definition at line 70 of file lookup.cpp.

Referenced by botan_pbkdf(), and botan_pbkdf_timed().

   {
   if(PBKDF* pbkdf = make_a<PBKDF>(algo_spec, provider))
      return pbkdf;
   throw Algorithm_Not_Found(algo_spec);
   }
BOTAN_DLL StreamCipher * Botan::get_stream_cipher ( const std::string &  algo_spec,
const std::string &  provider = "" 
)

Stream cipher factory method.

Parameters:
algo_specthe name of the desired stream cipher
Returns:
pointer to the stream cipher object

Definition at line 32 of file lookup.cpp.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), and get_cipher_mode().

   {
   return make_a<StreamCipher>(algo_spec, provider);
   }
BOTAN_DLL std::vector< std::string > Botan::get_stream_cipher_providers ( const std::string &  algo_spec)

Definition at line 52 of file lookup.cpp.

   {
   return providers_of<StreamCipher>(StreamCipher::Spec(algo_spec));
   }
BOTAN_DLL Transform * Botan::get_transform ( const std::string &  specstr,
const std::string &  provider,
const std::string &  dirstr 
)

Definition at line 19 of file lookup.cpp.

References Botan::Algo_Registry< T >::global_registry().

Referenced by get_cipher_mode(), make_compressor(), make_decompressor(), and Botan::AEAD_Filter::set_associated_data().

   {
   Algo_Registry<Transform>::Spec spec(specstr, dirstr);
   return Algo_Registry<Transform>::global_registry().make(spec, provider);
   }
gf2m_small_m::gf2m Botan::gray_to_lex ( gf2m_small_m::gf2m  gray) [inline]

Definition at line 31 of file code_based_util.h.

   {
   gf2m_small_m::gf2m result = gray ^ (gray>>8);
   result ^= (result >> 4);
   result ^= (result >> 2);
   result ^= (result >> 1);
   return result;
   }
template<typename T >
size_t Botan::hamming_weight ( n) [inline]

Compute Hamming weights

Parameters:
nan integer value
Returns:
number of bits in n set to 1

Definition at line 80 of file bit_ops.h.

   {
   const byte NIBBLE_WEIGHTS[] = {
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 };

   size_t weight = 0;
   for(size_t i = 0; i != 2*sizeof(T); ++i)
      weight += NIBBLE_WEIGHTS[(n >> (4*i)) & 0x0F];
   return weight;
   }
std::string Botan::hash_for_deterministic_signature ( const std::string &  emsa)

Definition at line 15 of file rfc6979.cpp.

References Botan::SCAN_Name::arg(), and Botan::SCAN_Name::arg_count().

   {
   SCAN_Name emsa_name(emsa);

   if(emsa_name.arg_count() > 0)
      {
      const std::string pos_hash = emsa_name.arg(0);
      return pos_hash;
      }

   return "SHA-512"; // safe default if nothing we understand
   }
size_t BOTAN_DLL Botan::hex_decode ( byte  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 49 of file hex.cpp.

References clear_mem().

Referenced by Botan::Hex_Decoder::end_msg(), Botan::Data_Store::get1_memvec(), hex_decode(), hex_decode_locked(), Botan::OctetString::OctetString(), Botan::X509_Certificate::subject_public_key_bits(), and Botan::Hex_Decoder::write().

   {
   /*
   * Mapping of hex characters to either their binary equivalent
   * or to an error code.
   *  If valid hex (0-9 A-F a-f), the value.
   *  If whitespace, then 0x80
   *  Otherwise 0xFF
   * Warning: this table assumes ASCII character encodings
   */

   static const byte HEX_TO_BIN[256] = {
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80,
      0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0x80, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01,
      0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
      0x0F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0A, 0x0B, 0x0C,
      0x0D, 0x0E, 0x0F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };

   byte* out_ptr = output;
   bool top_nibble = true;

   clear_mem(output, input_length / 2);

   for(size_t i = 0; i != input_length; ++i)
      {
      const byte bin = HEX_TO_BIN[static_cast<byte>(input[i])];

      if(bin >= 0x10)
         {
         if(bin == 0x80 && ignore_ws)
            continue;

         std::string bad_char(1, input[i]);
         if(bad_char == "\t")
           bad_char = "\\t";
         else if(bad_char == "\n")
           bad_char = "\\n";

         throw std::invalid_argument(
           std::string("hex_decode: invalid hex character '") +
           bad_char + "'");
         }

      *out_ptr |= bin << (top_nibble*4);

      top_nibble = !top_nibble;
      if(top_nibble)
         ++out_ptr;
      }

   input_consumed = input_length;
   size_t written = (out_ptr - output);

   /*
   * We only got half of a byte at the end; zap the half-written
   * output and mark it as unread
   */
   if(!top_nibble)
      {
      *out_ptr = 0;
      input_consumed -= 1;
      }

   return written;
   }
size_t BOTAN_DLL Botan::hex_decode ( byte  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 140 of file hex.cpp.

References hex_decode().

   {
   size_t consumed = 0;
   size_t written = hex_decode(output, input, input_length,
                               consumed, ignore_ws);

   if(consumed != input_length)
      throw std::invalid_argument("hex_decode: input did not have full bytes");

   return written;
   }
size_t BOTAN_DLL Botan::hex_decode ( byte  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
outputan array of at least input_length/2 bytes
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
number of bytes written to output

Definition at line 155 of file hex.cpp.

References hex_decode().

   {
   return hex_decode(output, &input[0], input.length(), ignore_ws);
   }
std::vector< byte > BOTAN_DLL Botan::hex_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded hex output

Definition at line 183 of file hex.cpp.

References hex_decode().

   {
   std::vector<byte> bin(1 + input_length / 2);

   size_t written = hex_decode(&bin[0],
                               input,
                               input_length,
                               ignore_ws);

   bin.resize(written);
   return bin;
   }
std::vector< byte > BOTAN_DLL Botan::hex_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded hex output

Definition at line 198 of file hex.cpp.

References hex_decode().

   {
   return hex_decode(&input[0], input.size(), ignore_ws);
   }
secure_vector< byte > BOTAN_DLL Botan::hex_decode_locked ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded hex output

Definition at line 162 of file hex.cpp.

References hex_decode().

Referenced by Botan::BigInt::decode(), hex_decode_locked(), and Botan::RTSS_Share::RTSS_Share().

   {
   secure_vector<byte> bin(1 + input_length / 2);

   size_t written = hex_decode(&bin[0],
                               input,
                               input_length,
                               ignore_ws);

   bin.resize(written);
   return bin;
   }
secure_vector< byte > BOTAN_DLL Botan::hex_decode_locked ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters:
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns:
decoded hex output

Definition at line 177 of file hex.cpp.

References hex_decode_locked().

   {
   return hex_decode_locked(&input[0], input.size(), ignore_ws);
   }
void BOTAN_DLL Botan::hex_encode ( char  output[],
const byte  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters:
outputan array of at least input_length*2 bytes
inputis some binary data
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?

Definition at line 14 of file hex.cpp.

References x.

Referenced by Botan::Data_Store::add(), Botan::OctetString::as_string(), Botan::BigInt::encode(), Botan::X509_Certificate::fingerprint(), hex_encode(), Botan::TLS::Session_Manager_SQL::load_from_session_id(), Botan::TLS::Session_Manager_In_Memory::load_from_session_id(), Botan::TLS::Session_Manager_SQL::remove_entry(), Botan::TLS::Session_Manager_In_Memory::remove_entry(), Botan::TLS::Session_Manager_SQL::save(), Botan::TLS::Session_Manager_In_Memory::save(), Botan::RTSS_Share::to_string(), and Botan::X509_Certificate::to_string().

   {
   static const byte BIN_TO_HEX_UPPER[16] = {
      '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
      'A', 'B', 'C', 'D', 'E', 'F' };

   static const byte BIN_TO_HEX_LOWER[16] = {
      '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
      'a', 'b', 'c', 'd', 'e', 'f' };

   const byte* tbl = uppercase ? BIN_TO_HEX_UPPER : BIN_TO_HEX_LOWER;

   for(size_t i = 0; i != input_length; ++i)
      {
      byte x = input[i];
      output[2*i  ] = tbl[(x >> 4) & 0x0F];
      output[2*i+1] = tbl[(x     ) & 0x0F];
      }
   }
std::string BOTAN_DLL Botan::hex_encode ( const byte  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters:
inputsome input
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?
Returns:
hexadecimal representation of input

Definition at line 37 of file hex.cpp.

References hex_encode().

   {
   std::string output(2 * input_length, 0);

   if(input_length)
      hex_encode(&output[0], input, input_length, uppercase);

   return output;
   }
template<typename Alloc >
std::string Botan::hex_encode ( const std::vector< byte, Alloc > &  input,
bool  uppercase = true 
)

Perform hex encoding

Parameters:
inputsome input
uppercaseshould output be upper or lower case?
Returns:
hexadecimal representation of input

Definition at line 46 of file hex.h.

References hex_encode().

   {
   return hex_encode(&input[0], input.size(), uppercase);
   }
template<typename T >
size_t Botan::high_bit ( n) [inline]

Return the index of the highest set bit T is an unsigned integer type

Parameters:
nan integer value
Returns:
index of the highest set bit in n

Definition at line 37 of file bit_ops.h.

Referenced by Botan::BigInt::bits(), and Botan::OID::encode_into().

   {
   for(size_t i = 8*sizeof(T); i > 0; --i)
      if((n >> (i - 1)) & 0x01)
         return i;
   return 0;
   }
BOTAN_DLL byte Botan::ieee1363_hash_id ( const std::string &  hash_name)

Return the IEEE 1363 hash identifier

Parameters:
hash_namethe name of the hash function
Returns:
byte code identifying the hash, or 0 if not known

Definition at line 112 of file hash_id.cpp.

Referenced by Botan::EMSA_X931::EMSA_X931().

   {
   if(name == "SHA-160")    return 0x33;

   if(name == "SHA-224")    return 0x38;
   if(name == "SHA-256")    return 0x34;
   if(name == "SHA-384")    return 0x36;
   if(name == "SHA-512")    return 0x35;

   if(name == "RIPEMD-160") return 0x31;
   if(name == "RIPEMD-128") return 0x32;

   if(name == "Whirlpool")  return 0x37;

   return 0;
   }
BigInt BOTAN_DLL Botan::inverse_mod ( const BigInt &  x,
const BigInt &  modulus 
)

Modular inversion

Parameters:
xa positive integer
modulusa positive integer
Returns:
y st (x*y) % modulus == 1

Definition at line 128 of file numthry.cpp.

References Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), low_zero_bits(), and n.

Referenced by Botan::IF_Scheme_PrivateKey::check_key(), Botan::PointGFp::get_affine_x(), Botan::PointGFp::get_affine_y(), Botan::IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RW_PrivateKey::RW_PrivateKey().

   {
   if(mod.is_zero())
      throw BigInt::DivideByZero();
   if(mod.is_negative() || n.is_negative())
      throw Invalid_Argument("inverse_mod: arguments must be non-negative");

   if(n.is_zero() || (n.is_even() && mod.is_even()))
      return 0; // fast fail checks

   if(mod.is_odd())
      return inverse_mod_odd_modulus(n, mod);

   BigInt u = mod, v = n;
   BigInt A = 1, B = 0, C = 0, D = 1;

   while(u.is_nonzero())
      {
      const size_t u_zero_bits = low_zero_bits(u);
      u >>= u_zero_bits;
      for(size_t i = 0; i != u_zero_bits; ++i)
         {
         if(A.is_odd() || B.is_odd())
            { A += n; B -= mod; }
         A >>= 1; B >>= 1;
         }

      const size_t v_zero_bits = low_zero_bits(v);
      v >>= v_zero_bits;
      for(size_t i = 0; i != v_zero_bits; ++i)
         {
         if(C.is_odd() || D.is_odd())
            { C += n; D -= mod; }
         C >>= 1; D >>= 1;
         }

      if(u >= v) { u -= v; A -= C; B -= D; }
      else       { v -= u; C -= A; D -= B; }
      }

   if(v != 1)
      return 0; // no modular inverse

   while(D.is_negative()) D += mod;
   while(D >= mod) D -= mod;

   return D;
   }
BOTAN_DLL std::string Botan::ipv4_to_string ( u32bit  ip_addr)

Convert an IPv4 address to a string

Parameters:
ip_addrthe IPv4 address to convert
Returns:
string representation of the IPv4 address

Definition at line 264 of file parsing.cpp.

References get_byte(), and Botan::ASN1::to_string().

Referenced by Botan::AlternativeName::decode_from().

   {
   std::string str;

   for(size_t i = 0; i != sizeof(ip); ++i)
      {
      if(i)
         str += ".";
      str += std::to_string(get_byte(i, ip));
      }

   return str;
   }
template<typename T >
bool Botan::is_power_of_2 ( arg) [inline]

Power of 2 test. T should be an unsigned integer type

Parameters:
argan integer value
Returns:
true iff arg is 2^n for some n > 0

Definition at line 25 of file bit_ops.h.

Referenced by operator%(), Botan::BigInt::operator%=(), and Botan::BigInt::operator/=().

   {
   return ((arg != 0 && arg != 1) && ((arg & (arg-1)) == 0));
   }
bool BOTAN_DLL Botan::is_prime ( const BigInt &  n,
RandomNumberGenerator &  rng,
size_t  prob = 56,
bool  is_random = false 
)

Check for primality

Parameters:
na positive integer to test for primality
rnga random number generator
probchance of false positive is bounded by 1/2**prob
is_randomtrue if n was randomly chosen by us
Returns:
true if all primality tests passed, otherwise false

Definition at line 287 of file numthry.cpp.

References Botan::BigInt::bits(), Botan::BigInt::is_even(), low_zero_bits(), PRIME_TABLE_SIZE, PRIMES, Botan::BigInt::random_integer(), Botan::BigInt::word_at(), and y.

Referenced by Botan::IF_Scheme_PrivateKey::check_key(), check_prime(), Botan::DL_Group::DL_Group(), generate_dsa_primes(), quick_check_prime(), random_prime(), random_safe_prime(), Botan::DL_Group::verify_group(), and verify_prime().

   {
   if(n == 2)
      return true;
   if(n <= 1 || n.is_even())
      return false;

   // Fast path testing for small numbers (<= 65521)
   if(n <= PRIMES[PRIME_TABLE_SIZE-1])
      {
      const u16bit num = n.word_at(0);

      return std::binary_search(PRIMES, PRIMES + PRIME_TABLE_SIZE, num);
      }

   const size_t test_iterations = mr_test_iterations(n.bits(), prob, is_random);

   const BigInt n_minus_1 = n - 1;
   const size_t s = low_zero_bits(n_minus_1);

   Fixed_Exponent_Power_Mod pow_mod(n_minus_1 >> s, n);
   Modular_Reducer reducer(n);

   for(size_t i = 0; i != test_iterations; ++i)
      {
      const BigInt a = BigInt::random_integer(rng, 2, n_minus_1);

      BigInt y = pow_mod(a);

      if(mr_witness(std::move(y), reducer, n_minus_1, s))
         return false;
      }

   return true;
   }
s32bit BOTAN_DLL Botan::jacobi ( const BigInt &  a,
const BigInt &  n 
)

Compute the Jacobi symbol. If n is prime, this is equivalent to the Legendre symbol.

See also:
http://mathworld.wolfram.com/JacobiSymbol.html
Parameters:
ais a non-negative integer
nis an odd integer > 1
Returns:
(n / m)

Definition at line 15 of file jacobi.cpp.

References Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), low_zero_bits(), n, x, and y.

Referenced by ressol().

   {
   if(a.is_negative())
      throw Invalid_Argument("jacobi: first argument must be non-negative");
   if(n.is_even() || n < 2)
      throw Invalid_Argument("jacobi: second argument must be odd and > 1");

   BigInt x = a, y = n;
   s32bit J = 1;

   while(y > 1)
      {
      x %= y;
      if(x > y / 2)
         {
         x = y - x;
         if(y % 4 == 3)
            J = -J;
         }
      if(x.is_zero())
         return 0;

      size_t shifts = low_zero_bits(x);
      x >>= shifts;
      if(shifts % 2)
         {
         word y_mod_8 = y % 8;
         if(y_mod_8 == 3 || y_mod_8 == 5)
            J = -J;
         }

      if(x % 4 == 3 && y % 4 == 3)
         J = -J;
      std::swap(x, y);
      }
   return J;
   }
BigInt BOTAN_DLL Botan::lcm ( const BigInt &  x,
const BigInt &  y 
)

Least common multiple

Parameters:
xa positive integer
ya positive integer
Returns:
z, smallest integer such that z % x == 0 and z % y == 0

Definition at line 72 of file numthry.cpp.

References gcd().

Referenced by Botan::RSA_PrivateKey::check_key(), Botan::RW_PrivateKey::check_key(), Botan::IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RW_PrivateKey::RW_PrivateKey().

   {
   return ((a * b) / gcd(a, b));
   }
gf2m_small_m::gf2m Botan::lex_to_gray ( gf2m_small_m::gf2m  lex) [inline]

Definition at line 40 of file code_based_util.h.

Referenced by syndrome_init().

   {
   return (lex>>1) ^ lex;
   }
BOTAN_DLL std::vector< std::string > Botan::list_all_readable_files_in_or_under ( const std::string &  dir_path)

Definition at line 23 of file fs.cpp.

Referenced by Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory().

   {
   std::vector<std::string> paths;

#if defined(BOTAN_HAS_BOOST_FILESYSTEM)
   namespace fs = boost::filesystem;

   fs::recursive_directory_iterator end;
   for(fs::recursive_directory_iterator dir(dir_path); dir != end; ++dir)
      {
      if(fs::is_regular_file(dir->path()))
         paths.push_back(dir->path().string());
      }

#elif defined(BOTAN_TARGET_OS_HAS_READDIR)

   std::deque<std::string> dir_list;
   dir_list.push_back(dir_path);

   while(!dir_list.empty())
      {
      const std::string cur_path = dir_list[0];
      dir_list.pop_front();

      std::unique_ptr<DIR, std::function<int (DIR*)>> dir(::opendir(cur_path.c_str()), ::closedir);

      if(dir)
         {
         while(struct dirent* dirent = ::readdir(dir.get()))
            {
            const std::string filename = dirent->d_name;
            if(filename == "." || filename == "..")
               continue;
            const std::string full_path = cur_path + '/' + filename;

            struct stat stat_buf;

            if(::lstat(full_path.c_str(), &stat_buf) == -1)
               continue;

            if(S_ISDIR(stat_buf.st_mode))
               dir_list.push_back(full_path);
            else if(S_ISREG(stat_buf.st_mode))
               paths.push_back(full_path);
            }
         }
      }
#else
  #warning "No filesystem access enabled"
#endif

   std::sort(paths.begin(), paths.end());

   return paths;
   }
template<typename T >
T Botan::load_be ( const byte  in[],
size_t  off 
) [inline]

Load a big-endian word

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th T of in, as a big-endian value

Definition at line 101 of file loadstor.h.

Referenced by Botan::SHA_160::compress_n(), Botan::Noekeon_SIMD::decrypt_n(), and Botan::Noekeon_SIMD::encrypt_n().

   {
   in += off * sizeof(T);
   T out = 0;
   for(size_t i = 0; i != sizeof(T); ++i)
      out = (out << 8) | in[i];
   return out;
   }
template<typename T >
void Botan::load_be ( const byte  in[],
T &  x0,
T &  x1 
) [inline]

Load two big-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 326 of file loadstor.h.

   {
   x0 = load_be<T>(in, 0);
   x1 = load_be<T>(in, 1);
   }
template<typename T >
void Botan::load_be ( const byte  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3 
) [inline]

Load four big-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 341 of file loadstor.h.

   {
   x0 = load_be<T>(in, 0);
   x1 = load_be<T>(in, 1);
   x2 = load_be<T>(in, 2);
   x3 = load_be<T>(in, 3);
   }
template<typename T >
void Botan::load_be ( const byte  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3,
T &  x4,
T &  x5,
T &  x6,
T &  x7 
) [inline]

Load eight big-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 363 of file loadstor.h.

   {
   x0 = load_be<T>(in, 0);
   x1 = load_be<T>(in, 1);
   x2 = load_be<T>(in, 2);
   x3 = load_be<T>(in, 3);
   x4 = load_be<T>(in, 4);
   x5 = load_be<T>(in, 5);
   x6 = load_be<T>(in, 6);
   x7 = load_be<T>(in, 7);
   }
template<typename T >
void Botan::load_be ( out[],
const byte  in[],
size_t  count 
) [inline]

Load a variable number of big-endian words

Parameters:
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 384 of file loadstor.h.

References bswap_4(), and reverse_bytes().

   {
#if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS)
   std::memcpy(out, in, sizeof(T)*count);

#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
   const size_t blocks = count - (count % 4);
   const size_t left = count - blocks;

   for(size_t i = 0; i != blocks; i += 4)
      bswap_4(out + i);

   for(size_t i = 0; i != left; ++i)
      out[blocks+i] = reverse_bytes(out[blocks+i]);
#endif

#else
   for(size_t i = 0; i != count; ++i)
      out[i] = load_be<T>(in, i);
#endif
   }
template<>
u16bit Botan::load_be< u16bit > ( const byte  in[],
size_t  off 
) [inline]

Load a big-endian u16bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u16bit of in, as a big-endian value

Definition at line 133 of file loadstor.h.

References make_u16bit().

Referenced by Botan::TLS::Datagram_Handshake_IO::add_record(), check_passhash9(), Botan::MISTY1::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::MISTY1::encrypt_n(), and Botan::KASUMI::encrypt_n().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u16bit*>(in) + off));
#else
   in += off * sizeof(u16bit);
   return make_u16bit(in[0], in[1]);
#endif
   }
template<>
u32bit Botan::load_be< u32bit > ( const byte  in[],
size_t  off 
) [inline]

Load a big-endian u32bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u32bit of in, as a big-endian value

Definition at line 167 of file loadstor.h.

References make_u32bit().

Referenced by Botan::AlternativeName::decode_from(), Botan::XTEA::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::TEA::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::CAST_128::encrypt_n(), and Botan::TEA::encrypt_n().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u32bit*>(in) + off));
#else
   in += off * sizeof(u32bit);
   return make_u32bit(in[0], in[1], in[2], in[3]);
#endif
   }
template<>
u64bit Botan::load_be< u64bit > ( const byte  in[],
size_t  off 
) [inline]

Load a big-endian u64bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u64bit of in, as a big-endian value

Definition at line 201 of file loadstor.h.

References make_u64bit().

Referenced by rfc3394_keyunwrap().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u64bit*>(in) + off));
#else
   in += off * sizeof(u64bit);
   return make_u64bit(in[0], in[1], in[2], in[3],
                      in[4], in[5], in[6], in[7]);
#endif
   }
template<typename T >
T Botan::load_le ( const byte  in[],
size_t  off 
) [inline]

Load a little-endian word

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th T of in, as a litte-endian value

Definition at line 117 of file loadstor.h.

Referenced by Botan::MD4::compress_n(), and Botan::MD5::compress_n().

   {
   in += off * sizeof(T);
   T out = 0;
   for(size_t i = 0; i != sizeof(T); ++i)
      out = (out << 8) | in[sizeof(T)-1-i];
   return out;
   }
template<typename T >
void Botan::load_le ( const byte  in[],
T &  x0,
T &  x1 
) [inline]

Load two little-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 237 of file loadstor.h.

   {
   x0 = load_le<T>(in, 0);
   x1 = load_le<T>(in, 1);
   }
template<typename T >
void Botan::load_le ( const byte  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3 
) [inline]

Load four little-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 252 of file loadstor.h.

   {
   x0 = load_le<T>(in, 0);
   x1 = load_le<T>(in, 1);
   x2 = load_le<T>(in, 2);
   x3 = load_le<T>(in, 3);
   }
template<typename T >
void Botan::load_le ( const byte  in[],
T &  x0,
T &  x1,
T &  x2,
T &  x3,
T &  x4,
T &  x5,
T &  x6,
T &  x7 
) [inline]

Load eight little-endian words

Parameters:
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 274 of file loadstor.h.

   {
   x0 = load_le<T>(in, 0);
   x1 = load_le<T>(in, 1);
   x2 = load_le<T>(in, 2);
   x3 = load_le<T>(in, 3);
   x4 = load_le<T>(in, 4);
   x5 = load_le<T>(in, 5);
   x6 = load_le<T>(in, 6);
   x7 = load_le<T>(in, 7);
   }
template<typename T >
void Botan::load_le ( out[],
const byte  in[],
size_t  count 
) [inline]

Load a variable number of little-endian words

Parameters:
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 295 of file loadstor.h.

References bswap_4(), and reverse_bytes().

   {
#if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS)
   std::memcpy(out, in, sizeof(T)*count);

#if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
   const size_t blocks = count - (count % 4);
   const size_t left = count - blocks;

   for(size_t i = 0; i != blocks; i += 4)
      bswap_4(out + i);

   for(size_t i = 0; i != left; ++i)
      out[blocks+i] = reverse_bytes(out[blocks+i]);
#endif

#else
   for(size_t i = 0; i != count; ++i)
      out[i] = load_le<T>(in, i);
#endif
   }
template<>
u16bit Botan::load_le< u16bit > ( const byte  in[],
size_t  off 
) [inline]

Load a little-endian u16bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u16bit of in, as a little-endian value

Definition at line 150 of file loadstor.h.

References make_u16bit().

Referenced by Botan::RC2::decrypt_n(), and Botan::RC2::encrypt_n().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u16bit*>(in) + off));
#else
   in += off * sizeof(u16bit);
   return make_u16bit(in[1], in[0]);
#endif
   }
template<>
u32bit Botan::load_le< u32bit > ( const byte  in[],
size_t  off 
) [inline]

Load a little-endian u32bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u32bit of in, as a little-endian value

Definition at line 184 of file loadstor.h.

References make_u32bit().

Referenced by Botan::MARS::decrypt_n(), Botan::RC6::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::RC5::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::Serpent::encrypt_n(), Botan::RC5::encrypt_n(), Botan::RC6::encrypt_n(), Botan::MARS::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::ChaCha::set_iv(), and Botan::Salsa20::set_iv().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u32bit*>(in) + off));
#else
   in += off * sizeof(u32bit);
   return make_u32bit(in[3], in[2], in[1], in[0]);
#endif
   }
template<>
u64bit Botan::load_le< u64bit > ( const byte  in[],
size_t  off 
) [inline]

Load a little-endian u64bit

Parameters:
ina pointer to some bytes
offan offset into the array
Returns:
off'th u64bit of in, as a little-endian value

Definition at line 219 of file loadstor.h.

References make_u64bit().

Referenced by Botan::Threefish_512::decrypt_n(), Botan::Threefish_512::encrypt_n(), and Botan::Threefish_512::set_tweak().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u64bit*>(in) + off));
#else
   in += off * sizeof(u64bit);
   return make_u64bit(in[7], in[6], in[5], in[4],
                      in[3], in[2], in[1], in[0]);
#endif
   }
template<typename T >
size_t Botan::low_bit ( n) [inline]

Return the index of the lowest set bit T is an unsigned integer type

Parameters:
nan integer value
Returns:
index of the lowest set bit in n

Definition at line 52 of file bit_ops.h.

   {
   for(size_t i = 0; i != 8*sizeof(T); ++i)
      if((n >> i) & 0x01)
         return (i + 1);
   return 0;
   }
size_t BOTAN_DLL Botan::low_zero_bits ( const BigInt &  x)
Parameters:
xa positive integer
Returns:
count of the zero bits in x, or, equivalently, the largest value of n such that 2^n divides x evenly. Returns zero if n is less than or equal to zero.

Definition at line 19 of file numthry.cpp.

References ctz(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_positive(), Botan::BigInt::size(), Botan::BigInt::word_at(), and x.

Referenced by gcd(), inverse_mod(), is_prime(), jacobi(), and ressol().

   {
   size_t low_zero = 0;

   if(n.is_positive() && n.is_nonzero())
      {
      for(size_t i = 0; i != n.size(); ++i)
         {
         const word x = n.word_at(i);

         if(x)
            {
            low_zero += ctz(x);
            break;
            }
         else
            low_zero += BOTAN_MP_WORD_BITS;
         }
      }

   return low_zero;
   }
template<typename T >
T* Botan::make_a ( const typename T::Spec &  spec,
const std::string  provider = "" 
)

Definition at line 148 of file algo_registry.h.

References Botan::Algo_Registry< T >::global_registry().

   {
   return Algo_Registry<T>::global_registry().make(spec, provider);
   }
template<typename T >
T* Botan::make_block_cipher_mode ( const Transform::Spec &  spec)

Definition at line 23 of file mode_utils.h.

References Botan::SCAN_Name::arg().

   {
   if(BlockCipher* bc = Algo_Registry<BlockCipher>::global_registry().make(spec.arg(0)))
      return new T(bc->clone());
   return nullptr;
   }
template<typename T , size_t LEN1>
T* Botan::make_block_cipher_mode_len ( const Transform::Spec &  spec)

Definition at line 31 of file mode_utils.h.

References Botan::SCAN_Name::arg(), and Botan::SCAN_Name::arg_as_integer().

   {
   if(BlockCipher* bc = Algo_Registry<BlockCipher>::global_registry().make(spec.arg(0)))
      {
      const size_t len1 = spec.arg_as_integer(1, LEN1);
      return new T(bc->clone(), len1);
      }

   return nullptr;
   }
template<typename T , size_t LEN1, size_t LEN2>
T* Botan::make_block_cipher_mode_len2 ( const Transform::Spec &  spec)

Definition at line 43 of file mode_utils.h.

References Botan::SCAN_Name::arg(), and Botan::SCAN_Name::arg_as_integer().

   {
   if(BlockCipher* bc = Algo_Registry<BlockCipher>::global_registry().make(spec.arg(0)))
      {
      const size_t len1 = spec.arg_as_integer(1, LEN1);
      const size_t len2 = spec.arg_as_integer(2, LEN2);
      return new T(bc->clone(), len1, len2);
      }

   return nullptr;
   }
template<typename CBC_T , typename CTS_T >
Transform* Botan::make_cbc_mode ( const Transform::Spec &  spec)

Definition at line 15 of file cbc.cpp.

References Botan::SCAN_Name::arg(), and get_bc_pad().

   {
   std::unique_ptr<BlockCipher> bc(Algo_Registry<BlockCipher>::global_registry().make(spec.arg(0)));

   if(bc)
      {
      const std::string padding = spec.arg(1, "PKCS7");

      if(padding == "CTS")
         return new CTS_T(bc.release());
      else
         return new CBC_T(bc.release(), get_bc_pad(padding));
      }

   return nullptr;
   }
BOTAN_DLL Transform * Botan::make_compressor ( const std::string &  type,
size_t  level 
)

Definition at line 39 of file compression.cpp.

References get_transform(), and Botan::ASN1::to_string().

   {
   const std::string comp_suffix = "_Compression(" + std::to_string(level) + ")";

   if(type == "zlib")
      return get_transform("Zlib" + comp_suffix);
   if(type == "deflate")
      return get_transform("Deflate" + comp_suffix);
   if(type == "gzip" || type == "gz")
      return get_transform("Gzip" + comp_suffix);
   if(type == "bzip2" || type == "bz2")
      return get_transform("Bzip2" + comp_suffix);
   if(type == "lzma" || type == "xz")
      return get_transform("LZMA" + comp_suffix);

   return nullptr;
   }
EAC1_1_CVC BOTAN_DLL Botan::make_cvc_cert ( PK_Signer &  signer,
const std::vector< byte > &  public_key,
ASN1_Car const &  car,
ASN1_Chr const &  chr,
byte  holder_auth_templ,
ASN1_Ced  ced,
ASN1_Cex  cex,
RandomNumberGenerator &  rng 
)

Create an arbitrary EAC 1.1 CVC. The desired key encoding must be set within the key (if applicable).

Parameters:
signerthe signer used to sign the certificate
public_keythe DER encoded public key to appear in the certificate
carthe CAR of the certificate
chrthe CHR of the certificate
holder_auth_templthe holder authorization value byte to appear in the CHAT of the certificate
cedthe CED to appear in the certificate
cexthe CEX to appear in the certificate
rnga random number generator

Definition at line 98 of file cvc_cert.cpp.

References APPLICATION, Botan::EAC1_1_gen_CVC< EAC1_1_CVC >::build_cert_body(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents_unlocked(), Botan::OIDS::lookup(), Botan::EAC1_1_gen_CVC< EAC1_1_CVC >::make_signed(), OCTET_STRING, Botan::DER_Encoder::raw_bytes(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::CVC_EAC::create_self_signed_cert(), Botan::DE_EAC::link_cvca(), and Botan::DE_EAC::sign_request().

   {
   OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate"));
   std::vector<byte> enc_chat_val;
   enc_chat_val.push_back(holder_auth_templ);

   std::vector<byte> enc_cpi;
   enc_cpi.push_back(0x00);
   std::vector<byte> tbs = DER_Encoder()
      .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi
      .encode(car)
      .raw_bytes(public_key)
      .encode(chr)
      .start_cons(ASN1_Tag(76), APPLICATION)
      .encode(chat_oid)
      .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION)
      .end_cons()
      .encode(ced)
      .encode(cex)
      .get_contents_unlocked();

   std::vector<byte> signed_cert =
      EAC1_1_CVC::make_signed(signer,
                              EAC1_1_CVC::build_cert_body(tbs),
                              rng);

   DataSource_Memory source(signed_cert);
   return EAC1_1_CVC(source);
   }
BOTAN_DLL Transform * Botan::make_decompressor ( const std::string &  type)

Definition at line 57 of file compression.cpp.

References get_transform().

   {
   if(type == "zlib")
      return get_transform("Zlib_Decompression");
   if(type == "deflate")
      return get_transform("Deflate_Decompression");
   if(type == "gzip" || type == "gz")
      return get_transform("Gzip_Decompression");
   if(type == "bzip2" || type == "bz2")
      return get_transform("Bzip2_Decompression");
   if(type == "lzma" || type == "xz")
      return get_transform("LZMA_Decompression");

   return nullptr;
   }
template<typename T >
Transform* Botan::make_ecb_mode ( const Transform::Spec &  spec)

Definition at line 14 of file ecb.cpp.

References Botan::SCAN_Name::arg(), and get_bc_pad().

   {
   std::unique_ptr<BlockCipher> bc(Algo_Registry<BlockCipher>::global_registry().make(spec.arg(0)));
   std::unique_ptr<BlockCipherModePaddingMethod> pad(get_bc_pad(spec.arg(1, "NoPadding")));
   if(bc && pad)
      return new T(bc.release(), pad.release());
   return nullptr;
   }
template<typename T >
T* Botan::make_new_T ( const typename Algo_Registry< T >::Spec &  )

Definition at line 159 of file algo_registry.h.

{ return new T; }
template<typename T , size_t DEF_VAL>
T* Botan::make_new_T_1len ( const typename Algo_Registry< T >::Spec &  spec)

Definition at line 162 of file algo_registry.h.

   {
   return new T(spec.arg_as_integer(0, DEF_VAL));
   }
template<typename T >
T* Botan::make_new_T_1str ( const typename Algo_Registry< T >::Spec &  spec,
const std::string &  def 
)

Definition at line 174 of file algo_registry.h.

   {
   return new T(spec.arg(0, def));
   }
template<typename T >
T* Botan::make_new_T_1str_req ( const typename Algo_Registry< T >::Spec &  spec)

Definition at line 180 of file algo_registry.h.

   {
   return new T(spec.arg(0));
   }
template<typename T , typename X >
T* Botan::make_new_T_1X ( const typename Algo_Registry< T >::Spec &  spec)

Definition at line 186 of file algo_registry.h.

References x.

   {
   std::unique_ptr<X> x(Algo_Registry<X>::global_registry().make(spec.arg(0)));
   if(!x)
      throw std::runtime_error(spec.arg(0));
   return new T(x.release());
   }
template<typename T , size_t DEF1, size_t DEF2>
T* Botan::make_new_T_2len ( const typename Algo_Registry< T >::Spec &  spec)

Definition at line 168 of file algo_registry.h.

   {
   return new T(spec.arg_as_integer(0, DEF1), spec.arg_as_integer(1, DEF2));
   }
template<typename OP , typename T >
OP* Botan::make_pk_op ( const typename T::Spec &  spec)

Definition at line 19 of file pk_utils.h.

   {
   if(auto* key = dynamic_cast<const typename T::Key_Type*>(&spec.key()))
      return new T(*key, spec.padding());
   return nullptr;
   }
Private_Key * Botan::make_private_key ( const AlgorithmIdentifier &  alg_id,
const secure_vector< byte > &  key_bits,
RandomNumberGenerator &  rng 
)

Definition at line 113 of file pk_algs.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), and Botan::AlgorithmIdentifier::oid.

Referenced by Botan::PKCS8::load_key().

   {
   const std::string alg_name = OIDS::lookup(alg_id.oid);
   if(alg_name == "")
      throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string());

#if defined(BOTAN_HAS_RSA)
   if(alg_name == "RSA")
      return new RSA_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_RW)
   if(alg_name == "RW")
      return new RW_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_DSA)
   if(alg_name == "DSA")
      return new DSA_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
   if(alg_name == "DH")
      return new DH_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
   if(alg_name == "NR")
      return new NR_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_ELGAMAL)
   if(alg_name == "ElGamal")
      return new ElGamal_PrivateKey(alg_id, key_bits, rng);
#endif

#if defined(BOTAN_HAS_ECDSA)
   if(alg_name == "ECDSA")
      return new ECDSA_PrivateKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_GOST_34_10_2001)
   if(alg_name == "GOST-34.10")
      return new GOST_3410_PrivateKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_ECDH)
   if(alg_name == "ECDH")
      return new ECDH_PrivateKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_CURVE_25519)
   if(alg_name == "Curve25519")
      return new Curve25519_PrivateKey(alg_id, key_bits, rng);
#endif

   throw Decoding_Error("Unhandled PK algorithm " + alg_name);
   }
Public_Key * Botan::make_public_key ( const AlgorithmIdentifier &  alg_id,
const secure_vector< byte > &  key_bits 
)

Definition at line 53 of file pk_algs.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), and Botan::AlgorithmIdentifier::oid.

Referenced by Botan::X509::load_key().

   {
   const std::string alg_name = OIDS::lookup(alg_id.oid);
   if(alg_name == "")
      throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string());

#if defined(BOTAN_HAS_RSA)
   if(alg_name == "RSA")
      return new RSA_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_RW)
   if(alg_name == "RW")
      return new RW_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_DSA)
   if(alg_name == "DSA")
      return new DSA_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
   if(alg_name == "DH")
      return new DH_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
   if(alg_name == "NR")
      return new NR_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_ELGAMAL)
   if(alg_name == "ElGamal")
      return new ElGamal_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_ECDSA)
   if(alg_name == "ECDSA")
      return new ECDSA_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_GOST_34_10_2001)
   if(alg_name == "GOST-34.10")
      return new GOST_3410_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_ECDH)
   if(alg_name == "ECDH")
      return new ECDH_PublicKey(alg_id, key_bits);
#endif

#if defined(BOTAN_HAS_CURVE_25519)
   if(alg_name == "Curve25519")
      return new Curve25519_PublicKey(alg_id, key_bits);
#endif

   throw Decoding_Error("Unhandled PK algorithm " + alg_name);
   }
u16bit Botan::make_u16bit ( byte  i0,
byte  i1 
) [inline]

Make a u16bit from two bytes

Parameters:
i0the first byte
i1the second byte
Returns:
i0 || i1

Definition at line 48 of file loadstor.h.

Referenced by Botan::TLS::TLS_Data_Reader::get_u16bit(), load_be< u16bit >(), load_le< u16bit >(), and Botan::RTSS_Share::reconstruct().

   {
   return ((static_cast<u16bit>(i0) << 8) | i1);
   }
u32bit Botan::make_u32bit ( byte  i0,
byte  i1,
byte  i2,
byte  i3 
) [inline]

Make a u32bit from four bytes

Parameters:
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
Returns:
i0 || i1 || i2 || i3

Definition at line 61 of file loadstor.h.

Referenced by Botan::TLS::Certificate::Certificate(), Botan::TLS::Stream_Handshake_IO::get_next_record(), Botan::TLS::TLS_Data_Reader::get_u32bit(), load_be< u32bit >(), and load_le< u32bit >().

   {
   return ((static_cast<u32bit>(i0) << 24) |
           (static_cast<u32bit>(i1) << 16) |
           (static_cast<u32bit>(i2) <<  8) |
           (static_cast<u32bit>(i3)));
   }
u64bit Botan::make_u64bit ( byte  i0,
byte  i1,
byte  i2,
byte  i3,
byte  i4,
byte  i5,
byte  i6,
byte  i7 
) [inline]

Make a u32bit from eight bytes

Parameters:
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
i4the fifth byte
i5the sixth byte
i6the seventh byte
i7the eighth byte
Returns:
i0 || i1 || i2 || i3 || i4 || i5 || i6 || i7

Definition at line 81 of file loadstor.h.

Referenced by load_be< u64bit >(), and load_le< u64bit >().

    {
   return ((static_cast<u64bit>(i0) << 56) |
           (static_cast<u64bit>(i1) << 48) |
           (static_cast<u64bit>(i2) << 40) |
           (static_cast<u64bit>(i3) << 32) |
           (static_cast<u64bit>(i4) << 24) |
           (static_cast<u64bit>(i5) << 16) |
           (static_cast<u64bit>(i6) <<  8) |
           (static_cast<u64bit>(i7)));
    }
template<typename T , typename Pred >
void Botan::map_remove_if ( Pred  pred,
T &  assoc 
)

Definition at line 80 of file stl_util.h.

Referenced by Botan::TLS::Channel::activate_session().

   {
   auto i = assoc.begin();
   while(i != assoc.end())
      {
      if(pred(i->first))
         assoc.erase(i++);
      else
         i++;
      }
   }
secure_vector< byte > BOTAN_DLL Botan::mceies_decrypt ( const McEliece_PrivateKey &  privkey,
const secure_vector< byte > &  ct,
byte  ad[],
size_t  ad_len 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and decrypt/authenticate the ciphertext and AD using AES-256 in OCB mode.

Definition at line 70 of file mceies.cpp.

References Botan::McEliece_KEM_Decryptor::decrypt(), DECRYPTION, e, get_aead(), and Botan::McEliece_PublicKey::get_code_length().

   {
   try
      {
      McEliece_KEM_Decryptor kem_op(privkey);

      const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;

      std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", DECRYPTION));
      if(!aead)
         throw std::runtime_error("Unable to create AEAD instance");

      const size_t nonce_len = aead->default_nonce_length();

      if(ct.size() < mce_code_bytes + nonce_len + aead->tag_size())
         throw std::runtime_error("Input message too small to be valid");

      const secure_vector<byte> mce_key = kem_op.decrypt(&ct[0], mce_code_bytes);

      aead->set_key(aead_key(mce_key, *aead));
      aead->set_associated_data(ad, ad_len);

      secure_vector<byte> pt(&ct[mce_code_bytes + nonce_len], &ct[ct.size()]);

      aead->start(&ct[mce_code_bytes], nonce_len);
      aead->finish(pt, 0);
      return pt;
      }
   catch(std::exception& e)
      {
      throw std::runtime_error("mce_decrypt failed: " + std::string(e.what()));
      }
   }
secure_vector< byte > BOTAN_DLL Botan::mceies_encrypt ( const McEliece_PublicKey &  pubkey,
const secure_vector< byte > &  pt,
byte  ad[],
size_t  ad_len,
RandomNumberGenerator &  rng 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and encrypt/authenticate the plaintext and AD using AES-256 in OCB mode.

Definition at line 33 of file mceies.cpp.

References BOTAN_ASSERT, copy_mem(), Botan::McEliece_KEM_Encryptor::encrypt(), ENCRYPTION, get_aead(), Botan::McEliece_PublicKey::get_code_length(), and Botan::RandomNumberGenerator::random_vec().

   {
   McEliece_KEM_Encryptor kem_op(pubkey);

   const std::pair<secure_vector<byte>,secure_vector<byte>> mce_ciphertext__key = kem_op.encrypt(rng);
   const secure_vector<byte>& mce_ciphertext = mce_ciphertext__key.first;
   const secure_vector<byte>& mce_key = mce_ciphertext__key.second;

   const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;

   BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");

   std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", ENCRYPTION));
   if(!aead)
      throw std::runtime_error("mce_encrypt unable to create AEAD instance");

   const size_t nonce_len = aead->default_nonce_length();

   aead->set_key(aead_key(mce_key, *aead));
   aead->set_associated_data(ad, ad_len);

   const secure_vector<byte> nonce = rng.random_vec(nonce_len);

   secure_vector<byte> msg(mce_ciphertext.size() + nonce.size() + pt.size());
   copy_mem(&msg[0], &mce_ciphertext[0], mce_ciphertext.size());
   copy_mem(&msg[mce_ciphertext.size()], &nonce[0], nonce.size());
   copy_mem(&msg[mce_ciphertext.size() + nonce.size()], &pt[0], pt.size());

   aead->start(nonce);
   aead->finish(msg, mce_ciphertext.size() + nonce.size());
   return msg;
   }
secure_vector< byte > Botan::mceliece_decrypt ( secure_vector< gf2m > &  error_pos,
const byte *  ciphertext,
u32bit  ciphertext_len,
const McEliece_PrivateKey &  key 
)
Parameters:
p_err_pos_lenmust point to the available length of err_pos on input, the function will set it to the actual number of errors returned in the err_pos array

Definition at line 133 of file goppa_code.cpp.

References bit_size_to_32bit_size(), bit_size_to_byte_size(), copy_mem(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PrivateKey::get_codimension(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PrivateKey::get_dimension(), Botan::McEliece_PrivateKey::get_goppa_polyn(), Botan::McEliece_PrivateKey::get_H_coeffs(), Botan::McEliece_PrivateKey::get_Linv(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::polyn_gf2m::get_sp_field(), and Botan::McEliece_PrivateKey::get_sqrtmod().

Referenced by Botan::McEliece_Private_Operation::decrypt().

   {

   u32bit dimension = key.get_dimension();
   u32bit codimension = key.get_codimension();
   u32bit t = key.get_goppa_polyn().get_degree();
   polyn_gf2m syndrome_polyn(key.get_goppa_polyn().get_sp_field()); // init as zero polyn
   const unsigned unused_pt_bits = dimension % 8;
   const byte unused_pt_bits_mask = (1 << unused_pt_bits) - 1;

   if(ciphertext_len != (key.get_code_length()+7)/8)
      {
      throw Invalid_Argument("wrong size of McEliece ciphertext");
      }
   u32bit cleartext_len = (key.get_message_word_bit_length()+7)/8;

   if(cleartext_len != bit_size_to_byte_size(dimension))
      {
      throw Invalid_Argument("mce-decryption: wrong length of cleartext buffer");
      }


   secure_vector<u32bit> syndrome_vec(bit_size_to_32bit_size(codimension));
   matrix_arr_mul(
      key.get_H_coeffs(),
      key.get_code_length(),
      bit_size_to_32bit_size(codimension),
      ciphertext,
      &syndrome_vec[0], syndrome_vec.size() );
   secure_vector<byte> syndrome_byte_vec(bit_size_to_byte_size(codimension));
   u32bit syndrome_byte_vec_size = syndrome_byte_vec.size();
   for(u32bit i = 0; i < syndrome_byte_vec_size; i++)
      {
      syndrome_byte_vec[i] = syndrome_vec[i/4] >> (8* (i % 4));
      }
   syndrome_polyn = polyn_gf2m( t-1, &syndrome_byte_vec[0],bit_size_to_byte_size(codimension), key.get_goppa_polyn().get_sp_field());



   syndrome_polyn.get_degree();
   error_pos = goppa_decode(syndrome_polyn, key.get_goppa_polyn(), key.get_sqrtmod(), key.get_Linv());

   u32bit nb_err = error_pos.size();


   secure_vector<byte> cleartext(cleartext_len);
   copy_mem(&cleartext[0], ciphertext, cleartext_len);

   for(u32bit i = 0; i < nb_err; i++)
      {
      gf2m current = error_pos[i];

      if(current >= cleartext_len * 8)
         {
         // an invalid position, this shouldn't happen
         continue;
         }
      cleartext[current / 8] ^= (1 << (current % 8));
      }
   if(unused_pt_bits)
      {
      cleartext[cleartext_len - 1] &= unused_pt_bits_mask;
      }

   return cleartext;
   }
std::vector< byte > Botan::mceliece_encrypt ( const secure_vector< byte > &  cleartext,
const std::vector< byte > &  public_matrix,
const secure_vector< gf2m > &  err_pos,
u32bit  code_length 
)

Definition at line 157 of file mceliece.cpp.

Referenced by Botan::McEliece_Public_Operation::encrypt().

   {
   std::vector<byte> ciphertext = mult_by_pubkey(&cleartext[0], public_matrix, code_length, err_pos.size());

   // flip t error positions
   for(size_t i = 0; i < err_pos.size(); ++i)
      {
      ciphertext[err_pos[i] / 8] ^= (1 << (err_pos[i] % 8));
      }

   return ciphertext;
   }
size_t Botan::mceliece_work_factor ( size_t  code_size,
size_t  k,
size_t  t 
)

Estimate work factor for McEliece

Returns:
estimated security level for these key parameters

Definition at line 94 of file workfactor.cpp.

Referenced by Botan::McEliece_PublicKey::estimated_strength().

   {
   double min = cout_total(n, k, t, 0, 0); // correspond a p=1
   for(size_t p = 0; p != t / 2; ++p)
      {
      double lwf = best_wf(n, k + 1, t, p);
      if(lwf < 0)
         break;

      min = std::min(min, lwf);
      }

   return min;
   }
void Botan::mgf1_mask ( HashFunction &  hash,
const byte  in[],
size_t  in_len,
byte  out[],
size_t  out_len 
)

MGF1 from PKCS #1 v2.0

Definition at line 15 of file mgf1.cpp.

References Botan::Buffered_Computation::final(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().

   {
   u32bit counter = 0;

   while(out_len)
      {
      hash.update(in, in_len);
      hash.update_be(counter);
      secure_vector<byte> buffer = hash.final();

      size_t xored = std::min<size_t>(buffer.size(), out_len);
      xor_buf(out, &buffer[0], xored);
      out += xored;
      out_len -= xored;

      ++counter;
      }
   }
word BOTAN_DLL Botan::monty_inverse ( word  input)

Definition at line 177 of file numthry.cpp.

References bigint_divop(), MP_WORD_MAX, q, x, and y.

Referenced by Botan::Montgomery_Exponentiator::Montgomery_Exponentiator().

   {
   word b = input;
   word x2 = 1, x1 = 0, y2 = 0, y1 = 1;

   // First iteration, a = n+1
   word q = bigint_divop(1, 0, b);
   word r = (MP_WORD_MAX - q*b) + 1;
   word x = x2 - q*x1;
   word y = y2 - q*y1;

   word a = b;
   b = r;
   x2 = x1;
   x1 = x;
   y2 = y1;
   y1 = y;

   while(b > 0)
      {
      q = a / b;
      r = a - q*b;
      x = x2 - q*x1;
      y = y2 - q*y1;

      a = b;
      b = r;
      x2 = x1;
      x1 = x;
      y2 = y1;
      y1 = y;
      }

   // Now invert in addition space
   y2 = (MP_WORD_MAX - y2) + 1;

   return y2;
   }
void Botan::mul64x64_128 ( u64bit  a,
u64bit  b,
u64bit *  lo,
u64bit *  hi 
) [inline]

Perform a 64x64->128 bit multiplication

Definition at line 81 of file mul128.h.

Referenced by operator*(), word_madd2(), and word_madd3().

   {
#if defined(BOTAN_FAST_64X64_MUL)
   BOTAN_FAST_64X64_MUL(a, b, lo, hi);
#else

   /*
   * Do a 64x64->128 multiply using four 32x32->64 multiplies plus
   * some adds and shifts. Last resort for CPUs like UltraSPARC (with
   * 64-bit registers/ALU, but no 64x64->128 multiply) or 32-bit CPUs.
   */
   const size_t HWORD_BITS = 32;
   const u32bit HWORD_MASK = 0xFFFFFFFF;

   const u32bit a_hi = (a >> HWORD_BITS);
   const u32bit a_lo = (a  & HWORD_MASK);
   const u32bit b_hi = (b >> HWORD_BITS);
   const u32bit b_lo = (b  & HWORD_MASK);

   u64bit x0 = static_cast<u64bit>(a_hi) * b_hi;
   u64bit x1 = static_cast<u64bit>(a_lo) * b_hi;
   u64bit x2 = static_cast<u64bit>(a_hi) * b_lo;
   u64bit x3 = static_cast<u64bit>(a_lo) * b_lo;

   // this cannot overflow as (2^32-1)^2 + 2^32-1 < 2^64-1
   x2 += x3 >> HWORD_BITS;

   // this one can overflow
   x2 += x1;

   // propagate the carry if any
   x0 += static_cast<u64bit>(static_cast<bool>(x2 < x1)) << HWORD_BITS;

   *hi = x0 + (x2 >> HWORD_BITS);
   *lo  = ((x2 & HWORD_MASK) << HWORD_BITS) + (x3 & HWORD_MASK);
#endif
   }
BigInt BOTAN_DLL Botan::mul_add ( const BigInt &  a,
const BigInt &  b,
const BigInt &  c 
)

Fused multiply-add

Parameters:
aan integer
ban integer
can integer
Returns:
(a*b)+c

Definition at line 34 of file mp_numth.cpp.

References bigint_add2(), bigint_mul(), Botan::BigInt::data(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::Negative, Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::size().

   {
   if(c.is_negative() || c.is_zero())
      throw Invalid_Argument("mul_add: Third argument must be > 0");

   BigInt::Sign sign = BigInt::Positive;
   if(a.sign() != b.sign())
      sign = BigInt::Negative;

   const size_t a_sw = a.sig_words();
   const size_t b_sw = b.sig_words();
   const size_t c_sw = c.sig_words();

   BigInt r(sign, std::max(a.size() + b.size(), c_sw) + 1);
   secure_vector<word> workspace(r.size());

   bigint_mul(r.mutable_data(), r.size(),
              &workspace[0],
              a.data(), a.size(), a_sw,
              b.data(), b.size(), b_sw);

   const size_t r_size = std::max(r.sig_words(), c_sw);
   bigint_add2(r.mutable_data(), r_size, c.data(), c_sw);
   return r;
   }
PointGFp Botan::multi_exponentiate ( const PointGFp &  p1,
const BigInt &  z1,
const PointGFp &  p2,
const BigInt &  z2 
)

Multiexponentiation

Parameters:
p1a point
z1a scalar
p2a point
z2a scalar
Returns:
(p1 * z1 + p2 * z2)

Definition at line 219 of file point_gfp.cpp.

References Botan::BigInt::bits(), Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), and Botan::PointGFp::negate().

   {
   const PointGFp p3 = p1 + p2;

   PointGFp H(p1.curve); // create as zero
   size_t bits_left = std::max(z1.bits(), z2.bits());

   std::vector<BigInt> ws(9);

   while(bits_left)
      {
      H.mult2(ws);

      const bool z1_b = z1.get_bit(bits_left - 1);
      const bool z2_b = z2.get_bit(bits_left - 1);

      if(z1_b == true && z2_b == true)
         H.add(p3, ws);
      else if(z1_b)
         H.add(p1, ws);
      else if(z2_b)
         H.add(p2, ws);

      --bits_left;
      }

   if(z1.is_negative() != z2.is_negative())
      H.negate();

   return H;
   }
template<typename K , typename V >
void Botan::multimap_insert ( std::multimap< K, V > &  multimap,
const K &  key,
const V &  value 
)

Definition at line 55 of file stl_util.h.

Referenced by Botan::Data_Store::add(), Botan::AlternativeName::add_attribute(), Botan::X509_DN::add_attribute(), Botan::AlternativeName::add_othername(), Botan::AlternativeName::contents(), Botan::X509_DN::contents(), and Botan::X509_DN::get_attributes().

   {
#if defined(BOTAN_BUILD_COMPILER_IS_SUN_STUDIO)
   // Work around a strange bug in Sun Studio
   multimap.insert(std::make_pair<const K, V>(key, value));
#else
   multimap.insert(std::make_pair(key, value));
#endif
   }
bool Botan::operator!= ( EAC1_1_Req const &  lhs,
EAC1_1_Req const &  rhs 
) [inline]

Definition at line 52 of file cvc_req.h.

   {
   return !(lhs == rhs);
   }
bool Botan::operator!= ( const ECDSA_Signature &  lhs,
const ECDSA_Signature &  rhs 
) [inline]

Definition at line 52 of file ecdsa_sig.h.

   {
   return !(lhs == rhs);
   }
BOTAN_DLL bool Botan::operator!= ( const CRL_Entry &  ,
const CRL_Entry &   
)

Test two CRL entries for inequality in at least one field.

Definition at line 54 of file crl_ent.cpp.

   {
   return !(a1 == a2);
   }
bool BOTAN_DLL Botan::operator!= ( const AlgorithmIdentifier &  a1,
const AlgorithmIdentifier &  a2 
)

Definition at line 78 of file alg_id.cpp.

   {
   return !(a1 == a2);
   }
bool Botan::operator!= ( EAC1_1_CVC const &  lhs,
EAC1_1_CVC const &  rhs 
) [inline]

Definition at line 79 of file cvc_cert.h.

   {
   return !(lhs == rhs);
   }
bool Botan::operator!= ( EAC1_1_ADO const &  lhs,
EAC1_1_ADO const &  rhs 
) [inline]

Definition at line 89 of file cvc_ado.h.

   {
   return (!(lhs == rhs));
   }
template<typename T >
bool Botan::operator!= ( const secure_allocator< T > &  ,
const secure_allocator< T > &   
) [inline]

Definition at line 90 of file secmem.h.

   { return false; }
bool BOTAN_DLL Botan::operator!= ( const OID &  a,
const OID &  b 
)

Compare two OIDs.

Parameters:
athe first OID
bthe second OID
Returns:
true if a is not equal to b

Definition at line 97 of file asn1_oid.cpp.

   {
   return !(a == b);
   }
BOTAN_DLL bool Botan::operator!= ( const OctetString &  x,
const OctetString &  y 
)

Compare two strings

Parameters:
xan octet string
yan octet string
Returns:
if x is not equal to y

Definition at line 104 of file symkey.cpp.

   {
   return !(s1 == s2);
   }
bool Botan::operator!= ( const EC_Group &  lhs,
const EC_Group &  rhs 
) [inline]

Definition at line 137 of file ec_group.h.

   {
   return !(lhs == rhs);
   }
bool BOTAN_DLL Botan::operator!= ( const X509_DN &  dn1,
const X509_DN &  dn2 
)

Definition at line 163 of file x509_dn.cpp.

   {
   return !(dn1 == dn2);
   }
bool Botan::operator!= ( const CurveGFp &  lhs,
const CurveGFp &  rhs 
) [inline]

Definition at line 179 of file curve_gfp.h.

   {
   return !(lhs == rhs);
   }
bool BOTAN_DLL Botan::operator!= ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 225 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) != 0);
   }
bool Botan::operator!= ( const ASN1_EAC_String &  lhs,
const ASN1_EAC_String &  rhs 
) [inline]

Definition at line 232 of file eac_asn_obj.h.

   {
   return !(lhs == rhs);
   }
bool Botan::operator!= ( const PointGFp &  lhs,
const PointGFp &  rhs 
) [inline]

Definition at line 235 of file point_gfp.h.

   {
   return !(rhs == lhs);
   }
bool BOTAN_DLL Botan::operator!= ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 290 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) != 0); }
BOTAN_DLL bool Botan::operator!= ( const X509_Certificate &  ,
const X509_Certificate &   
)

Check two certificates for inequality

Returns:
true if the arguments represent different certificates, false if they are binary identical

Definition at line 433 of file x509cert.cpp.

   {
   return !(cert1 == cert2);
   }
bool Botan::operator!= ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 579 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) != 0); }
BigInt BOTAN_DLL Botan::operator% ( const BigInt &  n,
const BigInt &  mod 
)

Definition at line 119 of file big_ops3.cpp.

References divide(), Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), Botan::BigInt::is_zero(), and q.

   {
   if(mod.is_zero())
      throw BigInt::DivideByZero();
   if(mod.is_negative())
      throw Invalid_Argument("BigInt::operator%: modulus must be > 0");
   if(n.is_positive() && mod.is_positive() && n < mod)
      return n;

   BigInt q, r;
   divide(n, mod, q, r);
   return r;
   }
word BOTAN_DLL Botan::operator% ( const BigInt &  n,
word  mod 
)

Definition at line 136 of file big_ops3.cpp.

References bigint_modop(), is_power_of_2(), Botan::BigInt::Negative, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::word_at().

   {
   if(mod == 0)
      throw BigInt::DivideByZero();

   if(is_power_of_2(mod))
      return (n.word_at(0) & (mod - 1));

   word remainder = 0;

   for(size_t j = n.sig_words(); j > 0; --j)
      remainder = bigint_modop(remainder, n.word_at(j-1), mod);

   if(remainder && n.sign() == BigInt::Negative)
      return mod - remainder;
   return remainder;
   }
donna128 Botan::operator* ( const donna128 &  x,
u64bit  y 
) [inline]

Definition at line 74 of file donna128.h.

References BOTAN_ASSERT, Botan::donna128::hi(), Botan::donna128::lo(), mul64x64_128(), and y.

   {
   BOTAN_ASSERT(x.hi() == 0, "High 64 bits of donna128 set to zero during multiply");

   u64bit lo = 0, hi = 0;
   mul64x64_128(x.lo(), y, &lo, &hi);
   return donna128(lo, hi);
   }
BigInt BOTAN_DLL Botan::operator* ( const BigInt &  x,
const BigInt &  y 
)

Definition at line 83 of file big_ops3.cpp.

References bigint_linmul3(), bigint_mul(), Botan::BigInt::data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::size(), and Botan::BigInt::word_at().

   {
   const size_t x_sw = x.sig_words(), y_sw = y.sig_words();

   BigInt z(BigInt::Positive, x.size() + y.size());

   if(x_sw == 1 && y_sw)
      bigint_linmul3(z.mutable_data(), y.data(), y_sw, x.word_at(0));
   else if(y_sw == 1 && x_sw)
      bigint_linmul3(z.mutable_data(), x.data(), x_sw, y.word_at(0));
   else if(x_sw && y_sw)
      {
      secure_vector<word> workspace(z.size());
      bigint_mul(z.mutable_data(), z.size(), &workspace[0],
                 x.data(), x.size(), x_sw,
                 y.data(), y.size(), y_sw);
      }

   if(x_sw && y_sw && x.sign() != y.sign())
      z.flip_sign();
   return z;
   }
PointGFp Botan::operator* ( const BigInt &  scalar,
const PointGFp &  point 
)

Multiplication Operator

Parameters:
scalarthe scalar value
pointthe point value
Returns:
scalar*point on the curve

Definition at line 252 of file point_gfp.cpp.

References Botan::BigInt::abs(), Botan::BigInt::bits(), Botan::BigInt::byte_at(), curve, Botan::BigInt::get_bit(), Botan::PointGFp::get_curve(), Botan::BigInt::get_substring(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), and Botan::PointGFp::negate().

   {
   //BOTAN_ASSERT(point.on_the_curve(), "Input is valid");

   const CurveGFp& curve = point.get_curve();

   if(scalar.is_zero())
      return PointGFp(curve); // zero point

   std::vector<BigInt> ws(9);

   if(scalar.abs() <= 2) // special cases for small values
      {
      byte value = scalar.abs().byte_at(0);

      PointGFp result = point;

      if(value == 2)
         result.mult2(ws);

      if(scalar.is_negative())
         result.negate();

      return result;
      }

   const size_t scalar_bits = scalar.bits();

   PointGFp x1(curve); // zero

   size_t bits_left = scalar_bits;

#if BOTAN_CURVE_GFP_USE_MONTGOMERY_LADDER

   PointGFp x2 = point;
   while(bits_left)
      {
      if(scalar.get_bit(bits_left - 1))
         {
         x1.add(x2, ws);
         x2.mult2(ws);
         }
      else
         {
         x2.add(x1, ws);
         x1.mult2(ws);
         }

      --bits_left;
      }

#else
   const size_t window_bits = 4;

   std::vector<PointGFp> Ps(1 << window_bits);
   Ps[0] = x1;
   Ps[1] = point;

   for(size_t i = 2; i < Ps.size(); ++i)
      {
      Ps[i] = Ps[i-1];
      Ps[i].add(point, ws);
      }

   while(bits_left >= window_bits)
      {
      for(size_t i = 0; i != window_bits; ++i)
         x1.mult2(ws);

      const u32bit nibble = scalar.get_substring(bits_left - window_bits, window_bits);
      x1.add(Ps[nibble], ws);
      bits_left -= window_bits;
      }

   while(bits_left)
      {
      x1.mult2(ws);
      if(scalar.get_bit(bits_left-1))
         x1.add(point, ws);
      --bits_left;
      }

#endif

   if(scalar.is_negative())
      x1.negate();

   //BOTAN_ASSERT(x1.on_the_curve(), "Output is on the curve");

   return x1;
   }
PointGFp Botan::operator* ( const PointGFp &  point,
const BigInt &  scalar 
) [inline]

Definition at line 258 of file point_gfp.h.

   {
   return scalar * point;
   }
BigInt BOTAN_DLL Botan::operator+ ( const BigInt &  x,
const BigInt &  y 
)

Definition at line 19 of file big_ops3.cpp.

References bigint_add3(), bigint_cmp(), bigint_sub3(), Botan::BigInt::data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), and Botan::BigInt::sign().

   {
   const size_t x_sw = x.sig_words(), y_sw = y.sig_words();

   BigInt z(x.sign(), std::max(x_sw, y_sw) + 1);

   if((x.sign() == y.sign()))
      bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
   else
      {
      s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);

      if(relative_size < 0)
         {
         bigint_sub3(z.mutable_data(), y.data(), y_sw, x.data(), x_sw);
         z.set_sign(y.sign());
         }
      else if(relative_size == 0)
         z.set_sign(BigInt::Positive);
      else if(relative_size > 0)
         bigint_sub3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
      }

   return z;
   }
donna128 Botan::operator+ ( const donna128 &  x,
const donna128 &  y 
) [inline]

Definition at line 83 of file donna128.h.

References x, and y.

   {
   donna128 z = x;
   z += y;
   return z;
   }
OID BOTAN_DLL Botan::operator+ ( const OID &  oid,
u32bit  new_comp 
)

Append another component onto the OID.

Parameters:
oidthe OID to add the new component to
new_compthe new component to add

Definition at line 87 of file asn1_oid.cpp.

   {
   OID new_oid(oid);
   new_oid += component;
   return new_oid;
   }
donna128 Botan::operator+ ( const donna128 &  x,
u64bit  y 
) [inline]

Definition at line 90 of file donna128.h.

References x, and y.

   {
   donna128 z = x;
   z += y;
   return z;
   }
BOTAN_DLL OctetString Botan::operator+ ( const OctetString &  x,
const OctetString &  y 
)

Concatenate two strings

Parameters:
xan octet string
yan octet string
Returns:
x concatenated with y

Definition at line 112 of file symkey.cpp.

References Botan::OctetString::bits_of().

   {
   secure_vector<byte> out;
   out += k1.bits_of();
   out += k2.bits_of();
   return OctetString(out);
   }
PointGFp Botan::operator+ ( const PointGFp &  lhs,
const PointGFp &  rhs 
) [inline]

Definition at line 246 of file point_gfp.h.

   {
   PointGFp tmp(lhs);
   return tmp += rhs;
   }
template<typename T , typename Alloc , typename Alloc2 >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

Definition at line 127 of file secmem.h.

References copy_mem().

   {
   const size_t copy_offset = out.size();
   out.resize(out.size() + in.size());
   copy_mem(&out[copy_offset], &in[0], in.size());
   return out;
   }
template<typename T , typename Alloc >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
in 
)

Definition at line 137 of file secmem.h.

   {
   out.push_back(in);
   return out;
   }
template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< const T *, L > &  in 
)

Definition at line 144 of file secmem.h.

References copy_mem().

   {
   const size_t copy_offset = out.size();
   out.resize(out.size() + in.second);
   copy_mem(&out[copy_offset], in.first, in.second);
   return out;
   }
template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< T *, L > &  in 
)

Definition at line 154 of file secmem.h.

References copy_mem().

   {
   const size_t copy_offset = out.size();
   out.resize(out.size() + in.second);
   copy_mem(&out[copy_offset], in.first, in.second);
   return out;
   }
BigInt BOTAN_DLL Botan::operator- ( const BigInt &  x,
const BigInt &  y 
)

Definition at line 48 of file big_ops3.cpp.

References bigint_add3(), bigint_cmp(), bigint_shl2(), bigint_sub3(), Botan::BigInt::data(), Botan::BigInt::Positive, Botan::BigInt::reverse_sign(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

   {
   const size_t x_sw = x.sig_words(), y_sw = y.sig_words();

   s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);

   BigInt z(BigInt::Positive, std::max(x_sw, y_sw) + 1);

   if(relative_size < 0)
      {
      if(x.sign() == y.sign())
         bigint_sub3(z.mutable_data(), y.data(), y_sw, x.data(), x_sw);
      else
         bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
      z.set_sign(y.reverse_sign());
      }
   else if(relative_size == 0)
      {
      if(x.sign() != y.sign())
         bigint_shl2(z.mutable_data(), x.data(), x_sw, 0, 1);
      }
   else if(relative_size > 0)
      {
      if(x.sign() == y.sign())
         bigint_sub3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
      else
         bigint_add3(z.mutable_data(), x.data(), x_sw, y.data(), y_sw);
      z.set_sign(x.sign());
      }
   return z;
   }
PointGFp Botan::operator- ( const PointGFp &  lhs) [inline]

Definition at line 241 of file point_gfp.h.

References Botan::PointGFp::negate().

   {
   return PointGFp(lhs).negate();
   }
PointGFp Botan::operator- ( const PointGFp &  lhs,
const PointGFp &  rhs 
) [inline]

Definition at line 252 of file point_gfp.h.

   {
   PointGFp tmp(lhs);
   return tmp -= rhs;
   }
BigInt BOTAN_DLL Botan::operator/ ( const BigInt &  x,
const BigInt &  y 
)

Definition at line 109 of file big_ops3.cpp.

References divide(), and q.

   {
   BigInt q, r;
   divide(x, y, q, r);
   return q;
   }
bool BOTAN_DLL Botan::operator< ( const OID &  a,
const OID &  b 
)

Compare two OIDs.

Parameters:
athe first OID
bthe second OID
Returns:
true if a is lexicographically smaller than b

Definition at line 105 of file asn1_oid.cpp.

References Botan::OID::get_id().

   {
   const std::vector<u32bit>& oid1 = a.get_id();
   const std::vector<u32bit>& oid2 = b.get_id();

   if(oid1.size() < oid2.size())
      return true;
   if(oid1.size() > oid2.size())
      return false;
   for(size_t i = 0; i != oid1.size(); ++i)
      {
      if(oid1[i] < oid2[i])
         return true;
      if(oid1[i] > oid2[i])
         return false;
      }
   return false;
   }
bool BOTAN_DLL Botan::operator< ( const X509_DN &  dn1,
const X509_DN &  dn2 
)

Definition at line 171 of file x509_dn.cpp.

References Botan::X509_DN::get_attributes().

   {
   auto attr1 = dn1.get_attributes();
   auto attr2 = dn2.get_attributes();

   if(attr1.size() < attr2.size()) return true;
   if(attr1.size() > attr2.size()) return false;

   for(auto p1 = attr1.begin(); p1 != attr1.end(); ++p1)
      {
      auto p2 = attr2.find(p1->first);
      if(p2 == attr2.end())       return false;
      if(p1->second > p2->second) return false;
      if(p1->second < p2->second) return true;
      }
   return false;
   }
bool BOTAN_DLL Botan::operator< ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 245 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) < 0);
   }
bool BOTAN_DLL Botan::operator< ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 298 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) < 0); }
bool Botan::operator< ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 585 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) < 0); }
BOTAN_DLL std::ostream & Botan::operator<< ( std::ostream &  stream,
const BigInt &  n 
)

Definition at line 16 of file big_io.cpp.

References Botan::BigInt::Decimal, Botan::BigInt::encode(), and Botan::BigInt::Hexadecimal.

   {
   BigInt::Base base = BigInt::Decimal;
   if(stream.flags() & std::ios::hex)
      base = BigInt::Hexadecimal;
   else if(stream.flags() & std::ios::oct)
      throw std::runtime_error("Octal output of BigInt not supported");

   if(n == 0)
      stream.write("0", 1);
   else
      {
      if(n < 0)
         stream.write("-", 1);
      const std::vector<byte> buffer = BigInt::encode(n, base);
      size_t skip = 0;
      while(skip < buffer.size() && buffer[skip] == '0')
         ++skip;
      stream.write(reinterpret_cast<const char*>(&buffer[0]) + skip,
                   buffer.size() - skip);
      }
   if(!stream.good())
      throw Stream_IO_Error("BigInt output operator has failed");
   return stream;
   }
int BOTAN_DLL Botan::operator<< ( int  out,
Pipe &  pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters:
outfile descriptor for an open output stream
pipethe pipe

Definition at line 17 of file fd_unix.cpp.

References Botan::Pipe::read(), and Botan::Pipe::remaining().

   {
   secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
   while(pipe.remaining())
      {
      size_t got = pipe.read(&buffer[0], buffer.size());
      size_t position = 0;
      while(got)
         {
         ssize_t ret = write(fd, &buffer[position], got);
         if(ret == -1)
            throw Stream_IO_Error("Pipe output operator (unixfd) has failed");
         position += ret;
         got -= ret;
         }
      }
   return fd;
   }
BigInt BOTAN_DLL Botan::operator<< ( const BigInt &  x,
size_t  shift 
)

Definition at line 157 of file big_ops3.cpp.

References bigint_shl2(), Botan::BigInt::data(), MP_WORD_BITS, Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), x, and y.

   {
   if(shift == 0)
      return x;

   const size_t shift_words = shift / MP_WORD_BITS,
                shift_bits  = shift % MP_WORD_BITS;

   const size_t x_sw = x.sig_words();

   BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0));
   bigint_shl2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
   return y;
   }
BOTAN_DLL std::ostream & Botan::operator<< ( std::ostream &  out,
const X509_DN &  dn 
)

Definition at line 299 of file x509_dn.cpp.

References Botan::X509_DN::contents().

   {
   std::multimap<std::string, std::string> contents = dn.contents();

   for(std::multimap<std::string, std::string>::const_iterator i = contents.begin();
       i != contents.end(); ++i)
      {
      out << to_short_form(i->first) << "=" << i->second << ' ';
      }
   return out;
   }
std::ostream & Botan::operator<< ( std::ostream &  out,
Pipe &  pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters:
outan output stream
pipethe pipe

Definition at line 16 of file pipe_io.cpp.

References Botan::Pipe::read(), and Botan::Pipe::remaining().

   {
   secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
   while(stream.good() && pipe.remaining())
      {
      size_t got = pipe.read(&buffer[0], buffer.size());
      stream.write(reinterpret_cast<const char*>(&buffer[0]), got);
      }
   if(!stream.good())
      throw Stream_IO_Error("Pipe output operator (iostream) has failed");
   return stream;
   }
bool BOTAN_DLL Botan::operator<= ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 230 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) <= 0);
   }
bool BOTAN_DLL Botan::operator<= ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 293 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) <= 0); }
bool Botan::operator<= ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 581 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) <= 0); }
BOTAN_DLL bool Botan::operator== ( const CRL_Entry &  ,
const CRL_Entry &   
)

Test two CRL entries for equality in all fields.

Definition at line 40 of file crl_ent.cpp.

References Botan::CRL_Entry::expire_time(), Botan::CRL_Entry::reason_code(), and Botan::CRL_Entry::serial_number().

   {
   if(a1.serial_number() != a2.serial_number())
      return false;
   if(a1.expire_time() != a2.expire_time())
      return false;
   if(a1.reason_code() != a2.reason_code())
      return false;
   return true;
   }
bool BOTAN_DLL Botan::operator== ( const AlgorithmIdentifier &  a1,
const AlgorithmIdentifier &  a2 
)

Definition at line 66 of file alg_id.cpp.

References Botan::AlgorithmIdentifier::oid, and Botan::AlgorithmIdentifier::parameters.

   {
   if(a1.oid != a2.oid)
      return false;
   if(a1.parameters != a2.parameters)
      return false;
   return true;
   }
template<typename T >
bool Botan::operator== ( const secure_allocator< T > &  ,
const secure_allocator< T > &   
) [inline]

Definition at line 86 of file secmem.h.

   { return true; }
BOTAN_DLL bool Botan::operator== ( const OctetString &  x,
const OctetString &  y 
)

Compare two strings

Parameters:
xan octet string
yan octet string
Returns:
if x is equal to y

Definition at line 96 of file symkey.cpp.

References Botan::OctetString::bits_of().

   {
   return (s1.bits_of() == s2.bits_of());
   }
bool BOTAN_DLL Botan::operator== ( const ASN1_EAC_String &  lhs,
const ASN1_EAC_String &  rhs 
)

Definition at line 114 of file asn1_eac_str.cpp.

References Botan::ASN1_EAC_String::iso_8859().

   {
   return (lhs.iso_8859() == rhs.iso_8859());
   }
bool BOTAN_DLL Botan::operator== ( const X509_DN &  dn1,
const X509_DN &  dn2 
)

Definition at line 135 of file x509_dn.cpp.

References Botan::X509_DN::get_attributes(), and x500_name_cmp().

   {
   auto attr1 = dn1.get_attributes();
   auto attr2 = dn2.get_attributes();

   if(attr1.size() != attr2.size()) return false;

   auto p1 = attr1.begin();
   auto p2 = attr2.begin();

   while(true)
      {
      if(p1 == attr1.end() && p2 == attr2.end())
         break;
      if(p1 == attr1.end())      return false;
      if(p2 == attr2.end())      return false;
      if(p1->first != p2->first) return false;
      if(!x500_name_cmp(p1->second, p2->second))
         return false;
      ++p1;
      ++p2;
      }
   return true;
   }
bool Botan::operator== ( const CurveGFp &  lhs,
const CurveGFp &  rhs 
) [inline]

Equality operator

Parameters:
lhsa curve
rhsa curve
Returns:
true iff lhs is the same as rhs

Definition at line 172 of file curve_gfp.h.

References Botan::CurveGFp::get_a(), Botan::CurveGFp::get_b(), and Botan::CurveGFp::get_p().

   {
   return (lhs.get_p() == rhs.get_p()) &&
          (lhs.get_a() == rhs.get_a()) &&
          (lhs.get_b() == rhs.get_b());
   }
bool BOTAN_DLL Botan::operator== ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 220 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) == 0);
   }
bool BOTAN_DLL Botan::operator== ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 288 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) == 0); }
bool Botan::operator== ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 577 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) == 0); }
bool BOTAN_DLL Botan::operator> ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 240 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) > 0);
   }
bool BOTAN_DLL Botan::operator> ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 300 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) > 0); }
bool Botan::operator> ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 587 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) > 0); }
bool BOTAN_DLL Botan::operator>= ( const EAC_Time &  t1,
const EAC_Time &  t2 
)

Definition at line 235 of file asn1_eac_tm.cpp.

References Botan::EAC_Time::cmp().

   {
   return (t1.cmp(t2) >= 0);
   }
bool BOTAN_DLL Botan::operator>= ( const X509_Time &  t1,
const X509_Time &  t2 
)

Definition at line 295 of file asn1_time.cpp.

References Botan::X509_Time::cmp().

   { return (t1.cmp(t2) >= 0); }
bool Botan::operator>= ( const BigInt &  a,
const BigInt &  b 
) [inline]

Definition at line 583 of file bigint.h.

References Botan::BigInt::cmp().

   { return (a.cmp(b) >= 0); }
int BOTAN_DLL Botan::operator>> ( int  in,
Pipe &  pipe 
)

File descriptor input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters:
infile descriptor for an open input stream
pipethe pipe

Definition at line 39 of file fd_unix.cpp.

References Botan::Pipe::write().

   {
   secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
   while(true)
      {
      ssize_t ret = read(fd, &buffer[0], buffer.size());
      if(ret == 0) break;
      if(ret == -1)
         throw Stream_IO_Error("Pipe input operator (unixfd) has failed");
      pipe.write(&buffer[0], ret);
      }
   return fd;
   }
BOTAN_DLL std::istream & Botan::operator>> ( std::istream &  stream,
BigInt &  n 
)

Definition at line 45 of file big_io.cpp.

   {
   std::string str;
   std::getline(stream, str);
   if(stream.bad() || (stream.fail() && !stream.eof()))
      throw Stream_IO_Error("BigInt input operator has failed");
   n = BigInt(str);
   return stream;
   }
BigInt BOTAN_DLL Botan::operator>> ( const BigInt &  x,
size_t  shift 
)

Definition at line 175 of file big_ops3.cpp.

References bigint_shr2(), Botan::BigInt::bits(), Botan::BigInt::data(), MP_WORD_BITS, Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), Botan::BigInt::sign(), x, and y.

   {
   if(shift == 0)
      return x;
   if(x.bits() <= shift)
      return 0;

   const size_t shift_words = shift / MP_WORD_BITS,
                shift_bits  = shift % MP_WORD_BITS,
                x_sw = x.sig_words();

   BigInt y(x.sign(), x_sw - shift_words);
   bigint_shr2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
   return y;
   }
std::istream & Botan::operator>> ( std::istream &  in,
Pipe &  pipe 
)

Stream input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters:
inthe input stream
pipethe pipe

Definition at line 32 of file pipe_io.cpp.

References Botan::Pipe::write().

   {
   secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
   while(stream.good())
      {
      stream.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
      pipe.write(&buffer[0], stream.gcount());
      }
   if(stream.bad() || (stream.fail() && !stream.eof()))
      throw Stream_IO_Error("Pipe input operator (iostream) has failed");
   return stream;
   }
BOTAN_DLL OctetString Botan::operator^ ( const OctetString &  x,
const OctetString &  y 
)

XOR two strings

Parameters:
xan octet string
yan octet string
Returns:
x XORed with y

Definition at line 123 of file symkey.cpp.

References Botan::OctetString::begin(), copy_mem(), Botan::OctetString::length(), and xor_buf().

   {
   secure_vector<byte> ret(std::max(k1.length(), k2.length()));

   copy_mem(&ret[0], k1.begin(), k1.length());
   xor_buf(&ret[0], k2.begin(), k2.length());
   return OctetString(ret);
   }
template<typename T , typename Alloc , typename Alloc2 >
std::vector<T, Alloc>& Botan::operator^= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

Definition at line 132 of file xor_buf.h.

References xor_buf().

   {
   if(out.size() < in.size())
      out.resize(in.size());

   xor_buf(&out[0], &in[0], in.size());
   return out;
   }
donna128 Botan::operator| ( const donna128 &  x,
const donna128 &  y 
) [inline]

Definition at line 97 of file donna128.h.

References Botan::donna128::hi(), and Botan::donna128::lo().

   {
   return donna128(x.lo() | y.lo(), x.hi() | y.hi());
   }
template<typename Alloc >
PointGFp Botan::OS2ECP ( const std::vector< byte, Alloc > &  data,
const CurveGFp &  curve 
)

Definition at line 270 of file point_gfp.h.

References curve, and OS2ECP().

   { return OS2ECP(&data[0], data.size(), curve); }
PointGFp BOTAN_DLL Botan::OS2ECP ( const byte  data[],
size_t  data_len,
const CurveGFp &  curve 
)

Definition at line 498 of file point_gfp.cpp.

References Botan::BigInt::decode(), Botan::PointGFp::on_the_curve(), Botan::ASN1::to_string(), x, and y.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::EC_Group::EC_Group(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::EC_PublicKey::EC_PublicKey(), and OS2ECP().

   {
   if(data_len <= 1)
      return PointGFp(curve); // return zero

   const byte pc = data[0];

   BigInt x, y;

   if(pc == 2 || pc == 3)
      {
      //compressed form
      x = BigInt::decode(&data[1], data_len - 1);

      const bool y_mod_2 = ((pc & 0x01) == 1);
      y = decompress_point(y_mod_2, x, curve);
      }
   else if(pc == 4)
      {
      const size_t l = (data_len - 1) / 2;

      // uncompressed form
      x = BigInt::decode(&data[1], l);
      y = BigInt::decode(&data[l+1], l);
      }
   else if(pc == 6 || pc == 7)
      {
      const size_t l = (data_len - 1) / 2;

      // hybrid form
      x = BigInt::decode(&data[1], l);
      y = BigInt::decode(&data[l+1], l);

      const bool y_mod_2 = ((pc & 0x01) == 1);

      if(decompress_point(y_mod_2, x, curve) != y)
         throw Illegal_Point("OS2ECP: Decoding error in hybrid format");
      }
   else
      throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc));

   PointGFp result(curve, x, y);

   if(!result.on_the_curve())
      throw Illegal_Point("OS2ECP: Decoded point was not on the curve");

   return result;
   }
BOTAN_DLL std::vector< std::string > Botan::parse_algorithm_name ( const std::string &  scan_name)

Parse a SCAN-style algorithm name

Parameters:
scan_namethe name
Returns:
the name components

Definition at line 63 of file parsing.cpp.

References c.

Referenced by get_cipher_mode(), and Botan::X509_Object::hash_used_for_signature().

   {
   if(namex.find('(') == std::string::npos &&
      namex.find(')') == std::string::npos)
      return std::vector<std::string>(1, namex);

   std::string name = namex, substring;
   std::vector<std::string> elems;
   size_t level = 0;

   elems.push_back(name.substr(0, name.find('(')));
   name = name.substr(name.find('('));

   for(auto i = name.begin(); i != name.end(); ++i)
      {
      char c = *i;

      if(c == '(')
         ++level;
      if(c == ')')
         {
         if(level == 1 && i == name.end() - 1)
            {
            if(elems.size() == 1)
               elems.push_back(substring.substr(1));
            else
               elems.push_back(substring);
            return elems;
            }

         if(level == 0 || (level == 1 && i != name.end() - 1))
            throw Invalid_Algorithm_Name(namex);
         --level;
         }

      if(c == ',' && level == 1)
         {
         if(elems.size() == 1)
            elems.push_back(substring.substr(1));
         else
            elems.push_back(substring);
         substring.clear();
         }
      else
         substring += c;
      }

   if(substring != "")
      throw Invalid_Algorithm_Name(namex);

   return elems;
   }
BOTAN_DLL std::vector< u32bit > Botan::parse_asn1_oid ( const std::string &  oid)

Parse an ASN.1 OID

Parameters:
oidthe OID in string form
Returns:
OID components

Definition at line 167 of file parsing.cpp.

References c, and to_u32bit().

Referenced by Botan::OID::OID().

   {
   std::string substring;
   std::vector<u32bit> oid_elems;

   for(auto i = oid.begin(); i != oid.end(); ++i)
      {
      char c = *i;

      if(c == '.')
         {
         if(substring == "")
            throw Invalid_OID(oid);
         oid_elems.push_back(to_u32bit(substring));
         substring.clear();
         }
      else
         substring += c;
      }

   if(substring == "")
      throw Invalid_OID(oid);
   oid_elems.push_back(to_u32bit(substring));

   if(oid_elems.size() < 2)
      throw Invalid_OID(oid);

   return oid_elems;
   }
secure_vector< byte > BOTAN_DLL Botan::pbes2_decrypt ( const secure_vector< byte > &  key_bits,
const std::string &  passphrase,
const std::vector< byte > &  params 
)

Decrypt a PKCS #5 v2.0 encrypted stream

Parameters:
key_bitsthe input
passphrasethe passphrase to use for decryption
paramsthe PBES2 parameters

Definition at line 107 of file pbes2.cpp.

References Botan::OID::as_string(), CONSTRUCTED, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_optional(), DECRYPTION, Botan::PBKDF::derive_key(), Botan::BER_Decoder::end_cons(), get_cipher_mode(), INTEGER, Botan::OIDS::lookup(), OCTET_STRING, Botan::AlgorithmIdentifier::oid, Botan::AlgorithmIdentifier::parameters, SEQUENCE, split_on(), Botan::BER_Decoder::start_cons(), UNIVERSAL, Botan::AlgorithmIdentifier::USE_NULL_PARAM, and Botan::BER_Decoder::verify_end().

   {
   AlgorithmIdentifier kdf_algo, enc_algo;

   BER_Decoder(params)
      .start_cons(SEQUENCE)
         .decode(kdf_algo)
         .decode(enc_algo)
         .verify_end()
      .end_cons();

   AlgorithmIdentifier prf_algo;

   if(kdf_algo.oid != OIDS::lookup("PKCS5.PBKDF2"))
      throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
                           kdf_algo.oid.as_string());

   secure_vector<byte> salt;
   size_t iterations = 0, key_length = 0;

   BER_Decoder(kdf_algo.parameters)
      .start_cons(SEQUENCE)
         .decode(salt, OCTET_STRING)
         .decode(iterations)
         .decode_optional(key_length, INTEGER, UNIVERSAL)
         .decode_optional(prf_algo, SEQUENCE, CONSTRUCTED,
                          AlgorithmIdentifier("HMAC(SHA-160)",
                                              AlgorithmIdentifier::USE_NULL_PARAM))
      .verify_end()
      .end_cons();

   const std::string cipher = OIDS::lookup(enc_algo.oid);
   const std::vector<std::string> cipher_spec = split_on(cipher, '/');
   if(cipher_spec.size() != 2)
      throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
   if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM")
      throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher);

   if(salt.size() < 8)
      throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small");

   secure_vector<byte> iv;
   BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end();

   const std::string prf = OIDS::lookup(prf_algo.oid);
   PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf));

   std::unique_ptr<Cipher_Mode> dec(get_cipher_mode(cipher, DECRYPTION));

   if(key_length == 0)
      key_length = dec->key_spec().maximum_keylength();

   dec->set_key(pbkdf.derive_key(key_length, passphrase, &salt[0], salt.size(),
                                 iterations).bits_of());

   dec->start(iv);

   secure_vector<byte> buf = key_bits;
   dec->finish(buf);

   return buf;
   }
std::pair< AlgorithmIdentifier, std::vector< byte > > BOTAN_DLL Botan::pbes2_encrypt ( const secure_vector< byte > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator &  rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters:
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 65 of file pbes2.cpp.

References Botan::PBKDF::derive_key(), ENCRYPTION, get_cipher_mode(), Botan::OIDS::lookup(), Botan::RandomNumberGenerator::random_vec(), split_on(), and unlock().

Referenced by Botan::PKCS8::BER_encode().

   {
   const std::string prf = "HMAC(" + digest + ")";

   const std::vector<std::string> cipher_spec = split_on(cipher, '/');
   if(cipher_spec.size() != 2)
      throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);

   const secure_vector<byte> salt = rng.random_vec(12);

   if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM")
      throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher);

   std::unique_ptr<Cipher_Mode> enc(get_cipher_mode(cipher, ENCRYPTION));

   PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf));

   const size_t key_length = enc->key_spec().maximum_keylength();
   size_t iterations = 0;

   secure_vector<byte> iv = rng.random_vec(enc->default_nonce_length());

   enc->set_key(pbkdf.derive_key(key_length, passphrase, &salt[0], salt.size(),
                                msec, iterations).bits_of());

   enc->start(iv);
   secure_vector<byte> buf = key_bits;
   enc->finish(buf);

   AlgorithmIdentifier id(
      OIDS::lookup("PBE-PKCS5v20"),
      encode_pbes2_params(cipher, prf, salt, iv, iterations, key_length));

   return std::make_pair(id, unlock(buf));
   }
BOTAN_DLL size_t Botan::pbkdf2 ( MessageAuthenticationCode &  prf,
byte  out[],
size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
size_t  iterations,
std::chrono::milliseconds  msec 
)

Definition at line 30 of file pbkdf2.cpp.

References clear_mem(), Botan::Buffered_Computation::final(), Botan::MessageAuthenticationCode::name(), Botan::Buffered_Computation::output_length(), round_up(), Botan::SymmetricAlgorithm::set_key(), Botan::ASN1::to_string(), Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().

Referenced by Botan::PKCS5_PBKDF2::pbkdf().

   {
   clear_mem(out, out_len);

   if(out_len == 0)
      return 0;

   try
      {
      prf.set_key(reinterpret_cast<const byte*>(passphrase.data()), passphrase.size());
      }
   catch(Invalid_Key_Length)
      {
      throw std::runtime_error("PBKDF2 with " + prf.name() +
                               " cannot accept passphrases of length " +
                               std::to_string(passphrase.size()));
      }

   const size_t prf_sz = prf.output_length();
   secure_vector<byte> U(prf_sz);

   const size_t blocks_needed = round_up(out_len, prf_sz) / prf_sz;

   std::chrono::microseconds usec_per_block =
      std::chrono::duration_cast<std::chrono::microseconds>(msec) / blocks_needed;

   u32bit counter = 1;
   while(out_len)
      {
      const size_t prf_output = std::min<size_t>(prf_sz, out_len);

      prf.update(salt, salt_len);
      prf.update_be(counter++);
      prf.final(&U[0]);

      xor_buf(out, &U[0], prf_output);

      if(iterations == 0)
         {
         /*
         If no iterations set, run the first block to calibrate based
         on how long hashing takes on whatever machine we're running on.
         */

         const auto start = std::chrono::high_resolution_clock::now();

         iterations = 1; // the first iteration we did above

         while(true)
            {
            prf.update(U);
            prf.final(&U[0]);
            xor_buf(out, &U[0], prf_output);
            iterations++;

            /*
            Only break on relatively 'even' iterations. For one it
            avoids confusion, and likely some broken implementations
            break on getting completely randomly distributed values
            */
            if(iterations % 10000 == 0)
               {
               auto time_taken = std::chrono::high_resolution_clock::now() - start;
               auto usec_taken = std::chrono::duration_cast<std::chrono::microseconds>(time_taken);
               if(usec_taken > usec_per_block)
                  break;
               }
            }
         }
      else
         {
         for(size_t i = 1; i != iterations; ++i)
            {
            prf.update(U);
            prf.final(&U[0]);
            xor_buf(out, &U[0], prf_output);
            }
         }

      out_len -= prf_output;
      out += prf_output;
      }

   return iterations;
   }
BOTAN_DLL secure_vector< byte > Botan::PGP_decode ( DataSource &  source,
std::string &  label,
std::map< std::string, std::string > &  headers 
)
Parameters:
sourcethe input source
labelis set to the human-readable label
headersis set to any headers
Returns:
decoded output as raw binary

Definition at line 70 of file openpgp.cpp.

References Botan::Pipe::end_msg(), Botan::Charset::is_space(), Botan::Pipe::read_all(), Botan::Pipe::read_all_as_string(), Botan::DataSource::read_byte(), Botan::Pipe::start_msg(), and Botan::Pipe::write().

Referenced by PGP_decode().

   {
   const size_t RANDOM_CHAR_LIMIT = 5;

   const std::string PGP_HEADER1 = "-----BEGIN PGP ";
   const std::string PGP_HEADER2 = "-----";
   size_t position = 0;

   while(position != PGP_HEADER1.length())
      {
      byte b;
      if(!source.read_byte(b))
         throw Decoding_Error("PGP: No PGP header found");
      if(b == PGP_HEADER1[position])
         ++position;
      else if(position >= RANDOM_CHAR_LIMIT)
         throw Decoding_Error("PGP: Malformed PGP header");
      else
         position = 0;
      }
   position = 0;
   while(position != PGP_HEADER2.length())
      {
      byte b;
      if(!source.read_byte(b))
         throw Decoding_Error("PGP: No PGP header found");
      if(b == PGP_HEADER2[position])
         ++position;
      else if(position)
         throw Decoding_Error("PGP: Malformed PGP header");

      if(position == 0)
         label += static_cast<char>(b);
      }

   headers.clear();
   bool end_of_headers = false;
   while(!end_of_headers)
      {
      std::string this_header;
      byte b = 0;
      while(b != '\n')
         {
         if(!source.read_byte(b))
            throw Decoding_Error("PGP: Bad armor header");
         if(b != '\n')
            this_header += static_cast<char>(b);
         }

      end_of_headers = true;
      for(size_t j = 0; j != this_header.length(); ++j)
         if(!Charset::is_space(this_header[j]))
            end_of_headers = false;

      if(!end_of_headers)
         {
         std::string::size_type pos = this_header.find(": ");
         if(pos == std::string::npos)
            throw Decoding_Error("OpenPGP: Bad headers");

         std::string key = this_header.substr(0, pos);
         std::string value = this_header.substr(pos + 2, std::string::npos);
         headers[key] = value;
         }
      }

   Pipe base64(new Base64_Decoder,
               new Fork(nullptr,
                        new Chain(new Hash_Filter(new CRC24),
                                  new Base64_Encoder)
                  )
      );
   base64.start_msg();

   const std::string PGP_TRAILER = "-----END PGP " + label + "-----";
   position = 0;
   bool newline_seen = 0;
   std::string crc;
   while(position != PGP_TRAILER.length())
      {
      byte b;
      if(!source.read_byte(b))
         throw Decoding_Error("PGP: No PGP trailer found");
      if(b == PGP_TRAILER[position])
         ++position;
      else if(position)
         throw Decoding_Error("PGP: Malformed PGP trailer");

      if(b == '=' && newline_seen)
         {
         while(b != '\n')
            {
            if(!source.read_byte(b))
               throw Decoding_Error("PGP: Bad CRC tail");
            if(b != '\n')
               crc += static_cast<char>(b);
            }
         }
      else if(b == '\n')
         newline_seen = true;
      else if(position == 0)
         {
         base64.write(b);
         newline_seen = false;
         }
      }
   base64.end_msg();

   if(crc != "" && crc != base64.read_all_as_string(1))
      throw Decoding_Error("PGP: Corrupt CRC");

   return base64.read_all();
   }
BOTAN_DLL secure_vector< byte > Botan::PGP_decode ( DataSource &  source,
std::string &  label 
)
Parameters:
sourcethe input source
labelis set to the human-readable label
Returns:
decoded output as raw binary

Definition at line 189 of file openpgp.cpp.

References PGP_decode().

   {
   std::map<std::string, std::string> ignored;
   return PGP_decode(source, label, ignored);
   }
BOTAN_DLL std::string Botan::PGP_encode ( const byte  input[],
size_t  length,
const std::string &  label,
const std::map< std::string, std::string > &  headers 
)
Parameters:
inputthe input data
lengthlength of input in bytes
labelthe human-readable label
headersa set of key/value pairs included in the header

Definition at line 19 of file openpgp.cpp.

References Botan::Pipe::process_msg(), and Botan::Pipe::read_all_as_string().

Referenced by PGP_encode().

   {
   const std::string PGP_HEADER = "-----BEGIN PGP " + label + "-----\n";
   const std::string PGP_TRAILER = "-----END PGP " + label + "-----\n";
   const size_t PGP_WIDTH = 64;

   std::string pgp_encoded = PGP_HEADER;

   if(headers.find("Version") != headers.end())
      pgp_encoded += "Version: " + headers.find("Version")->second + '\n';

   std::map<std::string, std::string>::const_iterator i = headers.begin();
   while(i != headers.end())
      {
      if(i->first != "Version")
         pgp_encoded += i->first + ": " + i->second + '\n';
      ++i;
      }
   pgp_encoded += '\n';

   Pipe pipe(new Fork(
                new Base64_Encoder(true, PGP_WIDTH),
                new Chain(new Hash_Filter(new CRC24), new Base64_Encoder)
                )
      );

   pipe.process_msg(input, length);

   pgp_encoded += pipe.read_all_as_string(0);
   pgp_encoded += '=' + pipe.read_all_as_string(1) + '\n';
   pgp_encoded += PGP_TRAILER;

   return pgp_encoded;
   }
BOTAN_DLL std::string Botan::PGP_encode ( const byte  input[],
size_t  length,
const std::string &  label 
)
Parameters:
inputthe input data
lengthlength of input in bytes
labelthe human-readable label

Definition at line 60 of file openpgp.cpp.

References PGP_encode().

   {
   std::map<std::string, std::string> empty;
   return PGP_encode(input, length, type, empty);
   }
BOTAN_DLL std::vector< byte > Botan::pkcs_hash_id ( const std::string &  hash_name)

Return the PKCS #1 hash identifier

See also:
RFC 3447 section 9.2
Parameters:
hash_namethe name of the hash function
Returns:
byte sequence identifying the hash
Exceptions:
Invalid_Argumentif the hash has no known PKCS #1 hash id

Definition at line 60 of file hash_id.cpp.

Referenced by Botan::EMSA_PKCS1v15::EMSA_PKCS1v15().

   {
   // Special case for SSL/TLS RSA signatures
   if(name == "Parallel(MD5,SHA-160)")
      return std::vector<byte>();

   if(name == "MD2")
      return std::vector<byte>(MD2_PKCS_ID,
                               MD2_PKCS_ID + sizeof(MD2_PKCS_ID));

   if(name == "MD5")
      return std::vector<byte>(MD5_PKCS_ID,
                               MD5_PKCS_ID + sizeof(MD5_PKCS_ID));

   if(name == "RIPEMD-128")
      return std::vector<byte>(RIPEMD_128_PKCS_ID,
                               RIPEMD_128_PKCS_ID + sizeof(RIPEMD_128_PKCS_ID));

   if(name == "RIPEMD-160")
      return std::vector<byte>(RIPEMD_160_PKCS_ID,
                               RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID));

   if(name == "SHA-160")
      return std::vector<byte>(SHA_160_PKCS_ID,
                               SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID));

   if(name == "SHA-224")
      return std::vector<byte>(SHA_224_PKCS_ID,
                               SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID));

   if(name == "SHA-256")
      return std::vector<byte>(SHA_256_PKCS_ID,
                               SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID));

   if(name == "SHA-384")
      return std::vector<byte>(SHA_384_PKCS_ID,
                               SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID));

   if(name == "SHA-512")
      return std::vector<byte>(SHA_512_PKCS_ID,
                               SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID));

   if(name == "Tiger(24,3)")
      return std::vector<byte>(TIGER_PKCS_ID,
                               TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID));

   throw Invalid_Argument("No PKCS #1 identifier for " + name);
   }
BigInt BOTAN_DLL Botan::power_mod ( const BigInt &  b,
const BigInt &  x,
const BigInt &  m 
)

Modular exponentation

Parameters:
ban integer base
xa positive exponent
ma positive modulus
Returns:
(b^x) % m

Definition at line 219 of file numthry.cpp.

References Botan::Power_Mod::execute(), Botan::Power_Mod::set_base(), and Botan::Power_Mod::set_exponent().

Referenced by Botan::DL_Scheme_PrivateKey::check_key(), Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), generate_srp6_verifier(), Botan::NR_PrivateKey::NR_PrivateKey(), ressol(), srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and Botan::SRP6_Server_Session::step2().

   {
   Power_Mod pow_mod(mod);

   /*
   * Calling set_base before set_exponent means we end up using a
   * minimal window. This makes sense given that here we know that any
   * precomputation is wasted.
   */
   pow_mod.set_base(base);
   pow_mod.set_exponent(exp);
   return pow_mod.execute();
   }
template<typename T >
void Botan::prefetch_readonly ( const T *  addr,
size_t  length 
) [inline]

Definition at line 16 of file prefetch.h.

References Botan::CPUID::cache_line_size().

   {
#if defined(__GNUG__)
   const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);

   for(size_t i = 0; i <= length; i += Ts_per_cache_line)
      __builtin_prefetch(addr + i, 0);
#endif
   }
template<typename T >
void Botan::prefetch_readwrite ( const T *  addr,
size_t  length 
) [inline]

Definition at line 27 of file prefetch.h.

References Botan::CPUID::cache_line_size().

   {
#if defined(__GNUG__)
   const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);

   for(size_t i = 0; i <= length; i += Ts_per_cache_line)
      __builtin_prefetch(addr + i, 1);
#endif
   }
template<typename T >
std::vector<std::string> Botan::providers_of ( const typename T::Spec &  spec)

Definition at line 153 of file algo_registry.h.

References Botan::Algo_Registry< T >::global_registry().

   {
   return Algo_Registry<T>::global_registry().providers_of(spec);
   }
bool Botan::quick_check_prime ( const BigInt &  n,
RandomNumberGenerator &  rng 
) [inline]

Definition at line 138 of file numthry.h.

References is_prime().

   { return is_prime(n, rng, 32); }
gf2m Botan::random_code_element ( unsigned  code_length,
Botan::RandomNumberGenerator rng 
)

number of leading zeros

Definition at line 66 of file polyn_gf2m.cpp.

References Botan::RandomNumberGenerator::randomize().

Referenced by create_random_error_positions(), and Botan::polyn_gf2m::polyn_gf2m().

   {
   if(code_length == 0)
      {
      throw Invalid_Argument("random_code_element() was supplied a code length of zero");
      }
   unsigned nlz = nlz_16bit(code_length-1);
   gf2m mask = (1 << (16-nlz)) -1;
   gf2m result;
   do
      {
      rng.randomize(reinterpret_cast<byte*>(&result), sizeof(result));
      result &= mask;
      } while(result >= code_length); // rejection sampling
   return result;
   }
BigInt BOTAN_DLL Botan::random_prime ( RandomNumberGenerator &  rng,
size_t  bits,
const BigInt &  coprime = 1,
size_t  equiv = 1,
size_t  equiv_mod = 2 
)

Randomly generate a prime

Parameters:
rnga random number generator
bitshow large the resulting prime should be in bits
coprimea positive integer the result should be coprime to
equiva non-negative number that the result should be equivalent to modulo equiv_mod
equiv_modthe modulus equiv should be checked against
Returns:
random prime with the specified criteria

Definition at line 17 of file make_prm.cpp.

References Botan::BigInt::bits(), gcd(), is_prime(), Botan::RandomNumberGenerator::next_byte(), PRIME_TABLE_SIZE, PRIMES, Botan::BigInt::set_bit(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group(), random_safe_prime(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RW_PrivateKey::RW_PrivateKey().

   {
   if(bits <= 1)
      throw Invalid_Argument("random_prime: Can't make a prime of " +
                             std::to_string(bits) + " bits");
   else if(bits == 2)
      return ((rng.next_byte() % 2) ? 2 : 3);
   else if(bits == 3)
      return ((rng.next_byte() % 2) ? 5 : 7);
   else if(bits == 4)
      return ((rng.next_byte() % 2) ? 11 : 13);

   if(coprime <= 0)
      throw Invalid_Argument("random_prime: coprime must be > 0");
   if(modulo % 2 == 1 || modulo == 0)
      throw Invalid_Argument("random_prime: Invalid modulo value");
   if(equiv >= modulo || equiv % 2 == 0)
      throw Invalid_Argument("random_prime: equiv must be < modulo, and odd");

   while(true)
      {
      BigInt p(rng, bits);

      // Force lowest and two top bits on
      p.set_bit(bits - 1);
      p.set_bit(bits - 2);
      p.set_bit(0);

      if(p % modulo != equiv)
         p += (modulo - p % modulo) + equiv;

      const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE);
      secure_vector<u16bit> sieve(sieve_size);

      for(size_t j = 0; j != sieve.size(); ++j)
         sieve[j] = p % PRIMES[j];

      size_t counter = 0;
      while(true)
         {
         if(counter == 4096 || p.bits() > bits)
            break;

         bool passes_sieve = true;
         ++counter;
         p += modulo;

         if(p.bits() > bits)
            break;

         for(size_t j = 0; j != sieve.size(); ++j)
            {
            sieve[j] = (sieve[j] + modulo) % PRIMES[j];
            if(sieve[j] == 0)
               passes_sieve = false;
            }

         if(!passes_sieve || gcd(p - 1, coprime) != 1)
            continue;
         if(is_prime(p, rng, 64, true))
            return p;
         }
      }
   }
BigInt BOTAN_DLL Botan::random_safe_prime ( RandomNumberGenerator &  rng,
size_t  bits 
)

Return a 'safe' prime, of the form p=2*q+1 with q prime

Parameters:
rnga random number generator
bitsis how long the resulting prime should be
Returns:
prime randomly chosen from safe primes of length bits

Definition at line 87 of file make_prm.cpp.

References is_prime(), random_prime(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Group::DL_Group().

   {
   if(bits <= 64)
      throw Invalid_Argument("random_safe_prime: Can't make a prime of " +
                             std::to_string(bits) + " bits");

   BigInt p;
   do
      p = (random_prime(rng, bits - 1) << 1) + 1;
   while(!is_prime(p, rng, 64, true));
   return p;
   }
std::map< std::string, std::string > Botan::read_cfg ( std::istream &  is)

Definition at line 27 of file read_cfg.cpp.

References clean_ws(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Text_Policy::Text_Policy().

   {
   std::map<std::string, std::string> kv;
   size_t line = 0;

   while(is.good())
      {
      std::string s;

      std::getline(is, s);

      ++line;

      if(s == "" || s[0] == '#')
         continue;

      s = clean_ws(s.substr(0, s.find('#')));

      if(s == "")
         continue;

      auto eq = s.find("=");

      if(eq == std::string::npos || eq == 0 || eq == s.size() - 1)
         throw std::runtime_error("Bad read_cfg input '" + s + "' on line " + std::to_string(line));

      const std::string key = clean_ws(s.substr(0, eq));
      const std::string val = clean_ws(s.substr(eq + 1, std::string::npos));

      kv[key] = val;
      }

   return kv;
   }
BOTAN_DLL std::string Botan::replace_char ( const std::string &  str,
char  from_char,
char  to_char 
)

Replace a character in a string

Parameters:
strthe input string
from_charthe character to replace
to_charthe character to replace it with
Returns:
str with all instances of from_char replaced by to_char

Definition at line 302 of file parsing.cpp.

   {
   std::string out = str;

   for(size_t i = 0; i != out.size(); ++i)
      if(out[i] == from_char)
         out[i] = to_char;

   return out;
   }
BOTAN_DLL std::string Botan::replace_chars ( const std::string &  str,
const std::set< char > &  from_chars,
char  to_char 
)

Replace a character in a string

Parameters:
strthe input string
from_charsthe characters to replace
to_charthe character to replace it with
Returns:
str with all instances of from_chars replaced by to_char

Definition at line 289 of file parsing.cpp.

Referenced by Botan::TLS::Ciphersuite::to_string().

   {
   std::string out = str;

   for(size_t i = 0; i != out.size(); ++i)
      if(chars.count(out[i]))
         out[i] = to_char;

   return out;
   }
BigInt Botan::ressol ( const BigInt &  x,
const BigInt &  p 
)

Compute the square root of x modulo a prime using the Shanks-Tonnelli algorithm

Parameters:
xthe input
pthe prime
Returns:
y such that (y*y)p == x, or -1 if no such integer

Definition at line 17 of file ressol.cpp.

References c, jacobi(), low_zero_bits(), mod_p, Botan::Modular_Reducer::multiply(), n, power_mod(), Botan::BigInt::power_of_2(), q, and Botan::Modular_Reducer::square().

   {
   if(a < 0)
      throw Invalid_Argument("ressol(): a to solve for must be positive");
   if(p <= 1)
      throw Invalid_Argument("ressol(): prime must be > 1");

   if(a == 0)
      return 0;
   if(p == 2)
      return a;

   if(jacobi(a, p) != 1) // not a quadratic residue
      return -BigInt(1);

   if(p % 4 == 3)
      return power_mod(a, ((p+1) >> 2), p);

   size_t s = low_zero_bits(p - 1);
   BigInt q = p >> s;

   q -= 1;
   q >>= 1;

   Modular_Reducer mod_p(p);

   BigInt r = power_mod(a, q, p);
   BigInt n = mod_p.multiply(a, mod_p.square(r));
   r = mod_p.multiply(r, a);

   if(n == 1)
      return r;

   // find random non quadratic residue z
   BigInt z = 2;
   while(jacobi(z, p) == 1) // while z quadratic residue
      ++z;

   BigInt c = power_mod(z, (q << 1) + 1, p);

   while(n > 1)
      {
      q = n;

      size_t i = 0;
      while(q != 1)
         {
         q = mod_p.square(q);
         ++i;
         }

      if(s <= i)
         return -BigInt(1);

      c = power_mod(c, BigInt::power_of_2(s-i-1), p);
      r = mod_p.multiply(r, c);
      c = mod_p.square(c);
      n = mod_p.multiply(n, c);
      s = i;
      }

   return r;
   }
u16bit Botan::reverse_bytes ( u16bit  val) [inline]

Swap a 16 bit integer

Definition at line 24 of file bswap.h.

References rotate_left().

Referenced by Botan::SIMD_Scalar< T, N >::bswap(), bswap_4(), load_be(), load_le(), and reverse_bytes().

   {
   return rotate_left(val, 8);
   }
u32bit Botan::reverse_bytes ( u32bit  val) [inline]

Swap a 32 bit integer

Definition at line 32 of file bswap.h.

References rotate_left(), and rotate_right().

   {
#if BOTAN_GCC_VERSION >= 430 && !defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY)
   /*
   GCC intrinsic added in 4.3, works for a number of CPUs

   However avoid under ARM, as it branches to a function in libgcc
   instead of generating inline asm, so slower even than the generic
   rotate version below.
   */
   return __builtin_bswap32(val);

#elif BOTAN_USE_GCC_INLINE_ASM && defined(BOTAN_TARGET_CPU_IS_X86_FAMILY)

   // GCC-style inline assembly for x86 or x86-64
   asm("bswapl %0" : "=r" (val) : "0" (val));
   return val;

#elif BOTAN_USE_GCC_INLINE_ASM && defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY)

   asm ("eor r3, %1, %1, ror #16\n\t"
        "bic r3, r3, #0x00FF0000\n\t"
        "mov %0, %1, ror #8\n\t"
        "eor %0, %0, r3, lsr #8"
        : "=r" (val)
        : "0" (val)
        : "r3", "cc");

   return val;

#elif defined(_MSC_VER) && defined(BOTAN_TARGET_ARCH_IS_X86_32)

   // Visual C++ inline asm for 32-bit x86, by Yves Jerschow
   __asm mov eax, val;
   __asm bswap eax;

#else

   // Generic implementation
   return (rotate_right(val, 8) & 0xFF00FF00) |
          (rotate_left (val, 8) & 0x00FF00FF);

#endif
   }
u64bit Botan::reverse_bytes ( u64bit  val) [inline]

Swap a 64 bit integer

Definition at line 80 of file bswap.h.

References reverse_bytes().

   {
#if BOTAN_GCC_VERSION >= 430

   // GCC intrinsic added in 4.3, works for a number of CPUs
   return __builtin_bswap64(val);

#elif BOTAN_USE_GCC_INLINE_ASM && defined(BOTAN_TARGET_ARCH_IS_X86_64)
   // GCC-style inline assembly for x86-64
   asm("bswapq %0" : "=r" (val) : "0" (val));
   return val;

#else
   /* Generic implementation. Defined in terms of 32-bit bswap so any
    * optimizations in that version can help here (particularly
    * useful for 32-bit x86).
    */

   u32bit hi = static_cast<u32bit>(val >> 32);
   u32bit lo = static_cast<u32bit>(val);

   hi = reverse_bytes(hi);
   lo = reverse_bytes(lo);

   return (static_cast<u64bit>(lo) << 32) | hi;
#endif
   }
secure_vector< byte > BOTAN_DLL Botan::rfc3394_keyunwrap ( const secure_vector< byte > &  key,
const SymmetricKey &  kek 
)

Decrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters:
keythe encrypted key to decrypt
kekthe key encryption key
afan algorithm factory
Returns:
key decrypted under kek

Definition at line 75 of file rfc3394.cpp.

References copy_mem(), Botan::OctetString::length(), load_be< u64bit >(), n, store_be(), and xor_buf().

   {
   if(key.size() < 16 || key.size() % 8 != 0)
      throw std::invalid_argument("Bad input key size for NIST key unwrap");

   std::unique_ptr<BlockCipher> aes(make_aes(kek.length()));
   aes->set_key(kek);

   const size_t n = (key.size() - 8) / 8;

   secure_vector<byte> R(n * 8);
   secure_vector<byte> A(16);

   for(size_t i = 0; i != 8; ++i)
      A[i] = key[i];

   copy_mem(&R[0], &key[8], key.size() - 8);

   for(size_t j = 0; j <= 5; ++j)
      {
      for(size_t i = n; i != 0; --i)
         {
         const u32bit t = (5 - j) * n + i;

         byte t_buf[4] = { 0 };
         store_be(t, t_buf);

         xor_buf(&A[4], &t_buf[0], 4);

         copy_mem(&A[8], &R[8*(i-1)], 8);

         aes->decrypt(&A[0]);

         copy_mem(&R[8*(i-1)], &A[8], 8);
         }
      }

   if(load_be<u64bit>(&A[0], 0) != 0xA6A6A6A6A6A6A6A6)
      throw Integrity_Failure("NIST key unwrap failed");

   return R;
   }
secure_vector< byte > BOTAN_DLL Botan::rfc3394_keywrap ( const secure_vector< byte > &  key,
const SymmetricKey &  kek 
)

Encrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters:
keythe plaintext key to encrypt
kekthe key encryption key
Returns:
key encrypted under kek

Definition at line 34 of file rfc3394.cpp.

References copy_mem(), Botan::OctetString::length(), n, Botan::BigInt::size(), store_be(), and xor_buf().

   {
   if(key.size() % 8 != 0)
      throw std::invalid_argument("Bad input key size for NIST key wrap");

   std::unique_ptr<BlockCipher> aes(make_aes(kek.length()));
   aes->set_key(kek);

   const size_t n = key.size() / 8;

   secure_vector<byte> R((n + 1) * 8);
   secure_vector<byte> A(16);

   for(size_t i = 0; i != 8; ++i)
      A[i] = 0xA6;

   copy_mem(&R[8], &key[0], key.size());

   for(size_t j = 0; j <= 5; ++j)
      {
      for(size_t i = 1; i <= n; ++i)
         {
         const u32bit t = (n * j) + i;

         copy_mem(&A[8], &R[8*i], 8);

         aes->encrypt(&A[0]);
         copy_mem(&R[8*i], &A[8], 8);

         byte t_buf[4] = { 0 };
         store_be(t, t_buf);
         xor_buf(&A[4], &t_buf[0], 4);
         }
      }

   copy_mem(&R[0], &A[0], 8);

   return R;
   }
template<typename T >
T Botan::rotate_left ( input,
size_t  rot 
) [inline]
template<typename T >
T Botan::rotate_right ( input,
size_t  rot 
) [inline]

Bit rotation right

Parameters:
inputthe input word
rotthe number of bits to rotate
Returns:
input rotated right by rot bits

Definition at line 34 of file rotate.h.

Referenced by Botan::Noekeon::decrypt_n(), Botan::RC5::decrypt_n(), Botan::RC6::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::RC2::decrypt_n(), Botan::Noekeon::encrypt_n(), Botan::Twofish::encrypt_n(), reverse_bytes(), and Botan::SIMD_Scalar< T, N >::rotate_right().

   {
   if(rot == 0)
      return input;
   return static_cast<T>((input >> rot) | (input << (8*sizeof(T)-rot)));
   }
template<typename T >
T Botan::round_down ( n,
align_to 
) [inline]

Round down

Parameters:
nan integer
align_tothe alignment boundary
Returns:
n rounded down to a multiple of align_to

Definition at line 39 of file rounding.h.

References n.

Referenced by botan_cipher_update(), and Botan::Buffered_Filter::write().

   {
   if(align_to == 0)
      return n;

   return (n - (n % align_to));
   }
template<typename T >
T Botan::round_up ( n,
align_to 
) [inline]

Round up

Parameters:
nan integer
align_tothe alignment boundary
Returns:
n rounded up to a multiple of align_to

Definition at line 22 of file rounding.h.

References n.

Referenced by Botan::ECB_Encryption::output_length(), Botan::XTS_Encryption::output_length(), Botan::CBC_Encryption::output_length(), pbkdf2(), and Botan::TLS::write_record().

   {
   if(align_to == 0)
      return n;

   if(n % align_to || n == 0)
      n += align_to - (n % align_to);
   return n;
   }
template<typename T >
bool Botan::same_mem ( const T *  p1,
const T *  p2,
size_t  n 
) [inline]

Memory comparison, input insensitive

Parameters:
p1a pointer to an array
p2a pointer to another array
nthe number of Ts in p1 and p2
Returns:
true iff p1[i] == p2[i] forall i in [0...n)

Definition at line 63 of file mem_ops.h.

References n.

Referenced by check_bcrypt(), check_passhash9(), Botan::CryptoBox::decrypt(), Botan::ChaCha20Poly1305_Decryption::finish(), Botan::GCM_Decryption::finish(), Botan::EAX_Decryption::finish(), Botan::CCM_Decryption::finish(), Botan::OCB_Decryption::finish(), Botan::CPUID::initialize(), Botan::RTSS_Share::reconstruct(), and Botan::MessageAuthenticationCode::verify_mac().

   {
   volatile T difference = 0;

   for(size_t i = 0; i != n; ++i)
      difference |= (p1[i] ^ p2[i]);

   return difference == 0;
   }
template<typename K , typename V >
V Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const V &  null_result = V() 
) [inline]

Definition at line 31 of file stl_util.h.

Referenced by Botan::HTTP::http_sync().

   {
   auto i = mapping.find(key);
   if(i == mapping.end())
      return null_result;
   return i->second;
   }
template<typename K , typename V , typename R >
R Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const R &  null_result,
const R &  found_result 
) [inline]

Definition at line 42 of file stl_util.h.

   {
   auto i = mapping.find(key);
   if(i == mapping.end())
      return null_result;
   return found_result;
   }
template<typename T >
void Botan::set_mem ( T *  ptr,
size_t  n,
byte  val 
) [inline]

Set memory to a fixed value

Parameters:
ptra pointer to an array
nthe number of Ts pointed to by ptr
valthe value to set each byte to

Definition at line 51 of file mem_ops.h.

   {
   std::memset(ptr, val, sizeof(T)*n);
   }
template<typename T >
size_t Botan::significant_bytes ( n) [inline]

Return the number of significant bytes in n

Parameters:
nan integer value
Returns:
number of significant bytes in n

Definition at line 66 of file bit_ops.h.

References get_byte().

   {
   for(size_t i = 0; i != sizeof(T); ++i)
      if(get_byte(i, n))
         return sizeof(T)-i;
   return 0;
   }
BOTAN_DLL std::vector< std::string > Botan::split_on ( const std::string &  str,
char  delim 
)
BOTAN_DLL std::vector< std::string > Botan::split_on_pred ( const std::string &  str,
std::function< bool(char)>  pred 
)

Split a string on a character predicate

Parameters:
strthe input string

Definition at line 121 of file parsing.cpp.

Referenced by split_on().

   {
   std::vector<std::string> elems;
   if(str == "") return elems;

   std::string substr;
   for(auto i = str.begin(); i != str.end(); ++i)
      {
      if(pred(*i))
         {
         if(substr != "")
            elems.push_back(substr);
         substr.clear();
         }
      else
         substr += *i;
      }

   if(substr == "")
      throw Invalid_Argument("Unable to split string: " + str);
   elems.push_back(substr);

   return elems;
   }
BigInt BOTAN_DLL Botan::square ( const BigInt &  x)
Parameters:
xan integer
Returns:
(x*x)

Definition at line 18 of file mp_numth.cpp.

References bigint_sqr(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by Botan::Modular_Reducer::cube(), and Botan::Modular_Reducer::square().

   {
   const size_t x_sw = x.sig_words();

   BigInt z(BigInt::Positive, round_up<size_t>(2*x_sw, 16));
   secure_vector<word> workspace(z.size());

   bigint_sqr(z.mutable_data(), z.size(),
              &workspace[0],
              x.data(), x.size(), x_sw);
   return z;
   }
std::pair< BigInt, SymmetricKey > BOTAN_DLL Botan::srp6_client_agree ( const std::string &  username,
const std::string &  password,
const std::string &  group_id,
const std::string &  hash_id,
const std::vector< byte > &  salt,
const BigInt &  B,
RandomNumberGenerator &  rng 
)

SRP6a Client side

Parameters:
usernamethe username we are attempting login for
passwordthe password we are attempting to use
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function
saltis the salt value sent by the server
Bis the server's public value
rngis a random number generator
Returns:
(A,K) the client public key and the shared secret key

Definition at line 77 of file srp6.cpp.

References Botan::BigInt::bytes(), Botan::BigInt::encode_1363(), Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), power_mod(), and x.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   DL_Group group(group_id);
   const BigInt& g = group.get_g();
   const BigInt& p = group.get_p();

   const size_t p_bytes = group.get_p().bytes();

   if(B <= 0 || B >= p)
      throw std::runtime_error("Invalid SRP parameter from server");

   BigInt k = hash_seq(hash_id, p_bytes, p, g);

   BigInt a(rng, 256);

   BigInt A = power_mod(g, a, p);

   BigInt u = hash_seq(hash_id, p_bytes, A, B);

   const BigInt x = compute_x(hash_id, identifier, password, salt);

   BigInt S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p);

   SymmetricKey Sk(BigInt::encode_1363(S, p_bytes));

   return std::make_pair(A, Sk);
   }
std::string BOTAN_DLL Botan::srp6_group_identifier ( const BigInt &  N,
const BigInt &  g 
)

Return the group id for this SRP param set, or else thrown an exception

Parameters:
Nthe group modulus
gthe group generator
Returns:
group identifier

Definition at line 53 of file srp6.cpp.

References Botan::BigInt::bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   /*
   This function assumes that only one 'standard' SRP parameter set has
   been defined for a particular bitsize. As of this writing that is the case.
   */
   try
      {
      const std::string group_name = "modp/srp/" + std::to_string(N.bits());

      DL_Group group(group_name);

      if(group.get_p() == N && group.get_g() == g)
         return group_name;

      throw std::runtime_error("Unknown SRP params");
      }
   catch(...)
      {
      throw Invalid_Argument("Bad SRP group parameters");
      }
   }
void Botan::store_be ( u16bit  in,
byte  out[2] 
) [inline]
void Botan::store_be ( u32bit  in,
byte  out[4] 
) [inline]

Store a big-endian u32bit

Parameters:
inthe input u32bit
outthe byte array to write to

Definition at line 443 of file loadstor.h.

References get_byte().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   *reinterpret_cast<u32bit*>(out) = BOTAN_ENDIAN_B2N(in);
#else
   out[0] = get_byte(0, in);
   out[1] = get_byte(1, in);
   out[2] = get_byte(2, in);
   out[3] = get_byte(3, in);
#endif
   }
void Botan::store_be ( u64bit  in,
byte  out[8] 
) [inline]

Store a big-endian u64bit

Parameters:
inthe input u64bit
outthe byte array to write to

Definition at line 477 of file loadstor.h.

References get_byte().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   *reinterpret_cast<u64bit*>(out) = BOTAN_ENDIAN_B2N(in);
#else
   out[0] = get_byte(0, in);
   out[1] = get_byte(1, in);
   out[2] = get_byte(2, in);
   out[3] = get_byte(3, in);
   out[4] = get_byte(4, in);
   out[5] = get_byte(5, in);
   out[6] = get_byte(6, in);
   out[7] = get_byte(7, in);
#endif
   }
template<typename T >
void Botan::store_be ( byte  out[],
x0,
x1 
) [inline]

Store two big-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word

Definition at line 534 of file loadstor.h.

References store_be().

   {
   store_be(x0, out + (0 * sizeof(T)));
   store_be(x1, out + (1 * sizeof(T)));
   }
template<typename T >
void Botan::store_be ( byte  out[],
x0,
x1,
x2,
x3 
) [inline]

Store four big-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 566 of file loadstor.h.

References store_be().

   {
   store_be(x0, out + (0 * sizeof(T)));
   store_be(x1, out + (1 * sizeof(T)));
   store_be(x2, out + (2 * sizeof(T)));
   store_be(x3, out + (3 * sizeof(T)));
   }
template<typename T >
void Botan::store_be ( byte  out[],
x0,
x1,
x2,
x3,
x4,
x5,
x6,
x7 
) [inline]

Store eight big-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 613 of file loadstor.h.

References store_be().

   {
   store_be(x0, out + (0 * sizeof(T)));
   store_be(x1, out + (1 * sizeof(T)));
   store_be(x2, out + (2 * sizeof(T)));
   store_be(x3, out + (3 * sizeof(T)));
   store_be(x4, out + (4 * sizeof(T)));
   store_be(x5, out + (5 * sizeof(T)));
   store_be(x6, out + (6 * sizeof(T)));
   store_be(x7, out + (7 * sizeof(T)));
   }
void Botan::store_le ( u16bit  in,
byte  out[2] 
) [inline]
void Botan::store_le ( u32bit  in,
byte  out[4] 
) [inline]

Store a little-endian u32bit

Parameters:
inthe input u32bit
outthe byte array to write to

Definition at line 460 of file loadstor.h.

References get_byte().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   *reinterpret_cast<u32bit*>(out) = BOTAN_ENDIAN_L2N(in);
#else
   out[0] = get_byte(3, in);
   out[1] = get_byte(2, in);
   out[2] = get_byte(1, in);
   out[3] = get_byte(0, in);
#endif
   }
void Botan::store_le ( u64bit  in,
byte  out[8] 
) [inline]

Store a little-endian u64bit

Parameters:
inthe input u64bit
outthe byte array to write to

Definition at line 498 of file loadstor.h.

References get_byte().

   {
#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK
   *reinterpret_cast<u64bit*>(out) = BOTAN_ENDIAN_L2N(in);
#else
   out[0] = get_byte(7, in);
   out[1] = get_byte(6, in);
   out[2] = get_byte(5, in);
   out[3] = get_byte(4, in);
   out[4] = get_byte(3, in);
   out[5] = get_byte(2, in);
   out[6] = get_byte(1, in);
   out[7] = get_byte(0, in);
#endif
   }
template<typename T >
void Botan::store_le ( byte  out[],
x0,
x1 
) [inline]

Store two little-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word

Definition at line 521 of file loadstor.h.

References store_le().

   {
   store_le(x0, out + (0 * sizeof(T)));
   store_le(x1, out + (1 * sizeof(T)));
   }
template<typename T >
void Botan::store_le ( byte  out[],
x0,
x1,
x2,
x3 
) [inline]

Store four little-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 549 of file loadstor.h.

References store_le().

   {
   store_le(x0, out + (0 * sizeof(T)));
   store_le(x1, out + (1 * sizeof(T)));
   store_le(x2, out + (2 * sizeof(T)));
   store_le(x3, out + (3 * sizeof(T)));
   }
template<typename T >
void Botan::store_le ( byte  out[],
x0,
x1,
x2,
x3,
x4,
x5,
x6,
x7 
) [inline]

Store eight little-endian words

Parameters:
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 587 of file loadstor.h.

References store_le().

   {
   store_le(x0, out + (0 * sizeof(T)));
   store_le(x1, out + (1 * sizeof(T)));
   store_le(x2, out + (2 * sizeof(T)));
   store_le(x3, out + (3 * sizeof(T)));
   store_le(x4, out + (4 * sizeof(T)));
   store_le(x5, out + (5 * sizeof(T)));
   store_le(x6, out + (6 * sizeof(T)));
   store_le(x7, out + (7 * sizeof(T)));
   }
BOTAN_DLL std::string Botan::string_join ( const std::vector< std::string > &  strs,
char  delim 
)

Join a string

Parameters:
strsstrings to join
delimthe delimitor
Returns:
string joined by delim

Definition at line 150 of file parsing.cpp.

Referenced by Botan::Parallel::name().

   {
   std::string out = "";

   for(size_t i = 0; i != strs.size(); ++i)
      {
      if(i != 0)
         out += delim;
      out += strs[i];
      }

   return out;
   }
BOTAN_DLL u32bit Botan::string_to_ipv4 ( const std::string &  ip_str)

Convert a string representation of an IPv4 address to a number

Parameters:
ip_strthe string representation
Returns:
integer IPv4 address

Definition at line 239 of file parsing.cpp.

References split_on(), and to_u32bit().

   {
   std::vector<std::string> parts = split_on(str, '.');

   if(parts.size() != 4)
      throw Decoding_Error("Invalid IP string " + str);

   u32bit ip = 0;

   for(auto part = parts.begin(); part != parts.end(); ++part)
      {
      u32bit octet = to_u32bit(*part);

      if(octet > 255)
         throw Decoding_Error("Invalid IP string " + str);

      ip = (ip << 8) | (octet & 0xFF);
      }

   return ip;
   }
BigInt BOTAN_DLL Botan::sub_mul ( const BigInt &  a,
const BigInt &  b,
const BigInt &  c 
)

Fused subtract-multiply

Parameters:
aan integer
ban integer
can integer
Returns:
(a-b)*c

Definition at line 63 of file mp_numth.cpp.

References c, and Botan::BigInt::is_negative().

   {
   if(a.is_negative() || b.is_negative())
      throw Invalid_Argument("sub_mul: First two arguments must be >= 0");

   BigInt r = a;
   r -= b;
   r *= c;
   return r;
   }
std::vector< polyn_gf2m > Botan::syndrome_init ( polyn_gf2m const &  generator,
std::vector< gf2m > const &  support,
int  n 
)

Definition at line 714 of file polyn_gf2m.cpp.

References Botan::polyn_gf2m::get_degree(), lex_to_gray(), Botan::polyn_gf2m::msp_field, and n.

Referenced by generate_mceliece_key().

   {
   int i,j,t;
   gf2m a;


   std::shared_ptr<gf2m_small_m::Gf2m_Field> msp_field = generator.msp_field;

   std::vector<polyn_gf2m> result;
   t = generator.get_degree();

   //g(z)=g_t+g_(t-1).z^(t-1)+......+g_1.z+g_0
   //f(z)=f_(t-1).z^(t-1)+......+f_1.z+f_0

   for(j=0;j<n;j++)
      {
      result.push_back(polyn_gf2m( t-1, msp_field));

      (*&result[j]).set_coef(t-1,1);
      for(i=t-2;i>=0;i--)
         {
         (*&result[j]).set_coef(i, (generator)[i+1]  ^
                                msp_field->gf_mul(lex_to_gray(support[j]),result[j][i+1]));
         }
      a = ((generator)[0] ^ msp_field->gf_mul(lex_to_gray(support[j]),result[j][0]));
      for(i=0;i<t;i++)
         {
         (*&result[j]).set_coef(i, msp_field->gf_div(result[j][i],a));
         }
      }
   return result;
   }

Return a shared reference to a global PRNG instance provided by the operating system. For instance might be instantiated by /dev/urandom or CryptGenRandom.

Definition at line 105 of file system_rng.cpp.

Referenced by Botan::Blinder::Blinder(), and botan_rng_init().

   {
   static System_RNG g_system_rng;
   return g_system_rng;
   }
BOTAN_DLL u32bit Botan::timespec_to_u32bit ( const std::string &  timespec)

Convert a time specification to a number

Parameters:
timespecthe time specification
Returns:
number of seconds represented by timespec

Definition at line 32 of file parsing.cpp.

References Botan::Charset::is_digit(), and to_u32bit().

   {
   if(timespec == "")
      return 0;

   const char suffix = timespec[timespec.size()-1];
   std::string value = timespec.substr(0, timespec.size()-1);

   u32bit scale = 1;

   if(Charset::is_digit(suffix))
      value += suffix;
   else if(suffix == 's')
      scale = 1;
   else if(suffix == 'm')
      scale = 60;
   else if(suffix == 'h')
      scale = 60 * 60;
   else if(suffix == 'd')
      scale = 24 * 60 * 60;
   else if(suffix == 'y')
      scale = 365 * 24 * 60 * 60;
   else
      throw Decoding_Error("timespec_to_u32bit: Bad input " + timespec);

   return scale * to_u32bit(value);
   }
std::vector<byte> Botan::to_byte_vector ( const std::string &  s) [inline]

Definition at line 17 of file stl_util.h.

Referenced by Botan::TLS::Channel::key_material_export().

   {
   return std::vector<byte>(reinterpret_cast<const byte*>(&s[0]),
                            reinterpret_cast<const byte*>(&s[s.size()]));
   }
BOTAN_DLL u32bit Botan::to_u32bit ( const std::string &  str)

Convert a string to a number

Parameters:
strthe string to convert
Returns:
number value of the string

Definition at line 17 of file parsing.cpp.

Referenced by Botan::SCAN_Name::arg_as_integer(), check_bcrypt(), Botan::Data_Store::get1_u32bit(), Botan::HTTP::http_sync(), parse_asn1_oid(), Botan::X509_Time::set_to(), Botan::EAC_Time::set_to(), Botan::TLS::Text_Policy::srtp_profiles(), string_to_ipv4(), and timespec_to_u32bit().

   {
   try
      {
      return std::stoul(str, nullptr);
      }
   catch(std::exception&)
      {
      throw std::runtime_error("Could not read '" + str + "' as decimal string");
      }
   }
template<typename T >
std::vector<T> Botan::unlock ( const secure_vector< T > &  in)
template<typename T >
bool Botan::value_exists ( const std::vector< T > &  vec,
const T &  val 
)

Existence check for values

Definition at line 70 of file stl_util.h.

Referenced by Botan::TLS::Policy::choose_curve(), Botan::TLS::Policy::ciphersuite_list(), and Botan::TLS::Client_Hello::Client_Hello().

   {
   for(size_t i = 0; i != vec.size(); ++i)
      if(vec[i] == val)
         return true;
   return false;
   }
bool Botan::verify_prime ( const BigInt &  n,
RandomNumberGenerator &  rng 
) [inline]

Definition at line 144 of file numthry.h.

References is_prime().

   { return is_prime(n, rng, 80); }
BOTAN_DLL const char * Botan::version_cstr ( )

Definition at line 27 of file version.cpp.

References STR.

Referenced by botan_version_string(), and version_string().

   {
#define QUOTE(name) #name
#define STR(macro) QUOTE(macro)

   /*
   It is intentional that this string is a compile-time constant;
   it makes it much easier to find in binaries.
   */

   return "Botan " STR(BOTAN_VERSION_MAJOR) "."
                   STR(BOTAN_VERSION_MINOR) "."
                   STR(BOTAN_VERSION_PATCH) " ("
                   BOTAN_VERSION_RELEASE_TYPE
#if (BOTAN_VERSION_DATESTAMP != 0)
                   ", dated " STR(BOTAN_VERSION_DATESTAMP)
#endif
                   ", revision " BOTAN_VERSION_VC_REVISION
                   ", distribution " BOTAN_DISTRIBUTION_INFO ")";

#undef STR
#undef QUOTE
   }

Return the date this version of botan was released, in an integer of the form YYYYMMDD. For instance a version released on May 21, 2013 would return the integer 20130521. If the currently running version is not an official release, this function will return 0 instead.

Returns:
release date, or zero if unreleased

Definition at line 51 of file version.cpp.

Referenced by botan_version_datestamp().

{ return BOTAN_VERSION_DATESTAMP; }

Get the major version number.

Returns:
major version number

Definition at line 56 of file version.cpp.

Referenced by botan_version_major().

{ return BOTAN_VERSION_MAJOR; }

Get the minor version number.

Returns:
minor version number

Definition at line 57 of file version.cpp.

Referenced by botan_version_minor().

{ return BOTAN_VERSION_MINOR; }

Get the patch number.

Returns:
patch number

Definition at line 58 of file version.cpp.

Referenced by botan_version_patch().

{ return BOTAN_VERSION_PATCH; }
BOTAN_DLL std::string Botan::version_string ( )

Get a human-readable string identifying the version of Botan. No particular format should be assumed.

Returns:
version string

Definition at line 22 of file version.cpp.

References version_cstr().

   {
   return std::string(version_cstr());
   }
void Botan::word3_muladd ( word *  w2,
word *  w1,
word *  w0,
word  a,
word  b 
) [inline]

Definition at line 175 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_comba_mul16(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), and bigint_comba_sqr9().

   {
   word carry = *w0;
   *w0 = word_madd2(a, b, &carry);
   *w1 += carry;
   *w2 += (*w1 < carry) ? 1 : 0;
   }
void Botan::word3_muladd_2 ( word *  w2,
word *  w1,
word *  w0,
word  a,
word  b 
) [inline]

Definition at line 186 of file mp_asmi.h.

References word_add(), and word_madd2().

Referenced by bigint_comba_sqr16(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), and bigint_comba_sqr9().

   {
   word carry = 0;
   a = word_madd2(a, b, &carry);
   b = carry;

   word top = (b >> (BOTAN_MP_WORD_BITS-1));
   b <<= 1;
   b |= (a >> (BOTAN_MP_WORD_BITS-1));
   a <<= 1;

   carry = 0;
   *w0 = word_add(*w0, a, &carry);
   *w1 = word_add(*w1, b, &carry);
   *w2 = word_add(*w2, top, &carry);
   }
word Botan::word8_add2 ( word  x[8],
const word  y[8],
word  carry 
) [inline]

Definition at line 33 of file mp_asmi.h.

References word_add().

Referenced by bigint_add2_nc().

   {
   x[0] = word_add(x[0], y[0], &carry);
   x[1] = word_add(x[1], y[1], &carry);
   x[2] = word_add(x[2], y[2], &carry);
   x[3] = word_add(x[3], y[3], &carry);
   x[4] = word_add(x[4], y[4], &carry);
   x[5] = word_add(x[5], y[5], &carry);
   x[6] = word_add(x[6], y[6], &carry);
   x[7] = word_add(x[7], y[7], &carry);
   return carry;
   }
word Botan::word8_add3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
) [inline]

Definition at line 49 of file mp_asmi.h.

References word_add().

Referenced by bigint_add3_nc().

   {
   z[0] = word_add(x[0], y[0], &carry);
   z[1] = word_add(x[1], y[1], &carry);
   z[2] = word_add(x[2], y[2], &carry);
   z[3] = word_add(x[3], y[3], &carry);
   z[4] = word_add(x[4], y[4], &carry);
   z[5] = word_add(x[5], y[5], &carry);
   z[6] = word_add(x[6], y[6], &carry);
   z[7] = word_add(x[7], y[7], &carry);
   return carry;
   }
word Botan::word8_linmul2 ( word  x[8],
word  y,
word  carry 
) [inline]

Definition at line 127 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_linmul2().

   {
   x[0] = word_madd2(x[0], y, &carry);
   x[1] = word_madd2(x[1], y, &carry);
   x[2] = word_madd2(x[2], y, &carry);
   x[3] = word_madd2(x[3], y, &carry);
   x[4] = word_madd2(x[4], y, &carry);
   x[5] = word_madd2(x[5], y, &carry);
   x[6] = word_madd2(x[6], y, &carry);
   x[7] = word_madd2(x[7], y, &carry);
   return carry;
   }
word Botan::word8_linmul3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
) [inline]

Definition at line 143 of file mp_asmi.h.

References word_madd2().

Referenced by bigint_linmul3().

   {
   z[0] = word_madd2(x[0], y, &carry);
   z[1] = word_madd2(x[1], y, &carry);
   z[2] = word_madd2(x[2], y, &carry);
   z[3] = word_madd2(x[3], y, &carry);
   z[4] = word_madd2(x[4], y, &carry);
   z[5] = word_madd2(x[5], y, &carry);
   z[6] = word_madd2(x[6], y, &carry);
   z[7] = word_madd2(x[7], y, &carry);
   return carry;
   }
word Botan::word8_linmul3 ( word  z[4],
const word  x[4],
word  y,
word  carry 
) [inline]

Definition at line 368 of file mp_asmi.h.

References x, and y.

   {
   __asm {
#if 0
      //it's slower!!!
      mov edx,[z]
      mov eax,[x]
      movd mm7,[y]

      movd mm0,[eax]
      movd mm1,[eax+4]
      movd mm2,[eax+8]
      pmuludq mm0,mm7
      pmuludq mm1,mm7
      pmuludq mm2,mm7

      movd mm6,[carry]
      paddq mm0,mm6
      movd [edx],mm0

      psrlq mm0,32
      paddq mm1,mm0
      movd [edx+4],mm1

      movd mm3,[eax+12]
      psrlq mm1,32
      paddq mm2,mm1
      movd [edx+8],mm2

      pmuludq mm3,mm7
      movd mm4,[eax+16]
      psrlq mm2,32
      paddq mm3,mm2
      movd [edx+12],mm3

      pmuludq mm4,mm7
      movd mm5,[eax+20]
      psrlq mm3,32
      paddq mm4,mm3
      movd [edx+16],mm4

      pmuludq mm5,mm7
      movd mm0,[eax+24]
      psrlq mm4,32
      paddq mm5,mm4
      movd [edx+20],mm5

      pmuludq mm0,mm7
      movd mm1,[eax+28]
      psrlq mm5,32
      paddq mm0,mm5
      movd [edx+24],mm0

      pmuludq mm1,mm7
      psrlq mm0,32
      paddq mm1,mm0
      movd [edx+28],mm1
      psrlq mm1,32

      movd eax,mm1
      emms
#else
      mov edi,[z]
      mov esi,[x]
      mov eax,[esi]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,[carry]    //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi],eax        //load a

      mov eax,[esi+4]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+4],eax        //load a

      mov eax,[esi+8]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+8],eax        //load a

      mov eax,[esi+12]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+12],eax        //load a

      mov eax,[esi+16]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+16],eax        //load a

      mov eax,[esi+20]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+20],eax        //load a

      mov eax,[esi+24]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov ecx,edx      //store carry
      mov [edi+24],eax        //load a

      mov eax,[esi+28]        //load a
      mul [y]           //edx(hi):eax(lo)=a*b
      add eax,ecx      //sum lo carry
      adc edx,0          //sum hi carry
      mov [edi+28],eax        //load a
      mov eax,edx      //store carry
#endif
      }
   }
word Botan::word8_madd3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
) [inline]

Definition at line 159 of file mp_asmi.h.

References word_madd3().

Referenced by bigint_monty_redc(), bigint_simple_mul(), and bigint_simple_sqr().

   {
   z[0] = word_madd3(x[0], y, z[0], &carry);
   z[1] = word_madd3(x[1], y, z[1], &carry);
   z[2] = word_madd3(x[2], y, z[2], &carry);
   z[3] = word_madd3(x[3], y, z[3], &carry);
   z[4] = word_madd3(x[4], y, z[4], &carry);
   z[5] = word_madd3(x[5], y, z[5], &carry);
   z[6] = word_madd3(x[6], y, z[6], &carry);
   z[7] = word_madd3(x[7], y, z[7], &carry);
   return carry;
   }
word Botan::word8_muladd ( word  z[8],
const word  x[8],
word  y,
word  carry 
) [inline]

Definition at line 287 of file mp_asmi.h.

References x, and y.

   {
   __asm {
      mov esi,[x]
      mov ebx,[y]
      mov edi,[z]
      mov eax,[esi]     //load a
      mul ebx           //edx(hi):eax(lo)=a*b
      add eax,[carry]   //sum lo carry
      adc edx,0         //sum hi carry
      add eax,[edi]     //sum lo z
      adc edx,0         //sum hi z
      mov ecx,edx       //carry for next block = hi z
      mov [edi],eax     //save lo z

      mov eax,[esi+4]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+4]
      adc edx,0
      mov ecx,edx
      mov [edi+4],eax

      mov eax,[esi+8]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+8]
      adc edx,0
      mov ecx,edx
      mov [edi+8],eax

      mov eax,[esi+12]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+12]
      adc edx,0
      mov ecx,edx
      mov [edi+12],eax

      mov eax,[esi+16]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+16]
      adc edx,0
      mov ecx,edx
      mov [edi+16],eax

      mov eax,[esi+20]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+20]
      adc edx,0
      mov ecx,edx
      mov [edi+20],eax

      mov eax,[esi+24]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+24]
      adc edx,0
      mov ecx,edx
      mov [edi+24],eax

      mov eax,[esi+28]
      mul ebx
      add eax,ecx
      adc edx,0
      add eax,[edi+28]
      adc edx,0
      mov [edi+28],eax
      mov eax,edx
      }
   }
word Botan::word8_sub2 ( word  x[8],
const word  y[8],
word  carry 
) [inline]

Definition at line 78 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub2().

   {
   x[0] = word_sub(x[0], y[0], &carry);
   x[1] = word_sub(x[1], y[1], &carry);
   x[2] = word_sub(x[2], y[2], &carry);
   x[3] = word_sub(x[3], y[3], &carry);
   x[4] = word_sub(x[4], y[4], &carry);
   x[5] = word_sub(x[5], y[5], &carry);
   x[6] = word_sub(x[6], y[6], &carry);
   x[7] = word_sub(x[7], y[7], &carry);
   return carry;
   }
word Botan::word8_sub2_rev ( word  x[8],
const word  y[8],
word  carry 
) [inline]

Definition at line 94 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub2_rev().

   {
   x[0] = word_sub(y[0], x[0], &carry);
   x[1] = word_sub(y[1], x[1], &carry);
   x[2] = word_sub(y[2], x[2], &carry);
   x[3] = word_sub(y[3], x[3], &carry);
   x[4] = word_sub(y[4], x[4], &carry);
   x[5] = word_sub(y[5], x[5], &carry);
   x[6] = word_sub(y[6], x[6], &carry);
   x[7] = word_sub(y[7], x[7], &carry);
   return carry;
   }
word Botan::word8_sub3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
) [inline]

Definition at line 110 of file mp_asmi.h.

References word_sub().

Referenced by bigint_sub3().

   {
   z[0] = word_sub(x[0], y[0], &carry);
   z[1] = word_sub(x[1], y[1], &carry);
   z[2] = word_sub(x[2], y[2], &carry);
   z[3] = word_sub(x[3], y[3], &carry);
   z[4] = word_sub(x[4], y[4], &carry);
   z[5] = word_sub(x[5], y[5], &carry);
   z[6] = word_sub(x[6], y[6], &carry);
   z[7] = word_sub(x[7], y[7], &carry);
   return carry;
   }
word Botan::word_add ( word  x,
word  y,
word *  carry 
) [inline]

Definition at line 21 of file mp_asmi.h.

References x, and y.

Referenced by bigint_add2_nc(), bigint_add3_nc(), word3_muladd_2(), word8_add2(), and word8_add3().

   {
   word z = x + y;
   word c1 = (z < x);
   z += *carry;
   *carry = c1 | (z < *carry);
   return z;
   }
word Botan::word_madd2 ( word  a,
word  b,
word *  c 
) [inline]

Definition at line 21 of file mp_madd.h.

References c, and mul64x64_128().

Referenced by bigint_linmul2(), bigint_linmul3(), bigint_modop(), word3_muladd(), word3_muladd_2(), word8_linmul2(), and word8_linmul3().

   {
#if defined(BOTAN_HAS_MP_DWORD)
   const dword s = static_cast<dword>(a) * b + *c;
   *c = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
   return static_cast<word>(s);
#else
   static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");

   word hi = 0, lo = 0;

   mul64x64_128(a, b, &lo, &hi);

   lo += *c;
   hi += (lo < *c); // carry?

   *c = hi;
   return lo;
#endif
   }
word Botan::word_madd3 ( word  a,
word  b,
word  c,
word *  d 
) [inline]

Definition at line 45 of file mp_madd.h.

References c, and mul64x64_128().

Referenced by bigint_monty_redc(), bigint_simple_mul(), bigint_simple_sqr(), and word8_madd3().

   {
#if defined(BOTAN_HAS_MP_DWORD)
   const dword s = static_cast<dword>(a) * b + c + *d;
   *d = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
   return static_cast<word>(s);
#else
   static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");

   word hi = 0, lo = 0;

   mul64x64_128(a, b, &lo, &hi);

   lo += c;
   hi += (lo < c); // carry?

   lo += *d;
   hi += (lo < *d); // carry?

   *d = hi;
   return lo;
#endif
   }
word Botan::word_sub ( word  x,
word  y,
word *  carry 
) [inline]

Definition at line 66 of file mp_asmi.h.

References x, and y.

Referenced by bigint_monty_redc(), bigint_sub2(), bigint_sub2_rev(), bigint_sub3(), Botan::CurveGFp_Repr::normalize(), word8_sub2(), word8_sub2_rev(), and word8_sub3().

   {
   word t0 = x - y;
   word c1 = (t0 > x);
   word z = t0 - *carry;
   *carry = c1 | (z > t0);
   return z;
   }
BOTAN_DLL bool Botan::x500_name_cmp ( const std::string &  name1,
const std::string &  name2 
)

Compare two names using the X.509 comparison algorithm

Parameters:
name1the first name
name2the second name
Returns:
true if name1 is the same as name2 by the X.509 comparison rules

Definition at line 200 of file parsing.cpp.

References Botan::Charset::caseless_cmp(), and Botan::Charset::is_space().

Referenced by operator==().

   {
   auto p1 = name1.begin();
   auto p2 = name2.begin();

   while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
   while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;

   while(p1 != name1.end() && p2 != name2.end())
      {
      if(Charset::is_space(*p1))
         {
         if(!Charset::is_space(*p2))
            return false;

         while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
         while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;

         if(p1 == name1.end() && p2 == name2.end())
            return true;
         }

      if(!Charset::caseless_cmp(*p1, *p2))
         return false;
      ++p1;
      ++p2;
      }

   while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
   while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;

   if((p1 != name1.end()) || (p2 != name2.end()))
      return false;
   return true;
   }
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions &  restrictions,
const std::vector< Certificate_Store * > &  certstores 
)

PKIX Path Validation

Definition at line 214 of file x509path.cpp.

References CERT_ISSUER_NOT_FOUND.

Referenced by Botan::Credentials_Manager::verify_certificate_chain(), and x509_path_validate().

   {
   if(end_certs.empty())
      throw std::invalid_argument("x509_path_validate called with no subjects");

   std::vector<X509_Certificate> cert_path;
   cert_path.push_back(end_certs[0]);

   Certificate_Store_Overlay extra(end_certs);

   // iterate until we reach a root or cannot find the issuer
   while(!cert_path.back().is_self_signed())
      {
      const X509_Certificate* cert = find_issuing_cert(cert_path.back(), extra, certstores);
      if(!cert)
         return Path_Validation_Result(Certificate_Status_Code::CERT_ISSUER_NOT_FOUND);

      cert_path.push_back(*cert);
      }

   return Path_Validation_Result(check_chain(cert_path, restrictions, certstores),
                                 std::move(cert_path));
   }
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const X509_Certificate &  end_cert,
const Path_Validation_Restrictions &  restrictions,
const std::vector< Certificate_Store * > &  certstores 
)

PKIX Path Validation

Definition at line 241 of file x509path.cpp.

References x509_path_validate().

   {
   std::vector<X509_Certificate> certs;
   certs.push_back(end_cert);
   return x509_path_validate(certs, restrictions, certstores);
   }
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions &  restrictions,
const Certificate_Store &  store 
)

PKIX Path Validation

Definition at line 251 of file x509path.cpp.

References x509_path_validate().

   {
   std::vector<Certificate_Store*> certstores;
   certstores.push_back(const_cast<Certificate_Store*>(&store));

   return x509_path_validate(end_certs, restrictions, certstores);
   }
Path_Validation_Result BOTAN_DLL Botan::x509_path_validate ( const X509_Certificate &  end_cert,
const Path_Validation_Restrictions &  restrictions,
const Certificate_Store &  store 
)

PKIX Path Validation

Definition at line 262 of file x509path.cpp.

References x509_path_validate().

   {
   std::vector<X509_Certificate> certs;
   certs.push_back(end_cert);

   std::vector<Certificate_Store*> certstores;
   certstores.push_back(const_cast<Certificate_Store*>(&store));

   return x509_path_validate(certs, restrictions, certstores);
   }
template<typename T >
void Botan::xor_buf ( out[],
const T  in[],
size_t  length 
)
template<typename T >
void Botan::xor_buf ( out[],
const T  in[],
const T  in2[],
size_t  length 
)

XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length

Parameters:
outthe output buffer
inthe first input buffer
in2the second output buffer
lengththe length of the three buffers

Definition at line 46 of file xor_buf.h.

   {
   while(length >= 8)
      {
      out[0] = in[0] ^ in2[0];
      out[1] = in[1] ^ in2[1];
      out[2] = in[2] ^ in2[2];
      out[3] = in[3] ^ in2[3];
      out[4] = in[4] ^ in2[4];
      out[5] = in[5] ^ in2[5];
      out[6] = in[6] ^ in2[6];
      out[7] = in[7] ^ in2[7];

      in += 8; in2 += 8; out += 8; length -= 8;
      }

   for(size_t i = 0; i != length; ++i)
      out[i] = in[i] ^ in2[i];
   }
template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< byte, Alloc > &  out,
const std::vector< byte, Alloc2 > &  in,
size_t  n 
)

Definition at line 106 of file xor_buf.h.

References xor_buf().

   {
   xor_buf(&out[0], &in[0], n);
   }
template<typename Alloc >
void Botan::xor_buf ( std::vector< byte, Alloc > &  out,
const byte *  in,
size_t  n 
)

Definition at line 114 of file xor_buf.h.

References xor_buf().

   {
   xor_buf(&out[0], in, n);
   }
template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< byte, Alloc > &  out,
const byte *  in,
const std::vector< byte, Alloc2 > &  in2,
size_t  n 
)

Definition at line 122 of file xor_buf.h.

References xor_buf().

   {
   xor_buf(&out[0], &in[0], &in2[0], n);
   }
template<typename T , typename Alloc >
void Botan::zap ( std::vector< T, Alloc > &  vec)
void Botan::zero_mem ( void *  ptr,
size_t  n 
)

Zeroize memory

Parameters:
ptra pointer to memory to zero out
nthe number of bytes pointed to by ptr

Definition at line 16 of file zero_mem.cpp.

References n.

Referenced by Botan::secure_allocator< T >::deallocate().

   {
#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY)
   ::RtlSecureZeroMemory(ptr, n);
#elif defined(BOTAN_USE_VOLATILE_MEMSET) && (BOTAN_USE_VOLATILE_MEMSET == 1)
   static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset;
   (memset_ptr)(p, 0, n);
#else
   volatile byte* p = reinterpret_cast<volatile byte*>(ptr);

   for(size_t i = 0; i != n; ++i)
      p[i] = 0;
#endif
   }
template<typename T , typename Alloc >
void Botan::zeroise ( std::vector< T, Alloc > &  vec)

Variable Documentation

Definition at line 15 of file camellia_sbox.h.

Definition at line 81 of file camellia_sbox.h.

Definition at line 147 of file camellia_sbox.h.

Definition at line 213 of file camellia_sbox.h.

Definition at line 279 of file camellia_sbox.h.

Definition at line 345 of file camellia_sbox.h.

Definition at line 411 of file camellia_sbox.h.

Definition at line 477 of file camellia_sbox.h.

Definition at line 15 of file cast_sboxes.h.

Definition at line 60 of file cast_sboxes.h.

Definition at line 105 of file cast_sboxes.h.

Definition at line 150 of file cast_sboxes.h.

Definition at line 12 of file des_tab.cpp.

Definition at line 57 of file des_tab.cpp.

Definition at line 102 of file des_tab.cpp.

Definition at line 147 of file des_tab.cpp.

Definition at line 192 of file des_tab.cpp.

Definition at line 237 of file des_tab.cpp.

Definition at line 282 of file des_tab.cpp.

Definition at line 327 of file des_tab.cpp.

const size_t Botan::HEX_CODEC_BUFFER_SIZE = 256

Size used for internal buffer in hex encoder/decoder

Definition at line 20 of file hex_filt.cpp.

Referenced by Botan::Hex_Decoder::Hex_Decoder(), and Botan::Hex_Encoder::Hex_Encoder().

const size_t Botan::MP_WORD_BITS = BOTAN_MP_WORD_BITS
const word Botan::MP_WORD_MASK = ~static_cast<word>(0)

Definition at line 40 of file mp_types.h.

Referenced by Botan::BigInt::BigInt().

Definition at line 42 of file mp_types.h.

Referenced by divide(), and monty_inverse().

const word Botan::MP_WORD_TOP_BIT = static_cast<word>(1) << (8*sizeof(word) - 1)

Definition at line 41 of file mp_types.h.

Referenced by bigint_divop(), and divide().

const size_t Botan::PRIME_TABLE_SIZE = 6541

The size of the PRIMES[] array

Definition at line 207 of file numthry.h.

Referenced by is_prime(), and random_prime().

A const array of all primes less than 65535

Definition at line 12 of file primes.cpp.

Referenced by is_prime(), and random_prime().