Botan 2.19.3
Crypto and TLS for C&
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan Namespace Reference

Namespaces

namespace  ARIA_F
 
namespace  ASN1
 
namespace  Camellia_F
 
namespace  Cert_Extension
 
namespace  Charset
 
namespace  CryptoBox
 
namespace  CT
 
namespace  FPE
 
namespace  HTTP
 
namespace  KeyPair
 
namespace  OCSP
 
namespace  OIDS
 
namespace  OS
 
namespace  PEM_Code
 
namespace  PK_Ops
 
namespace  PKCS11
 
namespace  PKCS8
 
namespace  PKIX
 
namespace  Roughtime
 
namespace  SHA1_F
 
namespace  SHA1_SSE2_F
 
namespace  Sodium
 
namespace  stlCompatibilityDetails
 
namespace  TLS
 
namespace  X509
 

Classes

class  Adler32
 
class  AEAD_Mode
 
class  AES_128
 
class  AES_192
 
class  AES_256
 
class  Algorithm_Not_Found
 
class  AlgorithmIdentifier
 
class  Allocator_Initializer
 
class  AlternativeName
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  Argon2
 
class  Argon2_Family
 
class  ARIA_128
 
class  ARIA_192
 
class  ARIA_256
 
class  ASN1_Formatter
 
class  ASN1_Object
 
class  ASN1_Pretty_Printer
 
class  ASN1_String
 
class  ASN1_Time
 
class  Atomic
 
class  Attribute
 
class  AutoSeeded_RNG
 
class  Barrier
 
class  Base64_Decoder
 
class  Base64_Encoder
 
class  Bcrypt_PBKDF
 
class  Bcrypt_PBKDF_Family
 
class  BER_Bad_Tag
 
class  BER_Decoder
 
class  BER_Decoding_Error
 
class  BER_Object
 
class  BigInt
 
class  BitBucket
 
class  BLAKE2b
 
class  Blinded_Point_Multiply
 
class  Blinder
 
class  Block_Cipher_Fixed_Params
 
class  BlockCipher
 
class  BlockCipherModePaddingMethod
 
class  Blowfish
 
struct  BotanErrorCategory
 An error category for errors from Botan (other than TLS alerts) More...
 
class  Buffered_Computation
 
class  Buffered_Filter
 
class  Bzip2_Compression
 
class  Bzip2_Decompression
 
class  calendar_point
 
class  Camellia_128
 
class  Camellia_192
 
class  Camellia_256
 
class  Cascade_Cipher
 
class  CAST_128
 
class  CAST_256
 
class  CBC_Decryption
 
class  CBC_Encryption
 
class  CBC_MAC
 
class  CBC_Mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  CECPQ1_key
 
class  Certificate_Extension
 
class  Certificate_Store
 
class  Certificate_Store_In_Memory
 
class  Certificate_Store_In_SQL
 
class  Certificate_Store_In_SQLite
 
class  Certificate_Store_MacOS
 
class  Certificate_Store_Windows
 
class  CFB_Decryption
 
class  CFB_Encryption
 
class  CFB_Mode
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  ChaCha_RNG
 
class  Chain
 
class  Cipher_Mode
 
class  Cipher_Mode_Filter
 
class  CMAC
 
class  Comb4P
 
class  CommonCrypto_Error
 
struct  CommonCryptor_Opts
 
class  Compression_Algorithm
 
class  Compression_Alloc_Info
 
class  Compression_Error
 
class  Compression_Stream
 
class  CPUID
 
class  CRC24
 
class  CRC32
 
class  Credentials_Manager
 
class  CRL_Entry
 
class  CTR_BE
 
class  CTS_Decryption
 
class  CTS_Encryption
 
class  Curve25519_PrivateKey
 
class  Curve25519_PublicKey
 
class  CurveGFp
 
class  CurveGFp_Repr
 
class  Data_Store
 
class  DataSink
 
class  DataSink_Stream
 
class  DataSource
 
class  DataSource_Memory
 
class  DataSource_Stream
 
class  Decoding_Error
 
class  Decompression_Algorithm
 
class  Deflate_Compression
 
class  Deflate_Decompression
 
class  DER_Encoder
 
class  DES
 
class  DESX
 
class  Device_EntropySource
 
class  DH_PrivateKey
 
class  DH_PublicKey
 
class  DL_Group
 
class  DL_Scheme_PrivateKey
 
class  DL_Scheme_PublicKey
 
class  DLIES_Decryptor
 
class  DLIES_Encryptor
 
class  donna128
 
class  DSA_PrivateKey
 
class  DSA_PublicKey
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  EC_Group
 
class  EC_PrivateKey
 
class  EC_PublicKey
 
class  ECDH_PrivateKey
 
class  ECDH_PublicKey
 
class  ECDSA_PrivateKey
 
class  ECDSA_PublicKey
 
class  ECGDSA_PrivateKey
 
class  ECGDSA_PublicKey
 
class  ECIES_Decryptor
 
class  ECIES_Encryptor
 
class  ECIES_KA_Operation
 
class  ECIES_KA_Params
 
class  ECIES_System_Params
 
class  ECKCDSA_PrivateKey
 
class  ECKCDSA_PublicKey
 
class  Ed25519_PrivateKey
 
class  Ed25519_PublicKey
 
class  ElGamal_PrivateKey
 
class  ElGamal_PublicKey
 
class  EME
 
class  EME_PKCS1v15
 
class  EME_Raw
 
class  EMSA
 
class  EMSA1
 
class  EMSA_PKCS1v15
 
class  EMSA_PKCS1v15_Raw
 
class  EMSA_Raw
 
class  EMSA_X931
 
class  Encoding_Error
 
class  Encrypted_PSK_Database
 
class  Encrypted_PSK_Database_SQL
 
class  Entropy_Source
 
class  Entropy_Sources
 
class  ESP_Padding
 
class  Exception
 
class  Extensions
 
class  Fanout_Filter
 
class  FE_25519
 
class  File_Descriptor_Source
 
class  Filter
 
class  Fixed_Base_Power_Mod
 
class  Fixed_Exponent_Power_Mod
 
class  Flatfile_Certificate_Store
 
class  Fork
 
class  FPE_FE1
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
struct  ge_p3
 
class  GeneralName
 X.509 GeneralName Type. More...
 
class  GeneralSubtree
 A single Name Constraint. More...
 
class  Getentropy
 
class  GF2m_Field
 
class  GHASH
 
class  GMAC
 
class  GOST_28147_89
 
class  GOST_28147_89_Params
 
class  GOST_3410_PrivateKey
 
class  GOST_3410_PublicKey
 
class  GOST_34_11
 
class  Gzip_Compression
 
class  Gzip_Decompression
 
class  Hardware_RNG
 
class  HashFunction
 
class  Hex_Decoder
 
class  Hex_Encoder
 
class  HKDF
 
class  HKDF_Expand
 
class  HKDF_Extract
 
class  HMAC
 
class  HMAC_DRBG
 
class  HOTP
 
class  IDEA
 
class  Illegal_Point
 
class  Illegal_Transformation
 
class  Integer_Overflow_Detected
 
class  Intel_Rdseed
 
class  Internal_Error
 
class  Invalid_Algorithm_Name
 
class  Invalid_Argument
 
class  Invalid_Authentication_Tag
 
class  Invalid_IV_Length
 
class  Invalid_Key_Length
 
class  Invalid_OID
 
class  Invalid_State
 
class  ISO_9796_DS2
 
class  ISO_9796_DS3
 
class  KASUMI
 
class  KDF
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 
class  Key_Length_Specification
 
class  Key_Not_Set
 
class  Keyed_Filter
 
class  LibraryInitializer
 
class  Lion
 
class  lock_guard
 
class  Lookup_Error
 
class  LZMA_Compression
 
class  LZMA_Decompression
 
class  McEliece_PrivateKey
 
class  McEliece_PublicKey
 
class  MD4
 
class  MD5
 
class  MDx_HashFunction
 
class  Memory_Pool
 
class  MessageAuthenticationCode
 
class  MISTY1
 
class  mlock_allocator
 
class  Modular_Reducer
 
class  Montgomery_Int
 
class  Montgomery_Params
 
class  NameConstraints
 Name Constraints. More...
 
class  newhope_poly
 
class  No_Filesystem_Access
 
class  No_Provider_Found
 
class  Noekeon
 
class  noop_mutex
 
class  Not_Implemented
 
class  Null_Padding
 
class  Null_RNG
 
class  OAEP
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  OctetString
 
class  OFB
 
class  OID
 
class  OneAndZeros_Padding
 
class  OpenPGP_S2K
 
class  Output_Buffers
 
class  Parallel
 
class  PasswordHash
 
class  PasswordHashFamily
 
class  Path_Validation_Restrictions
 
class  Path_Validation_Result
 
class  PBKDF
 
class  PBKDF2
 
class  PBKDF2_Family
 
class  Pipe
 
class  PK_Decryptor
 
class  PK_Decryptor_EME
 
class  PK_Encryptor
 
class  PK_Encryptor_EME
 
class  PK_KEM_Decryptor
 
class  PK_KEM_Encryptor
 
class  PK_Key_Agreement
 
class  PK_Key_Agreement_Key
 
class  PK_Signer
 
class  PK_Verifier
 
class  PKCS10_Request
 
class  PKCS5_PBKDF1
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
class  PKCS8_Exception
 
class  PointGFp
 
class  PointGFp_Base_Point_Precompute
 
class  PointGFp_Multi_Point_Precompute
 
class  PointGFp_Var_Point_Precompute
 
class  Policy_Violation
 
class  Poly1305
 
class  polyn_gf2m
 
class  Power_Mod
 
class  Private_Key
 
class  PRNG_Unseeded
 
class  Processor_RNG
 
class  ProcWalking_EntropySource
 
class  Provider_Not_Found
 
class  PSK_Database
 
class  PSSR
 
class  PSSR_Raw
 
class  Public_Key
 
class  RandomNumberGenerator
 
class  RC4
 
class  RDRAND_RNG
 
class  RFC4880_S2K
 
class  RFC4880_S2K_Family
 
class  RFC6979_Nonce_Generator
 
class  RIPEMD_160
 
class  RSA_PrivateKey
 
class  RSA_PublicKey
 
class  RTSS_Share
 
class  RWLock
 
class  Salsa20
 
class  SCAN_Name
 
class  Scrypt
 
class  Scrypt_Family
 
class  secure_allocator
 
class  SecureQueue
 
class  SEED
 
class  Self_Test_Failure
 
class  Semaphore
 
class  Serpent
 
class  SHA_160
 
class  SHA_224
 
class  SHA_256
 
class  SHA_3
 
class  SHA_384
 
class  SHA_3_224
 
class  SHA_3_256
 
class  SHA_3_384
 
class  SHA_3_512
 
class  SHA_512
 
class  SHA_512_256
 
class  SHACAL2
 
class  SHAKE_128
 
class  SHAKE_128_Cipher
 
class  SHAKE_256
 
class  SIMD_4x32
 
class  SIMD_8x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  Skein_512
 
class  SM2_PrivateKey
 
class  SM2_PublicKey
 
class  SM3
 
class  SM4
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56A_Hash
 
class  SP800_56A_HMAC
 
class  SP800_56C
 
class  SQL_Database
 
class  Sqlite3_Database
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_Compression
 
class  Stream_Decompression
 
class  Stream_IO_Error
 
class  StreamCipher
 
class  Streebog
 
class  Streebog_256
 
class  Streebog_512
 
class  SymmetricAlgorithm
 
class  System_Certificate_Store
 
class  System_Error
 
class  System_RNG
 
class  Thread_Pool
 
class  Threefish_512
 
class  Tiger
 
class  Timer
 
class  TLS_12_PRF
 
class  TLS_PRF
 
class  TOTP
 
class  TPM_Context
 
class  TPM_Error
 
class  TPM_PrivateKey
 
class  TPM_RNG
 
class  TripleDES
 
class  Tweakable_Block_Cipher
 
class  Twofish
 
class  Unsupported_Argument
 
struct  URI
 
class  UUID
 
class  Whirlpool
 
class  Win32_EntropySource
 
class  X509_CA
 
class  X509_Cert_Options
 
class  X509_Certificate
 
class  X509_CRL
 
class  X509_DN
 
class  X509_Object
 
class  X942_PRF
 
class  XMSS_Address
 
class  XMSS_Common_Ops
 
class  XMSS_Hash
 
class  XMSS_Index_Registry
 
class  XMSS_Key_Pair
 
class  XMSS_Parameters
 
class  XMSS_PrivateKey
 
class  XMSS_PublicKey
 
class  XMSS_Signature
 
class  XMSS_Signature_Operation
 
class  XMSS_Tools
 
class  XMSS_Verification_Operation
 
class  XMSS_WOTS_Addressed_PrivateKey
 
class  XMSS_WOTS_Addressed_PublicKey
 
class  XMSS_WOTS_Parameters
 
class  XMSS_WOTS_PrivateKey
 
class  XMSS_WOTS_PublicKey
 
class  XTEA
 
class  XTS_Decryption
 
class  XTS_Encryption
 
class  XTS_Mode
 
class  ZFEC
 
class  Zlib_Compression
 
class  Zlib_Decompression
 
class  Zlib_Style_Stream
 

Typedefs

typedef __vector unsigned int Altivec32x4
 
typedef __vector unsigned long long Altivec64x2
 
typedef __vector unsigned char Altivec8x16
 
typedef BLAKE2b Blake2b
 
using byte = std::uint8_t
 
typedef int32_t CCCryptorStatus
 
typedef std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
 
typedef EC_Group EC_Domain_Params
 
typedef FE_25519 fe
 
typedef uint16_t gf2m
 
using InitializationVector = OctetString
 
typedef Invalid_Authentication_Tag Integrity_Failure
 
template<typename T >
using lock_guard_type = lock_guard< T >
 
typedef MessageAuthenticationCode MAC
 
typedef noop_mutex mutex_type
 
typedef PK_Key_Agreement_Key PK_KA_Key
 
typedef Private_Key PKCS8_PrivateKey
 
typedef newhope_poly poly
 
typedef noop_mutex recursive_mutex_type
 
typedef RandomNumberGenerator RNG
 
typedef PBKDF S2K
 
using s32bit = std::int32_t
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T > >
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T > >
 
template<typename T >
using SecureVector = secure_vector< T >
 
typedef SHA_160 SHA_1
 
typedef SM2_PrivateKey SM2_Encryption_PrivateKey
 
typedef SM2_PublicKey SM2_Encryption_PublicKey
 
typedef SM2_PrivateKey SM2_Signature_PrivateKey
 
typedef SM2_PublicKey SM2_Signature_PublicKey
 
using SymmetricKey = OctetString
 
typedef Cipher_Mode_Filter Transform_Filter
 
typedef Transform_Filter Transformation_Filter
 
using u16bit = std::uint16_t
 
using u32bit = std::uint32_t
 
using u64bit = std::uint64_t
 
typedef std::vector< secure_vector< uint8_t > > wots_keysig_t
 
typedef Curve25519_PrivateKey X25519_PrivateKey
 
typedef Curve25519_PublicKey X25519_PublicKey
 
typedef Public_Key X509_PublicKey
 
typedef ASN1_Time X509_Time
 

Enumerations

enum  { SM3_BLOCK_BYTES = 64 , SM3_DIGEST_BYTES = 32 }
 
enum  ASN1_Tag : uint32_t {
  UNIVERSAL = 0x00 , APPLICATION = 0x40 , CONTEXT_SPECIFIC = 0x80 , CONSTRUCTED = 0x20 ,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC , EOC = 0x00 , BOOLEAN = 0x01 , INTEGER = 0x02 ,
  BIT_STRING = 0x03 , OCTET_STRING = 0x04 , NULL_TAG = 0x05 , OBJECT_ID = 0x06 ,
  ENUMERATED = 0x0A , SEQUENCE = 0x10 , SET = 0x11 , UTF8_STRING = 0x0C ,
  NUMERIC_STRING = 0x12 , PRINTABLE_STRING = 0x13 , T61_STRING = 0x14 , IA5_STRING = 0x16 ,
  VISIBLE_STRING = 0x1A , UNIVERSAL_STRING = 0x1C , BMP_STRING = 0x1E , UTC_TIME = 0x17 ,
  GENERALIZED_TIME = 0x18 , UTC_OR_GENERALIZED_TIME = 0x19 , NO_OBJECT = 0xFF00 , DIRECTORY_STRING = 0xFF01
}
 
enum class  Certificate_Status_Code {
  OK = 0 , VERIFIED = 0 , OCSP_RESPONSE_GOOD = 1 , OCSP_SIGNATURE_OK = 2 ,
  VALID_CRL_CHECKED = 3 , OCSP_NO_HTTP = 4 , FIRST_WARNING_STATUS = 500 , CERT_SERIAL_NEGATIVE = 500 ,
  DN_TOO_LONG = 501 , OCSP_NO_REVOCATION_URL = 502 , OCSP_SERVER_NOT_AVAILABLE = 503 , OSCP_NO_REVOCATION_URL = 502 ,
  OSCP_SERVER_NOT_AVAILABLE = 503 , FIRST_ERROR_STATUS = 1000 , SIGNATURE_METHOD_TOO_WEAK = 1000 , UNTRUSTED_HASH = 1001 ,
  NO_REVOCATION_DATA = 1002 , NO_MATCHING_CRLDP = 1003 , CERT_NOT_YET_VALID = 2000 , CERT_HAS_EXPIRED = 2001 ,
  OCSP_NOT_YET_VALID = 2002 , OCSP_HAS_EXPIRED = 2003 , CRL_NOT_YET_VALID = 2004 , CRL_HAS_EXPIRED = 2005 ,
  OCSP_IS_TOO_OLD = 2006 , CERT_ISSUER_NOT_FOUND = 3000 , CANNOT_ESTABLISH_TRUST = 3001 , CERT_CHAIN_LOOP = 3002 ,
  CHAIN_LACKS_TRUST_ROOT = 3003 , CHAIN_NAME_MISMATCH = 3004 , POLICY_ERROR = 4000 , INVALID_USAGE = 4001 ,
  CERT_CHAIN_TOO_LONG = 4002 , CA_CERT_NOT_FOR_CERT_ISSUER = 4003 , NAME_CONSTRAINT_ERROR = 4004 , CA_CERT_NOT_FOR_CRL_ISSUER = 4005 ,
  OCSP_CERT_NOT_LISTED = 4006 , OCSP_BAD_STATUS = 4007 , CERT_NAME_NOMATCH = 4008 , UNKNOWN_CRITICAL_EXTENSION = 4009 ,
  DUPLICATE_CERT_EXTENSION = 4010 , OCSP_SIGNATURE_ERROR = 4501 , OCSP_ISSUER_NOT_FOUND = 4502 , OCSP_RESPONSE_MISSING_KEYUSAGE = 4503 ,
  OCSP_RESPONSE_INVALID = 4504 , EXT_IN_V1_V2_CERT = 4505 , DUPLICATE_CERT_POLICY = 4506 , V2_IDENTIFIERS_IN_V1_CERT = 4507 ,
  CERT_IS_REVOKED = 5000 , CRL_BAD_SIGNATURE = 5001 , SIGNATURE_ERROR = 5002 , CERT_PUBKEY_INVALID = 5003 ,
  SIGNATURE_ALGO_UNKNOWN = 5004 , SIGNATURE_ALGO_BAD_PARAMS = 5005
}
 
enum  Character_Set { LOCAL_CHARSET , UCS2_CHARSET , UTF8_CHARSET , LATIN1_CHARSET }
 
enum  Cipher_Dir : int { ENCRYPTION , DECRYPTION }
 
enum  CRL_Code : uint32_t {
  UNSPECIFIED = 0 , KEY_COMPROMISE = 1 , CA_COMPROMISE = 2 , AFFILIATION_CHANGED = 3 ,
  SUPERSEDED = 4 , CESSATION_OF_OPERATION = 5 , CERTIFICATE_HOLD = 6 , REMOVE_FROM_CRL = 8 ,
  PRIVLEDGE_WITHDRAWN = 9 , PRIVILEGE_WITHDRAWN = 9 , AA_COMPROMISE = 10 , DELETE_CRL_ENTRY = 0xFF00 ,
  OCSP_GOOD = 0xFF01 , OCSP_UNKNOWN = 0xFF02
}
 
enum  Decoder_Checking { NONE , IGNORE_WS , FULL_CHECK }
 
enum class  DL_Group_Source { Builtin , RandomlyGenerated , ExternalSource }
 
enum  EC_Group_Encoding { EC_DOMPAR_ENC_EXPLICIT = 0 , EC_DOMPAR_ENC_IMPLICITCA = 1 , EC_DOMPAR_ENC_OID = 2 }
 
enum class  EC_Group_Source { Builtin , ExternalSource }
 
enum class  ECIES_Flags : uint32_t {
  NONE = 0 , SINGLE_HASH_MODE = 1 , COFACTOR_MODE = 2 , OLD_COFACTOR_MODE = 4 ,
  CHECK_MODE = 8
}
 
enum class  ErrorType {
  Unknown = 1 , SystemError , NotImplemented , OutOfMemory ,
  InternalError , IoError , InvalidObjectState = 100 , KeyNotSet ,
  InvalidArgument , InvalidKeyLength , InvalidNonceLength , LookupError ,
  EncodingFailure , DecodingFailure , TLSError , HttpError ,
  InvalidTag , RoughtimeError , OpenSSLError = 200 , CommonCryptoError ,
  Pkcs11Error , TPMError , DatabaseError , ZlibError = 300 ,
  Bzip2Error , LzmaError
}
 
enum  Key_Constraints {
  NO_CONSTRAINTS = 0 , DIGITAL_SIGNATURE = 1 << 15 , NON_REPUDIATION = 1 << 14 , KEY_ENCIPHERMENT = 1 << 13 ,
  DATA_ENCIPHERMENT = 1 << 12 , KEY_AGREEMENT = 1 << 11 , KEY_CERT_SIGN = 1 << 10 , CRL_SIGN = 1 << 9 ,
  ENCIPHER_ONLY = 1 << 8 , DECIPHER_ONLY = 1 << 7
}
 
enum class  Newhope_Mode { SHA3 , BoringSSL }
 
enum  Newhope_Params {
  NEWHOPE_SENDABYTES = 1824 , NEWHOPE_SENDBBYTES = 2048 , NEWHOPE_OFFER_BYTES = 1824 , NEWHOPE_ACCEPT_BYTES = 2048 ,
  NEWHOPE_SHARED_KEY_BYTES = 32 , NEWHOPE_SEED_BYTES = 32 , NEWHOPE_POLY_BYTES = 1792 , CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32 ,
  CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32 , CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
}
 
enum  Signature_Format { IEEE_1363 , DER_SEQUENCE }
 
enum class  TPM_Storage_Type { User , System }
 
enum class  Usage_Type {
  UNSPECIFIED , TLS_SERVER_AUTH , TLS_CLIENT_AUTH , CERTIFICATE_AUTHORITY ,
  OCSP_RESPONDER , ENCRYPTION
}
 
enum  X509_Encoding { RAW_BER , PEM }
 

Functions

BigInt abs (const BigInt &n)
 
BOTAN_MALLOC_FN void * allocate_memory (size_t elems, size_t elem_size)
 
size_t almost_montgomery_inverse (BigInt &result, const BigInt &a, const BigInt &p)
 
void aont_package (RandomNumberGenerator &rng, BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
void aont_unpackage (BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
void argon2 (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t key[], size_t key_len, const uint8_t ad[], size_t ad_len, uint8_t mode, size_t threads, size_t M, size_t t)
 
bool argon2_check_pwhash (const char *password, size_t password_len, const std::string &hash)
 
std::string argon2_generate_pwhash (const char *password, size_t password_len, RandomNumberGenerator &rng, size_t p, size_t M, size_t t, uint8_t y=2, size_t salt_len=16, size_t output_len=32)
 
std::string asn1_class_to_string (ASN1_Tag type)
 
std::string asn1_tag_to_string (ASN1_Tag type)
 
void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
secure_vector< uint8_t > base32_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base32_decode (const std::string &input, bool ignore_ws)
 
size_t base32_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base32_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
size_t base32_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base32_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base32_encode (const uint8_t input[], size_t input_length)
 
std::vector< uint8_t > base58_check_decode (const char input[], size_t input_length)
 
std::vector< uint8_t > base58_check_decode (const std::string &s)
 
template<typename Alloc >
std::string base58_check_encode (const std::vector< uint8_t, Alloc > &vec)
 
std::string base58_check_encode (const uint8_t input[], size_t input_length)
 
std::vector< uint8_t > base58_decode (const char input[], size_t input_length)
 
std::vector< uint8_t > base58_decode (const std::string &s)
 
template<typename Alloc >
std::string base58_encode (const std::vector< uint8_t, Alloc > &vec)
 
std::string base58_encode (const uint8_t input[], size_t input_length)
 
secure_vector< uint8_t > base64_decode (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > base64_decode (const std::string &input, bool ignore_ws)
 
size_t base64_decode (uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t base64_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
size_t base64_decode_max_output (size_t input_length)
 
size_t base64_encode (char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Alloc >
std::string base64_encode (const std::vector< uint8_t, Alloc > &input)
 
std::string base64_encode (const uint8_t input[], size_t input_length)
 
size_t base64_encode_max_output (size_t input_length)
 
template<typename Base >
size_t base_decode (Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
 
template<typename Base >
size_t base_decode_full (Base &&base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
template<typename Vector , typename Base >
Vector base_decode_to_vec (Base &&base, const char input[], size_t input_length, bool ignore_ws)
 
template<class Base >
size_t base_encode (Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
 
template<typename Base >
std::string base_encode_to_string (Base &&base, const uint8_t input[], size_t input_length)
 
void bcrypt_pbkdf (uint8_t output[], size_t output_len, const char *pass, size_t pass_len, const uint8_t salt[], size_t salt_len, size_t rounds)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
int32_t bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_abs (word cnd, word x[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_add (word cnd, word x[], word x_size, const word y[], size_t y_size)
 
void bigint_cnd_add_or_sub (CT::Mask< word > mask, word x[], const word y[], size_t size)
 
word bigint_cnd_addsub (CT::Mask< word > mask, word x[], const word y[], const word z[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
word bigint_cnd_sub (word cnd, word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul24 (word z[48], const word x[24], const word y[24])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word z[32], const word x[16])
 
void bigint_comba_sqr24 (word z[48], const word x[24])
 
void bigint_comba_sqr4 (word z[8], const word x[4])
 
void bigint_comba_sqr6 (word z[12], const word x[6])
 
void bigint_comba_sqr8 (word z[16], const word x[8])
 
void bigint_comba_sqr9 (word z[18], const word x[9])
 
CT::Mask< word > bigint_ct_is_eq (const word x[], size_t x_size, const word y[], size_t y_size)
 
CT::Mask< word > bigint_ct_is_lt (const word x[], size_t x_size, const word y[], size_t y_size, bool lt_or_equal=false)
 
word bigint_divop (word n1, word n0, word d)
 
word BOTAN_WARN_UNUSED_RESULT bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
void bigint_mod_sub (word t[], const word s[], const word mod[], size_t mod_sw, word ws[])
 
template<size_t N>
void bigint_mod_sub_n (word t[], const word s[], const word mod[], word ws[])
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[], size_t ws_size)
 
void bigint_monty_redc_16 (word z[], const word p[16], word p_dash, word ws[])
 
void bigint_monty_redc_16 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_24 (word z[], const word p[24], word p_dash, word ws[])
 
void bigint_monty_redc_24 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_32 (word z[], const word p[32], word p_dash, word ws[])
 
void bigint_monty_redc_32 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_4 (word z[], const word p[4], word p_dash, word ws[])
 
void bigint_monty_redc_4 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_6 (word z[], const word p[6], word p_dash, word ws[])
 
void bigint_monty_redc_6 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_monty_redc_8 (word z[], const word p[8], word p_dash, word ws[])
 
void bigint_monty_redc_8 (word z[], const word p[], word p_dash, word ws[])
 
void bigint_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
 
void bigint_shl1 (word x[], size_t x_size, size_t x_words, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
CT::Mask< word > bigint_sub_abs (word z[], const word x[], const word y[], size_t N, word ws[])
 
int32_t bigint_sub_abs (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
template<typename T >
T bit_permute_step (T x, T mask, size_t shift)
 
size_t bit_size_to_32bit_size (size_t bit_size)
 
size_t bit_size_to_byte_size (size_t bit_size)
 
void blamka_ssse3 (uint64_t T[128])
 
const BotanErrorCategorybotan_category () noexcept
 
template<typename T >
void bswap_4 (T x[4])
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
 
template<size_t S, int64_t MUL = 1>
void carry (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int32_t &h0, int32_t &h1)
 
template<size_t S>
void carry0 (int64_t &h0, int64_t &h1)
 
uint64_t carry_shift (const donna128 &a, size_t shift)
 
uint8_t * cast_char_ptr_to_uint8 (char *s)
 
const uint8_t * cast_char_ptr_to_uint8 (const char *s)
 
const char * cast_uint8_ptr_to_char (const uint8_t *b)
 
char * cast_uint8_ptr_to_char (uint8_t *b)
 
void CECPQ1_accept (uint8_t *shared_key, uint8_t *accept_message, const uint8_t *offer_message, RandomNumberGenerator &rng)
 
void CECPQ1_accept (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], uint8_t send[CECPQ1_ACCEPT_BYTES], const uint8_t received[CECPQ1_OFFER_BYTES], RandomNumberGenerator &rng)
 
void CECPQ1_finish (uint8_t *shared_key, const CECPQ1_key &offer_key, const uint8_t *accept_message)
 
void CECPQ1_finish (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], const CECPQ1_key &offer_key, const uint8_t received[CECPQ1_ACCEPT_BYTES])
 
void CECPQ1_offer (uint8_t *offer_message, CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
void CECPQ1_offer (uint8_t send[CECPQ1_OFFER_BYTES], CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
template<typename T >
uint8_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &pass, const std::string &hash)
 
bool check_passhash9 (const std::string &pass, const std::string &hash)
 
bool check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
size_t checked_add (size_t x, size_t y, const char *file, int line)
 
PK_Signerchoose_sig_format (const Private_Key &key, const std::map< std::string, std::string > &opts, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
PK_Signerchoose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
 
std::string clean_ws (const std::string &s)
 
void clear_bytes (void *ptr, size_t bytes)
 
template<typename T >
void clear_mem (T *ptr, size_t n)
 
uint64_t combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
void commoncrypto_adjust_key_size (const uint8_t key[], size_t length, const CommonCryptor_Opts &opts, secure_vector< uint8_t > &full_key)
 
CommonCryptor_Opts commoncrypto_opts_from_algo (const std::string &algo)
 
CommonCryptor_Opts commoncrypto_opts_from_algo_name (const std::string &algo_name)
 
bool constant_time_compare (const uint8_t x[], const uint8_t y[], size_t len)
 
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
AlternativeName create_alt_name (const Data_Store &info)
 
X509_DN create_dn (const Data_Store &info)
 
template<typename Alloc >
std::string create_hex_fingerprint (const std::vector< uint8_t, Alloc > &vec, const std::string &hash_name)
 
std::string create_hex_fingerprint (const uint8_t bits[], size_t bits_len, const std::string &hash_name)
 
std::unique_ptr< Private_Keycreate_private_key (const std::string &alg_name, RandomNumberGenerator &rng, const std::string &params, const std::string &provider)
 
uint8_t ct_compare_u8 (const uint8_t x[], const uint8_t y[], size_t len)
 
BigInt ct_divide (const BigInt &x, const BigInt &y)
 
void ct_divide (const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out)
 
void ct_divide_u8 (const BigInt &x, uint8_t y, BigInt &q_out, uint8_t &r_out)
 
BigInt ct_inverse_mod_odd_modulus (const BigInt &n, const BigInt &mod)
 
template<typename T >
T ct_is_zero (T x)
 
BigInt ct_modulo (const BigInt &x, const BigInt &y)
 
template<typename T >
size_t ctz (T n)
 
void curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32])
 
void curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
void deallocate_memory (void *p, size_t elems, size_t elem_size)
 
gf2m decode_gf2m (const uint8_t *mem)
 
void divide (const BigInt &x, const BigInt &y, BigInt &q, BigInt &r)
 
size_t dl_exponent_size (size_t bits)
 
size_t dl_work_factor (size_t bits)
 
template<typename E , typename... Args>
void do_throw_error (const char *file, int line, const char *func, Args... args)
 
secure_vector< uint8_t > EC2OSP (const PointGFp &point, uint8_t format)
 
size_t ecp_work_factor (size_t bits)
 
void ed25519_gen_keypair (uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
 
void ed25519_gen_keypair (uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32])
 
void ed25519_sign (uint8_t sig[64], const uint8_t m[], size_t mlen, const uint8_t sk[64], const uint8_t domain_sep[], size_t domain_sep_len)
 
bool ed25519_verify (const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk, const uint8_t domain_sep[], size_t domain_sep_len)
 
bool ed25519_verify (const uint8_t msg[], size_t msg_len, const uint8_t sig[64], const uint8_t pk[32], const uint8_t domain_sep[], size_t domain_sep_len)
 
uint32_t encode_gf2m (gf2m to_enc, uint8_t *mem)
 
std::string erase_chars (const std::string &str, const std::set< char > &chars)
 
template<typename T >
uint16_t expand_mask_16bit (T tst)
 
template<typename T >
T expand_top_bit (T a)
 
void fe_0 (fe &x)
 
void fe_1 (fe &x)
 
void fe_add (fe &x, const fe &a, const fe &b)
 
void fe_copy (fe &a, const fe &b)
 
void fe_frombytes (fe &x, const uint8_t *b)
 
void fe_invert (fe &x, const fe &z)
 
int fe_isnegative (const fe &x)
 
int fe_isnonzero (const fe &x)
 
void fe_mul (fe &x, const fe &a, const fe &b)
 
void fe_neg (fe &x, const fe &z)
 
void fe_pow22523 (fe &x, const fe &y)
 
void fe_sq (fe &x, const fe &z)
 
void fe_sq2 (fe &x, const fe &z)
 
void fe_sq_iter (fe &x, const fe &z, size_t iter)
 
void fe_sub (fe &x, const fe &a, const fe &b)
 
void fe_tobytes (uint8_t *b, const fe &x)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, size_t code_length)
 
BigInt gcd (const BigInt &a, const BigInt &b)
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t *a, const ge_p3 *A, const uint8_t *b)
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])
 
int ge_frombytes_negate_vartime (ge_p3 *, const uint8_t *)
 
void ge_scalarmult_base (uint8_t out[32], const uint8_t in[32])
 
std::string generate_bcrypt (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, char version)
 
std::vector< uint8_t > generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits)
 
bool generate_dsa_primes (RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, size_t ext_deg, size_t code_length, size_t t)
 
std::string generate_passhash9 (const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id)
 
BigInt generate_rfc6979_nonce (const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
 
BigInt generate_rsa_prime (RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const DL_Group &group, const std::string &hash_id)
 
BigInt generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
 
AEAD_Modeget_aead (const std::string &name, Cipher_Dir direction)
 
BlockCipherModePaddingMethodget_bc_pad (const std::string &algo_spec)
 
template<typename T >
constexpr uint8_t get_byte (size_t byte_num, T input)
 
Keyed_Filterget_cipher (const std::string &algo_spec, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, Cipher_Dir direction)
 
Keyed_Filterget_cipher (const std::string &algo_spec, const SymmetricKey &key, const InitializationVector &iv, Cipher_Dir direction)
 
Cipher_Modeget_cipher_mode (const std::string &algo_spec, Cipher_Dir direction, const std::string &provider="")
 
EMEget_eme (const std::string &algo_spec)
 
EMSAget_emsa (const std::string &algo_spec)
 
std::vector< std::string > get_files_recursive (const std::string &dir)
 
KDFget_kdf (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
PBKDFget_s2k (const std::string &algo_spec)
 
const std::vector< std::string > get_sig_paddings (const std::string algo)
 
gf2m gray_to_lex (gf2m gray)
 
bool has_filesystem_impl ()
 
std::string hash_for_emsa (const std::string &algo_spec)
 
std::vector< uint8_t > hex_decode (const char input[], size_t input_length, bool ignore_ws)
 
std::vector< uint8_t > hex_decode (const std::string &input, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
 
size_t hex_decode (uint8_t output[], const std::string &input, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const char input[], size_t input_length, bool ignore_ws)
 
secure_vector< uint8_t > hex_decode_locked (const std::string &input, bool ignore_ws)
 
void hex_encode (char output[], const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename Alloc >
std::string hex_encode (const std::vector< uint8_t, Alloc > &input, bool uppercase=true)
 
std::string hex_encode (const uint8_t input[], size_t input_length, bool uppercase)
 
template<typename T >
size_t high_bit (T n)
 
secure_vector< uint8_t > hkdf_expand_label (const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
 
bool host_wildcard_match (const std::string &issued_, const std::string &host_)
 
uint8_t ieee1363_hash_id (const std::string &name)
 
size_t if_work_factor (size_t bits)
 
void initialize_allocator ()
 
BigInt inverse_euclid (const BigInt &x, const BigInt &modulus)
 
BigInt inverse_mod (const BigInt &n, const BigInt &mod)
 
std::string ipv4_to_string (uint32_t ip)
 
bool is_bailie_psw_probable_prime (const BigInt &n)
 
bool is_bailie_psw_probable_prime (const BigInt &n, const Modular_Reducer &mod_n)
 
bool is_lucas_probable_prime (const BigInt &C, const Modular_Reducer &mod_C)
 
bool is_miller_rabin_probable_prime (const BigInt &n, const Modular_Reducer &mod_n, RandomNumberGenerator &rng, size_t test_iterations)
 
bool is_passhash9_alg_supported (uint8_t alg_id)
 
BigInt is_perfect_square (const BigInt &C)
 
template<typename T >
constexpr bool is_power_of_2 (T arg)
 
bool is_prime (const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
 
int32_t jacobi (const BigInt &a, const BigInt &n)
 
std::string key_constraints_to_string (Key_Constraints constraints)
 
BigInt lcm (const BigInt &a, const BigInt &b)
 
gf2m lex_to_gray (gf2m lex)
 
uint64_t load_3 (const uint8_t in[3])
 
uint64_t load_4 (const uint8_t *in)
 
template<typename T >
T load_be (const uint8_t in[], size_t off)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_be (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_be< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_be< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_be< uint64_t > (const uint8_t in[], size_t off)
 
template<typename T >
T load_le (const uint8_t in[], size_t off)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_le (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_le< uint16_t > (const uint8_t in[], size_t off)
 
template<>
uint32_t load_le< uint32_t > (const uint8_t in[], size_t off)
 
template<>
uint64_t load_le< uint64_t > (const uint8_t in[], size_t off)
 
std::unique_ptr< Private_Keyload_private_key (const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
 
std::unique_ptr< Public_Keyload_public_key (const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
 
size_t low_zero_bits (const BigInt &n)
 
std::unique_ptr< BlockCiphermake_commoncrypto_block_cipher (const std::string &name)
 
Cipher_Modemake_commoncrypto_cipher_mode (const std::string &name, Cipher_Dir direction)
 
std::unique_ptr< HashFunctionmake_commoncrypto_hash (const std::string &name)
 
Compression_Algorithmmake_compressor (const std::string &name)
 
Decompression_Algorithmmake_decompressor (const std::string &name)
 
boost::system::error_code make_error_code (Botan::ErrorType e)
 
constexpr uint16_t make_uint16 (uint8_t i0, uint8_t i1)
 
constexpr uint32_t make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
 
constexpr uint64_t make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Single_object make_unique (Args &&... args)
 
template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Known_bound make_unique (Args &&...)=delete
 
template<class T >
stlCompatibilityDetails::_Unique_if< T >::_Unknown_bound make_unique (size_t n)
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
secure_vector< uint8_t > mceies_decrypt (const McEliece_PrivateKey &privkey, const uint8_t ct[], size_t ct_len, const uint8_t ad[], size_t ad_len, const std::string &algo)
 
secure_vector< uint8_t > mceies_encrypt (const McEliece_PublicKey &pubkey, const uint8_t pt[], size_t pt_len, const uint8_t ad[], size_t ad_len, RandomNumberGenerator &rng, const std::string &algo)
 
secure_vector< uint8_t > mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, size_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext, secure_vector< uint8_t > &error_mask, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
 
size_t mceliece_work_factor (size_t n, size_t t)
 
void mgf1_mask (HashFunction &hash, const uint8_t in[], size_t in_len, uint8_t out[], size_t out_len)
 
size_t miller_rabin_test_iterations (size_t n_bits, size_t prob, bool random)
 
BigInt monty_execute (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
 
BigInt monty_execute_vartime (const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
 
word monty_inverse (word a)
 
BigInt monty_multi_exp (std::shared_ptr< const Montgomery_Params > params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
 
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute (std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
 
void mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
 
BigInt mul_add (const BigInt &a, const BigInt &b, const BigInt &c)
 
BigInt mul_sub (const BigInt &a, const BigInt &b, const BigInt &c)
 
PointGFp multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
void newhope_keygen (uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_keygen (uint8_t send[NEWHOPE_SENDABYTES], newhope_poly *sk, RandomNumberGenerator &rng, Newhope_Mode=Newhope_Mode::SHA3)
 
void newhope_shareda (uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
 
void newhope_shareda (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], const newhope_poly *ska, const uint8_t *received, Newhope_Mode mode=Newhope_Mode::SHA3)
 
void newhope_sharedb (uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_sharedb (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], uint8_t send[], const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode=Newhope_Mode::SHA3)
 
secure_vector< uint8_t > nist_key_unwrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
secure_vector< uint8_t > nist_key_unwrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
BigInt normalized_montgomery_inverse (const BigInt &a, const BigInt &p)
 
secure_vector< uint8_t > oaep_find_delim (uint8_t &valid_mask, const uint8_t input[], size_t input_len, const secure_vector< uint8_t > &Phash)
 
bool operator!= (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator!= (const ASN1_Time &, const ASN1_Time &)
 
bool operator!= (const BigInt &a, const BigInt &b)
 
bool operator!= (const BigInt &a, word b)
 
bool operator!= (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator!= (const CurveGFp &lhs, const CurveGFp &rhs)
 
bool operator!= (const EC_Group &lhs, const EC_Group &rhs)
 
bool operator!= (const OctetString &s1, const OctetString &s2)
 
bool operator!= (const OID &a, const OID &b)
 
bool operator!= (const PointGFp &lhs, const PointGFp &rhs)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const X509_Certificate &cert1, const X509_Certificate &cert2)
 
bool operator!= (const X509_DN &dn1, const X509_DN &dn2)
 
BigInt operator% (const BigInt &n, const BigInt &mod)
 
word operator% (const BigInt &n, word mod)
 
ECIES_Flags operator& (ECIES_Flags a, ECIES_Flags b)
 
PointGFp operator* (const BigInt &scalar, const PointGFp &point)
 
BigInt operator* (const BigInt &x, const BigInt &y)
 
BigInt operator* (const BigInt &x, word y)
 
donna128 operator* (const donna128 &x, uint64_t y)
 
PointGFp operator* (const PointGFp &point, const BigInt &scalar)
 
donna128 operator* (uint64_t y, const donna128 &x)
 
BigInt operator* (word x, const BigInt &y)
 
BigInt operator+ (const BigInt &x, const BigInt &y)
 
BigInt operator+ (const BigInt &x, word y)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
donna128 operator+ (const donna128 &x, uint64_t y)
 
OctetString operator+ (const OctetString &k1, const OctetString &k2)
 
OID operator+ (const OID &oid, uint32_t new_comp)
 
PointGFp operator+ (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator+ (word x, const BigInt &y)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
BigInt operator- (const BigInt &x, const BigInt &y)
 
BigInt operator- (const BigInt &x, word y)
 
PointGFp operator- (const PointGFp &lhs)
 
PointGFp operator- (const PointGFp &lhs, const PointGFp &rhs)
 
BigInt operator/ (const BigInt &x, const BigInt &y)
 
BigInt operator/ (const BigInt &x, word y)
 
bool operator< (const ASN1_Time &, const ASN1_Time &)
 
bool operator< (const BigInt &a, const BigInt &b)
 
bool operator< (const BigInt &a, word b)
 
bool operator< (const OID &a, const OID &b)
 
bool operator< (const X509_DN &dn1, const X509_DN &dn2)
 
BigInt operator<< (const BigInt &x, size_t shift)
 
int operator<< (int fd, Pipe &pipe)
 
std::ostream & operator<< (std::ostream &os, const GeneralName &gn)
 
std::ostream & operator<< (std::ostream &os, const GeneralSubtree &gs)
 
std::ostream & operator<< (std::ostream &out, const X509_DN &dn)
 
std::ostream & operator<< (std::ostream &out, Pipe &pipe)
 
std::ostream & operator<< (std::ostream &stream, const BigInt &n)
 
bool operator<= (const ASN1_Time &, const ASN1_Time &)
 
bool operator<= (const BigInt &a, const BigInt &b)
 
bool operator<= (const BigInt &a, word b)
 
bool operator== (const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
 
bool operator== (const ASN1_Time &, const ASN1_Time &)
 
bool operator== (const BigInt &a, const BigInt &b)
 
bool operator== (const BigInt &a, word b)
 
bool operator== (const CRL_Entry &a1, const CRL_Entry &a2)
 
bool operator== (const OctetString &s1, const OctetString &s2)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const X509_DN &dn1, const X509_DN &dn2)
 
bool operator> (const ASN1_Time &, const ASN1_Time &)
 
bool operator> (const BigInt &a, const BigInt &b)
 
bool operator> (const BigInt &a, word b)
 
bool operator>= (const ASN1_Time &, const ASN1_Time &)
 
bool operator>= (const BigInt &a, const BigInt &b)
 
bool operator>= (const BigInt &a, word b)
 
BigInt operator>> (const BigInt &x, size_t shift)
 
int operator>> (int fd, Pipe &pipe)
 
std::istream & operator>> (std::istream &in, Pipe &pipe)
 
std::istream & operator>> (std::istream &in, X509_DN &dn)
 
std::istream & operator>> (std::istream &stream, BigInt &n)
 
OctetString operator^ (const OctetString &k1, const OctetString &k2)
 
template<typename Alloc , typename Alloc2 >
std::vector< uint8_t, Alloc > & operator^= (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
ECIES_Flags operator| (ECIES_Flags a, ECIES_Flags b)
 
template<typename Alloc >
PointGFp OS2ECP (const std::vector< uint8_t, Alloc > &data, const CurveGFp &curve)
 
std::pair< BigInt, BigIntOS2ECP (const uint8_t data[], size_t data_len, const BigInt &curve_p, const BigInt &curve_a, const BigInt &curve_b)
 
PointGFp OS2ECP (const uint8_t data[], size_t data_len, const CurveGFp &curve)
 
std::vector< std::string > parse_algorithm_name (const std::string &namex)
 
std::vector< uint32_t > parse_asn1_oid (const std::string &oid)
 
bool passes_miller_rabin_test (const BigInt &n, const Modular_Reducer &mod_n, const std::shared_ptr< Montgomery_Params > &monty_n, const BigInt &a)
 
secure_vector< uint8_t > pbes2_decrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, const std::vector< uint8_t > &params)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t pbkdf_iter, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< AlgorithmIdentifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
void pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const uint8_t salt[], size_t salt_len, size_t iterations)
 
std::vector< uint8_t > pkcs_hash_id (const std::string &name)
 
void poly_double_n (uint8_t buf[], size_t n)
 
void poly_double_n (uint8_t out[], const uint8_t in[], size_t n)
 
void poly_double_n_le (uint8_t out[], const uint8_t in[], size_t n)
 
bool poly_double_supported_size (size_t n)
 
BigInt power_mod (const BigInt &base, const BigInt &exp, const BigInt &mod)
 
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
 
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
 
const BigIntprime_p192 ()
 
const BigIntprime_p224 ()
 
const BigIntprime_p256 ()
 
const BigIntprime_p384 ()
 
const BigIntprime_p521 ()
 
std::vector< std::string > probe_provider_private_key (const std::string &alg_name, const std::vector< std::string > possible)
 
template<typename T >
std::vector< std::string > probe_providers_of (const std::string &algo_spec, const std::vector< std::string > &possible)
 
bool quick_check_prime (const BigInt &n, RandomNumberGenerator &rng)
 
gf2m random_code_element (uint16_t code_length, RandomNumberGenerator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
BigInt random_prime (RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
 
BigInt random_safe_prime (RandomNumberGenerator &rng, size_t bits)
 
std::map< std::string, std::string > read_cfg (std::istream &is)
 
std::map< std::string, std::string > read_kv (const std::string &kv)
 
void redc_mul (int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
 
void redc_p192 (BigInt &x, secure_vector< word > &ws)
 
void redc_p224 (BigInt &x, secure_vector< word > &ws)
 
void redc_p256 (BigInt &x, secure_vector< word > &ws)
 
void redc_p384 (BigInt &x, secure_vector< word > &ws)
 
void redc_p521 (BigInt &x, secure_vector< word > &ws)
 
std::string replace_char (const std::string &str, char from_char, char to_char)
 
std::string replace_chars (const std::string &str, const std::set< char > &chars, char to_char)
 
BigInt ressol (const BigInt &x, const BigInt &p)
 
uint16_t reverse_bytes (uint16_t val)
 
uint32_t reverse_bytes (uint32_t val)
 
uint64_t reverse_bytes (uint64_t val)
 
secure_vector< uint8_t > rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
secure_vector< uint8_t > rfc3394_keywrap (const secure_vector< uint8_t > &key, const SymmetricKey &kek)
 
size_t RFC4880_decode_count (uint8_t iter)
 
uint8_t RFC4880_encode_count (size_t desired_iterations)
 
size_t RFC4880_round_iterations (size_t iterations)
 
template<typename T >
T rotate_left (T input, size_t rot)
 
template<typename T >
T rotate_right (T input, size_t rot)
 
template<size_t ROT, typename T >
constexpr T rotl (T input)
 
template<typename T >
T rotl_var (T input, size_t rot)
 
template<size_t ROT, typename T >
constexpr T rotr (T input)
 
template<typename T >
T rotr_var (T input, size_t rot)
 
template<typename T >
constexpr T round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
void sc_muladd (uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
 
void sc_reduce (uint8_t *)
 
void scrypt (uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 
void scrypt (uint8_t output[], size_t output_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 
size_t scrypt_memory_usage (size_t N, size_t r, size_t p)
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
void secure_scrub_memory (void *ptr, size_t n)
 
void set_mem (uint8_t *ptr, size_t n, uint8_t val)
 
void SHA3_round (uint64_t T[25], const uint64_t A[25], uint64_t RC)
 
const char * short_version_cstr ()
 
std::string short_version_string ()
 
bool sig_algo_and_pad_ok (const std::string algo, const std::string padding)
 
template<typename T >
size_t significant_bytes (T n)
 
std::vector< uint8_t > sm2_compute_za (HashFunction &hash, const std::string &user_id, const EC_Group &domain, const PointGFp &pubkey)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
 
BigInt square (const BigInt &x)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const DL_Group &group, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, const size_t a_bits, RandomNumberGenerator &rng)
 
std::pair< BigInt, SymmetricKeysrp6_client_agree (const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng)
 
std::string srp6_group_identifier (const BigInt &N, const BigInt &g)
 
void store_be (uint16_t in, uint8_t out[2])
 
void store_be (uint32_t in, uint8_t out[4])
 
void store_be (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
void store_le (uint16_t in, uint8_t out[2])
 
void store_le (uint32_t in, uint8_t out[4])
 
void store_le (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
uint32_t string_to_ipv4 (const std::string &str)
 
BigInt sub_mul (const BigInt &a, const BigInt &b, const BigInt &c)
 
template<typename T >
void swap_bits (T &x, T &y, T mask, size_t shift)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
RandomNumberGeneratorsystem_rng ()
 
void throw_invalid_argument (const char *message, const char *func, const char *file)
 
void throw_invalid_state (const char *expr, const char *func, const char *file)
 
uint32_t timespec_to_u32bit (const std::string &timespec)
 
std::vector< uint8_t > to_byte_vector (const std::string &s)
 
const char * to_string (Certificate_Status_Code code)
 
std::string to_string (const secure_vector< uint8_t > &bytes)
 
std::string to_string (ErrorType type)
 Convert an ErrorType to string.
 
uint32_t to_u32bit (const std::string &str)
 
uint16_t to_uint16 (const std::string &str)
 
std::string tolower_string (const std::string &in)
 
template<class To , class From >
To typecast_copy (const From *src) noexcept
 
template<typename T >
void typecast_copy (T &out, const uint8_t in[])
 
template<typename T >
void typecast_copy (T out[], const uint8_t in[], size_t N)
 
template<typename T >
void typecast_copy (uint8_t out[], T in)
 
template<typename T >
void typecast_copy (uint8_t out[], T in[], size_t N)
 
std::string ucs2_to_utf8 (const uint8_t ucs2[], size_t len)
 
std::string ucs4_to_utf8 (const uint8_t ucs4[], size_t len)
 
template<typename T >
std::vector< Tunlock (const secure_vector< T > &in)
 
std::string utf8_to_latin1 (const std::string &utf8)
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
size_t var_ctz32 (uint32_t n)
 
void vartime_divide (const BigInt &x, const BigInt &y_arg, BigInt &q_out, BigInt &r_out)
 
void verify_cert_constraints_valid_for_key_type (const Public_Key &pub_key, Key_Constraints constraints)
 
bool verify_prime (const BigInt &n, RandomNumberGenerator &rng)
 
const char * version_cstr ()
 
uint32_t version_datestamp ()
 
uint32_t version_major ()
 
uint32_t version_minor ()
 
uint32_t version_patch ()
 
std::string version_string ()
 
void word3_add (word *w2, word *w1, word *w0, word x)
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
word word_madd2 (word a, word b, word *c)
 
word word_madd3 (word a, word b, word c, word *d)
 
word word_sub (word x, word y, word *carry)
 
bool x500_name_cmp (const std::string &name1, const std::string &name2)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const Certificate_Store &store, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
 
Path_Validation_Result x509_path_validate (const X509_Certificate &end_cert, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point when, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n)
 
void xor_buf (uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length)
 
void xor_buf (uint8_t out[], const uint8_t in[], size_t length)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const std::map< const std::string, std::vector< std::string > > allowed_signature_paddings
 
const uint32_t CAST_SBOX1 [256]
 
const uint32_t CAST_SBOX2 [256]
 
const uint32_t CAST_SBOX3 [256]
 
const uint32_t CAST_SBOX4 [256]
 
const uint32_t DES_SPBOX1 [256]
 
const uint32_t DES_SPBOX2 [256]
 
const uint32_t DES_SPBOX3 [256]
 
const uint32_t DES_SPBOX4 [256]
 
const uint32_t DES_SPBOX5 [256]
 
const uint32_t DES_SPBOX6 [256]
 
const uint32_t DES_SPBOX7 [256]
 
const uint32_t DES_SPBOX8 [256]
 
const size_t HEX_CODEC_BUFFER_SIZE = 256
 
const word MP_WORD_MAX = ~static_cast<word>(0)
 
const size_t PRIME_TABLE_SIZE = 6541
 
const uint16_t PRIMES []
 
const uint64_t STREEBOG_Ax [8][256]
 
const uint64_t STREEBOG_C [12][8]
 

Detailed Description

(C) 2018,2019,2022 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018,2019 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2022 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2019 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

(C) 2018 Jack Lloyd (C) 2018 Ribose Inc

Botan is released under the Simplified BSD License (see license.txt)

Ordinary applications should never need to include or use this header. It is exposed only for specialized applications which want to implement new versions of public key crypto without merging them as changes to the library. One actual example of such usage is an application which creates RSA signatures using a custom TPM library. Unless you're doing something like that, you don't need anything here. Instead use pubkey.h which wraps these types safely and provides a stable application-oriented API.

XMSS WOTS Addressed Private Key (C) 2016 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

XMSS WOTS Addressed Public Key (C) 2016,2017 Matthias Gierlings

Botan is released under the Simplified BSD License (see license.txt)

Typedef Documentation

◆ Altivec32x4

typedef __vector unsigned int Botan::Altivec32x4

Definition at line 22 of file aes_power8.cpp.

◆ Altivec64x2

typedef __vector unsigned long long Botan::Altivec64x2

Definition at line 21 of file aes_power8.cpp.

◆ Altivec8x16

typedef __vector unsigned char Botan::Altivec8x16

Definition at line 23 of file aes_power8.cpp.

◆ Blake2b

Definition at line 56 of file blake2b.h.

◆ byte

using Botan::byte = typedef std::uint8_t

Definition at line 90 of file types.h.

◆ CCCryptorStatus

typedef int32_t Botan::CCCryptorStatus

Definition at line 23 of file commoncrypto.h.

◆ CertificatePathStatusCodes

This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.

Definition at line 29 of file x509path.h.

◆ EC_Domain_Params

Definition at line 394 of file ec_group.h.

◆ fe

Definition at line 134 of file ed25519_fe.h.

◆ gf2m

typedef uint16_t Botan::gf2m

Definition at line 22 of file gf2m_small_m.h.

◆ InitializationVector

Alternate name for octet string showing intent to use as an IV

Definition at line 146 of file symkey.h.

◆ Integrity_Failure

For compatability with older versions

Definition at line 301 of file exceptn.h.

◆ lock_guard_type

template<typename T >
using Botan::lock_guard_type = typedef lock_guard<T>

Definition at line 54 of file mutex.h.

◆ MAC

Definition at line 139 of file mac.h.

◆ mutex_type

Definition at line 52 of file mutex.h.

◆ PK_KA_Key

Definition at line 311 of file pk_keys.h.

◆ PKCS8_PrivateKey

Definition at line 313 of file pk_keys.h.

◆ poly

Definition at line 25 of file newhope.cpp.

◆ recursive_mutex_type

Definition at line 53 of file mutex.h.

◆ RNG

Convenience typedef

Definition at line 191 of file rng.h.

◆ S2K

typedef PBKDF Botan::S2K

Definition at line 224 of file pbkdf.h.

◆ s32bit

using Botan::s32bit = typedef std::int32_t

Definition at line 94 of file types.h.

◆ secure_deque

template<typename T >
using Botan::secure_deque = typedef std::deque<T, secure_allocator<T> >

Definition at line 66 of file secmem.h.

◆ secure_vector

template<typename T >
using Botan::secure_vector = typedef std::vector<T, secure_allocator<T> >

Definition at line 65 of file secmem.h.

◆ SecureVector

template<typename T >
using Botan::SecureVector = typedef secure_vector<T>

Definition at line 69 of file secmem.h.

◆ SHA_1

Definition at line 71 of file sha160.h.

◆ SM2_Encryption_PrivateKey

Definition at line 120 of file sm2.h.

◆ SM2_Encryption_PublicKey

Definition at line 117 of file sm2.h.

◆ SM2_Signature_PrivateKey

Definition at line 119 of file sm2.h.

◆ SM2_Signature_PublicKey

Definition at line 116 of file sm2.h.

◆ SymmetricKey

Alternate name for octet string showing intent to use as a key

Definition at line 141 of file symkey.h.

◆ Transform_Filter

Definition at line 196 of file filters.h.

◆ Transformation_Filter

Definition at line 197 of file filters.h.

◆ u16bit

using Botan::u16bit = typedef std::uint16_t

Definition at line 91 of file types.h.

◆ u32bit

using Botan::u32bit = typedef std::uint32_t

Definition at line 92 of file types.h.

◆ u64bit

using Botan::u64bit = typedef std::uint64_t

Definition at line 93 of file types.h.

◆ wots_keysig_t

typedef std::vector< secure_vector< uint8_t > > Botan::wots_keysig_t

Definition at line 21 of file xmss_common_ops.h.

◆ X25519_PrivateKey

Definition at line 103 of file curve25519.h.

◆ X25519_PublicKey

Definition at line 102 of file curve25519.h.

◆ X509_PublicKey

Definition at line 312 of file pk_keys.h.

◆ X509_Time

Definition at line 386 of file asn1_obj.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
SM3_BLOCK_BYTES 
SM3_DIGEST_BYTES 

Definition at line 17 of file sm3.h.

17 {
18 SM3_BLOCK_BYTES = 64,
20};
@ SM3_DIGEST_BYTES
Definition sm3.h:19
@ SM3_BLOCK_BYTES
Definition sm3.h:18

◆ ASN1_Tag

enum Botan::ASN1_Tag : uint32_t

ASN.1 Type and Class Tags This will become an enum class in a future major release

Enumerator
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
UNIVERSAL_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
UTC_OR_GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

Definition at line 25 of file asn1_obj.h.

25 : uint32_t {
26 UNIVERSAL = 0x00,
27 APPLICATION = 0x40,
28 CONTEXT_SPECIFIC = 0x80,
29
30 CONSTRUCTED = 0x20,
31
33
34 EOC = 0x00,
35 BOOLEAN = 0x01,
36 INTEGER = 0x02,
37 BIT_STRING = 0x03,
38 OCTET_STRING = 0x04,
39 NULL_TAG = 0x05,
40 OBJECT_ID = 0x06,
41 ENUMERATED = 0x0A,
42 SEQUENCE = 0x10,
43 SET = 0x11,
44
45 UTF8_STRING = 0x0C,
46 NUMERIC_STRING = 0x12,
47 PRINTABLE_STRING = 0x13,
48 T61_STRING = 0x14,
49 IA5_STRING = 0x16,
50 VISIBLE_STRING = 0x1A,
51 UNIVERSAL_STRING = 0x1C,
52 BMP_STRING = 0x1E,
53
54 UTC_TIME = 0x17,
55 GENERALIZED_TIME = 0x18,
57
58 NO_OBJECT = 0xFF00,
59 DIRECTORY_STRING = 0xFF01
60};
@ UTC_TIME
Definition asn1_obj.h:54
@ DIRECTORY_STRING
Definition asn1_obj.h:59
@ CONSTRUCTED
Definition asn1_obj.h:30
@ GENERALIZED_TIME
Definition asn1_obj.h:55
@ IA5_STRING
Definition asn1_obj.h:49
@ UNIVERSAL_STRING
Definition asn1_obj.h:51
@ BIT_STRING
Definition asn1_obj.h:37
@ PRINTABLE_STRING
Definition asn1_obj.h:47
@ T61_STRING
Definition asn1_obj.h:48
@ UTF8_STRING
Definition asn1_obj.h:45
@ SEQUENCE
Definition asn1_obj.h:42
@ APPLICATION
Definition asn1_obj.h:27
@ NUMERIC_STRING
Definition asn1_obj.h:46
@ BOOLEAN
Definition asn1_obj.h:35
@ CONTEXT_SPECIFIC
Definition asn1_obj.h:28
@ BMP_STRING
Definition asn1_obj.h:52
@ ENUMERATED
Definition asn1_obj.h:41
@ NO_OBJECT
Definition asn1_obj.h:58
@ UTC_OR_GENERALIZED_TIME
Definition asn1_obj.h:56
@ OCTET_STRING
Definition asn1_obj.h:38
@ NULL_TAG
Definition asn1_obj.h:39
@ UNIVERSAL
Definition asn1_obj.h:26
@ VISIBLE_STRING
Definition asn1_obj.h:50
@ EOC
Definition asn1_obj.h:34
@ OBJECT_ID
Definition asn1_obj.h:40
@ SET
Definition asn1_obj.h:43
@ INTEGER
Definition asn1_obj.h:36
@ PRIVATE
Definition asn1_obj.h:32

◆ Certificate_Status_Code

enum class Botan::Certificate_Status_Code
strong

Certificate validation status code

Enumerator
OK 
VERIFIED 
OCSP_RESPONSE_GOOD 
OCSP_SIGNATURE_OK 
VALID_CRL_CHECKED 
OCSP_NO_HTTP 
FIRST_WARNING_STATUS 
CERT_SERIAL_NEGATIVE 
DN_TOO_LONG 
OCSP_NO_REVOCATION_URL 
OCSP_SERVER_NOT_AVAILABLE 
OSCP_NO_REVOCATION_URL 
OSCP_SERVER_NOT_AVAILABLE 
FIRST_ERROR_STATUS 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
NO_REVOCATION_DATA 
NO_MATCHING_CRLDP 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
OCSP_IS_TOO_OLD 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
CHAIN_LACKS_TRUST_ROOT 
CHAIN_NAME_MISMATCH 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
DUPLICATE_CERT_EXTENSION 
OCSP_SIGNATURE_ERROR 
OCSP_ISSUER_NOT_FOUND 
OCSP_RESPONSE_MISSING_KEYUSAGE 
OCSP_RESPONSE_INVALID 
EXT_IN_V1_V2_CERT 
DUPLICATE_CERT_POLICY 
V2_IDENTIFIERS_IN_V1_CERT 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 
CERT_PUBKEY_INVALID 
SIGNATURE_ALGO_UNKNOWN 
SIGNATURE_ALGO_BAD_PARAMS 

Definition at line 17 of file pkix_enums.h.

17 {
18 OK = 0,
19 VERIFIED = 0,
20
21 // Revocation status
25 OCSP_NO_HTTP = 4,
26
27 // Warnings
30 DN_TOO_LONG = 501,
33
34 // Typo versions of above - will be removed in future major release
37
38 // Errors
39 FIRST_ERROR_STATUS = 1000,
40
42 UNTRUSTED_HASH = 1001,
43 NO_REVOCATION_DATA = 1002,
44 NO_MATCHING_CRLDP = 1003,
45
46 // Time problems
47 CERT_NOT_YET_VALID = 2000,
48 CERT_HAS_EXPIRED = 2001,
49 OCSP_NOT_YET_VALID = 2002,
50 OCSP_HAS_EXPIRED = 2003,
51 CRL_NOT_YET_VALID = 2004,
52 CRL_HAS_EXPIRED = 2005,
53 OCSP_IS_TOO_OLD = 2006,
54
55 // Chain generation problems
58 CERT_CHAIN_LOOP = 3002,
61
62 // Validation errors
63 POLICY_ERROR = 4000,
64 INVALID_USAGE = 4001,
68
69 // Revocation errors
72 OCSP_BAD_STATUS = 4007,
73
74 // Other problems
75 CERT_NAME_NOMATCH = 4008,
82 EXT_IN_V1_V2_CERT = 4505,
85
86 // Hard failures
87 CERT_IS_REVOKED = 5000,
88 CRL_BAD_SIGNATURE = 5001,
89 SIGNATURE_ERROR = 5002,
93};

◆ Character_Set

The different charsets (nominally) supported by Botan.

Enumerator
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

Definition at line 43 of file charset.h.

43 {
48};
@ UCS2_CHARSET
Definition charset.h:45
@ LOCAL_CHARSET
Definition charset.h:44
@ LATIN1_CHARSET
Definition charset.h:47
@ UTF8_CHARSET
Definition charset.h:46

◆ Cipher_Dir

enum Botan::Cipher_Dir : int

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

Definition at line 23 of file cipher_mode.h.

23: int { ENCRYPTION, DECRYPTION };
@ DECRYPTION
Definition cipher_mode.h:23
@ ENCRYPTION
Definition cipher_mode.h:23

◆ CRL_Code

enum Botan::CRL_Code : uint32_t

X.509v2 CRL Reason Code. This will become an enum class in a future major release

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
PRIVILEGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

Definition at line 123 of file pkix_enums.h.

123 : uint32_t {
124 UNSPECIFIED = 0,
125 KEY_COMPROMISE = 1,
126 CA_COMPROMISE = 2,
128 SUPERSEDED = 4,
131 REMOVE_FROM_CRL = 8,
134 AA_COMPROMISE = 10,
135
136 DELETE_CRL_ENTRY = 0xFF00,
137 OCSP_GOOD = 0xFF01,
138 OCSP_UNKNOWN = 0xFF02
139};
@ OCSP_GOOD
Definition pkix_enums.h:137
@ PRIVLEDGE_WITHDRAWN
Definition pkix_enums.h:132
@ OCSP_UNKNOWN
Definition pkix_enums.h:138
@ AFFILIATION_CHANGED
Definition pkix_enums.h:127
@ KEY_COMPROMISE
Definition pkix_enums.h:125
@ UNSPECIFIED
Definition pkix_enums.h:124
@ SUPERSEDED
Definition pkix_enums.h:128
@ AA_COMPROMISE
Definition pkix_enums.h:134
@ CA_COMPROMISE
Definition pkix_enums.h:126
@ CESSATION_OF_OPERATION
Definition pkix_enums.h:129
@ REMOVE_FROM_CRL
Definition pkix_enums.h:131
@ CERTIFICATE_HOLD
Definition pkix_enums.h:130
@ PRIVILEGE_WITHDRAWN
Definition pkix_enums.h:133
@ DELETE_CRL_ENTRY
Definition pkix_enums.h:136

◆ Decoder_Checking

The type of checking to be performed by decoders: NONE - no checks, IGNORE_WS - perform checks, but ignore whitespaces, FULL_CHECK - perform checks, also complain about white spaces.

Enumerator
NONE 
IGNORE_WS 
FULL_CHECK 

Definition at line 171 of file filter.h.

@ FULL_CHECK
Definition filter.h:171
@ NONE
Definition filter.h:171
@ IGNORE_WS
Definition filter.h:171

◆ DL_Group_Source

enum class Botan::DL_Group_Source
strong
Enumerator
Builtin 
RandomlyGenerated 
ExternalSource 

Definition at line 18 of file dl_group.h.

◆ EC_Group_Encoding

This class represents elliptic curce domain parameters

Enumerator
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_OID 

Definition at line 23 of file ec_group.h.

23 {
27};
@ EC_DOMPAR_ENC_EXPLICIT
Definition ec_group.h:24
@ EC_DOMPAR_ENC_OID
Definition ec_group.h:26
@ EC_DOMPAR_ENC_IMPLICITCA
Definition ec_group.h:25

◆ EC_Group_Source

enum class Botan::EC_Group_Source
strong
Enumerator
Builtin 
ExternalSource 

Definition at line 29 of file ec_group.h.

29 {
30 Builtin,
32};

◆ ECIES_Flags

enum class Botan::ECIES_Flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

Definition at line 27 of file ecies.h.

28 {
29 NONE = 0,
30
31 /// if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key
33
34 /// (decryption only) if set: use cofactor multiplication during (ecdh) key agreement
35 COFACTOR_MODE = 2,
36
37 /// if set: use ecdhc instead of ecdh
39
40 /// (decryption only) if set: test if the (ephemeral) public key is on the curve
41 CHECK_MODE = 8
42 };
@ OLD_COFACTOR_MODE
if set: use ecdhc instead of ecdh
@ CHECK_MODE
(decryption only) if set: test if the (ephemeral) public key is on the curve
@ COFACTOR_MODE
(decryption only) if set: use cofactor multiplication during (ecdh) key agreement
@ SINGLE_HASH_MODE
if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

◆ ErrorType

enum class Botan::ErrorType
strong

Different types of errors that might occur

Enumerator
Unknown 

Some unknown error

SystemError 

An error while calling a system interface

NotImplemented 

An operation seems valid, but not supported by the current version

OutOfMemory 

Memory allocation failure

InternalError 

An internal error occurred

IoError 

An I/O error occurred

InvalidObjectState 

Invalid object state

KeyNotSet 

A key was not set on an object when this is required

InvalidArgument 

The application provided an argument which is invalid

InvalidKeyLength 

A key with invalid length was provided

InvalidNonceLength 

A nonce with invalid length was provided

LookupError 

An object type was requested but cannot be found

EncodingFailure 

Encoding a message or datum failed

DecodingFailure 

Decoding a message or datum failed

TLSError 

A TLS error (error_code will be the alert type)

HttpError 

An error during an HTTP operation

InvalidTag 

A message with an invalid authentication tag was detected

RoughtimeError 

An error during Roughtime validation

OpenSSLError 

An error when calling OpenSSL

CommonCryptoError 

An error when interacting with CommonCrypto API

Pkcs11Error 

An error when interacting with a PKCS11 device

TPMError 

An error when interacting with a TPM device

DatabaseError 

An error when interacting with a database

ZlibError 

An error when interacting with zlib

Bzip2Error 

An error when interacting with bzip2

LzmaError 

An error when interacting with lzma

Definition at line 20 of file exceptn.h.

20 {
21 /** Some unknown error */
22 Unknown = 1,
23 /** An error while calling a system interface */
25 /** An operation seems valid, but not supported by the current version */
27 /** Memory allocation failure */
29 /** An internal error occurred */
31 /** An I/O error occurred */
32 IoError,
33
34 /** Invalid object state */
36 /** A key was not set on an object when this is required */
38 /** The application provided an argument which is invalid */
40 /** A key with invalid length was provided */
42 /** A nonce with invalid length was provided */
44 /** An object type was requested but cannot be found */
46 /** Encoding a message or datum failed */
48 /** Decoding a message or datum failed */
50 /** A TLS error (error_code will be the alert type) */
52 /** An error during an HTTP operation */
54 /** A message with an invalid authentication tag was detected */
56 /** An error during Roughtime validation */
58
59 /** An error when calling OpenSSL */
60 OpenSSLError = 200,
61 /** An error when interacting with CommonCrypto API */
63 /** An error when interacting with a PKCS11 device */
65 /** An error when interacting with a TPM device */
67 /** An error when interacting with a database */
69
70 /** An error when interacting with zlib */
71 ZlibError = 300,
72 /** An error when interacting with bzip2 */
74 /** An error when interacting with lzma */
76
77};

◆ Key_Constraints

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 106 of file pkix_enums.h.

106 {
107 NO_CONSTRAINTS = 0,
108 DIGITAL_SIGNATURE = 1 << 15,
109 NON_REPUDIATION = 1 << 14,
110 KEY_ENCIPHERMENT = 1 << 13,
111 DATA_ENCIPHERMENT = 1 << 12,
112 KEY_AGREEMENT = 1 << 11,
113 KEY_CERT_SIGN = 1 << 10,
114 CRL_SIGN = 1 << 9,
115 ENCIPHER_ONLY = 1 << 8,
116 DECIPHER_ONLY = 1 << 7
117};
@ KEY_ENCIPHERMENT
Definition ffi.h:1568
@ NO_CONSTRAINTS
Definition ffi.h:1565
@ CRL_SIGN
Definition ffi.h:1572
@ DIGITAL_SIGNATURE
Definition ffi.h:1566
@ KEY_AGREEMENT
Definition ffi.h:1570
@ DATA_ENCIPHERMENT
Definition ffi.h:1569
@ KEY_CERT_SIGN
Definition ffi.h:1571
@ ENCIPHER_ONLY
Definition ffi.h:1573
@ NON_REPUDIATION
Definition ffi.h:1567
@ DECIPHER_ONLY
Definition ffi.h:1574

◆ Newhope_Mode

enum class Botan::Newhope_Mode
strong

This chooses the XOF + hash for NewHope The official NewHope specification and reference implementation use SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode

Enumerator
SHA3 
BoringSSL 

Definition at line 58 of file newhope.h.

◆ Newhope_Params

Enumerator
NEWHOPE_SENDABYTES 
NEWHOPE_SENDBBYTES 
NEWHOPE_OFFER_BYTES 
NEWHOPE_ACCEPT_BYTES 
NEWHOPE_SHARED_KEY_BYTES 
NEWHOPE_SEED_BYTES 
NEWHOPE_POLY_BYTES 
CECPQ1_OFFER_BYTES 
CECPQ1_ACCEPT_BYTES 
CECPQ1_SHARED_KEY_BYTES 

Definition at line 35 of file newhope.h.

36 {
37 NEWHOPE_SENDABYTES = 1824,
38 NEWHOPE_SENDBBYTES = 2048,
39
43
45 NEWHOPE_POLY_BYTES = 1792,
46
50 };
@ NEWHOPE_SHARED_KEY_BYTES
Definition newhope.h:42
@ NEWHOPE_SENDABYTES
Definition newhope.h:37
@ CECPQ1_ACCEPT_BYTES
Definition newhope.h:48
@ NEWHOPE_POLY_BYTES
Definition newhope.h:45
@ NEWHOPE_SENDBBYTES
Definition newhope.h:38
@ CECPQ1_SHARED_KEY_BYTES
Definition newhope.h:49
@ CECPQ1_OFFER_BYTES
Definition newhope.h:47
@ NEWHOPE_OFFER_BYTES
Definition newhope.h:40
@ NEWHOPE_SEED_BYTES
Definition newhope.h:44
@ NEWHOPE_ACCEPT_BYTES
Definition newhope.h:41

◆ Signature_Format

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

Definition at line 23 of file pk_keys.h.

@ DER_SEQUENCE
Definition pk_keys.h:23
@ IEEE_1363
Definition pk_keys.h:23

◆ TPM_Storage_Type

enum class Botan::TPM_Storage_Type
strong
Enumerator
User 
System 

Definition at line 103 of file tpm.h.

103{ User, System };

◆ Usage_Type

enum class Botan::Usage_Type
strong
Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 
ENCRYPTION 

Definition at line 22 of file x509cert.h.

◆ X509_Encoding

The two types of X509 encoding supported by Botan. This enum is not used anymore, and will be removed in a future major release.

Enumerator
RAW_BER 
PEM 

Definition at line 25 of file x509_key.h.

25{ RAW_BER, PEM };
@ PEM
Definition x509_key.h:25
@ RAW_BER
Definition x509_key.h:25

Function Documentation

◆ abs()

BigInt Botan::abs ( const BigInt n)
inline

Return the absolute value

Parameters
nan integer
Returns
absolute value of n

Definition at line 58 of file numthry.h.

58{ return n.abs(); }
BigInt abs() const
Definition bigint.cpp:392

References Botan::BigInt::abs().

Referenced by gcd().

◆ allocate_memory()

BOTAN_MALLOC_FN void * Botan::allocate_memory ( size_t  elems,
size_t  elem_size 
)

Allocate a memory buffer by some method. This should only be used for primitive types (uint8_t, uint32_t, etc).

Parameters
elemsthe number of elements
elem_sizethe size of each element
Returns
pointer to allocated and zeroed memory, or throw std::bad_alloc on failure

Definition at line 18 of file mem_ops.cpp.

19 {
20 if(elems == 0 || elem_size == 0)
21 return nullptr;
22
23#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
24 if(void* p = mlock_allocator::instance().allocate(elems, elem_size))
25 return p;
26#endif
27
28 void* ptr = std::calloc(elems, elem_size);
29 if(!ptr)
30 throw std::bad_alloc();
31 return ptr;
32 }

References Botan::mlock_allocator::instance().

Referenced by Botan::secure_allocator< T >::allocate().

◆ almost_montgomery_inverse()

size_t Botan::almost_montgomery_inverse ( BigInt result,
const BigInt a,
const BigInt b 
)

Return a^-1 * 2^k mod b Returns k, between n and 2n Not const time

Definition at line 27 of file mod_inv.cpp.

30 {
31 size_t k = 0;
32
33 BigInt u = p, v = a, r = 0, s = 1;
34
35 while(v > 0)
36 {
37 if(u.is_even())
38 {
39 u >>= 1;
40 s <<= 1;
41 }
42 else if(v.is_even())
43 {
44 v >>= 1;
45 r <<= 1;
46 }
47 else if(u > v)
48 {
49 u -= v;
50 u >>= 1;
51 r += s;
52 s <<= 1;
53 }
54 else
55 {
56 v -= u;
57 v >>= 1;
58 s += r;
59 r <<= 1;
60 }
61
62 ++k;
63 }
64
65 if(r >= p)
66 {
67 r -= p;
68 }
69
70 result = p - r;
71
72 return k;
73 }
bool is_even() const
Definition bigint.h:403

References Botan::BigInt::is_even().

Referenced by normalized_montgomery_inverse().

◆ aont_package()

void Botan::aont_package ( RandomNumberGenerator rng,
BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform

Parameters
rngthe random number generator to use
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

Definition at line 17 of file package.cpp.

21 {
22 if(input_len <= 1)
23 throw Encoding_Error("Package transform cannot encode small inputs");
24
25 const size_t BLOCK_SIZE = cipher->block_size();
26
27 if(!cipher->valid_keylength(BLOCK_SIZE))
28 throw Invalid_Argument("AONT::package: Invalid cipher");
29
30 // The all-zero string which is used both as the CTR IV and as K0
31 const std::string all_zeros(BLOCK_SIZE*2, '0');
32
33 SymmetricKey package_key(rng, BLOCK_SIZE);
34
35 Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
36
37 pipe.process_msg(input, input_len);
38 const size_t remaining = pipe.remaining();
39 BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
40
41 // Set K0 (the all zero key)
42 cipher->set_key(SymmetricKey(all_zeros));
43
44 secure_vector<uint8_t> buf(BLOCK_SIZE);
45
46 const size_t blocks =
47 (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
48
49 uint8_t* final_block = output + input_len;
50 clear_mem(final_block, BLOCK_SIZE);
51
52 // XOR the hash blocks into the final block
53 for(size_t i = 0; i != blocks; ++i)
54 {
55 const size_t left = std::min<size_t>(BLOCK_SIZE,
56 input_len - BLOCK_SIZE * i);
57
58 zeroise(buf);
59 copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);
60
61 for(size_t j = 0; j != sizeof(i); ++j)
62 buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
63
64 cipher->encrypt(buf.data());
65
66 xor_buf(final_block, buf.data(), BLOCK_SIZE);
67 }
68
69 // XOR the random package key into the final block
70 xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
71 }
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:81
void encrypt(const uint8_t in[], uint8_t out[]) const
virtual size_t block_size() const =0
bool valid_keylength(size_t length) const
Definition sym_algo.h:138
void set_key(const SymmetricKey &key)
Definition sym_algo.h:147
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:114
void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:133
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition mem_ops.h:262
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition loadstor.h:41
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:115

References Botan::OctetString::begin(), Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, clear_mem(), copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

◆ aont_unpackage()

void Botan::aont_unpackage ( BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

Definition at line 73 of file package.cpp.

76 {
77 const size_t BLOCK_SIZE = cipher->block_size();
78
79 if(!cipher->valid_keylength(BLOCK_SIZE))
80 throw Invalid_Argument("AONT::unpackage: Invalid cipher");
81
82 if(input_len < BLOCK_SIZE)
83 throw Invalid_Argument("AONT::unpackage: Input too short");
84
85 // The all-zero string which is used both as the CTR IV and as K0
86 const std::string all_zeros(BLOCK_SIZE*2, '0');
87
88 cipher->set_key(SymmetricKey(all_zeros));
89
90 secure_vector<uint8_t> package_key(BLOCK_SIZE);
91 secure_vector<uint8_t> buf(BLOCK_SIZE);
92
93 // Copy the package key (masked with the block hashes)
94 copy_mem(package_key.data(),
95 input + (input_len - BLOCK_SIZE),
96 BLOCK_SIZE);
97
98 const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
99
100 // XOR the blocks into the package key bits
101 for(size_t i = 0; i != blocks; ++i)
102 {
103 const size_t left = std::min<size_t>(BLOCK_SIZE,
104 input_len - BLOCK_SIZE * (i+1));
105
106 zeroise(buf);
107 copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);
108
109 for(size_t j = 0; j != sizeof(i); ++j)
110 buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
111
112 cipher->encrypt(buf.data());
113
114 xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
115 }
116
117 Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
118
119 pipe.process_msg(input, input_len - BLOCK_SIZE);
120
121 const size_t remaining = pipe.remaining();
122 BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size");
123 }

References Botan::BlockCipher::block_size(), BOTAN_ASSERT_EQUAL, copy_mem(), Botan::BlockCipher::encrypt(), get_byte(), Botan::Pipe::process_msg(), Botan::Pipe::read(), Botan::Pipe::remaining(), Botan::SymmetricAlgorithm::set_key(), Botan::SymmetricAlgorithm::valid_keylength(), xor_buf(), and zeroise().

◆ argon2()

void Botan::argon2 ( uint8_t  output[],
size_t  output_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  key[],
size_t  key_len,
const uint8_t  ad[],
size_t  ad_len,
uint8_t  y,
size_t  p,
size_t  M,
size_t  t 
)

Argon2 key derivation function

Parameters
outputthe output will be placed here
output_lenlength of output
passwordthe user password
password_lenthe length of password
saltthe salt
salt_lenlength of salt
keyan optional secret key
key_lenthe length of key
adan optional additional input
ad_lenthe length of ad
ythe Argon2 variant (0 = Argon2d, 1 = Argon2i, 2 = Argon2id)
pthe parallelization parameter
Mthe amount of memory to use in Kb
tthe number of iterations to use

Definition at line 370 of file argon2.cpp.

376 {
377 BOTAN_ARG_CHECK(mode == 0 || mode == 1 || mode == 2, "Unknown Argon2 mode parameter");
378 BOTAN_ARG_CHECK(output_len >= 4, "Invalid Argon2 output length");
379 BOTAN_ARG_CHECK(threads >= 1 && threads <= 128, "Invalid Argon2 threads parameter");
380 BOTAN_ARG_CHECK(M >= 8*threads && M <= 8192*1024, "Invalid Argon2 M parameter");
381 BOTAN_ARG_CHECK(t >= 1, "Invalid Argon2 t parameter");
382
383 auto blake2 = HashFunction::create_or_throw("BLAKE2b");
384
385 uint8_t H0[64] = { 0 };
386 argon2_H0(H0, *blake2, output_len,
387 password, password_len,
388 salt, salt_len,
389 key, key_len,
390 ad, ad_len,
391 mode, threads, M, t);
392
393 const size_t memory = (M / (SYNC_POINTS*threads)) * (SYNC_POINTS*threads);
394
395 secure_vector<uint64_t> B(memory * 1024/8);
396
397 init_blocks(B, *blake2, H0, memory, threads);
398 process_blocks(B, t, memory, threads, mode);
399
400 clear_mem(output, output_len);
401 extract_key(output, output_len, B, memory, threads);
402 }
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:37
size_t salt_len
Definition x509_obj.cpp:25

References BOTAN_ARG_CHECK, clear_mem(), Botan::HashFunction::create_or_throw(), and salt_len.

Referenced by argon2_check_pwhash(), argon2_generate_pwhash(), and Botan::Argon2::derive_key().

◆ argon2_check_pwhash()

bool Botan::argon2_check_pwhash ( const char *  password,
size_t  password_len,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
password_lenthe length of password
hashthe stored hash to check against

Definition at line 57 of file argon2fmt.cpp.

59 {
60 const std::vector<std::string> parts = split_on(input_hash, '$');
61
62 if(parts.size() != 5)
63 return false;
64
65 uint8_t family = 0;
66
67 if(parts[0] == "argon2d")
68 family = 0;
69 else if(parts[0] == "argon2i")
70 family = 1;
71 else if(parts[0] == "argon2id")
72 family = 2;
73 else
74 return false;
75
76 if(parts[1] != "v=19")
77 return false;
78
79 const std::vector<std::string> params = split_on(parts[2], ',');
80
81 if(params.size() != 3)
82 return false;
83
84 size_t M = 0, t = 0, p = 0;
85
86 for(auto param_str : params)
87 {
88 const std::vector<std::string> param = split_on(param_str, '=');
89
90 if(param.size() != 2)
91 return false;
92
93 const std::string key = param[0];
94 const size_t val = to_u32bit(param[1]);
95 if(key == "m")
96 M = val;
97 else if(key == "t")
98 t = val;
99 else if(key == "p")
100 p = val;
101 else
102 return false;
103 }
104
105 std::vector<uint8_t> salt(base64_decode_max_output(parts[3].size()));
106 salt.resize(base64_decode(salt.data(), parts[3], false));
107
108 std::vector<uint8_t> hash(base64_decode_max_output(parts[4].size()));
109 hash.resize(base64_decode(hash.data(), parts[4], false));
110
111 if(hash.size() < 4)
112 return false;
113
114 std::vector<uint8_t> generated(hash.size());
115 argon2(generated.data(), generated.size(),
116 password, password_len,
117 salt.data(), salt.size(),
118 nullptr, 0,
119 nullptr, 0,
120 family, p, M, t);
121
122 return constant_time_compare(generated.data(), hash.data(), generated.size());
123 }
std::vector< std::string > split_on(const std::string &str, char delim)
Definition parsing.cpp:148
uint32_t to_u32bit(const std::string &str)
Definition parsing.cpp:35
MechanismType hash

References argon2(), base64_decode(), base64_decode_max_output(), constant_time_compare(), hash, split_on(), and to_u32bit().

◆ argon2_generate_pwhash()

std::string Botan::argon2_generate_pwhash ( const char *  password,
size_t  password_len,
RandomNumberGenerator rng,
size_t  p,
size_t  M,
size_t  t,
uint8_t  y = 2,
size_t  salt_len = 16,
size_t  output_len = 32 
)

Definition at line 26 of file argon2fmt.cpp.

30 {
31 std::vector<uint8_t> salt(salt_len);
32 rng.randomize(salt.data(), salt.size());
33
34 std::vector<uint8_t> output(output_len);
35 argon2(output.data(), output.size(),
36 password, password_len,
37 salt.data(), salt.size(),
38 nullptr, 0,
39 nullptr, 0,
40 y, p, M, t);
41
42 std::ostringstream oss;
43
44 if(y == 0)
45 oss << "$argon2d$";
46 else if(y == 1)
47 oss << "$argon2i$";
48 else
49 oss << "$argon2id$";
50
51 oss << "v=19$m=" << M << ",t=" << t << ",p=" << p << "$";
52 oss << strip_padding(base64_encode(salt)) << "$" << strip_padding(base64_encode(output));
53
54 return oss.str();
55 }
virtual void randomize(uint8_t output[], size_t length)=0
void argon2(uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t key[], size_t key_len, const uint8_t ad[], size_t ad_len, uint8_t mode, size_t threads, size_t M, size_t t)
Definition argon2.cpp:370
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition base64.cpp:185

References argon2(), base64_encode(), Botan::RandomNumberGenerator::randomize(), and salt_len.

◆ asn1_class_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_class_to_string ( ASN1_Tag  type)

Definition at line 87 of file asn1_obj.cpp.

88 {
89 switch(type)
90 {
91 case UNIVERSAL:
92 return "UNIVERSAL";
93 case CONSTRUCTED:
94 return "CONSTRUCTED";
96 return "CONTEXT_SPECIFIC";
97 case APPLICATION:
98 return "APPLICATION";
100 return "PRIVATE";
101 case Botan::NO_OBJECT:
102 return "NO_OBJECT";
103 default:
104 return "CLASS(" + std::to_string(static_cast<size_t>(type)) + ")";
105 }
106 }
MechanismType type

References APPLICATION, CONSTRUCTED, CONTEXT_SPECIFIC, NO_OBJECT, type, and UNIVERSAL.

Referenced by Botan::BER_Object::assert_is_a().

◆ asn1_tag_to_string()

std::string BOTAN_UNSTABLE_API Botan::asn1_tag_to_string ( ASN1_Tag  type)

Definition at line 108 of file asn1_obj.cpp.

109 {
110 switch(type)
111 {
112 case Botan::SEQUENCE:
113 return "SEQUENCE";
114
115 case Botan::SET:
116 return "SET";
117
119 return "PRINTABLE STRING";
120
122 return "NUMERIC STRING";
123
125 return "IA5 STRING";
126
128 return "T61 STRING";
129
131 return "UTF8 STRING";
132
134 return "VISIBLE STRING";
135
137 return "BMP STRING";
138
140 return "UNIVERSAL STRING";
141
142 case Botan::UTC_TIME:
143 return "UTC TIME";
144
146 return "GENERALIZED TIME";
147
149 return "OCTET STRING";
150
152 return "BIT STRING";
153
155 return "ENUMERATED";
156
157 case Botan::INTEGER:
158 return "INTEGER";
159
160 case Botan::NULL_TAG:
161 return "NULL";
162
163 case Botan::OBJECT_ID:
164 return "OBJECT";
165
166 case Botan::BOOLEAN:
167 return "BOOLEAN";
168
169 case Botan::NO_OBJECT:
170 return "NO_OBJECT";
171
172 default:
173 return "TAG(" + std::to_string(static_cast<size_t>(type)) + ")";
174 }
175 }

References BIT_STRING, BMP_STRING, BOOLEAN, ENUMERATED, GENERALIZED_TIME, IA5_STRING, INTEGER, NO_OBJECT, NULL_TAG, NUMERIC_STRING, OBJECT_ID, OCTET_STRING, PRINTABLE_STRING, SEQUENCE, SET, T61_STRING, type, UNIVERSAL_STRING, UTC_TIME, UTF8_STRING, and VISIBLE_STRING.

Referenced by Botan::BER_Object::assert_is_a().

◆ assertion_failure()

BOTAN_NORETURN void Botan::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails Throws an Exception object

Definition at line 31 of file assert.cpp.

36 {
37 std::ostringstream format;
38
39 format << "False assertion ";
40
41 if(assertion_made && assertion_made[0] != 0)
42 format << "'" << assertion_made << "' (expression " << expr_str << ") ";
43 else
44 format << expr_str << " ";
45
46 if(func)
47 format << "in " << func << " ";
48
49 format << "@" << file << ":" << line;
50
51 throw Internal_Error(format.str());
52 }

◆ base32_decode() [1/5]

secure_vector< uint8_t > Botan::base32_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 220 of file base32.cpp.

223 {
224 return base_decode_to_vec<secure_vector<uint8_t>>(Base32(), input, input_length, ignore_ws);
225 }

◆ base32_decode() [2/5]

secure_vector< uint8_t > Botan::base32_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base32 output

Definition at line 227 of file base32.cpp.

229 {
230 return base32_decode(input.data(), input.size(), ignore_ws);
231 }
size_t base32_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition base32.cpp:195

References base32_decode().

◆ base32_decode() [3/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 195 of file base32.cpp.

201 {
202 return base_decode(Base32(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
203 }
size_t base_decode(Base &&base, uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws=true)
Definition codec_base.h:124

References base_decode().

Referenced by base32_decode(), and base32_decode().

◆ base32_decode() [4/5]

size_t Botan::base32_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 205 of file base32.cpp.

209 {
210 return base_decode_full(Base32(), output, input, input_length, ignore_ws);
211 }
size_t base_decode_full(Base &&base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws)
Definition codec_base.h:189

References base_decode_full().

◆ base32_decode() [5/5]

size_t Botan::base32_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base32 decoding

Parameters
outputan array of at least base32_decode_max_output bytes
inputsome base32 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 213 of file base32.cpp.

216 {
217 return base32_decode(output, input.data(), input.length(), ignore_ws);
218 }

References base32_decode().

◆ base32_encode() [1/3]

size_t Botan::base32_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base32 encoding

Parameters
outputan array of at least base32_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 180 of file base32.cpp.

185 {
186 return base_encode(Base32(), out, in, input_length, input_consumed, final_inputs);
187 }
size_t base_encode(Base &&base, char output[], const uint8_t input[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition codec_base.h:34

References base_encode().

Referenced by base32_encode().

◆ base32_encode() [2/3]

template<typename Alloc >
std::string Botan::base32_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base32 encoding

Parameters
inputsome input
Returns
base32 representation of input

Definition at line 50 of file base32.h.

51 {
52 return base32_encode(input.data(), input.size());
53 }
size_t base32_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition base32.cpp:180

References base32_encode().

◆ base32_encode() [3/3]

std::string Botan::base32_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base32 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base32 representation of input

Definition at line 189 of file base32.cpp.

191 {
192 return base_encode_to_string(Base32(), input, input_length);
193 }
std::string base_encode_to_string(Base &&base, const uint8_t input[], size_t input_length)
Definition codec_base.h:86

References base_encode_to_string().

◆ base58_check_decode() [1/2]

std::vector< uint8_t > Botan::base58_check_decode ( const char  input[],
size_t  input_length 
)

Perform base58 decoding with checksum

Definition at line 171 of file base58.cpp.

172 {
173 std::vector<uint8_t> dec = base58_decode(input, input_length);
174
175 if(dec.size() < 4)
176 throw Decoding_Error("Invalid base58 too short for checksum");
177
178 const uint32_t computed_checksum = sha256_d_checksum(dec.data(), dec.size() - 4);
179 const uint32_t checksum = load_be<uint32_t>(&dec[dec.size()-4], 0);
180
181 if(checksum != computed_checksum)
182 throw Decoding_Error("Invalid base58 checksum");
183
184 dec.resize(dec.size() - 4);
185
186 return dec;
187 }
std::vector< uint8_t > base58_decode(const char input[], size_t input_length)
Definition base58.cpp:144

References base58_decode(), and load_be< uint32_t >().

Referenced by base58_check_decode().

◆ base58_check_decode() [2/2]

std::vector< uint8_t > Botan::base58_check_decode ( const std::string &  s)
inline

Definition at line 69 of file base58.h.

70 {
71 return base58_check_decode(s.data(), s.size());
72 }
std::vector< uint8_t > base58_check_decode(const char input[], size_t input_length)
Definition base58.cpp:171

References base58_check_decode().

◆ base58_check_encode() [1/2]

template<typename Alloc >
std::string Botan::base58_check_encode ( const std::vector< uint8_t, Alloc > &  vec)
inline

Definition at line 59 of file base58.h.

60 {
61 return base58_check_encode(vec.data(), vec.size());
62 }
std::string base58_check_encode(const uint8_t input[], size_t input_length)
Definition base58.cpp:136

References base58_check_encode().

◆ base58_check_encode() [2/2]

std::string Botan::base58_check_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base58 encoding with checksum

Definition at line 136 of file base58.cpp.

137 {
138 BigInt v(input, input_length);
139 v <<= 32;
140 v += sha256_d_checksum(input, input_length);
141 return base58_encode(v, count_leading_zeros(input, input_length, 0));
142 }
std::string base58_encode(const uint8_t input[], size_t input_length)
Definition base58.cpp:130

References base58_encode().

Referenced by base58_check_encode().

◆ base58_decode() [1/2]

std::vector< uint8_t > Botan::base58_decode ( const char  input[],
size_t  input_length 
)

Perform base58 decoding

This is raw base58 encoding, without the checksum

Definition at line 144 of file base58.cpp.

145 {
146 const size_t leading_zeros = count_leading_zeros(input, input_length, '1');
147
148 BigInt v;
149
150 for(size_t i = leading_zeros; i != input_length; ++i)
151 {
152 const char c = input[i];
153
154 if(c == ' ' || c == '\n')
155 continue;
156
157 const uint8_t idx = base58_value_of(c);
158
159 if(idx == 0xFF)
160 throw Decoding_Error("Invalid base58");
161
162 v *= 58;
163 v += idx;
164 }
165
166 std::vector<uint8_t> output(v.bytes() + leading_zeros);
167 v.binary_encode(output.data() + leading_zeros);
168 return output;
169 }
void binary_encode(uint8_t buf[]) const
Definition bigint.cpp:399
size_t bytes() const
Definition bigint.cpp:281

References Botan::BigInt::binary_encode(), and Botan::BigInt::bytes().

Referenced by base58_check_decode(), and base58_decode().

◆ base58_decode() [2/2]

std::vector< uint8_t > Botan::base58_decode ( const std::string &  s)
inline

Definition at line 64 of file base58.h.

65 {
66 return base58_decode(s.data(), s.size());
67 }

References base58_decode().

◆ base58_encode() [1/2]

template<typename Alloc >
std::string Botan::base58_encode ( const std::vector< uint8_t, Alloc > &  vec)
inline

Definition at line 53 of file base58.h.

54 {
55 return base58_encode(vec.data(), vec.size());
56 }

References base58_encode().

◆ base58_encode() [2/2]

std::string Botan::base58_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base58 encoding

This is raw base58 encoding, without the checksum

Definition at line 130 of file base58.cpp.

131 {
132 BigInt v(input, input_length);
133 return base58_encode(v, count_leading_zeros(input, input_length, 0));
134 }

References base58_encode().

Referenced by base58_check_encode(), base58_encode(), and base58_encode().

◆ base64_decode() [1/5]

secure_vector< uint8_t > Botan::base64_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 225 of file base64.cpp.

228 {
229 return base_decode_to_vec<secure_vector<uint8_t>>(Base64(), input, input_length, ignore_ws);
230 }

◆ base64_decode() [2/5]

secure_vector< uint8_t > Botan::base64_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded base64 output

Definition at line 232 of file base64.cpp.

234 {
235 return base64_decode(input.data(), input.size(), ignore_ws);
236 }
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition base64.cpp:200

References base64_decode().

◆ base64_decode() [3/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 200 of file base64.cpp.

206 {
207 return base_decode(Base64(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
208 }

References base_decode().

Referenced by argon2_check_pwhash(), base64_decode(), base64_decode(), botan_base64_decode(), Botan::Roughtime::Chain::Chain(), check_passhash9(), Botan::PEM_Code::decode(), Botan::Base64_Decoder::end_msg(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::list_names(), Botan::Roughtime::servers_from_str(), and Botan::Base64_Decoder::write().

◆ base64_decode() [4/5]

size_t Botan::base64_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 210 of file base64.cpp.

214 {
215 return base_decode_full(Base64(), output, input, input_length, ignore_ws);
216 }

References base_decode_full().

◆ base64_decode() [5/5]

size_t Botan::base64_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform base64 decoding

Parameters
outputan array of at least base64_decode_max_output bytes
inputsome base64 input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 218 of file base64.cpp.

221 {
222 return base64_decode(output, input.data(), input.length(), ignore_ws);
223 }

References base64_decode().

◆ base64_decode_max_output()

size_t Botan::base64_decode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_decode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 243 of file base64.cpp.

244 {
245 return Base64::decode_max_output(input_length);
246 }

Referenced by argon2_check_pwhash(), and botan_base64_decode().

◆ base64_encode() [1/3]

size_t Botan::base64_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform base64 encoding

Parameters
outputan array of at least base64_encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 185 of file base64.cpp.

190 {
191 return base_encode(Base64(), out, in, input_length, input_consumed, final_inputs);
192 }

References base_encode().

Referenced by argon2_generate_pwhash(), Botan::OCSP::Request::base64_encode(), base64_encode(), botan_base64_encode(), Botan::PEM_Code::encode(), generate_passhash9(), Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::remove(), Botan::Encrypted_PSK_Database::set(), and Botan::Roughtime::Chain::to_string().

◆ base64_encode() [2/3]

template<typename Alloc >
std::string Botan::base64_encode ( const std::vector< uint8_t, Alloc > &  input)

Perform base64 encoding

Parameters
inputsome input
Returns
base64adecimal representation of input

Definition at line 50 of file base64.h.

51 {
52 return base64_encode(input.data(), input.size());
53 }

References base64_encode().

◆ base64_encode() [3/3]

std::string Botan::base64_encode ( const uint8_t  input[],
size_t  input_length 
)

Perform base64 encoding

Parameters
inputsome input
input_lengthlength of input in bytes
Returns
base64adecimal representation of input

Definition at line 194 of file base64.cpp.

196 {
197 return base_encode_to_string(Base64(), input, input_length);
198 }

References base_encode_to_string().

◆ base64_encode_max_output()

size_t Botan::base64_encode_max_output ( size_t  input_length)

Calculate the size of output buffer for base64_encode

Parameters
input_lengththe length of input in bytes
Returns
the size of output buffer in bytes

Definition at line 238 of file base64.cpp.

239 {
240 return Base64::encode_max_output(input_length);
241 }

◆ base_decode()

template<typename Base >
size_t Botan::base_decode ( Base &&  base,
uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs,
bool  ignore_ws = true 
)

Perform decoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least Base::decode_max_output bytes
inputsome base input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding is allowed
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 124 of file codec_base.h.

131 {
132 const size_t decoding_bytes_in = base.decoding_bytes_in();
133 const size_t decoding_bytes_out = base.decoding_bytes_out();
134
135 uint8_t* out_ptr = output;
136 std::vector<uint8_t> decode_buf(decoding_bytes_in, 0);
137 size_t decode_buf_pos = 0;
138 size_t final_truncate = 0;
139
140 clear_mem(output, base.decode_max_output(input_length));
141
142 for(size_t i = 0; i != input_length; ++i)
143 {
144 const uint8_t bin = base.lookup_binary_value(input[i]);
145
146 if(base.check_bad_char(bin, input[i], ignore_ws)) // May throw Invalid_Argument
147 {
148 decode_buf[decode_buf_pos] = bin;
149 ++decode_buf_pos;
150 }
151
152 /*
153 * If we're at the end of the input, pad with 0s and truncate
154 */
155 if(final_inputs && (i == input_length - 1))
156 {
157 if(decode_buf_pos)
158 {
159 for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j)
160 { decode_buf[j] = 0; }
161
162 final_truncate = decoding_bytes_in - decode_buf_pos;
163 decode_buf_pos = decoding_bytes_in;
164 }
165 }
166
167 if(decode_buf_pos == decoding_bytes_in)
168 {
169 base.decode(out_ptr, decode_buf.data());
170
171 out_ptr += decoding_bytes_out;
172 decode_buf_pos = 0;
173 input_consumed = i+1;
174 }
175 }
176
177 while(input_consumed < input_length &&
178 base.lookup_binary_value(input[input_consumed]) == 0x80)
179 {
180 ++input_consumed;
181 }
182
183 size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate);
184
185 return written;
186 }

References clear_mem().

Referenced by base32_decode(), base64_decode(), and base_decode_full().

◆ base_decode_full()

template<typename Base >
size_t Botan::base_decode_full ( Base &&  base,
uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws 
)

Definition at line 189 of file codec_base.h.

190 {
191 size_t consumed = 0;
192 const size_t written = base_decode(base, output, input, input_length, consumed, true, ignore_ws);
193
194 if(consumed != input_length)
195 {
196 throw Invalid_Argument(base.name() + " decoding failed, input did not have full bytes");
197 }
198
199 return written;
200 }

References base_decode().

Referenced by base32_decode(), base64_decode(), and base_decode_to_vec().

◆ base_decode_to_vec()

template<typename Vector , typename Base >
Vector Botan::base_decode_to_vec ( Base &&  base,
const char  input[],
size_t  input_length,
bool  ignore_ws 
)

Definition at line 203 of file codec_base.h.

207 {
208 const size_t output_length = base.decode_max_output(input_length);
209 Vector bin(output_length);
210
211 const size_t written =
212 base_decode_full(base, bin.data(), input, input_length, ignore_ws);
213
214 bin.resize(written);
215 return bin;
216 }

References base_decode_full().

◆ base_encode()

template<class Base >
size_t Botan::base_encode ( Base &&  base,
char  output[],
const uint8_t  input[],
size_t  input_length,
size_t &  input_consumed,
bool  final_inputs 
)

Perform encoding using the base provided

Parameters
baseobject giving access to the encodings specifications
outputan array of at least base.encode_max_output bytes
inputis some binary data
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
final_inputstrue iff this is the last input, in which case padding chars will be applied if needed
Returns
number of bytes written to output

Definition at line 34 of file codec_base.h.

40 {
41 input_consumed = 0;
42
43 const size_t encoding_bytes_in = base.encoding_bytes_in();
44 const size_t encoding_bytes_out = base.encoding_bytes_out();
45
46 size_t input_remaining = input_length;
47 size_t output_produced = 0;
48
49 while(input_remaining >= encoding_bytes_in)
50 {
51 base.encode(output + output_produced, input + input_consumed);
52
53 input_consumed += encoding_bytes_in;
54 output_produced += encoding_bytes_out;
55 input_remaining -= encoding_bytes_in;
56 }
57
58 if(final_inputs && input_remaining)
59 {
60 std::vector<uint8_t> remainder(encoding_bytes_in, 0);
61 for(size_t i = 0; i != input_remaining; ++i)
62 { remainder[i] = input[input_consumed + i]; }
63
64 base.encode(output + output_produced, remainder.data());
65
66 const size_t bits_consumed = base.bits_consumed();
67 const size_t remaining_bits_before_padding = base.remaining_bits_before_padding();
68
69 size_t empty_bits = 8 * (encoding_bytes_in - input_remaining);
70 size_t index = output_produced + encoding_bytes_out - 1;
71 while(empty_bits >= remaining_bits_before_padding)
72 {
73 output[index--] = '=';
74 empty_bits -= bits_consumed;
75 }
76
77 input_consumed += input_remaining;
78 output_produced += encoding_bytes_out;
79 }
80
81 return output_produced;
82 }

Referenced by base32_encode(), base64_encode(), and base_encode_to_string().

◆ base_encode_to_string()

template<typename Base >
std::string Botan::base_encode_to_string ( Base &&  base,
const uint8_t  input[],
size_t  input_length 
)

Definition at line 86 of file codec_base.h.

87 {
88 const size_t output_length = base.encode_max_output(input_length);
89 std::string output(output_length, 0);
90
91 size_t consumed = 0;
92 size_t produced = 0;
93
94 if(output_length > 0)
95 {
96 produced = base_encode(base, &output.front(),
97 input, input_length,
98 consumed, true);
99 }
100
101 BOTAN_ASSERT_EQUAL(consumed, input_length, "Consumed the entire input");
102 BOTAN_ASSERT_EQUAL(produced, output.size(), "Produced expected size");
103
104 return output;
105 }

References base_encode(), and BOTAN_ASSERT_EQUAL.

Referenced by base32_encode(), and base64_encode().

◆ bcrypt_pbkdf()

void BOTAN_UNSTABLE_API Botan::bcrypt_pbkdf ( uint8_t  output[],
size_t  output_len,
const char *  pass,
size_t  pass_len,
const uint8_t  salt[],
size_t  salt_len,
size_t  rounds 
)

Bcrypt PBKDF compatible with OpenBSD bcrypt_pbkdf

Definition at line 130 of file bcrypt_pbkdf.cpp.

134 {
135 BOTAN_ARG_CHECK(rounds >= 1, "Invalid rounds for Bcrypt PBKDF");
136
137 // No output desired, so we are all done already...
138 if(output_len == 0)
139 return;
140
141 BOTAN_ARG_CHECK(output_len <= 10*1024*1024, "Too much output for Bcrypt PBKDF");
142
143 const size_t BCRYPT_BLOCK_SIZE = 32;
144 const size_t blocks = (output_len + BCRYPT_BLOCK_SIZE - 1) / BCRYPT_BLOCK_SIZE;
145
146 std::unique_ptr<HashFunction> sha512 = HashFunction::create_or_throw("SHA-512");
147 const secure_vector<uint8_t> pass_hash = sha512->process(reinterpret_cast<const uint8_t*>(pass), pass_len);
148
149 secure_vector<uint8_t> salt_hash(sha512->output_length());
150
151 Blowfish blowfish;
152 secure_vector<uint8_t> out(BCRYPT_BLOCK_SIZE);
153 secure_vector<uint8_t> tmp(BCRYPT_BLOCK_SIZE);
154
155 for(size_t block = 0; block != blocks; ++block)
156 {
157 clear_mem(out.data(), out.size());
158
159 sha512->update(salt, salt_len);
160 sha512->update_be(static_cast<uint32_t>(block + 1));
161 sha512->final(salt_hash.data());
162
163 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
164
165 for(size_t r = 1; r != rounds; ++r)
166 {
167 // Next salt is H(prev_output)
168 sha512->update(tmp);
169 sha512->final(salt_hash.data());
170
171 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
172 }
173
174 for(size_t i = 0; i != BCRYPT_BLOCK_SIZE; ++i)
175 {
176 const size_t dest = i * blocks + block;
177 if(dest < output_len)
178 output[dest] = out[i];
179 }
180 }
181 }

References BOTAN_ARG_CHECK, clear_mem(), Botan::HashFunction::create_or_throw(), and salt_len.

Referenced by Botan::Bcrypt_PBKDF::derive_key(), and Botan::Bcrypt_PBKDF_Family::tune().

◆ bigint_add2()

void Botan::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

Definition at line 280 of file mp_core.h.

282 {
283 x[x_size] += bigint_add2_nc(x, x_size, y, y_size);
284 }
word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:227

References bigint_add2_nc().

Referenced by Botan::BigInt::add(), and mul_add().

◆ bigint_add2_nc()

word Botan::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Two operand addition with carry out

Definition at line 227 of file mp_core.h.

228 {
229 word carry = 0;
230
231 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
232
233 const size_t blocks = y_size - (y_size % 8);
234
235 for(size_t i = 0; i != blocks; i += 8)
236 carry = word8_add2(x + i, y + i, carry);
237
238 for(size_t i = blocks; i != y_size; ++i)
239 x[i] = word_add(x[i], y[i], &carry);
240
241 for(size_t i = y_size; i != x_size; ++i)
242 x[i] = word_add(x[i], 0, &carry);
243
244 return carry;
245 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:55
word word8_add2(word x[8], const word y[8], word carry)
Definition mp_asmi.h:138
void carry(int64_t &h0, int64_t &h1)
word word_add(word x, word y, word *carry)
Definition mp_asmi.h:107

References BOTAN_ASSERT, carry(), word8_add2(), and word_add().

Referenced by bigint_add2().

◆ bigint_add3()

void Botan::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Three operand addition

Definition at line 289 of file mp_core.h.

292 {
293 z[x_size > y_size ? x_size : y_size] +=
294 bigint_add3_nc(z, x, x_size, y, y_size);
295 }
word bigint_add3_nc(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:250

References bigint_add3_nc().

Referenced by Botan::BigInt::add2().

◆ bigint_add3_nc()

word Botan::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Three operand addition with carry out

Definition at line 250 of file mp_core.h.

253 {
254 if(x_size < y_size)
255 { return bigint_add3_nc(z, y, y_size, x, x_size); }
256
257 word carry = 0;
258
259 const size_t blocks = y_size - (y_size % 8);
260
261 for(size_t i = 0; i != blocks; i += 8)
262 carry = word8_add3(z + i, x + i, y + i, carry);
263
264 for(size_t i = blocks; i != y_size; ++i)
265 z[i] = word_add(x[i], y[i], &carry);
266
267 for(size_t i = y_size; i != x_size; ++i)
268 z[i] = word_add(x[i], 0, &carry);
269
270 return carry;
271 }

References bigint_add3_nc(), carry(), word8_add3(), and word_add().

Referenced by bigint_add3(), bigint_add3_nc(), Botan::BigInt::mod_add(), and redc_p521().

◆ bigint_cmp()

int32_t Botan::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Compare x and y Return -1 if x < y Return 0 if x == y Return 1 if x > y

Definition at line 525 of file mp_core.h.

527 {
528 static_assert(sizeof(word) >= sizeof(uint32_t), "Size assumption");
529
530 const word LT = static_cast<word>(-1);
531 const word EQ = 0;
532 const word GT = 1;
533
534 const size_t common_elems = std::min(x_size, y_size);
535
536 word result = EQ; // until found otherwise
537
538 for(size_t i = 0; i != common_elems; i++)
539 {
540 const auto is_eq = CT::Mask<word>::is_equal(x[i], y[i]);
541 const auto is_lt = CT::Mask<word>::is_lt(x[i], y[i]);
542
543 result = is_eq.select(result, is_lt.select(LT, GT));
544 }
545
546 if(x_size < y_size)
547 {
548 word mask = 0;
549 for(size_t i = x_size; i != y_size; i++)
550 mask |= y[i];
551
552 // If any bits were set in high part of y, then x < y
553 result = CT::Mask<word>::is_zero(mask).select(result, LT);
554 }
555 else if(y_size < x_size)
556 {
557 word mask = 0;
558 for(size_t i = y_size; i != x_size; i++)
559 mask |= x[i];
560
561 // If any bits were set in high part of x, then x > y
562 result = CT::Mask<word>::is_zero(mask).select(result, GT);
563 }
564
565 CT::unpoison(result);
566 BOTAN_DEBUG_ASSERT(result == LT || result == GT || result == EQ);
567 return static_cast<int32_t>(result);
568 }
#define BOTAN_DEBUG_ASSERT(expr)
Definition assert.h:123

References BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), Botan::CT::Mask< T >::is_zero(), and Botan::CT::unpoison().

Referenced by Botan::BigInt::add(), bigint_sub_abs(), Botan::BigInt::cmp(), and Botan::BigInt::cmp_word().

◆ bigint_cnd_abs()

void Botan::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)
inline

Definition at line 212 of file mp_core.h.

213 {
214 const auto mask = CT::Mask<word>::expand(cnd);
215
216 word carry = mask.if_set_return(1);
217 for(size_t i = 0; i != size; ++i)
218 {
219 const word z = word_add(~x[i], 0, &carry);
220 x[i] = mask.select(z, x[i]);
221 }
222 }

References carry(), Botan::CT::Mask< T >::expand(), and word_add().

◆ bigint_cnd_add() [1/2]

word Botan::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 79 of file mp_core.h.

80 {
81 return bigint_cnd_add(cnd, x, size, y, size);
82 }
word bigint_cnd_add(word cnd, word x[], word x_size, const word y[], size_t y_size)
Definition mp_core.h:42

References bigint_cnd_add().

◆ bigint_cnd_add() [2/2]

word Botan::bigint_cnd_add ( word  cnd,
word  x[],
word  x_size,
const word  y[],
size_t  y_size 
)
inline

Definition at line 42 of file mp_core.h.

44 {
45 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
46
47 const auto mask = CT::Mask<word>::expand(cnd);
48
49 word carry = 0;
50
51 const size_t blocks = y_size - (y_size % 8);
52 word z[8] = { 0 };
53
54 for(size_t i = 0; i != blocks; i += 8)
55 {
56 carry = word8_add3(z, x + i, y + i, carry);
57 mask.select_n(x + i, z, x + i, 8);
58 }
59
60 for(size_t i = blocks; i != y_size; ++i)
61 {
62 z[0] = word_add(x[i], y[i], &carry);
63 x[i] = mask.select(z[0], x[i]);
64 }
65
66 for(size_t i = y_size; i != x_size; ++i)
67 {
68 z[0] = word_add(x[i], 0, &carry);
69 x[i] = mask.select(z[0], x[i]);
70 }
71
72 return mask.if_set_return(carry);
73 }

References BOTAN_ASSERT, carry(), Botan::CT::Mask< T >::expand(), word8_add3(), and word_add().

Referenced by bigint_cnd_add(), Botan::BigInt::ct_cond_add(), redc_p192(), redc_p224(), redc_p256(), and redc_p384().

◆ bigint_cnd_add_or_sub()

void Botan::bigint_cnd_add_or_sub ( CT::Mask< word >  mask,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 139 of file mp_core.h.

140 {
141 const size_t blocks = size - (size % 8);
142
143 word carry = 0;
144 word borrow = 0;
145
146 word t0[8] = { 0 };
147 word t1[8] = { 0 };
148
149 for(size_t i = 0; i != blocks; i += 8)
150 {
151 carry = word8_add3(t0, x + i, y + i, carry);
152 borrow = word8_sub3(t1, x + i, y + i, borrow);
153
154 for(size_t j = 0; j != 8; ++j)
155 x[i+j] = mask.select(t0[j], t1[j]);
156 }
157
158 for(size_t i = blocks; i != size; ++i)
159 {
160 const word a = word_add(x[i], y[i], &carry);
161 const word s = word_sub(x[i], y[i], &borrow);
162
163 x[i] = mask.select(a, s);
164 }
165 }
T select(T x, T y) const
Definition ct_utils.h:288
word word8_sub3(word z[8], const word x[8], const word y[8], word carry)
Definition mp_asmi.h:310
word word_sub(word x, word y, word *carry)
Definition mp_asmi.h:209
word word8_add3(word z[8], const word x[8], const word y[8], word carry)
Definition mp_asmi.h:173

References carry(), Botan::CT::Mask< T >::select(), word8_add3(), word8_sub3(), word_add(), and word_sub().

◆ bigint_cnd_addsub()

word Botan::bigint_cnd_addsub ( CT::Mask< word >  mask,
word  x[],
const word  y[],
const word  z[],
size_t  size 
)
inline

Definition at line 176 of file mp_core.h.

179 {
180 const size_t blocks = size - (size % 8);
181
182 word carry = 0;
183 word borrow = 0;
184
185 word t0[8] = { 0 };
186 word t1[8] = { 0 };
187
188 for(size_t i = 0; i != blocks; i += 8)
189 {
190 carry = word8_add3(t0, x + i, y + i, carry);
191 borrow = word8_sub3(t1, x + i, z + i, borrow);
192
193 for(size_t j = 0; j != 8; ++j)
194 x[i+j] = mask.select(t0[j], t1[j]);
195 }
196
197 for(size_t i = blocks; i != size; ++i)
198 {
199 t0[0] = word_add(x[i], y[i], &carry);
200 t1[0] = word_sub(x[i], z[i], &borrow);
201 x[i] = mask.select(t0[0], t1[0]);
202 }
203
204 return mask.select(carry, borrow);
205 }

References carry(), Botan::CT::Mask< T >::select(), word8_add3(), word8_sub3(), word_add(), and word_sub().

Referenced by bigint_mod_sub(), and bigint_mod_sub_n().

◆ bigint_cnd_sub() [1/2]

word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)
inline

Definition at line 126 of file mp_core.h.

127 {
128 return bigint_cnd_sub(cnd, x, size, y, size);
129 }
word bigint_cnd_sub(word cnd, word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:88

References bigint_cnd_sub().

◆ bigint_cnd_sub() [2/2]

word Botan::bigint_cnd_sub ( word  cnd,
word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Definition at line 88 of file mp_core.h.

91 {
92 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
93
94 const auto mask = CT::Mask<word>::expand(cnd);
95
96 word carry = 0;
97
98 const size_t blocks = y_size - (y_size % 8);
99 word z[8] = { 0 };
100
101 for(size_t i = 0; i != blocks; i += 8)
102 {
103 carry = word8_sub3(z, x + i, y + i, carry);
104 mask.select_n(x + i, z, x + i, 8);
105 }
106
107 for(size_t i = blocks; i != y_size; ++i)
108 {
109 z[0] = word_sub(x[i], y[i], &carry);
110 x[i] = mask.select(z[0], x[i]);
111 }
112
113 for(size_t i = y_size; i != x_size; ++i)
114 {
115 z[0] = word_sub(x[i], 0, &carry);
116 x[i] = mask.select(z[0], x[i]);
117 }
118
119 return mask.if_set_return(carry);
120 }

References BOTAN_ASSERT, carry(), Botan::CT::Mask< T >::expand(), word8_sub3(), and word_sub().

Referenced by bigint_cnd_sub(), and redc_p521().

◆ bigint_cnd_swap()

void Botan::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)
inline

Definition at line 29 of file mp_core.h.

30 {
31 const auto mask = CT::Mask<word>::expand(cnd);
32
33 for(size_t i = 0; i != size; ++i)
34 {
35 const word a = x[i];
36 const word b = y[i];
37 x[i] = mask.select(b, a);
38 y[i] = mask.select(a, b);
39 }
40 }

References Botan::CT::Mask< T >::expand().

Referenced by Botan::BigInt::ct_cond_swap().

◆ bigint_comba_mul16()

void Botan::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

Definition at line 805 of file mp_comba.cpp.

806 {
807 word w2 = 0, w1 = 0, w0 = 0;
808
809 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
810 z[ 0] = w0; w0 = 0;
811
812 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
813 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
814 z[ 1] = w1; w1 = 0;
815
816 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
817 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
818 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
819 z[ 2] = w2; w2 = 0;
820
821 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
822 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
823 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
824 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
825 z[ 3] = w0; w0 = 0;
826
827 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
828 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
829 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
830 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
831 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
832 z[ 4] = w1; w1 = 0;
833
834 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
835 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
836 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
837 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
838 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
839 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
840 z[ 5] = w2; w2 = 0;
841
842 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
843 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
844 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
845 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
846 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
847 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
848 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
849 z[ 6] = w0; w0 = 0;
850
851 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
852 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
853 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
854 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
855 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
856 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
857 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
858 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
859 z[ 7] = w1; w1 = 0;
860
861 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
862 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
863 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
864 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
865 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
866 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
867 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
868 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
869 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
870 z[ 8] = w2; w2 = 0;
871
872 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
873 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
874 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
875 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
876 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
877 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
878 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
879 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
880 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
881 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
882 z[ 9] = w0; w0 = 0;
883
884 word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
885 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
886 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
887 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
888 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
889 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
890 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
891 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
892 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
893 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
894 word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
895 z[10] = w1; w1 = 0;
896
897 word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
898 word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
899 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
900 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
901 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
902 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
903 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
904 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
905 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
906 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
907 word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
908 word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
909 z[11] = w2; w2 = 0;
910
911 word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
912 word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
913 word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
914 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
915 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
916 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
917 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
918 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
919 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
920 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
921 word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
922 word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
923 word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
924 z[12] = w0; w0 = 0;
925
926 word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
927 word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
928 word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
929 word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
930 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
931 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
932 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
933 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
934 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
935 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
936 word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
937 word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
938 word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
939 word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
940 z[13] = w1; w1 = 0;
941
942 word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
943 word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
944 word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
945 word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
946 word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
947 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
948 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
949 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
950 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
951 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
952 word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
953 word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
954 word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
955 word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
956 word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
957 z[14] = w2; w2 = 0;
958
959 word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
960 word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
961 word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
962 word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
963 word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
964 word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
965 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
966 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
967 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
968 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
969 word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
970 word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
971 word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
972 word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
973 word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
974 word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
975 z[15] = w0; w0 = 0;
976
977 word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
978 word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
979 word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
980 word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
981 word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
982 word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
983 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
984 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
985 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
986 word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
987 word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
988 word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
989 word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
990 word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
991 word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
992 z[16] = w1; w1 = 0;
993
994 word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
995 word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
996 word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
997 word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
998 word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
999 word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1000 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1001 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1002 word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1003 word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1004 word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1005 word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1006 word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1007 word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1008 z[17] = w2; w2 = 0;
1009
1010 word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1011 word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1012 word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1013 word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1014 word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1015 word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1016 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1017 word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1018 word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1019 word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1020 word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1021 word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1022 word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1023 z[18] = w0; w0 = 0;
1024
1025 word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1026 word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1027 word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1028 word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1029 word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1030 word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1031 word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1032 word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1033 word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1034 word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1035 word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1036 word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1037 z[19] = w1; w1 = 0;
1038
1039 word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1040 word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1041 word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1042 word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1043 word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1044 word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1045 word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1046 word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1047 word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1048 word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1049 word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1050 z[20] = w2; w2 = 0;
1051
1052 word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1053 word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1054 word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1055 word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1056 word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1057 word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1058 word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1059 word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1060 word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1061 word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1062 z[21] = w0; w0 = 0;
1063
1064 word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1065 word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1066 word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1067 word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1068 word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1069 word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1070 word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1071 word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1072 word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1073 z[22] = w1; w1 = 0;
1074
1075 word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1076 word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1077 word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1078 word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1079 word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1080 word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1081 word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1082 word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1083 z[23] = w2; w2 = 0;
1084
1085 word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1086 word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1087 word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1088 word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1089 word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1090 word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1091 word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1092 z[24] = w0; w0 = 0;
1093
1094 word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1095 word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1096 word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1097 word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1098 word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1099 word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1100 z[25] = w1; w1 = 0;
1101
1102 word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1103 word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1104 word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1105 word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1106 word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1107 z[26] = w2; w2 = 0;
1108
1109 word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1110 word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1111 word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1112 word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1113 z[27] = w0; w0 = 0;
1114
1115 word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1116 word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1117 word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1118 z[28] = w1; w1 = 0;
1119
1120 word3_muladd(&w1, &w0, &w2, x[14], y[15]);
1121 word3_muladd(&w1, &w0, &w2, x[15], y[14]);
1122 z[29] = w2; w2 = 0;
1123
1124 word3_muladd(&w2, &w1, &w0, x[15], y[15]);
1125 z[30] = w0;
1126 z[31] = w1;
1127 }
void word3_muladd(word *w2, word *w1, word *w0, word x, word y)
Definition mp_asmi.h:451

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul24()

void Botan::bigint_comba_mul24 ( word  z[48],
const word  x[24],
const word  y[24] 
)

Definition at line 1535 of file mp_comba.cpp.

1536 {
1537 word w2 = 0, w1 = 0, w0 = 0;
1538
1539 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
1540 z[ 0] = w0; w0 = 0;
1541
1542 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
1543 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
1544 z[ 1] = w1; w1 = 0;
1545
1546 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
1547 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
1548 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
1549 z[ 2] = w2; w2 = 0;
1550
1551 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
1552 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
1553 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
1554 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
1555 z[ 3] = w0; w0 = 0;
1556
1557 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
1558 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
1559 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
1560 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
1561 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
1562 z[ 4] = w1; w1 = 0;
1563
1564 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
1565 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
1566 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
1567 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
1568 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
1569 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
1570 z[ 5] = w2; w2 = 0;
1571
1572 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
1573 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
1574 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
1575 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
1576 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
1577 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
1578 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
1579 z[ 6] = w0; w0 = 0;
1580
1581 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
1582 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
1583 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
1584 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
1585 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
1586 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
1587 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
1588 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
1589 z[ 7] = w1; w1 = 0;
1590
1591 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
1592 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
1593 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
1594 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
1595 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
1596 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
1597 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
1598 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
1599 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
1600 z[ 8] = w2; w2 = 0;
1601
1602 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
1603 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
1604 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
1605 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
1606 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
1607 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
1608 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
1609 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
1610 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
1611 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
1612 z[ 9] = w0; w0 = 0;
1613
1614 word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
1615 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
1616 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
1617 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
1618 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
1619 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
1620 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
1621 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
1622 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
1623 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
1624 word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
1625 z[10] = w1; w1 = 0;
1626
1627 word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
1628 word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
1629 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
1630 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
1631 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
1632 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
1633 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
1634 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
1635 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
1636 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
1637 word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
1638 word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
1639 z[11] = w2; w2 = 0;
1640
1641 word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
1642 word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
1643 word3_muladd(&w2, &w1, &w0, x[ 2], y[10]);
1644 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 9]);
1645 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
1646 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
1647 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
1648 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
1649 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
1650 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 3]);
1651 word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
1652 word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
1653 word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
1654 z[12] = w0; w0 = 0;
1655
1656 word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
1657 word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
1658 word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
1659 word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
1660 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
1661 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
1662 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
1663 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
1664 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
1665 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
1666 word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
1667 word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
1668 word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
1669 word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
1670 z[13] = w1; w1 = 0;
1671
1672 word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
1673 word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
1674 word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
1675 word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
1676 word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
1677 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
1678 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
1679 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
1680 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
1681 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
1682 word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
1683 word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
1684 word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
1685 word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
1686 word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
1687 z[14] = w2; w2 = 0;
1688
1689 word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
1690 word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
1691 word3_muladd(&w2, &w1, &w0, x[ 2], y[13]);
1692 word3_muladd(&w2, &w1, &w0, x[ 3], y[12]);
1693 word3_muladd(&w2, &w1, &w0, x[ 4], y[11]);
1694 word3_muladd(&w2, &w1, &w0, x[ 5], y[10]);
1695 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 9]);
1696 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
1697 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
1698 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 6]);
1699 word3_muladd(&w2, &w1, &w0, x[10], y[ 5]);
1700 word3_muladd(&w2, &w1, &w0, x[11], y[ 4]);
1701 word3_muladd(&w2, &w1, &w0, x[12], y[ 3]);
1702 word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
1703 word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
1704 word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
1705 z[15] = w0; w0 = 0;
1706
1707 word3_muladd(&w0, &w2, &w1, x[ 0], y[16]);
1708 word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
1709 word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
1710 word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
1711 word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
1712 word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
1713 word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
1714 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
1715 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
1716 word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
1717 word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
1718 word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
1719 word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
1720 word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
1721 word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
1722 word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
1723 word3_muladd(&w0, &w2, &w1, x[16], y[ 0]);
1724 z[16] = w1; w1 = 0;
1725
1726 word3_muladd(&w1, &w0, &w2, x[ 0], y[17]);
1727 word3_muladd(&w1, &w0, &w2, x[ 1], y[16]);
1728 word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
1729 word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
1730 word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
1731 word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
1732 word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
1733 word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
1734 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
1735 word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
1736 word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
1737 word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
1738 word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
1739 word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
1740 word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
1741 word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
1742 word3_muladd(&w1, &w0, &w2, x[16], y[ 1]);
1743 word3_muladd(&w1, &w0, &w2, x[17], y[ 0]);
1744 z[17] = w2; w2 = 0;
1745
1746 word3_muladd(&w2, &w1, &w0, x[ 0], y[18]);
1747 word3_muladd(&w2, &w1, &w0, x[ 1], y[17]);
1748 word3_muladd(&w2, &w1, &w0, x[ 2], y[16]);
1749 word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
1750 word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
1751 word3_muladd(&w2, &w1, &w0, x[ 5], y[13]);
1752 word3_muladd(&w2, &w1, &w0, x[ 6], y[12]);
1753 word3_muladd(&w2, &w1, &w0, x[ 7], y[11]);
1754 word3_muladd(&w2, &w1, &w0, x[ 8], y[10]);
1755 word3_muladd(&w2, &w1, &w0, x[ 9], y[ 9]);
1756 word3_muladd(&w2, &w1, &w0, x[10], y[ 8]);
1757 word3_muladd(&w2, &w1, &w0, x[11], y[ 7]);
1758 word3_muladd(&w2, &w1, &w0, x[12], y[ 6]);
1759 word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
1760 word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
1761 word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
1762 word3_muladd(&w2, &w1, &w0, x[16], y[ 2]);
1763 word3_muladd(&w2, &w1, &w0, x[17], y[ 1]);
1764 word3_muladd(&w2, &w1, &w0, x[18], y[ 0]);
1765 z[18] = w0; w0 = 0;
1766
1767 word3_muladd(&w0, &w2, &w1, x[ 0], y[19]);
1768 word3_muladd(&w0, &w2, &w1, x[ 1], y[18]);
1769 word3_muladd(&w0, &w2, &w1, x[ 2], y[17]);
1770 word3_muladd(&w0, &w2, &w1, x[ 3], y[16]);
1771 word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
1772 word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
1773 word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
1774 word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
1775 word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
1776 word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
1777 word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
1778 word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
1779 word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
1780 word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
1781 word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
1782 word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
1783 word3_muladd(&w0, &w2, &w1, x[16], y[ 3]);
1784 word3_muladd(&w0, &w2, &w1, x[17], y[ 2]);
1785 word3_muladd(&w0, &w2, &w1, x[18], y[ 1]);
1786 word3_muladd(&w0, &w2, &w1, x[19], y[ 0]);
1787 z[19] = w1; w1 = 0;
1788
1789 word3_muladd(&w1, &w0, &w2, x[ 0], y[20]);
1790 word3_muladd(&w1, &w0, &w2, x[ 1], y[19]);
1791 word3_muladd(&w1, &w0, &w2, x[ 2], y[18]);
1792 word3_muladd(&w1, &w0, &w2, x[ 3], y[17]);
1793 word3_muladd(&w1, &w0, &w2, x[ 4], y[16]);
1794 word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
1795 word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
1796 word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
1797 word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
1798 word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
1799 word3_muladd(&w1, &w0, &w2, x[10], y[10]);
1800 word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
1801 word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
1802 word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
1803 word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
1804 word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
1805 word3_muladd(&w1, &w0, &w2, x[16], y[ 4]);
1806 word3_muladd(&w1, &w0, &w2, x[17], y[ 3]);
1807 word3_muladd(&w1, &w0, &w2, x[18], y[ 2]);
1808 word3_muladd(&w1, &w0, &w2, x[19], y[ 1]);
1809 word3_muladd(&w1, &w0, &w2, x[20], y[ 0]);
1810 z[20] = w2; w2 = 0;
1811
1812 word3_muladd(&w2, &w1, &w0, x[ 0], y[21]);
1813 word3_muladd(&w2, &w1, &w0, x[ 1], y[20]);
1814 word3_muladd(&w2, &w1, &w0, x[ 2], y[19]);
1815 word3_muladd(&w2, &w1, &w0, x[ 3], y[18]);
1816 word3_muladd(&w2, &w1, &w0, x[ 4], y[17]);
1817 word3_muladd(&w2, &w1, &w0, x[ 5], y[16]);
1818 word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
1819 word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
1820 word3_muladd(&w2, &w1, &w0, x[ 8], y[13]);
1821 word3_muladd(&w2, &w1, &w0, x[ 9], y[12]);
1822 word3_muladd(&w2, &w1, &w0, x[10], y[11]);
1823 word3_muladd(&w2, &w1, &w0, x[11], y[10]);
1824 word3_muladd(&w2, &w1, &w0, x[12], y[ 9]);
1825 word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
1826 word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
1827 word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
1828 word3_muladd(&w2, &w1, &w0, x[16], y[ 5]);
1829 word3_muladd(&w2, &w1, &w0, x[17], y[ 4]);
1830 word3_muladd(&w2, &w1, &w0, x[18], y[ 3]);
1831 word3_muladd(&w2, &w1, &w0, x[19], y[ 2]);
1832 word3_muladd(&w2, &w1, &w0, x[20], y[ 1]);
1833 word3_muladd(&w2, &w1, &w0, x[21], y[ 0]);
1834 z[21] = w0; w0 = 0;
1835
1836 word3_muladd(&w0, &w2, &w1, x[ 0], y[22]);
1837 word3_muladd(&w0, &w2, &w1, x[ 1], y[21]);
1838 word3_muladd(&w0, &w2, &w1, x[ 2], y[20]);
1839 word3_muladd(&w0, &w2, &w1, x[ 3], y[19]);
1840 word3_muladd(&w0, &w2, &w1, x[ 4], y[18]);
1841 word3_muladd(&w0, &w2, &w1, x[ 5], y[17]);
1842 word3_muladd(&w0, &w2, &w1, x[ 6], y[16]);
1843 word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
1844 word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
1845 word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
1846 word3_muladd(&w0, &w2, &w1, x[10], y[12]);
1847 word3_muladd(&w0, &w2, &w1, x[11], y[11]);
1848 word3_muladd(&w0, &w2, &w1, x[12], y[10]);
1849 word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
1850 word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
1851 word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
1852 word3_muladd(&w0, &w2, &w1, x[16], y[ 6]);
1853 word3_muladd(&w0, &w2, &w1, x[17], y[ 5]);
1854 word3_muladd(&w0, &w2, &w1, x[18], y[ 4]);
1855 word3_muladd(&w0, &w2, &w1, x[19], y[ 3]);
1856 word3_muladd(&w0, &w2, &w1, x[20], y[ 2]);
1857 word3_muladd(&w0, &w2, &w1, x[21], y[ 1]);
1858 word3_muladd(&w0, &w2, &w1, x[22], y[ 0]);
1859 z[22] = w1; w1 = 0;
1860
1861 word3_muladd(&w1, &w0, &w2, x[ 0], y[23]);
1862 word3_muladd(&w1, &w0, &w2, x[ 1], y[22]);
1863 word3_muladd(&w1, &w0, &w2, x[ 2], y[21]);
1864 word3_muladd(&w1, &w0, &w2, x[ 3], y[20]);
1865 word3_muladd(&w1, &w0, &w2, x[ 4], y[19]);
1866 word3_muladd(&w1, &w0, &w2, x[ 5], y[18]);
1867 word3_muladd(&w1, &w0, &w2, x[ 6], y[17]);
1868 word3_muladd(&w1, &w0, &w2, x[ 7], y[16]);
1869 word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
1870 word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
1871 word3_muladd(&w1, &w0, &w2, x[10], y[13]);
1872 word3_muladd(&w1, &w0, &w2, x[11], y[12]);
1873 word3_muladd(&w1, &w0, &w2, x[12], y[11]);
1874 word3_muladd(&w1, &w0, &w2, x[13], y[10]);
1875 word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
1876 word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
1877 word3_muladd(&w1, &w0, &w2, x[16], y[ 7]);
1878 word3_muladd(&w1, &w0, &w2, x[17], y[ 6]);
1879 word3_muladd(&w1, &w0, &w2, x[18], y[ 5]);
1880 word3_muladd(&w1, &w0, &w2, x[19], y[ 4]);
1881 word3_muladd(&w1, &w0, &w2, x[20], y[ 3]);
1882 word3_muladd(&w1, &w0, &w2, x[21], y[ 2]);
1883 word3_muladd(&w1, &w0, &w2, x[22], y[ 1]);
1884 word3_muladd(&w1, &w0, &w2, x[23], y[ 0]);
1885 z[23] = w2; w2 = 0;
1886
1887 word3_muladd(&w2, &w1, &w0, x[ 1], y[23]);
1888 word3_muladd(&w2, &w1, &w0, x[ 2], y[22]);
1889 word3_muladd(&w2, &w1, &w0, x[ 3], y[21]);
1890 word3_muladd(&w2, &w1, &w0, x[ 4], y[20]);
1891 word3_muladd(&w2, &w1, &w0, x[ 5], y[19]);
1892 word3_muladd(&w2, &w1, &w0, x[ 6], y[18]);
1893 word3_muladd(&w2, &w1, &w0, x[ 7], y[17]);
1894 word3_muladd(&w2, &w1, &w0, x[ 8], y[16]);
1895 word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
1896 word3_muladd(&w2, &w1, &w0, x[10], y[14]);
1897 word3_muladd(&w2, &w1, &w0, x[11], y[13]);
1898 word3_muladd(&w2, &w1, &w0, x[12], y[12]);
1899 word3_muladd(&w2, &w1, &w0, x[13], y[11]);
1900 word3_muladd(&w2, &w1, &w0, x[14], y[10]);
1901 word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
1902 word3_muladd(&w2, &w1, &w0, x[16], y[ 8]);
1903 word3_muladd(&w2, &w1, &w0, x[17], y[ 7]);
1904 word3_muladd(&w2, &w1, &w0, x[18], y[ 6]);
1905 word3_muladd(&w2, &w1, &w0, x[19], y[ 5]);
1906 word3_muladd(&w2, &w1, &w0, x[20], y[ 4]);
1907 word3_muladd(&w2, &w1, &w0, x[21], y[ 3]);
1908 word3_muladd(&w2, &w1, &w0, x[22], y[ 2]);
1909 word3_muladd(&w2, &w1, &w0, x[23], y[ 1]);
1910 z[24] = w0; w0 = 0;
1911
1912 word3_muladd(&w0, &w2, &w1, x[ 2], y[23]);
1913 word3_muladd(&w0, &w2, &w1, x[ 3], y[22]);
1914 word3_muladd(&w0, &w2, &w1, x[ 4], y[21]);
1915 word3_muladd(&w0, &w2, &w1, x[ 5], y[20]);
1916 word3_muladd(&w0, &w2, &w1, x[ 6], y[19]);
1917 word3_muladd(&w0, &w2, &w1, x[ 7], y[18]);
1918 word3_muladd(&w0, &w2, &w1, x[ 8], y[17]);
1919 word3_muladd(&w0, &w2, &w1, x[ 9], y[16]);
1920 word3_muladd(&w0, &w2, &w1, x[10], y[15]);
1921 word3_muladd(&w0, &w2, &w1, x[11], y[14]);
1922 word3_muladd(&w0, &w2, &w1, x[12], y[13]);
1923 word3_muladd(&w0, &w2, &w1, x[13], y[12]);
1924 word3_muladd(&w0, &w2, &w1, x[14], y[11]);
1925 word3_muladd(&w0, &w2, &w1, x[15], y[10]);
1926 word3_muladd(&w0, &w2, &w1, x[16], y[ 9]);
1927 word3_muladd(&w0, &w2, &w1, x[17], y[ 8]);
1928 word3_muladd(&w0, &w2, &w1, x[18], y[ 7]);
1929 word3_muladd(&w0, &w2, &w1, x[19], y[ 6]);
1930 word3_muladd(&w0, &w2, &w1, x[20], y[ 5]);
1931 word3_muladd(&w0, &w2, &w1, x[21], y[ 4]);
1932 word3_muladd(&w0, &w2, &w1, x[22], y[ 3]);
1933 word3_muladd(&w0, &w2, &w1, x[23], y[ 2]);
1934 z[25] = w1; w1 = 0;
1935
1936 word3_muladd(&w1, &w0, &w2, x[ 3], y[23]);
1937 word3_muladd(&w1, &w0, &w2, x[ 4], y[22]);
1938 word3_muladd(&w1, &w0, &w2, x[ 5], y[21]);
1939 word3_muladd(&w1, &w0, &w2, x[ 6], y[20]);
1940 word3_muladd(&w1, &w0, &w2, x[ 7], y[19]);
1941 word3_muladd(&w1, &w0, &w2, x[ 8], y[18]);
1942 word3_muladd(&w1, &w0, &w2, x[ 9], y[17]);
1943 word3_muladd(&w1, &w0, &w2, x[10], y[16]);
1944 word3_muladd(&w1, &w0, &w2, x[11], y[15]);
1945 word3_muladd(&w1, &w0, &w2, x[12], y[14]);
1946 word3_muladd(&w1, &w0, &w2, x[13], y[13]);
1947 word3_muladd(&w1, &w0, &w2, x[14], y[12]);
1948 word3_muladd(&w1, &w0, &w2, x[15], y[11]);
1949 word3_muladd(&w1, &w0, &w2, x[16], y[10]);
1950 word3_muladd(&w1, &w0, &w2, x[17], y[ 9]);
1951 word3_muladd(&w1, &w0, &w2, x[18], y[ 8]);
1952 word3_muladd(&w1, &w0, &w2, x[19], y[ 7]);
1953 word3_muladd(&w1, &w0, &w2, x[20], y[ 6]);
1954 word3_muladd(&w1, &w0, &w2, x[21], y[ 5]);
1955 word3_muladd(&w1, &w0, &w2, x[22], y[ 4]);
1956 word3_muladd(&w1, &w0, &w2, x[23], y[ 3]);
1957 z[26] = w2; w2 = 0;
1958
1959 word3_muladd(&w2, &w1, &w0, x[ 4], y[23]);
1960 word3_muladd(&w2, &w1, &w0, x[ 5], y[22]);
1961 word3_muladd(&w2, &w1, &w0, x[ 6], y[21]);
1962 word3_muladd(&w2, &w1, &w0, x[ 7], y[20]);
1963 word3_muladd(&w2, &w1, &w0, x[ 8], y[19]);
1964 word3_muladd(&w2, &w1, &w0, x[ 9], y[18]);
1965 word3_muladd(&w2, &w1, &w0, x[10], y[17]);
1966 word3_muladd(&w2, &w1, &w0, x[11], y[16]);
1967 word3_muladd(&w2, &w1, &w0, x[12], y[15]);
1968 word3_muladd(&w2, &w1, &w0, x[13], y[14]);
1969 word3_muladd(&w2, &w1, &w0, x[14], y[13]);
1970 word3_muladd(&w2, &w1, &w0, x[15], y[12]);
1971 word3_muladd(&w2, &w1, &w0, x[16], y[11]);
1972 word3_muladd(&w2, &w1, &w0, x[17], y[10]);
1973 word3_muladd(&w2, &w1, &w0, x[18], y[ 9]);
1974 word3_muladd(&w2, &w1, &w0, x[19], y[ 8]);
1975 word3_muladd(&w2, &w1, &w0, x[20], y[ 7]);
1976 word3_muladd(&w2, &w1, &w0, x[21], y[ 6]);
1977 word3_muladd(&w2, &w1, &w0, x[22], y[ 5]);
1978 word3_muladd(&w2, &w1, &w0, x[23], y[ 4]);
1979 z[27] = w0; w0 = 0;
1980
1981 word3_muladd(&w0, &w2, &w1, x[ 5], y[23]);
1982 word3_muladd(&w0, &w2, &w1, x[ 6], y[22]);
1983 word3_muladd(&w0, &w2, &w1, x[ 7], y[21]);
1984 word3_muladd(&w0, &w2, &w1, x[ 8], y[20]);
1985 word3_muladd(&w0, &w2, &w1, x[ 9], y[19]);
1986 word3_muladd(&w0, &w2, &w1, x[10], y[18]);
1987 word3_muladd(&w0, &w2, &w1, x[11], y[17]);
1988 word3_muladd(&w0, &w2, &w1, x[12], y[16]);
1989 word3_muladd(&w0, &w2, &w1, x[13], y[15]);
1990 word3_muladd(&w0, &w2, &w1, x[14], y[14]);
1991 word3_muladd(&w0, &w2, &w1, x[15], y[13]);
1992 word3_muladd(&w0, &w2, &w1, x[16], y[12]);
1993 word3_muladd(&w0, &w2, &w1, x[17], y[11]);
1994 word3_muladd(&w0, &w2, &w1, x[18], y[10]);
1995 word3_muladd(&w0, &w2, &w1, x[19], y[ 9]);
1996 word3_muladd(&w0, &w2, &w1, x[20], y[ 8]);
1997 word3_muladd(&w0, &w2, &w1, x[21], y[ 7]);
1998 word3_muladd(&w0, &w2, &w1, x[22], y[ 6]);
1999 word3_muladd(&w0, &w2, &w1, x[23], y[ 5]);
2000 z[28] = w1; w1 = 0;
2001
2002 word3_muladd(&w1, &w0, &w2, x[ 6], y[23]);
2003 word3_muladd(&w1, &w0, &w2, x[ 7], y[22]);
2004 word3_muladd(&w1, &w0, &w2, x[ 8], y[21]);
2005 word3_muladd(&w1, &w0, &w2, x[ 9], y[20]);
2006 word3_muladd(&w1, &w0, &w2, x[10], y[19]);
2007 word3_muladd(&w1, &w0, &w2, x[11], y[18]);
2008 word3_muladd(&w1, &w0, &w2, x[12], y[17]);
2009 word3_muladd(&w1, &w0, &w2, x[13], y[16]);
2010 word3_muladd(&w1, &w0, &w2, x[14], y[15]);
2011 word3_muladd(&w1, &w0, &w2, x[15], y[14]);
2012 word3_muladd(&w1, &w0, &w2, x[16], y[13]);
2013 word3_muladd(&w1, &w0, &w2, x[17], y[12]);
2014 word3_muladd(&w1, &w0, &w2, x[18], y[11]);
2015 word3_muladd(&w1, &w0, &w2, x[19], y[10]);
2016 word3_muladd(&w1, &w0, &w2, x[20], y[ 9]);
2017 word3_muladd(&w1, &w0, &w2, x[21], y[ 8]);
2018 word3_muladd(&w1, &w0, &w2, x[22], y[ 7]);
2019 word3_muladd(&w1, &w0, &w2, x[23], y[ 6]);
2020 z[29] = w2; w2 = 0;
2021
2022 word3_muladd(&w2, &w1, &w0, x[ 7], y[23]);
2023 word3_muladd(&w2, &w1, &w0, x[ 8], y[22]);
2024 word3_muladd(&w2, &w1, &w0, x[ 9], y[21]);
2025 word3_muladd(&w2, &w1, &w0, x[10], y[20]);
2026 word3_muladd(&w2, &w1, &w0, x[11], y[19]);
2027 word3_muladd(&w2, &w1, &w0, x[12], y[18]);
2028 word3_muladd(&w2, &w1, &w0, x[13], y[17]);
2029 word3_muladd(&w2, &w1, &w0, x[14], y[16]);
2030 word3_muladd(&w2, &w1, &w0, x[15], y[15]);
2031 word3_muladd(&w2, &w1, &w0, x[16], y[14]);
2032 word3_muladd(&w2, &w1, &w0, x[17], y[13]);
2033 word3_muladd(&w2, &w1, &w0, x[18], y[12]);
2034 word3_muladd(&w2, &w1, &w0, x[19], y[11]);
2035 word3_muladd(&w2, &w1, &w0, x[20], y[10]);
2036 word3_muladd(&w2, &w1, &w0, x[21], y[ 9]);
2037 word3_muladd(&w2, &w1, &w0, x[22], y[ 8]);
2038 word3_muladd(&w2, &w1, &w0, x[23], y[ 7]);
2039 z[30] = w0; w0 = 0;
2040
2041 word3_muladd(&w0, &w2, &w1, x[ 8], y[23]);
2042 word3_muladd(&w0, &w2, &w1, x[ 9], y[22]);
2043 word3_muladd(&w0, &w2, &w1, x[10], y[21]);
2044 word3_muladd(&w0, &w2, &w1, x[11], y[20]);
2045 word3_muladd(&w0, &w2, &w1, x[12], y[19]);
2046 word3_muladd(&w0, &w2, &w1, x[13], y[18]);
2047 word3_muladd(&w0, &w2, &w1, x[14], y[17]);
2048 word3_muladd(&w0, &w2, &w1, x[15], y[16]);
2049 word3_muladd(&w0, &w2, &w1, x[16], y[15]);
2050 word3_muladd(&w0, &w2, &w1, x[17], y[14]);
2051 word3_muladd(&w0, &w2, &w1, x[18], y[13]);
2052 word3_muladd(&w0, &w2, &w1, x[19], y[12]);
2053 word3_muladd(&w0, &w2, &w1, x[20], y[11]);
2054 word3_muladd(&w0, &w2, &w1, x[21], y[10]);
2055 word3_muladd(&w0, &w2, &w1, x[22], y[ 9]);
2056 word3_muladd(&w0, &w2, &w1, x[23], y[ 8]);
2057 z[31] = w1; w1 = 0;
2058
2059 word3_muladd(&w1, &w0, &w2, x[ 9], y[23]);
2060 word3_muladd(&w1, &w0, &w2, x[10], y[22]);
2061 word3_muladd(&w1, &w0, &w2, x[11], y[21]);
2062 word3_muladd(&w1, &w0, &w2, x[12], y[20]);
2063 word3_muladd(&w1, &w0, &w2, x[13], y[19]);
2064 word3_muladd(&w1, &w0, &w2, x[14], y[18]);
2065 word3_muladd(&w1, &w0, &w2, x[15], y[17]);
2066 word3_muladd(&w1, &w0, &w2, x[16], y[16]);
2067 word3_muladd(&w1, &w0, &w2, x[17], y[15]);
2068 word3_muladd(&w1, &w0, &w2, x[18], y[14]);
2069 word3_muladd(&w1, &w0, &w2, x[19], y[13]);
2070 word3_muladd(&w1, &w0, &w2, x[20], y[12]);
2071 word3_muladd(&w1, &w0, &w2, x[21], y[11]);
2072 word3_muladd(&w1, &w0, &w2, x[22], y[10]);
2073 word3_muladd(&w1, &w0, &w2, x[23], y[ 9]);
2074 z[32] = w2; w2 = 0;
2075
2076 word3_muladd(&w2, &w1, &w0, x[10], y[23]);
2077 word3_muladd(&w2, &w1, &w0, x[11], y[22]);
2078 word3_muladd(&w2, &w1, &w0, x[12], y[21]);
2079 word3_muladd(&w2, &w1, &w0, x[13], y[20]);
2080 word3_muladd(&w2, &w1, &w0, x[14], y[19]);
2081 word3_muladd(&w2, &w1, &w0, x[15], y[18]);
2082 word3_muladd(&w2, &w1, &w0, x[16], y[17]);
2083 word3_muladd(&w2, &w1, &w0, x[17], y[16]);
2084 word3_muladd(&w2, &w1, &w0, x[18], y[15]);
2085 word3_muladd(&w2, &w1, &w0, x[19], y[14]);
2086 word3_muladd(&w2, &w1, &w0, x[20], y[13]);
2087 word3_muladd(&w2, &w1, &w0, x[21], y[12]);
2088 word3_muladd(&w2, &w1, &w0, x[22], y[11]);
2089 word3_muladd(&w2, &w1, &w0, x[23], y[10]);
2090 z[33] = w0; w0 = 0;
2091
2092 word3_muladd(&w0, &w2, &w1, x[11], y[23]);
2093 word3_muladd(&w0, &w2, &w1, x[12], y[22]);
2094 word3_muladd(&w0, &w2, &w1, x[13], y[21]);
2095 word3_muladd(&w0, &w2, &w1, x[14], y[20]);
2096 word3_muladd(&w0, &w2, &w1, x[15], y[19]);
2097 word3_muladd(&w0, &w2, &w1, x[16], y[18]);
2098 word3_muladd(&w0, &w2, &w1, x[17], y[17]);
2099 word3_muladd(&w0, &w2, &w1, x[18], y[16]);
2100 word3_muladd(&w0, &w2, &w1, x[19], y[15]);
2101 word3_muladd(&w0, &w2, &w1, x[20], y[14]);
2102 word3_muladd(&w0, &w2, &w1, x[21], y[13]);
2103 word3_muladd(&w0, &w2, &w1, x[22], y[12]);
2104 word3_muladd(&w0, &w2, &w1, x[23], y[11]);
2105 z[34] = w1; w1 = 0;
2106
2107 word3_muladd(&w1, &w0, &w2, x[12], y[23]);
2108 word3_muladd(&w1, &w0, &w2, x[13], y[22]);
2109 word3_muladd(&w1, &w0, &w2, x[14], y[21]);
2110 word3_muladd(&w1, &w0, &w2, x[15], y[20]);
2111 word3_muladd(&w1, &w0, &w2, x[16], y[19]);
2112 word3_muladd(&w1, &w0, &w2, x[17], y[18]);
2113 word3_muladd(&w1, &w0, &w2, x[18], y[17]);
2114 word3_muladd(&w1, &w0, &w2, x[19], y[16]);
2115 word3_muladd(&w1, &w0, &w2, x[20], y[15]);
2116 word3_muladd(&w1, &w0, &w2, x[21], y[14]);
2117 word3_muladd(&w1, &w0, &w2, x[22], y[13]);
2118 word3_muladd(&w1, &w0, &w2, x[23], y[12]);
2119 z[35] = w2; w2 = 0;
2120
2121 word3_muladd(&w2, &w1, &w0, x[13], y[23]);
2122 word3_muladd(&w2, &w1, &w0, x[14], y[22]);
2123 word3_muladd(&w2, &w1, &w0, x[15], y[21]);
2124 word3_muladd(&w2, &w1, &w0, x[16], y[20]);
2125 word3_muladd(&w2, &w1, &w0, x[17], y[19]);
2126 word3_muladd(&w2, &w1, &w0, x[18], y[18]);
2127 word3_muladd(&w2, &w1, &w0, x[19], y[17]);
2128 word3_muladd(&w2, &w1, &w0, x[20], y[16]);
2129 word3_muladd(&w2, &w1, &w0, x[21], y[15]);
2130 word3_muladd(&w2, &w1, &w0, x[22], y[14]);
2131 word3_muladd(&w2, &w1, &w0, x[23], y[13]);
2132 z[36] = w0; w0 = 0;
2133
2134 word3_muladd(&w0, &w2, &w1, x[14], y[23]);
2135 word3_muladd(&w0, &w2, &w1, x[15], y[22]);
2136 word3_muladd(&w0, &w2, &w1, x[16], y[21]);
2137 word3_muladd(&w0, &w2, &w1, x[17], y[20]);
2138 word3_muladd(&w0, &w2, &w1, x[18], y[19]);
2139 word3_muladd(&w0, &w2, &w1, x[19], y[18]);
2140 word3_muladd(&w0, &w2, &w1, x[20], y[17]);
2141 word3_muladd(&w0, &w2, &w1, x[21], y[16]);
2142 word3_muladd(&w0, &w2, &w1, x[22], y[15]);
2143 word3_muladd(&w0, &w2, &w1, x[23], y[14]);
2144 z[37] = w1; w1 = 0;
2145
2146 word3_muladd(&w1, &w0, &w2, x[15], y[23]);
2147 word3_muladd(&w1, &w0, &w2, x[16], y[22]);
2148 word3_muladd(&w1, &w0, &w2, x[17], y[21]);
2149 word3_muladd(&w1, &w0, &w2, x[18], y[20]);
2150 word3_muladd(&w1, &w0, &w2, x[19], y[19]);
2151 word3_muladd(&w1, &w0, &w2, x[20], y[18]);
2152 word3_muladd(&w1, &w0, &w2, x[21], y[17]);
2153 word3_muladd(&w1, &w0, &w2, x[22], y[16]);
2154 word3_muladd(&w1, &w0, &w2, x[23], y[15]);
2155 z[38] = w2; w2 = 0;
2156
2157 word3_muladd(&w2, &w1, &w0, x[16], y[23]);
2158 word3_muladd(&w2, &w1, &w0, x[17], y[22]);
2159 word3_muladd(&w2, &w1, &w0, x[18], y[21]);
2160 word3_muladd(&w2, &w1, &w0, x[19], y[20]);
2161 word3_muladd(&w2, &w1, &w0, x[20], y[19]);
2162 word3_muladd(&w2, &w1, &w0, x[21], y[18]);
2163 word3_muladd(&w2, &w1, &w0, x[22], y[17]);
2164 word3_muladd(&w2, &w1, &w0, x[23], y[16]);
2165 z[39] = w0; w0 = 0;
2166
2167 word3_muladd(&w0, &w2, &w1, x[17], y[23]);
2168 word3_muladd(&w0, &w2, &w1, x[18], y[22]);
2169 word3_muladd(&w0, &w2, &w1, x[19], y[21]);
2170 word3_muladd(&w0, &w2, &w1, x[20], y[20]);
2171 word3_muladd(&w0, &w2, &w1, x[21], y[19]);
2172 word3_muladd(&w0, &w2, &w1, x[22], y[18]);
2173 word3_muladd(&w0, &w2, &w1, x[23], y[17]);
2174 z[40] = w1; w1 = 0;
2175
2176 word3_muladd(&w1, &w0, &w2, x[18], y[23]);
2177 word3_muladd(&w1, &w0, &w2, x[19], y[22]);
2178 word3_muladd(&w1, &w0, &w2, x[20], y[21]);
2179 word3_muladd(&w1, &w0, &w2, x[21], y[20]);
2180 word3_muladd(&w1, &w0, &w2, x[22], y[19]);
2181 word3_muladd(&w1, &w0, &w2, x[23], y[18]);
2182 z[41] = w2; w2 = 0;
2183
2184 word3_muladd(&w2, &w1, &w0, x[19], y[23]);
2185 word3_muladd(&w2, &w1, &w0, x[20], y[22]);
2186 word3_muladd(&w2, &w1, &w0, x[21], y[21]);
2187 word3_muladd(&w2, &w1, &w0, x[22], y[20]);
2188 word3_muladd(&w2, &w1, &w0, x[23], y[19]);
2189 z[42] = w0; w0 = 0;
2190
2191 word3_muladd(&w0, &w2, &w1, x[20], y[23]);
2192 word3_muladd(&w0, &w2, &w1, x[21], y[22]);
2193 word3_muladd(&w0, &w2, &w1, x[22], y[21]);
2194 word3_muladd(&w0, &w2, &w1, x[23], y[20]);
2195 z[43] = w1; w1 = 0;
2196
2197 word3_muladd(&w1, &w0, &w2, x[21], y[23]);
2198 word3_muladd(&w1, &w0, &w2, x[22], y[22]);
2199 word3_muladd(&w1, &w0, &w2, x[23], y[21]);
2200 z[44] = w2; w2 = 0;
2201
2202 word3_muladd(&w2, &w1, &w0, x[22], y[23]);
2203 word3_muladd(&w2, &w1, &w0, x[23], y[22]);
2204 z[45] = w0; w0 = 0;
2205
2206 word3_muladd(&w0, &w2, &w1, x[23], y[23]);
2207 z[46] = w1;
2208 z[47] = w2;
2209 }

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul4()

void Botan::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

Definition at line 50 of file mp_comba.cpp.

51 {
52 word w2 = 0, w1 = 0, w0 = 0;
53
54 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
55 z[ 0] = w0; w0 = 0;
56
57 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
58 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
59 z[ 1] = w1; w1 = 0;
60
61 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
62 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
63 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
64 z[ 2] = w2; w2 = 0;
65
66 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
67 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
68 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
69 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
70 z[ 3] = w0; w0 = 0;
71
72 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
73 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
74 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
75 z[ 4] = w1; w1 = 0;
76
77 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
78 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
79 z[ 5] = w2; w2 = 0;
80
81 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
82 z[ 6] = w0;
83 z[ 7] = w1;
84 }

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul6()

void Botan::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

Definition at line 141 of file mp_comba.cpp.

142 {
143 word w2 = 0, w1 = 0, w0 = 0;
144
145 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
146 z[ 0] = w0; w0 = 0;
147
148 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
149 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
150 z[ 1] = w1; w1 = 0;
151
152 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
153 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
154 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
155 z[ 2] = w2; w2 = 0;
156
157 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
158 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
159 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
160 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
161 z[ 3] = w0; w0 = 0;
162
163 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
164 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
165 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
166 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
167 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
168 z[ 4] = w1; w1 = 0;
169
170 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
171 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
172 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
173 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
174 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
175 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
176 z[ 5] = w2; w2 = 0;
177
178 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
179 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
180 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
181 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
182 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
183 z[ 6] = w0; w0 = 0;
184
185 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
186 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
187 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
188 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
189 z[ 7] = w1; w1 = 0;
190
191 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
192 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
193 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
194 z[ 8] = w2; w2 = 0;
195
196 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
197 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
198 z[ 9] = w0; w0 = 0;
199
200 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
201 z[10] = w1;
202 z[11] = w2;
203 }

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul8()

void Botan::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

Definition at line 283 of file mp_comba.cpp.

284 {
285 word w2 = 0, w1 = 0, w0 = 0;
286
287 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
288 z[ 0] = w0; w0 = 0;
289
290 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
291 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
292 z[ 1] = w1; w1 = 0;
293
294 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
295 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
296 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
297 z[ 2] = w2; w2 = 0;
298
299 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
300 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
301 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
302 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
303 z[ 3] = w0; w0 = 0;
304
305 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
306 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
307 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
308 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
309 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
310 z[ 4] = w1; w1 = 0;
311
312 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
313 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
314 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
315 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
316 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
317 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
318 z[ 5] = w2; w2 = 0;
319
320 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
321 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
322 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
323 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
324 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
325 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
326 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
327 z[ 6] = w0; w0 = 0;
328
329 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
330 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
331 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
332 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
333 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
334 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
335 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
336 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
337 z[ 7] = w1; w1 = 0;
338
339 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
340 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
341 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
342 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
343 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
344 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
345 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
346 z[ 8] = w2; w2 = 0;
347
348 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
349 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
350 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
351 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
352 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
353 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
354 z[ 9] = w0; w0 = 0;
355
356 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
357 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
358 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
359 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
360 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
361 z[10] = w1; w1 = 0;
362
363 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
364 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
365 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
366 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
367 z[11] = w2; w2 = 0;
368
369 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
370 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
371 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
372 z[12] = w0; w0 = 0;
373
374 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
375 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
376 z[13] = w1; w1 = 0;
377
378 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
379 z[14] = w2;
380 z[15] = w0;
381 }

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_mul9()

void Botan::bigint_comba_mul9 ( word  z[18],
const word  x[9],
const word  y[9] 
)

Definition at line 474 of file mp_comba.cpp.

475 {
476 word w2 = 0, w1 = 0, w0 = 0;
477
478 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
479 z[ 0] = w0; w0 = 0;
480
481 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
482 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
483 z[ 1] = w1; w1 = 0;
484
485 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
486 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
487 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
488 z[ 2] = w2; w2 = 0;
489
490 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
491 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
492 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
493 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
494 z[ 3] = w0; w0 = 0;
495
496 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
497 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
498 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
499 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
500 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
501 z[ 4] = w1; w1 = 0;
502
503 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
504 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
505 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
506 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
507 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
508 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
509 z[ 5] = w2; w2 = 0;
510
511 word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
512 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
513 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
514 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
515 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
516 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
517 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
518 z[ 6] = w0; w0 = 0;
519
520 word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
521 word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
522 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
523 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
524 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
525 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
526 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
527 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
528 z[ 7] = w1; w1 = 0;
529
530 word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
531 word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
532 word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
533 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
534 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
535 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
536 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
537 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
538 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
539 z[ 8] = w2; w2 = 0;
540
541 word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
542 word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
543 word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
544 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
545 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
546 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
547 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
548 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
549 z[ 9] = w0; w0 = 0;
550
551 word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
552 word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
553 word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
554 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
555 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
556 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
557 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
558 z[10] = w1; w1 = 0;
559
560 word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
561 word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
562 word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
563 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
564 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
565 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
566 z[11] = w2; w2 = 0;
567
568 word3_muladd(&w2, &w1, &w0, x[ 4], y[ 8]);
569 word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
570 word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
571 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
572 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 4]);
573 z[12] = w0; w0 = 0;
574
575 word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
576 word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
577 word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
578 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
579 z[13] = w1; w1 = 0;
580
581 word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
582 word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
583 word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
584 z[14] = w2; w2 = 0;
585
586 word3_muladd(&w2, &w1, &w0, x[ 7], y[ 8]);
587 word3_muladd(&w2, &w1, &w0, x[ 8], y[ 7]);
588 z[15] = w0; w0 = 0;
589
590 word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
591 z[16] = w1;
592 z[17] = w2;
593 }

References word3_muladd().

Referenced by bigint_mul().

◆ bigint_comba_sqr16()

void Botan::bigint_comba_sqr16 ( word  z[32],
const word  x[16] 
)

Definition at line 598 of file mp_comba.cpp.

599 {
600 word w2 = 0, w1 = 0, w0 = 0;
601
602 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
603 z[ 0] = w0; w0 = 0;
604
605 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
606 z[ 1] = w1; w1 = 0;
607
608 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
609 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
610 z[ 2] = w2; w2 = 0;
611
612 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
613 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
614 z[ 3] = w0; w0 = 0;
615
616 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
617 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
618 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
619 z[ 4] = w1; w1 = 0;
620
621 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
622 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
623 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
624 z[ 5] = w2; w2 = 0;
625
626 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
627 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
628 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
629 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
630 z[ 6] = w0; w0 = 0;
631
632 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
633 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
634 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
635 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
636 z[ 7] = w1; w1 = 0;
637
638 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
639 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
640 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
641 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
642 word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
643 z[ 8] = w2; w2 = 0;
644
645 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
646 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
647 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
648 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
649 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
650 z[ 9] = w0; w0 = 0;
651
652 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
653 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
654 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
655 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
656 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
657 word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
658 z[10] = w1; w1 = 0;
659
660 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
661 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
662 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
663 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
664 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
665 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
666 z[11] = w2; w2 = 0;
667
668 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
669 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
670 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[10]);
671 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]);
672 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
673 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
674 word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
675 z[12] = w0; w0 = 0;
676
677 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
678 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
679 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
680 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
681 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
682 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
683 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
684 z[13] = w1; w1 = 0;
685
686 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
687 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
688 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
689 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
690 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
691 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
692 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
693 word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
694 z[14] = w2; w2 = 0;
695
696 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
697 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
698 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[13]);
699 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[12]);
700 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[11]);
701 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
702 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
703 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
704 z[15] = w0; w0 = 0;
705
706 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
707 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
708 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
709 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
710 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
711 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
712 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
713 word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
714 z[16] = w1; w1 = 0;
715
716 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
717 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
718 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
719 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
720 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
721 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
722 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
723 z[17] = w2; w2 = 0;
724
725 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
726 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
727 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[13]);
728 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]);
729 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
730 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
731 word3_muladd (&w2, &w1, &w0, x[ 9], x[ 9]);
732 z[18] = w0; w0 = 0;
733
734 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
735 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
736 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
737 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
738 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
739 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
740 z[19] = w1; w1 = 0;
741
742 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
743 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
744 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
745 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
746 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
747 word3_muladd (&w1, &w0, &w2, x[10], x[10]);
748 z[20] = w2; w2 = 0;
749
750 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
751 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
752 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
753 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
754 word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
755 z[21] = w0; w0 = 0;
756
757 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
758 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
759 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
760 word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
761 word3_muladd (&w0, &w2, &w1, x[11], x[11]);
762 z[22] = w1; w1 = 0;
763
764 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
765 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
766 word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
767 word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
768 z[23] = w2; w2 = 0;
769
770 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
771 word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
772 word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
773 word3_muladd (&w2, &w1, &w0, x[12], x[12]);
774 z[24] = w0; w0 = 0;
775
776 word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
777 word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
778 word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
779 z[25] = w1; w1 = 0;
780
781 word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
782 word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
783 word3_muladd (&w1, &w0, &w2, x[13], x[13]);
784 z[26] = w2; w2 = 0;
785
786 word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
787 word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
788 z[27] = w0; w0 = 0;
789
790 word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
791 word3_muladd (&w0, &w2, &w1, x[14], x[14]);
792 z[28] = w1; w1 = 0;
793
794 word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
795 z[29] = w2; w2 = 0;
796
797 word3_muladd (&w2, &w1, &w0, x[15], x[15]);
798 z[30] = w0;
799 z[31] = w1;
800 }
void word3_muladd_2(word *w2, word *w1, word *w0, word x, word y)
Definition mp_asmi.h:536

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_comba_sqr24()

void Botan::bigint_comba_sqr24 ( word  z[48],
const word  x[24] 
)

Definition at line 1132 of file mp_comba.cpp.

1133 {
1134 word w2 = 0, w1 = 0, w0 = 0;
1135
1136 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
1137 z[ 0] = w0; w0 = 0;
1138
1139 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
1140 z[ 1] = w1; w1 = 0;
1141
1142 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
1143 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
1144 z[ 2] = w2; w2 = 0;
1145
1146 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
1147 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
1148 z[ 3] = w0; w0 = 0;
1149
1150 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
1151 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
1152 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
1153 z[ 4] = w1; w1 = 0;
1154
1155 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
1156 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
1157 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
1158 z[ 5] = w2; w2 = 0;
1159
1160 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
1161 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
1162 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
1163 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
1164 z[ 6] = w0; w0 = 0;
1165
1166 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
1167 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
1168 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
1169 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
1170 z[ 7] = w1; w1 = 0;
1171
1172 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
1173 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
1174 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
1175 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
1176 word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
1177 z[ 8] = w2; w2 = 0;
1178
1179 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
1180 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
1181 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
1182 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
1183 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
1184 z[ 9] = w0; w0 = 0;
1185
1186 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
1187 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
1188 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
1189 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
1190 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
1191 word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
1192 z[10] = w1; w1 = 0;
1193
1194 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
1195 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
1196 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
1197 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
1198 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
1199 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
1200 z[11] = w2; w2 = 0;
1201
1202 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
1203 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
1204 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[10]);
1205 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]);
1206 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
1207 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
1208 word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
1209 z[12] = w0; w0 = 0;
1210
1211 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
1212 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
1213 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
1214 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
1215 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
1216 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
1217 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
1218 z[13] = w1; w1 = 0;
1219
1220 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
1221 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
1222 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
1223 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
1224 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
1225 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
1226 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
1227 word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
1228 z[14] = w2; w2 = 0;
1229
1230 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
1231 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
1232 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[13]);
1233 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[12]);
1234 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[11]);
1235 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
1236 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
1237 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
1238 z[15] = w0; w0 = 0;
1239
1240 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[16]);
1241 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
1242 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
1243 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
1244 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
1245 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
1246 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
1247 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
1248 word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
1249 z[16] = w1; w1 = 0;
1250
1251 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[17]);
1252 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[16]);
1253 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
1254 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
1255 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
1256 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
1257 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
1258 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
1259 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
1260 z[17] = w2; w2 = 0;
1261
1262 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[18]);
1263 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[17]);
1264 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[16]);
1265 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
1266 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
1267 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[13]);
1268 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]);
1269 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
1270 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
1271 word3_muladd (&w2, &w1, &w0, x[ 9], x[ 9]);
1272 z[18] = w0; w0 = 0;
1273
1274 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[19]);
1275 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[18]);
1276 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[17]);
1277 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[16]);
1278 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
1279 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
1280 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
1281 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
1282 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
1283 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
1284 z[19] = w1; w1 = 0;
1285
1286 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[20]);
1287 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[19]);
1288 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[18]);
1289 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[17]);
1290 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[16]);
1291 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
1292 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
1293 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
1294 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
1295 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
1296 word3_muladd (&w1, &w0, &w2, x[10], x[10]);
1297 z[20] = w2; w2 = 0;
1298
1299 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[21]);
1300 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[20]);
1301 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[19]);
1302 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[18]);
1303 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[17]);
1304 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[16]);
1305 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
1306 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
1307 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
1308 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
1309 word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
1310 z[21] = w0; w0 = 0;
1311
1312 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[22]);
1313 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[21]);
1314 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[20]);
1315 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[19]);
1316 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[18]);
1317 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[17]);
1318 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[16]);
1319 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
1320 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
1321 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
1322 word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
1323 word3_muladd (&w0, &w2, &w1, x[11], x[11]);
1324 z[22] = w1; w1 = 0;
1325
1326 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[23]);
1327 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[22]);
1328 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[21]);
1329 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[20]);
1330 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[19]);
1331 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[18]);
1332 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[17]);
1333 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[16]);
1334 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
1335 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
1336 word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
1337 word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
1338 z[23] = w2; w2 = 0;
1339
1340 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[23]);
1341 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[22]);
1342 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[21]);
1343 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[20]);
1344 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[19]);
1345 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[18]);
1346 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[17]);
1347 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[16]);
1348 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
1349 word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
1350 word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
1351 word3_muladd (&w2, &w1, &w0, x[12], x[12]);
1352 z[24] = w0; w0 = 0;
1353
1354 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[23]);
1355 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[22]);
1356 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[21]);
1357 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[20]);
1358 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[19]);
1359 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[18]);
1360 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[17]);
1361 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[16]);
1362 word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
1363 word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
1364 word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
1365 z[25] = w1; w1 = 0;
1366
1367 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[23]);
1368 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[22]);
1369 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[21]);
1370 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[20]);
1371 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[19]);
1372 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[18]);
1373 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[17]);
1374 word3_muladd_2(&w1, &w0, &w2, x[10], x[16]);
1375 word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
1376 word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
1377 word3_muladd (&w1, &w0, &w2, x[13], x[13]);
1378 z[26] = w2; w2 = 0;
1379
1380 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[23]);
1381 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[22]);
1382 word3_muladd_2(&w2, &w1, &w0, x[ 6], x[21]);
1383 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[20]);
1384 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[19]);
1385 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[18]);
1386 word3_muladd_2(&w2, &w1, &w0, x[10], x[17]);
1387 word3_muladd_2(&w2, &w1, &w0, x[11], x[16]);
1388 word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
1389 word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
1390 z[27] = w0; w0 = 0;
1391
1392 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[23]);
1393 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[22]);
1394 word3_muladd_2(&w0, &w2, &w1, x[ 7], x[21]);
1395 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[20]);
1396 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[19]);
1397 word3_muladd_2(&w0, &w2, &w1, x[10], x[18]);
1398 word3_muladd_2(&w0, &w2, &w1, x[11], x[17]);
1399 word3_muladd_2(&w0, &w2, &w1, x[12], x[16]);
1400 word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
1401 word3_muladd (&w0, &w2, &w1, x[14], x[14]);
1402 z[28] = w1; w1 = 0;
1403
1404 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[23]);
1405 word3_muladd_2(&w1, &w0, &w2, x[ 7], x[22]);
1406 word3_muladd_2(&w1, &w0, &w2, x[ 8], x[21]);
1407 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[20]);
1408 word3_muladd_2(&w1, &w0, &w2, x[10], x[19]);
1409 word3_muladd_2(&w1, &w0, &w2, x[11], x[18]);
1410 word3_muladd_2(&w1, &w0, &w2, x[12], x[17]);
1411 word3_muladd_2(&w1, &w0, &w2, x[13], x[16]);
1412 word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
1413 z[29] = w2; w2 = 0;
1414
1415 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[23]);
1416 word3_muladd_2(&w2, &w1, &w0, x[ 8], x[22]);
1417 word3_muladd_2(&w2, &w1, &w0, x[ 9], x[21]);
1418 word3_muladd_2(&w2, &w1, &w0, x[10], x[20]);
1419 word3_muladd_2(&w2, &w1, &w0, x[11], x[19]);
1420 word3_muladd_2(&w2, &w1, &w0, x[12], x[18]);
1421 word3_muladd_2(&w2, &w1, &w0, x[13], x[17]);
1422 word3_muladd_2(&w2, &w1, &w0, x[14], x[16]);
1423 word3_muladd (&w2, &w1, &w0, x[15], x[15]);
1424 z[30] = w0; w0 = 0;
1425
1426 word3_muladd_2(&w0, &w2, &w1, x[ 8], x[23]);
1427 word3_muladd_2(&w0, &w2, &w1, x[ 9], x[22]);
1428 word3_muladd_2(&w0, &w2, &w1, x[10], x[21]);
1429 word3_muladd_2(&w0, &w2, &w1, x[11], x[20]);
1430 word3_muladd_2(&w0, &w2, &w1, x[12], x[19]);
1431 word3_muladd_2(&w0, &w2, &w1, x[13], x[18]);
1432 word3_muladd_2(&w0, &w2, &w1, x[14], x[17]);
1433 word3_muladd_2(&w0, &w2, &w1, x[15], x[16]);
1434 z[31] = w1; w1 = 0;
1435
1436 word3_muladd_2(&w1, &w0, &w2, x[ 9], x[23]);
1437 word3_muladd_2(&w1, &w0, &w2, x[10], x[22]);
1438 word3_muladd_2(&w1, &w0, &w2, x[11], x[21]);
1439 word3_muladd_2(&w1, &w0, &w2, x[12], x[20]);
1440 word3_muladd_2(&w1, &w0, &w2, x[13], x[19]);
1441 word3_muladd_2(&w1, &w0, &w2, x[14], x[18]);
1442 word3_muladd_2(&w1, &w0, &w2, x[15], x[17]);
1443 word3_muladd (&w1, &w0, &w2, x[16], x[16]);
1444 z[32] = w2; w2 = 0;
1445
1446 word3_muladd_2(&w2, &w1, &w0, x[10], x[23]);
1447 word3_muladd_2(&w2, &w1, &w0, x[11], x[22]);
1448 word3_muladd_2(&w2, &w1, &w0, x[12], x[21]);
1449 word3_muladd_2(&w2, &w1, &w0, x[13], x[20]);
1450 word3_muladd_2(&w2, &w1, &w0, x[14], x[19]);
1451 word3_muladd_2(&w2, &w1, &w0, x[15], x[18]);
1452 word3_muladd_2(&w2, &w1, &w0, x[16], x[17]);
1453 z[33] = w0; w0 = 0;
1454
1455 word3_muladd_2(&w0, &w2, &w1, x[11], x[23]);
1456 word3_muladd_2(&w0, &w2, &w1, x[12], x[22]);
1457 word3_muladd_2(&w0, &w2, &w1, x[13], x[21]);
1458 word3_muladd_2(&w0, &w2, &w1, x[14], x[20]);
1459 word3_muladd_2(&w0, &w2, &w1, x[15], x[19]);
1460 word3_muladd_2(&w0, &w2, &w1, x[16], x[18]);
1461 word3_muladd (&w0, &w2, &w1, x[17], x[17]);
1462 z[34] = w1; w1 = 0;
1463
1464 word3_muladd_2(&w1, &w0, &w2, x[12], x[23]);
1465 word3_muladd_2(&w1, &w0, &w2, x[13], x[22]);
1466 word3_muladd_2(&w1, &w0, &w2, x[14], x[21]);
1467 word3_muladd_2(&w1, &w0, &w2, x[15], x[20]);
1468 word3_muladd_2(&w1, &w0, &w2, x[16], x[19]);
1469 word3_muladd_2(&w1, &w0, &w2, x[17], x[18]);
1470 z[35] = w2; w2 = 0;
1471
1472 word3_muladd_2(&w2, &w1, &w0, x[13], x[23]);
1473 word3_muladd_2(&w2, &w1, &w0, x[14], x[22]);
1474 word3_muladd_2(&w2, &w1, &w0, x[15], x[21]);
1475 word3_muladd_2(&w2, &w1, &w0, x[16], x[20]);
1476 word3_muladd_2(&w2, &w1, &w0, x[17], x[19]);
1477 word3_muladd (&w2, &w1, &w0, x[18], x[18]);
1478 z[36] = w0; w0 = 0;
1479
1480 word3_muladd_2(&w0, &w2, &w1, x[14], x[23]);
1481 word3_muladd_2(&w0, &w2, &w1, x[15], x[22]);
1482 word3_muladd_2(&w0, &w2, &w1, x[16], x[21]);
1483 word3_muladd_2(&w0, &w2, &w1, x[17], x[20]);
1484 word3_muladd_2(&w0, &w2, &w1, x[18], x[19]);
1485 z[37] = w1; w1 = 0;
1486
1487 word3_muladd_2(&w1, &w0, &w2, x[15], x[23]);
1488 word3_muladd_2(&w1, &w0, &w2, x[16], x[22]);
1489 word3_muladd_2(&w1, &w0, &w2, x[17], x[21]);
1490 word3_muladd_2(&w1, &w0, &w2, x[18], x[20]);
1491 word3_muladd (&w1, &w0, &w2, x[19], x[19]);
1492 z[38] = w2; w2 = 0;
1493
1494 word3_muladd_2(&w2, &w1, &w0, x[16], x[23]);
1495 word3_muladd_2(&w2, &w1, &w0, x[17], x[22]);
1496 word3_muladd_2(&w2, &w1, &w0, x[18], x[21]);
1497 word3_muladd_2(&w2, &w1, &w0, x[19], x[20]);
1498 z[39] = w0; w0 = 0;
1499
1500 word3_muladd_2(&w0, &w2, &w1, x[17], x[23]);
1501 word3_muladd_2(&w0, &w2, &w1, x[18], x[22]);
1502 word3_muladd_2(&w0, &w2, &w1, x[19], x[21]);
1503 word3_muladd (&w0, &w2, &w1, x[20], x[20]);
1504 z[40] = w1; w1 = 0;
1505
1506 word3_muladd_2(&w1, &w0, &w2, x[18], x[23]);
1507 word3_muladd_2(&w1, &w0, &w2, x[19], x[22]);
1508 word3_muladd_2(&w1, &w0, &w2, x[20], x[21]);
1509 z[41] = w2; w2 = 0;
1510
1511 word3_muladd_2(&w2, &w1, &w0, x[19], x[23]);
1512 word3_muladd_2(&w2, &w1, &w0, x[20], x[22]);
1513 word3_muladd (&w2, &w1, &w0, x[21], x[21]);
1514 z[42] = w0; w0 = 0;
1515
1516 word3_muladd_2(&w0, &w2, &w1, x[20], x[23]);
1517 word3_muladd_2(&w0, &w2, &w1, x[21], x[22]);
1518 z[43] = w1; w1 = 0;
1519
1520 word3_muladd_2(&w1, &w0, &w2, x[21], x[23]);
1521 word3_muladd (&w1, &w0, &w2, x[22], x[22]);
1522 z[44] = w2; w2 = 0;
1523
1524 word3_muladd_2(&w2, &w1, &w0, x[22], x[23]);
1525 z[45] = w0; w0 = 0;
1526
1527 word3_muladd (&w0, &w2, &w1, x[23], x[23]);
1528 z[46] = w1;
1529 z[47] = w2;
1530 }

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_comba_sqr4()

void Botan::bigint_comba_sqr4 ( word  z[8],
const word  x[4] 
)

Definition at line 17 of file mp_comba.cpp.

18 {
19 word w2 = 0, w1 = 0, w0 = 0;
20
21 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
22 z[ 0] = w0; w0 = 0;
23
24 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
25 z[ 1] = w1; w1 = 0;
26
27 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
28 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
29 z[ 2] = w2; w2 = 0;
30
31 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
32 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
33 z[ 3] = w0; w0 = 0;
34
35 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
36 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
37 z[ 4] = w1; w1 = 0;
38
39 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
40 z[ 5] = w2; w2 = 0;
41
42 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
43 z[ 6] = w0;
44 z[ 7] = w1;
45 }

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_comba_sqr6()

void Botan::bigint_comba_sqr6 ( word  z[12],
const word  x[6] 
)

Definition at line 89 of file mp_comba.cpp.

90 {
91 word w2 = 0, w1 = 0, w0 = 0;
92
93 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
94 z[ 0] = w0; w0 = 0;
95
96 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
97 z[ 1] = w1; w1 = 0;
98
99 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
100 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
101 z[ 2] = w2; w2 = 0;
102
103 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
104 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
105 z[ 3] = w0; w0 = 0;
106
107 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
108 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
109 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
110 z[ 4] = w1; w1 = 0;
111
112 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
113 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
114 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
115 z[ 5] = w2; w2 = 0;
116
117 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
118 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
119 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
120 z[ 6] = w0; w0 = 0;
121
122 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
123 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
124 z[ 7] = w1; w1 = 0;
125
126 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
127 word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
128 z[ 8] = w2; w2 = 0;
129
130 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
131 z[ 9] = w0; w0 = 0;
132
133 word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
134 z[10] = w1;
135 z[11] = w2;
136 }

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_comba_sqr8()

void Botan::bigint_comba_sqr8 ( word  z[16],
const word  x[8] 
)

Definition at line 208 of file mp_comba.cpp.

209 {
210 word w2 = 0, w1 = 0, w0 = 0;
211
212 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
213 z[ 0] = w0; w0 = 0;
214
215 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
216 z[ 1] = w1; w1 = 0;
217
218 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
219 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
220 z[ 2] = w2; w2 = 0;
221
222 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
223 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
224 z[ 3] = w0; w0 = 0;
225
226 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
227 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
228 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
229 z[ 4] = w1; w1 = 0;
230
231 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
232 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
233 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
234 z[ 5] = w2; w2 = 0;
235
236 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
237 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
238 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
239 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
240 z[ 6] = w0; w0 = 0;
241
242 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
243 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
244 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
245 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
246 z[ 7] = w1; w1 = 0;
247
248 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
249 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
250 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
251 word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
252 z[ 8] = w2; w2 = 0;
253
254 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
255 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
256 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
257 z[ 9] = w0; w0 = 0;
258
259 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
260 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
261 word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
262 z[10] = w1; w1 = 0;
263
264 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
265 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
266 z[11] = w2; w2 = 0;
267
268 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
269 word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
270 z[12] = w0; w0 = 0;
271
272 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
273 z[13] = w1; w1 = 0;
274
275 word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
276 z[14] = w2;
277 z[15] = w0;
278 }

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_comba_sqr9()

void Botan::bigint_comba_sqr9 ( word  z[18],
const word  x[9] 
)

Definition at line 386 of file mp_comba.cpp.

387 {
388 word w2 = 0, w1 = 0, w0 = 0;
389
390 word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]);
391 z[ 0] = w0; w0 = 0;
392
393 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
394 z[ 1] = w1; w1 = 0;
395
396 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
397 word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]);
398 z[ 2] = w2; w2 = 0;
399
400 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
401 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
402 z[ 3] = w0; w0 = 0;
403
404 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
405 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
406 word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]);
407 z[ 4] = w1; w1 = 0;
408
409 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
410 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
411 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
412 z[ 5] = w2; w2 = 0;
413
414 word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
415 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
416 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
417 word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]);
418 z[ 6] = w0; w0 = 0;
419
420 word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
421 word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
422 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
423 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
424 z[ 7] = w1; w1 = 0;
425
426 word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
427 word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
428 word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
429 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
430 word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]);
431 z[ 8] = w2; w2 = 0;
432
433 word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
434 word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
435 word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
436 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
437 z[ 9] = w0; w0 = 0;
438
439 word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
440 word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
441 word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
442 word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]);
443 z[10] = w1; w1 = 0;
444
445 word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
446 word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
447 word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
448 z[11] = w2; w2 = 0;
449
450 word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
451 word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
452 word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]);
453 z[12] = w0; w0 = 0;
454
455 word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
456 word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
457 z[13] = w1; w1 = 0;
458
459 word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
460 word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]);
461 z[14] = w2; w2 = 0;
462
463 word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
464 z[15] = w0; w0 = 0;
465
466 word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]);
467 z[16] = w1;
468 z[17] = w2;
469 }

References word3_muladd(), and word3_muladd_2().

Referenced by bigint_sqr().

◆ bigint_ct_is_eq()

CT::Mask< word > Botan::bigint_ct_is_eq ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Definition at line 613 of file mp_core.h.

615 {
616 const size_t common_elems = std::min(x_size, y_size);
617
618 word diff = 0;
619
620 for(size_t i = 0; i != common_elems; i++)
621 {
622 diff |= (x[i] ^ y[i]);
623 }
624
625 // If any bits were set in high part of x/y, then they are not equal
626 if(x_size < y_size)
627 {
628 for(size_t i = x_size; i != y_size; i++)
629 diff |= y[i];
630 }
631 else if(y_size < x_size)
632 {
633 for(size_t i = y_size; i != x_size; i++)
634 diff |= x[i];
635 }
636
637 return CT::Mask<word>::is_zero(diff);
638 }

References Botan::CT::Mask< T >::is_zero().

Referenced by Botan::BigInt::is_equal().

◆ bigint_ct_is_lt()

CT::Mask< word > Botan::bigint_ct_is_lt ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size,
bool  lt_or_equal = false 
)
inline

Compare x and y Return ~0 if x[0:x_size] < y[0:y_size] or 0 otherwise If lt_or_equal is true, returns ~0 also for x == y

Definition at line 576 of file mp_core.h.

579 {
580 const size_t common_elems = std::min(x_size, y_size);
581
582 auto is_lt = CT::Mask<word>::expand(lt_or_equal);
583
584 for(size_t i = 0; i != common_elems; i++)
585 {
586 const auto eq = CT::Mask<word>::is_equal(x[i], y[i]);
587 const auto lt = CT::Mask<word>::is_lt(x[i], y[i]);
588 is_lt = eq.select_mask(is_lt, lt);
589 }
590
591 if(x_size < y_size)
592 {
593 word mask = 0;
594 for(size_t i = x_size; i != y_size; i++)
595 mask |= y[i];
596 // If any bits were set in high part of y, then is_lt should be forced true
597 is_lt |= CT::Mask<word>::expand(mask);
598 }
599 else if(y_size < x_size)
600 {
601 word mask = 0;
602 for(size_t i = y_size; i != x_size; i++)
603 mask |= x[i];
604
605 // If any bits were set in high part of x, then is_lt should be false
606 is_lt &= CT::Mask<word>::is_zero(mask);
607 }
608
609 return is_lt;
610 }

References Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_zero().

Referenced by bigint_mod_sub(), bigint_mod_sub_n(), and Botan::BigInt::is_less_than().

◆ bigint_divop()

word Botan::bigint_divop ( word  n1,
word  n0,
word  d 
)
inline

Compute ((n1<<bits) + n0) / d

Definition at line 721 of file mp_core.h.

722 {
723 if(d == 0)
724 throw Invalid_Argument("bigint_divop divide by zero");
725
726#if defined(BOTAN_HAS_MP_DWORD)
727 return static_cast<word>(((static_cast<dword>(n1) << BOTAN_MP_WORD_BITS) | n0) / d);
728#else
729
730 word high = n1 % d;
731 word quotient = 0;
732
733 for(size_t i = 0; i != BOTAN_MP_WORD_BITS; ++i)
734 {
735 const word high_top_bit = high >> (BOTAN_MP_WORD_BITS-1);
736
737 high <<= 1;
738 high |= (n0 >> (BOTAN_MP_WORD_BITS-1-i)) & 1;
739 quotient <<= 1;
740
741 if(high_top_bit || high >= d)
742 {
743 high -= d;
744 quotient |= 1;
745 }
746 }
747
748 return quotient;
749#endif
750 }

Referenced by bigint_modop(), and vartime_divide().

◆ bigint_linmul2()

word BOTAN_WARN_UNUSED_RESULT Botan::bigint_linmul2 ( word  x[],
size_t  x_size,
word  y 
)
inline

Definition at line 489 of file mp_core.h.

490 {
491 const size_t blocks = x_size - (x_size % 8);
492
493 word carry = 0;
494
495 for(size_t i = 0; i != blocks; i += 8)
496 carry = word8_linmul2(x + i, y, carry);
497
498 for(size_t i = blocks; i != x_size; ++i)
499 x[i] = word_madd2(x[i], y, &carry);
500
501 return carry;
502 }
word word8_linmul2(word x[8], word y, word carry)
Definition mp_asmi.h:346
word word_madd2(word a, word b, word *c)
Definition mp_madd.h:46

References carry(), word8_linmul2(), and word_madd2().

Referenced by Botan::BigInt::mul(), and Botan::BigInt::operator*=().

◆ bigint_linmul3()

void Botan::bigint_linmul3 ( word  z[],
const word  x[],
size_t  x_size,
word  y 
)
inline

Definition at line 504 of file mp_core.h.

505 {
506 const size_t blocks = x_size - (x_size % 8);
507
508 word carry = 0;
509
510 for(size_t i = 0; i != blocks; i += 8)
511 carry = word8_linmul3(z + i, x + i, y, carry);
512
513 for(size_t i = blocks; i != x_size; ++i)
514 z[i] = word_madd2(x[i], y, &carry);
515
516 z[x_size] = carry;
517 }
word word8_linmul3(word z[8], const word x[8], word y, word carry)
Definition mp_asmi.h:381

References carry(), word8_linmul3(), and word_madd2().

Referenced by bigint_mul(), bigint_sqr(), Botan::BigInt::mul(), operator*(), and operator*().

◆ bigint_mod_sub()

void Botan::bigint_mod_sub ( word  t[],
const word  s[],
const word  mod[],
size_t  mod_sw,
word  ws[] 
)
inline

Set t to t-s modulo mod

Parameters
tfirst integer
ssecond integer
modthe modulus
mod_swsize of t, s, and mod
wsworkspace of size mod_sw

Definition at line 687 of file mp_core.h.

688 {
689 // is t < s or not?
690 const auto is_lt = bigint_ct_is_lt(t, mod_sw, s, mod_sw);
691
692 // ws = p - s
693 const word borrow = bigint_sub3(ws, mod, mod_sw, s, mod_sw);
694
695 // Compute either (t - s) or (t + (p - s)) depending on mask
696 const word carry = bigint_cnd_addsub(is_lt, t, ws, s, mod_sw);
697
698 BOTAN_DEBUG_ASSERT(borrow == 0 && carry == 0);
699 BOTAN_UNUSED(carry, borrow);
700 }
#define BOTAN_UNUSED(...)
Definition assert.h:142
word bigint_cnd_addsub(CT::Mask< word > mask, word x[], const word y[], const word z[], size_t size)
Definition mp_core.h:176
CT::Mask< word > bigint_ct_is_lt(const word x[], size_t x_size, const word y[], size_t y_size, bool lt_or_equal=false)
Definition mp_core.h:576
word bigint_sub3(word z[], const word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:342

References bigint_cnd_addsub(), bigint_ct_is_lt(), bigint_sub3(), BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, and carry().

Referenced by Botan::BigInt::mod_sub().

◆ bigint_mod_sub_n()

template<size_t N>
void Botan::bigint_mod_sub_n ( word  t[],
const word  s[],
const word  mod[],
word  ws[] 
)
inline

Definition at line 703 of file mp_core.h.

704 {
705 // is t < s or not?
706 const auto is_lt = bigint_ct_is_lt(t, N, s, N);
707
708 // ws = p - s
709 const word borrow = bigint_sub3(ws, mod, N, s, N);
710
711 // Compute either (t - s) or (t + (p - s)) depending on mask
712 const word carry = bigint_cnd_addsub(is_lt, t, ws, s, N);
713
714 BOTAN_DEBUG_ASSERT(borrow == 0 && carry == 0);
715 BOTAN_UNUSED(carry, borrow);
716 }

References bigint_cnd_addsub(), bigint_ct_is_lt(), bigint_sub3(), BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, and carry().

◆ bigint_modop()

word Botan::bigint_modop ( word  n1,
word  n0,
word  d 
)
inline

Compute ((n1<<bits) + n0) % d

Definition at line 755 of file mp_core.h.

756 {
757 if(d == 0)
758 throw Invalid_Argument("bigint_modop divide by zero");
759
760#if defined(BOTAN_HAS_MP_DWORD)
761 return ((static_cast<dword>(n1) << BOTAN_MP_WORD_BITS) | n0) % d;
762#else
763 word z = bigint_divop(n1, n0, d);
764 word dummy = 0;
765 z = word_madd2(z, d, &dummy);
766 return (n0-z);
767#endif
768 }
word bigint_divop(word n1, word n0, word d)
Definition mp_core.h:721

References bigint_divop(), and word_madd2().

Referenced by operator%(), and Botan::BigInt::operator%=().

◆ bigint_monty_redc()

void Botan::bigint_monty_redc ( word  z[],
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[],
size_t  ws_size 
)

Montgomery Reduction

Parameters
zinteger to reduce, of size exactly 2*(p_size+1). Output is in the first p_size+1 words, higher words are set to zero.
pmodulus
p_sizesize of p
p_dashMontgomery value
workspacearray of at least 2*(p_size+1) words
ws_sizesize of workspace in words

Definition at line 109 of file mp_monty.cpp.

112 {
113 const size_t z_size = 2*(p_size+1);
114
115 BOTAN_ARG_CHECK(ws_size >= z_size, "workspace too small");
116
117 if(p_size == 4)
118 bigint_monty_redc_4(z, p, p_dash, ws);
119 else if(p_size == 6)
120 bigint_monty_redc_6(z, p, p_dash, ws);
121 else if(p_size == 8)
122 bigint_monty_redc_8(z, p, p_dash, ws);
123 else if(p_size == 16)
124 bigint_monty_redc_16(z, p, p_dash, ws);
125 else if(p_size == 24)
126 bigint_monty_redc_24(z, p, p_dash, ws);
127 else if(p_size == 32)
128 bigint_monty_redc_32(z, p, p_dash, ws);
129 else
130 bigint_monty_redc_generic(z, z_size, p, p_size, p_dash, ws);
131 }
void bigint_monty_redc_24(word z[], const word p[], word p_dash, word ws[])
void bigint_monty_redc_8(word z[], const word p[], word p_dash, word ws[])
void bigint_monty_redc_16(word z[], const word p[], word p_dash, word ws[])
void bigint_monty_redc_4(word z[], const word p[], word p_dash, word ws[])
void bigint_monty_redc_32(word z[], const word p[], word p_dash, word ws[])
void bigint_monty_redc_6(word z[], const word p[], word p_dash, word ws[])

References bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), and BOTAN_ARG_CHECK.

Referenced by Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::mul_by(), Botan::Montgomery_Params::mul_by(), Botan::Montgomery_Params::redc(), Botan::Montgomery_Params::sqr(), and Botan::Montgomery_Params::square_this().

◆ bigint_monty_redc_16() [1/2]

void Botan::bigint_monty_redc_16 ( word  z[],
const word  p[16],
word  p_dash,
word  ws[] 
)

Definition at line 293 of file mp_monty_n.cpp.

294 {
295 word w2 = 0, w1 = 0, w0 = 0;
296 w0 = z[0];
297 ws[0] = w0 * p_dash;
298 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
299 w0 = w1; w1 = w2; w2 = 0;
300 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
301 word3_add(&w2, &w1, &w0, z[1]);
302 ws[1] = w0 * p_dash;
303 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
304 w0 = w1; w1 = w2; w2 = 0;
305 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
306 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
307 word3_add(&w2, &w1, &w0, z[2]);
308 ws[2] = w0 * p_dash;
309 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
310 w0 = w1; w1 = w2; w2 = 0;
311 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
312 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
313 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
314 word3_add(&w2, &w1, &w0, z[3]);
315 ws[3] = w0 * p_dash;
316 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
317 w0 = w1; w1 = w2; w2 = 0;
318 word3_muladd(&w2, &w1, &w0, ws[0], p[4]);
319 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
320 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
321 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
322 word3_add(&w2, &w1, &w0, z[4]);
323 ws[4] = w0 * p_dash;
324 word3_muladd(&w2, &w1, &w0, ws[4], p[0]);
325 w0 = w1; w1 = w2; w2 = 0;
326 word3_muladd(&w2, &w1, &w0, ws[0], p[5]);
327 word3_muladd(&w2, &w1, &w0, ws[1], p[4]);
328 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
329 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
330 word3_muladd(&w2, &w1, &w0, ws[4], p[1]);
331 word3_add(&w2, &w1, &w0, z[5]);
332 ws[5] = w0 * p_dash;
333 word3_muladd(&w2, &w1, &w0, ws[5], p[0]);
334 w0 = w1; w1 = w2; w2 = 0;
335 word3_muladd(&w2, &w1, &w0, ws[0], p[6]);
336 word3_muladd(&w2, &w1, &w0, ws[1], p[5]);
337 word3_muladd(&w2, &w1, &w0, ws[2], p[4]);
338 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
339 word3_muladd(&w2, &w1, &w0, ws[4], p[2]);
340 word3_muladd(&w2, &w1, &w0, ws[5], p[1]);
341 word3_add(&w2, &w1, &w0, z[6]);
342 ws[6] = w0 * p_dash;
343 word3_muladd(&w2, &w1, &w0, ws[6], p[0]);
344 w0 = w1; w1 = w2; w2 = 0;
345 word3_muladd(&w2, &w1, &w0, ws[0], p[7]);
346 word3_muladd(&w2, &w1, &w0, ws[1], p[6]);
347 word3_muladd(&w2, &w1, &w0, ws[2], p[5]);
348 word3_muladd(&w2, &w1, &w0, ws[3], p[4]);
349 word3_muladd(&w2, &w1, &w0, ws[4], p[3]);
350 word3_muladd(&w2, &w1, &w0, ws[5], p[2]);
351 word3_muladd(&w2, &w1, &w0, ws[6], p[1]);
352 word3_add(&w2, &w1, &w0, z[7]);
353 ws[7] = w0 * p_dash;
354 word3_muladd(&w2, &w1, &w0, ws[7], p[0]);
355 w0 = w1; w1 = w2; w2 = 0;
356 word3_muladd(&w2, &w1, &w0, ws[0], p[8]);
357 word3_muladd(&w2, &w1, &w0, ws[1], p[7]);
358 word3_muladd(&w2, &w1, &w0, ws[2], p[6]);
359 word3_muladd(&w2, &w1, &w0, ws[3], p[5]);
360 word3_muladd(&w2, &w1, &w0, ws[4], p[4]);
361 word3_muladd(&w2, &w1, &w0, ws[5], p[3]);
362 word3_muladd(&w2, &w1, &w0, ws[6], p[2]);
363 word3_muladd(&w2, &w1, &w0, ws[7], p[1]);
364 word3_add(&w2, &w1, &w0, z[8]);
365 ws[8] = w0 * p_dash;
366 word3_muladd(&w2, &w1, &w0, ws[8], p[0]);
367 w0 = w1; w1 = w2; w2 = 0;
368 word3_muladd(&w2, &w1, &w0, ws[0], p[9]);
369 word3_muladd(&w2, &w1, &w0, ws[1], p[8]);
370 word3_muladd(&w2, &w1, &w0, ws[2], p[7]);
371 word3_muladd(&w2, &w1, &w0, ws[3], p[6]);
372 word3_muladd(&w2, &w1, &w0, ws[4], p[5]);
373 word3_muladd(&w2, &w1, &w0, ws[5], p[4]);
374 word3_muladd(&w2, &w1, &w0, ws[6], p[3]);
375 word3_muladd(&w2, &w1, &w0, ws[7], p[2]);
376 word3_muladd(&w2, &w1, &w0, ws[8], p[1]);
377 word3_add(&w2, &w1, &w0, z[9]);
378 ws[9] = w0 * p_dash;
379 word3_muladd(&w2, &w1, &w0, ws[9], p[0]);
380 w0 = w1; w1 = w2; w2 = 0;
381 word3_muladd(&w2, &w1, &w0, ws[0], p[10]);
382 word3_muladd(&w2, &w1, &w0, ws[1], p[9]);
383 word3_muladd(&w2, &w1, &w0, ws[2], p[8]);
384 word3_muladd(&w2, &w1, &w0, ws[3], p[7]);
385 word3_muladd(&w2, &w1, &w0, ws[4], p[6]);
386 word3_muladd(&w2, &w1, &w0, ws[5], p[5]);
387 word3_muladd(&w2, &w1, &w0, ws[6], p[4]);
388 word3_muladd(&w2, &w1, &w0, ws[7], p[3]);
389 word3_muladd(&w2, &w1, &w0, ws[8], p[2]);
390 word3_muladd(&w2, &w1, &w0, ws[9], p[1]);
391 word3_add(&w2, &w1, &w0, z[10]);
392 ws[10] = w0 * p_dash;
393 word3_muladd(&w2, &w1, &w0, ws[10], p[0]);
394 w0 = w1; w1 = w2; w2 = 0;
395 word3_muladd(&w2, &w1, &w0, ws[0], p[11]);
396 word3_muladd(&w2, &w1, &w0, ws[1], p[10]);
397 word3_muladd(&w2, &w1, &w0, ws[2], p[9]);
398 word3_muladd(&w2, &w1, &w0, ws[3], p[8]);
399 word3_muladd(&w2, &w1, &w0, ws[4], p[7]);
400 word3_muladd(&w2, &w1, &w0, ws[5], p[6]);
401 word3_muladd(&w2, &w1, &w0, ws[6], p[5]);
402 word3_muladd(&w2, &w1, &w0, ws[7], p[4]);
403 word3_muladd(&w2, &w1, &w0, ws[8], p[3]);
404 word3_muladd(&w2, &w1, &w0, ws[9], p[2]);
405 word3_muladd(&w2, &w1, &w0, ws[10], p[1]);
406 word3_add(&w2, &w1, &w0, z[11]);
407 ws[11] = w0 * p_dash;
408 word3_muladd(&w2, &w1, &w0, ws[11], p[0]);
409 w0 = w1; w1 = w2; w2 = 0;
410 word3_muladd(&w2, &w1, &w0, ws[0], p[12]);
411 word3_muladd(&w2, &w1, &w0, ws[1], p[11]);
412 word3_muladd(&w2, &w1, &w0, ws[2], p[10]);
413 word3_muladd(&w2, &w1, &w0, ws[3], p[9]);
414 word3_muladd(&w2, &w1, &w0, ws[4], p[8]);
415 word3_muladd(&w2, &w1, &w0, ws[5], p[7]);
416 word3_muladd(&w2, &w1, &w0, ws[6], p[6]);
417 word3_muladd(&w2, &w1, &w0, ws[7], p[5]);
418 word3_muladd(&w2, &w1, &w0, ws[8], p[4]);
419 word3_muladd(&w2, &w1, &w0, ws[9], p[3]);
420 word3_muladd(&w2, &w1, &w0, ws[10], p[2]);
421 word3_muladd(&w2, &w1, &w0, ws[11], p[1]);
422 word3_add(&w2, &w1, &w0, z[12]);
423 ws[12] = w0 * p_dash;
424 word3_muladd(&w2, &w1, &w0, ws[12], p[0]);
425 w0 = w1; w1 = w2; w2 = 0;
426 word3_muladd(&w2, &w1, &w0, ws[0], p[13]);
427 word3_muladd(&w2, &w1, &w0, ws[1], p[12]);
428 word3_muladd(&w2, &w1, &w0, ws[2], p[11]);
429 word3_muladd(&w2, &w1, &w0, ws[3], p[10]);
430 word3_muladd(&w2, &w1, &w0, ws[4], p[9]);
431 word3_muladd(&w2, &w1, &w0, ws[5], p[8]);
432 word3_muladd(&w2, &w1, &w0, ws[6], p[7]);
433 word3_muladd(&w2, &w1, &w0, ws[7], p[6]);
434 word3_muladd(&w2, &w1, &w0, ws[8], p[5]);
435 word3_muladd(&w2, &w1, &w0, ws[9], p[4]);
436 word3_muladd(&w2, &w1, &w0, ws[10], p[3]);
437 word3_muladd(&w2, &w1, &w0, ws[11], p[2]);
438 word3_muladd(&w2, &w1, &w0, ws[12], p[1]);
439 word3_add(&w2, &w1, &w0, z[13]);
440 ws[13] = w0 * p_dash;
441 word3_muladd(&w2, &w1, &w0, ws[13], p[0]);
442 w0 = w1; w1 = w2; w2 = 0;
443 word3_muladd(&w2, &w1, &w0, ws[0], p[14]);
444 word3_muladd(&w2, &w1, &w0, ws[1], p[13]);
445 word3_muladd(&w2, &w1, &w0, ws[2], p[12]);
446 word3_muladd(&w2, &w1, &w0, ws[3], p[11]);
447 word3_muladd(&w2, &w1, &w0, ws[4], p[10]);
448 word3_muladd(&w2, &w1, &w0, ws[5], p[9]);
449 word3_muladd(&w2, &w1, &w0, ws[6], p[8]);
450 word3_muladd(&w2, &w1, &w0, ws[7], p[7]);
451 word3_muladd(&w2, &w1, &w0, ws[8], p[6]);
452 word3_muladd(&w2, &w1, &w0, ws[9], p[5]);
453 word3_muladd(&w2, &w1, &w0, ws[10], p[4]);
454 word3_muladd(&w2, &w1, &w0, ws[11], p[3]);
455 word3_muladd(&w2, &w1, &w0, ws[12], p[2]);
456 word3_muladd(&w2, &w1, &w0, ws[13], p[1]);
457 word3_add(&w2, &w1, &w0, z[14]);
458 ws[14] = w0 * p_dash;
459 word3_muladd(&w2, &w1, &w0, ws[14], p[0]);
460 w0 = w1; w1 = w2; w2 = 0;
461 word3_muladd(&w2, &w1, &w0, ws[0], p[15]);
462 word3_muladd(&w2, &w1, &w0, ws[1], p[14]);
463 word3_muladd(&w2, &w1, &w0, ws[2], p[13]);
464 word3_muladd(&w2, &w1, &w0, ws[3], p[12]);
465 word3_muladd(&w2, &w1, &w0, ws[4], p[11]);
466 word3_muladd(&w2, &w1, &w0, ws[5], p[10]);
467 word3_muladd(&w2, &w1, &w0, ws[6], p[9]);
468 word3_muladd(&w2, &w1, &w0, ws[7], p[8]);
469 word3_muladd(&w2, &w1, &w0, ws[8], p[7]);
470 word3_muladd(&w2, &w1, &w0, ws[9], p[6]);
471 word3_muladd(&w2, &w1, &w0, ws[10], p[5]);
472 word3_muladd(&w2, &w1, &w0, ws[11], p[4]);
473 word3_muladd(&w2, &w1, &w0, ws[12], p[3]);
474 word3_muladd(&w2, &w1, &w0, ws[13], p[2]);
475 word3_muladd(&w2, &w1, &w0, ws[14], p[1]);
476 word3_add(&w2, &w1, &w0, z[15]);
477 ws[15] = w0 * p_dash;
478 word3_muladd(&w2, &w1, &w0, ws[15], p[0]);
479 w0 = w1; w1 = w2; w2 = 0;
480 word3_muladd(&w2, &w1, &w0, ws[1], p[15]);
481 word3_muladd(&w2, &w1, &w0, ws[2], p[14]);
482 word3_muladd(&w2, &w1, &w0, ws[3], p[13]);
483 word3_muladd(&w2, &w1, &w0, ws[4], p[12]);
484 word3_muladd(&w2, &w1, &w0, ws[5], p[11]);
485 word3_muladd(&w2, &w1, &w0, ws[6], p[10]);
486 word3_muladd(&w2, &w1, &w0, ws[7], p[9]);
487 word3_muladd(&w2, &w1, &w0, ws[8], p[8]);
488 word3_muladd(&w2, &w1, &w0, ws[9], p[7]);
489 word3_muladd(&w2, &w1, &w0, ws[10], p[6]);
490 word3_muladd(&w2, &w1, &w0, ws[11], p[5]);
491 word3_muladd(&w2, &w1, &w0, ws[12], p[4]);
492 word3_muladd(&w2, &w1, &w0, ws[13], p[3]);
493 word3_muladd(&w2, &w1, &w0, ws[14], p[2]);
494 word3_muladd(&w2, &w1, &w0, ws[15], p[1]);
495 word3_add(&w2, &w1, &w0, z[16]);
496 ws[0] = w0;
497 w0 = w1; w1 = w2; w2 = 0;
498 word3_muladd(&w2, &w1, &w0, ws[2], p[15]);
499 word3_muladd(&w2, &w1, &w0, ws[3], p[14]);
500 word3_muladd(&w2, &w1, &w0, ws[4], p[13]);
501 word3_muladd(&w2, &w1, &w0, ws[5], p[12]);
502 word3_muladd(&w2, &w1, &w0, ws[6], p[11]);
503 word3_muladd(&w2, &w1, &w0, ws[7], p[10]);
504 word3_muladd(&w2, &w1, &w0, ws[8], p[9]);
505 word3_muladd(&w2, &w1, &w0, ws[9], p[8]);
506 word3_muladd(&w2, &w1, &w0, ws[10], p[7]);
507 word3_muladd(&w2, &w1, &w0, ws[11], p[6]);
508 word3_muladd(&w2, &w1, &w0, ws[12], p[5]);
509 word3_muladd(&w2, &w1, &w0, ws[13], p[4]);
510 word3_muladd(&w2, &w1, &w0, ws[14], p[3]);
511 word3_muladd(&w2, &w1, &w0, ws[15], p[2]);
512 word3_add(&w2, &w1, &w0, z[17]);
513 ws[1] = w0;
514 w0 = w1; w1 = w2; w2 = 0;
515 word3_muladd(&w2, &w1, &w0, ws[3], p[15]);
516 word3_muladd(&w2, &w1, &w0, ws[4], p[14]);
517 word3_muladd(&w2, &w1, &w0, ws[5], p[13]);
518 word3_muladd(&w2, &w1, &w0, ws[6], p[12]);
519 word3_muladd(&w2, &w1, &w0, ws[7], p[11]);
520 word3_muladd(&w2, &w1, &w0, ws[8], p[10]);
521 word3_muladd(&w2, &w1, &w0, ws[9], p[9]);
522 word3_muladd(&w2, &w1, &w0, ws[10], p[8]);
523 word3_muladd(&w2, &w1, &w0, ws[11], p[7]);
524 word3_muladd(&w2, &w1, &w0, ws[12], p[6]);
525 word3_muladd(&w2, &w1, &w0, ws[13], p[5]);
526 word3_muladd(&w2, &w1, &w0, ws[14], p[4]);
527 word3_muladd(&w2, &w1, &w0, ws[15], p[3]);
528 word3_add(&w2, &w1, &w0, z[18]);
529 ws[2] = w0;
530 w0 = w1; w1 = w2; w2 = 0;
531 word3_muladd(&w2, &w1, &w0, ws[4], p[15]);
532 word3_muladd(&w2, &w1, &w0, ws[5], p[14]);
533 word3_muladd(&w2, &w1, &w0, ws[6], p[13]);
534 word3_muladd(&w2, &w1, &w0, ws[7], p[12]);
535 word3_muladd(&w2, &w1, &w0, ws[8], p[11]);
536 word3_muladd(&w2, &w1, &w0, ws[9], p[10]);
537 word3_muladd(&w2, &w1, &w0, ws[10], p[9]);
538 word3_muladd(&w2, &w1, &w0, ws[11], p[8]);
539 word3_muladd(&w2, &w1, &w0, ws[12], p[7]);
540 word3_muladd(&w2, &w1, &w0, ws[13], p[6]);
541 word3_muladd(&w2, &w1, &w0, ws[14], p[5]);
542 word3_muladd(&w2, &w1, &w0, ws[15], p[4]);
543 word3_add(&w2, &w1, &w0, z[19]);
544 ws[3] = w0;
545 w0 = w1; w1 = w2; w2 = 0;
546 word3_muladd(&w2, &w1, &w0, ws[5], p[15]);
547 word3_muladd(&w2, &w1, &w0, ws[6], p[14]);
548 word3_muladd(&w2, &w1, &w0, ws[7], p[13]);
549 word3_muladd(&w2, &w1, &w0, ws[8], p[12]);
550 word3_muladd(&w2, &w1, &w0, ws[9], p[11]);
551 word3_muladd(&w2, &w1, &w0, ws[10], p[10]);
552 word3_muladd(&w2, &w1, &w0, ws[11], p[9]);
553 word3_muladd(&w2, &w1, &w0, ws[12], p[8]);
554 word3_muladd(&w2, &w1, &w0, ws[13], p[7]);
555 word3_muladd(&w2, &w1, &w0, ws[14], p[6]);
556 word3_muladd(&w2, &w1, &w0, ws[15], p[5]);
557 word3_add(&w2, &w1, &w0, z[20]);
558 ws[4] = w0;
559 w0 = w1; w1 = w2; w2 = 0;
560 word3_muladd(&w2, &w1, &w0, ws[6], p[15]);
561 word3_muladd(&w2, &w1, &w0, ws[7], p[14]);
562 word3_muladd(&w2, &w1, &w0, ws[8], p[13]);
563 word3_muladd(&w2, &w1, &w0, ws[9], p[12]);
564 word3_muladd(&w2, &w1, &w0, ws[10], p[11]);
565 word3_muladd(&w2, &w1, &w0, ws[11], p[10]);
566 word3_muladd(&w2, &w1, &w0, ws[12], p[9]);
567 word3_muladd(&w2, &w1, &w0, ws[13], p[8]);
568 word3_muladd(&w2, &w1, &w0, ws[14], p[7]);
569 word3_muladd(&w2, &w1, &w0, ws[15], p[6]);
570 word3_add(&w2, &w1, &w0, z[21]);
571 ws[5] = w0;
572 w0 = w1; w1 = w2; w2 = 0;
573 word3_muladd(&w2, &w1, &w0, ws[7], p[15]);
574 word3_muladd(&w2, &w1, &w0, ws[8], p[14]);
575 word3_muladd(&w2, &w1, &w0, ws[9], p[13]);
576 word3_muladd(&w2, &w1, &w0, ws[10], p[12]);
577 word3_muladd(&w2, &w1, &w0, ws[11], p[11]);
578 word3_muladd(&w2, &w1, &w0, ws[12], p[10]);
579 word3_muladd(&w2, &w1, &w0, ws[13], p[9]);
580 word3_muladd(&w2, &w1, &w0, ws[14], p[8]);
581 word3_muladd(&w2, &w1, &w0, ws[15], p[7]);
582 word3_add(&w2, &w1, &w0, z[22]);
583 ws[6] = w0;
584 w0 = w1; w1 = w2; w2 = 0;
585 word3_muladd(&w2, &w1, &w0, ws[8], p[15]);
586 word3_muladd(&w2, &w1, &w0, ws[9], p[14]);
587 word3_muladd(&w2, &w1, &w0, ws[10], p[13]);
588 word3_muladd(&w2, &w1, &w0, ws[11], p[12]);
589 word3_muladd(&w2, &w1, &w0, ws[12], p[11]);
590 word3_muladd(&w2, &w1, &w0, ws[13], p[10]);
591 word3_muladd(&w2, &w1, &w0, ws[14], p[9]);
592 word3_muladd(&w2, &w1, &w0, ws[15], p[8]);
593 word3_add(&w2, &w1, &w0, z[23]);
594 ws[7] = w0;
595 w0 = w1; w1 = w2; w2 = 0;
596 word3_muladd(&w2, &w1, &w0, ws[9], p[15]);
597 word3_muladd(&w2, &w1, &w0, ws[10], p[14]);
598 word3_muladd(&w2, &w1, &w0, ws[11], p[13]);
599 word3_muladd(&w2, &w1, &w0, ws[12], p[12]);
600 word3_muladd(&w2, &w1, &w0, ws[13], p[11]);
601 word3_muladd(&w2, &w1, &w0, ws[14], p[10]);
602 word3_muladd(&w2, &w1, &w0, ws[15], p[9]);
603 word3_add(&w2, &w1, &w0, z[24]);
604 ws[8] = w0;
605 w0 = w1; w1 = w2; w2 = 0;
606 word3_muladd(&w2, &w1, &w0, ws[10], p[15]);
607 word3_muladd(&w2, &w1, &w0, ws[11], p[14]);
608 word3_muladd(&w2, &w1, &w0, ws[12], p[13]);
609 word3_muladd(&w2, &w1, &w0, ws[13], p[12]);
610 word3_muladd(&w2, &w1, &w0, ws[14], p[11]);
611 word3_muladd(&w2, &w1, &w0, ws[15], p[10]);
612 word3_add(&w2, &w1, &w0, z[25]);
613 ws[9] = w0;
614 w0 = w1; w1 = w2; w2 = 0;
615 word3_muladd(&w2, &w1, &w0, ws[11], p[15]);
616 word3_muladd(&w2, &w1, &w0, ws[12], p[14]);
617 word3_muladd(&w2, &w1, &w0, ws[13], p[13]);
618 word3_muladd(&w2, &w1, &w0, ws[14], p[12]);
619 word3_muladd(&w2, &w1, &w0, ws[15], p[11]);
620 word3_add(&w2, &w1, &w0, z[26]);
621 ws[10] = w0;
622 w0 = w1; w1 = w2; w2 = 0;
623 word3_muladd(&w2, &w1, &w0, ws[12], p[15]);
624 word3_muladd(&w2, &w1, &w0, ws[13], p[14]);
625 word3_muladd(&w2, &w1, &w0, ws[14], p[13]);
626 word3_muladd(&w2, &w1, &w0, ws[15], p[12]);
627 word3_add(&w2, &w1, &w0, z[27]);
628 ws[11] = w0;
629 w0 = w1; w1 = w2; w2 = 0;
630 word3_muladd(&w2, &w1, &w0, ws[13], p[15]);
631 word3_muladd(&w2, &w1, &w0, ws[14], p[14]);
632 word3_muladd(&w2, &w1, &w0, ws[15], p[13]);
633 word3_add(&w2, &w1, &w0, z[28]);
634 ws[12] = w0;
635 w0 = w1; w1 = w2; w2 = 0;
636 word3_muladd(&w2, &w1, &w0, ws[14], p[15]);
637 word3_muladd(&w2, &w1, &w0, ws[15], p[14]);
638 word3_add(&w2, &w1, &w0, z[29]);
639 ws[13] = w0;
640 w0 = w1; w1 = w2; w2 = 0;
641 word3_muladd(&w2, &w1, &w0, ws[15], p[15]);
642 word3_add(&w2, &w1, &w0, z[30]);
643 ws[14] = w0;
644 w0 = w1; w1 = w2; w2 = 0;
645 word3_add(&w2, &w1, &w0, z[31]);
646 ws[15] = w0;
647 w0 = w1; w1 = w2; w2 = 0;
648 word3_add(&w2, &w1, &w0, z[33]);
649 ws[16] = w0;
650 ws[17] = w1;
651 word borrow = bigint_sub3(ws + 16 + 1, ws, 16 + 1, p, 16);
652 CT::conditional_copy_mem(borrow, z, ws, ws + 17, 17);
653 clear_mem(z + 16, 2*(16+1) - 16);
654 }
void word3_add(word *w2, word *w1, word *w0, word x)
Definition mp_asmi.h:500

References bigint_sub3(), clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), and word3_muladd().

◆ bigint_monty_redc_16() [2/2]

void Botan::bigint_monty_redc_16 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_monty_redc_24() [1/2]

void Botan::bigint_monty_redc_24 ( word  z[],
const word  p[24],
word  p_dash,
word  ws[] 
)

Definition at line 656 of file mp_monty_n.cpp.

657 {
658 word w2 = 0, w1 = 0, w0 = 0;
659 w0 = z[0];
660 ws[0] = w0 * p_dash;
661 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
662 w0 = w1; w1 = w2; w2 = 0;
663 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
664 word3_add(&w2, &w1, &w0, z[1]);
665 ws[1] = w0 * p_dash;
666 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
667 w0 = w1; w1 = w2; w2 = 0;
668 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
669 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
670 word3_add(&w2, &w1, &w0, z[2]);
671 ws[2] = w0 * p_dash;
672 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
673 w0 = w1; w1 = w2; w2 = 0;
674 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
675 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
676 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
677 word3_add(&w2, &w1, &w0, z[3]);
678 ws[3] = w0 * p_dash;
679 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
680 w0 = w1; w1 = w2; w2 = 0;
681 word3_muladd(&w2, &w1, &w0, ws[0], p[4]);
682 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
683 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
684 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
685 word3_add(&w2, &w1, &w0, z[4]);
686 ws[4] = w0 * p_dash;
687 word3_muladd(&w2, &w1, &w0, ws[4], p[0]);
688 w0 = w1; w1 = w2; w2 = 0;
689 word3_muladd(&w2, &w1, &w0, ws[0], p[5]);
690 word3_muladd(&w2, &w1, &w0, ws[1], p[4]);
691 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
692 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
693 word3_muladd(&w2, &w1, &w0, ws[4], p[1]);
694 word3_add(&w2, &w1, &w0, z[5]);
695 ws[5] = w0 * p_dash;
696 word3_muladd(&w2, &w1, &w0, ws[5], p[0]);
697 w0 = w1; w1 = w2; w2 = 0;
698 word3_muladd(&w2, &w1, &w0, ws[0], p[6]);
699 word3_muladd(&w2, &w1, &w0, ws[1], p[5]);
700 word3_muladd(&w2, &w1, &w0, ws[2], p[4]);
701 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
702 word3_muladd(&w2, &w1, &w0, ws[4], p[2]);
703 word3_muladd(&w2, &w1, &w0, ws[5], p[1]);
704 word3_add(&w2, &w1, &w0, z[6]);
705 ws[6] = w0 * p_dash;
706 word3_muladd(&w2, &w1, &w0, ws[6], p[0]);
707 w0 = w1; w1 = w2; w2 = 0;
708 word3_muladd(&w2, &w1, &w0, ws[0], p[7]);
709 word3_muladd(&w2, &w1, &w0, ws[1], p[6]);
710 word3_muladd(&w2, &w1, &w0, ws[2], p[5]);
711 word3_muladd(&w2, &w1, &w0, ws[3], p[4]);
712 word3_muladd(&w2, &w1, &w0, ws[4], p[3]);
713 word3_muladd(&w2, &w1, &w0, ws[5], p[2]);
714 word3_muladd(&w2, &w1, &w0, ws[6], p[1]);
715 word3_add(&w2, &w1, &w0, z[7]);
716 ws[7] = w0 * p_dash;
717 word3_muladd(&w2, &w1, &w0, ws[7], p[0]);
718 w0 = w1; w1 = w2; w2 = 0;
719 word3_muladd(&w2, &w1, &w0, ws[0], p[8]);
720 word3_muladd(&w2, &w1, &w0, ws[1], p[7]);
721 word3_muladd(&w2, &w1, &w0, ws[2], p[6]);
722 word3_muladd(&w2, &w1, &w0, ws[3], p[5]);
723 word3_muladd(&w2, &w1, &w0, ws[4], p[4]);
724 word3_muladd(&w2, &w1, &w0, ws[5], p[3]);
725 word3_muladd(&w2, &w1, &w0, ws[6], p[2]);
726 word3_muladd(&w2, &w1, &w0, ws[7], p[1]);
727 word3_add(&w2, &w1, &w0, z[8]);
728 ws[8] = w0 * p_dash;
729 word3_muladd(&w2, &w1, &w0, ws[8], p[0]);
730 w0 = w1; w1 = w2; w2 = 0;
731 word3_muladd(&w2, &w1, &w0, ws[0], p[9]);
732 word3_muladd(&w2, &w1, &w0, ws[1], p[8]);
733 word3_muladd(&w2, &w1, &w0, ws[2], p[7]);
734 word3_muladd(&w2, &w1, &w0, ws[3], p[6]);
735 word3_muladd(&w2, &w1, &w0, ws[4], p[5]);
736 word3_muladd(&w2, &w1, &w0, ws[5], p[4]);
737 word3_muladd(&w2, &w1, &w0, ws[6], p[3]);
738 word3_muladd(&w2, &w1, &w0, ws[7], p[2]);
739 word3_muladd(&w2, &w1, &w0, ws[8], p[1]);
740 word3_add(&w2, &w1, &w0, z[9]);
741 ws[9] = w0 * p_dash;
742 word3_muladd(&w2, &w1, &w0, ws[9], p[0]);
743 w0 = w1; w1 = w2; w2 = 0;
744 word3_muladd(&w2, &w1, &w0, ws[0], p[10]);
745 word3_muladd(&w2, &w1, &w0, ws[1], p[9]);
746 word3_muladd(&w2, &w1, &w0, ws[2], p[8]);
747 word3_muladd(&w2, &w1, &w0, ws[3], p[7]);
748 word3_muladd(&w2, &w1, &w0, ws[4], p[6]);
749 word3_muladd(&w2, &w1, &w0, ws[5], p[5]);
750 word3_muladd(&w2, &w1, &w0, ws[6], p[4]);
751 word3_muladd(&w2, &w1, &w0, ws[7], p[3]);
752 word3_muladd(&w2, &w1, &w0, ws[8], p[2]);
753 word3_muladd(&w2, &w1, &w0, ws[9], p[1]);
754 word3_add(&w2, &w1, &w0, z[10]);
755 ws[10] = w0 * p_dash;
756 word3_muladd(&w2, &w1, &w0, ws[10], p[0]);
757 w0 = w1; w1 = w2; w2 = 0;
758 word3_muladd(&w2, &w1, &w0, ws[0], p[11]);
759 word3_muladd(&w2, &w1, &w0, ws[1], p[10]);
760 word3_muladd(&w2, &w1, &w0, ws[2], p[9]);
761 word3_muladd(&w2, &w1, &w0, ws[3], p[8]);
762 word3_muladd(&w2, &w1, &w0, ws[4], p[7]);
763 word3_muladd(&w2, &w1, &w0, ws[5], p[6]);
764 word3_muladd(&w2, &w1, &w0, ws[6], p[5]);
765 word3_muladd(&w2, &w1, &w0, ws[7], p[4]);
766 word3_muladd(&w2, &w1, &w0, ws[8], p[3]);
767 word3_muladd(&w2, &w1, &w0, ws[9], p[2]);
768 word3_muladd(&w2, &w1, &w0, ws[10], p[1]);
769 word3_add(&w2, &w1, &w0, z[11]);
770 ws[11] = w0 * p_dash;
771 word3_muladd(&w2, &w1, &w0, ws[11], p[0]);
772 w0 = w1; w1 = w2; w2 = 0;
773 word3_muladd(&w2, &w1, &w0, ws[0], p[12]);
774 word3_muladd(&w2, &w1, &w0, ws[1], p[11]);
775 word3_muladd(&w2, &w1, &w0, ws[2], p[10]);
776 word3_muladd(&w2, &w1, &w0, ws[3], p[9]);
777 word3_muladd(&w2, &w1, &w0, ws[4], p[8]);
778 word3_muladd(&w2, &w1, &w0, ws[5], p[7]);
779 word3_muladd(&w2, &w1, &w0, ws[6], p[6]);
780 word3_muladd(&w2, &w1, &w0, ws[7], p[5]);
781 word3_muladd(&w2, &w1, &w0, ws[8], p[4]);
782 word3_muladd(&w2, &w1, &w0, ws[9], p[3]);
783 word3_muladd(&w2, &w1, &w0, ws[10], p[2]);
784 word3_muladd(&w2, &w1, &w0, ws[11], p[1]);
785 word3_add(&w2, &w1, &w0, z[12]);
786 ws[12] = w0 * p_dash;
787 word3_muladd(&w2, &w1, &w0, ws[12], p[0]);
788 w0 = w1; w1 = w2; w2 = 0;
789 word3_muladd(&w2, &w1, &w0, ws[0], p[13]);
790 word3_muladd(&w2, &w1, &w0, ws[1], p[12]);
791 word3_muladd(&w2, &w1, &w0, ws[2], p[11]);
792 word3_muladd(&w2, &w1, &w0, ws[3], p[10]);
793 word3_muladd(&w2, &w1, &w0, ws[4], p[9]);
794 word3_muladd(&w2, &w1, &w0, ws[5], p[8]);
795 word3_muladd(&w2, &w1, &w0, ws[6], p[7]);
796 word3_muladd(&w2, &w1, &w0, ws[7], p[6]);
797 word3_muladd(&w2, &w1, &w0, ws[8], p[5]);
798 word3_muladd(&w2, &w1, &w0, ws[9], p[4]);
799 word3_muladd(&w2, &w1, &w0, ws[10], p[3]);
800 word3_muladd(&w2, &w1, &w0, ws[11], p[2]);
801 word3_muladd(&w2, &w1, &w0, ws[12], p[1]);
802 word3_add(&w2, &w1, &w0, z[13]);
803 ws[13] = w0 * p_dash;
804 word3_muladd(&w2, &w1, &w0, ws[13], p[0]);
805 w0 = w1; w1 = w2; w2 = 0;
806 word3_muladd(&w2, &w1, &w0, ws[0], p[14]);
807 word3_muladd(&w2, &w1, &w0, ws[1], p[13]);
808 word3_muladd(&w2, &w1, &w0, ws[2], p[12]);
809 word3_muladd(&w2, &w1, &w0, ws[3], p[11]);
810 word3_muladd(&w2, &w1, &w0, ws[4], p[10]);
811 word3_muladd(&w2, &w1, &w0, ws[5], p[9]);
812 word3_muladd(&w2, &w1, &w0, ws[6], p[8]);
813 word3_muladd(&w2, &w1, &w0, ws[7], p[7]);
814 word3_muladd(&w2, &w1, &w0, ws[8], p[6]);
815 word3_muladd(&w2, &w1, &w0, ws[9], p[5]);
816 word3_muladd(&w2, &w1, &w0, ws[10], p[4]);
817 word3_muladd(&w2, &w1, &w0, ws[11], p[3]);
818 word3_muladd(&w2, &w1, &w0, ws[12], p[2]);
819 word3_muladd(&w2, &w1, &w0, ws[13], p[1]);
820 word3_add(&w2, &w1, &w0, z[14]);
821 ws[14] = w0 * p_dash;
822 word3_muladd(&w2, &w1, &w0, ws[14], p[0]);
823 w0 = w1; w1 = w2; w2 = 0;
824 word3_muladd(&w2, &w1, &w0, ws[0], p[15]);
825 word3_muladd(&w2, &w1, &w0, ws[1], p[14]);
826 word3_muladd(&w2, &w1, &w0, ws[2], p[13]);
827 word3_muladd(&w2, &w1, &w0, ws[3], p[12]);
828 word3_muladd(&w2, &w1, &w0, ws[4], p[11]);
829 word3_muladd(&w2, &w1, &w0, ws[5], p[10]);
830 word3_muladd(&w2, &w1, &w0, ws[6], p[9]);
831 word3_muladd(&w2, &w1, &w0, ws[7], p[8]);
832 word3_muladd(&w2, &w1, &w0, ws[8], p[7]);
833 word3_muladd(&w2, &w1, &w0, ws[9], p[6]);
834 word3_muladd(&w2, &w1, &w0, ws[10], p[5]);
835 word3_muladd(&w2, &w1, &w0, ws[11], p[4]);
836 word3_muladd(&w2, &w1, &w0, ws[12], p[3]);
837 word3_muladd(&w2, &w1, &w0, ws[13], p[2]);
838 word3_muladd(&w2, &w1, &w0, ws[14], p[1]);
839 word3_add(&w2, &w1, &w0, z[15]);
840 ws[15] = w0 * p_dash;
841 word3_muladd(&w2, &w1, &w0, ws[15], p[0]);
842 w0 = w1; w1 = w2; w2 = 0;
843 word3_muladd(&w2, &w1, &w0, ws[0], p[16]);
844 word3_muladd(&w2, &w1, &w0, ws[1], p[15]);
845 word3_muladd(&w2, &w1, &w0, ws[2], p[14]);
846 word3_muladd(&w2, &w1, &w0, ws[3], p[13]);
847 word3_muladd(&w2, &w1, &w0, ws[4], p[12]);
848 word3_muladd(&w2, &w1, &w0, ws[5], p[11]);
849 word3_muladd(&w2, &w1, &w0, ws[6], p[10]);
850 word3_muladd(&w2, &w1, &w0, ws[7], p[9]);
851 word3_muladd(&w2, &w1, &w0, ws[8], p[8]);
852 word3_muladd(&w2, &w1, &w0, ws[9], p[7]);
853 word3_muladd(&w2, &w1, &w0, ws[10], p[6]);
854 word3_muladd(&w2, &w1, &w0, ws[11], p[5]);
855 word3_muladd(&w2, &w1, &w0, ws[12], p[4]);
856 word3_muladd(&w2, &w1, &w0, ws[13], p[3]);
857 word3_muladd(&w2, &w1, &w0, ws[14], p[2]);
858 word3_muladd(&w2, &w1, &w0, ws[15], p[1]);
859 word3_add(&w2, &w1, &w0, z[16]);
860 ws[16] = w0 * p_dash;
861 word3_muladd(&w2, &w1, &w0, ws[16], p[0]);
862 w0 = w1; w1 = w2; w2 = 0;
863 word3_muladd(&w2, &w1, &w0, ws[0], p[17]);
864 word3_muladd(&w2, &w1, &w0, ws[1], p[16]);
865 word3_muladd(&w2, &w1, &w0, ws[2], p[15]);
866 word3_muladd(&w2, &w1, &w0, ws[3], p[14]);
867 word3_muladd(&w2, &w1, &w0, ws[4], p[13]);
868 word3_muladd(&w2, &w1, &w0, ws[5], p[12]);
869 word3_muladd(&w2, &w1, &w0, ws[6], p[11]);
870 word3_muladd(&w2, &w1, &w0, ws[7], p[10]);
871 word3_muladd(&w2, &w1, &w0, ws[8], p[9]);
872 word3_muladd(&w2, &w1, &w0, ws[9], p[8]);
873 word3_muladd(&w2, &w1, &w0, ws[10], p[7]);
874 word3_muladd(&w2, &w1, &w0, ws[11], p[6]);
875 word3_muladd(&w2, &w1, &w0, ws[12], p[5]);
876 word3_muladd(&w2, &w1, &w0, ws[13], p[4]);
877 word3_muladd(&w2, &w1, &w0, ws[14], p[3]);
878 word3_muladd(&w2, &w1, &w0, ws[15], p[2]);
879 word3_muladd(&w2, &w1, &w0, ws[16], p[1]);
880 word3_add(&w2, &w1, &w0, z[17]);
881 ws[17] = w0 * p_dash;
882 word3_muladd(&w2, &w1, &w0, ws[17], p[0]);
883 w0 = w1; w1 = w2; w2 = 0;
884 word3_muladd(&w2, &w1, &w0, ws[0], p[18]);
885 word3_muladd(&w2, &w1, &w0, ws[1], p[17]);
886 word3_muladd(&w2, &w1, &w0, ws[2], p[16]);
887 word3_muladd(&w2, &w1, &w0, ws[3], p[15]);
888 word3_muladd(&w2, &w1, &w0, ws[4], p[14]);
889 word3_muladd(&w2, &w1, &w0, ws[5], p[13]);
890 word3_muladd(&w2, &w1, &w0, ws[6], p[12]);
891 word3_muladd(&w2, &w1, &w0, ws[7], p[11]);
892 word3_muladd(&w2, &w1, &w0, ws[8], p[10]);
893 word3_muladd(&w2, &w1, &w0, ws[9], p[9]);
894 word3_muladd(&w2, &w1, &w0, ws[10], p[8]);
895 word3_muladd(&w2, &w1, &w0, ws[11], p[7]);
896 word3_muladd(&w2, &w1, &w0, ws[12], p[6]);
897 word3_muladd(&w2, &w1, &w0, ws[13], p[5]);
898 word3_muladd(&w2, &w1, &w0, ws[14], p[4]);
899 word3_muladd(&w2, &w1, &w0, ws[15], p[3]);
900 word3_muladd(&w2, &w1, &w0, ws[16], p[2]);
901 word3_muladd(&w2, &w1, &w0, ws[17], p[1]);
902 word3_add(&w2, &w1, &w0, z[18]);
903 ws[18] = w0 * p_dash;
904 word3_muladd(&w2, &w1, &w0, ws[18], p[0]);
905 w0 = w1; w1 = w2; w2 = 0;
906 word3_muladd(&w2, &w1, &w0, ws[0], p[19]);
907 word3_muladd(&w2, &w1, &w0, ws[1], p[18]);
908 word3_muladd(&w2, &w1, &w0, ws[2], p[17]);
909 word3_muladd(&w2, &w1, &w0, ws[3], p[16]);
910 word3_muladd(&w2, &w1, &w0, ws[4], p[15]);
911 word3_muladd(&w2, &w1, &w0, ws[5], p[14]);
912 word3_muladd(&w2, &w1, &w0, ws[6], p[13]);
913 word3_muladd(&w2, &w1, &w0, ws[7], p[12]);
914 word3_muladd(&w2, &w1, &w0, ws[8], p[11]);
915 word3_muladd(&w2, &w1, &w0, ws[9], p[10]);
916 word3_muladd(&w2, &w1, &w0, ws[10], p[9]);
917 word3_muladd(&w2, &w1, &w0, ws[11], p[8]);
918 word3_muladd(&w2, &w1, &w0, ws[12], p[7]);
919 word3_muladd(&w2, &w1, &w0, ws[13], p[6]);
920 word3_muladd(&w2, &w1, &w0, ws[14], p[5]);
921 word3_muladd(&w2, &w1, &w0, ws[15], p[4]);
922 word3_muladd(&w2, &w1, &w0, ws[16], p[3]);
923 word3_muladd(&w2, &w1, &w0, ws[17], p[2]);
924 word3_muladd(&w2, &w1, &w0, ws[18], p[1]);
925 word3_add(&w2, &w1, &w0, z[19]);
926 ws[19] = w0 * p_dash;
927 word3_muladd(&w2, &w1, &w0, ws[19], p[0]);
928 w0 = w1; w1 = w2; w2 = 0;
929 word3_muladd(&w2, &w1, &w0, ws[0], p[20]);
930 word3_muladd(&w2, &w1, &w0, ws[1], p[19]);
931 word3_muladd(&w2, &w1, &w0, ws[2], p[18]);
932 word3_muladd(&w2, &w1, &w0, ws[3], p[17]);
933 word3_muladd(&w2, &w1, &w0, ws[4], p[16]);
934 word3_muladd(&w2, &w1, &w0, ws[5], p[15]);
935 word3_muladd(&w2, &w1, &w0, ws[6], p[14]);
936 word3_muladd(&w2, &w1, &w0, ws[7], p[13]);
937 word3_muladd(&w2, &w1, &w0, ws[8], p[12]);
938 word3_muladd(&w2, &w1, &w0, ws[9], p[11]);
939 word3_muladd(&w2, &w1, &w0, ws[10], p[10]);
940 word3_muladd(&w2, &w1, &w0, ws[11], p[9]);
941 word3_muladd(&w2, &w1, &w0, ws[12], p[8]);
942 word3_muladd(&w2, &w1, &w0, ws[13], p[7]);
943 word3_muladd(&w2, &w1, &w0, ws[14], p[6]);
944 word3_muladd(&w2, &w1, &w0, ws[15], p[5]);
945 word3_muladd(&w2, &w1, &w0, ws[16], p[4]);
946 word3_muladd(&w2, &w1, &w0, ws[17], p[3]);
947 word3_muladd(&w2, &w1, &w0, ws[18], p[2]);
948 word3_muladd(&w2, &w1, &w0, ws[19], p[1]);
949 word3_add(&w2, &w1, &w0, z[20]);
950 ws[20] = w0 * p_dash;
951 word3_muladd(&w2, &w1, &w0, ws[20], p[0]);
952 w0 = w1; w1 = w2; w2 = 0;
953 word3_muladd(&w2, &w1, &w0, ws[0], p[21]);
954 word3_muladd(&w2, &w1, &w0, ws[1], p[20]);
955 word3_muladd(&w2, &w1, &w0, ws[2], p[19]);
956 word3_muladd(&w2, &w1, &w0, ws[3], p[18]);
957 word3_muladd(&w2, &w1, &w0, ws[4], p[17]);
958 word3_muladd(&w2, &w1, &w0, ws[5], p[16]);
959 word3_muladd(&w2, &w1, &w0, ws[6], p[15]);
960 word3_muladd(&w2, &w1, &w0, ws[7], p[14]);
961 word3_muladd(&w2, &w1, &w0, ws[8], p[13]);
962 word3_muladd(&w2, &w1, &w0, ws[9], p[12]);
963 word3_muladd(&w2, &w1, &w0, ws[10], p[11]);
964 word3_muladd(&w2, &w1, &w0, ws[11], p[10]);
965 word3_muladd(&w2, &w1, &w0, ws[12], p[9]);
966 word3_muladd(&w2, &w1, &w0, ws[13], p[8]);
967 word3_muladd(&w2, &w1, &w0, ws[14], p[7]);
968 word3_muladd(&w2, &w1, &w0, ws[15], p[6]);
969 word3_muladd(&w2, &w1, &w0, ws[16], p[5]);
970 word3_muladd(&w2, &w1, &w0, ws[17], p[4]);
971 word3_muladd(&w2, &w1, &w0, ws[18], p[3]);
972 word3_muladd(&w2, &w1, &w0, ws[19], p[2]);
973 word3_muladd(&w2, &w1, &w0, ws[20], p[1]);
974 word3_add(&w2, &w1, &w0, z[21]);
975 ws[21] = w0 * p_dash;
976 word3_muladd(&w2, &w1, &w0, ws[21], p[0]);
977 w0 = w1; w1 = w2; w2 = 0;
978 word3_muladd(&w2, &w1, &w0, ws[0], p[22]);
979 word3_muladd(&w2, &w1, &w0, ws[1], p[21]);
980 word3_muladd(&w2, &w1, &w0, ws[2], p[20]);
981 word3_muladd(&w2, &w1, &w0, ws[3], p[19]);
982 word3_muladd(&w2, &w1, &w0, ws[4], p[18]);
983 word3_muladd(&w2, &w1, &w0, ws[5], p[17]);
984 word3_muladd(&w2, &w1, &w0, ws[6], p[16]);
985 word3_muladd(&w2, &w1, &w0, ws[7], p[15]);
986 word3_muladd(&w2, &w1, &w0, ws[8], p[14]);
987 word3_muladd(&w2, &w1, &w0, ws[9], p[13]);
988 word3_muladd(&w2, &w1, &w0, ws[10], p[12]);
989 word3_muladd(&w2, &w1, &w0, ws[11], p[11]);
990 word3_muladd(&w2, &w1, &w0, ws[12], p[10]);
991 word3_muladd(&w2, &w1, &w0, ws[13], p[9]);
992 word3_muladd(&w2, &w1, &w0, ws[14], p[8]);
993 word3_muladd(&w2, &w1, &w0, ws[15], p[7]);
994 word3_muladd(&w2, &w1, &w0, ws[16], p[6]);
995 word3_muladd(&w2, &w1, &w0, ws[17], p[5]);
996 word3_muladd(&w2, &w1, &w0, ws[18], p[4]);
997 word3_muladd(&w2, &w1, &w0, ws[19], p[3]);
998 word3_muladd(&w2, &w1, &w0, ws[20], p[2]);
999 word3_muladd(&w2, &w1, &w0, ws[21], p[1]);
1000 word3_add(&w2, &w1, &w0, z[22]);
1001 ws[22] = w0 * p_dash;
1002 word3_muladd(&w2, &w1, &w0, ws[22], p[0]);
1003 w0 = w1; w1 = w2; w2 = 0;
1004 word3_muladd(&w2, &w1, &w0, ws[0], p[23]);
1005 word3_muladd(&w2, &w1, &w0, ws[1], p[22]);
1006 word3_muladd(&w2, &w1, &w0, ws[2], p[21]);
1007 word3_muladd(&w2, &w1, &w0, ws[3], p[20]);
1008 word3_muladd(&w2, &w1, &w0, ws[4], p[19]);
1009 word3_muladd(&w2, &w1, &w0, ws[5], p[18]);
1010 word3_muladd(&w2, &w1, &w0, ws[6], p[17]);
1011 word3_muladd(&w2, &w1, &w0, ws[7], p[16]);
1012 word3_muladd(&w2, &w1, &w0, ws[8], p[15]);
1013 word3_muladd(&w2, &w1, &w0, ws[9], p[14]);
1014 word3_muladd(&w2, &w1, &w0, ws[10], p[13]);
1015 word3_muladd(&w2, &w1, &w0, ws[11], p[12]);
1016 word3_muladd(&w2, &w1, &w0, ws[12], p[11]);
1017 word3_muladd(&w2, &w1, &w0, ws[13], p[10]);
1018 word3_muladd(&w2, &w1, &w0, ws[14], p[9]);
1019 word3_muladd(&w2, &w1, &w0, ws[15], p[8]);
1020 word3_muladd(&w2, &w1, &w0, ws[16], p[7]);
1021 word3_muladd(&w2, &w1, &w0, ws[17], p[6]);
1022 word3_muladd(&w2, &w1, &w0, ws[18], p[5]);
1023 word3_muladd(&w2, &w1, &w0, ws[19], p[4]);
1024 word3_muladd(&w2, &w1, &w0, ws[20], p[3]);
1025 word3_muladd(&w2, &w1, &w0, ws[21], p[2]);
1026 word3_muladd(&w2, &w1, &w0, ws[22], p[1]);
1027 word3_add(&w2, &w1, &w0, z[23]);
1028 ws[23] = w0 * p_dash;
1029 word3_muladd(&w2, &w1, &w0, ws[23], p[0]);
1030 w0 = w1; w1 = w2; w2 = 0;
1031 word3_muladd(&w2, &w1, &w0, ws[1], p[23]);
1032 word3_muladd(&w2, &w1, &w0, ws[2], p[22]);
1033 word3_muladd(&w2, &w1, &w0, ws[3], p[21]);
1034 word3_muladd(&w2, &w1, &w0, ws[4], p[20]);
1035 word3_muladd(&w2, &w1, &w0, ws[5], p[19]);
1036 word3_muladd(&w2, &w1, &w0, ws[6], p[18]);
1037 word3_muladd(&w2, &w1, &w0, ws[7], p[17]);
1038 word3_muladd(&w2, &w1, &w0, ws[8], p[16]);
1039 word3_muladd(&w2, &w1, &w0, ws[9], p[15]);
1040 word3_muladd(&w2, &w1, &w0, ws[10], p[14]);
1041 word3_muladd(&w2, &w1, &w0, ws[11], p[13]);
1042 word3_muladd(&w2, &w1, &w0, ws[12], p[12]);
1043 word3_muladd(&w2, &w1, &w0, ws[13], p[11]);
1044 word3_muladd(&w2, &w1, &w0, ws[14], p[10]);
1045 word3_muladd(&w2, &w1, &w0, ws[15], p[9]);
1046 word3_muladd(&w2, &w1, &w0, ws[16], p[8]);
1047 word3_muladd(&w2, &w1, &w0, ws[17], p[7]);
1048 word3_muladd(&w2, &w1, &w0, ws[18], p[6]);
1049 word3_muladd(&w2, &w1, &w0, ws[19], p[5]);
1050 word3_muladd(&w2, &w1, &w0, ws[20], p[4]);
1051 word3_muladd(&w2, &w1, &w0, ws[21], p[3]);
1052 word3_muladd(&w2, &w1, &w0, ws[22], p[2]);
1053 word3_muladd(&w2, &w1, &w0, ws[23], p[1]);
1054 word3_add(&w2, &w1, &w0, z[24]);
1055 ws[0] = w0;
1056 w0 = w1; w1 = w2; w2 = 0;
1057 word3_muladd(&w2, &w1, &w0, ws[2], p[23]);
1058 word3_muladd(&w2, &w1, &w0, ws[3], p[22]);
1059 word3_muladd(&w2, &w1, &w0, ws[4], p[21]);
1060 word3_muladd(&w2, &w1, &w0, ws[5], p[20]);
1061 word3_muladd(&w2, &w1, &w0, ws[6], p[19]);
1062 word3_muladd(&w2, &w1, &w0, ws[7], p[18]);
1063 word3_muladd(&w2, &w1, &w0, ws[8], p[17]);
1064 word3_muladd(&w2, &w1, &w0, ws[9], p[16]);
1065 word3_muladd(&w2, &w1, &w0, ws[10], p[15]);
1066 word3_muladd(&w2, &w1, &w0, ws[11], p[14]);
1067 word3_muladd(&w2, &w1, &w0, ws[12], p[13]);
1068 word3_muladd(&w2, &w1, &w0, ws[13], p[12]);
1069 word3_muladd(&w2, &w1, &w0, ws[14], p[11]);
1070 word3_muladd(&w2, &w1, &w0, ws[15], p[10]);
1071 word3_muladd(&w2, &w1, &w0, ws[16], p[9]);
1072 word3_muladd(&w2, &w1, &w0, ws[17], p[8]);
1073 word3_muladd(&w2, &w1, &w0, ws[18], p[7]);
1074 word3_muladd(&w2, &w1, &w0, ws[19], p[6]);
1075 word3_muladd(&w2, &w1, &w0, ws[20], p[5]);
1076 word3_muladd(&w2, &w1, &w0, ws[21], p[4]);
1077 word3_muladd(&w2, &w1, &w0, ws[22], p[3]);
1078 word3_muladd(&w2, &w1, &w0, ws[23], p[2]);
1079 word3_add(&w2, &w1, &w0, z[25]);
1080 ws[1] = w0;
1081 w0 = w1; w1 = w2; w2 = 0;
1082 word3_muladd(&w2, &w1, &w0, ws[3], p[23]);
1083 word3_muladd(&w2, &w1, &w0, ws[4], p[22]);
1084 word3_muladd(&w2, &w1, &w0, ws[5], p[21]);
1085 word3_muladd(&w2, &w1, &w0, ws[6], p[20]);
1086 word3_muladd(&w2, &w1, &w0, ws[7], p[19]);
1087 word3_muladd(&w2, &w1, &w0, ws[8], p[18]);
1088 word3_muladd(&w2, &w1, &w0, ws[9], p[17]);
1089 word3_muladd(&w2, &w1, &w0, ws[10], p[16]);
1090 word3_muladd(&w2, &w1, &w0, ws[11], p[15]);
1091 word3_muladd(&w2, &w1, &w0, ws[12], p[14]);
1092 word3_muladd(&w2, &w1, &w0, ws[13], p[13]);
1093 word3_muladd(&w2, &w1, &w0, ws[14], p[12]);
1094 word3_muladd(&w2, &w1, &w0, ws[15], p[11]);
1095 word3_muladd(&w2, &w1, &w0, ws[16], p[10]);
1096 word3_muladd(&w2, &w1, &w0, ws[17], p[9]);
1097 word3_muladd(&w2, &w1, &w0, ws[18], p[8]);
1098 word3_muladd(&w2, &w1, &w0, ws[19], p[7]);
1099 word3_muladd(&w2, &w1, &w0, ws[20], p[6]);
1100 word3_muladd(&w2, &w1, &w0, ws[21], p[5]);
1101 word3_muladd(&w2, &w1, &w0, ws[22], p[4]);
1102 word3_muladd(&w2, &w1, &w0, ws[23], p[3]);
1103 word3_add(&w2, &w1, &w0, z[26]);
1104 ws[2] = w0;
1105 w0 = w1; w1 = w2; w2 = 0;
1106 word3_muladd(&w2, &w1, &w0, ws[4], p[23]);
1107 word3_muladd(&w2, &w1, &w0, ws[5], p[22]);
1108 word3_muladd(&w2, &w1, &w0, ws[6], p[21]);
1109 word3_muladd(&w2, &w1, &w0, ws[7], p[20]);
1110 word3_muladd(&w2, &w1, &w0, ws[8], p[19]);
1111 word3_muladd(&w2, &w1, &w0, ws[9], p[18]);
1112 word3_muladd(&w2, &w1, &w0, ws[10], p[17]);
1113 word3_muladd(&w2, &w1, &w0, ws[11], p[16]);
1114 word3_muladd(&w2, &w1, &w0, ws[12], p[15]);
1115 word3_muladd(&w2, &w1, &w0, ws[13], p[14]);
1116 word3_muladd(&w2, &w1, &w0, ws[14], p[13]);
1117 word3_muladd(&w2, &w1, &w0, ws[15], p[12]);
1118 word3_muladd(&w2, &w1, &w0, ws[16], p[11]);
1119 word3_muladd(&w2, &w1, &w0, ws[17], p[10]);
1120 word3_muladd(&w2, &w1, &w0, ws[18], p[9]);
1121 word3_muladd(&w2, &w1, &w0, ws[19], p[8]);
1122 word3_muladd(&w2, &w1, &w0, ws[20], p[7]);
1123 word3_muladd(&w2, &w1, &w0, ws[21], p[6]);
1124 word3_muladd(&w2, &w1, &w0, ws[22], p[5]);
1125 word3_muladd(&w2, &w1, &w0, ws[23], p[4]);
1126 word3_add(&w2, &w1, &w0, z[27]);
1127 ws[3] = w0;
1128 w0 = w1; w1 = w2; w2 = 0;
1129 word3_muladd(&w2, &w1, &w0, ws[5], p[23]);
1130 word3_muladd(&w2, &w1, &w0, ws[6], p[22]);
1131 word3_muladd(&w2, &w1, &w0, ws[7], p[21]);
1132 word3_muladd(&w2, &w1, &w0, ws[8], p[20]);
1133 word3_muladd(&w2, &w1, &w0, ws[9], p[19]);
1134 word3_muladd(&w2, &w1, &w0, ws[10], p[18]);
1135 word3_muladd(&w2, &w1, &w0, ws[11], p[17]);
1136 word3_muladd(&w2, &w1, &w0, ws[12], p[16]);
1137 word3_muladd(&w2, &w1, &w0, ws[13], p[15]);
1138 word3_muladd(&w2, &w1, &w0, ws[14], p[14]);
1139 word3_muladd(&w2, &w1, &w0, ws[15], p[13]);
1140 word3_muladd(&w2, &w1, &w0, ws[16], p[12]);
1141 word3_muladd(&w2, &w1, &w0, ws[17], p[11]);
1142 word3_muladd(&w2, &w1, &w0, ws[18], p[10]);
1143 word3_muladd(&w2, &w1, &w0, ws[19], p[9]);
1144 word3_muladd(&w2, &w1, &w0, ws[20], p[8]);
1145 word3_muladd(&w2, &w1, &w0, ws[21], p[7]);
1146 word3_muladd(&w2, &w1, &w0, ws[22], p[6]);
1147 word3_muladd(&w2, &w1, &w0, ws[23], p[5]);
1148 word3_add(&w2, &w1, &w0, z[28]);
1149 ws[4] = w0;
1150 w0 = w1; w1 = w2; w2 = 0;
1151 word3_muladd(&w2, &w1, &w0, ws[6], p[23]);
1152 word3_muladd(&w2, &w1, &w0, ws[7], p[22]);
1153 word3_muladd(&w2, &w1, &w0, ws[8], p[21]);
1154 word3_muladd(&w2, &w1, &w0, ws[9], p[20]);
1155 word3_muladd(&w2, &w1, &w0, ws[10], p[19]);
1156 word3_muladd(&w2, &w1, &w0, ws[11], p[18]);
1157 word3_muladd(&w2, &w1, &w0, ws[12], p[17]);
1158 word3_muladd(&w2, &w1, &w0, ws[13], p[16]);
1159 word3_muladd(&w2, &w1, &w0, ws[14], p[15]);
1160 word3_muladd(&w2, &w1, &w0, ws[15], p[14]);
1161 word3_muladd(&w2, &w1, &w0, ws[16], p[13]);
1162 word3_muladd(&w2, &w1, &w0, ws[17], p[12]);
1163 word3_muladd(&w2, &w1, &w0, ws[18], p[11]);
1164 word3_muladd(&w2, &w1, &w0, ws[19], p[10]);
1165 word3_muladd(&w2, &w1, &w0, ws[20], p[9]);
1166 word3_muladd(&w2, &w1, &w0, ws[21], p[8]);
1167 word3_muladd(&w2, &w1, &w0, ws[22], p[7]);
1168 word3_muladd(&w2, &w1, &w0, ws[23], p[6]);
1169 word3_add(&w2, &w1, &w0, z[29]);
1170 ws[5] = w0;
1171 w0 = w1; w1 = w2; w2 = 0;
1172 word3_muladd(&w2, &w1, &w0, ws[7], p[23]);
1173 word3_muladd(&w2, &w1, &w0, ws[8], p[22]);
1174 word3_muladd(&w2, &w1, &w0, ws[9], p[21]);
1175 word3_muladd(&w2, &w1, &w0, ws[10], p[20]);
1176 word3_muladd(&w2, &w1, &w0, ws[11], p[19]);
1177 word3_muladd(&w2, &w1, &w0, ws[12], p[18]);
1178 word3_muladd(&w2, &w1, &w0, ws[13], p[17]);
1179 word3_muladd(&w2, &w1, &w0, ws[14], p[16]);
1180 word3_muladd(&w2, &w1, &w0, ws[15], p[15]);
1181 word3_muladd(&w2, &w1, &w0, ws[16], p[14]);
1182 word3_muladd(&w2, &w1, &w0, ws[17], p[13]);
1183 word3_muladd(&w2, &w1, &w0, ws[18], p[12]);
1184 word3_muladd(&w2, &w1, &w0, ws[19], p[11]);
1185 word3_muladd(&w2, &w1, &w0, ws[20], p[10]);
1186 word3_muladd(&w2, &w1, &w0, ws[21], p[9]);
1187 word3_muladd(&w2, &w1, &w0, ws[22], p[8]);
1188 word3_muladd(&w2, &w1, &w0, ws[23], p[7]);
1189 word3_add(&w2, &w1, &w0, z[30]);
1190 ws[6] = w0;
1191 w0 = w1; w1 = w2; w2 = 0;
1192 word3_muladd(&w2, &w1, &w0, ws[8], p[23]);
1193 word3_muladd(&w2, &w1, &w0, ws[9], p[22]);
1194 word3_muladd(&w2, &w1, &w0, ws[10], p[21]);
1195 word3_muladd(&w2, &w1, &w0, ws[11], p[20]);
1196 word3_muladd(&w2, &w1, &w0, ws[12], p[19]);
1197 word3_muladd(&w2, &w1, &w0, ws[13], p[18]);
1198 word3_muladd(&w2, &w1, &w0, ws[14], p[17]);
1199 word3_muladd(&w2, &w1, &w0, ws[15], p[16]);
1200 word3_muladd(&w2, &w1, &w0, ws[16], p[15]);
1201 word3_muladd(&w2, &w1, &w0, ws[17], p[14]);
1202 word3_muladd(&w2, &w1, &w0, ws[18], p[13]);
1203 word3_muladd(&w2, &w1, &w0, ws[19], p[12]);
1204 word3_muladd(&w2, &w1, &w0, ws[20], p[11]);
1205 word3_muladd(&w2, &w1, &w0, ws[21], p[10]);
1206 word3_muladd(&w2, &w1, &w0, ws[22], p[9]);
1207 word3_muladd(&w2, &w1, &w0, ws[23], p[8]);
1208 word3_add(&w2, &w1, &w0, z[31]);
1209 ws[7] = w0;
1210 w0 = w1; w1 = w2; w2 = 0;
1211 word3_muladd(&w2, &w1, &w0, ws[9], p[23]);
1212 word3_muladd(&w2, &w1, &w0, ws[10], p[22]);
1213 word3_muladd(&w2, &w1, &w0, ws[11], p[21]);
1214 word3_muladd(&w2, &w1, &w0, ws[12], p[20]);
1215 word3_muladd(&w2, &w1, &w0, ws[13], p[19]);
1216 word3_muladd(&w2, &w1, &w0, ws[14], p[18]);
1217 word3_muladd(&w2, &w1, &w0, ws[15], p[17]);
1218 word3_muladd(&w2, &w1, &w0, ws[16], p[16]);
1219 word3_muladd(&w2, &w1, &w0, ws[17], p[15]);
1220 word3_muladd(&w2, &w1, &w0, ws[18], p[14]);
1221 word3_muladd(&w2, &w1, &w0, ws[19], p[13]);
1222 word3_muladd(&w2, &w1, &w0, ws[20], p[12]);
1223 word3_muladd(&w2, &w1, &w0, ws[21], p[11]);
1224 word3_muladd(&w2, &w1, &w0, ws[22], p[10]);
1225 word3_muladd(&w2, &w1, &w0, ws[23], p[9]);
1226 word3_add(&w2, &w1, &w0, z[32]);
1227 ws[8] = w0;
1228 w0 = w1; w1 = w2; w2 = 0;
1229 word3_muladd(&w2, &w1, &w0, ws[10], p[23]);
1230 word3_muladd(&w2, &w1, &w0, ws[11], p[22]);
1231 word3_muladd(&w2, &w1, &w0, ws[12], p[21]);
1232 word3_muladd(&w2, &w1, &w0, ws[13], p[20]);
1233 word3_muladd(&w2, &w1, &w0, ws[14], p[19]);
1234 word3_muladd(&w2, &w1, &w0, ws[15], p[18]);
1235 word3_muladd(&w2, &w1, &w0, ws[16], p[17]);
1236 word3_muladd(&w2, &w1, &w0, ws[17], p[16]);
1237 word3_muladd(&w2, &w1, &w0, ws[18], p[15]);
1238 word3_muladd(&w2, &w1, &w0, ws[19], p[14]);
1239 word3_muladd(&w2, &w1, &w0, ws[20], p[13]);
1240 word3_muladd(&w2, &w1, &w0, ws[21], p[12]);
1241 word3_muladd(&w2, &w1, &w0, ws[22], p[11]);
1242 word3_muladd(&w2, &w1, &w0, ws[23], p[10]);
1243 word3_add(&w2, &w1, &w0, z[33]);
1244 ws[9] = w0;
1245 w0 = w1; w1 = w2; w2 = 0;
1246 word3_muladd(&w2, &w1, &w0, ws[11], p[23]);
1247 word3_muladd(&w2, &w1, &w0, ws[12], p[22]);
1248 word3_muladd(&w2, &w1, &w0, ws[13], p[21]);
1249 word3_muladd(&w2, &w1, &w0, ws[14], p[20]);
1250 word3_muladd(&w2, &w1, &w0, ws[15], p[19]);
1251 word3_muladd(&w2, &w1, &w0, ws[16], p[18]);
1252 word3_muladd(&w2, &w1, &w0, ws[17], p[17]);
1253 word3_muladd(&w2, &w1, &w0, ws[18], p[16]);
1254 word3_muladd(&w2, &w1, &w0, ws[19], p[15]);
1255 word3_muladd(&w2, &w1, &w0, ws[20], p[14]);
1256 word3_muladd(&w2, &w1, &w0, ws[21], p[13]);
1257 word3_muladd(&w2, &w1, &w0, ws[22], p[12]);
1258 word3_muladd(&w2, &w1, &w0, ws[23], p[11]);
1259 word3_add(&w2, &w1, &w0, z[34]);
1260 ws[10] = w0;
1261 w0 = w1; w1 = w2; w2 = 0;
1262 word3_muladd(&w2, &w1, &w0, ws[12], p[23]);
1263 word3_muladd(&w2, &w1, &w0, ws[13], p[22]);
1264 word3_muladd(&w2, &w1, &w0, ws[14], p[21]);
1265 word3_muladd(&w2, &w1, &w0, ws[15], p[20]);
1266 word3_muladd(&w2, &w1, &w0, ws[16], p[19]);
1267 word3_muladd(&w2, &w1, &w0, ws[17], p[18]);
1268 word3_muladd(&w2, &w1, &w0, ws[18], p[17]);
1269 word3_muladd(&w2, &w1, &w0, ws[19], p[16]);
1270 word3_muladd(&w2, &w1, &w0, ws[20], p[15]);
1271 word3_muladd(&w2, &w1, &w0, ws[21], p[14]);
1272 word3_muladd(&w2, &w1, &w0, ws[22], p[13]);
1273 word3_muladd(&w2, &w1, &w0, ws[23], p[12]);
1274 word3_add(&w2, &w1, &w0, z[35]);
1275 ws[11] = w0;
1276 w0 = w1; w1 = w2; w2 = 0;
1277 word3_muladd(&w2, &w1, &w0, ws[13], p[23]);
1278 word3_muladd(&w2, &w1, &w0, ws[14], p[22]);
1279 word3_muladd(&w2, &w1, &w0, ws[15], p[21]);
1280 word3_muladd(&w2, &w1, &w0, ws[16], p[20]);
1281 word3_muladd(&w2, &w1, &w0, ws[17], p[19]);
1282 word3_muladd(&w2, &w1, &w0, ws[18], p[18]);
1283 word3_muladd(&w2, &w1, &w0, ws[19], p[17]);
1284 word3_muladd(&w2, &w1, &w0, ws[20], p[16]);
1285 word3_muladd(&w2, &w1, &w0, ws[21], p[15]);
1286 word3_muladd(&w2, &w1, &w0, ws[22], p[14]);
1287 word3_muladd(&w2, &w1, &w0, ws[23], p[13]);
1288 word3_add(&w2, &w1, &w0, z[36]);
1289 ws[12] = w0;
1290 w0 = w1; w1 = w2; w2 = 0;
1291 word3_muladd(&w2, &w1, &w0, ws[14], p[23]);
1292 word3_muladd(&w2, &w1, &w0, ws[15], p[22]);
1293 word3_muladd(&w2, &w1, &w0, ws[16], p[21]);
1294 word3_muladd(&w2, &w1, &w0, ws[17], p[20]);
1295 word3_muladd(&w2, &w1, &w0, ws[18], p[19]);
1296 word3_muladd(&w2, &w1, &w0, ws[19], p[18]);
1297 word3_muladd(&w2, &w1, &w0, ws[20], p[17]);
1298 word3_muladd(&w2, &w1, &w0, ws[21], p[16]);
1299 word3_muladd(&w2, &w1, &w0, ws[22], p[15]);
1300 word3_muladd(&w2, &w1, &w0, ws[23], p[14]);
1301 word3_add(&w2, &w1, &w0, z[37]);
1302 ws[13] = w0;
1303 w0 = w1; w1 = w2; w2 = 0;
1304 word3_muladd(&w2, &w1, &w0, ws[15], p[23]);
1305 word3_muladd(&w2, &w1, &w0, ws[16], p[22]);
1306 word3_muladd(&w2, &w1, &w0, ws[17], p[21]);
1307 word3_muladd(&w2, &w1, &w0, ws[18], p[20]);
1308 word3_muladd(&w2, &w1, &w0, ws[19], p[19]);
1309 word3_muladd(&w2, &w1, &w0, ws[20], p[18]);
1310 word3_muladd(&w2, &w1, &w0, ws[21], p[17]);
1311 word3_muladd(&w2, &w1, &w0, ws[22], p[16]);
1312 word3_muladd(&w2, &w1, &w0, ws[23], p[15]);
1313 word3_add(&w2, &w1, &w0, z[38]);
1314 ws[14] = w0;
1315 w0 = w1; w1 = w2; w2 = 0;
1316 word3_muladd(&w2, &w1, &w0, ws[16], p[23]);
1317 word3_muladd(&w2, &w1, &w0, ws[17], p[22]);
1318 word3_muladd(&w2, &w1, &w0, ws[18], p[21]);
1319 word3_muladd(&w2, &w1, &w0, ws[19], p[20]);
1320 word3_muladd(&w2, &w1, &w0, ws[20], p[19]);
1321 word3_muladd(&w2, &w1, &w0, ws[21], p[18]);
1322 word3_muladd(&w2, &w1, &w0, ws[22], p[17]);
1323 word3_muladd(&w2, &w1, &w0, ws[23], p[16]);
1324 word3_add(&w2, &w1, &w0, z[39]);
1325 ws[15] = w0;
1326 w0 = w1; w1 = w2; w2 = 0;
1327 word3_muladd(&w2, &w1, &w0, ws[17], p[23]);
1328 word3_muladd(&w2, &w1, &w0, ws[18], p[22]);
1329 word3_muladd(&w2, &w1, &w0, ws[19], p[21]);
1330 word3_muladd(&w2, &w1, &w0, ws[20], p[20]);
1331 word3_muladd(&w2, &w1, &w0, ws[21], p[19]);
1332 word3_muladd(&w2, &w1, &w0, ws[22], p[18]);
1333 word3_muladd(&w2, &w1, &w0, ws[23], p[17]);
1334 word3_add(&w2, &w1, &w0, z[40]);
1335 ws[16] = w0;
1336 w0 = w1; w1 = w2; w2 = 0;
1337 word3_muladd(&w2, &w1, &w0, ws[18], p[23]);
1338 word3_muladd(&w2, &w1, &w0, ws[19], p[22]);
1339 word3_muladd(&w2, &w1, &w0, ws[20], p[21]);
1340 word3_muladd(&w2, &w1, &w0, ws[21], p[20]);
1341 word3_muladd(&w2, &w1, &w0, ws[22], p[19]);
1342 word3_muladd(&w2, &w1, &w0, ws[23], p[18]);
1343 word3_add(&w2, &w1, &w0, z[41]);
1344 ws[17] = w0;
1345 w0 = w1; w1 = w2; w2 = 0;
1346 word3_muladd(&w2, &w1, &w0, ws[19], p[23]);
1347 word3_muladd(&w2, &w1, &w0, ws[20], p[22]);
1348 word3_muladd(&w2, &w1, &w0, ws[21], p[21]);
1349 word3_muladd(&w2, &w1, &w0, ws[22], p[20]);
1350 word3_muladd(&w2, &w1, &w0, ws[23], p[19]);
1351 word3_add(&w2, &w1, &w0, z[42]);
1352 ws[18] = w0;
1353 w0 = w1; w1 = w2; w2 = 0;
1354 word3_muladd(&w2, &w1, &w0, ws[20], p[23]);
1355 word3_muladd(&w2, &w1, &w0, ws[21], p[22]);
1356 word3_muladd(&w2, &w1, &w0, ws[22], p[21]);
1357 word3_muladd(&w2, &w1, &w0, ws[23], p[20]);
1358 word3_add(&w2, &w1, &w0, z[43]);
1359 ws[19] = w0;
1360 w0 = w1; w1 = w2; w2 = 0;
1361 word3_muladd(&w2, &w1, &w0, ws[21], p[23]);
1362 word3_muladd(&w2, &w1, &w0, ws[22], p[22]);
1363 word3_muladd(&w2, &w1, &w0, ws[23], p[21]);
1364 word3_add(&w2, &w1, &w0, z[44]);
1365 ws[20] = w0;
1366 w0 = w1; w1 = w2; w2 = 0;
1367 word3_muladd(&w2, &w1, &w0, ws[22], p[23]);
1368 word3_muladd(&w2, &w1, &w0, ws[23], p[22]);
1369 word3_add(&w2, &w1, &w0, z[45]);
1370 ws[21] = w0;
1371 w0 = w1; w1 = w2; w2 = 0;
1372 word3_muladd(&w2, &w1, &w0, ws[23], p[23]);
1373 word3_add(&w2, &w1, &w0, z[46]);
1374 ws[22] = w0;
1375 w0 = w1; w1 = w2; w2 = 0;
1376 word3_add(&w2, &w1, &w0, z[47]);
1377 ws[23] = w0;
1378 w0 = w1; w1 = w2; w2 = 0;
1379 word3_add(&w2, &w1, &w0, z[49]);
1380 ws[24] = w0;
1381 ws[25] = w1;
1382 word borrow = bigint_sub3(ws + 24 + 1, ws, 24 + 1, p, 24);
1383 CT::conditional_copy_mem(borrow, z, ws, ws + 25, 25);
1384 clear_mem(z + 24, 2*(24+1) - 24);
1385 }

References bigint_sub3(), clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), and word3_muladd().

◆ bigint_monty_redc_24() [2/2]

void Botan::bigint_monty_redc_24 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_monty_redc_32() [1/2]

void Botan::bigint_monty_redc_32 ( word  z[],
const word  p[32],
word  p_dash,
word  ws[] 
)

Definition at line 1387 of file mp_monty_n.cpp.

1388 {
1389 word w2 = 0, w1 = 0, w0 = 0;
1390 w0 = z[0];
1391 ws[0] = w0 * p_dash;
1392 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
1393 w0 = w1; w1 = w2; w2 = 0;
1394 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
1395 word3_add(&w2, &w1, &w0, z[1]);
1396 ws[1] = w0 * p_dash;
1397 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
1398 w0 = w1; w1 = w2; w2 = 0;
1399 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
1400 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
1401 word3_add(&w2, &w1, &w0, z[2]);
1402 ws[2] = w0 * p_dash;
1403 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
1404 w0 = w1; w1 = w2; w2 = 0;
1405 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
1406 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
1407 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
1408 word3_add(&w2, &w1, &w0, z[3]);
1409 ws[3] = w0 * p_dash;
1410 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
1411 w0 = w1; w1 = w2; w2 = 0;
1412 word3_muladd(&w2, &w1, &w0, ws[0], p[4]);
1413 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
1414 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
1415 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
1416 word3_add(&w2, &w1, &w0, z[4]);
1417 ws[4] = w0 * p_dash;
1418 word3_muladd(&w2, &w1, &w0, ws[4], p[0]);
1419 w0 = w1; w1 = w2; w2 = 0;
1420 word3_muladd(&w2, &w1, &w0, ws[0], p[5]);
1421 word3_muladd(&w2, &w1, &w0, ws[1], p[4]);
1422 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
1423 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
1424 word3_muladd(&w2, &w1, &w0, ws[4], p[1]);
1425 word3_add(&w2, &w1, &w0, z[5]);
1426 ws[5] = w0 * p_dash;
1427 word3_muladd(&w2, &w1, &w0, ws[5], p[0]);
1428 w0 = w1; w1 = w2; w2 = 0;
1429 word3_muladd(&w2, &w1, &w0, ws[0], p[6]);
1430 word3_muladd(&w2, &w1, &w0, ws[1], p[5]);
1431 word3_muladd(&w2, &w1, &w0, ws[2], p[4]);
1432 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
1433 word3_muladd(&w2, &w1, &w0, ws[4], p[2]);
1434 word3_muladd(&w2, &w1, &w0, ws[5], p[1]);
1435 word3_add(&w2, &w1, &w0, z[6]);
1436 ws[6] = w0 * p_dash;
1437 word3_muladd(&w2, &w1, &w0, ws[6], p[0]);
1438 w0 = w1; w1 = w2; w2 = 0;
1439 word3_muladd(&w2, &w1, &w0, ws[0], p[7]);
1440 word3_muladd(&w2, &w1, &w0, ws[1], p[6]);
1441 word3_muladd(&w2, &w1, &w0, ws[2], p[5]);
1442 word3_muladd(&w2, &w1, &w0, ws[3], p[4]);
1443 word3_muladd(&w2, &w1, &w0, ws[4], p[3]);
1444 word3_muladd(&w2, &w1, &w0, ws[5], p[2]);
1445 word3_muladd(&w2, &w1, &w0, ws[6], p[1]);
1446 word3_add(&w2, &w1, &w0, z[7]);
1447 ws[7] = w0 * p_dash;
1448 word3_muladd(&w2, &w1, &w0, ws[7], p[0]);
1449 w0 = w1; w1 = w2; w2 = 0;
1450 word3_muladd(&w2, &w1, &w0, ws[0], p[8]);
1451 word3_muladd(&w2, &w1, &w0, ws[1], p[7]);
1452 word3_muladd(&w2, &w1, &w0, ws[2], p[6]);
1453 word3_muladd(&w2, &w1, &w0, ws[3], p[5]);
1454 word3_muladd(&w2, &w1, &w0, ws[4], p[4]);
1455 word3_muladd(&w2, &w1, &w0, ws[5], p[3]);
1456 word3_muladd(&w2, &w1, &w0, ws[6], p[2]);
1457 word3_muladd(&w2, &w1, &w0, ws[7], p[1]);
1458 word3_add(&w2, &w1, &w0, z[8]);
1459 ws[8] = w0 * p_dash;
1460 word3_muladd(&w2, &w1, &w0, ws[8], p[0]);
1461 w0 = w1; w1 = w2; w2 = 0;
1462 word3_muladd(&w2, &w1, &w0, ws[0], p[9]);
1463 word3_muladd(&w2, &w1, &w0, ws[1], p[8]);
1464 word3_muladd(&w2, &w1, &w0, ws[2], p[7]);
1465 word3_muladd(&w2, &w1, &w0, ws[3], p[6]);
1466 word3_muladd(&w2, &w1, &w0, ws[4], p[5]);
1467 word3_muladd(&w2, &w1, &w0, ws[5], p[4]);
1468 word3_muladd(&w2, &w1, &w0, ws[6], p[3]);
1469 word3_muladd(&w2, &w1, &w0, ws[7], p[2]);
1470 word3_muladd(&w2, &w1, &w0, ws[8], p[1]);
1471 word3_add(&w2, &w1, &w0, z[9]);
1472 ws[9] = w0 * p_dash;
1473 word3_muladd(&w2, &w1, &w0, ws[9], p[0]);
1474 w0 = w1; w1 = w2; w2 = 0;
1475 word3_muladd(&w2, &w1, &w0, ws[0], p[10]);
1476 word3_muladd(&w2, &w1, &w0, ws[1], p[9]);
1477 word3_muladd(&w2, &w1, &w0, ws[2], p[8]);
1478 word3_muladd(&w2, &w1, &w0, ws[3], p[7]);
1479 word3_muladd(&w2, &w1, &w0, ws[4], p[6]);
1480 word3_muladd(&w2, &w1, &w0, ws[5], p[5]);
1481 word3_muladd(&w2, &w1, &w0, ws[6], p[4]);
1482 word3_muladd(&w2, &w1, &w0, ws[7], p[3]);
1483 word3_muladd(&w2, &w1, &w0, ws[8], p[2]);
1484 word3_muladd(&w2, &w1, &w0, ws[9], p[1]);
1485 word3_add(&w2, &w1, &w0, z[10]);
1486 ws[10] = w0 * p_dash;
1487 word3_muladd(&w2, &w1, &w0, ws[10], p[0]);
1488 w0 = w1; w1 = w2; w2 = 0;
1489 word3_muladd(&w2, &w1, &w0, ws[0], p[11]);
1490 word3_muladd(&w2, &w1, &w0, ws[1], p[10]);
1491 word3_muladd(&w2, &w1, &w0, ws[2], p[9]);
1492 word3_muladd(&w2, &w1, &w0, ws[3], p[8]);
1493 word3_muladd(&w2, &w1, &w0, ws[4], p[7]);
1494 word3_muladd(&w2, &w1, &w0, ws[5], p[6]);
1495 word3_muladd(&w2, &w1, &w0, ws[6], p[5]);
1496 word3_muladd(&w2, &w1, &w0, ws[7], p[4]);
1497 word3_muladd(&w2, &w1, &w0, ws[8], p[3]);
1498 word3_muladd(&w2, &w1, &w0, ws[9], p[2]);
1499 word3_muladd(&w2, &w1, &w0, ws[10], p[1]);
1500 word3_add(&w2, &w1, &w0, z[11]);
1501 ws[11] = w0 * p_dash;
1502 word3_muladd(&w2, &w1, &w0, ws[11], p[0]);
1503 w0 = w1; w1 = w2; w2 = 0;
1504 word3_muladd(&w2, &w1, &w0, ws[0], p[12]);
1505 word3_muladd(&w2, &w1, &w0, ws[1], p[11]);
1506 word3_muladd(&w2, &w1, &w0, ws[2], p[10]);
1507 word3_muladd(&w2, &w1, &w0, ws[3], p[9]);
1508 word3_muladd(&w2, &w1, &w0, ws[4], p[8]);
1509 word3_muladd(&w2, &w1, &w0, ws[5], p[7]);
1510 word3_muladd(&w2, &w1, &w0, ws[6], p[6]);
1511 word3_muladd(&w2, &w1, &w0, ws[7], p[5]);
1512 word3_muladd(&w2, &w1, &w0, ws[8], p[4]);
1513 word3_muladd(&w2, &w1, &w0, ws[9], p[3]);
1514 word3_muladd(&w2, &w1, &w0, ws[10], p[2]);
1515 word3_muladd(&w2, &w1, &w0, ws[11], p[1]);
1516 word3_add(&w2, &w1, &w0, z[12]);
1517 ws[12] = w0 * p_dash;
1518 word3_muladd(&w2, &w1, &w0, ws[12], p[0]);
1519 w0 = w1; w1 = w2; w2 = 0;
1520 word3_muladd(&w2, &w1, &w0, ws[0], p[13]);
1521 word3_muladd(&w2, &w1, &w0, ws[1], p[12]);
1522 word3_muladd(&w2, &w1, &w0, ws[2], p[11]);
1523 word3_muladd(&w2, &w1, &w0, ws[3], p[10]);
1524 word3_muladd(&w2, &w1, &w0, ws[4], p[9]);
1525 word3_muladd(&w2, &w1, &w0, ws[5], p[8]);
1526 word3_muladd(&w2, &w1, &w0, ws[6], p[7]);
1527 word3_muladd(&w2, &w1, &w0, ws[7], p[6]);
1528 word3_muladd(&w2, &w1, &w0, ws[8], p[5]);
1529 word3_muladd(&w2, &w1, &w0, ws[9], p[4]);
1530 word3_muladd(&w2, &w1, &w0, ws[10], p[3]);
1531 word3_muladd(&w2, &w1, &w0, ws[11], p[2]);
1532 word3_muladd(&w2, &w1, &w0, ws[12], p[1]);
1533 word3_add(&w2, &w1, &w0, z[13]);
1534 ws[13] = w0 * p_dash;
1535 word3_muladd(&w2, &w1, &w0, ws[13], p[0]);
1536 w0 = w1; w1 = w2; w2 = 0;
1537 word3_muladd(&w2, &w1, &w0, ws[0], p[14]);
1538 word3_muladd(&w2, &w1, &w0, ws[1], p[13]);
1539 word3_muladd(&w2, &w1, &w0, ws[2], p[12]);
1540 word3_muladd(&w2, &w1, &w0, ws[3], p[11]);
1541 word3_muladd(&w2, &w1, &w0, ws[4], p[10]);
1542 word3_muladd(&w2, &w1, &w0, ws[5], p[9]);
1543 word3_muladd(&w2, &w1, &w0, ws[6], p[8]);
1544 word3_muladd(&w2, &w1, &w0, ws[7], p[7]);
1545 word3_muladd(&w2, &w1, &w0, ws[8], p[6]);
1546 word3_muladd(&w2, &w1, &w0, ws[9], p[5]);
1547 word3_muladd(&w2, &w1, &w0, ws[10], p[4]);
1548 word3_muladd(&w2, &w1, &w0, ws[11], p[3]);
1549 word3_muladd(&w2, &w1, &w0, ws[12], p[2]);
1550 word3_muladd(&w2, &w1, &w0, ws[13], p[1]);
1551 word3_add(&w2, &w1, &w0, z[14]);
1552 ws[14] = w0 * p_dash;
1553 word3_muladd(&w2, &w1, &w0, ws[14], p[0]);
1554 w0 = w1; w1 = w2; w2 = 0;
1555 word3_muladd(&w2, &w1, &w0, ws[0], p[15]);
1556 word3_muladd(&w2, &w1, &w0, ws[1], p[14]);
1557 word3_muladd(&w2, &w1, &w0, ws[2], p[13]);
1558 word3_muladd(&w2, &w1, &w0, ws[3], p[12]);
1559 word3_muladd(&w2, &w1, &w0, ws[4], p[11]);
1560 word3_muladd(&w2, &w1, &w0, ws[5], p[10]);
1561 word3_muladd(&w2, &w1, &w0, ws[6], p[9]);
1562 word3_muladd(&w2, &w1, &w0, ws[7], p[8]);
1563 word3_muladd(&w2, &w1, &w0, ws[8], p[7]);
1564 word3_muladd(&w2, &w1, &w0, ws[9], p[6]);
1565 word3_muladd(&w2, &w1, &w0, ws[10], p[5]);
1566 word3_muladd(&w2, &w1, &w0, ws[11], p[4]);
1567 word3_muladd(&w2, &w1, &w0, ws[12], p[3]);
1568 word3_muladd(&w2, &w1, &w0, ws[13], p[2]);
1569 word3_muladd(&w2, &w1, &w0, ws[14], p[1]);
1570 word3_add(&w2, &w1, &w0, z[15]);
1571 ws[15] = w0 * p_dash;
1572 word3_muladd(&w2, &w1, &w0, ws[15], p[0]);
1573 w0 = w1; w1 = w2; w2 = 0;
1574 word3_muladd(&w2, &w1, &w0, ws[0], p[16]);
1575 word3_muladd(&w2, &w1, &w0, ws[1], p[15]);
1576 word3_muladd(&w2, &w1, &w0, ws[2], p[14]);
1577 word3_muladd(&w2, &w1, &w0, ws[3], p[13]);
1578 word3_muladd(&w2, &w1, &w0, ws[4], p[12]);
1579 word3_muladd(&w2, &w1, &w0, ws[5], p[11]);
1580 word3_muladd(&w2, &w1, &w0, ws[6], p[10]);
1581 word3_muladd(&w2, &w1, &w0, ws[7], p[9]);
1582 word3_muladd(&w2, &w1, &w0, ws[8], p[8]);
1583 word3_muladd(&w2, &w1, &w0, ws[9], p[7]);
1584 word3_muladd(&w2, &w1, &w0, ws[10], p[6]);
1585 word3_muladd(&w2, &w1, &w0, ws[11], p[5]);
1586 word3_muladd(&w2, &w1, &w0, ws[12], p[4]);
1587 word3_muladd(&w2, &w1, &w0, ws[13], p[3]);
1588 word3_muladd(&w2, &w1, &w0, ws[14], p[2]);
1589 word3_muladd(&w2, &w1, &w0, ws[15], p[1]);
1590 word3_add(&w2, &w1, &w0, z[16]);
1591 ws[16] = w0 * p_dash;
1592 word3_muladd(&w2, &w1, &w0, ws[16], p[0]);
1593 w0 = w1; w1 = w2; w2 = 0;
1594 word3_muladd(&w2, &w1, &w0, ws[0], p[17]);
1595 word3_muladd(&w2, &w1, &w0, ws[1], p[16]);
1596 word3_muladd(&w2, &w1, &w0, ws[2], p[15]);
1597 word3_muladd(&w2, &w1, &w0, ws[3], p[14]);
1598 word3_muladd(&w2, &w1, &w0, ws[4], p[13]);
1599 word3_muladd(&w2, &w1, &w0, ws[5], p[12]);
1600 word3_muladd(&w2, &w1, &w0, ws[6], p[11]);
1601 word3_muladd(&w2, &w1, &w0, ws[7], p[10]);
1602 word3_muladd(&w2, &w1, &w0, ws[8], p[9]);
1603 word3_muladd(&w2, &w1, &w0, ws[9], p[8]);
1604 word3_muladd(&w2, &w1, &w0, ws[10], p[7]);
1605 word3_muladd(&w2, &w1, &w0, ws[11], p[6]);
1606 word3_muladd(&w2, &w1, &w0, ws[12], p[5]);
1607 word3_muladd(&w2, &w1, &w0, ws[13], p[4]);
1608 word3_muladd(&w2, &w1, &w0, ws[14], p[3]);
1609 word3_muladd(&w2, &w1, &w0, ws[15], p[2]);
1610 word3_muladd(&w2, &w1, &w0, ws[16], p[1]);
1611 word3_add(&w2, &w1, &w0, z[17]);
1612 ws[17] = w0 * p_dash;
1613 word3_muladd(&w2, &w1, &w0, ws[17], p[0]);
1614 w0 = w1; w1 = w2; w2 = 0;
1615 word3_muladd(&w2, &w1, &w0, ws[0], p[18]);
1616 word3_muladd(&w2, &w1, &w0, ws[1], p[17]);
1617 word3_muladd(&w2, &w1, &w0, ws[2], p[16]);
1618 word3_muladd(&w2, &w1, &w0, ws[3], p[15]);
1619 word3_muladd(&w2, &w1, &w0, ws[4], p[14]);
1620 word3_muladd(&w2, &w1, &w0, ws[5], p[13]);
1621 word3_muladd(&w2, &w1, &w0, ws[6], p[12]);
1622 word3_muladd(&w2, &w1, &w0, ws[7], p[11]);
1623 word3_muladd(&w2, &w1, &w0, ws[8], p[10]);
1624 word3_muladd(&w2, &w1, &w0, ws[9], p[9]);
1625 word3_muladd(&w2, &w1, &w0, ws[10], p[8]);
1626 word3_muladd(&w2, &w1, &w0, ws[11], p[7]);
1627 word3_muladd(&w2, &w1, &w0, ws[12], p[6]);
1628 word3_muladd(&w2, &w1, &w0, ws[13], p[5]);
1629 word3_muladd(&w2, &w1, &w0, ws[14], p[4]);
1630 word3_muladd(&w2, &w1, &w0, ws[15], p[3]);
1631 word3_muladd(&w2, &w1, &w0, ws[16], p[2]);
1632 word3_muladd(&w2, &w1, &w0, ws[17], p[1]);
1633 word3_add(&w2, &w1, &w0, z[18]);
1634 ws[18] = w0 * p_dash;
1635 word3_muladd(&w2, &w1, &w0, ws[18], p[0]);
1636 w0 = w1; w1 = w2; w2 = 0;
1637 word3_muladd(&w2, &w1, &w0, ws[0], p[19]);
1638 word3_muladd(&w2, &w1, &w0, ws[1], p[18]);
1639 word3_muladd(&w2, &w1, &w0, ws[2], p[17]);
1640 word3_muladd(&w2, &w1, &w0, ws[3], p[16]);
1641 word3_muladd(&w2, &w1, &w0, ws[4], p[15]);
1642 word3_muladd(&w2, &w1, &w0, ws[5], p[14]);
1643 word3_muladd(&w2, &w1, &w0, ws[6], p[13]);
1644 word3_muladd(&w2, &w1, &w0, ws[7], p[12]);
1645 word3_muladd(&w2, &w1, &w0, ws[8], p[11]);
1646 word3_muladd(&w2, &w1, &w0, ws[9], p[10]);
1647 word3_muladd(&w2, &w1, &w0, ws[10], p[9]);
1648 word3_muladd(&w2, &w1, &w0, ws[11], p[8]);
1649 word3_muladd(&w2, &w1, &w0, ws[12], p[7]);
1650 word3_muladd(&w2, &w1, &w0, ws[13], p[6]);
1651 word3_muladd(&w2, &w1, &w0, ws[14], p[5]);
1652 word3_muladd(&w2, &w1, &w0, ws[15], p[4]);
1653 word3_muladd(&w2, &w1, &w0, ws[16], p[3]);
1654 word3_muladd(&w2, &w1, &w0, ws[17], p[2]);
1655 word3_muladd(&w2, &w1, &w0, ws[18], p[1]);
1656 word3_add(&w2, &w1, &w0, z[19]);
1657 ws[19] = w0 * p_dash;
1658 word3_muladd(&w2, &w1, &w0, ws[19], p[0]);
1659 w0 = w1; w1 = w2; w2 = 0;
1660 word3_muladd(&w2, &w1, &w0, ws[0], p[20]);
1661 word3_muladd(&w2, &w1, &w0, ws[1], p[19]);
1662 word3_muladd(&w2, &w1, &w0, ws[2], p[18]);
1663 word3_muladd(&w2, &w1, &w0, ws[3], p[17]);
1664 word3_muladd(&w2, &w1, &w0, ws[4], p[16]);
1665 word3_muladd(&w2, &w1, &w0, ws[5], p[15]);
1666 word3_muladd(&w2, &w1, &w0, ws[6], p[14]);
1667 word3_muladd(&w2, &w1, &w0, ws[7], p[13]);
1668 word3_muladd(&w2, &w1, &w0, ws[8], p[12]);
1669 word3_muladd(&w2, &w1, &w0, ws[9], p[11]);
1670 word3_muladd(&w2, &w1, &w0, ws[10], p[10]);
1671 word3_muladd(&w2, &w1, &w0, ws[11], p[9]);
1672 word3_muladd(&w2, &w1, &w0, ws[12], p[8]);
1673 word3_muladd(&w2, &w1, &w0, ws[13], p[7]);
1674 word3_muladd(&w2, &w1, &w0, ws[14], p[6]);
1675 word3_muladd(&w2, &w1, &w0, ws[15], p[5]);
1676 word3_muladd(&w2, &w1, &w0, ws[16], p[4]);
1677 word3_muladd(&w2, &w1, &w0, ws[17], p[3]);
1678 word3_muladd(&w2, &w1, &w0, ws[18], p[2]);
1679 word3_muladd(&w2, &w1, &w0, ws[19], p[1]);
1680 word3_add(&w2, &w1, &w0, z[20]);
1681 ws[20] = w0 * p_dash;
1682 word3_muladd(&w2, &w1, &w0, ws[20], p[0]);
1683 w0 = w1; w1 = w2; w2 = 0;
1684 word3_muladd(&w2, &w1, &w0, ws[0], p[21]);
1685 word3_muladd(&w2, &w1, &w0, ws[1], p[20]);
1686 word3_muladd(&w2, &w1, &w0, ws[2], p[19]);
1687 word3_muladd(&w2, &w1, &w0, ws[3], p[18]);
1688 word3_muladd(&w2, &w1, &w0, ws[4], p[17]);
1689 word3_muladd(&w2, &w1, &w0, ws[5], p[16]);
1690 word3_muladd(&w2, &w1, &w0, ws[6], p[15]);
1691 word3_muladd(&w2, &w1, &w0, ws[7], p[14]);
1692 word3_muladd(&w2, &w1, &w0, ws[8], p[13]);
1693 word3_muladd(&w2, &w1, &w0, ws[9], p[12]);
1694 word3_muladd(&w2, &w1, &w0, ws[10], p[11]);
1695 word3_muladd(&w2, &w1, &w0, ws[11], p[10]);
1696 word3_muladd(&w2, &w1, &w0, ws[12], p[9]);
1697 word3_muladd(&w2, &w1, &w0, ws[13], p[8]);
1698 word3_muladd(&w2, &w1, &w0, ws[14], p[7]);
1699 word3_muladd(&w2, &w1, &w0, ws[15], p[6]);
1700 word3_muladd(&w2, &w1, &w0, ws[16], p[5]);
1701 word3_muladd(&w2, &w1, &w0, ws[17], p[4]);
1702 word3_muladd(&w2, &w1, &w0, ws[18], p[3]);
1703 word3_muladd(&w2, &w1, &w0, ws[19], p[2]);
1704 word3_muladd(&w2, &w1, &w0, ws[20], p[1]);
1705 word3_add(&w2, &w1, &w0, z[21]);
1706 ws[21] = w0 * p_dash;
1707 word3_muladd(&w2, &w1, &w0, ws[21], p[0]);
1708 w0 = w1; w1 = w2; w2 = 0;
1709 word3_muladd(&w2, &w1, &w0, ws[0], p[22]);
1710 word3_muladd(&w2, &w1, &w0, ws[1], p[21]);
1711 word3_muladd(&w2, &w1, &w0, ws[2], p[20]);
1712 word3_muladd(&w2, &w1, &w0, ws[3], p[19]);
1713 word3_muladd(&w2, &w1, &w0, ws[4], p[18]);
1714 word3_muladd(&w2, &w1, &w0, ws[5], p[17]);
1715 word3_muladd(&w2, &w1, &w0, ws[6], p[16]);
1716 word3_muladd(&w2, &w1, &w0, ws[7], p[15]);
1717 word3_muladd(&w2, &w1, &w0, ws[8], p[14]);
1718 word3_muladd(&w2, &w1, &w0, ws[9], p[13]);
1719 word3_muladd(&w2, &w1, &w0, ws[10], p[12]);
1720 word3_muladd(&w2, &w1, &w0, ws[11], p[11]);
1721 word3_muladd(&w2, &w1, &w0, ws[12], p[10]);
1722 word3_muladd(&w2, &w1, &w0, ws[13], p[9]);
1723 word3_muladd(&w2, &w1, &w0, ws[14], p[8]);
1724 word3_muladd(&w2, &w1, &w0, ws[15], p[7]);
1725 word3_muladd(&w2, &w1, &w0, ws[16], p[6]);
1726 word3_muladd(&w2, &w1, &w0, ws[17], p[5]);
1727 word3_muladd(&w2, &w1, &w0, ws[18], p[4]);
1728 word3_muladd(&w2, &w1, &w0, ws[19], p[3]);
1729 word3_muladd(&w2, &w1, &w0, ws[20], p[2]);
1730 word3_muladd(&w2, &w1, &w0, ws[21], p[1]);
1731 word3_add(&w2, &w1, &w0, z[22]);
1732 ws[22] = w0 * p_dash;
1733 word3_muladd(&w2, &w1, &w0, ws[22], p[0]);
1734 w0 = w1; w1 = w2; w2 = 0;
1735 word3_muladd(&w2, &w1, &w0, ws[0], p[23]);
1736 word3_muladd(&w2, &w1, &w0, ws[1], p[22]);
1737 word3_muladd(&w2, &w1, &w0, ws[2], p[21]);
1738 word3_muladd(&w2, &w1, &w0, ws[3], p[20]);
1739 word3_muladd(&w2, &w1, &w0, ws[4], p[19]);
1740 word3_muladd(&w2, &w1, &w0, ws[5], p[18]);
1741 word3_muladd(&w2, &w1, &w0, ws[6], p[17]);
1742 word3_muladd(&w2, &w1, &w0, ws[7], p[16]);
1743 word3_muladd(&w2, &w1, &w0, ws[8], p[15]);
1744 word3_muladd(&w2, &w1, &w0, ws[9], p[14]);
1745 word3_muladd(&w2, &w1, &w0, ws[10], p[13]);
1746 word3_muladd(&w2, &w1, &w0, ws[11], p[12]);
1747 word3_muladd(&w2, &w1, &w0, ws[12], p[11]);
1748 word3_muladd(&w2, &w1, &w0, ws[13], p[10]);
1749 word3_muladd(&w2, &w1, &w0, ws[14], p[9]);
1750 word3_muladd(&w2, &w1, &w0, ws[15], p[8]);
1751 word3_muladd(&w2, &w1, &w0, ws[16], p[7]);
1752 word3_muladd(&w2, &w1, &w0, ws[17], p[6]);
1753 word3_muladd(&w2, &w1, &w0, ws[18], p[5]);
1754 word3_muladd(&w2, &w1, &w0, ws[19], p[4]);
1755 word3_muladd(&w2, &w1, &w0, ws[20], p[3]);
1756 word3_muladd(&w2, &w1, &w0, ws[21], p[2]);
1757 word3_muladd(&w2, &w1, &w0, ws[22], p[1]);
1758 word3_add(&w2, &w1, &w0, z[23]);
1759 ws[23] = w0 * p_dash;
1760 word3_muladd(&w2, &w1, &w0, ws[23], p[0]);
1761 w0 = w1; w1 = w2; w2 = 0;
1762 word3_muladd(&w2, &w1, &w0, ws[0], p[24]);
1763 word3_muladd(&w2, &w1, &w0, ws[1], p[23]);
1764 word3_muladd(&w2, &w1, &w0, ws[2], p[22]);
1765 word3_muladd(&w2, &w1, &w0, ws[3], p[21]);
1766 word3_muladd(&w2, &w1, &w0, ws[4], p[20]);
1767 word3_muladd(&w2, &w1, &w0, ws[5], p[19]);
1768 word3_muladd(&w2, &w1, &w0, ws[6], p[18]);
1769 word3_muladd(&w2, &w1, &w0, ws[7], p[17]);
1770 word3_muladd(&w2, &w1, &w0, ws[8], p[16]);
1771 word3_muladd(&w2, &w1, &w0, ws[9], p[15]);
1772 word3_muladd(&w2, &w1, &w0, ws[10], p[14]);
1773 word3_muladd(&w2, &w1, &w0, ws[11], p[13]);
1774 word3_muladd(&w2, &w1, &w0, ws[12], p[12]);
1775 word3_muladd(&w2, &w1, &w0, ws[13], p[11]);
1776 word3_muladd(&w2, &w1, &w0, ws[14], p[10]);
1777 word3_muladd(&w2, &w1, &w0, ws[15], p[9]);
1778 word3_muladd(&w2, &w1, &w0, ws[16], p[8]);
1779 word3_muladd(&w2, &w1, &w0, ws[17], p[7]);
1780 word3_muladd(&w2, &w1, &w0, ws[18], p[6]);
1781 word3_muladd(&w2, &w1, &w0, ws[19], p[5]);
1782 word3_muladd(&w2, &w1, &w0, ws[20], p[4]);
1783 word3_muladd(&w2, &w1, &w0, ws[21], p[3]);
1784 word3_muladd(&w2, &w1, &w0, ws[22], p[2]);
1785 word3_muladd(&w2, &w1, &w0, ws[23], p[1]);
1786 word3_add(&w2, &w1, &w0, z[24]);
1787 ws[24] = w0 * p_dash;
1788 word3_muladd(&w2, &w1, &w0, ws[24], p[0]);
1789 w0 = w1; w1 = w2; w2 = 0;
1790 word3_muladd(&w2, &w1, &w0, ws[0], p[25]);
1791 word3_muladd(&w2, &w1, &w0, ws[1], p[24]);
1792 word3_muladd(&w2, &w1, &w0, ws[2], p[23]);
1793 word3_muladd(&w2, &w1, &w0, ws[3], p[22]);
1794 word3_muladd(&w2, &w1, &w0, ws[4], p[21]);
1795 word3_muladd(&w2, &w1, &w0, ws[5], p[20]);
1796 word3_muladd(&w2, &w1, &w0, ws[6], p[19]);
1797 word3_muladd(&w2, &w1, &w0, ws[7], p[18]);
1798 word3_muladd(&w2, &w1, &w0, ws[8], p[17]);
1799 word3_muladd(&w2, &w1, &w0, ws[9], p[16]);
1800 word3_muladd(&w2, &w1, &w0, ws[10], p[15]);
1801 word3_muladd(&w2, &w1, &w0, ws[11], p[14]);
1802 word3_muladd(&w2, &w1, &w0, ws[12], p[13]);
1803 word3_muladd(&w2, &w1, &w0, ws[13], p[12]);
1804 word3_muladd(&w2, &w1, &w0, ws[14], p[11]);
1805 word3_muladd(&w2, &w1, &w0, ws[15], p[10]);
1806 word3_muladd(&w2, &w1, &w0, ws[16], p[9]);
1807 word3_muladd(&w2, &w1, &w0, ws[17], p[8]);
1808 word3_muladd(&w2, &w1, &w0, ws[18], p[7]);
1809 word3_muladd(&w2, &w1, &w0, ws[19], p[6]);
1810 word3_muladd(&w2, &w1, &w0, ws[20], p[5]);
1811 word3_muladd(&w2, &w1, &w0, ws[21], p[4]);
1812 word3_muladd(&w2, &w1, &w0, ws[22], p[3]);
1813 word3_muladd(&w2, &w1, &w0, ws[23], p[2]);
1814 word3_muladd(&w2, &w1, &w0, ws[24], p[1]);
1815 word3_add(&w2, &w1, &w0, z[25]);
1816 ws[25] = w0 * p_dash;
1817 word3_muladd(&w2, &w1, &w0, ws[25], p[0]);
1818 w0 = w1; w1 = w2; w2 = 0;
1819 word3_muladd(&w2, &w1, &w0, ws[0], p[26]);
1820 word3_muladd(&w2, &w1, &w0, ws[1], p[25]);
1821 word3_muladd(&w2, &w1, &w0, ws[2], p[24]);
1822 word3_muladd(&w2, &w1, &w0, ws[3], p[23]);
1823 word3_muladd(&w2, &w1, &w0, ws[4], p[22]);
1824 word3_muladd(&w2, &w1, &w0, ws[5], p[21]);
1825 word3_muladd(&w2, &w1, &w0, ws[6], p[20]);
1826 word3_muladd(&w2, &w1, &w0, ws[7], p[19]);
1827 word3_muladd(&w2, &w1, &w0, ws[8], p[18]);
1828 word3_muladd(&w2, &w1, &w0, ws[9], p[17]);
1829 word3_muladd(&w2, &w1, &w0, ws[10], p[16]);
1830 word3_muladd(&w2, &w1, &w0, ws[11], p[15]);
1831 word3_muladd(&w2, &w1, &w0, ws[12], p[14]);
1832 word3_muladd(&w2, &w1, &w0, ws[13], p[13]);
1833 word3_muladd(&w2, &w1, &w0, ws[14], p[12]);
1834 word3_muladd(&w2, &w1, &w0, ws[15], p[11]);
1835 word3_muladd(&w2, &w1, &w0, ws[16], p[10]);
1836 word3_muladd(&w2, &w1, &w0, ws[17], p[9]);
1837 word3_muladd(&w2, &w1, &w0, ws[18], p[8]);
1838 word3_muladd(&w2, &w1, &w0, ws[19], p[7]);
1839 word3_muladd(&w2, &w1, &w0, ws[20], p[6]);
1840 word3_muladd(&w2, &w1, &w0, ws[21], p[5]);
1841 word3_muladd(&w2, &w1, &w0, ws[22], p[4]);
1842 word3_muladd(&w2, &w1, &w0, ws[23], p[3]);
1843 word3_muladd(&w2, &w1, &w0, ws[24], p[2]);
1844 word3_muladd(&w2, &w1, &w0, ws[25], p[1]);
1845 word3_add(&w2, &w1, &w0, z[26]);
1846 ws[26] = w0 * p_dash;
1847 word3_muladd(&w2, &w1, &w0, ws[26], p[0]);
1848 w0 = w1; w1 = w2; w2 = 0;
1849 word3_muladd(&w2, &w1, &w0, ws[0], p[27]);
1850 word3_muladd(&w2, &w1, &w0, ws[1], p[26]);
1851 word3_muladd(&w2, &w1, &w0, ws[2], p[25]);
1852 word3_muladd(&w2, &w1, &w0, ws[3], p[24]);
1853 word3_muladd(&w2, &w1, &w0, ws[4], p[23]);
1854 word3_muladd(&w2, &w1, &w0, ws[5], p[22]);
1855 word3_muladd(&w2, &w1, &w0, ws[6], p[21]);
1856 word3_muladd(&w2, &w1, &w0, ws[7], p[20]);
1857 word3_muladd(&w2, &w1, &w0, ws[8], p[19]);
1858 word3_muladd(&w2, &w1, &w0, ws[9], p[18]);
1859 word3_muladd(&w2, &w1, &w0, ws[10], p[17]);
1860 word3_muladd(&w2, &w1, &w0, ws[11], p[16]);
1861 word3_muladd(&w2, &w1, &w0, ws[12], p[15]);
1862 word3_muladd(&w2, &w1, &w0, ws[13], p[14]);
1863 word3_muladd(&w2, &w1, &w0, ws[14], p[13]);
1864 word3_muladd(&w2, &w1, &w0, ws[15], p[12]);
1865 word3_muladd(&w2, &w1, &w0, ws[16], p[11]);
1866 word3_muladd(&w2, &w1, &w0, ws[17], p[10]);
1867 word3_muladd(&w2, &w1, &w0, ws[18], p[9]);
1868 word3_muladd(&w2, &w1, &w0, ws[19], p[8]);
1869 word3_muladd(&w2, &w1, &w0, ws[20], p[7]);
1870 word3_muladd(&w2, &w1, &w0, ws[21], p[6]);
1871 word3_muladd(&w2, &w1, &w0, ws[22], p[5]);
1872 word3_muladd(&w2, &w1, &w0, ws[23], p[4]);
1873 word3_muladd(&w2, &w1, &w0, ws[24], p[3]);
1874 word3_muladd(&w2, &w1, &w0, ws[25], p[2]);
1875 word3_muladd(&w2, &w1, &w0, ws[26], p[1]);
1876 word3_add(&w2, &w1, &w0, z[27]);
1877 ws[27] = w0 * p_dash;
1878 word3_muladd(&w2, &w1, &w0, ws[27], p[0]);
1879 w0 = w1; w1 = w2; w2 = 0;
1880 word3_muladd(&w2, &w1, &w0, ws[0], p[28]);
1881 word3_muladd(&w2, &w1, &w0, ws[1], p[27]);
1882 word3_muladd(&w2, &w1, &w0, ws[2], p[26]);
1883 word3_muladd(&w2, &w1, &w0, ws[3], p[25]);
1884 word3_muladd(&w2, &w1, &w0, ws[4], p[24]);
1885 word3_muladd(&w2, &w1, &w0, ws[5], p[23]);
1886 word3_muladd(&w2, &w1, &w0, ws[6], p[22]);
1887 word3_muladd(&w2, &w1, &w0, ws[7], p[21]);
1888 word3_muladd(&w2, &w1, &w0, ws[8], p[20]);
1889 word3_muladd(&w2, &w1, &w0, ws[9], p[19]);
1890 word3_muladd(&w2, &w1, &w0, ws[10], p[18]);
1891 word3_muladd(&w2, &w1, &w0, ws[11], p[17]);
1892 word3_muladd(&w2, &w1, &w0, ws[12], p[16]);
1893 word3_muladd(&w2, &w1, &w0, ws[13], p[15]);
1894 word3_muladd(&w2, &w1, &w0, ws[14], p[14]);
1895 word3_muladd(&w2, &w1, &w0, ws[15], p[13]);
1896 word3_muladd(&w2, &w1, &w0, ws[16], p[12]);
1897 word3_muladd(&w2, &w1, &w0, ws[17], p[11]);
1898 word3_muladd(&w2, &w1, &w0, ws[18], p[10]);
1899 word3_muladd(&w2, &w1, &w0, ws[19], p[9]);
1900 word3_muladd(&w2, &w1, &w0, ws[20], p[8]);
1901 word3_muladd(&w2, &w1, &w0, ws[21], p[7]);
1902 word3_muladd(&w2, &w1, &w0, ws[22], p[6]);
1903 word3_muladd(&w2, &w1, &w0, ws[23], p[5]);
1904 word3_muladd(&w2, &w1, &w0, ws[24], p[4]);
1905 word3_muladd(&w2, &w1, &w0, ws[25], p[3]);
1906 word3_muladd(&w2, &w1, &w0, ws[26], p[2]);
1907 word3_muladd(&w2, &w1, &w0, ws[27], p[1]);
1908 word3_add(&w2, &w1, &w0, z[28]);
1909 ws[28] = w0 * p_dash;
1910 word3_muladd(&w2, &w1, &w0, ws[28], p[0]);
1911 w0 = w1; w1 = w2; w2 = 0;
1912 word3_muladd(&w2, &w1, &w0, ws[0], p[29]);
1913 word3_muladd(&w2, &w1, &w0, ws[1], p[28]);
1914 word3_muladd(&w2, &w1, &w0, ws[2], p[27]);
1915 word3_muladd(&w2, &w1, &w0, ws[3], p[26]);
1916 word3_muladd(&w2, &w1, &w0, ws[4], p[25]);
1917 word3_muladd(&w2, &w1, &w0, ws[5], p[24]);
1918 word3_muladd(&w2, &w1, &w0, ws[6], p[23]);
1919 word3_muladd(&w2, &w1, &w0, ws[7], p[22]);
1920 word3_muladd(&w2, &w1, &w0, ws[8], p[21]);
1921 word3_muladd(&w2, &w1, &w0, ws[9], p[20]);
1922 word3_muladd(&w2, &w1, &w0, ws[10], p[19]);
1923 word3_muladd(&w2, &w1, &w0, ws[11], p[18]);
1924 word3_muladd(&w2, &w1, &w0, ws[12], p[17]);
1925 word3_muladd(&w2, &w1, &w0, ws[13], p[16]);
1926 word3_muladd(&w2, &w1, &w0, ws[14], p[15]);
1927 word3_muladd(&w2, &w1, &w0, ws[15], p[14]);
1928 word3_muladd(&w2, &w1, &w0, ws[16], p[13]);
1929 word3_muladd(&w2, &w1, &w0, ws[17], p[12]);
1930 word3_muladd(&w2, &w1, &w0, ws[18], p[11]);
1931 word3_muladd(&w2, &w1, &w0, ws[19], p[10]);
1932 word3_muladd(&w2, &w1, &w0, ws[20], p[9]);
1933 word3_muladd(&w2, &w1, &w0, ws[21], p[8]);
1934 word3_muladd(&w2, &w1, &w0, ws[22], p[7]);
1935 word3_muladd(&w2, &w1, &w0, ws[23], p[6]);
1936 word3_muladd(&w2, &w1, &w0, ws[24], p[5]);
1937 word3_muladd(&w2, &w1, &w0, ws[25], p[4]);
1938 word3_muladd(&w2, &w1, &w0, ws[26], p[3]);
1939 word3_muladd(&w2, &w1, &w0, ws[27], p[2]);
1940 word3_muladd(&w2, &w1, &w0, ws[28], p[1]);
1941 word3_add(&w2, &w1, &w0, z[29]);
1942 ws[29] = w0 * p_dash;
1943 word3_muladd(&w2, &w1, &w0, ws[29], p[0]);
1944 w0 = w1; w1 = w2; w2 = 0;
1945 word3_muladd(&w2, &w1, &w0, ws[0], p[30]);
1946 word3_muladd(&w2, &w1, &w0, ws[1], p[29]);
1947 word3_muladd(&w2, &w1, &w0, ws[2], p[28]);
1948 word3_muladd(&w2, &w1, &w0, ws[3], p[27]);
1949 word3_muladd(&w2, &w1, &w0, ws[4], p[26]);
1950 word3_muladd(&w2, &w1, &w0, ws[5], p[25]);
1951 word3_muladd(&w2, &w1, &w0, ws[6], p[24]);
1952 word3_muladd(&w2, &w1, &w0, ws[7], p[23]);
1953 word3_muladd(&w2, &w1, &w0, ws[8], p[22]);
1954 word3_muladd(&w2, &w1, &w0, ws[9], p[21]);
1955 word3_muladd(&w2, &w1, &w0, ws[10], p[20]);
1956 word3_muladd(&w2, &w1, &w0, ws[11], p[19]);
1957 word3_muladd(&w2, &w1, &w0, ws[12], p[18]);
1958 word3_muladd(&w2, &w1, &w0, ws[13], p[17]);
1959 word3_muladd(&w2, &w1, &w0, ws[14], p[16]);
1960 word3_muladd(&w2, &w1, &w0, ws[15], p[15]);
1961 word3_muladd(&w2, &w1, &w0, ws[16], p[14]);
1962 word3_muladd(&w2, &w1, &w0, ws[17], p[13]);
1963 word3_muladd(&w2, &w1, &w0, ws[18], p[12]);
1964 word3_muladd(&w2, &w1, &w0, ws[19], p[11]);
1965 word3_muladd(&w2, &w1, &w0, ws[20], p[10]);
1966 word3_muladd(&w2, &w1, &w0, ws[21], p[9]);
1967 word3_muladd(&w2, &w1, &w0, ws[22], p[8]);
1968 word3_muladd(&w2, &w1, &w0, ws[23], p[7]);
1969 word3_muladd(&w2, &w1, &w0, ws[24], p[6]);
1970 word3_muladd(&w2, &w1, &w0, ws[25], p[5]);
1971 word3_muladd(&w2, &w1, &w0, ws[26], p[4]);
1972 word3_muladd(&w2, &w1, &w0, ws[27], p[3]);
1973 word3_muladd(&w2, &w1, &w0, ws[28], p[2]);
1974 word3_muladd(&w2, &w1, &w0, ws[29], p[1]);
1975 word3_add(&w2, &w1, &w0, z[30]);
1976 ws[30] = w0 * p_dash;
1977 word3_muladd(&w2, &w1, &w0, ws[30], p[0]);
1978 w0 = w1; w1 = w2; w2 = 0;
1979 word3_muladd(&w2, &w1, &w0, ws[0], p[31]);
1980 word3_muladd(&w2, &w1, &w0, ws[1], p[30]);
1981 word3_muladd(&w2, &w1, &w0, ws[2], p[29]);
1982 word3_muladd(&w2, &w1, &w0, ws[3], p[28]);
1983 word3_muladd(&w2, &w1, &w0, ws[4], p[27]);
1984 word3_muladd(&w2, &w1, &w0, ws[5], p[26]);
1985 word3_muladd(&w2, &w1, &w0, ws[6], p[25]);
1986 word3_muladd(&w2, &w1, &w0, ws[7], p[24]);
1987 word3_muladd(&w2, &w1, &w0, ws[8], p[23]);
1988 word3_muladd(&w2, &w1, &w0, ws[9], p[22]);
1989 word3_muladd(&w2, &w1, &w0, ws[10], p[21]);
1990 word3_muladd(&w2, &w1, &w0, ws[11], p[20]);
1991 word3_muladd(&w2, &w1, &w0, ws[12], p[19]);
1992 word3_muladd(&w2, &w1, &w0, ws[13], p[18]);
1993 word3_muladd(&w2, &w1, &w0, ws[14], p[17]);
1994 word3_muladd(&w2, &w1, &w0, ws[15], p[16]);
1995 word3_muladd(&w2, &w1, &w0, ws[16], p[15]);
1996 word3_muladd(&w2, &w1, &w0, ws[17], p[14]);
1997 word3_muladd(&w2, &w1, &w0, ws[18], p[13]);
1998 word3_muladd(&w2, &w1, &w0, ws[19], p[12]);
1999 word3_muladd(&w2, &w1, &w0, ws[20], p[11]);
2000 word3_muladd(&w2, &w1, &w0, ws[21], p[10]);
2001 word3_muladd(&w2, &w1, &w0, ws[22], p[9]);
2002 word3_muladd(&w2, &w1, &w0, ws[23], p[8]);
2003 word3_muladd(&w2, &w1, &w0, ws[24], p[7]);
2004 word3_muladd(&w2, &w1, &w0, ws[25], p[6]);
2005 word3_muladd(&w2, &w1, &w0, ws[26], p[5]);
2006 word3_muladd(&w2, &w1, &w0, ws[27], p[4]);
2007 word3_muladd(&w2, &w1, &w0, ws[28], p[3]);
2008 word3_muladd(&w2, &w1, &w0, ws[29], p[2]);
2009 word3_muladd(&w2, &w1, &w0, ws[30], p[1]);
2010 word3_add(&w2, &w1, &w0, z[31]);
2011 ws[31] = w0 * p_dash;
2012 word3_muladd(&w2, &w1, &w0, ws[31], p[0]);
2013 w0 = w1; w1 = w2; w2 = 0;
2014 word3_muladd(&w2, &w1, &w0, ws[1], p[31]);
2015 word3_muladd(&w2, &w1, &w0, ws[2], p[30]);
2016 word3_muladd(&w2, &w1, &w0, ws[3], p[29]);
2017 word3_muladd(&w2, &w1, &w0, ws[4], p[28]);
2018 word3_muladd(&w2, &w1, &w0, ws[5], p[27]);
2019 word3_muladd(&w2, &w1, &w0, ws[6], p[26]);
2020 word3_muladd(&w2, &w1, &w0, ws[7], p[25]);
2021 word3_muladd(&w2, &w1, &w0, ws[8], p[24]);
2022 word3_muladd(&w2, &w1, &w0, ws[9], p[23]);
2023 word3_muladd(&w2, &w1, &w0, ws[10], p[22]);
2024 word3_muladd(&w2, &w1, &w0, ws[11], p[21]);
2025 word3_muladd(&w2, &w1, &w0, ws[12], p[20]);
2026 word3_muladd(&w2, &w1, &w0, ws[13], p[19]);
2027 word3_muladd(&w2, &w1, &w0, ws[14], p[18]);
2028 word3_muladd(&w2, &w1, &w0, ws[15], p[17]);
2029 word3_muladd(&w2, &w1, &w0, ws[16], p[16]);
2030 word3_muladd(&w2, &w1, &w0, ws[17], p[15]);
2031 word3_muladd(&w2, &w1, &w0, ws[18], p[14]);
2032 word3_muladd(&w2, &w1, &w0, ws[19], p[13]);
2033 word3_muladd(&w2, &w1, &w0, ws[20], p[12]);
2034 word3_muladd(&w2, &w1, &w0, ws[21], p[11]);
2035 word3_muladd(&w2, &w1, &w0, ws[22], p[10]);
2036 word3_muladd(&w2, &w1, &w0, ws[23], p[9]);
2037 word3_muladd(&w2, &w1, &w0, ws[24], p[8]);
2038 word3_muladd(&w2, &w1, &w0, ws[25], p[7]);
2039 word3_muladd(&w2, &w1, &w0, ws[26], p[6]);
2040 word3_muladd(&w2, &w1, &w0, ws[27], p[5]);
2041 word3_muladd(&w2, &w1, &w0, ws[28], p[4]);
2042 word3_muladd(&w2, &w1, &w0, ws[29], p[3]);
2043 word3_muladd(&w2, &w1, &w0, ws[30], p[2]);
2044 word3_muladd(&w2, &w1, &w0, ws[31], p[1]);
2045 word3_add(&w2, &w1, &w0, z[32]);
2046 ws[0] = w0;
2047 w0 = w1; w1 = w2; w2 = 0;
2048 word3_muladd(&w2, &w1, &w0, ws[2], p[31]);
2049 word3_muladd(&w2, &w1, &w0, ws[3], p[30]);
2050 word3_muladd(&w2, &w1, &w0, ws[4], p[29]);
2051 word3_muladd(&w2, &w1, &w0, ws[5], p[28]);
2052 word3_muladd(&w2, &w1, &w0, ws[6], p[27]);
2053 word3_muladd(&w2, &w1, &w0, ws[7], p[26]);
2054 word3_muladd(&w2, &w1, &w0, ws[8], p[25]);
2055 word3_muladd(&w2, &w1, &w0, ws[9], p[24]);
2056 word3_muladd(&w2, &w1, &w0, ws[10], p[23]);
2057 word3_muladd(&w2, &w1, &w0, ws[11], p[22]);
2058 word3_muladd(&w2, &w1, &w0, ws[12], p[21]);
2059 word3_muladd(&w2, &w1, &w0, ws[13], p[20]);
2060 word3_muladd(&w2, &w1, &w0, ws[14], p[19]);
2061 word3_muladd(&w2, &w1, &w0, ws[15], p[18]);
2062 word3_muladd(&w2, &w1, &w0, ws[16], p[17]);
2063 word3_muladd(&w2, &w1, &w0, ws[17], p[16]);
2064 word3_muladd(&w2, &w1, &w0, ws[18], p[15]);
2065 word3_muladd(&w2, &w1, &w0, ws[19], p[14]);
2066 word3_muladd(&w2, &w1, &w0, ws[20], p[13]);
2067 word3_muladd(&w2, &w1, &w0, ws[21], p[12]);
2068 word3_muladd(&w2, &w1, &w0, ws[22], p[11]);
2069 word3_muladd(&w2, &w1, &w0, ws[23], p[10]);
2070 word3_muladd(&w2, &w1, &w0, ws[24], p[9]);
2071 word3_muladd(&w2, &w1, &w0, ws[25], p[8]);
2072 word3_muladd(&w2, &w1, &w0, ws[26], p[7]);
2073 word3_muladd(&w2, &w1, &w0, ws[27], p[6]);
2074 word3_muladd(&w2, &w1, &w0, ws[28], p[5]);
2075 word3_muladd(&w2, &w1, &w0, ws[29], p[4]);
2076 word3_muladd(&w2, &w1, &w0, ws[30], p[3]);
2077 word3_muladd(&w2, &w1, &w0, ws[31], p[2]);
2078 word3_add(&w2, &w1, &w0, z[33]);
2079 ws[1] = w0;
2080 w0 = w1; w1 = w2; w2 = 0;
2081 word3_muladd(&w2, &w1, &w0, ws[3], p[31]);
2082 word3_muladd(&w2, &w1, &w0, ws[4], p[30]);
2083 word3_muladd(&w2, &w1, &w0, ws[5], p[29]);
2084 word3_muladd(&w2, &w1, &w0, ws[6], p[28]);
2085 word3_muladd(&w2, &w1, &w0, ws[7], p[27]);
2086 word3_muladd(&w2, &w1, &w0, ws[8], p[26]);
2087 word3_muladd(&w2, &w1, &w0, ws[9], p[25]);
2088 word3_muladd(&w2, &w1, &w0, ws[10], p[24]);
2089 word3_muladd(&w2, &w1, &w0, ws[11], p[23]);
2090 word3_muladd(&w2, &w1, &w0, ws[12], p[22]);
2091 word3_muladd(&w2, &w1, &w0, ws[13], p[21]);
2092 word3_muladd(&w2, &w1, &w0, ws[14], p[20]);
2093 word3_muladd(&w2, &w1, &w0, ws[15], p[19]);
2094 word3_muladd(&w2, &w1, &w0, ws[16], p[18]);
2095 word3_muladd(&w2, &w1, &w0, ws[17], p[17]);
2096 word3_muladd(&w2, &w1, &w0, ws[18], p[16]);
2097 word3_muladd(&w2, &w1, &w0, ws[19], p[15]);
2098 word3_muladd(&w2, &w1, &w0, ws[20], p[14]);
2099 word3_muladd(&w2, &w1, &w0, ws[21], p[13]);
2100 word3_muladd(&w2, &w1, &w0, ws[22], p[12]);
2101 word3_muladd(&w2, &w1, &w0, ws[23], p[11]);
2102 word3_muladd(&w2, &w1, &w0, ws[24], p[10]);
2103 word3_muladd(&w2, &w1, &w0, ws[25], p[9]);
2104 word3_muladd(&w2, &w1, &w0, ws[26], p[8]);
2105 word3_muladd(&w2, &w1, &w0, ws[27], p[7]);
2106 word3_muladd(&w2, &w1, &w0, ws[28], p[6]);
2107 word3_muladd(&w2, &w1, &w0, ws[29], p[5]);
2108 word3_muladd(&w2, &w1, &w0, ws[30], p[4]);
2109 word3_muladd(&w2, &w1, &w0, ws[31], p[3]);
2110 word3_add(&w2, &w1, &w0, z[34]);
2111 ws[2] = w0;
2112 w0 = w1; w1 = w2; w2 = 0;
2113 word3_muladd(&w2, &w1, &w0, ws[4], p[31]);
2114 word3_muladd(&w2, &w1, &w0, ws[5], p[30]);
2115 word3_muladd(&w2, &w1, &w0, ws[6], p[29]);
2116 word3_muladd(&w2, &w1, &w0, ws[7], p[28]);
2117 word3_muladd(&w2, &w1, &w0, ws[8], p[27]);
2118 word3_muladd(&w2, &w1, &w0, ws[9], p[26]);
2119 word3_muladd(&w2, &w1, &w0, ws[10], p[25]);
2120 word3_muladd(&w2, &w1, &w0, ws[11], p[24]);
2121 word3_muladd(&w2, &w1, &w0, ws[12], p[23]);
2122 word3_muladd(&w2, &w1, &w0, ws[13], p[22]);
2123 word3_muladd(&w2, &w1, &w0, ws[14], p[21]);
2124 word3_muladd(&w2, &w1, &w0, ws[15], p[20]);
2125 word3_muladd(&w2, &w1, &w0, ws[16], p[19]);
2126 word3_muladd(&w2, &w1, &w0, ws[17], p[18]);
2127 word3_muladd(&w2, &w1, &w0, ws[18], p[17]);
2128 word3_muladd(&w2, &w1, &w0, ws[19], p[16]);
2129 word3_muladd(&w2, &w1, &w0, ws[20], p[15]);
2130 word3_muladd(&w2, &w1, &w0, ws[21], p[14]);
2131 word3_muladd(&w2, &w1, &w0, ws[22], p[13]);
2132 word3_muladd(&w2, &w1, &w0, ws[23], p[12]);
2133 word3_muladd(&w2, &w1, &w0, ws[24], p[11]);
2134 word3_muladd(&w2, &w1, &w0, ws[25], p[10]);
2135 word3_muladd(&w2, &w1, &w0, ws[26], p[9]);
2136 word3_muladd(&w2, &w1, &w0, ws[27], p[8]);
2137 word3_muladd(&w2, &w1, &w0, ws[28], p[7]);
2138 word3_muladd(&w2, &w1, &w0, ws[29], p[6]);
2139 word3_muladd(&w2, &w1, &w0, ws[30], p[5]);
2140 word3_muladd(&w2, &w1, &w0, ws[31], p[4]);
2141 word3_add(&w2, &w1, &w0, z[35]);
2142 ws[3] = w0;
2143 w0 = w1; w1 = w2; w2 = 0;
2144 word3_muladd(&w2, &w1, &w0, ws[5], p[31]);
2145 word3_muladd(&w2, &w1, &w0, ws[6], p[30]);
2146 word3_muladd(&w2, &w1, &w0, ws[7], p[29]);
2147 word3_muladd(&w2, &w1, &w0, ws[8], p[28]);
2148 word3_muladd(&w2, &w1, &w0, ws[9], p[27]);
2149 word3_muladd(&w2, &w1, &w0, ws[10], p[26]);
2150 word3_muladd(&w2, &w1, &w0, ws[11], p[25]);
2151 word3_muladd(&w2, &w1, &w0, ws[12], p[24]);
2152 word3_muladd(&w2, &w1, &w0, ws[13], p[23]);
2153 word3_muladd(&w2, &w1, &w0, ws[14], p[22]);
2154 word3_muladd(&w2, &w1, &w0, ws[15], p[21]);
2155 word3_muladd(&w2, &w1, &w0, ws[16], p[20]);
2156 word3_muladd(&w2, &w1, &w0, ws[17], p[19]);
2157 word3_muladd(&w2, &w1, &w0, ws[18], p[18]);
2158 word3_muladd(&w2, &w1, &w0, ws[19], p[17]);
2159 word3_muladd(&w2, &w1, &w0, ws[20], p[16]);
2160 word3_muladd(&w2, &w1, &w0, ws[21], p[15]);
2161 word3_muladd(&w2, &w1, &w0, ws[22], p[14]);
2162 word3_muladd(&w2, &w1, &w0, ws[23], p[13]);
2163 word3_muladd(&w2, &w1, &w0, ws[24], p[12]);
2164 word3_muladd(&w2, &w1, &w0, ws[25], p[11]);
2165 word3_muladd(&w2, &w1, &w0, ws[26], p[10]);
2166 word3_muladd(&w2, &w1, &w0, ws[27], p[9]);
2167 word3_muladd(&w2, &w1, &w0, ws[28], p[8]);
2168 word3_muladd(&w2, &w1, &w0, ws[29], p[7]);
2169 word3_muladd(&w2, &w1, &w0, ws[30], p[6]);
2170 word3_muladd(&w2, &w1, &w0, ws[31], p[5]);
2171 word3_add(&w2, &w1, &w0, z[36]);
2172 ws[4] = w0;
2173 w0 = w1; w1 = w2; w2 = 0;
2174 word3_muladd(&w2, &w1, &w0, ws[6], p[31]);
2175 word3_muladd(&w2, &w1, &w0, ws[7], p[30]);
2176 word3_muladd(&w2, &w1, &w0, ws[8], p[29]);
2177 word3_muladd(&w2, &w1, &w0, ws[9], p[28]);
2178 word3_muladd(&w2, &w1, &w0, ws[10], p[27]);
2179 word3_muladd(&w2, &w1, &w0, ws[11], p[26]);
2180 word3_muladd(&w2, &w1, &w0, ws[12], p[25]);
2181 word3_muladd(&w2, &w1, &w0, ws[13], p[24]);
2182 word3_muladd(&w2, &w1, &w0, ws[14], p[23]);
2183 word3_muladd(&w2, &w1, &w0, ws[15], p[22]);
2184 word3_muladd(&w2, &w1, &w0, ws[16], p[21]);
2185 word3_muladd(&w2, &w1, &w0, ws[17], p[20]);
2186 word3_muladd(&w2, &w1, &w0, ws[18], p[19]);
2187 word3_muladd(&w2, &w1, &w0, ws[19], p[18]);
2188 word3_muladd(&w2, &w1, &w0, ws[20], p[17]);
2189 word3_muladd(&w2, &w1, &w0, ws[21], p[16]);
2190 word3_muladd(&w2, &w1, &w0, ws[22], p[15]);
2191 word3_muladd(&w2, &w1, &w0, ws[23], p[14]);
2192 word3_muladd(&w2, &w1, &w0, ws[24], p[13]);
2193 word3_muladd(&w2, &w1, &w0, ws[25], p[12]);
2194 word3_muladd(&w2, &w1, &w0, ws[26], p[11]);
2195 word3_muladd(&w2, &w1, &w0, ws[27], p[10]);
2196 word3_muladd(&w2, &w1, &w0, ws[28], p[9]);
2197 word3_muladd(&w2, &w1, &w0, ws[29], p[8]);
2198 word3_muladd(&w2, &w1, &w0, ws[30], p[7]);
2199 word3_muladd(&w2, &w1, &w0, ws[31], p[6]);
2200 word3_add(&w2, &w1, &w0, z[37]);
2201 ws[5] = w0;
2202 w0 = w1; w1 = w2; w2 = 0;
2203 word3_muladd(&w2, &w1, &w0, ws[7], p[31]);
2204 word3_muladd(&w2, &w1, &w0, ws[8], p[30]);
2205 word3_muladd(&w2, &w1, &w0, ws[9], p[29]);
2206 word3_muladd(&w2, &w1, &w0, ws[10], p[28]);
2207 word3_muladd(&w2, &w1, &w0, ws[11], p[27]);
2208 word3_muladd(&w2, &w1, &w0, ws[12], p[26]);
2209 word3_muladd(&w2, &w1, &w0, ws[13], p[25]);
2210 word3_muladd(&w2, &w1, &w0, ws[14], p[24]);
2211 word3_muladd(&w2, &w1, &w0, ws[15], p[23]);
2212 word3_muladd(&w2, &w1, &w0, ws[16], p[22]);
2213 word3_muladd(&w2, &w1, &w0, ws[17], p[21]);
2214 word3_muladd(&w2, &w1, &w0, ws[18], p[20]);
2215 word3_muladd(&w2, &w1, &w0, ws[19], p[19]);
2216 word3_muladd(&w2, &w1, &w0, ws[20], p[18]);
2217 word3_muladd(&w2, &w1, &w0, ws[21], p[17]);
2218 word3_muladd(&w2, &w1, &w0, ws[22], p[16]);
2219 word3_muladd(&w2, &w1, &w0, ws[23], p[15]);
2220 word3_muladd(&w2, &w1, &w0, ws[24], p[14]);
2221 word3_muladd(&w2, &w1, &w0, ws[25], p[13]);
2222 word3_muladd(&w2, &w1, &w0, ws[26], p[12]);
2223 word3_muladd(&w2, &w1, &w0, ws[27], p[11]);
2224 word3_muladd(&w2, &w1, &w0, ws[28], p[10]);
2225 word3_muladd(&w2, &w1, &w0, ws[29], p[9]);
2226 word3_muladd(&w2, &w1, &w0, ws[30], p[8]);
2227 word3_muladd(&w2, &w1, &w0, ws[31], p[7]);
2228 word3_add(&w2, &w1, &w0, z[38]);
2229 ws[6] = w0;
2230 w0 = w1; w1 = w2; w2 = 0;
2231 word3_muladd(&w2, &w1, &w0, ws[8], p[31]);
2232 word3_muladd(&w2, &w1, &w0, ws[9], p[30]);
2233 word3_muladd(&w2, &w1, &w0, ws[10], p[29]);
2234 word3_muladd(&w2, &w1, &w0, ws[11], p[28]);
2235 word3_muladd(&w2, &w1, &w0, ws[12], p[27]);
2236 word3_muladd(&w2, &w1, &w0, ws[13], p[26]);
2237 word3_muladd(&w2, &w1, &w0, ws[14], p[25]);
2238 word3_muladd(&w2, &w1, &w0, ws[15], p[24]);
2239 word3_muladd(&w2, &w1, &w0, ws[16], p[23]);
2240 word3_muladd(&w2, &w1, &w0, ws[17], p[22]);
2241 word3_muladd(&w2, &w1, &w0, ws[18], p[21]);
2242 word3_muladd(&w2, &w1, &w0, ws[19], p[20]);
2243 word3_muladd(&w2, &w1, &w0, ws[20], p[19]);
2244 word3_muladd(&w2, &w1, &w0, ws[21], p[18]);
2245 word3_muladd(&w2, &w1, &w0, ws[22], p[17]);
2246 word3_muladd(&w2, &w1, &w0, ws[23], p[16]);
2247 word3_muladd(&w2, &w1, &w0, ws[24], p[15]);
2248 word3_muladd(&w2, &w1, &w0, ws[25], p[14]);
2249 word3_muladd(&w2, &w1, &w0, ws[26], p[13]);
2250 word3_muladd(&w2, &w1, &w0, ws[27], p[12]);
2251 word3_muladd(&w2, &w1, &w0, ws[28], p[11]);
2252 word3_muladd(&w2, &w1, &w0, ws[29], p[10]);
2253 word3_muladd(&w2, &w1, &w0, ws[30], p[9]);
2254 word3_muladd(&w2, &w1, &w0, ws[31], p[8]);
2255 word3_add(&w2, &w1, &w0, z[39]);
2256 ws[7] = w0;
2257 w0 = w1; w1 = w2; w2 = 0;
2258 word3_muladd(&w2, &w1, &w0, ws[9], p[31]);
2259 word3_muladd(&w2, &w1, &w0, ws[10], p[30]);
2260 word3_muladd(&w2, &w1, &w0, ws[11], p[29]);
2261 word3_muladd(&w2, &w1, &w0, ws[12], p[28]);
2262 word3_muladd(&w2, &w1, &w0, ws[13], p[27]);
2263 word3_muladd(&w2, &w1, &w0, ws[14], p[26]);
2264 word3_muladd(&w2, &w1, &w0, ws[15], p[25]);
2265 word3_muladd(&w2, &w1, &w0, ws[16], p[24]);
2266 word3_muladd(&w2, &w1, &w0, ws[17], p[23]);
2267 word3_muladd(&w2, &w1, &w0, ws[18], p[22]);
2268 word3_muladd(&w2, &w1, &w0, ws[19], p[21]);
2269 word3_muladd(&w2, &w1, &w0, ws[20], p[20]);
2270 word3_muladd(&w2, &w1, &w0, ws[21], p[19]);
2271 word3_muladd(&w2, &w1, &w0, ws[22], p[18]);
2272 word3_muladd(&w2, &w1, &w0, ws[23], p[17]);
2273 word3_muladd(&w2, &w1, &w0, ws[24], p[16]);
2274 word3_muladd(&w2, &w1, &w0, ws[25], p[15]);
2275 word3_muladd(&w2, &w1, &w0, ws[26], p[14]);
2276 word3_muladd(&w2, &w1, &w0, ws[27], p[13]);
2277 word3_muladd(&w2, &w1, &w0, ws[28], p[12]);
2278 word3_muladd(&w2, &w1, &w0, ws[29], p[11]);
2279 word3_muladd(&w2, &w1, &w0, ws[30], p[10]);
2280 word3_muladd(&w2, &w1, &w0, ws[31], p[9]);
2281 word3_add(&w2, &w1, &w0, z[40]);
2282 ws[8] = w0;
2283 w0 = w1; w1 = w2; w2 = 0;
2284 word3_muladd(&w2, &w1, &w0, ws[10], p[31]);
2285 word3_muladd(&w2, &w1, &w0, ws[11], p[30]);
2286 word3_muladd(&w2, &w1, &w0, ws[12], p[29]);
2287 word3_muladd(&w2, &w1, &w0, ws[13], p[28]);
2288 word3_muladd(&w2, &w1, &w0, ws[14], p[27]);
2289 word3_muladd(&w2, &w1, &w0, ws[15], p[26]);
2290 word3_muladd(&w2, &w1, &w0, ws[16], p[25]);
2291 word3_muladd(&w2, &w1, &w0, ws[17], p[24]);
2292 word3_muladd(&w2, &w1, &w0, ws[18], p[23]);
2293 word3_muladd(&w2, &w1, &w0, ws[19], p[22]);
2294 word3_muladd(&w2, &w1, &w0, ws[20], p[21]);
2295 word3_muladd(&w2, &w1, &w0, ws[21], p[20]);
2296 word3_muladd(&w2, &w1, &w0, ws[22], p[19]);
2297 word3_muladd(&w2, &w1, &w0, ws[23], p[18]);
2298 word3_muladd(&w2, &w1, &w0, ws[24], p[17]);
2299 word3_muladd(&w2, &w1, &w0, ws[25], p[16]);
2300 word3_muladd(&w2, &w1, &w0, ws[26], p[15]);
2301 word3_muladd(&w2, &w1, &w0, ws[27], p[14]);
2302 word3_muladd(&w2, &w1, &w0, ws[28], p[13]);
2303 word3_muladd(&w2, &w1, &w0, ws[29], p[12]);
2304 word3_muladd(&w2, &w1, &w0, ws[30], p[11]);
2305 word3_muladd(&w2, &w1, &w0, ws[31], p[10]);
2306 word3_add(&w2, &w1, &w0, z[41]);
2307 ws[9] = w0;
2308 w0 = w1; w1 = w2; w2 = 0;
2309 word3_muladd(&w2, &w1, &w0, ws[11], p[31]);
2310 word3_muladd(&w2, &w1, &w0, ws[12], p[30]);
2311 word3_muladd(&w2, &w1, &w0, ws[13], p[29]);
2312 word3_muladd(&w2, &w1, &w0, ws[14], p[28]);
2313 word3_muladd(&w2, &w1, &w0, ws[15], p[27]);
2314 word3_muladd(&w2, &w1, &w0, ws[16], p[26]);
2315 word3_muladd(&w2, &w1, &w0, ws[17], p[25]);
2316 word3_muladd(&w2, &w1, &w0, ws[18], p[24]);
2317 word3_muladd(&w2, &w1, &w0, ws[19], p[23]);
2318 word3_muladd(&w2, &w1, &w0, ws[20], p[22]);
2319 word3_muladd(&w2, &w1, &w0, ws[21], p[21]);
2320 word3_muladd(&w2, &w1, &w0, ws[22], p[20]);
2321 word3_muladd(&w2, &w1, &w0, ws[23], p[19]);
2322 word3_muladd(&w2, &w1, &w0, ws[24], p[18]);
2323 word3_muladd(&w2, &w1, &w0, ws[25], p[17]);
2324 word3_muladd(&w2, &w1, &w0, ws[26], p[16]);
2325 word3_muladd(&w2, &w1, &w0, ws[27], p[15]);
2326 word3_muladd(&w2, &w1, &w0, ws[28], p[14]);
2327 word3_muladd(&w2, &w1, &w0, ws[29], p[13]);
2328 word3_muladd(&w2, &w1, &w0, ws[30], p[12]);
2329 word3_muladd(&w2, &w1, &w0, ws[31], p[11]);
2330 word3_add(&w2, &w1, &w0, z[42]);
2331 ws[10] = w0;
2332 w0 = w1; w1 = w2; w2 = 0;
2333 word3_muladd(&w2, &w1, &w0, ws[12], p[31]);
2334 word3_muladd(&w2, &w1, &w0, ws[13], p[30]);
2335 word3_muladd(&w2, &w1, &w0, ws[14], p[29]);
2336 word3_muladd(&w2, &w1, &w0, ws[15], p[28]);
2337 word3_muladd(&w2, &w1, &w0, ws[16], p[27]);
2338 word3_muladd(&w2, &w1, &w0, ws[17], p[26]);
2339 word3_muladd(&w2, &w1, &w0, ws[18], p[25]);
2340 word3_muladd(&w2, &w1, &w0, ws[19], p[24]);
2341 word3_muladd(&w2, &w1, &w0, ws[20], p[23]);
2342 word3_muladd(&w2, &w1, &w0, ws[21], p[22]);
2343 word3_muladd(&w2, &w1, &w0, ws[22], p[21]);
2344 word3_muladd(&w2, &w1, &w0, ws[23], p[20]);
2345 word3_muladd(&w2, &w1, &w0, ws[24], p[19]);
2346 word3_muladd(&w2, &w1, &w0, ws[25], p[18]);
2347 word3_muladd(&w2, &w1, &w0, ws[26], p[17]);
2348 word3_muladd(&w2, &w1, &w0, ws[27], p[16]);
2349 word3_muladd(&w2, &w1, &w0, ws[28], p[15]);
2350 word3_muladd(&w2, &w1, &w0, ws[29], p[14]);
2351 word3_muladd(&w2, &w1, &w0, ws[30], p[13]);
2352 word3_muladd(&w2, &w1, &w0, ws[31], p[12]);
2353 word3_add(&w2, &w1, &w0, z[43]);
2354 ws[11] = w0;
2355 w0 = w1; w1 = w2; w2 = 0;
2356 word3_muladd(&w2, &w1, &w0, ws[13], p[31]);
2357 word3_muladd(&w2, &w1, &w0, ws[14], p[30]);
2358 word3_muladd(&w2, &w1, &w0, ws[15], p[29]);
2359 word3_muladd(&w2, &w1, &w0, ws[16], p[28]);
2360 word3_muladd(&w2, &w1, &w0, ws[17], p[27]);
2361 word3_muladd(&w2, &w1, &w0, ws[18], p[26]);
2362 word3_muladd(&w2, &w1, &w0, ws[19], p[25]);
2363 word3_muladd(&w2, &w1, &w0, ws[20], p[24]);
2364 word3_muladd(&w2, &w1, &w0, ws[21], p[23]);
2365 word3_muladd(&w2, &w1, &w0, ws[22], p[22]);
2366 word3_muladd(&w2, &w1, &w0, ws[23], p[21]);
2367 word3_muladd(&w2, &w1, &w0, ws[24], p[20]);
2368 word3_muladd(&w2, &w1, &w0, ws[25], p[19]);
2369 word3_muladd(&w2, &w1, &w0, ws[26], p[18]);
2370 word3_muladd(&w2, &w1, &w0, ws[27], p[17]);
2371 word3_muladd(&w2, &w1, &w0, ws[28], p[16]);
2372 word3_muladd(&w2, &w1, &w0, ws[29], p[15]);
2373 word3_muladd(&w2, &w1, &w0, ws[30], p[14]);
2374 word3_muladd(&w2, &w1, &w0, ws[31], p[13]);
2375 word3_add(&w2, &w1, &w0, z[44]);
2376 ws[12] = w0;
2377 w0 = w1; w1 = w2; w2 = 0;
2378 word3_muladd(&w2, &w1, &w0, ws[14], p[31]);
2379 word3_muladd(&w2, &w1, &w0, ws[15], p[30]);
2380 word3_muladd(&w2, &w1, &w0, ws[16], p[29]);
2381 word3_muladd(&w2, &w1, &w0, ws[17], p[28]);
2382 word3_muladd(&w2, &w1, &w0, ws[18], p[27]);
2383 word3_muladd(&w2, &w1, &w0, ws[19], p[26]);
2384 word3_muladd(&w2, &w1, &w0, ws[20], p[25]);
2385 word3_muladd(&w2, &w1, &w0, ws[21], p[24]);
2386 word3_muladd(&w2, &w1, &w0, ws[22], p[23]);
2387 word3_muladd(&w2, &w1, &w0, ws[23], p[22]);
2388 word3_muladd(&w2, &w1, &w0, ws[24], p[21]);
2389 word3_muladd(&w2, &w1, &w0, ws[25], p[20]);
2390 word3_muladd(&w2, &w1, &w0, ws[26], p[19]);
2391 word3_muladd(&w2, &w1, &w0, ws[27], p[18]);
2392 word3_muladd(&w2, &w1, &w0, ws[28], p[17]);
2393 word3_muladd(&w2, &w1, &w0, ws[29], p[16]);
2394 word3_muladd(&w2, &w1, &w0, ws[30], p[15]);
2395 word3_muladd(&w2, &w1, &w0, ws[31], p[14]);
2396 word3_add(&w2, &w1, &w0, z[45]);
2397 ws[13] = w0;
2398 w0 = w1; w1 = w2; w2 = 0;
2399 word3_muladd(&w2, &w1, &w0, ws[15], p[31]);
2400 word3_muladd(&w2, &w1, &w0, ws[16], p[30]);
2401 word3_muladd(&w2, &w1, &w0, ws[17], p[29]);
2402 word3_muladd(&w2, &w1, &w0, ws[18], p[28]);
2403 word3_muladd(&w2, &w1, &w0, ws[19], p[27]);
2404 word3_muladd(&w2, &w1, &w0, ws[20], p[26]);
2405 word3_muladd(&w2, &w1, &w0, ws[21], p[25]);
2406 word3_muladd(&w2, &w1, &w0, ws[22], p[24]);
2407 word3_muladd(&w2, &w1, &w0, ws[23], p[23]);
2408 word3_muladd(&w2, &w1, &w0, ws[24], p[22]);
2409 word3_muladd(&w2, &w1, &w0, ws[25], p[21]);
2410 word3_muladd(&w2, &w1, &w0, ws[26], p[20]);
2411 word3_muladd(&w2, &w1, &w0, ws[27], p[19]);
2412 word3_muladd(&w2, &w1, &w0, ws[28], p[18]);
2413 word3_muladd(&w2, &w1, &w0, ws[29], p[17]);
2414 word3_muladd(&w2, &w1, &w0, ws[30], p[16]);
2415 word3_muladd(&w2, &w1, &w0, ws[31], p[15]);
2416 word3_add(&w2, &w1, &w0, z[46]);
2417 ws[14] = w0;
2418 w0 = w1; w1 = w2; w2 = 0;
2419 word3_muladd(&w2, &w1, &w0, ws[16], p[31]);
2420 word3_muladd(&w2, &w1, &w0, ws[17], p[30]);
2421 word3_muladd(&w2, &w1, &w0, ws[18], p[29]);
2422 word3_muladd(&w2, &w1, &w0, ws[19], p[28]);
2423 word3_muladd(&w2, &w1, &w0, ws[20], p[27]);
2424 word3_muladd(&w2, &w1, &w0, ws[21], p[26]);
2425 word3_muladd(&w2, &w1, &w0, ws[22], p[25]);
2426 word3_muladd(&w2, &w1, &w0, ws[23], p[24]);
2427 word3_muladd(&w2, &w1, &w0, ws[24], p[23]);
2428 word3_muladd(&w2, &w1, &w0, ws[25], p[22]);
2429 word3_muladd(&w2, &w1, &w0, ws[26], p[21]);
2430 word3_muladd(&w2, &w1, &w0, ws[27], p[20]);
2431 word3_muladd(&w2, &w1, &w0, ws[28], p[19]);
2432 word3_muladd(&w2, &w1, &w0, ws[29], p[18]);
2433 word3_muladd(&w2, &w1, &w0, ws[30], p[17]);
2434 word3_muladd(&w2, &w1, &w0, ws[31], p[16]);
2435 word3_add(&w2, &w1, &w0, z[47]);
2436 ws[15] = w0;
2437 w0 = w1; w1 = w2; w2 = 0;
2438 word3_muladd(&w2, &w1, &w0, ws[17], p[31]);
2439 word3_muladd(&w2, &w1, &w0, ws[18], p[30]);
2440 word3_muladd(&w2, &w1, &w0, ws[19], p[29]);
2441 word3_muladd(&w2, &w1, &w0, ws[20], p[28]);
2442 word3_muladd(&w2, &w1, &w0, ws[21], p[27]);
2443 word3_muladd(&w2, &w1, &w0, ws[22], p[26]);
2444 word3_muladd(&w2, &w1, &w0, ws[23], p[25]);
2445 word3_muladd(&w2, &w1, &w0, ws[24], p[24]);
2446 word3_muladd(&w2, &w1, &w0, ws[25], p[23]);
2447 word3_muladd(&w2, &w1, &w0, ws[26], p[22]);
2448 word3_muladd(&w2, &w1, &w0, ws[27], p[21]);
2449 word3_muladd(&w2, &w1, &w0, ws[28], p[20]);
2450 word3_muladd(&w2, &w1, &w0, ws[29], p[19]);
2451 word3_muladd(&w2, &w1, &w0, ws[30], p[18]);
2452 word3_muladd(&w2, &w1, &w0, ws[31], p[17]);
2453 word3_add(&w2, &w1, &w0, z[48]);
2454 ws[16] = w0;
2455 w0 = w1; w1 = w2; w2 = 0;
2456 word3_muladd(&w2, &w1, &w0, ws[18], p[31]);
2457 word3_muladd(&w2, &w1, &w0, ws[19], p[30]);
2458 word3_muladd(&w2, &w1, &w0, ws[20], p[29]);
2459 word3_muladd(&w2, &w1, &w0, ws[21], p[28]);
2460 word3_muladd(&w2, &w1, &w0, ws[22], p[27]);
2461 word3_muladd(&w2, &w1, &w0, ws[23], p[26]);
2462 word3_muladd(&w2, &w1, &w0, ws[24], p[25]);
2463 word3_muladd(&w2, &w1, &w0, ws[25], p[24]);
2464 word3_muladd(&w2, &w1, &w0, ws[26], p[23]);
2465 word3_muladd(&w2, &w1, &w0, ws[27], p[22]);
2466 word3_muladd(&w2, &w1, &w0, ws[28], p[21]);
2467 word3_muladd(&w2, &w1, &w0, ws[29], p[20]);
2468 word3_muladd(&w2, &w1, &w0, ws[30], p[19]);
2469 word3_muladd(&w2, &w1, &w0, ws[31], p[18]);
2470 word3_add(&w2, &w1, &w0, z[49]);
2471 ws[17] = w0;
2472 w0 = w1; w1 = w2; w2 = 0;
2473 word3_muladd(&w2, &w1, &w0, ws[19], p[31]);
2474 word3_muladd(&w2, &w1, &w0, ws[20], p[30]);
2475 word3_muladd(&w2, &w1, &w0, ws[21], p[29]);
2476 word3_muladd(&w2, &w1, &w0, ws[22], p[28]);
2477 word3_muladd(&w2, &w1, &w0, ws[23], p[27]);
2478 word3_muladd(&w2, &w1, &w0, ws[24], p[26]);
2479 word3_muladd(&w2, &w1, &w0, ws[25], p[25]);
2480 word3_muladd(&w2, &w1, &w0, ws[26], p[24]);
2481 word3_muladd(&w2, &w1, &w0, ws[27], p[23]);
2482 word3_muladd(&w2, &w1, &w0, ws[28], p[22]);
2483 word3_muladd(&w2, &w1, &w0, ws[29], p[21]);
2484 word3_muladd(&w2, &w1, &w0, ws[30], p[20]);
2485 word3_muladd(&w2, &w1, &w0, ws[31], p[19]);
2486 word3_add(&w2, &w1, &w0, z[50]);
2487 ws[18] = w0;
2488 w0 = w1; w1 = w2; w2 = 0;
2489 word3_muladd(&w2, &w1, &w0, ws[20], p[31]);
2490 word3_muladd(&w2, &w1, &w0, ws[21], p[30]);
2491 word3_muladd(&w2, &w1, &w0, ws[22], p[29]);
2492 word3_muladd(&w2, &w1, &w0, ws[23], p[28]);
2493 word3_muladd(&w2, &w1, &w0, ws[24], p[27]);
2494 word3_muladd(&w2, &w1, &w0, ws[25], p[26]);
2495 word3_muladd(&w2, &w1, &w0, ws[26], p[25]);
2496 word3_muladd(&w2, &w1, &w0, ws[27], p[24]);
2497 word3_muladd(&w2, &w1, &w0, ws[28], p[23]);
2498 word3_muladd(&w2, &w1, &w0, ws[29], p[22]);
2499 word3_muladd(&w2, &w1, &w0, ws[30], p[21]);
2500 word3_muladd(&w2, &w1, &w0, ws[31], p[20]);
2501 word3_add(&w2, &w1, &w0, z[51]);
2502 ws[19] = w0;
2503 w0 = w1; w1 = w2; w2 = 0;
2504 word3_muladd(&w2, &w1, &w0, ws[21], p[31]);
2505 word3_muladd(&w2, &w1, &w0, ws[22], p[30]);
2506 word3_muladd(&w2, &w1, &w0, ws[23], p[29]);
2507 word3_muladd(&w2, &w1, &w0, ws[24], p[28]);
2508 word3_muladd(&w2, &w1, &w0, ws[25], p[27]);
2509 word3_muladd(&w2, &w1, &w0, ws[26], p[26]);
2510 word3_muladd(&w2, &w1, &w0, ws[27], p[25]);
2511 word3_muladd(&w2, &w1, &w0, ws[28], p[24]);
2512 word3_muladd(&w2, &w1, &w0, ws[29], p[23]);
2513 word3_muladd(&w2, &w1, &w0, ws[30], p[22]);
2514 word3_muladd(&w2, &w1, &w0, ws[31], p[21]);
2515 word3_add(&w2, &w1, &w0, z[52]);
2516 ws[20] = w0;
2517 w0 = w1; w1 = w2; w2 = 0;
2518 word3_muladd(&w2, &w1, &w0, ws[22], p[31]);
2519 word3_muladd(&w2, &w1, &w0, ws[23], p[30]);
2520 word3_muladd(&w2, &w1, &w0, ws[24], p[29]);
2521 word3_muladd(&w2, &w1, &w0, ws[25], p[28]);
2522 word3_muladd(&w2, &w1, &w0, ws[26], p[27]);
2523 word3_muladd(&w2, &w1, &w0, ws[27], p[26]);
2524 word3_muladd(&w2, &w1, &w0, ws[28], p[25]);
2525 word3_muladd(&w2, &w1, &w0, ws[29], p[24]);
2526 word3_muladd(&w2, &w1, &w0, ws[30], p[23]);
2527 word3_muladd(&w2, &w1, &w0, ws[31], p[22]);
2528 word3_add(&w2, &w1, &w0, z[53]);
2529 ws[21] = w0;
2530 w0 = w1; w1 = w2; w2 = 0;
2531 word3_muladd(&w2, &w1, &w0, ws[23], p[31]);
2532 word3_muladd(&w2, &w1, &w0, ws[24], p[30]);
2533 word3_muladd(&w2, &w1, &w0, ws[25], p[29]);
2534 word3_muladd(&w2, &w1, &w0, ws[26], p[28]);
2535 word3_muladd(&w2, &w1, &w0, ws[27], p[27]);
2536 word3_muladd(&w2, &w1, &w0, ws[28], p[26]);
2537 word3_muladd(&w2, &w1, &w0, ws[29], p[25]);
2538 word3_muladd(&w2, &w1, &w0, ws[30], p[24]);
2539 word3_muladd(&w2, &w1, &w0, ws[31], p[23]);
2540 word3_add(&w2, &w1, &w0, z[54]);
2541 ws[22] = w0;
2542 w0 = w1; w1 = w2; w2 = 0;
2543 word3_muladd(&w2, &w1, &w0, ws[24], p[31]);
2544 word3_muladd(&w2, &w1, &w0, ws[25], p[30]);
2545 word3_muladd(&w2, &w1, &w0, ws[26], p[29]);
2546 word3_muladd(&w2, &w1, &w0, ws[27], p[28]);
2547 word3_muladd(&w2, &w1, &w0, ws[28], p[27]);
2548 word3_muladd(&w2, &w1, &w0, ws[29], p[26]);
2549 word3_muladd(&w2, &w1, &w0, ws[30], p[25]);
2550 word3_muladd(&w2, &w1, &w0, ws[31], p[24]);
2551 word3_add(&w2, &w1, &w0, z[55]);
2552 ws[23] = w0;
2553 w0 = w1; w1 = w2; w2 = 0;
2554 word3_muladd(&w2, &w1, &w0, ws[25], p[31]);
2555 word3_muladd(&w2, &w1, &w0, ws[26], p[30]);
2556 word3_muladd(&w2, &w1, &w0, ws[27], p[29]);
2557 word3_muladd(&w2, &w1, &w0, ws[28], p[28]);
2558 word3_muladd(&w2, &w1, &w0, ws[29], p[27]);
2559 word3_muladd(&w2, &w1, &w0, ws[30], p[26]);
2560 word3_muladd(&w2, &w1, &w0, ws[31], p[25]);
2561 word3_add(&w2, &w1, &w0, z[56]);
2562 ws[24] = w0;
2563 w0 = w1; w1 = w2; w2 = 0;
2564 word3_muladd(&w2, &w1, &w0, ws[26], p[31]);
2565 word3_muladd(&w2, &w1, &w0, ws[27], p[30]);
2566 word3_muladd(&w2, &w1, &w0, ws[28], p[29]);
2567 word3_muladd(&w2, &w1, &w0, ws[29], p[28]);
2568 word3_muladd(&w2, &w1, &w0, ws[30], p[27]);
2569 word3_muladd(&w2, &w1, &w0, ws[31], p[26]);
2570 word3_add(&w2, &w1, &w0, z[57]);
2571 ws[25] = w0;
2572 w0 = w1; w1 = w2; w2 = 0;
2573 word3_muladd(&w2, &w1, &w0, ws[27], p[31]);
2574 word3_muladd(&w2, &w1, &w0, ws[28], p[30]);
2575 word3_muladd(&w2, &w1, &w0, ws[29], p[29]);
2576 word3_muladd(&w2, &w1, &w0, ws[30], p[28]);
2577 word3_muladd(&w2, &w1, &w0, ws[31], p[27]);
2578 word3_add(&w2, &w1, &w0, z[58]);
2579 ws[26] = w0;
2580 w0 = w1; w1 = w2; w2 = 0;
2581 word3_muladd(&w2, &w1, &w0, ws[28], p[31]);
2582 word3_muladd(&w2, &w1, &w0, ws[29], p[30]);
2583 word3_muladd(&w2, &w1, &w0, ws[30], p[29]);
2584 word3_muladd(&w2, &w1, &w0, ws[31], p[28]);
2585 word3_add(&w2, &w1, &w0, z[59]);
2586 ws[27] = w0;
2587 w0 = w1; w1 = w2; w2 = 0;
2588 word3_muladd(&w2, &w1, &w0, ws[29], p[31]);
2589 word3_muladd(&w2, &w1, &w0, ws[30], p[30]);
2590 word3_muladd(&w2, &w1, &w0, ws[31], p[29]);
2591 word3_add(&w2, &w1, &w0, z[60]);
2592 ws[28] = w0;
2593 w0 = w1; w1 = w2; w2 = 0;
2594 word3_muladd(&w2, &w1, &w0, ws[30], p[31]);
2595 word3_muladd(&w2, &w1, &w0, ws[31], p[30]);
2596 word3_add(&w2, &w1, &w0, z[61]);
2597 ws[29] = w0;
2598 w0 = w1; w1 = w2; w2 = 0;
2599 word3_muladd(&w2, &w1, &w0, ws[31], p[31]);
2600 word3_add(&w2, &w1, &w0, z[62]);
2601 ws[30] = w0;
2602 w0 = w1; w1 = w2; w2 = 0;
2603 word3_add(&w2, &w1, &w0, z[63]);
2604 ws[31] = w0;
2605 w0 = w1; w1 = w2; w2 = 0;
2606 word3_add(&w2, &w1, &w0, z[65]);
2607 ws[32] = w0;
2608 ws[33] = w1;
2609 word borrow = bigint_sub3(ws + 32 + 1, ws, 32 + 1, p, 32);
2610 CT::conditional_copy_mem(borrow, z, ws, ws + 33, 33);
2611 clear_mem(z + 32, 2*(32+1) - 32);
2612 }

References bigint_sub3(), clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), and word3_muladd().

◆ bigint_monty_redc_32() [2/2]

void Botan::bigint_monty_redc_32 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_monty_redc_4() [1/2]

void Botan::bigint_monty_redc_4 ( word  z[],
const word  p[4],
word  p_dash,
word  ws[] 
)

Definition at line 15 of file mp_monty_n.cpp.

16 {
17 word w2 = 0, w1 = 0, w0 = 0;
18 w0 = z[0];
19 ws[0] = w0 * p_dash;
20 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
21 w0 = w1; w1 = w2; w2 = 0;
22 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
23 word3_add(&w2, &w1, &w0, z[1]);
24 ws[1] = w0 * p_dash;
25 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
26 w0 = w1; w1 = w2; w2 = 0;
27 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
28 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
29 word3_add(&w2, &w1, &w0, z[2]);
30 ws[2] = w0 * p_dash;
31 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
32 w0 = w1; w1 = w2; w2 = 0;
33 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
34 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
35 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
36 word3_add(&w2, &w1, &w0, z[3]);
37 ws[3] = w0 * p_dash;
38 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
39 w0 = w1; w1 = w2; w2 = 0;
40 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
41 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
42 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
43 word3_add(&w2, &w1, &w0, z[4]);
44 ws[0] = w0;
45 w0 = w1; w1 = w2; w2 = 0;
46 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
47 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
48 word3_add(&w2, &w1, &w0, z[5]);
49 ws[1] = w0;
50 w0 = w1; w1 = w2; w2 = 0;
51 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
52 word3_add(&w2, &w1, &w0, z[6]);
53 ws[2] = w0;
54 w0 = w1; w1 = w2; w2 = 0;
55 word3_add(&w2, &w1, &w0, z[7]);
56 ws[3] = w0;
57 w0 = w1; w1 = w2; w2 = 0;
58 word3_add(&w2, &w1, &w0, z[9]);
59 ws[4] = w0;
60 ws[5] = w1;
61 word borrow = 0;
62 ws[5] = word_sub(ws[0], p[0], &borrow);
63 ws[6] = word_sub(ws[1], p[1], &borrow);
64 ws[7] = word_sub(ws[2], p[2], &borrow);
65 ws[8] = word_sub(ws[3], p[3], &borrow);
66 ws[9] = word_sub(ws[4], 0, &borrow);
67 CT::conditional_copy_mem(borrow, z, ws, ws + 5, 5);
68 clear_mem(z + 4, 2*(4+1) - 4);
69 }

References clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), word3_muladd(), and word_sub().

◆ bigint_monty_redc_4() [2/2]

void Botan::bigint_monty_redc_4 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_monty_redc_6() [1/2]

void Botan::bigint_monty_redc_6 ( word  z[],
const word  p[6],
word  p_dash,
word  ws[] 
)

Definition at line 71 of file mp_monty_n.cpp.

72 {
73 word w2 = 0, w1 = 0, w0 = 0;
74 w0 = z[0];
75 ws[0] = w0 * p_dash;
76 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
77 w0 = w1; w1 = w2; w2 = 0;
78 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
79 word3_add(&w2, &w1, &w0, z[1]);
80 ws[1] = w0 * p_dash;
81 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
82 w0 = w1; w1 = w2; w2 = 0;
83 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
84 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
85 word3_add(&w2, &w1, &w0, z[2]);
86 ws[2] = w0 * p_dash;
87 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
88 w0 = w1; w1 = w2; w2 = 0;
89 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
90 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
91 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
92 word3_add(&w2, &w1, &w0, z[3]);
93 ws[3] = w0 * p_dash;
94 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
95 w0 = w1; w1 = w2; w2 = 0;
96 word3_muladd(&w2, &w1, &w0, ws[0], p[4]);
97 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
98 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
99 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
100 word3_add(&w2, &w1, &w0, z[4]);
101 ws[4] = w0 * p_dash;
102 word3_muladd(&w2, &w1, &w0, ws[4], p[0]);
103 w0 = w1; w1 = w2; w2 = 0;
104 word3_muladd(&w2, &w1, &w0, ws[0], p[5]);
105 word3_muladd(&w2, &w1, &w0, ws[1], p[4]);
106 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
107 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
108 word3_muladd(&w2, &w1, &w0, ws[4], p[1]);
109 word3_add(&w2, &w1, &w0, z[5]);
110 ws[5] = w0 * p_dash;
111 word3_muladd(&w2, &w1, &w0, ws[5], p[0]);
112 w0 = w1; w1 = w2; w2 = 0;
113 word3_muladd(&w2, &w1, &w0, ws[1], p[5]);
114 word3_muladd(&w2, &w1, &w0, ws[2], p[4]);
115 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
116 word3_muladd(&w2, &w1, &w0, ws[4], p[2]);
117 word3_muladd(&w2, &w1, &w0, ws[5], p[1]);
118 word3_add(&w2, &w1, &w0, z[6]);
119 ws[0] = w0;
120 w0 = w1; w1 = w2; w2 = 0;
121 word3_muladd(&w2, &w1, &w0, ws[2], p[5]);
122 word3_muladd(&w2, &w1, &w0, ws[3], p[4]);
123 word3_muladd(&w2, &w1, &w0, ws[4], p[3]);
124 word3_muladd(&w2, &w1, &w0, ws[5], p[2]);
125 word3_add(&w2, &w1, &w0, z[7]);
126 ws[1] = w0;
127 w0 = w1; w1 = w2; w2 = 0;
128 word3_muladd(&w2, &w1, &w0, ws[3], p[5]);
129 word3_muladd(&w2, &w1, &w0, ws[4], p[4]);
130 word3_muladd(&w2, &w1, &w0, ws[5], p[3]);
131 word3_add(&w2, &w1, &w0, z[8]);
132 ws[2] = w0;
133 w0 = w1; w1 = w2; w2 = 0;
134 word3_muladd(&w2, &w1, &w0, ws[4], p[5]);
135 word3_muladd(&w2, &w1, &w0, ws[5], p[4]);
136 word3_add(&w2, &w1, &w0, z[9]);
137 ws[3] = w0;
138 w0 = w1; w1 = w2; w2 = 0;
139 word3_muladd(&w2, &w1, &w0, ws[5], p[5]);
140 word3_add(&w2, &w1, &w0, z[10]);
141 ws[4] = w0;
142 w0 = w1; w1 = w2; w2 = 0;
143 word3_add(&w2, &w1, &w0, z[11]);
144 ws[5] = w0;
145 w0 = w1; w1 = w2; w2 = 0;
146 word3_add(&w2, &w1, &w0, z[13]);
147 ws[6] = w0;
148 ws[7] = w1;
149 word borrow = 0;
150 ws[7] = word_sub(ws[0], p[0], &borrow);
151 ws[8] = word_sub(ws[1], p[1], &borrow);
152 ws[9] = word_sub(ws[2], p[2], &borrow);
153 ws[10] = word_sub(ws[3], p[3], &borrow);
154 ws[11] = word_sub(ws[4], p[4], &borrow);
155 ws[12] = word_sub(ws[5], p[5], &borrow);
156 ws[13] = word_sub(ws[6], 0, &borrow);
157 CT::conditional_copy_mem(borrow, z, ws, ws + 7, 7);
158 clear_mem(z + 6, 2*(6+1) - 6);
159 }

References clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), word3_muladd(), and word_sub().

◆ bigint_monty_redc_6() [2/2]

void Botan::bigint_monty_redc_6 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_monty_redc_8() [1/2]

void Botan::bigint_monty_redc_8 ( word  z[],
const word  p[8],
word  p_dash,
word  ws[] 
)

Definition at line 161 of file mp_monty_n.cpp.

162 {
163 word w2 = 0, w1 = 0, w0 = 0;
164 w0 = z[0];
165 ws[0] = w0 * p_dash;
166 word3_muladd(&w2, &w1, &w0, ws[0], p[0]);
167 w0 = w1; w1 = w2; w2 = 0;
168 word3_muladd(&w2, &w1, &w0, ws[0], p[1]);
169 word3_add(&w2, &w1, &w0, z[1]);
170 ws[1] = w0 * p_dash;
171 word3_muladd(&w2, &w1, &w0, ws[1], p[0]);
172 w0 = w1; w1 = w2; w2 = 0;
173 word3_muladd(&w2, &w1, &w0, ws[0], p[2]);
174 word3_muladd(&w2, &w1, &w0, ws[1], p[1]);
175 word3_add(&w2, &w1, &w0, z[2]);
176 ws[2] = w0 * p_dash;
177 word3_muladd(&w2, &w1, &w0, ws[2], p[0]);
178 w0 = w1; w1 = w2; w2 = 0;
179 word3_muladd(&w2, &w1, &w0, ws[0], p[3]);
180 word3_muladd(&w2, &w1, &w0, ws[1], p[2]);
181 word3_muladd(&w2, &w1, &w0, ws[2], p[1]);
182 word3_add(&w2, &w1, &w0, z[3]);
183 ws[3] = w0 * p_dash;
184 word3_muladd(&w2, &w1, &w0, ws[3], p[0]);
185 w0 = w1; w1 = w2; w2 = 0;
186 word3_muladd(&w2, &w1, &w0, ws[0], p[4]);
187 word3_muladd(&w2, &w1, &w0, ws[1], p[3]);
188 word3_muladd(&w2, &w1, &w0, ws[2], p[2]);
189 word3_muladd(&w2, &w1, &w0, ws[3], p[1]);
190 word3_add(&w2, &w1, &w0, z[4]);
191 ws[4] = w0 * p_dash;
192 word3_muladd(&w2, &w1, &w0, ws[4], p[0]);
193 w0 = w1; w1 = w2; w2 = 0;
194 word3_muladd(&w2, &w1, &w0, ws[0], p[5]);
195 word3_muladd(&w2, &w1, &w0, ws[1], p[4]);
196 word3_muladd(&w2, &w1, &w0, ws[2], p[3]);
197 word3_muladd(&w2, &w1, &w0, ws[3], p[2]);
198 word3_muladd(&w2, &w1, &w0, ws[4], p[1]);
199 word3_add(&w2, &w1, &w0, z[5]);
200 ws[5] = w0 * p_dash;
201 word3_muladd(&w2, &w1, &w0, ws[5], p[0]);
202 w0 = w1; w1 = w2; w2 = 0;
203 word3_muladd(&w2, &w1, &w0, ws[0], p[6]);
204 word3_muladd(&w2, &w1, &w0, ws[1], p[5]);
205 word3_muladd(&w2, &w1, &w0, ws[2], p[4]);
206 word3_muladd(&w2, &w1, &w0, ws[3], p[3]);
207 word3_muladd(&w2, &w1, &w0, ws[4], p[2]);
208 word3_muladd(&w2, &w1, &w0, ws[5], p[1]);
209 word3_add(&w2, &w1, &w0, z[6]);
210 ws[6] = w0 * p_dash;
211 word3_muladd(&w2, &w1, &w0, ws[6], p[0]);
212 w0 = w1; w1 = w2; w2 = 0;
213 word3_muladd(&w2, &w1, &w0, ws[0], p[7]);
214 word3_muladd(&w2, &w1, &w0, ws[1], p[6]);
215 word3_muladd(&w2, &w1, &w0, ws[2], p[5]);
216 word3_muladd(&w2, &w1, &w0, ws[3], p[4]);
217 word3_muladd(&w2, &w1, &w0, ws[4], p[3]);
218 word3_muladd(&w2, &w1, &w0, ws[5], p[2]);
219 word3_muladd(&w2, &w1, &w0, ws[6], p[1]);
220 word3_add(&w2, &w1, &w0, z[7]);
221 ws[7] = w0 * p_dash;
222 word3_muladd(&w2, &w1, &w0, ws[7], p[0]);
223 w0 = w1; w1 = w2; w2 = 0;
224 word3_muladd(&w2, &w1, &w0, ws[1], p[7]);
225 word3_muladd(&w2, &w1, &w0, ws[2], p[6]);
226 word3_muladd(&w2, &w1, &w0, ws[3], p[5]);
227 word3_muladd(&w2, &w1, &w0, ws[4], p[4]);
228 word3_muladd(&w2, &w1, &w0, ws[5], p[3]);
229 word3_muladd(&w2, &w1, &w0, ws[6], p[2]);
230 word3_muladd(&w2, &w1, &w0, ws[7], p[1]);
231 word3_add(&w2, &w1, &w0, z[8]);
232 ws[0] = w0;
233 w0 = w1; w1 = w2; w2 = 0;
234 word3_muladd(&w2, &w1, &w0, ws[2], p[7]);
235 word3_muladd(&w2, &w1, &w0, ws[3], p[6]);
236 word3_muladd(&w2, &w1, &w0, ws[4], p[5]);
237 word3_muladd(&w2, &w1, &w0, ws[5], p[4]);
238 word3_muladd(&w2, &w1, &w0, ws[6], p[3]);
239 word3_muladd(&w2, &w1, &w0, ws[7], p[2]);
240 word3_add(&w2, &w1, &w0, z[9]);
241 ws[1] = w0;
242 w0 = w1; w1 = w2; w2 = 0;
243 word3_muladd(&w2, &w1, &w0, ws[3], p[7]);
244 word3_muladd(&w2, &w1, &w0, ws[4], p[6]);
245 word3_muladd(&w2, &w1, &w0, ws[5], p[5]);
246 word3_muladd(&w2, &w1, &w0, ws[6], p[4]);
247 word3_muladd(&w2, &w1, &w0, ws[7], p[3]);
248 word3_add(&w2, &w1, &w0, z[10]);
249 ws[2] = w0;
250 w0 = w1; w1 = w2; w2 = 0;
251 word3_muladd(&w2, &w1, &w0, ws[4], p[7]);
252 word3_muladd(&w2, &w1, &w0, ws[5], p[6]);
253 word3_muladd(&w2, &w1, &w0, ws[6], p[5]);
254 word3_muladd(&w2, &w1, &w0, ws[7], p[4]);
255 word3_add(&w2, &w1, &w0, z[11]);
256 ws[3] = w0;
257 w0 = w1; w1 = w2; w2 = 0;
258 word3_muladd(&w2, &w1, &w0, ws[5], p[7]);
259 word3_muladd(&w2, &w1, &w0, ws[6], p[6]);
260 word3_muladd(&w2, &w1, &w0, ws[7], p[5]);
261 word3_add(&w2, &w1, &w0, z[12]);
262 ws[4] = w0;
263 w0 = w1; w1 = w2; w2 = 0;
264 word3_muladd(&w2, &w1, &w0, ws[6], p[7]);
265 word3_muladd(&w2, &w1, &w0, ws[7], p[6]);
266 word3_add(&w2, &w1, &w0, z[13]);
267 ws[5] = w0;
268 w0 = w1; w1 = w2; w2 = 0;
269 word3_muladd(&w2, &w1, &w0, ws[7], p[7]);
270 word3_add(&w2, &w1, &w0, z[14]);
271 ws[6] = w0;
272 w0 = w1; w1 = w2; w2 = 0;
273 word3_add(&w2, &w1, &w0, z[15]);
274 ws[7] = w0;
275 w0 = w1; w1 = w2; w2 = 0;
276 word3_add(&w2, &w1, &w0, z[17]);
277 ws[8] = w0;
278 ws[9] = w1;
279 word borrow = 0;
280 ws[9] = word_sub(ws[0], p[0], &borrow);
281 ws[10] = word_sub(ws[1], p[1], &borrow);
282 ws[11] = word_sub(ws[2], p[2], &borrow);
283 ws[12] = word_sub(ws[3], p[3], &borrow);
284 ws[13] = word_sub(ws[4], p[4], &borrow);
285 ws[14] = word_sub(ws[5], p[5], &borrow);
286 ws[15] = word_sub(ws[6], p[6], &borrow);
287 ws[16] = word_sub(ws[7], p[7], &borrow);
288 ws[17] = word_sub(ws[8], 0, &borrow);
289 CT::conditional_copy_mem(borrow, z, ws, ws + 9, 9);
290 clear_mem(z + 8, 2*(8+1) - 8);
291 }

References clear_mem(), Botan::CT::conditional_copy_mem(), word3_add(), word3_muladd(), and word_sub().

◆ bigint_monty_redc_8() [2/2]

void Botan::bigint_monty_redc_8 ( word  z[],
const word  p[],
word  p_dash,
word  ws[] 
)

Referenced by bigint_monty_redc().

◆ bigint_mul()

void Botan::bigint_mul ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw,
word  workspace[],
size_t  ws_size 
)

Definition at line 298 of file mp_karat.cpp.

302 {
303 clear_mem(z, z_size);
304
305 if(x_sw == 1)
306 {
307 bigint_linmul3(z, y, y_sw, x[0]);
308 }
309 else if(y_sw == 1)
310 {
311 bigint_linmul3(z, x, x_sw, y[0]);
312 }
313 else if(sized_for_comba_mul<4>(x_sw, x_size, y_sw, y_size, z_size))
314 {
315 bigint_comba_mul4(z, x, y);
316 }
317 else if(sized_for_comba_mul<6>(x_sw, x_size, y_sw, y_size, z_size))
318 {
319 bigint_comba_mul6(z, x, y);
320 }
321 else if(sized_for_comba_mul<8>(x_sw, x_size, y_sw, y_size, z_size))
322 {
323 bigint_comba_mul8(z, x, y);
324 }
325 else if(sized_for_comba_mul<9>(x_sw, x_size, y_sw, y_size, z_size))
326 {
327 bigint_comba_mul9(z, x, y);
328 }
329 else if(sized_for_comba_mul<16>(x_sw, x_size, y_sw, y_size, z_size))
330 {
331 bigint_comba_mul16(z, x, y);
332 }
333 else if(sized_for_comba_mul<24>(x_sw, x_size, y_sw, y_size, z_size))
334 {
335 bigint_comba_mul24(z, x, y);
336 }
337 else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
338 y_sw < KARATSUBA_MULTIPLY_THRESHOLD ||
339 !workspace)
340 {
341 basecase_mul(z, z_size, x, x_sw, y, y_sw);
342 }
343 else
344 {
345 const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw);
346
347 if(N && z_size >= 2*N && ws_size >= 2*N)
348 karatsuba_mul(z, x, y, N, workspace);
349 else
350 basecase_mul(z, z_size, x, x_sw, y, y_sw);
351 }
352 }
void bigint_linmul3(word z[], const word x[], size_t x_size, word y)
Definition mp_core.h:504
void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
Definition mp_comba.cpp:50
void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
Definition mp_comba.cpp:283
void bigint_comba_mul24(word z[48], const word x[24], const word y[24])
void bigint_comba_mul9(word z[18], const word x[9], const word y[9])
Definition mp_comba.cpp:474
void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
Definition mp_comba.cpp:805
void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
Definition mp_comba.cpp:141

References bigint_comba_mul16(), bigint_comba_mul24(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_linmul3(), and clear_mem().

Referenced by Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::mul(), Botan::BigInt::mul(), mul_add(), Botan::Montgomery_Params::mul_by(), Botan::Montgomery_Params::mul_by(), and operator*().

◆ bigint_shl1()

void Botan::bigint_shl1 ( word  x[],
size_t  x_size,
size_t  x_words,
size_t  word_shift,
size_t  bit_shift 
)
inline

Definition at line 409 of file mp_core.h.

411 {
412 copy_mem(x + word_shift, x, x_words);
413 clear_mem(x, word_shift);
414
415 const auto carry_mask = CT::Mask<word>::expand(bit_shift);
416 const size_t carry_shift = carry_mask.if_set_return(BOTAN_MP_WORD_BITS - bit_shift);
417
418 word carry = 0;
419 for(size_t i = word_shift; i != x_size; ++i)
420 {
421 const word w = x[i];
422 x[i] = (w << bit_shift) | carry;
423 carry = carry_mask.if_set_return(w >> carry_shift);
424 }
425 }
uint64_t carry_shift(const donna128 &a, size_t shift)
Definition donna128.h:116

References carry(), carry_shift(), clear_mem(), copy_mem(), and Botan::CT::Mask< T >::expand().

Referenced by Botan::BigInt::operator<<=().

◆ bigint_shl2()

void Botan::bigint_shl2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)
inline

Definition at line 449 of file mp_core.h.

451 {
452 copy_mem(y + word_shift, x, x_size);
453
454 const auto carry_mask = CT::Mask<word>::expand(bit_shift);
455 const size_t carry_shift = carry_mask.if_set_return(BOTAN_MP_WORD_BITS - bit_shift);
456
457 word carry = 0;
458 for(size_t i = word_shift; i != x_size + word_shift + 1; ++i)
459 {
460 const word w = y[i];
461 y[i] = (w << bit_shift) | carry;
462 carry = carry_mask.if_set_return(w >> carry_shift);
463 }
464 }

References carry(), carry_shift(), copy_mem(), and Botan::CT::Mask< T >::expand().

Referenced by operator<<().

◆ bigint_shr1()

void Botan::bigint_shr1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)
inline

Definition at line 427 of file mp_core.h.

429 {
430 const size_t top = x_size >= word_shift ? (x_size - word_shift) : 0;
431
432 if(top > 0)
433 copy_mem(x, x + word_shift, top);
434 clear_mem(x + top, std::min(word_shift, x_size));
435
436 const auto carry_mask = CT::Mask<word>::expand(bit_shift);
437 const size_t carry_shift = carry_mask.if_set_return(BOTAN_MP_WORD_BITS - bit_shift);
438
439 word carry = 0;
440
441 for(size_t i = 0; i != top; ++i)
442 {
443 const word w = x[top - i - 1];
444 x[top-i-1] = (w >> bit_shift) | carry;
445 carry = carry_mask.if_set_return(w << carry_shift);
446 }
447 }

References carry(), carry_shift(), clear_mem(), copy_mem(), and Botan::CT::Mask< T >::expand().

Referenced by Botan::BigInt::operator>>=().

◆ bigint_shr2()

void Botan::bigint_shr2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)
inline

Definition at line 466 of file mp_core.h.

468 {
469 const size_t new_size = x_size < word_shift ? 0 : (x_size - word_shift);
470
471 if(new_size > 0)
472 copy_mem(y, x + word_shift, new_size);
473
474 const auto carry_mask = CT::Mask<word>::expand(bit_shift);
475 const size_t carry_shift = carry_mask.if_set_return(BOTAN_MP_WORD_BITS - bit_shift);
476
477 word carry = 0;
478 for(size_t i = new_size; i > 0; --i)
479 {
480 word w = y[i-1];
481 y[i-1] = (w >> bit_shift) | carry;
482 carry = carry_mask.if_set_return(w << carry_shift);
483 }
484 }

References carry(), carry_shift(), copy_mem(), and Botan::CT::Mask< T >::expand().

Referenced by operator>>(), and redc_p521().

◆ bigint_sqr()

void Botan::bigint_sqr ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
word  workspace[],
size_t  ws_size 
)

Definition at line 357 of file mp_karat.cpp.

360 {
361 clear_mem(z, z_size);
362
363 BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient");
364
365 if(x_sw == 1)
366 {
367 bigint_linmul3(z, x, x_sw, x[0]);
368 }
369 else if(sized_for_comba_sqr<4>(x_sw, x_size, z_size))
370 {
371 bigint_comba_sqr4(z, x);
372 }
373 else if(sized_for_comba_sqr<6>(x_sw, x_size, z_size))
374 {
375 bigint_comba_sqr6(z, x);
376 }
377 else if(sized_for_comba_sqr<8>(x_sw, x_size, z_size))
378 {
379 bigint_comba_sqr8(z, x);
380 }
381 else if(sized_for_comba_sqr<9>(x_sw, x_size, z_size))
382 {
383 bigint_comba_sqr9(z, x);
384 }
385 else if(sized_for_comba_sqr<16>(x_sw, x_size, z_size))
386 {
387 bigint_comba_sqr16(z, x);
388 }
389 else if(sized_for_comba_sqr<24>(x_sw, x_size, z_size))
390 {
391 bigint_comba_sqr24(z, x);
392 }
393 else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace)
394 {
395 basecase_sqr(z, z_size, x, x_sw);
396 }
397 else
398 {
399 const size_t N = karatsuba_size(z_size, x_size, x_sw);
400
401 if(N && z_size >= 2*N && ws_size >= 2*N)
402 karatsuba_sqr(z, x, N, workspace);
403 else
404 basecase_sqr(z, z_size, x, x_sw);
405 }
406 }
void bigint_comba_sqr6(word z[12], const word x[6])
Definition mp_comba.cpp:89
void bigint_comba_sqr16(word z[32], const word x[16])
Definition mp_comba.cpp:598
void bigint_comba_sqr9(word z[18], const word x[9])
Definition mp_comba.cpp:386
void bigint_comba_sqr24(word z[48], const word x[24])
void bigint_comba_sqr8(word z[16], const word x[8])
Definition mp_comba.cpp:208

References bigint_comba_sqr16(), bigint_comba_sqr24(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_linmul3(), BOTAN_ASSERT, and clear_mem().

Referenced by Botan::Montgomery_Params::sqr(), Botan::BigInt::square(), and Botan::Montgomery_Params::square_this().

◆ bigint_sub2()

word Botan::bigint_sub2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Two operand subtraction

Definition at line 300 of file mp_core.h.

302 {
303 word borrow = 0;
304
305 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
306
307 const size_t blocks = y_size - (y_size % 8);
308
309 for(size_t i = 0; i != blocks; i += 8)
310 borrow = word8_sub2(x + i, y + i, borrow);
311
312 for(size_t i = blocks; i != y_size; ++i)
313 x[i] = word_sub(x[i], y[i], &borrow);
314
315 for(size_t i = y_size; i != x_size; ++i)
316 x[i] = word_sub(x[i], 0, &borrow);
317
318 return borrow;
319 }
word word8_sub2(word x[8], const word y[8], word carry)
Definition mp_asmi.h:240

References BOTAN_ASSERT, word8_sub2(), and word_sub().

Referenced by Botan::BigInt::add(), redc_p192(), redc_p224(), redc_p256(), and redc_p384().

◆ bigint_sub2_rev()

void Botan::bigint_sub2_rev ( word  x[],
const word  y[],
size_t  y_size 
)
inline

Two operand subtraction, x = y - x; assumes y >= x

Definition at line 324 of file mp_core.h.

325 {
326 word borrow = 0;
327
328 const size_t blocks = y_size - (y_size % 8);
329
330 for(size_t i = 0; i != blocks; i += 8)
331 borrow = word8_sub2_rev(x + i, y + i, borrow);
332
333 for(size_t i = blocks; i != y_size; ++i)
334 x[i] = word_sub(y[i], x[i], &borrow);
335
336 BOTAN_ASSERT(borrow == 0, "y must be greater than x");
337 }
word word8_sub2_rev(word x[8], const word y[8], word carry)
Definition mp_asmi.h:275

References BOTAN_ASSERT, word8_sub2_rev(), and word_sub().

Referenced by Botan::BigInt::add().

◆ bigint_sub3()

word Botan::bigint_sub3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Three operand subtraction

Definition at line 342 of file mp_core.h.

345 {
346 word borrow = 0;
347
348 BOTAN_ASSERT(x_size >= y_size, "Expected sizes");
349
350 const size_t blocks = y_size - (y_size % 8);
351
352 for(size_t i = 0; i != blocks; i += 8)
353 borrow = word8_sub3(z + i, x + i, y + i, borrow);
354
355 for(size_t i = blocks; i != y_size; ++i)
356 z[i] = word_sub(x[i], y[i], &borrow);
357
358 for(size_t i = y_size; i != x_size; ++i)
359 z[i] = word_sub(x[i], 0, &borrow);
360
361 return borrow;
362 }

References BOTAN_ASSERT, word8_sub3(), and word_sub().

Referenced by bigint_mod_sub(), bigint_mod_sub_n(), bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_sub_abs(), ct_divide(), ct_modulo(), Botan::BigInt::ct_reduce_below(), Botan::BigInt::mod_add(), and Botan::BigInt::reduce_below().

◆ bigint_sub_abs() [1/2]

CT::Mask< word > Botan::bigint_sub_abs ( word  z[],
const word  x[],
const word  y[],
size_t  N,
word  ws[] 
)
inline

Return abs(x-y), ie if x >= y, then compute z = x - y Otherwise compute z = y - x No borrow is possible since the result is always >= 0

Returns ~0 if x >= y or 0 if x < y

Parameters
zoutput array of at least N words
xinput array of N words
yinput array of N words
Nlength of x and y
wsarray of at least 2*N words

Definition at line 377 of file mp_core.h.

380 {
381 // Subtract in both direction then conditional copy out the result
382
383 word* ws0 = ws;
384 word* ws1 = ws + N;
385
386 word borrow0 = 0;
387 word borrow1 = 0;
388
389 const size_t blocks = N - (N % 8);
390
391 for(size_t i = 0; i != blocks; i += 8)
392 {
393 borrow0 = word8_sub3(ws0 + i, x + i, y + i, borrow0);
394 borrow1 = word8_sub3(ws1 + i, y + i, x + i, borrow1);
395 }
396
397 for(size_t i = blocks; i != N; ++i)
398 {
399 ws0[i] = word_sub(x[i], y[i], &borrow0);
400 ws1[i] = word_sub(y[i], x[i], &borrow1);
401 }
402
403 return CT::conditional_copy_mem(borrow0, z, ws1, ws0, N);
404 }

References Botan::CT::conditional_copy_mem(), word8_sub3(), and word_sub().

Referenced by Botan::BigInt::add2(), and Botan::BigInt::rev_sub().

◆ bigint_sub_abs() [2/2]

int32_t Botan::bigint_sub_abs ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)
inline

Set z to abs(x-y), ie if x >= y, then compute z = x - y Otherwise compute z = y - x No borrow is possible since the result is always >= 0

Return the relative size of x vs y (-1, 0, 1)

Parameters
zoutput array of max(x_size,y_size) words
xinput param
x_sizelength of x
yinput param
y_sizelength of y

Definition at line 654 of file mp_core.h.

657 {
658 const int32_t relative_size = bigint_cmp(x, x_size, y, y_size);
659
660 // Swap if relative_size == -1
661 const bool need_swap = relative_size < 0;
662 CT::conditional_swap_ptr(need_swap, x, y);
663 CT::conditional_swap(need_swap, x_size, y_size);
664
665 /*
666 * We know at this point that x >= y so if y_size is larger than
667 * x_size, we are guaranteed they are just leading zeros which can
668 * be ignored
669 */
670 y_size = std::min(x_size, y_size);
671
672 bigint_sub3(z, x, x_size, y, y_size);
673
674 return relative_size;
675 }
int32_t bigint_cmp(const word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:525

References bigint_cmp(), bigint_sub3(), Botan::CT::conditional_swap(), and Botan::CT::conditional_swap_ptr().

◆ bit_permute_step()

template<typename T >
T Botan::bit_permute_step ( T  x,
T  mask,
size_t  shift 
)
inline

Definition at line 151 of file bit_ops.h.

152 {
153 /*
154 See https://reflectionsonsecurity.wordpress.com/2014/05/11/efficient-bit-permutation-using-delta-swaps/
155 and http://programming.sirrida.de/bit_perm.html
156 */
157 const T swap = ((x >> shift) ^ x) & mask;
158 return (x ^ swap) ^ (swap << shift);
159 }
fe T
Definition ge.cpp:37

References T.

◆ bit_size_to_32bit_size()

size_t Botan::bit_size_to_32bit_size ( size_t  bit_size)
inline

Definition at line 50 of file code_based_util.h.

51 {
52 return (bit_size - 1) / 32 + 1;
53 }

Referenced by generate_mceliece_key(), mceliece_decrypt(), and Botan::McEliece_PrivateKey::McEliece_PrivateKey().

◆ bit_size_to_byte_size()

size_t Botan::bit_size_to_byte_size ( size_t  bit_size)
inline

Definition at line 45 of file code_based_util.h.

46 {
47 return (bit_size - 1) / 8 + 1;
48 }

Referenced by mceliece_decrypt().

◆ blamka_ssse3()

void Botan::blamka_ssse3 ( uint64_t  T[128])

Definition at line 231 of file argon2_ssse3.cpp.

232 {
233 for(size_t i = 0; i != 8; ++i)
234 {
235 SIMD_2x64 Tv[8];
236 for(size_t j = 0; j != 8; ++j)
237 Tv[j] = SIMD_2x64::load_le(&T[2*(8*i+j)]);
238
239 blamka_R(Tv[0], Tv[1], Tv[2], Tv[3],
240 Tv[4], Tv[5], Tv[6], Tv[7]);
241
242 for(size_t j = 0; j != 8; ++j)
243 Tv[j].store_le(&T[2*(8*i+j)]);
244 }
245
246 for(size_t i = 0; i != 8; ++i)
247 {
248 SIMD_2x64 Tv[8];
249 for(size_t j = 0; j != 8; ++j)
250 Tv[j] = SIMD_2x64::load_le(&T[2*(i+8*j)]);
251
252 blamka_R(Tv[0], Tv[1], Tv[2], Tv[3],
253 Tv[4], Tv[5], Tv[6], Tv[7]);
254
255 for(size_t j = 0; j != 8; ++j)
256 Tv[j].store_le(&T[2*(i+8*j)]);
257 }
258 }
void store_le(uint16_t in, uint8_t out[2])
Definition loadstor.h:454

References store_le(), and T.

◆ botan_category()

const BotanErrorCategory & Botan::botan_category ( )
inlinenoexcept

Definition at line 112 of file asio_error.h.

113 {
114 static BotanErrorCategory category;
115 return category;
116 }
An error category for errors from Botan (other than TLS alerts)
Definition asio_error.h:100

Referenced by make_error_code().

◆ bswap_4()

template<typename T >
void Botan::bswap_4 ( T  x[4])
inline

Swap 4 Ts in an array

Definition at line 98 of file bswap.h.

99 {
100 x[0] = reverse_bytes(x[0]);
101 x[1] = reverse_bytes(x[1]);
102 x[2] = reverse_bytes(x[2]);
103 x[3] = reverse_bytes(x[3]);
104 }
uint16_t reverse_bytes(uint16_t val)
Definition bswap.h:25

References bswap_4(), and reverse_bytes().

Referenced by Botan::SIMD_4x32::bswap(), bswap_4(), load_be(), and load_le().

◆ buffer_insert() [1/2]

template<typename T , typename Alloc , typename Alloc2 >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const std::vector< T, Alloc2 > &  input 
)

Definition at line 243 of file mem_ops.h.

246 {
247 BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());
248 const size_t to_copy = std::min(input.size(), buf.size() - buf_offset);
249 if(to_copy > 0)
250 {
251 copy_mem(&buf[buf_offset], input.data(), to_copy);
252 }
253 return to_copy;
254 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:68

References BOTAN_ASSERT_NOMSG, and copy_mem().

◆ buffer_insert() [2/2]

template<typename T , typename Alloc >
size_t Botan::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const T  input[],
size_t  input_length 
)

Definition at line 228 of file mem_ops.h.

232 {
233 BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());
234 const size_t to_copy = std::min(input_length, buf.size() - buf_offset);
235 if(to_copy > 0)
236 {
237 copy_mem(&buf[buf_offset], input, to_copy);
238 }
239 return to_copy;
240 }

References BOTAN_ASSERT_NOMSG, and copy_mem().

Referenced by Botan::Streebog::add_data(), Botan::MDx_HashFunction::add_data(), Botan::EME_PKCS1v15::pad(), Botan::CTR_BE::seek(), Botan::CTR_BE::set_iv(), Botan::OFB::set_iv(), Botan::Hex_Encoder::write(), and Botan::Base64_Encoder::write().

◆ calendar_value()

calendar_point Botan::calendar_value ( const std::chrono::system_clock::time_point &  time_point)

Convert a time_point to a calendar_point

Parameters
time_pointa time point from the system clock
Returns
calendar_point object representing this time point

Definition at line 111 of file calendar.cpp.

113 {
114 std::tm tm = do_gmtime(std::chrono::system_clock::to_time_t(time_point));
115
116 return calendar_point(tm.tm_year + 1900,
117 tm.tm_mon + 1,
118 tm.tm_mday,
119 tm.tm_hour,
120 tm.tm_min,
121 tm.tm_sec);
122 }

Referenced by Botan::ASN1_Time::ASN1_Time().

◆ carry()

template<size_t S, int64_t MUL = 1>
void Botan::carry ( int64_t &  h0,
int64_t &  h1 
)
inline

◆ carry0() [1/2]

template<size_t S>
void Botan::carry0 ( int32_t &  h0,
int32_t &  h1 
)
inline

Definition at line 55 of file ed25519_internal.h.

56 {
57 static_assert(S > 0 && S < 32, "Shift in range");
58
59 const int32_t X1 = (static_cast<int64_t>(1) << S);
60 int32_t c = h0 >> S;
61 h1 += c;
62 h0 -= c * X1;
63 }

◆ carry0() [2/2]

template<size_t S>
void Botan::carry0 ( int64_t &  h0,
int64_t &  h1 
)
inline

Definition at line 44 of file ed25519_internal.h.

45 {
46 static_assert(S > 0 && S < 64, "Shift in range");
47
48 const int64_t X1 = (static_cast<int64_t>(1) << S);
49 int64_t c = h0 >> S;
50 h1 += c;
51 h0 -= c * X1;
52 }

◆ carry_shift()

uint64_t Botan::carry_shift ( const donna128 a,
size_t  shift 
)
inline

Definition at line 116 of file donna128.h.

117 {
118 return (a >> shift).lo();
119 }

Referenced by bigint_shl1(), bigint_shl2(), bigint_shr1(), and bigint_shr2().

◆ cast_char_ptr_to_uint8() [1/2]

uint8_t * Botan::cast_char_ptr_to_uint8 ( char *  s)
inline

Definition at line 200 of file mem_ops.h.

201 {
202 return reinterpret_cast<uint8_t*>(s);
203 }

◆ cast_char_ptr_to_uint8() [2/2]

const uint8_t * Botan::cast_char_ptr_to_uint8 ( const char *  s)
inline

◆ cast_uint8_ptr_to_char() [1/2]

const char * Botan::cast_uint8_ptr_to_char ( const uint8_t *  b)
inline

◆ cast_uint8_ptr_to_char() [2/2]

char * Botan::cast_uint8_ptr_to_char ( uint8_t *  b)
inline

Definition at line 205 of file mem_ops.h.

206 {
207 return reinterpret_cast<char*>(b);
208 }

◆ CECPQ1_accept() [1/2]

void Botan::CECPQ1_accept ( uint8_t *  shared_key,
uint8_t *  accept_message,
const uint8_t *  offer_message,
RandomNumberGenerator rng 
)

◆ CECPQ1_accept() [2/2]

void Botan::CECPQ1_accept ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
uint8_t  send[CECPQ1_ACCEPT_BYTES],
const uint8_t  received[CECPQ1_OFFER_BYTES],
RandomNumberGenerator rng 
)

Definition at line 26 of file cecpq1.cpp.

30 {
31 secure_vector<uint8_t> x25519_key = rng.random_vec(32);
32
33 curve25519_basepoint(send, x25519_key.data());
34
35 curve25519_donna(shared_key, x25519_key.data(), received);
36
37 newhope_sharedb(shared_key + 32, send + 32, received + 32,
38 rng, Newhope_Mode::BoringSSL);
39 }
secure_vector< uint8_t > random_vec(size_t bytes)
Definition rng.h:143
void newhope_sharedb(uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition newhope.cpp:742
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
Definition donna.cpp:440
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])

References BoringSSL, curve25519_basepoint(), curve25519_donna(), newhope_sharedb(), and Botan::RandomNumberGenerator::random_vec().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ CECPQ1_finish() [1/2]

void Botan::CECPQ1_finish ( uint8_t *  shared_key,
const CECPQ1_key offer_key,
const uint8_t *  accept_message 
)

◆ CECPQ1_finish() [2/2]

void Botan::CECPQ1_finish ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
const CECPQ1_key offer_key,
const uint8_t  received[CECPQ1_ACCEPT_BYTES] 
)

Definition at line 41 of file cecpq1.cpp.

44 {
45 curve25519_donna(shared_key, offer_key.m_x25519.data(), received);
46
47 newhope_shareda(shared_key + 32, &offer_key.m_newhope, received + 32,
48 Newhope_Mode::BoringSSL);
49 }
secure_vector< uint8_t > m_x25519
Definition cecpq1.h:19
newhope_poly m_newhope
Definition cecpq1.h:20
void newhope_shareda(uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
Definition newhope.cpp:779

References BoringSSL, curve25519_donna(), Botan::CECPQ1_key::m_newhope, Botan::CECPQ1_key::m_x25519, and newhope_shareda().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ CECPQ1_offer() [1/2]

void Botan::CECPQ1_offer ( uint8_t *  offer_message,
CECPQ1_key offer_key_output,
RandomNumberGenerator rng 
)

◆ CECPQ1_offer() [2/2]

void Botan::CECPQ1_offer ( uint8_t  send[CECPQ1_OFFER_BYTES],
CECPQ1_key offer_key_output,
RandomNumberGenerator rng 
)

Definition at line 15 of file cecpq1.cpp.

18 {
19 offer_key_output->m_x25519 = rng.random_vec(32);
20 curve25519_basepoint(send, offer_key_output->m_x25519.data());
21
22 newhope_keygen(send + 32, &offer_key_output->m_newhope,
23 rng, Newhope_Mode::BoringSSL);
24 }
void newhope_keygen(uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition newhope.cpp:720

References BoringSSL, curve25519_basepoint(), Botan::CECPQ1_key::m_newhope, Botan::CECPQ1_key::m_x25519, newhope_keygen(), and Botan::RandomNumberGenerator::random_vec().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ ceil_log2()

template<typename T >
uint8_t Botan::ceil_log2 ( T  x)

Definition at line 119 of file bit_ops.h.

120 {
121 static_assert(sizeof(T) < 32, "Abnormally large scalar");
122
123 if(x >> (sizeof(T)*8-1))
124 return sizeof(T)*8;
125
126 uint8_t result = 0;
127 T compare = 1;
128
129 while(compare < x)
130 {
131 compare <<= 1;
132 result++;
133 }
134
135 return result;
136 }

References T.

Referenced by Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), Botan::McEliece_PrivateKey::McEliece_PrivateKey(), and mceliece_work_factor().

◆ check_bcrypt()

bool Botan::check_bcrypt ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 155 of file bcrypt.cpp.

156 {
157 if(hash.size() != 60 ||
158 hash[0] != '$' || hash[1] != '2' || hash[3] != '$' || hash[6] != '$')
159 {
160 return false;
161 }
162
163 const char bcrypt_version = hash[2];
164
165 if(bcrypt_version != 'a' && bcrypt_version != 'b' && bcrypt_version != 'y')
166 {
167 return false;
168 }
169
170 const uint16_t workfactor = to_uint16(hash.substr(4, 2));
171
172 const std::vector<uint8_t> salt = bcrypt_base64_decode(hash.substr(7, 22));
173 if(salt.size() != 16)
174 return false;
175
176 const std::string compare = make_bcrypt(pass, salt, workfactor, bcrypt_version);
177
178 return same_mem(hash.data(), compare.data(), compare.size());
179 }
uint16_t to_uint16(const std::string &str)
Definition parsing.cpp:25
bool same_mem(const T *p1, const T *p2, size_t n)
Definition mem_ops.h:217

References hash, same_mem(), and to_uint16().

Referenced by botan_bcrypt_is_valid().

◆ check_passhash9()

bool Botan::check_passhash9 ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

Definition at line 78 of file passhash9.cpp.

79 {
80 const size_t BINARY_LENGTH =
81 ALGID_BYTES +
82 WORKFACTOR_BYTES +
83 PASSHASH9_PBKDF_OUTPUT_LEN +
84 SALT_BYTES;
85
86 const size_t BASE64_LENGTH =
87 MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;
88
89 if(hash.size() != BASE64_LENGTH)
90 return false;
91
92 for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)
93 if(hash[i] != MAGIC_PREFIX[i])
94 return false;
95
96 secure_vector<uint8_t> bin = base64_decode(hash.c_str() + MAGIC_PREFIX.size());
97
98 if(bin.size() != BINARY_LENGTH)
99 return false;
100
101 uint8_t alg_id = bin[0];
102
103 const size_t work_factor = load_be<uint16_t>(&bin[ALGID_BYTES], 0);
104
105 // Bug in the format, bad states shouldn't be representable, but are...
106 if(work_factor == 0)
107 return false;
108
109 if(work_factor > 512)
110 throw Invalid_Argument("Requested passhash9 work factor " +
111 std::to_string(work_factor) + " is too large");
112
113 const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
114
115 std::unique_ptr<MessageAuthenticationCode> pbkdf_prf = get_pbkdf_prf(alg_id);
116
117 if(!pbkdf_prf)
118 return false; // unknown algorithm, reject
119
120 PKCS5_PBKDF2 kdf(pbkdf_prf.release()); // takes ownership of pointer
121
122 secure_vector<uint8_t> cmp = kdf.derive_key(
123 PASSHASH9_PBKDF_OUTPUT_LEN,
124 pass,
125 &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,
126 kdf_iterations).bits_of();
127
128 return constant_time_compare(cmp.data(),
129 &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],
130 PASSHASH9_PBKDF_OUTPUT_LEN);
131 }
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition mem_ops.h:82

References base64_decode(), Botan::OctetString::bits_of(), constant_time_compare(), Botan::PBKDF::derive_key(), hash, and load_be< uint16_t >().

◆ check_prime()

bool Botan::check_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 202 of file numthry.h.

203 { return is_prime(n, rng, 56); }
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:228

References is_prime().

◆ checked_add()

size_t Botan::checked_add ( size_t  x,
size_t  y,
const char *  file,
int  line 
)
inline

Definition at line 26 of file safeint.h.

27 {
28 // TODO: use __builtin_x_overflow on GCC and Clang
29 size_t z = x + y;
30 if(z < x)
31 {
32 throw Integer_Overflow_Detected(file, line);
33 }
34 return z;
35 }

◆ choose_sig_format() [1/2]

PK_Signer * Botan::choose_sig_format ( const Private_Key key,
const std::map< std::string, std::string > &  opts,
RandomNumberGenerator rng,
const std::string &  hash_fn,
AlgorithmIdentifier alg_id 
)
* Choose the default signature format for a certain public key signature
* scheme.
*
* The only option recognized by opts at this moment is "padding"
* Find an entry from src/build-data/oids.txt under [signature] of the form
* <sig_algo>/<padding>[(<hash_algo>)] and add {"padding",<padding>}
* to opts.
* 
Parameters
keywill be the key to choose a padding scheme for
optscontains additional options for building the certificate
rngthe random generator to use
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

Definition at line 326 of file x509_ca.cpp.

331 {
332 std::string padding;
333 if(opts.count("padding"))
334 padding = opts.at("padding");
335 return X509_Object::choose_sig_format(sig_algo, key, rng, hash_fn, padding).release();
336 }

References Botan::X509_Object::choose_sig_format().

◆ choose_sig_format() [2/2]

PK_Signer * Botan::choose_sig_format ( const Private_Key key,
RandomNumberGenerator rng,
const std::string &  hash_fn,
AlgorithmIdentifier alg_id 
)

Choose the default signature format for a certain public key signature scheme.

Parameters
keywill be the key to choose a padding scheme for
rngthe random generator to use
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

Definition at line 318 of file x509_ca.cpp.

322 {
323 return X509_Object::choose_sig_format(sig_algo, key, rng, hash_fn, "").release();
324 }

References Botan::X509_Object::choose_sig_format().

Referenced by Botan::X509::create_self_signed_cert(), Botan::X509_CA::X509_CA(), Botan::X509_CA::X509_CA(), and Botan::X509_Object::~X509_Object().

◆ clamp()

size_t Botan::clamp ( size_t  n,
size_t  lower_bound,
size_t  upper_bound 
)
inline

Clamp

Definition at line 45 of file rounding.h.

46 {
47 if(n < lower_bound)
48 return lower_bound;
49 if(n > upper_bound)
50 return upper_bound;
51 return n;
52 }

◆ clean_ws()

std::string Botan::clean_ws ( const std::string &  s)

Definition at line 13 of file read_cfg.cpp.

14 {
15 const char* ws = " \t\n";
16 auto start = s.find_first_not_of(ws);
17 auto end = s.find_last_not_of(ws);
18
19 if(start == std::string::npos)
20 return "";
21
22 if(end == std::string::npos)
23 return s.substr(start, end);
24 else
25 return s.substr(start, start + end + 1);
26 }

Referenced by read_cfg().

◆ clear_bytes()

void Botan::clear_bytes ( void *  ptr,
size_t  bytes 
)
inline

Zero out some bytes. Warning: use secure_scrub_memory instead if the memory is about to be freed or otherwise the compiler thinks it can elide the writes.

Parameters
ptra pointer to memory to zero
bytesthe number of bytes to zero in ptr

Definition at line 97 of file mem_ops.h.

98 {
99 if(bytes > 0)
100 {
101 std::memset(ptr, 0, bytes);
102 }
103 }

Referenced by clear_mem(), and Botan::Memory_Pool::Memory_Pool().

◆ clear_mem()

template<typename T >
void Botan::clear_mem ( T ptr,
size_t  n 
)
inline

Zero memory before use. This simply calls memset and should not be used in cases where the compiler cannot see the call as a side-effecting operation (for example, if calling clear_mem before deallocating memory, the compiler would be allowed to omit the call to memset entirely under the as-if rule.)

Parameters
ptra pointer to an array of Ts to zero
nthe number of Ts pointed to by ptr

Definition at line 115 of file mem_ops.h.

116 {
117 clear_bytes(ptr, sizeof(T)*n);
118 }
void clear_bytes(void *ptr, size_t bytes)
Definition mem_ops.h:97

References clear_bytes(), and T.

Referenced by aont_package(), argon2(), base_decode(), bcrypt_pbkdf(), bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), bigint_mul(), bigint_shl1(), bigint_shr1(), bigint_sqr(), Botan::BigInt::const_time_lookup(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305_open(), Botan::BigInt::ct_reduce_below(), Botan::ZFEC::encode_shares(), Botan::BigInt::encode_words(), Botan::FE_25519::FE_25519(), Botan::Streebog::final_result(), Botan::MDx_HashFunction::final_result(), hex_decode(), Botan::PKCS11::MechanismWrapper::MechanismParameters::MechanismParameters(), Botan::PointGFp_Var_Point_Precompute::mul(), pbkdf2(), redc_p521(), Botan::Modular_Reducer::reduce(), Botan::BigInt::reduce_below(), Botan::BigInt::rev_sub(), Botan::polyn_gf2m::set_to_zero(), Botan::polyn_gf2m::sqmod_init(), Botan::StreamCipher::write_keystream(), Botan_FFI::write_output(), zeroise(), Botan::Zlib_Style_Stream< Stream, ByteType >::Zlib_Style_Stream(), and Botan::Zlib_Style_Stream< Stream, ByteType >::~Zlib_Style_Stream().

◆ combine_lower()

uint64_t Botan::combine_lower ( const donna128 a,
size_t  s1,
const donna128 b,
size_t  s2 
)
inline

Definition at line 121 of file donna128.h.

123 {
124 donna128 z = (a >> s1) | (b << s2);
125 return z.lo();
126 }
uint64_t lo() const
Definition donna128.h:77

References Botan::donna128::lo().

◆ commoncrypto_adjust_key_size()

void Botan::commoncrypto_adjust_key_size ( const uint8_t  key[],
size_t  length,
const CommonCryptor_Opts opts,
secure_vector< uint8_t > &  full_key 
)

Definition at line 162 of file commoncrypto_utils.cpp.

164 {
165
166 if(opts.algo == kCCAlgorithmBlowfish && length < 8)
167 {
168 size_t repeat;
169 switch(length)
170 {
171 case 1:
172 repeat = 8;
173 break;
174 case 2:
175 repeat = 4;
176 break;
177 case 3:
178 repeat = 3;
179 break;
180 default:
181 repeat = 2;
182 break;
183 }
184
185 full_key.resize(length * repeat);
186 for(size_t i = 0; i < repeat; i++)
187 {
188 copy_mem(full_key.data() + i * length, key, length);
189 }
190 }
191 else if(opts.algo == kCCAlgorithm3DES && length == 16)
192 {
193 full_key += std::make_pair(key, 8);
194 }
195 }

References Botan::CommonCryptor_Opts::algo, and copy_mem().

◆ commoncrypto_opts_from_algo()

CommonCryptor_Opts Botan::commoncrypto_opts_from_algo ( const std::string &  algo)

Definition at line 111 of file commoncrypto_utils.cpp.

112 {
113 SCAN_Name spec(algo);
114
115 std::string algo_name = spec.algo_name();
116 std::string cipher_mode = spec.cipher_mode();
117 std::string cipher_mode_padding = spec.cipher_mode_pad();
118
120
121 //TODO add CFB and XTS support
122 if(cipher_mode.empty() || cipher_mode == "ECB")
123 {
124 opts.mode = kCCModeECB;
125 }
126 else if(cipher_mode == "CBC")
127 {
128 opts.mode = kCCModeCBC;
129 }
130 else if(cipher_mode == "CTR")
131 {
132 opts.mode = kCCModeCTR;
133 }
134 else if(cipher_mode == "OFB")
135 {
136 opts.mode = kCCModeOFB;
137 }
138 else
139 {
140 throw CommonCrypto_Error("Unsupported cipher mode!");
141 }
142
143 if(cipher_mode_padding == "NoPadding")
144 {
145 opts.padding = ccNoPadding;
146 }
147 /*
148 else if(cipher_mode_padding.empty() || cipher_mode_padding == "PKCS7")
149 {
150 opts.padding = ccPKCS7Padding;
151 }
152 */
153 else
154 {
155 throw CommonCrypto_Error("Unsupported cipher mode padding!");
156 }
157
158 return opts;
159 }
CommonCryptor_Opts commoncrypto_opts_from_algo_name(const std::string &algo_name)

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::cipher_mode(), Botan::SCAN_Name::cipher_mode_pad(), commoncrypto_opts_from_algo_name(), Botan::CommonCryptor_Opts::mode, and Botan::CommonCryptor_Opts::padding.

Referenced by make_commoncrypto_cipher_mode().

◆ commoncrypto_opts_from_algo_name()

CommonCryptor_Opts Botan::commoncrypto_opts_from_algo_name ( const std::string &  algo_name)

Definition at line 51 of file commoncrypto_utils.cpp.

52 {
54
55 if(algo_name.compare(0, 3, "AES") == 0)
56 {
57 opts.algo = kCCAlgorithmAES;
58 opts.block_size = kCCBlockSizeAES128;
59 if(algo_name == "AES-128")
60 {
61 opts.key_spec = Key_Length_Specification(kCCKeySizeAES128);
62 }
63 else if(algo_name == "AES-192")
64 {
65 opts.key_spec = Key_Length_Specification(kCCKeySizeAES192);
66 }
67 else if(algo_name == "AES-256")
68 {
69 opts.key_spec = Key_Length_Specification(kCCKeySizeAES256);
70 }
71 else
72 {
73 throw CommonCrypto_Error("Unknown AES algorithm");
74 }
75 }
76 else if(algo_name == "DES")
77 {
78 opts.algo = kCCAlgorithmDES;
79 opts.block_size = kCCBlockSizeDES;
80 opts.key_spec = Key_Length_Specification(kCCKeySizeDES);
81 }
82 else if(algo_name == "TripleDES")
83 {
84 opts.algo = kCCAlgorithm3DES;
85 opts.block_size = kCCBlockSize3DES;
86 opts.key_spec = Key_Length_Specification(16, kCCKeySize3DES, 8);
87 }
88 else if(algo_name == "Blowfish")
89 {
90 opts.algo = kCCAlgorithmBlowfish;
91 opts.block_size = kCCBlockSizeBlowfish;
92 opts.key_spec = Key_Length_Specification(1, kCCKeySizeMaxBlowfish, 1);
93 }
94 else if(algo_name == "CAST-128")
95 {
96 opts.algo = kCCAlgorithmCAST;
97 opts.block_size = kCCBlockSizeCAST;
98 // Botan's base implementation of CAST does not support shorter keys
99 // so we limit its minimum key size to 11 here.
100 opts.key_spec = Key_Length_Specification(11, kCCKeySizeMaxCAST, 1);
101 }
102 else
103 {
104 throw CommonCrypto_Error("Unsupported cipher");
105 }
106
107 return opts;
108 }
Key_Length_Specification key_spec

References Botan::CommonCryptor_Opts::algo, Botan::CommonCryptor_Opts::block_size, and Botan::CommonCryptor_Opts::key_spec.

Referenced by commoncrypto_opts_from_algo(), and make_commoncrypto_block_cipher().

◆ constant_time_compare()

bool Botan::constant_time_compare ( const uint8_t  x[],
const uint8_t  y[],
size_t  len 
)
inline

◆ copy_mem()

template<typename T >
void Botan::copy_mem ( T out,
const T in,
size_t  n 
)
inline

Copy memory

Parameters
outthe destination array
inthe source array
nthe number of elements of in/out

Definition at line 133 of file mem_ops.h.

134 {
135 static_assert(std::is_trivial<typename std::decay<T>::type>::value, "");
136 BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr,
137 "If n > 0 then args are not null");
138
139 if(in != nullptr && out != nullptr && n > 0)
140 {
141 std::memmove(out, in, sizeof(T)*n);
142 }
143 }
#define BOTAN_ASSERT_IMPLICATION(expr1, expr2, msg)
Definition assert.h:94

References BOTAN_ASSERT_IMPLICATION, and T.

Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), aont_package(), aont_unpackage(), bigint_shl1(), bigint_shl2(), bigint_shr1(), bigint_shr2(), botan_privkey_ed25519_get_privkey(), botan_privkey_x25519_get_privkey(), botan_pubkey_ed25519_get_pubkey(), botan_pubkey_x25519_get_pubkey(), buffer_insert(), buffer_insert(), commoncrypto_adjust_key_size(), Botan::Streebog::compress_64(), Botan::Sodium::crypto_auth_hmacsha512256(), Botan::Sodium::crypto_box_curve25519xsalsa20poly1305_seed_keypair(), curve25519_donna(), ed25519_gen_keypair(), Botan::BigInt::encode(), Botan::BigInt::encode_words(), Botan::CryptoBox::encrypt(), Botan::FE_25519::FE_25519(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::TLS::Stream_Handshake_IO::format(), Botan::CCM_Mode::format_b0(), Botan::CCM_Mode::format_c0(), Botan::TPM_Context::gen_random(), Botan::BER_Decoder::get_next_value(), Botan::GHASH::ghash_update(), hkdf_expand_label(), Botan::HKDF_Extract::kdf(), Botan::HKDF_Expand::kdf(), Botan::KDF1::kdf(), Botan::KDF1_18033::kdf(), Botan::KDF2::kdf(), Botan::X942_PRF::kdf(), Botan::SP800_108_Counter::kdf(), Botan::SP800_108_Feedback::kdf(), Botan::SP800_108_Pipeline::kdf(), mceies_encrypt(), mceliece_decrypt(), Botan::Montgomery_Params::mul_by(), Botan::Montgomery_Params::mul_by(), nist_key_unwrap_padded(), nist_key_wrap_padded(), operator^(), Botan::PKCS5_PBKDF1::pbkdf(), Botan::DataSource_Memory::peek(), Botan::CBC_Decryption::process(), Botan::CFB_Encryption::process(), Botan::DataSource_Memory::read(), Botan::Blowfish::salted_set_key(), Botan::CTR_BE::seek(), Botan::TLS::Session_Keys::Session_Keys(), Botan::CFB_Mode::shift_register(), Botan::RTSS_Share::split(), Botan::polyn_gf2m::sqmod_init(), Botan::Montgomery_Params::square_this(), Botan::Buffered_Filter::write(), Botan::Hex_Encoder::write(), Botan::Base64_Encoder::write(), Botan::Base64_Decoder::write(), Botan::Hex_Decoder::write(), Botan::ChaCha::write_keystream(), and Botan_FFI::write_output().

◆ copy_out_be()

template<typename T >
void Botan::copy_out_be ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 658 of file loadstor.h.

659 {
660 while(out_bytes >= sizeof(T))
661 {
662 store_be(in[0], out);
663 out += sizeof(T);
664 out_bytes -= sizeof(T);
665 in += 1;
666 }
667
668 for(size_t i = 0; i != out_bytes; ++i)
669 out[i] = get_byte(i%8, in[0]);
670 }
void store_be(uint16_t in, uint8_t out[2])
Definition loadstor.h:438

References get_byte(), store_be(), and T.

Referenced by copy_out_vec_be().

◆ copy_out_le()

template<typename T >
void Botan::copy_out_le ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

Definition at line 679 of file loadstor.h.

680 {
681 while(out_bytes >= sizeof(T))
682 {
683 store_le(in[0], out);
684 out += sizeof(T);
685 out_bytes -= sizeof(T);
686 in += 1;
687 }
688
689 for(size_t i = 0; i != out_bytes; ++i)
690 out[i] = get_byte(sizeof(T) - 1 - (i % 8), in[0]);
691 }

References get_byte(), store_le(), and T.

Referenced by Botan::SHAKE_128_Cipher::cipher(), copy_out_vec_le(), and Botan::Sodium::crypto_core_hsalsa20().

◆ copy_out_vec_be()

template<typename T , typename Alloc >
void Botan::copy_out_vec_be ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 673 of file loadstor.h.

674 {
675 copy_out_be(out, out_bytes, in.data());
676 }
void copy_out_be(uint8_t out[], size_t out_bytes, const T in[])
Definition loadstor.h:658

References copy_out_be().

◆ copy_out_vec_le()

template<typename T , typename Alloc >
void Botan::copy_out_vec_le ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

Definition at line 694 of file loadstor.h.

695 {
696 copy_out_le(out, out_bytes, in.data());
697 }
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition loadstor.h:679

References copy_out_le().

Referenced by Botan::SHA_3::expand().

◆ create_alt_name()

AlternativeName Botan::create_alt_name ( const Data_Store info)

Definition at line 186 of file datastor.cpp.

187 {
188 auto names = info.search_for(
189 [](const std::string& key, const std::string&)
190 {
191 return (key == "RFC822" ||
192 key == "DNS" ||
193 key == "URI" ||
194 key == "IP");
195 });
196
197 AlternativeName alt_name;
198
199 for(auto i = names.begin(); i != names.end(); ++i)
200 alt_name.add_attribute(i->first, i->second);
201
202 return alt_name;
203 }
std::multimap< std::string, std::string > search_for(std::function< bool(std::string, std::string)> predicate) const
Definition datastor.cpp:35

References Botan::AlternativeName::add_attribute(), and Botan::Data_Store::search_for().

◆ create_dn()

X509_DN Botan::create_dn ( const Data_Store info)

Definition at line 167 of file datastor.cpp.

168 {
169 auto names = info.search_for(
170 [](const std::string& key, const std::string&)
171 {
172 return (key.find("X520.") != std::string::npos);
173 });
174
175 X509_DN dn;
176
177 for(auto i = names.begin(); i != names.end(); ++i)
178 dn.add_attribute(i->first, i->second);
179
180 return dn;
181 }

References Botan::X509_DN::add_attribute(), and Botan::Data_Store::search_for().

◆ create_hex_fingerprint() [1/2]

template<typename Alloc >
std::string Botan::create_hex_fingerprint ( const std::vector< uint8_t, Alloc > &  vec,
const std::string &  hash_name 
)

Definition at line 320 of file pk_keys.h.

322 {
323 return create_hex_fingerprint(vec.data(), vec.size(), hash_name);
324 }
std::string create_hex_fingerprint(const uint8_t bits[], size_t bits_len, const std::string &hash_name)
Definition pk_keys.cpp:17

References create_hex_fingerprint().

◆ create_hex_fingerprint() [2/2]

std::string Botan::create_hex_fingerprint ( const uint8_t  bits[],
size_t  bits_len,
const std::string &  hash_name 
)

Definition at line 17 of file pk_keys.cpp.

20 {
21 std::unique_ptr<HashFunction> hash_fn(HashFunction::create_or_throw(hash_name));
22 const std::string hex_hash = hex_encode(hash_fn->process(bits, bits_len));
23
24 std::string fprint;
25
26 for(size_t i = 0; i != hex_hash.size(); i += 2)
27 {
28 if(i != 0)
29 fprint.push_back(':');
30
31 fprint.push_back(hex_hash[i]);
32 fprint.push_back(hex_hash[i+1]);
33 }
34
35 return fprint;
36 }
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition hex.cpp:31

References Botan::HashFunction::create_or_throw(), and hex_encode().

Referenced by create_hex_fingerprint(), Botan::X509_Certificate::fingerprint(), Botan::Private_Key::fingerprint_private(), and Botan::Public_Key::fingerprint_public().

◆ create_private_key()

std::unique_ptr< Private_Key > Botan::create_private_key ( const std::string &  algo_name,
RandomNumberGenerator rng,
const std::string &  algo_params = "",
const std::string &  provider = "" 
)

Create a new key For ECC keys, algo_params specifies EC group (eg, "secp256r1") For DH/DSA/ElGamal keys, algo_params is DL group (eg, "modp/ietf/2048") For RSA, algo_params is integer keylength For McEliece, algo_params is n,t If algo_params is left empty, suitable default parameters are chosen.

Definition at line 260 of file pk_algs.cpp.

264 {
265 /*
266 * Default paramaters are chosen for work factor > 2**128 where possible
267 */
268
269#if defined(BOTAN_HAS_CURVE_25519)
270 if(alg_name == "Curve25519")
271 return std::unique_ptr<Private_Key>(new Curve25519_PrivateKey(rng));
272#endif
273
274#if defined(BOTAN_HAS_RSA)
275 if(alg_name == "RSA")
276 {
277 const size_t rsa_bits = (params.empty() ? 3072 : to_u32bit(params));
278 return std::unique_ptr<Private_Key>(new RSA_PrivateKey(rng, rsa_bits));
279 }
280#endif
281
282#if defined(BOTAN_HAS_MCELIECE)
283 if(alg_name == "McEliece")
284 {
285 std::vector<std::string> mce_param =
286 Botan::split_on(params.empty() ? "2960,57" : params, ',');
287
288 if(mce_param.size() != 2)
289 throw Invalid_Argument("create_private_key bad McEliece parameters " + params);
290
291 size_t mce_n = Botan::to_u32bit(mce_param[0]);
292 size_t mce_t = Botan::to_u32bit(mce_param[1]);
293
294 return std::unique_ptr<Botan::Private_Key>(new Botan::McEliece_PrivateKey(rng, mce_n, mce_t));
295 }
296#endif
297
298#if defined(BOTAN_HAS_XMSS_RFC8391)
299 if(alg_name == "XMSS")
300 {
301 return std::unique_ptr<Private_Key>(
302 new XMSS_PrivateKey(XMSS_Parameters(params.empty() ? "XMSS-SHA2_10_512" : params).oid(), rng));
303 }
304#endif
305
306#if defined(BOTAN_HAS_ED25519)
307 if(alg_name == "Ed25519")
308 {
309 return std::unique_ptr<Private_Key>(new Ed25519_PrivateKey(rng));
310 }
311#endif
312
313 // ECC crypto
314#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO)
315
316 if(alg_name == "ECDSA" ||
317 alg_name == "ECDH" ||
318 alg_name == "ECKCDSA" ||
319 alg_name == "ECGDSA" ||
320 alg_name == "SM2" ||
321 alg_name == "SM2_Sig" ||
322 alg_name == "SM2_Enc" ||
323 alg_name == "GOST-34.10" ||
324 alg_name == "GOST-34.10-2012-256" ||
325 alg_name == "GOST-34.10-2012-512")
326 {
327 const EC_Group ec_group(params.empty() ? default_ec_group_for(alg_name) : params);
328
329#if defined(BOTAN_HAS_ECDSA)
330 if(alg_name == "ECDSA")
331 return std::unique_ptr<Private_Key>(new ECDSA_PrivateKey(rng, ec_group));
332#endif
333
334#if defined(BOTAN_HAS_ECDH)
335 if(alg_name == "ECDH")
336 return std::unique_ptr<Private_Key>(new ECDH_PrivateKey(rng, ec_group));
337#endif
338
339#if defined(BOTAN_HAS_ECKCDSA)
340 if(alg_name == "ECKCDSA")
341 return std::unique_ptr<Private_Key>(new ECKCDSA_PrivateKey(rng, ec_group));
342#endif
343
344#if defined(BOTAN_HAS_GOST_34_10_2001)
345 if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512")
346 return std::unique_ptr<Private_Key>(new GOST_3410_PrivateKey(rng, ec_group));
347#endif
348
349#if defined(BOTAN_HAS_SM2)
350 if(alg_name == "SM2" || alg_name == "SM2_Sig" || alg_name == "SM2_Enc")
351 return std::unique_ptr<Private_Key>(new SM2_PrivateKey(rng, ec_group));
352#endif
353
354#if defined(BOTAN_HAS_ECGDSA)
355 if(alg_name == "ECGDSA")
356 return std::unique_ptr<Private_Key>(new ECGDSA_PrivateKey(rng, ec_group));
357#endif
358 }
359#endif
360
361 // DL crypto
362#if defined(BOTAN_HAS_DL_GROUP)
363 if(alg_name == "DH" || alg_name == "DSA" || alg_name == "ElGamal")
364 {
365 std::string default_group = (alg_name == "DSA") ? "dsa/botan/2048" : "modp/ietf/2048";
366 DL_Group modp_group(params.empty() ? default_group : params);
367
368#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
369 if(alg_name == "DH")
370 return std::unique_ptr<Private_Key>(new DH_PrivateKey(rng, modp_group));
371#endif
372
373#if defined(BOTAN_HAS_DSA)
374 if(alg_name == "DSA")
375 return std::unique_ptr<Private_Key>(new DSA_PrivateKey(rng, modp_group));
376#endif
377
378#if defined(BOTAN_HAS_ELGAMAL)
379 if(alg_name == "ElGamal")
380 return std::unique_ptr<Private_Key>(new ElGamal_PrivateKey(rng, modp_group));
381#endif
382 }
383#endif
384
385 BOTAN_UNUSED(alg_name, rng, params, provider);
386
387 return std::unique_ptr<Private_Key>();
388 }

References BOTAN_UNUSED, split_on(), and to_u32bit().

Referenced by botan_privkey_create().

◆ ct_compare_u8()

uint8_t Botan::ct_compare_u8 ( const uint8_t  x[],
const uint8_t  y[],
size_t  len 
)

Memory comparison, input insensitive

Parameters
xa pointer to an array
ya pointer to another array
lenthe number of Ts in x and y
Returns
0xFF iff x[i] == y[i] forall i in [0...n) or 0x00 otherwise

Definition at line 56 of file mem_ops.cpp.

59 {
60 volatile uint8_t difference = 0;
61
62 for(size_t i = 0; i != len; ++i)
63 difference |= (x[i] ^ y[i]);
64
65 return CT::Mask<uint8_t>::is_zero(difference).value();
66 }
T value() const
Definition ct_utils.h:351

References Botan::CT::Mask< T >::is_zero().

Referenced by constant_time_compare(), and oaep_find_delim().

◆ ct_divide() [1/2]

BigInt Botan::ct_divide ( const BigInt x,
const BigInt y 
)
inline

BigInt division, const time variant

This runs with control flow independent of the values of x/y. Warning: the loop bounds still leak the sizes of x and y.

Parameters
xan integer
ya non-zero integer
Returns
x/y with remainder discarded

Definition at line 63 of file divide.h.

64 {
65 BigInt q, r;
66 ct_divide(x, y, q, r);
67 return q;
68 }
void ct_divide(const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out)
Definition divide.cpp:52

References ct_divide().

◆ ct_divide() [2/2]

void Botan::ct_divide ( const BigInt x,
const BigInt y,
BigInt q,
BigInt r 
)

BigInt division, const time variant

This runs with control flow independent of the values of x/y. Warning: the loop bounds still leak the sizes of x and y.

Parameters
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

Definition at line 52 of file divide.cpp.

53 {
54 const size_t x_words = x.sig_words();
55 const size_t y_words = y.sig_words();
56
57 const size_t x_bits = x.bits();
58
59 BigInt q(BigInt::Positive, x_words);
60 BigInt r(BigInt::Positive, y_words);
61 BigInt t(BigInt::Positive, y_words); // a temporary
62
63 for(size_t i = 0; i != x_bits; ++i)
64 {
65 const size_t b = x_bits - 1 - i;
66 const bool x_b = x.get_bit(b);
67
68 r *= 2;
69 r.conditionally_set_bit(0, x_b);
70
71 const bool r_gte_y = bigint_sub3(t.mutable_data(), r.data(), r.size(), y.data(), y_words) == 0;
72
73 q.conditionally_set_bit(b, r_gte_y);
74 r.ct_cond_swap(r_gte_y, t);
75 }
76
77 sign_fixup(x, y, q, r);
78 r_out = r;
79 q_out = q;
80 }
size_t sig_words() const
Definition bigint.h:586
void conditionally_set_bit(size_t n, bool set_it)
Definition bigint.cpp:260
size_t size() const
Definition bigint.h:580
const word * data() const
Definition bigint.h:620
size_t bits() const
Definition bigint.cpp:296
void ct_cond_swap(bool predicate, BigInt &other)
Definition bigint.cpp:466
bool get_bit(size_t n) const
Definition bigint.h:465

References bigint_sub3(), Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::BigInt::ct_cond_swap(), Botan::BigInt::data(), Botan::BigInt::get_bit(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by ct_divide(), Botan::FPE_FE1::decrypt(), divide(), Botan::FPE_FE1::encrypt(), lcm(), and Botan::Modular_Reducer::Modular_Reducer().

◆ ct_divide_u8()

void Botan::ct_divide_u8 ( const BigInt x,
uint8_t  y,
BigInt q,
uint8_t &  r 
)

BigInt division, const time variant

This runs with control flow independent of the values of x/y. Warning: the loop bounds still leak the sizes of x and y.

Parameters
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

Definition at line 82 of file divide.cpp.

83 {
84 const size_t x_words = x.sig_words();
85 const size_t x_bits = x.bits();
86
87 BigInt q(BigInt::Positive, x_words);
88 uint32_t r = 0;
89
90 for(size_t i = 0; i != x_bits; ++i)
91 {
92 const size_t b = x_bits - 1 - i;
93 const bool x_b = x.get_bit(b);
94
95 r *= 2;
96 r += x_b;
97
98 const auto r_gte_y = CT::Mask<uint32_t>::is_gte(r, y);
99
100 q.conditionally_set_bit(b, r_gte_y.is_set());
101 r = r_gte_y.select(r - y, r);
102 }
103
104 if(x.is_negative())
105 {
106 q.flip_sign();
107 if(r != 0)
108 {
109 --q;
110 r = y - r;
111 }
112 }
113
114 r_out = static_cast<uint8_t>(r);
115 q_out = q;
116 }
void flip_sign()
Definition bigint.h:554
bool is_negative() const
Definition bigint.h:527

References Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::BigInt::flip_sign(), Botan::BigInt::get_bit(), Botan::CT::Mask< T >::is_gte(), Botan::BigInt::is_negative(), Botan::BigInt::Positive, and Botan::BigInt::sig_words().

Referenced by operator/(), and Botan::BigInt::to_dec_string().

◆ ct_inverse_mod_odd_modulus()

BigInt Botan::ct_inverse_mod_odd_modulus ( const BigInt x,
const BigInt modulus 
)

Deprecated modular inversion function. Use inverse_mod instead.

Definition at line 322 of file mod_inv.cpp.

323 {
324 return inverse_mod_odd_modulus(n, mod);
325 }

◆ ct_is_zero()

template<typename T >
T Botan::ct_is_zero ( T  x)
inline

If arg is zero, return ~0. Otherwise return 0

Definition at line 32 of file bit_ops.h.

33 {
34 return expand_top_bit<T>(~x & (x - 1));
35 }

Referenced by ctz().

◆ ct_modulo()

BigInt Botan::ct_modulo ( const BigInt x,
const BigInt modulo 
)

BigInt modulo, const time variant

Using this function is (slightly) cheaper than calling ct_divide and using only the remainder.

Parameters
xa non-negative integer
moduloa positive integer
Returns
result x % modulo

Definition at line 118 of file divide.cpp.

119 {
120 if(y.is_negative() || y.is_zero())
121 throw Invalid_Argument("ct_modulo requires y > 0");
122
123 const size_t y_words = y.sig_words();
124
125 const size_t x_bits = x.bits();
126
127 BigInt r(BigInt::Positive, y_words);
128 BigInt t(BigInt::Positive, y_words);
129
130 for(size_t i = 0; i != x_bits; ++i)
131 {
132 const size_t b = x_bits - 1 - i;
133 const bool x_b = x.get_bit(b);
134
135 r *= 2;
136 r.conditionally_set_bit(0, x_b);
137
138 const bool r_gte_y = bigint_sub3(t.mutable_data(), r.data(), r.size(), y.data(), y_words) == 0;
139
140 r.ct_cond_swap(r_gte_y, t);
141 }
142
143 if(x.is_negative())
144 {
145 if(r.is_nonzero())
146 {
147 r = y - r;
148 }
149 }
150
151 return r;
152 }

References bigint_sub3(), Botan::BigInt::bits(), Botan::BigInt::conditionally_set_bit(), Botan::BigInt::ct_cond_swap(), Botan::BigInt::data(), Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), and Botan::BigInt::size().

Referenced by Botan::RSA_PrivateKey::check_key(), inverse_mod(), Botan::Modular_Reducer::reduce(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ ctz()

template<typename T >
size_t Botan::ctz ( T  n)
inline

Count the trailing zero bits in n

Parameters
nan integer value
Returns
maximum x st 2^x divides n

Definition at line 99 of file bit_ops.h.

100 {
101 /*
102 * If n == 0 then this function will compute 8*sizeof(T)-1, so
103 * initialize lb to 1 if n == 0 to produce the expected result.
104 */
105 size_t lb = ct_is_zero(n) & 1;
106
107 for(size_t s = 8*sizeof(T) / 2; s > 0; s /= 2)
108 {
109 const T mask = (static_cast<T>(1) << s) - 1;
110 const size_t z = s * (ct_is_zero(n & mask) & 1);
111 lb += z;
112 n >>= z;
113 }
114
115 return lb;
116 }
T ct_is_zero(T x)
Definition bit_ops.h:32

References ct_is_zero(), and T.

Referenced by low_zero_bits().

◆ curve25519_basepoint()

void Botan::curve25519_basepoint ( uint8_t  mypublic[32],
const uint8_t  secret[32] 
)

Exponentiate by the x25519 base point

Parameters
mypublicoutput value
secretrandom scalar

Definition at line 16 of file curve25519.cpp.

17 {
18 const uint8_t basepoint[32] = { 9 };
19 curve25519_donna(mypublic, secret, basepoint);
20 }

References curve25519_donna().

Referenced by CECPQ1_accept(), CECPQ1_offer(), Botan::Curve25519_PrivateKey::check_key(), Botan::Sodium::crypto_scalarmult_curve25519_base(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), and Botan::Curve25519_PrivateKey::Curve25519_PrivateKey().

◆ curve25519_donna()

void Botan::curve25519_donna ( uint8_t  mypublic[32],
const uint8_t  secret[32],
const uint8_t  basepoint[32] 
)

Definition at line 440 of file donna.cpp.

441 {
442 CT::poison(secret, 32);
443 CT::poison(basepoint, 32);
444
445 uint64_t bp[5], x[5], z[5], zmone[5];
446 uint8_t e[32];
447
448 copy_mem(e, secret, 32);
449 e[ 0] &= 248;
450 e[31] &= 127;
451 e[31] |= 64;
452
453 fexpand(bp, basepoint);
454 cmult(x, z, e, bp);
455 crecip(zmone, z);
456 fmul(z, x, zmone);
457 fcontract(mypublic, z);
458
459 CT::unpoison(secret, 32);
460 CT::unpoison(basepoint, 32);
461 CT::unpoison(mypublic, 32);
462 }

References copy_mem(), Botan::CT::poison(), and Botan::CT::unpoison().

Referenced by CECPQ1_accept(), CECPQ1_finish(), Botan::Sodium::crypto_scalarmult_curve25519(), and curve25519_basepoint().

◆ deallocate_memory()

void Botan::deallocate_memory ( void *  p,
size_t  elems,
size_t  elem_size 
)

Free a pointer returned by allocate_memory

Parameters
pthe pointer returned by allocate_memory
elemsthe number of elements, as passed to allocate_memory
elem_sizethe size of each element, as passed to allocate_memory

Definition at line 34 of file mem_ops.cpp.

35 {
36 if(p == nullptr)
37 return;
38
39 secure_scrub_memory(p, elems * elem_size);
40
41#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
42 if(mlock_allocator::instance().deallocate(p, elems, elem_size))
43 return;
44#endif
45
46 std::free(p);
47 }
void secure_scrub_memory(void *ptr, size_t n)
Definition os_utils.cpp:66

References Botan::mlock_allocator::instance(), and secure_scrub_memory().

Referenced by Botan::secure_allocator< T >::deallocate().

◆ decode_gf2m()

gf2m Botan::decode_gf2m ( const uint8_t *  mem)

Definition at line 103 of file gf2m_small_m.cpp.

104 {
105 gf2m result;
106 result = mem[0] << 8;
107 result |= mem[1];
108 return result;
109 }
uint16_t gf2m

Referenced by Botan::polyn_gf2m::polyn_gf2m().

◆ divide()

void Botan::divide ( const BigInt x,
const BigInt y,
BigInt q,
BigInt r 
)
inline

Definition at line 45 of file divide.h.

49 {
50 ct_divide(x, y, q, r);
51 }

References ct_divide().

◆ dl_exponent_size()

size_t Botan::dl_exponent_size ( size_t  prime_group_size)

Return the appropriate exponent size to use for a particular prime group. This is twice the size of the estimated cost of breaking the key using an index calculus attack; the assumption is that if an arbitrary discrete log on a group of size bits would take about 2^n effort, and thus using an exponent of size 2^(2*n) implies that all available attacks are about as easy (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) operations) while minimizing the exponent size for performance reasons.

Definition at line 52 of file workfactor.cpp.

53 {
54 /*
55 This uses a slightly tweaked version of the standard work factor
56 function above. It assumes k is 1 (thus overestimating the strength
57 of the prime group by 5-6 bits), and always returns at least 128 bits
58 (this only matters for very small primes).
59 */
60 const size_t min_workfactor = 64;
61 const double log2_k = 0;
62
63 return 2 * std::max<size_t>(min_workfactor, nfs_workfactor(bits, log2_k));
64 }

Referenced by Botan::DL_Group::DL_Group().

◆ dl_work_factor()

size_t Botan::dl_work_factor ( size_t  prime_group_size)

Estimate work factor for discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

Definition at line 46 of file workfactor.cpp.

47 {
48 // Lacking better estimates...
49 return if_work_factor(bits);
50 }
size_t if_work_factor(size_t bits)

References if_work_factor().

◆ do_throw_error()

template<typename E , typename... Args>
void Botan::do_throw_error ( const char *  file,
int  line,
const char *  func,
Args...  args 
)
inline

Definition at line 434 of file exceptn.h.

435 {
436 throw E(file, line, func, args...);
437 }

◆ EC2OSP()

secure_vector< uint8_t > Botan::EC2OSP ( const PointGFp point,
uint8_t  format 
)
inline

Definition at line 385 of file point_gfp.h.

386 {
387 std::vector<uint8_t> enc = point.encode(static_cast<PointGFp::Compression_Type>(format));
388 return secure_vector<uint8_t>(enc.begin(), enc.end());
389 }
std::vector< uint8_t > encode(PointGFp::Compression_Type format) const

References Botan::PointGFp::encode().

◆ ecp_work_factor()

size_t Botan::ecp_work_factor ( size_t  prime_group_size)

Estimate work factor for EC discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

Definition at line 14 of file workfactor.cpp.

15 {
16 return bits / 2;
17 }

Referenced by Botan::EC_PublicKey::estimated_strength().

◆ ed25519_gen_keypair() [1/2]

void Botan::ed25519_gen_keypair ( uint8_t *  pk,
uint8_t *  sk,
const uint8_t  seed[32] 
)

Definition at line 18 of file ed25519.cpp.

19 {
20 uint8_t az[64];
21
22 SHA_512 sha;
23 sha.update(seed, 32);
24 sha.final(az);
25 az[0] &= 248;
26 az[31] &= 63;
27 az[31] |= 64;
28
29 ge_scalarmult_base(pk, az);
30
31 // todo copy_mem
32 copy_mem(sk, seed, 32);
33 copy_mem(sk + 32, pk, 32);
34 }
void update(const uint8_t in[], size_t length)
Definition buf_comp.h:33
void final(uint8_t out[])
Definition buf_comp.h:83
void ge_scalarmult_base(uint8_t out[32], const uint8_t in[32])
Definition ge.cpp:2118

References copy_mem(), Botan::Buffered_Computation::final(), ge_scalarmult_base(), and Botan::Buffered_Computation::update().

Referenced by Botan::Sodium::crypto_sign_ed25519_seed_keypair(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), and Botan::Ed25519_PrivateKey::Ed25519_PrivateKey().

◆ ed25519_gen_keypair() [2/2]

void Botan::ed25519_gen_keypair ( uint8_t  pk[32],
uint8_t  sk[64],
const uint8_t  seed[32] 
)

◆ ed25519_sign()

void Botan::ed25519_sign ( uint8_t  sig[64],
const uint8_t  m[],
size_t  mlen,
const uint8_t  sk[64],
const uint8_t  domain_sep[],
size_t  domain_sep_len 
)

Definition at line 36 of file ed25519.cpp.

40 {
41 uint8_t az[64];
42 uint8_t nonce[64];
43 uint8_t hram[64];
44
45 SHA_512 sha;
46
47 sha.update(sk, 32);
48 sha.final(az);
49 az[0] &= 248;
50 az[31] &= 63;
51 az[31] |= 64;
52
53 sha.update(domain_sep, domain_sep_len);
54 sha.update(az + 32, 32);
55 sha.update(m, mlen);
56 sha.final(nonce);
57
58 sc_reduce(nonce);
59 ge_scalarmult_base(sig, nonce);
60
61 sha.update(domain_sep, domain_sep_len);
62 sha.update(sig, 32);
63 sha.update(sk + 32, 32);
64 sha.update(m, mlen);
65 sha.final(hram);
66
67 sc_reduce(hram);
68 sc_muladd(sig + 32, hram, az, nonce);
69 }
void sc_reduce(uint8_t *)
Definition sc_reduce.cpp:25
void sc_muladd(uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
Definition sc_muladd.cpp:26

References Botan::Buffered_Computation::final(), ge_scalarmult_base(), sc_muladd(), sc_reduce(), and Botan::Buffered_Computation::update().

Referenced by Botan::Sodium::crypto_sign_ed25519_detached().

◆ ed25519_verify() [1/2]

bool Botan::ed25519_verify ( const uint8_t *  m,
size_t  mlen,
const uint8_t  sig[64],
const uint8_t *  pk,
const uint8_t  domain_sep[],
size_t  domain_sep_len 
)

Definition at line 71 of file ed25519.cpp.

75 {
76 uint8_t h[64];
77 uint8_t rcheck[32];
78 ge_p3 A;
79 SHA_512 sha;
80
81 if(sig[63] & 224)
82 {
83 return false;
84 }
85 if(ge_frombytes_negate_vartime(&A, pk) != 0)
86 {
87 return false;
88 }
89
90 sha.update(domain_sep, domain_sep_len);
91 sha.update(sig, 32);
92 sha.update(pk, 32);
93 sha.update(m, mlen);
94 sha.final(h);
95 sc_reduce(h);
96
97 ge_double_scalarmult_vartime(rcheck, h, &A, sig + 32);
98
99 return constant_time_compare(rcheck, sig, 32);
100 }
void ge_double_scalarmult_vartime(uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])

References constant_time_compare(), Botan::Buffered_Computation::final(), ge_double_scalarmult_vartime(), ge_frombytes_negate_vartime(), sc_reduce(), and Botan::Buffered_Computation::update().

Referenced by Botan::Sodium::crypto_sign_ed25519_verify_detached().

◆ ed25519_verify() [2/2]

bool Botan::ed25519_verify ( const uint8_t  msg[],
size_t  msg_len,
const uint8_t  sig[64],
const uint8_t  pk[32],
const uint8_t  domain_sep[],
size_t  domain_sep_len 
)

◆ encode_gf2m()

uint32_t Botan::encode_gf2m ( gf2m  to_enc,
uint8_t *  mem 
)

Definition at line 96 of file gf2m_small_m.cpp.

97 {
98 mem[0] = to_enc >> 8;
99 mem[1] = to_enc & 0xFF;
100 return sizeof(to_enc);
101 }

◆ erase_chars()

std::string Botan::erase_chars ( const std::string &  str,
const std::set< char > &  chars 
)

Erase characters from a string

Definition at line 292 of file parsing.cpp.

293 {
294 std::string out;
295
296 for(auto c: str)
297 if(chars.count(c) == 0)
298 out += c;
299
300 return out;
301 }

◆ expand_mask_16bit()

template<typename T >
uint16_t Botan::expand_mask_16bit ( T  tst)

Expand an input to a bit mask depending on it being being zero or non-zero

Parameters
tstthe input
Returns
the mask 0xFFFF if tst is non-zero and 0 otherwise

Definition at line 25 of file code_based_util.h.

26 {
27 const uint16_t result = (tst != 0);
28 return ~(result - 1);
29 }

Referenced by Botan::polyn_gf2m::calc_degree_secure(), Botan::polyn_gf2m::eea_with_coefficients(), and Botan::polyn_gf2m::patchup_deg_secure().

◆ expand_top_bit()

template<typename T >
T Botan::expand_top_bit ( T  a)
inline

If top bit of arg is set, return ~0. Otherwise return 0.

Definition at line 23 of file bit_ops.h.

24 {
25 return static_cast<T>(0) - (a >> (sizeof(T)*8-1));
26 }

References T.

Referenced by Botan::CT::Mask< T >::is_any_of(), and Botan::CT::Mask< T >::is_within_range().

◆ fe_0()

void Botan::fe_0 ( fe x)
inline

Definition at line 170 of file ed25519_fe.h.

171 {
172 x = FE_25519();
173 }

◆ fe_1()

void Botan::fe_1 ( fe x)
inline

Definition at line 175 of file ed25519_fe.h.

176 {
177 x = FE_25519(1);
178 }

Referenced by ge_frombytes_negate_vartime().

◆ fe_add()

void Botan::fe_add ( fe x,
const fe a,
const fe b 
)
inline

Definition at line 180 of file ed25519_fe.h.

181 {
182 x = FE_25519::add(a, b);
183 }

References Botan::FE_25519::add().

Referenced by ge_frombytes_negate_vartime().

◆ fe_copy()

void Botan::fe_copy ( fe a,
const fe b 
)
inline

Definition at line 154 of file ed25519_fe.h.

155 {
156 a = b;
157 }

◆ fe_frombytes()

void Botan::fe_frombytes ( fe x,
const uint8_t *  b 
)
inline

Definition at line 144 of file ed25519_fe.h.

145 {
146 x.from_bytes(b);
147 }
void from_bytes(const uint8_t b[32])

References Botan::FE_25519::from_bytes().

Referenced by ge_frombytes_negate_vartime().

◆ fe_invert()

void Botan::fe_invert ( fe x,
const fe z 
)
inline

Definition at line 215 of file ed25519_fe.h.

216 {
217 x = FE_25519::invert(z);
218 }

References Botan::FE_25519::invert().

◆ fe_isnegative()

int Botan::fe_isnegative ( const fe x)
inline

Definition at line 164 of file ed25519_fe.h.

165 {
166 return x.is_negative();
167 }
bool is_negative() const
Definition ed25519_fe.h:86

References Botan::FE_25519::is_negative().

Referenced by ge_frombytes_negate_vartime().

◆ fe_isnonzero()

int Botan::fe_isnonzero ( const fe x)
inline

Definition at line 159 of file ed25519_fe.h.

160 {
161 return x.is_zero() ? 0 : 1;
162 }
bool is_zero() const
Definition ed25519_fe.h:69

References Botan::FE_25519::is_zero().

Referenced by ge_frombytes_negate_vartime().

◆ fe_mul()

void Botan::fe_mul ( fe x,
const fe a,
const fe b 
)
inline

Definition at line 195 of file ed25519_fe.h.

196 {
197 x = FE_25519::mul(a, b);
198 }

References Botan::FE_25519::mul().

Referenced by ge_frombytes_negate_vartime(), Botan::FE_25519::invert(), and Botan::FE_25519::pow_22523().

◆ fe_neg()

void Botan::fe_neg ( fe x,
const fe z 
)
inline

Definition at line 190 of file ed25519_fe.h.

191 {
192 x = FE_25519::negate(z);
193 }

References Botan::FE_25519::negate().

Referenced by ge_frombytes_negate_vartime().

◆ fe_pow22523()

void Botan::fe_pow22523 ( fe x,
const fe y 
)
inline

Definition at line 220 of file ed25519_fe.h.

221 {
222 x = FE_25519::pow_22523(y);
223 }

References Botan::FE_25519::pow_22523().

Referenced by ge_frombytes_negate_vartime().

◆ fe_sq()

void Botan::fe_sq ( fe x,
const fe z 
)
inline

Definition at line 200 of file ed25519_fe.h.

201 {
202 x = FE_25519::sqr(z);
203 }

References Botan::FE_25519::sqr().

Referenced by ge_frombytes_negate_vartime(), Botan::FE_25519::invert(), and Botan::FE_25519::pow_22523().

◆ fe_sq2()

void Botan::fe_sq2 ( fe x,
const fe z 
)
inline

Definition at line 210 of file ed25519_fe.h.

211 {
212 x = FE_25519::sqr2(z);
213 }

References Botan::FE_25519::sqr2().

◆ fe_sq_iter()

void Botan::fe_sq_iter ( fe x,
const fe z,
size_t  iter 
)
inline

Definition at line 205 of file ed25519_fe.h.

206 {
207 x = FE_25519::sqr_iter(z, iter);
208 }

References Botan::FE_25519::sqr_iter().

Referenced by Botan::FE_25519::invert(), and Botan::FE_25519::pow_22523().

◆ fe_sub()

void Botan::fe_sub ( fe x,
const fe a,
const fe b 
)
inline

Definition at line 185 of file ed25519_fe.h.

186 {
187 x = FE_25519::sub(a, b);
188 }

References Botan::FE_25519::sub().

Referenced by ge_frombytes_negate_vartime().

◆ fe_tobytes()

void Botan::fe_tobytes ( uint8_t *  b,
const fe x 
)
inline

Definition at line 149 of file ed25519_fe.h.

150 {
151 x.to_bytes(b);
152 }
void to_bytes(uint8_t b[32]) const

References Botan::FE_25519::to_bytes().

◆ find_roots_gf2m_decomp()

secure_vector< gf2m > Botan::find_roots_gf2m_decomp ( const polyn_gf2m polyn,
size_t  code_length 
)

Find the roots of a polynomial over GF(2^m) using the method by Federenko et al.

Definition at line 308 of file gf2m_rootfind_dcmp.cpp.

309 {
310 gf2m_decomp_rootfind_state state(polyn, code_length);
311 return state.find_roots(polyn);
312 }

References find_roots_gf2m_decomp().

Referenced by find_roots_gf2m_decomp().

◆ gcd()

BigInt Botan::gcd ( const BigInt x,
const BigInt y 
)

Compute the greatest common divisor

Parameters
xa positive integer
ya positive integer
Returns
gcd(x,y)

Definition at line 81 of file numthry.cpp.

82 {
83 if(a.is_zero())
84 return abs(b);
85 if(b.is_zero())
86 return abs(a);
87 if(a == 1 || b == 1)
88 return 1;
89
90 // See https://gcd.cr.yp.to/safegcd-20190413.pdf fig 1.2
91
92 BigInt f = a;
93 BigInt g = b;
96
97 f.set_sign(BigInt::Positive);
98 g.set_sign(BigInt::Positive);
99
100 const size_t common2s = std::min(low_zero_bits(f), low_zero_bits(g));
101 CT::unpoison(common2s);
102
103 f >>= common2s;
104 g >>= common2s;
105
106 f.ct_cond_swap(f.is_even(), g);
107
108 int32_t delta = 1;
109
110 const size_t loop_cnt = safegcd_loop_bound(f.bits(), g.bits());
111
112 BigInt newg, t;
113 for(size_t i = 0; i != loop_cnt; ++i)
114 {
115 sub_abs(newg, f, g);
116
117 const bool need_swap = (g.is_odd() && delta > 0);
118
119 // if(need_swap) { delta *= -1 } else { delta *= 1 }
120 delta *= CT::Mask<uint8_t>::expand(need_swap).if_not_set_return(2) - 1;
121 f.ct_cond_swap(need_swap, g);
122 g.ct_cond_swap(need_swap, newg);
123
124 delta += 1;
125
126 g.ct_cond_add(g.is_odd(), f);
127 g >>= 1;
128 }
129
130 f <<= common2s;
131
134
136
137 return f;
138 }
void ct_cond_add(bool predicate, const BigInt &value)
Definition bigint.cpp:455
bool is_odd() const
Definition bigint.h:409
void const_time_poison() const
Definition bigint.h:739
bool is_zero() const
Definition bigint.h:421
void const_time_unpoison() const
Definition bigint.h:740
void set_sign(Sign sign)
Definition bigint.h:563
T if_not_set_return(T x) const
Definition ct_utils.h:280
size_t low_zero_bits(const BigInt &n)
Definition numthry.cpp:39
BigInt abs(const BigInt &n)
Definition numthry.h:58

References abs(), Botan::BigInt::bits(), BOTAN_ASSERT_NOMSG, Botan::BigInt::const_time_poison(), Botan::BigInt::const_time_unpoison(), Botan::BigInt::ct_cond_add(), Botan::BigInt::ct_cond_swap(), Botan::CT::Mask< T >::expand(), Botan::BigInt::is_even(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), low_zero_bits(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), and Botan::CT::unpoison().

Referenced by botan_mp_gcd(), Botan::ECIES_Decryptor::ECIES_Decryptor(), generate_rsa_prime(), lcm(), and random_prime().

◆ ge_double_scalarmult_vartime() [1/2]

void Botan::ge_double_scalarmult_vartime ( uint8_t  out[32],
const uint8_t *  a,
const ge_p3 A,
const uint8_t *  b 
)

Definition at line 519 of file ge.cpp.

522 {
523 static const ge_precomp Bi[8] =
524 {
525 {
526 { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 },
527 { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 },
528 { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 },
529 },
530 {
531 { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 },
532 { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 },
533 { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 },
534 },
535 {
536 { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 },
537 { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 },
538 { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 },
539 },
540 {
541 { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 },
542 { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 },
543 { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 },
544 },
545 {
546 { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877 },
547 { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951 },
548 { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784 },
549 },
550 {
551 { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436 },
552 { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918 },
553 { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877 },
554 },
555 {
556 { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800 },
557 { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305 },
558 { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300 },
559 },
560 {
561 { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876 },
562 { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619 },
563 { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683 },
564 },
565 } ;
566
567 int8_t aslide[256];
568 int8_t bslide[256];
569 ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
570 ge_p1p1 t;
571 ge_p3 u;
572 ge_p3 A2;
573 ge_p2 r;
574 int i;
575
576 slide(aslide, a);
577 slide(bslide, b);
578
579 ge_p3_to_cached(&Ai[0], A);
580 ge_p3_dbl(&t, A);
581 ge_p1p1_to_p3(&A2, &t);
582 ge_add(&t, &A2, &Ai[0]);
583 ge_p1p1_to_p3(&u, &t);
584 ge_p3_to_cached(&Ai[1], &u);
585 ge_add(&t, &A2, &Ai[1]);
586 ge_p1p1_to_p3(&u, &t);
587 ge_p3_to_cached(&Ai[2], &u);
588 ge_add(&t, &A2, &Ai[2]);
589 ge_p1p1_to_p3(&u, &t);
590 ge_p3_to_cached(&Ai[3], &u);
591 ge_add(&t, &A2, &Ai[3]);
592 ge_p1p1_to_p3(&u, &t);
593 ge_p3_to_cached(&Ai[4], &u);
594 ge_add(&t, &A2, &Ai[4]);
595 ge_p1p1_to_p3(&u, &t);
596 ge_p3_to_cached(&Ai[5], &u);
597 ge_add(&t, &A2, &Ai[5]);
598 ge_p1p1_to_p3(&u, &t);
599 ge_p3_to_cached(&Ai[6], &u);
600 ge_add(&t, &A2, &Ai[6]);
601 ge_p1p1_to_p3(&u, &t);
602 ge_p3_to_cached(&Ai[7], &u);
603
604 ge_p2_0(&r);
605
606 for(i = 255; i >= 0; --i)
607 {
608 if(aslide[i] || bslide[i])
609 {
610 break;
611 }
612 }
613
614 for(; i >= 0; --i)
615 {
616 ge_p2_dbl(&t, &r);
617
618 if(aslide[i] > 0)
619 {
620 ge_p1p1_to_p3(&u, &t);
621 ge_add(&t, &u, &Ai[aslide[i] >> 1]);
622 }
623 else if(aslide[i] < 0)
624 {
625 ge_p1p1_to_p3(&u, &t);
626 ge_sub(&t, &u, &Ai[(-aslide[i]) >> 1]);
627 }
628
629 if(bslide[i] > 0)
630 {
631 ge_p1p1_to_p3(&u, &t);
632 ge_madd(&t, &u, &Bi[bslide[i] >> 1]);
633 }
634 else if(bslide[i] < 0)
635 {
636 ge_p1p1_to_p3(&u, &t);
637 ge_msub(&t, &u, &Bi[(-bslide[i]) >> 1]);
638 }
639
640 ge_p1p1_to_p2(&r, &t);
641 }
642
643 ge_tobytes(out, &r);
644 }

◆ ge_double_scalarmult_vartime() [2/2]

void Botan::ge_double_scalarmult_vartime ( uint8_t  out[32],
const uint8_t  a[],
const ge_p3 A,
const uint8_t  b[] 
)

Referenced by ed25519_verify().

◆ ge_frombytes_negate_vartime()

int Botan::ge_frombytes_negate_vartime ( ge_p3 h,
const uint8_t *  s 
)

Definition at line 458 of file ge.cpp.

459 {
460 static const fe d =
461 {
462 -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116
463 } ;
464 static const fe sqrtm1 =
465 {
466 -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482
467 } ;
468
469 fe u;
470 fe v;
471 fe v3;
472 fe vxx;
473 fe check;
474
475 fe_frombytes(h->Y, s);
476 fe_1(h->Z);
477 fe_sq(u, h->Y);
478 fe_mul(v, u, d);
479 fe_sub(u, u, h->Z); /* u = y^2-1 */
480 fe_add(v, v, h->Z); /* v = dy^2+1 */
481
482 fe_sq(v3, v);
483 fe_mul(v3, v3, v); /* v3 = v^3 */
484 fe_sq(h->X, v3);
485 fe_mul(h->X, h->X, v);
486 fe_mul(h->X, h->X, u); /* x = uv^7 */
487
488 fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
489 fe_mul(h->X, h->X, v3);
490 fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
491
492 fe_sq(vxx, h->X);
493 fe_mul(vxx, vxx, v);
494 fe_sub(check, vxx, u); /* vx^2-u */
495 if(fe_isnonzero(check))
496 {
497 fe_add(check, vxx, u); /* vx^2+u */
498 if(fe_isnonzero(check))
499 {
500 return -1;
501 }
502 fe_mul(h->X, h->X, sqrtm1);
503 }
504
505 if(fe_isnegative(h->X) == (s[31] >> 7))
506 { fe_neg(h->X, h->X); }
507
508 fe_mul(h->T, h->X, h->Y);
509 return 0;
510 }
int fe_isnegative(const fe &x)
Definition ed25519_fe.h:164
int fe_isnonzero(const fe &x)
Definition ed25519_fe.h:159
void fe_1(fe &x)
Definition ed25519_fe.h:175
void fe_mul(fe &x, const fe &a, const fe &b)
Definition ed25519_fe.h:195
void fe_sq(fe &x, const fe &z)
Definition ed25519_fe.h:200
void fe_neg(fe &x, const fe &z)
Definition ed25519_fe.h:190
FE_25519 fe
Definition ed25519_fe.h:134
void fe_add(fe &x, const fe &a, const fe &b)
Definition ed25519_fe.h:180
void fe_sub(fe &x, const fe &a, const fe &b)
Definition ed25519_fe.h:185
void fe_pow22523(fe &x, const fe &y)
Definition ed25519_fe.h:220
void fe_frombytes(fe &x, const uint8_t *b)
Definition ed25519_fe.h:144

References fe_1(), fe_add(), fe_frombytes(), fe_isnegative(), fe_isnonzero(), fe_mul(), fe_neg(), fe_pow22523(), fe_sq(), fe_sub(), Botan::ge_p3::T, Botan::ge_p3::X, Botan::ge_p3::Y, and Botan::ge_p3::Z.

Referenced by ed25519_verify().

◆ ge_scalarmult_base()

void Botan::ge_scalarmult_base ( uint8_t  out[32],
const uint8_t  in[32] 
)

Definition at line 2118 of file ge.cpp.

2119 {
2120 int8_t e[64];
2121 int8_t carry;
2122 ge_p1p1 r;
2123 ge_p2 s;
2124 ge_p3 h;
2125 ge_precomp t;
2126 int i;
2127
2128 for(i = 0; i < 32; ++i)
2129 {
2130 e[2 * i + 0] = (a[i] >> 0) & 15;
2131 e[2 * i + 1] = (a[i] >> 4) & 15;
2132 }
2133 /* each e[i] is between 0 and 15 */
2134 /* e[63] is between 0 and 7 */
2135
2136 carry = 0;
2137 for(i = 0; i < 63; ++i)
2138 {
2139 e[i] += carry;
2140 carry = e[i] + 8;
2141 carry >>= 4;
2142 e[i] -= carry << 4;
2143 }
2144 e[63] += carry;
2145 /* each e[i] is between -8 and 8 */
2146
2147 ge_p3_0(&h);
2148 for(i = 1; i < 64; i += 2)
2149 {
2150 select(&t, B_precomp[i / 2], e[i]);
2151 ge_madd(&r, &h, &t);
2152 ge_p1p1_to_p3(&h, &r);
2153 }
2154
2155 ge_p3_dbl(&r, &h);
2156 ge_p1p1_to_p2(&s, &r);
2157 ge_p2_dbl(&r, &s);
2158 ge_p1p1_to_p2(&s, &r);
2159 ge_p2_dbl(&r, &s);
2160 ge_p1p1_to_p2(&s, &r);
2161 ge_p2_dbl(&r, &s);
2162 ge_p1p1_to_p3(&h, &r);
2163
2164 for(i = 0; i < 64; i += 2)
2165 {
2166 select(&t, B_precomp[i / 2], e[i]);
2167 ge_madd(&r, &h, &t);
2168 ge_p1p1_to_p3(&h, &r);
2169 }
2170
2171 ge_p3_tobytes(out, &h);
2172 }

References carry().

Referenced by ed25519_gen_keypair(), and ed25519_sign().

◆ generate_bcrypt()

std::string Botan::generate_bcrypt ( const std::string &  password,
RandomNumberGenerator rng,
uint16_t  work_factor = 12,
char  version = 'a' 
)

Create a password hash using Bcrypt

Warning
The password is truncated at at most 72 characters; characters after that do not have any effect on the resulting hash. To support longer passwords, consider pre-hashing the password, for example by using the hex encoding of SHA-256 of the password as the input to bcrypt.
Parameters
passwordthe password.
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
versionwhich version to emit (may be 'a', 'b', or 'y' all of which have identical behavior in this implementation).
See also
https://www.usenix.org/events/usenix99/provos/provos_html/

Definition at line 137 of file bcrypt.cpp.

141 {
142 /*
143 2a, 2b and 2y are identical for our purposes because our implementation of 2a
144 never had the truncation or signed char bugs in the first place.
145 */
146
147 if(version != 'a' && version != 'b' && version != 'y')
148 throw Invalid_Argument("Unknown bcrypt version '" + std::string(1, version) + "'");
149
150 std::vector<uint8_t> salt;
151 rng.random_vec(salt, 16);
152 return make_bcrypt(pass, salt, work_factor, version);
153 }

References Botan::RandomNumberGenerator::random_vec().

Referenced by botan_bcrypt_generate().

◆ generate_dsa_primes() [1/2]

std::vector< uint8_t > Botan::generate_dsa_primes ( RandomNumberGenerator rng,
BigInt p_out,
BigInt q_out,
size_t  pbits,
size_t  qbits 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters
rnga random number generator
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
Returns
random seed used to generate this parameter set

Definition at line 122 of file dsa_gen.cpp.

125 {
126 while(true)
127 {
128 std::vector<uint8_t> seed(qbits / 8);
129 rng.randomize(seed.data(), seed.size());
130
131 if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
132 return seed;
133 }
134 }
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition dsa_gen.cpp:39

References generate_dsa_primes(), and Botan::RandomNumberGenerator::randomize().

◆ generate_dsa_primes() [2/2]

bool Botan::generate_dsa_primes ( RandomNumberGenerator rng,
BigInt p_out,
BigInt q_out,
size_t  pbits,
size_t  qbits,
const std::vector< uint8_t > &  seed,
size_t  offset = 0 
)

Generate DSA parameters using the FIPS 186 kosherizer

Parameters
rnga random number generator
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
seedthe seed used to generate the parameters
offsetoptional offset from seed to start searching at
Returns
true if seed generated a valid DSA parameter set, otherwise false. p_out and q_out are only valid if true was returned.

Definition at line 39 of file dsa_gen.cpp.

44 {
45 if(!fips186_3_valid_size(pbits, qbits))
46 throw Invalid_Argument(
47 "FIPS 186-3 does not allow DSA domain parameters of " +
48 std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");
49
50 if(seed_c.size() * 8 < qbits)
51 throw Invalid_Argument(
52 "Generating a DSA parameter set with a " + std::to_string(qbits) +
53 " bit long q requires a seed at least as many bits long");
54
55 const std::string hash_name = "SHA-" + std::to_string(qbits);
56 std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_name));
57
58 const size_t HASH_SIZE = hash->output_length();
59
60 class Seed final
61 {
62 public:
63 explicit Seed(const std::vector<uint8_t>& s) : m_seed(s) {}
64
65 const std::vector<uint8_t>& value() const { return m_seed; }
66
67 Seed& operator++()
68 {
69 for(size_t j = m_seed.size(); j > 0; --j)
70 if(++m_seed[j-1])
71 break;
72 return (*this);
73 }
74 private:
75 std::vector<uint8_t> m_seed;
76 };
77
78 Seed seed(seed_c);
79
80 q.binary_decode(hash->process(seed.value()));
81 q.set_bit(qbits-1);
82 q.set_bit(0);
83
84 if(!is_prime(q, rng, 128, true))
85 return false;
86
87 const size_t n = (pbits-1) / (HASH_SIZE * 8),
88 b = (pbits-1) % (HASH_SIZE * 8);
89
90 BigInt X;
91 std::vector<uint8_t> V(HASH_SIZE * (n+1));
92
93 Modular_Reducer mod_2q(2*q);
94
95 for(size_t j = 0; j != 4*pbits; ++j)
96 {
97 for(size_t k = 0; k <= n; ++k)
98 {
99 ++seed;
100 hash->update(seed.value());
101 hash->final(&V[HASH_SIZE * (n-k)]);
102 }
103
104 if(j >= offset)
105 {
106 X.binary_decode(&V[HASH_SIZE - 1 - b/8],
107 V.size() - (HASH_SIZE - 1 - b/8));
108 X.set_bit(pbits-1);
109
110 p = X - (mod_2q.reduce(X) - 1);
111
112 if(p.bits() == pbits && is_prime(p, rng, 128, true))
113 return true;
114 }
115 }
116 return false;
117 }
int(* final)(unsigned char *, CTX *)
fe X
Definition ge.cpp:27

References Botan::BigInt::binary_decode(), Botan::BigInt::bits(), Botan::HashFunction::create_or_throw(), final, hash, is_prime(), Botan::Modular_Reducer::reduce(), Botan::BigInt::set_bit(), and X.

Referenced by Botan::DL_Group::DL_Group(), Botan::DL_Group::DL_Group(), and generate_dsa_primes().

◆ generate_mceliece_key()

McEliece_PrivateKey Botan::generate_mceliece_key ( RandomNumberGenerator rng,
size_t  ext_deg,
size_t  code_length,
size_t  t 
)

Definition at line 216 of file code_based_key_gen.cpp.

217 {
218 const size_t codimension = t * ext_deg;
219
220 if(code_length <= codimension)
221 {
222 throw Invalid_Argument("invalid McEliece parameters");
223 }
224
225 std::shared_ptr<GF2m_Field> sp_field(new GF2m_Field(ext_deg));
226
227 //pick the support.........
228 std::vector<gf2m> L(code_length);
229
230 for(size_t i = 0; i != L.size(); i++)
231 {
232 L[i] = static_cast<gf2m>(i);
233 }
234 randomize_support(L, rng);
235 polyn_gf2m g(sp_field); // create as zero
236
237 bool success = false;
238 std::unique_ptr<binary_matrix> R;
239
240 do
241 {
242 // create a random irreducible polynomial
243 g = polyn_gf2m(t, rng, sp_field);
244
245 try
246 {
247 R = generate_R(L, &g, sp_field, code_length, t);
248 success = true;
249 }
250 catch(const Invalid_State &)
251 {
252 }
253 } while (!success);
254
255 std::vector<polyn_gf2m> sqrtmod = polyn_gf2m::sqrt_mod_init( g);
256 std::vector<polyn_gf2m> F = syndrome_init(g, L, static_cast<int>(code_length));
257
258 // Each F[i] is the (precomputed) syndrome of the error vector with
259 // a single '1' in i-th position.
260 // We do not store the F[i] as polynomials of degree t , but
261 // as binary vectors of length ext_deg * t (this will
262 // speed up the syndrome computation)
263 //
264 std::vector<uint32_t> H(bit_size_to_32bit_size(codimension) * code_length);
265 uint32_t* sk = H.data();
266 for(size_t i = 0; i < code_length; ++i)
267 {
268 for(size_t l = 0; l < t; ++l)
269 {
270 const size_t k = (l * ext_deg) / 32;
271 const uint8_t j = (l * ext_deg) % 32;
272 sk[k] ^= static_cast<uint32_t>(F[i].get_coef(l)) << j;
273 if(j + ext_deg > 32)
274 {
275 sk[k + 1] ^= F[i].get_coef(l) >> (32 - j);
276 }
277 }
278 sk += bit_size_to_32bit_size(codimension);
279 }
280
281 // We need the support L for decoding (decryption). In fact the
282 // inverse is needed
283
284 std::vector<gf2m> Linv(code_length) ;
285 for(size_t i = 0; i != Linv.size(); ++i)
286 {
287 Linv[L[i]] = static_cast<gf2m>(i);
288 }
289 std::vector<uint8_t> pubmat(R->m_elem.size() * 4);
290 for(size_t i = 0; i < R->m_elem.size(); i++)
291 {
292 store_le(R->m_elem[i], &pubmat[i*4]);
293 }
294
295 return McEliece_PrivateKey(g, H, sqrtmod, Linv, pubmat);
296 }
std::vector< polyn_gf2m > syndrome_init(polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
size_t bit_size_to_32bit_size(size_t bit_size)

References bit_size_to_32bit_size(), Botan::polyn_gf2m::sqrt_mod_init(), store_le(), and syndrome_init().

Referenced by Botan::McEliece_PrivateKey::McEliece_PrivateKey().

◆ generate_passhash9()

std::string Botan::generate_passhash9 ( const std::string &  password,
RandomNumberGenerator rng,
uint16_t  work_factor = 15,
uint8_t  alg_id = 4 
)

Create a password hash using PBKDF2

Parameters
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
alg_idspecifies which PRF to use with PBKDF2 0 is HMAC(SHA-1) 1 is HMAC(SHA-256) 2 is CMAC(Blowfish) 3 is HMAC(SHA-384) 4 is HMAC(SHA-512) all other values are currently undefined

Definition at line 44 of file passhash9.cpp.

48 {
49 BOTAN_ARG_CHECK(work_factor > 0 && work_factor < 512, "Invalid Passhash9 work factor");
50
51 std::unique_ptr<MessageAuthenticationCode> prf = get_pbkdf_prf(alg_id);
52
53 if(!prf)
54 throw Invalid_Argument("Passhash9: Algorithm id " +
55 std::to_string(alg_id) +
56 " is not defined");
57
58 PKCS5_PBKDF2 kdf(prf.release()); // takes ownership of pointer
59
60 secure_vector<uint8_t> salt(SALT_BYTES);
61 rng.randomize(salt.data(), salt.size());
62
63 const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
64
66 blob.push_back(alg_id);
67 blob.push_back(get_byte(0, work_factor));
68 blob.push_back(get_byte(1, work_factor));
69 blob += salt;
70 blob += kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,
71 pass,
72 salt.data(), salt.size(),
73 kdf_iterations).bits_of();
74
75 return MAGIC_PREFIX + base64_encode(blob);
76 }

References base64_encode(), Botan::OctetString::bits_of(), BOTAN_ARG_CHECK, Botan::PBKDF::derive_key(), get_byte(), and Botan::RandomNumberGenerator::randomize().

◆ generate_rfc6979_nonce()

BigInt Botan::generate_rfc6979_nonce ( const BigInt x,
const BigInt q,
const BigInt h,
const std::string &  hash 
)
Parameters
xthe secret (EC)DSA key
qthe group order
hthe message hash already reduced mod q
hashthe hash function used to generate h

Definition at line 49 of file rfc6979.cpp.

53 {
55 BigInt k = gen.nonce_for(h);
56 return k;
57 }

References hash, and Botan::RFC6979_Nonce_Generator::nonce_for().

◆ generate_rsa_prime()

BigInt Botan::generate_rsa_prime ( RandomNumberGenerator keygen_rng,
RandomNumberGenerator prime_test_rng,
size_t  bits,
const BigInt coprime,
size_t  prob = 128 
)

Generate a prime suitable for RSA p/q

Parameters
keygen_rnga random number generator
prime_test_rnga random number generator
bitshow large the resulting prime should be in bits (must be >= 512)
coprimea positive integer that (prime - 1) should be coprime to
probuse test so false positive is bounded by 1/2**prob
Returns
random prime with the specified criteria

Definition at line 197 of file make_prm.cpp.

202 {
203 if(bits < 512)
204 throw Invalid_Argument("generate_rsa_prime bits too small");
205
206 /*
207 * The restriction on coprime <= 64 bits is arbitrary but generally speaking
208 * very large RSA public exponents are a bad idea both for performance and due
209 * to attacks on small d.
210 */
211 if(coprime <= 1 || coprime.is_even() || coprime.bits() > 64)
212 throw Invalid_Argument("generate_rsa_prime coprime must be small odd positive integer");
213
214 const size_t MAX_ATTEMPTS = 32*1024;
215
216 const size_t mr_trials = miller_rabin_test_iterations(bits, prob, true);
217
218 while(true)
219 {
220 BigInt p(keygen_rng, bits);
221
222 // Force high two bits so multiplication always results in expected n bit integer
223 p.set_bit(bits - 1);
224 p.set_bit(bits - 2);
225 p.set_bit(0);
226
227 const word step = 2;
228
229 Prime_Sieve sieve(p, bits);
230
231 for(size_t attempt = 0; attempt <= MAX_ATTEMPTS; ++attempt)
232 {
233 p += step;
234
235 sieve.step(step);
236
237 if(sieve.passes() == false)
238 continue;
239
240 Modular_Reducer mod_p(p);
241
242 /*
243 * Do a single primality test first before checking coprimality, since
244 * currently a single Miller-Rabin test is faster than computing gcd,
245 * and this eliminates almost all wasted gcd computations.
246 */
247 if(is_miller_rabin_probable_prime(p, mod_p, prime_test_rng, 1) == false)
248 continue;
249
250 /*
251 * Check if p - 1 and coprime are relatively prime.
252 */
253 if(gcd(p - 1, coprime) > 1)
254 continue;
255
256 if(p.bits() > bits)
257 break;
258
259 if(is_miller_rabin_probable_prime(p, mod_p, prime_test_rng, mr_trials) == true)
260 return p;
261 }
262 }
263 }
bool is_miller_rabin_probable_prime(const BigInt &n, const Modular_Reducer &mod_n, RandomNumberGenerator &rng, size_t test_iterations)
BigInt gcd(const BigInt &a, const BigInt &b)
Definition numthry.cpp:81
size_t miller_rabin_test_iterations(size_t n_bits, size_t prob, bool random)

References Botan::BigInt::bits(), gcd(), Botan::BigInt::is_even(), is_miller_rabin_probable_prime(), miller_rabin_test_iterations(), and Botan::BigInt::set_bit().

Referenced by Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ generate_srp6_verifier() [1/2]

BigInt Botan::generate_srp6_verifier ( const std::string &  identifier,
const std::string &  password,
const std::vector< uint8_t > &  salt,
const DL_Group group,
const std::string &  hash_id 
)

Generate a new SRP-6 verifier

Parameters
identifiera username or other client identifier
passwordthe secret used to authenticate user
salta randomly chosen value, at least 128 bits long
groupspecifies the shared SRP group
hash_idspecifies a secure hash function

Definition at line 137 of file srp6.cpp.

142 {
143 const BigInt x = compute_x(hash_id, identifier, password, salt);
144 // FIXME: x should be size of hash fn so avoid computing x.bits() here
145 return group.power_g_p(x, x.bits());
146 }
BigInt power_g_p(const BigInt &x) const
Definition dl_group.cpp:535

References Botan::BigInt::bits(), and Botan::DL_Group::power_g_p().

◆ generate_srp6_verifier() [2/2]

BigInt Botan::generate_srp6_verifier ( const std::string &  identifier,
const std::string &  password,
const std::vector< uint8_t > &  salt,
const std::string &  group_id,
const std::string &  hash_id 
)

Generate a new SRP-6 verifier

Parameters
identifiera username or other client identifier
passwordthe secret used to authenticate user
salta randomly chosen value, at least 128 bits long
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function

Definition at line 127 of file srp6.cpp.

132 {
133 DL_Group group(group_id);
134 return generate_srp6_verifier(identifier, password, salt, group, hash_id);
135 }
BigInt generate_srp6_verifier(const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
Definition srp6.cpp:127

References generate_srp6_verifier().

Referenced by generate_srp6_verifier().

◆ get_aead()

AEAD_Mode * Botan::get_aead ( const std::string &  name,
Cipher_Dir  direction 
)
inline

Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX")

Parameters
nameAEAD name
directionENCRYPTION or DECRYPTION

Definition at line 140 of file aead.h.

141 {
142 return AEAD_Mode::create(name, direction, "").release();
143 }
std::string name

References Botan::AEAD_Mode::create(), and name.

◆ get_bc_pad()

BlockCipherModePaddingMethod * Botan::get_bc_pad ( const std::string &  algo_spec)

Get a block cipher padding method by name

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Definition at line 18 of file mode_pad.cpp.

19 {
20 if(algo_spec == "NoPadding")
21 return new Null_Padding;
22
23 if(algo_spec == "PKCS7")
24 return new PKCS7_Padding;
25
26 if(algo_spec == "OneAndZeros")
27 return new OneAndZeros_Padding;
28
29 if(algo_spec == "X9.23")
30 return new ANSI_X923_Padding;
31
32 if(algo_spec == "ESP")
33 return new ESP_Padding;
34
35 return nullptr;
36 }

Referenced by Botan::Cipher_Mode::create().

◆ get_byte()

template<typename T >
constexpr uint8_t Botan::get_byte ( size_t  byte_num,
T  input 
)
inlineconstexpr

◆ get_cipher() [1/3]

Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
Cipher_Dir  direction 
)
inline

Factory method for general symmetric cipher filters. No key will be set in the filter.

Parameters
algo_specthe name of the desired cipher
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to the encryption or decryption filter

Definition at line 212 of file filters.h.

214 {
215 std::unique_ptr<Cipher_Mode> c(Cipher_Mode::create_or_throw(algo_spec, direction));
216 return new Cipher_Mode_Filter(c.release());
217 }

References Botan::Cipher_Mode::create_or_throw().

Referenced by get_cipher(), and get_cipher().

◆ get_cipher() [2/3]

Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey key,
Cipher_Dir  direction 
)
inline

Factory method for general symmetric cipher filters.

Parameters
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to the encryption or decryption filter

Definition at line 228 of file filters.h.

231 {
232 Keyed_Filter* cipher = get_cipher(algo_spec, direction);
233 cipher->set_key(key);
234 return cipher;
235 }
virtual void set_key(const SymmetricKey &key)=0
Keyed_Filter * get_cipher(const std::string &algo_spec, Cipher_Dir direction)
Definition filters.h:212

References get_cipher(), and Botan::Keyed_Filter::set_key().

◆ get_cipher() [3/3]

Keyed_Filter * Botan::get_cipher ( const std::string &  algo_spec,
const SymmetricKey key,
const InitializationVector iv,
Cipher_Dir  direction 
)
inline

Factory method for general symmetric cipher filters.

Parameters
algo_specthe name of the desired cipher
keythe key to be used for encryption/decryption performed by the filter
ivthe initialization vector to be used
directiondetermines whether the filter will be an encrypting or decrypting filter
Returns
pointer to newly allocated encryption or decryption filter

Definition at line 247 of file filters.h.

251 {
252 Keyed_Filter* cipher = get_cipher(algo_spec, key, direction);
253 if(iv.length())
254 cipher->set_iv(iv);
255 return cipher;
256 }
virtual void set_iv(const InitializationVector &iv)
Definition filters.h:130
size_t length() const
Definition symkey.h:25

References get_cipher(), Botan::OctetString::length(), and Botan::Keyed_Filter::set_iv().

◆ get_cipher_mode()

Cipher_Mode * Botan::get_cipher_mode ( const std::string &  algo_spec,
Cipher_Dir  direction,
const std::string &  provider = "" 
)
inline

Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS")

Parameters
algo_speccipher name
directionENCRYPTION or DECRYPTION
providerprovider implementation to choose

Definition at line 189 of file cipher_mode.h.

192 {
193 return Cipher_Mode::create(algo_spec, direction, provider).release();
194 }

References Botan::Cipher_Mode::create().

◆ get_eme()

EME * Botan::get_eme ( const std::string &  algo_spec)

Factory method for EME (message-encoding methods for encryption) objects

Parameters
algo_specthe name of the EME to create
Returns
pointer to newly allocated object of that type

Definition at line 27 of file eme.cpp.

28 {
29#if defined(BOTAN_HAS_EME_RAW)
30 if(algo_spec == "Raw")
31 return new EME_Raw;
32#endif
33
34#if defined(BOTAN_HAS_EME_PKCS1)
35 if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5")
36 return new EME_PKCS1v15;
37#endif
38
39#if defined(BOTAN_HAS_EME_OAEP)
40 SCAN_Name req(algo_spec);
41
42 if(req.algo_name() == "OAEP" ||
43 req.algo_name() == "EME-OAEP" ||
44 req.algo_name() == "EME1")
45 {
46 if(req.arg_count() == 1 ||
47 ((req.arg_count() == 2 || req.arg_count() == 3) && req.arg(1) == "MGF1"))
48 {
49 if(auto hash = HashFunction::create(req.arg(0)))
50 return new OAEP(hash.release(), req.arg(2, ""));
51 }
52 else if(req.arg_count() == 2 || req.arg_count() == 3)
53 {
54 auto mgf_params = parse_algorithm_name(req.arg(1));
55
56 if(mgf_params.size() == 2 && mgf_params[0] == "MGF1")
57 {
58 auto hash = HashFunction::create(req.arg(0));
59 auto mgf1_hash = HashFunction::create(mgf_params[1]);
60
61 if(hash && mgf1_hash)
62 {
63 return new OAEP(hash.release(), mgf1_hash.release(), req.arg(2, ""));
64 }
65 }
66 }
67 }
68#endif
69
70 throw Algorithm_Not_Found(algo_spec);
71 }

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), hash, and parse_algorithm_name().

Referenced by Botan::PK_Ops::Decryption_with_EME::Decryption_with_EME(), and Botan::PK_Ops::Encryption_with_EME::Encryption_with_EME().

◆ get_emsa()

EMSA * Botan::get_emsa ( const std::string &  algo_spec)

Factory method for EMSA (message-encoding methods for signatures with appendix) objects

Parameters
algo_specthe name of the EMSA to create
Returns
pointer to newly allocated object of that type

Definition at line 44 of file emsa.cpp.

45 {
46 SCAN_Name req(algo_spec);
47
48#if defined(BOTAN_HAS_EMSA1)
49 if(req.algo_name() == "EMSA1" && req.arg_count() == 1)
50 {
51 if(auto hash = HashFunction::create(req.arg(0)))
52 return new EMSA1(hash.release());
53 }
54#endif
55
56#if defined(BOTAN_HAS_EMSA_PKCS1)
57 if(req.algo_name() == "EMSA_PKCS1" ||
58 req.algo_name() == "PKCS1v15" ||
59 req.algo_name() == "EMSA-PKCS1-v1_5" ||
60 req.algo_name() == "EMSA3")
61 {
62 if(req.arg_count() == 2 && req.arg(0) == "Raw")
63 {
64 return new EMSA_PKCS1v15_Raw(req.arg(1));
65 }
66 else if(req.arg_count() == 1)
67 {
68 if(req.arg(0) == "Raw")
69 {
70 return new EMSA_PKCS1v15_Raw;
71 }
72 else
73 {
74 if(auto hash = HashFunction::create(req.arg(0)))
75 {
76 return new EMSA_PKCS1v15(hash.release());
77 }
78 }
79 }
80 }
81#endif
82
83#if defined(BOTAN_HAS_EMSA_PSSR)
84 if(req.algo_name() == "PSS_Raw" ||
85 req.algo_name() == "PSSR_Raw")
86 {
87 if(req.arg_count_between(1, 3) && req.arg(1, "MGF1") == "MGF1")
88 {
89 if(auto h = HashFunction::create(req.arg(0)))
90 {
91 if(req.arg_count() == 3)
92 {
93 const size_t salt_size = req.arg_as_integer(2, 0);
94 return new PSSR_Raw(h.release(), salt_size);
95 }
96 else
97 {
98 return new PSSR_Raw(h.release());
99 }
100 }
101 }
102 }
103
104 if(req.algo_name() == "PSS" ||
105 req.algo_name() == "PSSR" ||
106 req.algo_name() == "EMSA-PSS" ||
107 req.algo_name() == "PSS-MGF1" ||
108 req.algo_name() == "EMSA4")
109 {
110 if(req.arg_count_between(1, 3) && req.arg(1, "MGF1") == "MGF1")
111 {
112 if(auto h = HashFunction::create(req.arg(0)))
113 {
114 if(req.arg_count() == 3)
115 {
116 const size_t salt_size = req.arg_as_integer(2, 0);
117 return new PSSR(h.release(), salt_size);
118 }
119 else
120 {
121 return new PSSR(h.release());
122 }
123 }
124 }
125 }
126#endif
127
128#if defined(BOTAN_HAS_ISO_9796)
129 if(req.algo_name() == "ISO_9796_DS2")
130 {
131 if(req.arg_count_between(1, 3))
132 {
133 if(auto h = HashFunction::create(req.arg(0)))
134 {
135 const size_t salt_size = req.arg_as_integer(2, h->output_length());
136 const bool implicit = req.arg(1, "exp") == "imp";
137 return new ISO_9796_DS2(h.release(), implicit, salt_size);
138 }
139 }
140 }
141 //ISO-9796-2 DS 3 is deterministic and DS2 without a salt
142 if(req.algo_name() == "ISO_9796_DS3")
143 {
144 if(req.arg_count_between(1, 2))
145 {
146 if(auto h = HashFunction::create(req.arg(0)))
147 {
148 const bool implicit = req.arg(1, "exp") == "imp";
149 return new ISO_9796_DS3(h.release(), implicit);
150 }
151 }
152 }
153#endif
154
155#if defined(BOTAN_HAS_EMSA_X931)
156 if(req.algo_name() == "EMSA_X931" ||
157 req.algo_name() == "EMSA2" ||
158 req.algo_name() == "X9.31")
159 {
160 if(req.arg_count() == 1)
161 {
162 if(auto hash = HashFunction::create(req.arg(0)))
163 {
164 return new EMSA_X931(hash.release());
165 }
166 }
167 }
168#endif
169
170#if defined(BOTAN_HAS_EMSA_RAW)
171 if(req.algo_name() == "Raw")
172 {
173 if(req.arg_count() == 0)
174 {
175 return new EMSA_Raw;
176 }
177 else
178 {
179 auto hash = HashFunction::create(req.arg(0));
180 if(hash)
181 return new EMSA_Raw(hash->output_length());
182 }
183 }
184#endif
185
186 throw Algorithm_Not_Found(algo_spec);
187 }
size_t salt_size

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), Botan::HashFunction::create(), hash, and salt_size.

◆ get_files_recursive()

BOTAN_TEST_API std::vector< std::string > Botan::get_files_recursive ( const std::string &  dir)

Definition at line 126 of file filesystem.cpp.

127 {
128 std::vector<std::string> files;
129
130#if defined(BOTAN_TARGET_OS_HAS_POSIX1)
131 files = impl_readdir(dir);
132#elif defined(BOTAN_TARGET_OS_HAS_WIN32)
133 files = impl_win32(dir);
134#else
135 BOTAN_UNUSED(dir);
136 throw No_Filesystem_Access();
137#endif
138
139 std::sort(files.begin(), files.end());
140
141 return files;
142 }

References BOTAN_UNUSED.

◆ get_kdf()

KDF * Botan::get_kdf ( const std::string &  algo_spec)

Factory method for KDF (key derivation function)

Parameters
algo_specthe name of the KDF to create
Returns
pointer to newly allocated object of that type

Definition at line 241 of file kdf.cpp.

242 {
243 SCAN_Name request(algo_spec);
244
245 if(request.algo_name() == "Raw")
246 return nullptr; // No KDF
247
248 //return KDF::create_or_throw(algo_spec).release();
249 auto kdf = KDF::create(algo_spec);
250 if(!kdf)
251 throw Algorithm_Not_Found(algo_spec);
252 return kdf.release();
253 }

References Botan::SCAN_Name::algo_name(), and Botan::KDF::create().

Referenced by botan_kdf(), Botan::PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(), Botan::PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(), Botan::PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(), and Botan::TLS::Handshake_State::protocol_specific_prf().

◆ get_pbkdf()

PBKDF * Botan::get_pbkdf ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Password based key derivation function factory method

Parameters
algo_specthe name of the desired PBKDF algorithm
providerthe provider to use
Returns
pointer to newly allocated object of that type

Definition at line 232 of file pbkdf.h.

234 {
235 return PBKDF::create_or_throw(algo_spec, provider).release();
236 }

References Botan::PBKDF::create_or_throw().

Referenced by get_s2k(), and Botan::TLS::Session_Manager_SQL::Session_Manager_SQL().

◆ get_s2k()

PBKDF * Botan::get_s2k ( const std::string &  algo_spec)
inline

Definition at line 238 of file pbkdf.h.

239 {
240 return get_pbkdf(algo_spec);
241 }
PBKDF * get_pbkdf(const std::string &algo_spec, const std::string &provider="")
Definition pbkdf.h:232

References get_pbkdf().

◆ get_sig_paddings()

BOTAN_TEST_API const std::vector< std::string > Botan::get_sig_paddings ( const std::string  algo)

Returns the allowed padding schemes when using the given algorithm (key type) for creating digital signatures.

Parameters
algothe algorithm for which to look up supported padding schemes
Returns
a vector of supported padding schemes

Definition at line 32 of file padding.cpp.

33 {
34 if(allowed_signature_paddings.count(algo) > 0)
35 return allowed_signature_paddings.at(algo);
36 return {};
37 }
const std::map< const std::string, std::vector< std::string > > allowed_signature_paddings
Definition padding.cpp:20

References allowed_signature_paddings.

Referenced by sig_algo_and_pad_ok().

◆ gray_to_lex()

gf2m Botan::gray_to_lex ( gf2m  gray)
inline

Definition at line 31 of file code_based_util.h.

32 {
33 gf2m result = gray ^ (gray >> 8);
34 result ^= (result >> 4);
35 result ^= (result >> 2);
36 result ^= (result >> 1);
37 return result;
38 }

◆ has_filesystem_impl()

BOTAN_TEST_API bool Botan::has_filesystem_impl ( )

Definition at line 115 of file filesystem.cpp.

116 {
117#if defined(BOTAN_TARGET_OS_HAS_POSIX1)
118 return true;
119#elif defined(BOTAN_TARGET_OS_HAS_WIN32)
120 return true;
121#else
122 return false;
123#endif
124 }

◆ hash_for_emsa()

std::string Botan::hash_for_emsa ( const std::string &  algo_spec)

Returns the hash function used in the given EMSA scheme If the hash function is not specified or not understood, returns "SHA-512"

Parameters
algo_specthe name of the EMSA
Returns
hash function used in the given EMSA scheme

Definition at line 189 of file emsa.cpp.

190 {
191 SCAN_Name emsa_name(algo_spec);
192
193 if(emsa_name.arg_count() > 0)
194 {
195 const std::string pos_hash = emsa_name.arg(0);
196 return pos_hash;
197 }
198
199 // If we don't understand what this is return a safe default
200#if defined(BOTAN_HAS_SHA2_64)
201 return "SHA-512";
202#else
203 return "SHA-256";
204#endif
205 }

References Botan::SCAN_Name::arg(), and Botan::SCAN_Name::arg_count().

Referenced by Botan::PKCS11::MechanismWrapper::create_ecdsa_mechanism().

◆ hex_decode() [1/5]

std::vector< uint8_t > Botan::hex_decode ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 189 of file hex.cpp.

192 {
193 std::vector<uint8_t> bin(1 + input_length / 2);
194
195 size_t written = hex_decode(bin.data(),
196 input,
197 input_length,
198 ignore_ws);
199
200 bin.resize(written);
201 return bin;
202 }
size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
Definition hex.cpp:89

References hex_decode().

◆ hex_decode() [2/5]

std::vector< uint8_t > Botan::hex_decode ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 204 of file hex.cpp.

206 {
207 return hex_decode(input.data(), input.size(), ignore_ws);
208 }

References hex_decode().

◆ hex_decode() [3/5]

size_t Botan::hex_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 146 of file hex.cpp.

150 {
151 size_t consumed = 0;
152 size_t written = hex_decode(output, input, input_length,
153 consumed, ignore_ws);
154
155 if(consumed != input_length)
156 throw Invalid_Argument("hex_decode: input did not have full bytes");
157
158 return written;
159 }

References hex_decode().

◆ hex_decode() [4/5]

size_t Botan::hex_decode ( uint8_t  output[],
const char  input[],
size_t  input_length,
size_t &  input_consumed,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
input_lengthlength of input in bytes
input_consumedis an output parameter which says how many bytes of input were actually consumed. If less than input_length, then the range input[consumed:length] should be passed in later along with more input.
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 89 of file hex.cpp.

94 {
95 uint8_t* out_ptr = output;
96 bool top_nibble = true;
97
98 clear_mem(output, input_length / 2);
99
100 for(size_t i = 0; i != input_length; ++i)
101 {
102 const uint8_t bin = hex_char_to_bin(input[i]);
103
104 if(bin >= 0x10)
105 {
106 if(bin == 0x80 && ignore_ws)
107 continue;
108
109 std::string bad_char(1, input[i]);
110 if(bad_char == "\t")
111 bad_char = "\\t";
112 else if(bad_char == "\n")
113 bad_char = "\\n";
114
115 throw Invalid_Argument(
116 std::string("hex_decode: invalid hex character '") +
117 bad_char + "'");
118 }
119
120 if(top_nibble)
121 *out_ptr |= bin << 4;
122 else
123 *out_ptr |= bin;
124
125 top_nibble = !top_nibble;
126 if(top_nibble)
127 ++out_ptr;
128 }
129
130 input_consumed = input_length;
131 size_t written = (out_ptr - output);
132
133 /*
134 * We only got half of a uint8_t at the end; zap the half-written
135 * output and mark it as unread
136 */
137 if(!top_nibble)
138 {
139 *out_ptr = 0;
140 input_consumed -= 1;
141 }
142
143 return written;
144 }

References clear_mem().

Referenced by botan_hex_decode(), Botan::Hex_Decoder::end_msg(), Botan::Data_Store::get1_memvec(), hex_decode(), hex_decode(), hex_decode(), hex_decode(), hex_decode_locked(), Botan::OctetString::OctetString(), Botan::UUID::UUID(), and Botan::Hex_Decoder::write().

◆ hex_decode() [5/5]

size_t Botan::hex_decode ( uint8_t  output[],
const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
outputan array of at least input_length/2 bytes
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
number of bytes written to output

Definition at line 161 of file hex.cpp.

164 {
165 return hex_decode(output, input.data(), input.length(), ignore_ws);
166 }

References hex_decode().

◆ hex_decode_locked() [1/2]

secure_vector< uint8_t > Botan::hex_decode_locked ( const char  input[],
size_t  input_length,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
input_lengththe length of input in bytes
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 168 of file hex.cpp.

171 {
172 secure_vector<uint8_t> bin(1 + input_length / 2);
173
174 size_t written = hex_decode(bin.data(),
175 input,
176 input_length,
177 ignore_ws);
178
179 bin.resize(written);
180 return bin;
181 }

References hex_decode().

Referenced by Botan::BigInt::decode(), hex_decode_locked(), and Botan::RTSS_Share::RTSS_Share().

◆ hex_decode_locked() [2/2]

secure_vector< uint8_t > Botan::hex_decode_locked ( const std::string &  input,
bool  ignore_ws = true 
)

Perform hex decoding

Parameters
inputsome hex input
ignore_wsignore whitespace on input; if false, throw an exception if whitespace is encountered
Returns
decoded hex output

Definition at line 183 of file hex.cpp.

185 {
186 return hex_decode_locked(input.data(), input.size(), ignore_ws);
187 }
secure_vector< uint8_t > hex_decode_locked(const char input[], size_t input_length, bool ignore_ws)
Definition hex.cpp:168

References hex_decode_locked().

◆ hex_encode() [1/3]

void Botan::hex_encode ( char  output[],
const uint8_t  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters
outputan array of at least input_length*2 bytes
inputis some binary data
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?

Definition at line 31 of file hex.cpp.

35 {
36 for(size_t i = 0; i != input_length; ++i)
37 {
38 const uint8_t n0 = (input[i] >> 4) & 0xF;
39 const uint8_t n1 = (input[i] ) & 0xF;
40
41 output[2*i ] = hex_encode_nibble(n0, uppercase);
42 output[2*i+1] = hex_encode_nibble(n1, uppercase);
43 }
44 }

Referenced by Botan::Data_Store::add(), Botan::Data_Store::add(), botan_hex_encode(), create_hex_fingerprint(), hex_encode(), hex_encode(), Botan::X509_Certificate::issuer_info(), Botan::TLS::Session_Manager_SQL::load_from_session_id(), Botan::TLS::Session_Manager_In_Memory::load_from_session_id(), Botan::TLS::Session_Manager_SQL::remove_entry(), Botan::TLS::Session_Manager_In_Memory::remove_entry(), Botan::TLS::Session_Manager_SQL::save(), Botan::TLS::Session_Manager_In_Memory::save(), Botan::X509_Certificate::subject_info(), Botan::BigInt::to_hex_string(), Botan::OctetString::to_string(), Botan::RTSS_Share::to_string(), Botan::UUID::to_string(), Botan::X509_Certificate::to_string(), Botan::HTTP::url_encode(), and Botan::UUID::UUID().

◆ hex_encode() [2/3]

template<typename Alloc >
std::string Botan::hex_encode ( const std::vector< uint8_t, Alloc > &  input,
bool  uppercase = true 
)

Perform hex encoding

Parameters
inputsome input
uppercaseshould output be upper or lower case?
Returns
hexadecimal representation of input

Definition at line 46 of file hex.h.

48 {
49 return hex_encode(input.data(), input.size(), uppercase);
50 }

References hex_encode().

◆ hex_encode() [3/3]

std::string Botan::hex_encode ( const uint8_t  input[],
size_t  input_length,
bool  uppercase = true 
)

Perform hex encoding

Parameters
inputsome input
input_lengthlength of input in bytes
uppercaseshould output be upper or lower case?
Returns
hexadecimal representation of input

Definition at line 46 of file hex.cpp.

49 {
50 std::string output(2 * input_length, 0);
51
52 if(input_length)
53 hex_encode(&output.front(), input, input_length, uppercase);
54
55 return output;
56 }

References hex_encode().

◆ high_bit()

template<typename T >
size_t Botan::high_bit ( T  n)
inline

Return the index of the highest set bit T is an unsigned integer type

Parameters
nan integer value
Returns
index of the highest set bit in n

Definition at line 55 of file bit_ops.h.

56 {
57 size_t hb = 0;
58
59 for(size_t s = 8*sizeof(T) / 2; s > 0; s /= 2)
60 {
61 const size_t z = s * ((~ct_is_zero(n >> s)) & 1);
62 hb += z;
63 n >>= z;
64 }
65
66 hb += n;
67
68 return hb;
69 }

References T.

Referenced by Botan::OID::encode_into(), random_prime(), and Botan::BigInt::top_bits_free().

◆ hkdf_expand_label()

secure_vector< uint8_t > Botan::hkdf_expand_label ( const std::string &  hash_fn,
const uint8_t  secret[],
size_t  secret_len,
const std::string &  label,
const uint8_t  hash_val[],
size_t  hash_val_len,
size_t  length 
)

HKDF-Expand-Label from TLS 1.3/QUIC

Parameters
hash_fnthe hash to use
secretthe secret bits
secret_lenthe length of secret
labelthe full label (no "TLS 1.3, " or "tls13 " prefix is applied)
hash_valthe previous hash value (used for chaining, may be empty)
hash_val_lenthe length of hash_val
lengththe desired output length

Definition at line 80 of file hkdf.cpp.

85 {
86 BOTAN_ARG_CHECK(length <= 0xFFFF, "HKDF-Expand-Label requested output too large");
87 BOTAN_ARG_CHECK(label.size() <= 0xFF, "HKDF-Expand-Label label too long");
88 BOTAN_ARG_CHECK(hash_val_len <= 0xFF, "HKDF-Expand-Label hash too long");
89
90 const uint16_t length16 = static_cast<uint16_t>(length);
91
92 auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + hash_fn + ")");
93
94 HKDF_Expand hkdf(mac.release());
95
96 secure_vector<uint8_t> output(length16);
97 std::vector<uint8_t> prefix(3 + label.size() + 1);
98
99 prefix[0] = get_byte(0, length16);
100 prefix[1] = get_byte(1, length16);
101 prefix[2] = static_cast<uint8_t>(label.size());
102
103 copy_mem(prefix.data() + 3,
104 cast_char_ptr_to_uint8(label.data()),
105 label.size());
106
107 prefix[3 + label.size()] = static_cast<uint8_t>(hash_val_len);
108
109 /*
110 * We do something a little dirty here to avoid copying the hash_val,
111 * making use of the fact that Botan's KDF interface supports label+salt,
112 * and knowing that our HKDF hashes first param label then param salt.
113 */
114 hkdf.kdf(output.data(), output.size(),
115 secret, secret_len,
116 hash_val, hash_val_len,
117 prefix.data(), prefix.size());
118
119 return output;
120 }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:190

References BOTAN_ARG_CHECK, cast_char_ptr_to_uint8(), copy_mem(), Botan::MessageAuthenticationCode::create_or_throw(), get_byte(), and Botan::HKDF_Expand::kdf().

◆ host_wildcard_match()

bool Botan::host_wildcard_match ( const std::string &  wildcard,
const std::string &  host 
)

Check if the given hostname is a match for the specified wildcard

Definition at line 339 of file parsing.cpp.

340 {
341 const std::string issued = tolower_string(issued_);
342 const std::string host = tolower_string(host_);
343
344 if(host.empty() || issued.empty())
345 return false;
346
347 /*
348 If there are embedded nulls in your issued name
349 Well I feel bad for you son
350 */
351 if(std::count(issued.begin(), issued.end(), char(0)) > 0)
352 return false;
353
354 // If more than one wildcard, then issued name is invalid
355 const size_t stars = std::count(issued.begin(), issued.end(), '*');
356 if(stars > 1)
357 return false;
358
359 // '*' is not a valid character in DNS names so should not appear on the host side
360 if(std::count(host.begin(), host.end(), '*') != 0)
361 return false;
362
363 // Similarly a DNS name can't end in .
364 if(host[host.size() - 1] == '.')
365 return false;
366
367 // And a host can't have an empty name component, so reject that
368 if(host.find("..") != std::string::npos)
369 return false;
370
371 // Exact match: accept
372 if(issued == host)
373 {
374 return true;
375 }
376
377 /*
378 Otherwise it might be a wildcard
379
380 If the issued size is strictly longer than the hostname size it
381 couldn't possibly be a match, even if the issued value is a
382 wildcard. The only exception is when the wildcard ends up empty
383 (eg www.example.com matches www*.example.com)
384 */
385 if(issued.size() > host.size() + 1)
386 {
387 return false;
388 }
389
390 // If no * at all then not a wildcard, and so not a match
391 if(stars != 1)
392 {
393 return false;
394 }
395
396 /*
397 Now walk through the issued string, making sure every character
398 matches. When we come to the (singular) '*', jump forward in the
399 hostname by the corresponding amount. We know exactly how much
400 space the wildcard takes because it must be exactly `len(host) -
401 len(issued) + 1 chars`.
402
403 We also verify that the '*' comes in the leftmost component, and
404 doesn't skip over any '.' in the hostname.
405 */
406 size_t dots_seen = 0;
407 size_t host_idx = 0;
408
409 for(size_t i = 0; i != issued.size(); ++i)
410 {
411 dots_seen += (issued[i] == '.');
412
413 if(issued[i] == '*')
414 {
415 // Fail: wildcard can only come in leftmost component
416 if(dots_seen > 0)
417 {
418 return false;
419 }
420
421 /*
422 Since there is only one * we know the tail of the issued and
423 hostname must be an exact match. In this case advance host_idx
424 to match.
425 */
426 const size_t advance = (host.size() - issued.size() + 1);
427
428 if(host_idx + advance > host.size()) // shouldn't happen
429 return false;
430
431 // Can't be any intervening .s that we would have skipped
432 if(std::count(host.begin() + host_idx,
433 host.begin() + host_idx + advance, '.') != 0)
434 return false;
435
436 host_idx += advance;
437 }
438 else
439 {
440 if(issued[i] != host[host_idx])
441 {
442 return false;
443 }
444
445 host_idx += 1;
446 }
447 }
448
449 // Wildcard issued name must have at least 3 components
450 if(dots_seen < 2)
451 {
452 return false;
453 }
454
455 return true;
456 }
std::string tolower_string(const std::string &in)
Definition parsing.cpp:327

References tolower_string().

Referenced by Botan::X509_Certificate::matches_dns_name().

◆ ieee1363_hash_id()

uint8_t Botan::ieee1363_hash_id ( const std::string &  hash_name)

Return the IEEE 1363 hash identifier

Parameters
hash_namethe name of the hash function
Returns
uint8_t code identifying the hash, or 0 if not known

Definition at line 146 of file hash_id.cpp.

147 {
148 if(name == "SHA-160" || name == "SHA-1" || name == "SHA1")
149 return 0x33;
150
151 if(name == "SHA-224") return 0x38;
152 if(name == "SHA-256") return 0x34;
153 if(name == "SHA-384") return 0x36;
154 if(name == "SHA-512") return 0x35;
155
156 if(name == "RIPEMD-160") return 0x31;
157
158 if(name == "Whirlpool") return 0x37;
159
160 return 0;
161 }

References name.

Referenced by Botan::EMSA_X931::EMSA_X931().

◆ if_work_factor()

size_t Botan::if_work_factor ( size_t  n_bits)

Estimate work factor for integer factorization

Parameters
n_bitssize of modulus in bits
Returns
estimated security level for this modulus

Definition at line 38 of file workfactor.cpp.

39 {
40 // RFC 3766 estimates k at .02 and o(1) to be effectively zero for sizes of interest
41
42 const double log2_k = -5.6438; // log2(.02)
43 return nfs_workfactor(bits, log2_k);
44 }

Referenced by dl_work_factor(), Botan::TPM_PrivateKey::estimated_strength(), and Botan::RSA_PublicKey::estimated_strength().

◆ initialize_allocator()

void BOTAN_UNSTABLE_API Botan::initialize_allocator ( )

Ensure the allocator is initialized

Definition at line 49 of file mem_ops.cpp.

50 {
51#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
52 mlock_allocator::instance();
53#endif
54 }

References Botan::mlock_allocator::instance().

Referenced by Botan::Allocator_Initializer::Allocator_Initializer().

◆ inverse_euclid()

BigInt Botan::inverse_euclid ( const BigInt x,
const BigInt modulus 
)

Deprecated modular inversion function. Use inverse_mod instead.

Parameters
xa positive integer
modulusa positive integer
Returns
y st (x*y) % modulus == 1 or 0 if no such value

Definition at line 317 of file mod_inv.cpp.

318 {
319 return inverse_mod(x, modulus);
320 }
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition mod_inv.cpp:250

References inverse_mod().

◆ inverse_mod()

BigInt Botan::inverse_mod ( const BigInt x,
const BigInt modulus 
)

Modular inversion. This algorithm is const time with respect to x, as long as x is less than modulus. It also avoids leaking information about the modulus, except that it does leak which of 3 categories the modulus is in: an odd integer, a power of 2, or some other even number, and if the modulus is even, leaks the power of 2 which divides the modulus.

Parameters
xa positive integer
modulusa positive integer
Returns
y st (x*y) % modulus == 1 or 0 if no such value

Definition at line 250 of file mod_inv.cpp.

251 {
252 if(mod.is_zero())
253 throw BigInt::DivideByZero();
254 if(mod.is_negative() || n.is_negative())
255 throw Invalid_Argument("inverse_mod: arguments must be non-negative");
256 if(n.is_zero() || (n.is_even() && mod.is_even()))
257 return 0;
258
259 if(mod.is_odd())
260 {
261 /*
262 Fastpath for common case. This leaks information if n > mod
263 but we don't guarantee const time behavior in that case.
264 */
265 if(n < mod)
266 return inverse_mod_odd_modulus(n, mod);
267 else
268 return inverse_mod_odd_modulus(ct_modulo(n, mod), mod);
269 }
270
271 const size_t mod_lz = low_zero_bits(mod);
272 BOTAN_ASSERT_NOMSG(mod_lz > 0);
273 const size_t mod_bits = mod.bits();
274 BOTAN_ASSERT_NOMSG(mod_bits > mod_lz);
275
276 if(mod_lz == mod_bits - 1)
277 {
278 // In this case we are performing an inversion modulo 2^k
279 return inverse_mod_pow2(n, mod_lz);
280 }
281
282 /*
283 * In this case we are performing an inversion modulo 2^k*o for
284 * some k > 1 and some odd (not necessarily prime) integer.
285 * Compute the inversions modulo 2^k and modulo o, then combine them
286 * using CRT, which is possible because 2^k and o are relatively prime.
287 */
288
289 const BigInt o = mod >> mod_lz;
290 const BigInt n_redc = ct_modulo(n, o);
291 const BigInt inv_o = inverse_mod_odd_modulus(n_redc, o);
292 const BigInt inv_2k = inverse_mod_pow2(n, mod_lz);
293
294 // No modular inverse in this case:
295 if(inv_o == 0 || inv_2k == 0)
296 return 0;
297
298 const BigInt m2k = BigInt::power_of_2(mod_lz);
299 // Compute the CRT parameter
300 const BigInt c = inverse_mod_pow2(o, mod_lz);
301
302 // Compute h = c*(inv_2k-inv_o) mod 2^k
303 BigInt h = c * (inv_2k - inv_o);
304 const bool h_neg = h.is_negative();
305 h.set_sign(BigInt::Positive);
306 h.mask_bits(mod_lz);
307 const bool h_nonzero = h.is_nonzero();
308 h.ct_cond_assign(h_nonzero && h_neg, m2k - h);
309
310 // Return result inv_o + h * o
311 h *= o;
312 h += inv_o;
313 return h;
314 }
BigInt ct_modulo(const BigInt &x, const BigInt &y)
Definition divide.cpp:118

References Botan::BigInt::bits(), BOTAN_ASSERT_NOMSG, Botan::BigInt::ct_cond_assign(), ct_modulo(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_nonzero(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), low_zero_bits(), Botan::BigInt::mask_bits(), Botan::BigInt::Positive, Botan::BigInt::power_of_2(), and Botan::BigInt::set_sign().

Referenced by botan_mp_mod_inverse(), Botan::RSA_PrivateKey::check_key(), Botan::Montgomery_Params::inv_mod_p(), inverse_euclid(), Botan::DL_Group::inverse_mod_p(), Botan::DL_Group::inverse_mod_q(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ ipv4_to_string()

std::string Botan::ipv4_to_string ( uint32_t  ip_addr)

Convert an IPv4 address to a string

Parameters
ip_addrthe IPv4 address to convert
Returns
string representation of the IPv4 address

Definition at line 278 of file parsing.cpp.

279 {
280 std::string str;
281
282 for(size_t i = 0; i != sizeof(ip); ++i)
283 {
284 if(i)
285 str += ".";
286 str += std::to_string(get_byte(i, ip));
287 }
288
289 return str;
290 }

References get_byte().

Referenced by Botan::AlternativeName::decode_from(), and Botan::GeneralName::decode_from().

◆ is_bailie_psw_probable_prime() [1/2]

bool Botan::is_bailie_psw_probable_prime ( const BigInt n)

Perform Bailie-PSW primality test

This is a combination of Miller-Rabin with base 2 and a Lucas test. No known composite integer passes both tests, though it is conjectured that infinitely many composite counterexamples exist.

Parameters
nthe positive integer to test
Returns
true if n seems probably prime, false if n is composite

Definition at line 98 of file primality.cpp.

99 {
100 Modular_Reducer mod_n(n);
101 return is_bailie_psw_probable_prime(n, mod_n);
102 }
bool is_bailie_psw_probable_prime(const BigInt &n, const Modular_Reducer &mod_n)
Definition primality.cpp:92

References is_bailie_psw_probable_prime().

◆ is_bailie_psw_probable_prime() [2/2]

bool BOTAN_TEST_API Botan::is_bailie_psw_probable_prime ( const BigInt n,
const Modular_Reducer mod_n 
)

Perform Bailie-PSW primality test

This is a combination of Miller-Rabin with base 2 and a Lucas test. No known composite integer passes both tests, though it is conjectured that infinitely many composite counterexamples exist.

Parameters
nthe positive integer to test
mod_na pre-created Modular_Reducer for n
Returns
true if n seems probably prime, false if n is composite

Definition at line 92 of file primality.cpp.

93 {
94 auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);
95 return passes_miller_rabin_test(n, mod_n, monty_n, 2) && is_lucas_probable_prime(n, mod_n);
96 }
bool passes_miller_rabin_test(const BigInt &n, const Modular_Reducer &mod_n, const std::shared_ptr< Montgomery_Params > &monty_n, const BigInt &a)
bool is_lucas_probable_prime(const BigInt &C, const Modular_Reducer &mod_C)
Definition primality.cpp:17

References is_lucas_probable_prime(), and passes_miller_rabin_test().

Referenced by is_bailie_psw_probable_prime(), and is_prime().

◆ is_lucas_probable_prime()

bool BOTAN_TEST_API Botan::is_lucas_probable_prime ( const BigInt n,
const Modular_Reducer mod_n 
)

Perform Lucas primality test

See also
FIPS 186-4 C.3.3
Warning
it is possible to construct composite integers which pass this test alone.
Parameters
nthe positive integer to test
mod_na pre-created Modular_Reducer for n
Returns
true if n seems probably prime, false if n is composite

Definition at line 17 of file primality.cpp.

18 {
19 if(C <= 1)
20 return false;
21 else if(C == 2)
22 return true;
23 else if(C.is_even())
24 return false;
25 else if(C == 3 || C == 5 || C == 7 || C == 11 || C == 13)
26 return true;
27
28 BigInt D = 5;
29
30 for(;;)
31 {
32 int32_t j = jacobi(D, C);
33 if(j == 0)
34 return false;
35
36 if(j == -1)
37 break;
38
39 // Check 5, -7, 9, -11, 13, -15, 17, ...
40 if(D.is_negative())
41 {
42 D.flip_sign();
43 D += 2;
44 }
45 else
46 {
47 D += 2;
48 D.flip_sign();
49 }
50
51 if(D == 17 && is_perfect_square(C).is_nonzero())
52 return false;
53 }
54
55 const BigInt K = C + 1;
56 const size_t K_bits = K.bits() - 1;
57
58 BigInt U = 1;
59 BigInt V = 1;
60
61 BigInt Ut, Vt, U2, V2;
62
63 for(size_t i = 0; i != K_bits; ++i)
64 {
65 const bool k_bit = K.get_bit(K_bits - 1 - i);
66
67 Ut = mod_C.multiply(U, V);
68
69 Vt = mod_C.reduce(mod_C.square(V) + mod_C.multiply(D, mod_C.square(U)));
70 Vt.ct_cond_add(Vt.is_odd(), C);
71 Vt >>= 1;
72 Vt = mod_C.reduce(Vt);
73
74 U = Ut;
75 V = Vt;
76
77 U2 = mod_C.reduce(Ut + Vt);
78 U2.ct_cond_add(U2.is_odd(), C);
79 U2 >>= 1;
80
81 V2 = mod_C.reduce(Vt + Ut*D);
82 V2.ct_cond_add(V2.is_odd(), C);
83 V2 >>= 1;
84
85 U.ct_cond_assign(k_bit, U2);
86 V.ct_cond_assign(k_bit, V2);
87 }
88
89 return (U == 0);
90 }
BigInt is_perfect_square(const BigInt &C)
Definition numthry.cpp:196
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition jacobi.cpp:15

References Botan::BigInt::bits(), Botan::BigInt::ct_cond_add(), Botan::BigInt::ct_cond_assign(), Botan::BigInt::flip_sign(), Botan::BigInt::get_bit(), Botan::BigInt::is_even(), Botan::BigInt::is_negative(), Botan::BigInt::is_odd(), is_perfect_square(), jacobi(), Botan::Modular_Reducer::multiply(), Botan::Modular_Reducer::reduce(), and Botan::Modular_Reducer::square().

Referenced by is_bailie_psw_probable_prime(), is_prime(), and random_prime().

◆ is_miller_rabin_probable_prime()

bool BOTAN_TEST_API Botan::is_miller_rabin_probable_prime ( const BigInt n,
const Modular_Reducer mod_n,
RandomNumberGenerator rng,
size_t  t 
)

Perform t iterations of a Miller-Rabin primality test with random bases

Parameters
nthe positive integer to test
mod_na pre-created Modular_Reducer for n
rnga random number generator
tnumber of tests to perform
Returns
result of primality test

Definition at line 143 of file primality.cpp.

147 {
148 BOTAN_ASSERT_NOMSG(n > 1);
149
150 auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);
151
152 for(size_t i = 0; i != test_iterations; ++i)
153 {
154 const BigInt a = BigInt::random_integer(rng, 2, n);
155
156 if(!passes_miller_rabin_test(n, mod_n, monty_n, a))
157 return false;
158 }
159
160 // Failed to find a counterexample
161 return true;
162 }

References BOTAN_ASSERT_NOMSG, passes_miller_rabin_test(), and Botan::BigInt::random_integer().

Referenced by generate_rsa_prime(), is_prime(), and random_prime().

◆ is_passhash9_alg_supported()

bool Botan::is_passhash9_alg_supported ( uint8_t  alg_id)

Check if the PRF used with PBKDF2 is supported

Parameters
alg_idalg_id used in generate_passhash9()

Definition at line 133 of file passhash9.cpp.

134 {
135 if (get_pbkdf_prf(alg_id))
136 {
137 return true;
138 }
139 return false;
140 }

◆ is_perfect_square()

BigInt Botan::is_perfect_square ( const BigInt x)

Test if the positive integer x is a perfect square ie if there exists some positive integer y st y*y == x See FIPS 186-4 sec C.4

Returns
0 if the integer is not a perfect square, otherwise returns the positive y st y*y == x

Definition at line 196 of file numthry.cpp.

197 {
198 if(C < 1)
199 throw Invalid_Argument("is_perfect_square requires C >= 1");
200 if(C == 1)
201 return 1;
202
203 const size_t n = C.bits();
204 const size_t m = (n + 1) / 2;
205 const BigInt B = C + BigInt::power_of_2(m);
206
207 BigInt X = BigInt::power_of_2(m) - 1;
208 BigInt X2 = (X*X);
209
210 for(;;)
211 {
212 X = (X2 + C) / (2*X);
213 X2 = (X*X);
214
215 if(X2 < B)
216 break;
217 }
218
219 if(X2 == C)
220 return X;
221 else
222 return 0;
223 }

References Botan::BigInt::bits(), Botan::BigInt::power_of_2(), and X.

Referenced by is_lucas_probable_prime().

◆ is_power_of_2()

template<typename T >
constexpr bool Botan::is_power_of_2 ( T  arg)
inlineconstexpr

Power of 2 test. T should be an unsigned integer type

Parameters
argan integer value
Returns
true iff arg is 2^n for some n > 0

Definition at line 43 of file bit_ops.h.

44 {
45 return (arg != 0) && (arg != 1) && ((arg & static_cast<T>(arg-1)) == 0);
46 }

References T.

Referenced by Botan::MDx_HashFunction::MDx_HashFunction(), operator%(), Botan::BigInt::operator%=(), Botan::BigInt::operator/=(), Botan::Scrypt::Scrypt(), and Botan::CTR_BE::seek().

◆ is_prime()

bool Botan::is_prime ( const BigInt n,
RandomNumberGenerator rng,
size_t  prob = 64,
bool  is_random = false 
)

Check for primality

Parameters
na positive integer to test for primality
rnga random number generator
probchance of false positive is bounded by 1/2**prob
is_randomtrue if n was randomly chosen by us
Returns
true if all primality tests passed, otherwise false

Definition at line 228 of file numthry.cpp.

232 {
233 if(n == 2)
234 return true;
235 if(n <= 1 || n.is_even())
236 return false;
237
238 const size_t n_bits = n.bits();
239
240 // Fast path testing for small numbers (<= 65521)
241 if(n_bits <= 16)
242 {
243 const uint16_t num = static_cast<uint16_t>(n.word_at(0));
244
245 return std::binary_search(PRIMES, PRIMES + PRIME_TABLE_SIZE, num);
246 }
247
248 Modular_Reducer mod_n(n);
249
250 if(rng.is_seeded())
251 {
252 const size_t t = miller_rabin_test_iterations(n_bits, prob, is_random);
253
254 if(is_miller_rabin_probable_prime(n, mod_n, rng, t) == false)
255 return false;
256
257 if(is_random)
258 return true;
259 else
260 return is_lucas_probable_prime(n, mod_n);
261 }
262 else
263 {
264 return is_bailie_psw_probable_prime(n, mod_n);
265 }
266 }
word word_at(size_t n) const
Definition bigint.h:508
virtual bool is_seeded() const =0

References Botan::BigInt::bits(), is_bailie_psw_probable_prime(), Botan::BigInt::is_even(), is_lucas_probable_prime(), is_miller_rabin_probable_prime(), Botan::RandomNumberGenerator::is_seeded(), miller_rabin_test_iterations(), PRIME_TABLE_SIZE, PRIMES, and Botan::BigInt::word_at().

Referenced by botan_mp_is_prime(), Botan::RSA_PrivateKey::check_key(), check_prime(), Botan::DL_Group::DL_Group(), generate_dsa_primes(), quick_check_prime(), random_safe_prime(), Botan::EC_Group::verify_group(), Botan::DL_Group::verify_group(), and verify_prime().

◆ jacobi()

int32_t Botan::jacobi ( const BigInt a,
const BigInt n 
)

Compute the Jacobi symbol. If n is prime, this is equivalent to the Legendre symbol.

See also
http://mathworld.wolfram.com/JacobiSymbol.html
Parameters
ais a non-negative integer
nis an odd integer > 1
Returns
(n / m)

Definition at line 15 of file jacobi.cpp.

16 {
17 if(n.is_even() || n < 2)
18 throw Invalid_Argument("jacobi: second argument must be odd and > 1");
19
20 BigInt x = a % n;
21 BigInt y = n;
22 int32_t J = 1;
23
24 while(y > 1)
25 {
26 x %= y;
27 if(x > y / 2)
28 {
29 x = y - x;
30 if(y % 4 == 3)
31 J = -J;
32 }
33 if(x.is_zero())
34 return 0;
35
36 size_t shifts = low_zero_bits(x);
37 x >>= shifts;
38 if(shifts % 2)
39 {
40 word y_mod_8 = y % 8;
41 if(y_mod_8 == 3 || y_mod_8 == 5)
42 J = -J;
43 }
44
45 if(x % 4 == 3 && y % 4 == 3)
46 J = -J;
47 std::swap(x, y);
48 }
49 return J;
50 }

References Botan::BigInt::is_even(), Botan::BigInt::is_zero(), and low_zero_bits().

Referenced by Botan::DL_Group::DL_Group(), is_lucas_probable_prime(), and ressol().

◆ key_constraints_to_string()

std::string Botan::key_constraints_to_string ( Key_Constraints  constraints)

Definition at line 15 of file key_constraint.cpp.

16 {
17 std::vector<std::string> str;
18
19 if(constraints == NO_CONSTRAINTS)
20 return "no_constraints";
21
22 if(constraints & DIGITAL_SIGNATURE)
23 str.push_back("digital_signature");
24
25 if(constraints & NON_REPUDIATION)
26 str.push_back("non_repudiation");
27
28 if(constraints & KEY_ENCIPHERMENT)
29 str.push_back("key_encipherment");
30
31 if(constraints & DATA_ENCIPHERMENT)
32 str.push_back("data_encipherment");
33
34 if(constraints & KEY_AGREEMENT)
35 str.push_back("key_agreement");
36
37 if(constraints & KEY_CERT_SIGN)
38 str.push_back("key_cert_sign");
39
40 if(constraints & CRL_SIGN)
41 str.push_back("crl_sign");
42
43 if(constraints & ENCIPHER_ONLY)
44 str.push_back("encipher_only");
45
46 if(constraints & DECIPHER_ONLY)
47 str.push_back("decipher_only");
48
49 // Not 0 (checked at start) but nothing matched above!
50 if(str.empty())
51 return "other_unknown_constraints";
52
53 if(str.size() == 1)
54 return str[0];
55
56 std::string out;
57 for(size_t i = 0; i < str.size() - 1; ++i)
58 {
59 out += str[i];
60 out += ',';
61 }
62 out += str[str.size() - 1];
63
64 return out;
65 }

References CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NO_CONSTRAINTS, and NON_REPUDIATION.

Referenced by verify_cert_constraints_valid_for_key_type().

◆ lcm()

BigInt Botan::lcm ( const BigInt x,
const BigInt y 
)

Least common multiple

Parameters
xa positive integer
ya positive integer
Returns
z, smallest integer such that z % x == 0 and z % y == 0

Definition at line 143 of file numthry.cpp.

144 {
145 return ct_divide(a * b, gcd(a, b));
146 }

References ct_divide(), and gcd().

Referenced by Botan::RSA_PrivateKey::check_key(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ lex_to_gray()

gf2m Botan::lex_to_gray ( gf2m  lex)
inline

Definition at line 40 of file code_based_util.h.

41 {
42 return (lex >> 1) ^ lex;
43 }

Referenced by syndrome_init().

◆ load_3()

uint64_t Botan::load_3 ( const uint8_t  in[3])
inline

Definition at line 19 of file ed25519_internal.h.

20 {
21 return static_cast<uint64_t>(in[0]) |
22 (static_cast<uint64_t>(in[1]) << 8) |
23 (static_cast<uint64_t>(in[2]) << 16);
24 }

Referenced by Botan::FE_25519::from_bytes(), sc_muladd(), and sc_reduce().

◆ load_4()

uint64_t Botan::load_4 ( const uint8_t *  in)
inline

Definition at line 26 of file ed25519_internal.h.

27 {
28 return load_le<uint32_t>(in, 0);
29 }

References load_le< uint32_t >().

Referenced by Botan::FE_25519::from_bytes(), sc_muladd(), and sc_reduce().

◆ load_be() [1/5]

template<typename T >
T Botan::load_be ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a big-endian value

Definition at line 107 of file loadstor.h.

108 {
109 in += off * sizeof(T);
110 T out = 0;
111 for(size_t i = 0; i != sizeof(T); ++i)
112 out = static_cast<T>((out << 8) | in[i]);
113 return out;
114 }

References T.

Referenced by Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::XTEA::encrypt_n(), and Botan::SIMD_4x32::load_be().

◆ load_be() [2/5]

template<typename T >
void Botan::load_be ( const uint8_t  in[],
T x0,
T x1 
)
inline

Load two big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 349 of file loadstor.h.

350 {
351 x0 = load_be<T>(in, 0);
352 x1 = load_be<T>(in, 1);
353 }

◆ load_be() [3/5]

template<typename T >
void Botan::load_be ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3 
)
inline

Load four big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 364 of file loadstor.h.

366 {
367 x0 = load_be<T>(in, 0);
368 x1 = load_be<T>(in, 1);
369 x2 = load_be<T>(in, 2);
370 x3 = load_be<T>(in, 3);
371 }

◆ load_be() [4/5]

template<typename T >
void Botan::load_be ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3,
T x4,
T x5,
T x6,
T x7 
)
inline

Load eight big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 386 of file loadstor.h.

389 {
390 x0 = load_be<T>(in, 0);
391 x1 = load_be<T>(in, 1);
392 x2 = load_be<T>(in, 2);
393 x3 = load_be<T>(in, 3);
394 x4 = load_be<T>(in, 4);
395 x5 = load_be<T>(in, 5);
396 x6 = load_be<T>(in, 6);
397 x7 = load_be<T>(in, 7);
398 }

◆ load_be() [5/5]

template<typename T >
void Botan::load_be ( T  out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of big-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 407 of file loadstor.h.

410 {
411 if(count > 0)
412 {
413#if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
414 typecast_copy(out, in, count);
415
416#elif defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
417 typecast_copy(out, in, count);
418 const size_t blocks = count - (count % 4);
419 const size_t left = count - blocks;
420
421 for(size_t i = 0; i != blocks; i += 4)
422 bswap_4(out + i);
423
424 for(size_t i = 0; i != left; ++i)
425 out[blocks+i] = reverse_bytes(out[blocks+i]);
426#else
427 for(size_t i = 0; i != count; ++i)
428 out[i] = load_be<T>(in, i);
429#endif
430 }
431 }
void bswap_4(T x[4])
Definition bswap.h:98
void typecast_copy(uint8_t out[], T in[], size_t N)
Definition mem_ops.h:145

References bswap_4(), reverse_bytes(), and typecast_copy().

◆ load_be< uint16_t >()

template<>
uint16_t Botan::load_be< uint16_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a big-endian value

Definition at line 139 of file loadstor.h.

140 {
141 in += off * sizeof(uint16_t);
142
143#if defined(BOTAN_ENDIAN_N2B)
144 uint16_t x;
145 typecast_copy(x, in);
146 return BOTAN_ENDIAN_N2B(x);
147#else
148 return make_uint16(in[0], in[1]);
149#endif
150 }
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition loadstor.h:54

References make_uint16(), and typecast_copy().

Referenced by Botan::TLS::Datagram_Handshake_IO::add_record(), check_passhash9(), Botan::KASUMI::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::KASUMI::encrypt_n(), Botan::MISTY1::encrypt_n(), and ucs2_to_utf8().

◆ load_be< uint32_t >()

template<>
uint32_t Botan::load_be< uint32_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a big-endian value

Definition at line 179 of file loadstor.h.

180 {
181 in += off * sizeof(uint32_t);
182#if defined(BOTAN_ENDIAN_N2B)
183 uint32_t x;
184 typecast_copy(x, in);
185 return BOTAN_ENDIAN_N2B(x);
186#else
187 return make_uint32(in[0], in[1], in[2], in[3]);
188#endif
189 }
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition loadstor.h:67

References make_uint32(), and typecast_copy().

Referenced by base58_check_decode(), Botan::SHA_256::compress_digest(), Botan::AlternativeName::decode_from(), Botan::GeneralName::decode_from(), Botan::CAST_256::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::CAST_256::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::HOTP::generate_hotp(), Botan::CTR_BE::seek(), and ucs4_to_utf8().

◆ load_be< uint64_t >()

template<>
uint64_t Botan::load_be< uint64_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a big-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a big-endian value

Definition at line 217 of file loadstor.h.

218 {
219 in += off * sizeof(uint64_t);
220#if defined(BOTAN_ENDIAN_N2B)
221 uint64_t x;
222 typecast_copy(x, in);
223 return BOTAN_ENDIAN_N2B(x);
224#else
225 return make_uint64(in[0], in[1], in[2], in[3],
226 in[4], in[5], in[6], in[7]);
227#endif
228 }
constexpr uint64_t make_uint64(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
Definition loadstor.h:87

References make_uint64(), and typecast_copy().

Referenced by Botan::SHA_512::compress_digest(), Botan::TLS::Session::decrypt(), nist_key_unwrap_padded(), and Botan::TLS::Server_Hello::random_signals_downgrade().

◆ load_le() [1/5]

template<typename T >
T Botan::load_le ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a litte-endian value

Definition at line 123 of file loadstor.h.

124 {
125 in += off * sizeof(T);
126 T out = 0;
127 for(size_t i = 0; i != sizeof(T); ++i)
128 out = (out << 8) | in[sizeof(T)-1-i];
129 return out;
130 }

References T.

Referenced by Botan::Serpent::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::Serpent::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), and Botan::SIMD_4x32::load_le().

◆ load_le() [2/5]

template<typename T >
void Botan::load_le ( const uint8_t  in[],
T x0,
T x1 
)
inline

Load two little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

Definition at line 257 of file loadstor.h.

258 {
259 x0 = load_le<T>(in, 0);
260 x1 = load_le<T>(in, 1);
261 }

◆ load_le() [3/5]

template<typename T >
void Botan::load_le ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3 
)
inline

Load four little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

Definition at line 272 of file loadstor.h.

274 {
275 x0 = load_le<T>(in, 0);
276 x1 = load_le<T>(in, 1);
277 x2 = load_le<T>(in, 2);
278 x3 = load_le<T>(in, 3);
279 }

◆ load_le() [4/5]

template<typename T >
void Botan::load_le ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3,
T x4,
T x5,
T x6,
T x7 
)
inline

Load eight little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

Definition at line 294 of file loadstor.h.

297 {
298 x0 = load_le<T>(in, 0);
299 x1 = load_le<T>(in, 1);
300 x2 = load_le<T>(in, 2);
301 x3 = load_le<T>(in, 3);
302 x4 = load_le<T>(in, 4);
303 x5 = load_le<T>(in, 5);
304 x6 = load_le<T>(in, 6);
305 x7 = load_le<T>(in, 7);
306 }

◆ load_le() [5/5]

template<typename T >
void Botan::load_le ( T  out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of little-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

Definition at line 315 of file loadstor.h.

318 {
319 if(count > 0)
320 {
321#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
322 typecast_copy(out, in, count);
323
324#elif defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
325 typecast_copy(out, in, count);
326
327 const size_t blocks = count - (count % 4);
328 const size_t left = count - blocks;
329
330 for(size_t i = 0; i != blocks; i += 4)
331 bswap_4(out + i);
332
333 for(size_t i = 0; i != left; ++i)
334 out[blocks+i] = reverse_bytes(out[blocks+i]);
335#else
336 for(size_t i = 0; i != count; ++i)
337 out[i] = load_le<T>(in, i);
338#endif
339 }
340 }

References bswap_4(), reverse_bytes(), and typecast_copy().

◆ load_le< uint16_t >()

template<>
uint16_t Botan::load_le< uint16_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a little-endian value

Definition at line 159 of file loadstor.h.

160 {
161 in += off * sizeof(uint16_t);
162
163#if defined(BOTAN_ENDIAN_N2L)
164 uint16_t x;
165 typecast_copy(x, in);
166 return BOTAN_ENDIAN_N2L(x);
167#else
168 return make_uint16(in[1], in[0]);
169#endif
170 }

References make_uint16(), and typecast_copy().

◆ load_le< uint32_t >()

template<>
uint32_t Botan::load_le< uint32_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a little-endian value

Definition at line 198 of file loadstor.h.

199 {
200 in += off * sizeof(uint32_t);
201#if defined(BOTAN_ENDIAN_N2L)
202 uint32_t x;
203 typecast_copy(x, in);
204 return BOTAN_ENDIAN_N2L(x);
205#else
206 return make_uint32(in[3], in[2], in[1], in[0]);
207#endif
208 }

References make_uint32(), and typecast_copy().

Referenced by Botan::Sodium::crypto_core_hsalsa20(), Botan::GOST_28147_89::decrypt_n(), Botan::GOST_28147_89::encrypt_n(), load_4(), random_prime(), Botan::RDRAND_RNG::rdrand(), Botan::RDRAND_RNG::rdrand_status(), Botan::ChaCha::seek(), Botan::Salsa20::seek(), Botan::ChaCha::set_iv(), and Botan::Salsa20::set_iv().

◆ load_le< uint64_t >()

template<>
uint64_t Botan::load_le< uint64_t > ( const uint8_t  in[],
size_t  off 
)
inline

Load a little-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a little-endian value

Definition at line 237 of file loadstor.h.

238 {
239 in += off * sizeof(uint64_t);
240#if defined(BOTAN_ENDIAN_N2L)
241 uint64_t x;
242 typecast_copy(x, in);
243 return BOTAN_ENDIAN_N2L(x);
244#else
245 return make_uint64(in[7], in[6], in[5], in[4],
246 in[3], in[2], in[1], in[0]);
247#endif
248 }

References make_uint64(), and typecast_copy().

Referenced by Botan::SHA_3::absorb(), Botan::Threefish_512::set_tweak(), and Botan::Sodium::sodium_free().

◆ load_private_key()

std::unique_ptr< Private_Key > Botan::load_private_key ( const AlgorithmIdentifier alg_id,
const secure_vector< uint8_t > &  key_bits 
)

Definition at line 159 of file pk_algs.cpp.

161 {
162 const std::string alg_name = alg_id.get_oid().to_formatted_string();
163
164#if defined(BOTAN_HAS_RSA)
165 if(alg_name == "RSA")
166 return std::unique_ptr<Private_Key>(new RSA_PrivateKey(alg_id, key_bits));
167#endif
168
169#if defined(BOTAN_HAS_CURVE_25519)
170 if(alg_name == "Curve25519")
171 return std::unique_ptr<Private_Key>(new Curve25519_PrivateKey(alg_id, key_bits));
172#endif
173
174#if defined(BOTAN_HAS_ECDSA)
175 if(alg_name == "ECDSA")
176 return std::unique_ptr<Private_Key>(new ECDSA_PrivateKey(alg_id, key_bits));
177#endif
178
179#if defined(BOTAN_HAS_ECDH)
180 if(alg_name == "ECDH")
181 return std::unique_ptr<Private_Key>(new ECDH_PrivateKey(alg_id, key_bits));
182#endif
183
184#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
185 if(alg_name == "DH")
186 return std::unique_ptr<Private_Key>(new DH_PrivateKey(alg_id, key_bits));
187#endif
188
189#if defined(BOTAN_HAS_DSA)
190 if(alg_name == "DSA")
191 return std::unique_ptr<Private_Key>(new DSA_PrivateKey(alg_id, key_bits));
192#endif
193
194#if defined(BOTAN_HAS_MCELIECE)
195 if(alg_name == "McEliece")
196 return std::unique_ptr<Private_Key>(new McEliece_PrivateKey(key_bits));
197#endif
198
199#if defined(BOTAN_HAS_ECGDSA)
200 if(alg_name == "ECGDSA")
201 return std::unique_ptr<Private_Key>(new ECGDSA_PrivateKey(alg_id, key_bits));
202#endif
203
204#if defined(BOTAN_HAS_ECKCDSA)
205 if(alg_name == "ECKCDSA")
206 return std::unique_ptr<Private_Key>(new ECKCDSA_PrivateKey(alg_id, key_bits));
207#endif
208
209#if defined(BOTAN_HAS_ED25519)
210 if(alg_name == "Ed25519")
211 return std::unique_ptr<Private_Key>(new Ed25519_PrivateKey(alg_id, key_bits));
212#endif
213
214#if defined(BOTAN_HAS_GOST_34_10_2001)
215 if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512")
216 return std::unique_ptr<Private_Key>(new GOST_3410_PrivateKey(alg_id, key_bits));
217#endif
218
219#if defined(BOTAN_HAS_SM2)
220 if(alg_name == "SM2" || alg_name == "SM2_Sig" || alg_name == "SM2_Enc")
221 return std::unique_ptr<Private_Key>(new SM2_PrivateKey(alg_id, key_bits));
222#endif
223
224#if defined(BOTAN_HAS_ELGAMAL)
225 if(alg_name == "ElGamal")
226 return std::unique_ptr<Private_Key>(new ElGamal_PrivateKey(alg_id, key_bits));
227#endif
228
229#if defined(BOTAN_HAS_XMSS_RFC8391)
230 if(alg_name == "XMSS")
231 return std::unique_ptr<Private_Key>(new XMSS_PrivateKey(key_bits));
232#endif
233
234 throw Decoding_Error("Unknown or unavailable public key algorithm " + alg_name);
235 }
const OID & get_oid() const
Definition asn1_obj.h:445
std::string to_formatted_string() const
Definition asn1_oid.cpp:111

References Botan::AlgorithmIdentifier::get_oid(), and Botan::OID::to_formatted_string().

◆ load_public_key()

std::unique_ptr< Public_Key > Botan::load_public_key ( const AlgorithmIdentifier alg_id,
const std::vector< uint8_t > &  key_bits 
)

Definition at line 78 of file pk_algs.cpp.

80 {
81 const std::string oid_str = alg_id.get_oid().to_formatted_string();
82 const std::vector<std::string> alg_info = split_on(oid_str, '/');
83 const std::string alg_name = alg_info[0];
84
85#if defined(BOTAN_HAS_RSA)
86 if(alg_name == "RSA")
87 return std::unique_ptr<Public_Key>(new RSA_PublicKey(alg_id, key_bits));
88#endif
89
90#if defined(BOTAN_HAS_CURVE_25519)
91 if(alg_name == "Curve25519")
92 return std::unique_ptr<Public_Key>(new Curve25519_PublicKey(alg_id, key_bits));
93#endif
94
95#if defined(BOTAN_HAS_MCELIECE)
96 if(alg_name == "McEliece")
97 return std::unique_ptr<Public_Key>(new McEliece_PublicKey(key_bits));
98#endif
99
100#if defined(BOTAN_HAS_ECDSA)
101 if(alg_name == "ECDSA")
102 return std::unique_ptr<Public_Key>(new ECDSA_PublicKey(alg_id, key_bits));
103#endif
104
105#if defined(BOTAN_HAS_ECDH)
106 if(alg_name == "ECDH")
107 return std::unique_ptr<Public_Key>(new ECDH_PublicKey(alg_id, key_bits));
108#endif
109
110#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
111 if(alg_name == "DH")
112 return std::unique_ptr<Public_Key>(new DH_PublicKey(alg_id, key_bits));
113#endif
114
115#if defined(BOTAN_HAS_DSA)
116 if(alg_name == "DSA")
117 return std::unique_ptr<Public_Key>(new DSA_PublicKey(alg_id, key_bits));
118#endif
119
120#if defined(BOTAN_HAS_ELGAMAL)
121 if(alg_name == "ElGamal")
122 return std::unique_ptr<Public_Key>(new ElGamal_PublicKey(alg_id, key_bits));
123#endif
124
125#if defined(BOTAN_HAS_ECGDSA)
126 if(alg_name == "ECGDSA")
127 return std::unique_ptr<Public_Key>(new ECGDSA_PublicKey(alg_id, key_bits));
128#endif
129
130#if defined(BOTAN_HAS_ECKCDSA)
131 if(alg_name == "ECKCDSA")
132 return std::unique_ptr<Public_Key>(new ECKCDSA_PublicKey(alg_id, key_bits));
133#endif
134
135#if defined(BOTAN_HAS_ED25519)
136 if(alg_name == "Ed25519")
137 return std::unique_ptr<Public_Key>(new Ed25519_PublicKey(alg_id, key_bits));
138#endif
139
140#if defined(BOTAN_HAS_GOST_34_10_2001)
141 if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512")
142 return std::unique_ptr<Public_Key>(new GOST_3410_PublicKey(alg_id, key_bits));
143#endif
144
145#if defined(BOTAN_HAS_SM2)
146 if(alg_name == "SM2" || alg_name == "SM2_Sig" || alg_name == "SM2_Enc")
147 return std::unique_ptr<Public_Key>(new SM2_PublicKey(alg_id, key_bits));
148#endif
149
150#if defined(BOTAN_HAS_XMSS_RFC8391)
151 if(alg_name == "XMSS")
152 return std::unique_ptr<Public_Key>(new XMSS_PublicKey(key_bits));
153#endif
154
155 throw Decoding_Error("Unknown or unavailable public key algorithm " + alg_name);
156 }

References Botan::AlgorithmIdentifier::get_oid(), split_on(), and Botan::OID::to_formatted_string().

Referenced by Botan::X509::load_key().

◆ low_zero_bits()

size_t Botan::low_zero_bits ( const BigInt x)
Parameters
xan integer
Returns
count of the low zero bits in x, or, equivalently, the largest value of n such that 2^n divides x evenly. Returns zero if x is equal to zero.

Definition at line 39 of file numthry.cpp.

40 {
41 size_t low_zero = 0;
42
43 auto seen_nonempty_word = CT::Mask<word>::cleared();
44
45 for(size_t i = 0; i != n.size(); ++i)
46 {
47 const word x = n.word_at(i);
48
49 // ctz(0) will return sizeof(word)
50 const size_t tz_x = ctz(x);
51
52 // if x > 0 we want to count tz_x in total but not any
53 // further words, so set the mask after the addition
54 low_zero += seen_nonempty_word.if_not_set_return(tz_x);
55
56 seen_nonempty_word |= CT::Mask<word>::expand(x);
57 }
58
59 // if we saw no words with x > 0 then n == 0 and the value we have
60 // computed is meaningless. Instead return 0 in that case.
61 return seen_nonempty_word.if_set_return(low_zero);
62 }
size_t ctz(T n)
Definition bit_ops.h:99

References Botan::CT::Mask< T >::cleared(), ctz(), Botan::CT::Mask< T >::expand(), Botan::BigInt::size(), and Botan::BigInt::word_at().

Referenced by gcd(), inverse_mod(), jacobi(), passes_miller_rabin_test(), and ressol().

◆ make_commoncrypto_block_cipher()

std::unique_ptr< BlockCipher > Botan::make_commoncrypto_block_cipher ( const std::string &  name)

Definition at line 150 of file commoncrypto_block.cpp.

151 {
152
153 try
154 {
156 return std::unique_ptr<BlockCipher>(new CommonCrypto_BlockCipher(name, opts));
157 }
158 catch(CommonCrypto_Error& e)
159 {
160 return nullptr;
161 }
162 }

References commoncrypto_opts_from_algo_name(), make_commoncrypto_block_cipher(), and name.

Referenced by Botan::BlockCipher::create(), and make_commoncrypto_block_cipher().

◆ make_commoncrypto_cipher_mode()

Cipher_Mode * Botan::make_commoncrypto_cipher_mode ( const std::string &  name,
Cipher_Dir  direction 
)

Definition at line 234 of file commoncrypto_mode.cpp.

235 {
236
237 try
238 {
240 return new CommonCrypto_Cipher_Mode(name, direction, opts);
241 }
242 catch(CommonCrypto_Error& e)
243 {
244 return nullptr;
245 }
246 }
CommonCryptor_Opts commoncrypto_opts_from_algo(const std::string &algo)

References commoncrypto_opts_from_algo(), make_commoncrypto_cipher_mode(), and name.

Referenced by Botan::Cipher_Mode::create(), and make_commoncrypto_cipher_mode().

◆ make_commoncrypto_hash()

std::unique_ptr< HashFunction > Botan::make_commoncrypto_hash ( const std::string &  name)

Definition at line 97 of file commoncrypto_hash.cpp.

98 {
99#define MAKE_COMMONCRYPTO_HASH_3(name, hash, ctx) \
100 std::unique_ptr<HashFunction>( \
101 new CommonCrypto_HashFunction<CC_ ## ctx ## _CTX >({ \
102 name, \
103 CC_ ## hash ## _DIGEST_LENGTH, \
104 CC_ ## hash ## _BLOCK_BYTES, \
105 CC_ ## hash ## _Init, \
106 CC_ ## hash ## _Update, \
107 CC_ ## hash ## _Final \
108 }));
109
110#define MAKE_COMMONCRYPTO_HASH_2(name, id) \
111 MAKE_COMMONCRYPTO_HASH_3(name, id, id)
112
113#define MAKE_COMMONCRYPTO_HASH_1(id) \
114 MAKE_COMMONCRYPTO_HASH_2(#id, id)
115
116#if defined(BOTAN_HAS_SHA2_32)
117 if(name == "SHA-224")
118 return MAKE_COMMONCRYPTO_HASH_3(name, SHA224, SHA256);
119 if(name == "SHA-256")
120 return MAKE_COMMONCRYPTO_HASH_2(name, SHA256);
121#endif
122#if defined(BOTAN_HAS_SHA2_64)
123 if(name == "SHA-384")
124 return MAKE_COMMONCRYPTO_HASH_3(name, SHA384, SHA512);
125 if(name == "SHA-512")
126 return MAKE_COMMONCRYPTO_HASH_2(name, SHA512);
127#endif
128
129#if defined(BOTAN_HAS_SHA1)
130 if(name == "SHA-160" || name == "SHA-1" || name == "SHA1")
131 return MAKE_COMMONCRYPTO_HASH_2(name, SHA1);
132#endif
133
134#if defined(BOTAN_HAS_MD5)
135 if(name == "MD5")
137#endif
138
139#if defined(BOTAN_HAS_MD4)
140 if(name == "MD4")
142#endif
143 return nullptr;
144 }
#define MAKE_COMMONCRYPTO_HASH_1(id)
#define MAKE_COMMONCRYPTO_HASH_2(name, id)
#define MAKE_COMMONCRYPTO_HASH_3(name, hash, ctx)

References MAKE_COMMONCRYPTO_HASH_1, MAKE_COMMONCRYPTO_HASH_2, MAKE_COMMONCRYPTO_HASH_3, and name.

Referenced by Botan::HashFunction::create().

◆ make_compressor()

Compression_Algorithm * Botan::make_compressor ( const std::string &  name)

Definition at line 27 of file compression.cpp.

28 {
29#if defined(BOTAN_HAS_ZLIB)
30 if(name == "Zlib" || name == "zlib")
31 return new Zlib_Compression;
32 if(name == "Gzip" || name == "gzip" || name == "gz")
33 return new Gzip_Compression;
34 if(name == "Deflate" || name == "deflate")
35 return new Deflate_Compression;
36#endif
37
38#if defined(BOTAN_HAS_BZIP2)
39 if(name == "bzip2" || name == "bz2" || name == "Bzip2")
40 return new Bzip2_Compression;
41#endif
42
43#if defined(BOTAN_HAS_LZMA)
44 if(name == "lzma" || name == "xz" || name == "LZMA")
45 return new LZMA_Compression;
46#endif
47
49 return nullptr;
50 }

References BOTAN_UNUSED, and name.

Referenced by Botan::Compression_Algorithm::create().

◆ make_decompressor()

Decompression_Algorithm * Botan::make_decompressor ( const std::string &  name)

Definition at line 71 of file compression.cpp.

72 {
73#if defined(BOTAN_HAS_ZLIB)
74 if(name == "Zlib" || name == "zlib")
75 return new Zlib_Decompression;
76 if(name == "Gzip" || name == "gzip" || name == "gz")
77 return new Gzip_Decompression;
78 if(name == "Deflate" || name == "deflate")
79 return new Deflate_Decompression;
80#endif
81
82#if defined(BOTAN_HAS_BZIP2)
83 if(name == "bzip2" || name == "bz2" || name == "Bzip2")
84 return new Bzip2_Decompression;
85#endif
86
87#if defined(BOTAN_HAS_LZMA)
88 if(name == "lzma" || name == "xz" || name == "LZMA")
89 return new LZMA_Decompression;
90#endif
91
93 return nullptr;
94 }

References BOTAN_UNUSED, and name.

Referenced by Botan::Decompression_Algorithm::create().

◆ make_error_code()

boost::system::error_code Botan::make_error_code ( Botan::ErrorType  e)
inline

Definition at line 118 of file asio_error.h.

119 {
120 return boost::system::error_code(static_cast<int>(e), Botan::botan_category());
121 }
const BotanErrorCategory & botan_category() noexcept
Definition asio_error.h:112

References botan_category().

◆ make_uint16()

constexpr uint16_t Botan::make_uint16 ( uint8_t  i0,
uint8_t  i1 
)
inlineconstexpr

Make a uint16_t from two bytes

Parameters
i0the first byte
i1the second byte
Returns
i0 || i1

Definition at line 54 of file loadstor.h.

55 {
56 return static_cast<uint16_t>((static_cast<uint16_t>(i0) << 8) | i1);
57 }

Referenced by Botan::TLS::Certificate_Req::Certificate_Req(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), load_be< uint16_t >(), load_le< uint16_t >(), random_gf2m(), Botan::RTSS_Share::reconstruct(), Botan::TLS::Session_Manager_SQL::Session_Manager_SQL(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data().

◆ make_uint32()

constexpr uint32_t Botan::make_uint32 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3 
)
inlineconstexpr

Make a uint32_t from four bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
Returns
i0 || i1 || i2 || i3

Definition at line 67 of file loadstor.h.

68 {
69 return ((static_cast<uint32_t>(i0) << 24) |
70 (static_cast<uint32_t>(i1) << 16) |
71 (static_cast<uint32_t>(i2) << 8) |
72 (static_cast<uint32_t>(i3)));
73 }

Referenced by Botan::TLS::Certificate::Certificate(), Botan::TLS::Certificate_Status::Certificate_Status(), Botan::TLS::Stream_Handshake_IO::get_next_record(), Botan::TLS::TLS_Data_Reader::get_uint32_t(), load_be< uint32_t >(), load_le< uint32_t >(), and Botan::SIMD_4x32::splat_u8().

◆ make_uint64()

constexpr uint64_t Botan::make_uint64 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3,
uint8_t  i4,
uint8_t  i5,
uint8_t  i6,
uint8_t  i7 
)
inlineconstexpr

Make a uint64_t from eight bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
i4the fifth byte
i5the sixth byte
i6the seventh byte
i7the eighth byte
Returns
i0 || i1 || i2 || i3 || i4 || i5 || i6 || i7

Definition at line 87 of file loadstor.h.

89 {
90 return ((static_cast<uint64_t>(i0) << 56) |
91 (static_cast<uint64_t>(i1) << 48) |
92 (static_cast<uint64_t>(i2) << 40) |
93 (static_cast<uint64_t>(i3) << 32) |
94 (static_cast<uint64_t>(i4) << 24) |
95 (static_cast<uint64_t>(i5) << 16) |
96 (static_cast<uint64_t>(i6) << 8) |
97 (static_cast<uint64_t>(i7)));
98 }

Referenced by load_be< uint64_t >(), and load_le< uint64_t >().

◆ make_unique() [1/3]

template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Single_object Botan::make_unique ( Args &&...  args)

Definition at line 62 of file stl_compatibility.h.

63 {
64 return std::unique_ptr<T>(new T(std::forward<Args>(args)...));
65 }

References make_unique(), and T.

Referenced by make_unique(), make_unique(), and make_unique().

◆ make_unique() [2/3]

template<class T , class... Args>
stlCompatibilityDetails::_Unique_if< T >::_Known_bound Botan::make_unique ( Args &&  ...)
delete

References make_unique().

◆ make_unique() [3/3]

template<class T >
stlCompatibilityDetails::_Unique_if< T >::_Unknown_bound Botan::make_unique ( size_t  n)

Definition at line 68 of file stl_compatibility.h.

69 {
70 typedef typename std::remove_extent<T>::type U;
71 return std::unique_ptr<T>(new U[n]());
72 }

References make_unique().

◆ map_keys_as_set()

template<typename K , typename V >
std::set< K > Botan::map_keys_as_set ( const std::map< K, V > &  kv)

Return the keys of a map as a std::set

Definition at line 34 of file stl_util.h.

35 {
36 std::set<K> s;
37 for(auto&& i : kv)
38 {
39 s.insert(i.first);
40 }
41 return s;
42 }

◆ map_remove_if()

template<typename T , typename Pred >
void Botan::map_remove_if ( Pred  pred,
T assoc 
)

Definition at line 96 of file stl_util.h.

97 {
98 auto i = assoc.begin();
99 while(i != assoc.end())
100 {
101 if(pred(i->first))
102 assoc.erase(i++);
103 else
104 i++;
105 }
106 }

Referenced by Botan::TLS::Channel::activate_session().

◆ mceies_decrypt()

secure_vector< uint8_t > Botan::mceies_decrypt ( const McEliece_PrivateKey privkey,
const uint8_t  ct[],
size_t  ct_len,
const uint8_t  ad[],
size_t  ad_len,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and decrypt/authenticate the ciphertext and AD using AES-256 in OCB mode.

Definition at line 70 of file mceies.cpp.

74 {
75 try
76 {
77 Null_RNG null_rng;
78 PK_KEM_Decryptor kem_op(privkey, null_rng, "KDF1(SHA-512)");
79
80 const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;
81
82 std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, DECRYPTION);
83
84 const size_t nonce_len = aead->default_nonce_length();
85
86 if(ct_len < mce_code_bytes + nonce_len + aead->tag_size())
87 throw Decoding_Error("Input message too small to be valid");
88
89 const secure_vector<uint8_t> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64);
90
91 aead->set_key(aead_key(mce_key, *aead));
92 aead->set_associated_data(ad, ad_len);
93
94 secure_vector<uint8_t> pt(ct + mce_code_bytes + nonce_len, ct + ct_len);
95
96 aead->start(&ct[mce_code_bytes], nonce_len);
97 aead->finish(pt, 0);
98 return pt;
99 }
100 catch(Invalid_Authentication_Tag&)
101 {
102 throw;
103 }
104 catch(std::exception& e)
105 {
106 throw Decoding_Error("mce_decrypt failed: " + std::string(e.what()));
107 }
108 }
size_t get_code_length() const
Definition mceliece.h:53

References Botan::AEAD_Mode::create_or_throw(), Botan::PK_KEM_Decryptor::decrypt(), DECRYPTION, and Botan::McEliece_PublicKey::get_code_length().

◆ mceies_encrypt()

secure_vector< uint8_t > Botan::mceies_encrypt ( const McEliece_PublicKey pubkey,
const uint8_t  pt[],
size_t  pt_len,
const uint8_t  ad[],
size_t  ad_len,
RandomNumberGenerator rng,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and encrypt/authenticate the plaintext and AD using AES-256 in OCB mode.

Definition at line 35 of file mceies.cpp.

40 {
41 PK_KEM_Encryptor kem_op(pubkey, rng, "KDF1(SHA-512)");
42
43 secure_vector<uint8_t> mce_ciphertext, mce_key;
44 kem_op.encrypt(mce_ciphertext, mce_key, 64, rng);
45
46 const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;
47
48 BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");
49
50 std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, ENCRYPTION);
51
52 const size_t nonce_len = aead->default_nonce_length();
53
54 aead->set_key(aead_key(mce_key, *aead));
55 aead->set_associated_data(ad, ad_len);
56
57 const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len);
58
59 secure_vector<uint8_t> msg(mce_ciphertext.size() + nonce.size() + pt_len);
60 copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size());
61 copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size());
62 copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt, pt_len);
63
64 aead->start(nonce);
65 aead->finish(msg, mce_ciphertext.size() + nonce.size());
66 return msg;
67 }

References BOTAN_ASSERT, copy_mem(), Botan::AEAD_Mode::create_or_throw(), Botan::PK_KEM_Encryptor::encrypt(), ENCRYPTION, Botan::McEliece_PublicKey::get_code_length(), and Botan::RandomNumberGenerator::random_vec().

◆ mceliece_decrypt() [1/3]

secure_vector< uint8_t > Botan::mceliece_decrypt ( secure_vector< gf2m > &  error_pos,
const uint8_t *  ciphertext,
size_t  ciphertext_len,
const McEliece_PrivateKey key 
)

p_err_pos_len must point to the available length of error_pos on input, the function will set it to the actual number of errors returned in the error_pos array

Definition at line 166 of file goppa_code.cpp.

170 {
171
172 const size_t dimension = key.get_dimension();
173 const size_t codimension = key.get_codimension();
174 const uint32_t t = key.get_goppa_polyn().get_degree();
175 polyn_gf2m syndrome_polyn(key.get_goppa_polyn().get_sp_field()); // init as zero polyn
176 const unsigned unused_pt_bits = dimension % 8;
177 const uint8_t unused_pt_bits_mask = (1 << unused_pt_bits) - 1;
178
179 if(ciphertext_len != (key.get_code_length()+7)/8)
180 {
181 throw Invalid_Argument("wrong size of McEliece ciphertext");
182 }
183 const size_t cleartext_len = (key.get_message_word_bit_length()+7)/8;
184
185 if(cleartext_len != bit_size_to_byte_size(dimension))
186 {
187 throw Invalid_Argument("mce-decryption: wrong length of cleartext buffer");
188 }
189
190 secure_vector<uint32_t> syndrome_vec(bit_size_to_32bit_size(codimension));
191 matrix_arr_mul(key.get_H_coeffs(),
192 key.get_code_length(),
193 bit_size_to_32bit_size(codimension),
194 ciphertext,
195 syndrome_vec.data(), syndrome_vec.size());
196
197 secure_vector<uint8_t> syndrome_byte_vec(bit_size_to_byte_size(codimension));
198 const size_t syndrome_byte_vec_size = syndrome_byte_vec.size();
199 for(size_t i = 0; i < syndrome_byte_vec_size; i++)
200 {
201 syndrome_byte_vec[i] = static_cast<uint8_t>(syndrome_vec[i/4] >> (8 * (i % 4)));
202 }
203
204 syndrome_polyn = polyn_gf2m(t-1, syndrome_byte_vec.data(), bit_size_to_byte_size(codimension), key.get_goppa_polyn().get_sp_field());
205
206 syndrome_polyn.get_degree();
207 error_pos = goppa_decode(syndrome_polyn, key.get_goppa_polyn(), key.get_sqrtmod(), key.get_Linv());
208
209 const size_t nb_err = error_pos.size();
210
211 secure_vector<uint8_t> cleartext(cleartext_len);
212 copy_mem(cleartext.data(), ciphertext, cleartext_len);
213
214 for(size_t i = 0; i < nb_err; i++)
215 {
216 gf2m current = error_pos[i];
217
218 if(current >= cleartext_len * 8)
219 {
220 // an invalid position, this shouldn't happen
221 continue;
222 }
223 cleartext[current / 8] ^= (1 << (current % 8));
224 }
225
226 if(unused_pt_bits)
227 {
228 cleartext[cleartext_len - 1] &= unused_pt_bits_mask;
229 }
230
231 return cleartext;
232 }
std::vector< gf2m > const & get_Linv() const
Definition mceliece.h:106
size_t get_codimension() const
Definition mceliece.h:111
size_t get_dimension() const
Definition mceliece.h:109
std::vector< polyn_gf2m > const & get_sqrtmod() const
Definition mceliece.h:107
polyn_gf2m const & get_goppa_polyn() const
std::vector< uint32_t > const & get_H_coeffs() const
Definition mceliece.h:105
size_t get_message_word_bit_length() const
int get_degree() const
std::shared_ptr< GF2m_Field > get_sp_field() const
Definition polyn_gf2m.h:86
size_t bit_size_to_byte_size(size_t bit_size)

References bit_size_to_32bit_size(), bit_size_to_byte_size(), copy_mem(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PrivateKey::get_codimension(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PrivateKey::get_dimension(), Botan::McEliece_PrivateKey::get_goppa_polyn(), Botan::McEliece_PrivateKey::get_H_coeffs(), Botan::McEliece_PrivateKey::get_Linv(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::polyn_gf2m::get_sp_field(), and Botan::McEliece_PrivateKey::get_sqrtmod().

◆ mceliece_decrypt() [2/3]

void Botan::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext,
secure_vector< uint8_t > &  error_mask,
const uint8_t  ciphertext[],
size_t  ciphertext_len,
const McEliece_PrivateKey key 
)

Definition at line 138 of file goppa_code.cpp.

144 {
145 secure_vector<gf2m> error_pos;
146 plaintext = mceliece_decrypt(error_pos, ciphertext, ciphertext_len, key);
147
148 const size_t code_length = key.get_code_length();
149 secure_vector<uint8_t> result((code_length+7)/8);
150 for(auto&& pos : error_pos)
151 {
152 if(pos > code_length)
153 {
154 throw Invalid_Argument("error position larger than code size");
155 }
156 result[pos / 8] |= (1 << (pos % 8));
157 }
158
159 error_mask = result;
160 }
void mceliece_decrypt(secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)

References Botan::McEliece_PublicKey::get_code_length(), and mceliece_decrypt().

◆ mceliece_decrypt() [3/3]

void Botan::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  ciphertext,
const McEliece_PrivateKey key 
)

Definition at line 130 of file goppa_code.cpp.

134 {
135 mceliece_decrypt(plaintext_out, error_mask_out, ciphertext.data(), ciphertext.size(), key);
136 }

References mceliece_decrypt().

Referenced by Botan::McEliece_PrivateKey::check_key(), mceliece_decrypt(), and mceliece_decrypt().

◆ mceliece_encrypt()

void Botan::mceliece_encrypt ( secure_vector< uint8_t > &  ciphertext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  plaintext,
const McEliece_PublicKey key,
RandomNumberGenerator rng 
)

Definition at line 120 of file mceliece.cpp.

125 {
126 const uint16_t code_length = static_cast<uint16_t>(key.get_code_length());
127
128 secure_vector<uint8_t> error_mask = create_random_error_vector(code_length, key.get_t(), rng);
129
130 secure_vector<uint8_t> ciphertext = mult_by_pubkey(plaintext, key.get_public_matrix(),
131 key.get_code_length(), key.get_t());
132
133 ciphertext ^= error_mask;
134
135 ciphertext_out.swap(ciphertext);
136 error_mask_out.swap(error_mask);
137 }
size_t get_t() const
Definition mceliece.h:52
const std::vector< uint8_t > & get_public_matrix() const
Definition mceliece.h:55

References Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PublicKey::get_public_matrix(), and Botan::McEliece_PublicKey::get_t().

Referenced by Botan::McEliece_PrivateKey::check_key().

◆ mceliece_work_factor()

size_t Botan::mceliece_work_factor ( size_t  code_size,
size_t  t 
)

Estimate work factor for McEliece

Returns
estimated security level for these key parameters

Definition at line 95 of file mce_workfactor.cpp.

96 {
97 const size_t k = n - ceil_log2(n) * t;
98
99 double min = cout_total(n, k, t, 0, 0); // correspond a p=1
100 for(size_t p = 0; p != t / 2; ++p)
101 {
102 double lwf = best_wf(n, k + 1, t, p);
103 if(lwf < 0)
104 break;
105
106 min = std::min(min, lwf);
107 }
108
109 return static_cast<size_t>(min);
110 }
uint8_t ceil_log2(T x)
Definition bit_ops.h:119

References ceil_log2().

Referenced by Botan::McEliece_PublicKey::estimated_strength().

◆ mgf1_mask()

void Botan::mgf1_mask ( HashFunction hash,
const uint8_t  in[],
size_t  in_len,
uint8_t  out[],
size_t  out_len 
)

MGF1 from PKCS #1 v2.0

Parameters
hashhash function to use
ininput buffer
in_lensize of the input buffer in bytes
outoutput buffer
out_lensize of the output buffer in bytes

Definition at line 14 of file mgf1.cpp.

17 {
18 uint32_t counter = 0;
19
20 secure_vector<uint8_t> buffer(hash.output_length());
21 while(out_len)
22 {
23 hash.update(in, in_len);
24 hash.update_be(counter);
25 hash.final(buffer.data());
26
27 const size_t xored = std::min<size_t>(buffer.size(), out_len);
28 xor_buf(out, buffer.data(), xored);
29 out += xored;
30 out_len -= xored;
31
32 ++counter;
33 }
34 }

References hash, and xor_buf().

◆ miller_rabin_test_iterations()

size_t Botan::miller_rabin_test_iterations ( size_t  n_bits,
size_t  prob,
bool  random 
)

Return required number of Miller-Rabin tests in order to reach the specified probability of error.

Parameters
n_bitsthe bit-length of the integer being tested
probchance of false positive is bounded by 1/2**prob
randomis set if (and only if) the integer was randomly generated by us and thus cannot have been maliciously constructed.

Definition at line 165 of file primality.cpp.

166 {
167 const size_t base = (prob + 2) / 2; // worst case 4^-t error rate
168
169 /*
170 * If the candidate prime was maliciously constructed, we can't rely
171 * on arguments based on p being random.
172 */
173 if(random == false)
174 return base;
175
176 /*
177 * For randomly chosen numbers we can use the estimates from
178 * http://www.math.dartmouth.edu/~carlp/PDF/paper88.pdf
179 *
180 * These values are derived from the inequality for p(k,t) given on
181 * the second page.
182 */
183 if(prob <= 128)
184 {
185 if(n_bits >= 1536)
186 return 4; // < 2^-133
187 if(n_bits >= 1024)
188 return 6; // < 2^-133
189 if(n_bits >= 512)
190 return 12; // < 2^-129
191 if(n_bits >= 256)
192 return 29; // < 2^-128
193 }
194
195 /*
196 If the user desires a smaller error probability than we have
197 precomputed error estimates for, just fall back to using the worst
198 case error rate.
199 */
200 return base;
201 }

Referenced by generate_rsa_prime(), is_prime(), and random_prime().

◆ monty_execute()

BigInt Botan::monty_execute ( const Montgomery_Exponentation_State &  precomputed_state,
const BigInt k,
size_t  max_k_bits 
)

Definition at line 165 of file monty_exp.cpp.

167 {
168 return precomputed_state.exponentiation(k, max_k_bits);
169 }

References monty_execute().

Referenced by monty_execute(), passes_miller_rabin_test(), and power_mod().

◆ monty_execute_vartime()

BigInt Botan::monty_execute_vartime ( const Montgomery_Exponentation_State &  precomputed_state,
const BigInt k 
)

Definition at line 171 of file monty_exp.cpp.

173 {
174 return precomputed_state.exponentiation_vartime(k);
175 }

References monty_execute_vartime().

Referenced by monty_execute_vartime().

◆ monty_inverse()

word Botan::monty_inverse ( word  a)

Definition at line 327 of file mod_inv.cpp.

328 {
329 if(a % 2 == 0)
330 throw Invalid_Argument("monty_inverse only valid for odd integers");
331
332 /*
333 * From "A New Algorithm for Inversion mod p^k" by Çetin Kaya Koç
334 * https://eprint.iacr.org/2017/411.pdf sections 5 and 7.
335 */
336
337 word b = 1;
338 word r = 0;
339
340 for(size_t i = 0; i != BOTAN_MP_WORD_BITS; ++i)
341 {
342 const word bi = b % 2;
343 r >>= 1;
344 r += bi << (BOTAN_MP_WORD_BITS - 1);
345
346 b -= a * bi;
347 b >>= 1;
348 }
349
350 // Now invert in addition space
351 r = (MP_WORD_MAX - r) + 1;
352
353 return r;
354 }

References MP_WORD_MAX.

Referenced by Botan::Montgomery_Params::Montgomery_Params(), and Botan::Montgomery_Params::Montgomery_Params().

◆ monty_multi_exp()

BigInt Botan::monty_multi_exp ( std::shared_ptr< const Montgomery_Params params_p,
const BigInt x,
const BigInt z1,
const BigInt y,
const BigInt z2 
)

Return (x^z1 * y^z2) % p

Definition at line 177 of file monty_exp.cpp.

182 {
183 if(z1.is_negative() || z2.is_negative())
184 throw Invalid_Argument("multi_exponentiate exponents must be positive");
185
186 const size_t z_bits = round_up(std::max(z1.bits(), z2.bits()), 2);
187
189
190 const Montgomery_Int one(params_p, params_p->R1(), false);
191 //const Montgomery_Int one(params_p, 1);
192
193 const Montgomery_Int x1(params_p, x_bn);
194 const Montgomery_Int x2 = x1.square(ws);
195 const Montgomery_Int x3 = x2.mul(x1, ws);
196
197 const Montgomery_Int y1(params_p, y_bn);
198 const Montgomery_Int y2 = y1.square(ws);
199 const Montgomery_Int y3 = y2.mul(y1, ws);
200
201 const Montgomery_Int y1x1 = y1.mul(x1, ws);
202 const Montgomery_Int y1x2 = y1.mul(x2, ws);
203 const Montgomery_Int y1x3 = y1.mul(x3, ws);
204
205 const Montgomery_Int y2x1 = y2.mul(x1, ws);
206 const Montgomery_Int y2x2 = y2.mul(x2, ws);
207 const Montgomery_Int y2x3 = y2.mul(x3, ws);
208
209 const Montgomery_Int y3x1 = y3.mul(x1, ws);
210 const Montgomery_Int y3x2 = y3.mul(x2, ws);
211 const Montgomery_Int y3x3 = y3.mul(x3, ws);
212
213 const Montgomery_Int* M[16] = {
214 &one,
215 &x1, // 0001
216 &x2, // 0010
217 &x3, // 0011
218 &y1, // 0100
219 &y1x1,
220 &y1x2,
221 &y1x3,
222 &y2, // 1000
223 &y2x1,
224 &y2x2,
225 &y2x3,
226 &y3, // 1100
227 &y3x1,
228 &y3x2,
229 &y3x3
230 };
231
232 Montgomery_Int H = one;
233
234 for(size_t i = 0; i != z_bits; i += 2)
235 {
236 if(i > 0)
237 {
238 H.square_this(ws);
239 H.square_this(ws);
240 }
241
242 const uint32_t z1_b = z1.get_substring(z_bits - i - 2, 2);
243 const uint32_t z2_b = z2.get_substring(z_bits - i - 2, 2);
244
245 const uint32_t z12 = (4*z2_b) + z1_b;
246
247 H.mul_by(*M[z12], ws);
248 }
249
250 return H.value();
251 }
uint32_t get_substring(size_t offset, size_t length) const
Definition bigint.cpp:213
Montgomery_Int square(secure_vector< word > &ws) const
Definition monty.cpp:403
Montgomery_Int & square_this(secure_vector< word > &ws)
Definition monty.cpp:397
Montgomery_Int mul(const Montgomery_Int &other, secure_vector< word > &ws) const
Definition monty.cpp:358
size_t round_up(size_t n, size_t align_to)
Definition rounding.h:21

References Botan::BigInt::bits(), Botan::BigInt::get_substring(), Botan::BigInt::is_negative(), monty_multi_exp(), Botan::Montgomery_Int::mul(), Botan::Montgomery_Int::mul_by(), round_up(), Botan::Montgomery_Int::square(), Botan::Montgomery_Int::square_this(), and Botan::Montgomery_Int::value().

Referenced by monty_multi_exp(), and Botan::DL_Group::multi_exponentiate().

◆ monty_precompute()

std::shared_ptr< const Montgomery_Exponentation_State > Botan::monty_precompute ( std::shared_ptr< const Montgomery_Params params,
const BigInt g,
size_t  window_bits,
bool  const_time 
)

Definition at line 157 of file monty_exp.cpp.

161 {
162 return std::make_shared<const Montgomery_Exponentation_State>(params, g, window_bits, const_time);
163 }

References monty_precompute().

Referenced by monty_precompute(), passes_miller_rabin_test(), and power_mod().

◆ mul64x64_128()

void Botan::mul64x64_128 ( uint64_t  a,
uint64_t  b,
uint64_t *  lo,
uint64_t *  hi 
)
inline

Perform a 64x64->128 bit multiplication

Definition at line 85 of file mul128.h.

86 {
87#if defined(BOTAN_FAST_64X64_MUL)
88 BOTAN_FAST_64X64_MUL(a, b, lo, hi);
89#else
90
91 /*
92 * Do a 64x64->128 multiply using four 32x32->64 multiplies plus
93 * some adds and shifts. Last resort for CPUs like UltraSPARC (with
94 * 64-bit registers/ALU, but no 64x64->128 multiply) or 32-bit CPUs.
95 */
96 const size_t HWORD_BITS = 32;
97 const uint32_t HWORD_MASK = 0xFFFFFFFF;
98
99 const uint32_t a_hi = (a >> HWORD_BITS);
100 const uint32_t a_lo = (a & HWORD_MASK);
101 const uint32_t b_hi = (b >> HWORD_BITS);
102 const uint32_t b_lo = (b & HWORD_MASK);
103
104 uint64_t x0 = static_cast<uint64_t>(a_hi) * b_hi;
105 uint64_t x1 = static_cast<uint64_t>(a_lo) * b_hi;
106 uint64_t x2 = static_cast<uint64_t>(a_hi) * b_lo;
107 uint64_t x3 = static_cast<uint64_t>(a_lo) * b_lo;
108
109 // this cannot overflow as (2^32-1)^2 + 2^32-1 < 2^64-1
110 x2 += x3 >> HWORD_BITS;
111
112 // this one can overflow
113 x2 += x1;
114
115 // propagate the carry if any
116 x0 += static_cast<uint64_t>(static_cast<bool>(x2 < x1)) << HWORD_BITS;
117
118 *hi = x0 + (x2 >> HWORD_BITS);
119 *lo = ((x2 & HWORD_MASK) << HWORD_BITS) + (x3 & HWORD_MASK);
120#endif
121 }

Referenced by operator*(), word_madd2(), and word_madd3().

◆ mul_add()

BigInt Botan::mul_add ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused multiply-add

Parameters
aan integer
ban integer
can integer
Returns
(a*b)+c

Definition at line 30 of file mp_numth.cpp.

31 {
32 if(c.is_negative())
33 throw Invalid_Argument("mul_add: Third argument must be > 0");
34
35 BigInt::Sign sign = BigInt::Positive;
36 if(a.sign() != b.sign())
37 sign = BigInt::Negative;
38
39 const size_t a_sw = a.sig_words();
40 const size_t b_sw = b.sig_words();
41 const size_t c_sw = c.sig_words();
42
43 BigInt r(sign, std::max(a_sw + b_sw, c_sw) + 1);
44 secure_vector<word> workspace(r.size());
45
46 bigint_mul(r.mutable_data(), r.size(),
47 a.data(), a.size(), a_sw,
48 b.data(), b.size(), b_sw,
49 workspace.data(), workspace.size());
50
51 const size_t r_size = std::max(r.sig_words(), c_sw);
52 bigint_add2(r.mutable_data(), r_size, c.data(), c_sw);
53 return r;
54 }
Sign sign() const
Definition bigint.h:539
void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:298
void bigint_add2(word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:280

References bigint_add2(), bigint_mul(), Botan::BigInt::data(), Botan::BigInt::is_negative(), Botan::BigInt::mutable_data(), Botan::BigInt::Negative, Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::size().

◆ mul_sub()

BigInt Botan::mul_sub ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused multiply-subtract

Parameters
aan integer
ban integer
can integer
Returns
(a*b)-c

Definition at line 73 of file mp_numth.cpp.

74 {
75 if(c.is_negative() || c.is_zero())
76 throw Invalid_Argument("mul_sub: Third argument must be > 0");
77
78 BigInt r = a;
79 r *= b;
80 r -= c;
81 return r;
82 }

References Botan::BigInt::is_negative(), and Botan::BigInt::is_zero().

◆ multi_exponentiate()

PointGFp Botan::multi_exponentiate ( const PointGFp p1,
const BigInt z1,
const PointGFp p2,
const BigInt z2 
)

ECC point multiexponentiation - not constant time!

Parameters
p1a point
z1a scalar
p2a point
z2a scalar
Returns
(p1 * z1 + p2 * z2)

Definition at line 25 of file point_mul.cpp.

27 {
29 return xy_mul.multi_exp(z1, z2);
30 }

References Botan::PointGFp_Multi_Point_Precompute::multi_exp().

◆ multimap_insert()

template<typename K , typename V >
void Botan::multimap_insert ( std::multimap< K, V > &  multimap,
const K &  key,
const V &  value 
)

◆ newhope_keygen() [1/2]

void Botan::newhope_keygen ( uint8_t *  send,
poly sk,
RandomNumberGenerator rng,
Newhope_Mode  mode 
)

Definition at line 720 of file newhope.cpp.

722 {
723 poly a, e, r, pk;
724 uint8_t seed[NEWHOPE_SEED_BYTES];
725
726 rng.randomize(seed, NEWHOPE_SEED_BYTES);
727
728 gen_a(&a, seed, mode);
729
730 poly_getnoise(rng, sk);
731 poly_ntt(sk);
732
733 poly_getnoise(rng, &e);
734 poly_ntt(&e);
735
736 poly_pointwise(&r, sk, &a);
737 poly_add(&pk, &e, &r);
738
739 encode_a(send, &pk, seed);
740 }

References NEWHOPE_SEED_BYTES, and Botan::RandomNumberGenerator::randomize().

Referenced by CECPQ1_offer().

◆ newhope_keygen() [2/2]

void Botan::newhope_keygen ( uint8_t  send[NEWHOPE_SENDABYTES],
newhope_poly sk,
RandomNumberGenerator rng,
Newhope_Mode  = Newhope_Mode::SHA3 
)

◆ newhope_shareda() [1/2]

void Botan::newhope_shareda ( uint8_t  sharedkey[],
const poly sk,
const uint8_t  received[],
Newhope_Mode  mode 
)

Definition at line 779 of file newhope.cpp.

783 {
784 poly v, bp, c;
785
786 decode_b(&bp, &c, received);
787
788 poly_pointwise(&v, sk, &bp);
789 poly_invntt(&v);
790
791 rec(sharedkey, &v, &c);
792
793 const std::string kdf_hash = (mode == Newhope_Mode::SHA3) ? "SHA-3(256)" : "SHA-256";
794 std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(kdf_hash);
795
796 hash->update(sharedkey, 32);
797 hash->final(sharedkey);
798 }

References Botan::HashFunction::create_or_throw(), hash, and SHA3.

Referenced by CECPQ1_finish().

◆ newhope_shareda() [2/2]

void Botan::newhope_shareda ( uint8_t  sharedkey[NEWHOPE_SHARED_KEY_BYTES],
const newhope_poly ska,
const uint8_t *  received,
Newhope_Mode  mode = Newhope_Mode::SHA3 
)

◆ newhope_sharedb() [1/2]

void Botan::newhope_sharedb ( uint8_t *  sharedkey,
uint8_t *  send,
const uint8_t *  received,
RandomNumberGenerator rng,
Newhope_Mode  mode 
)

Definition at line 742 of file newhope.cpp.

745 {
746 poly sp, ep, v, a, pka, c, epp, bp;
747 uint8_t seed[NEWHOPE_SEED_BYTES];
748
749 decode_a(&pka, seed, received);
750 gen_a(&a, seed, mode);
751
752 poly_getnoise(rng, &sp);
753 poly_ntt(&sp);
754 poly_getnoise(rng, &ep);
755 poly_ntt(&ep);
756
757 poly_pointwise(&bp, &a, &sp);
758 poly_add(&bp, &bp, &ep);
759
760 poly_pointwise(&v, &pka, &sp);
761 poly_invntt(&v);
762
763 poly_getnoise(rng, &epp);
764 poly_add(&v, &v, &epp);
765
766 helprec(&c, &v, rng);
767
768 encode_b(send, &bp, &c);
769
770 rec(sharedkey, &v, &c);
771
772 const std::string kdf_hash = (mode == Newhope_Mode::SHA3) ? "SHA-3(256)" : "SHA-256";
773 std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(kdf_hash);
774
775 hash->update(sharedkey, 32);
776 hash->final(sharedkey);
777 }

References Botan::HashFunction::create_or_throw(), hash, NEWHOPE_SEED_BYTES, and SHA3.

Referenced by CECPQ1_accept().

◆ newhope_sharedb() [2/2]

void Botan::newhope_sharedb ( uint8_t  sharedkey[NEWHOPE_SHARED_KEY_BYTES],
uint8_t  send[],
const uint8_t *  received,
RandomNumberGenerator rng,
Newhope_Mode  mode = Newhope_Mode::SHA3 
)

◆ nist_key_unwrap()

secure_vector< uint8_t > Botan::nist_key_unwrap ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)
Parameters
inputthe value to be decrypted, output of nist_key_wrap
input_lenlength of input
bca keyed 128-bit block cipher that will be used to decrypt input
Returns
input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.

Definition at line 113 of file nist_keywrap.cpp.

116 {
117 if(bc.block_size() != 16)
118 throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher");
119
120 if(input_len < 16 || input_len % 8 != 0)
121 throw Invalid_Argument("Bad input size for NIST key unwrap");
122
123 uint64_t ICV_out = 0;
124
125 secure_vector<uint8_t> R = raw_nist_key_unwrap(input, input_len, bc, ICV_out);
126
127 if(ICV_out != 0xA6A6A6A6A6A6A6A6)
128 throw Invalid_Authentication_Tag("NIST key unwrap failed");
129
130 return R;
131 }

References Botan::BlockCipher::block_size().

Referenced by rfc3394_keyunwrap().

◆ nist_key_unwrap_padded()

secure_vector< uint8_t > Botan::nist_key_unwrap_padded ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)
Parameters
inputthe value to be decrypted, output of nist_key_wrap
input_lenlength of input
bca keyed 128-bit block cipher that will be used to decrypt input
Returns
input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.

Definition at line 161 of file nist_keywrap.cpp.

164 {
165 if(bc.block_size() != 16)
166 throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher");
167
168 if(input_len < 16 || input_len % 8 != 0)
169 throw Invalid_Argument("Bad input size for NIST key unwrap");
170
171 uint64_t ICV_out = 0;
173
174 if(input_len == 16)
175 {
176 secure_vector<uint8_t> block(input, input + input_len);
177 bc.decrypt(block);
178
179 ICV_out = load_be<uint64_t>(block.data(), 0);
180 R.resize(8);
181 copy_mem(R.data(), block.data() + 8, 8);
182 }
183 else
184 {
185 R = raw_nist_key_unwrap(input, input_len, bc, ICV_out);
186 }
187
188 if((ICV_out >> 32) != 0xA65959A6)
189 throw Invalid_Authentication_Tag("NIST key unwrap failed");
190
191 const size_t len = (ICV_out & 0xFFFFFFFF);
192
193 if(R.size() < 8 || len > R.size() || len < R.size() - 8)
194 throw Invalid_Authentication_Tag("NIST key unwrap failed");
195
196 const size_t padding = R.size() - len;
197
198 for(size_t i = 0; i != padding; ++i)
199 {
200 if(R[R.size() - i - 1] != 0)
201 throw Invalid_Authentication_Tag("NIST key unwrap failed");
202 }
203
204 R.resize(R.size() - padding);
205
206 return R;
207 }
void decrypt(const uint8_t in[], uint8_t out[]) const

References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::decrypt(), and load_be< uint64_t >().

Referenced by Botan::Encrypted_PSK_Database::get(), and Botan::Encrypted_PSK_Database::list_names().

◆ nist_key_wrap()

std::vector< uint8_t > Botan::nist_key_wrap ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)

Key wrap. See RFC 3394 and NIST SP800-38F

Parameters
inputthe value to be encrypted
input_lenlength of input, must be a multiple of 8
bca keyed 128-bit block cipher that will be used to encrypt input
Returns
input encrypted under NIST key wrap algorithm

Definition at line 99 of file nist_keywrap.cpp.

102 {
103 if(bc.block_size() != 16)
104 throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher");
105
106 if(input_len % 8 != 0)
107 throw Invalid_Argument("Bad input size for NIST key wrap");
108
109 return raw_nist_key_wrap(input, input_len, bc, 0xA6A6A6A6A6A6A6A6);
110 }

References Botan::BlockCipher::block_size().

Referenced by rfc3394_keywrap().

◆ nist_key_wrap_padded()

std::vector< uint8_t > Botan::nist_key_wrap_padded ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)

KWP (key wrap with padding). See RFC 5649 and NIST SP800-38F

Parameters
inputthe value to be encrypted
input_lenlength of input
bca keyed 128-bit block cipher that will be used to encrypt input
Returns
input encrypted under NIST key wrap algorithm

Definition at line 134 of file nist_keywrap.cpp.

137 {
138 if(bc.block_size() != 16)
139 throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher");
140
141 const uint64_t ICV = 0xA65959A600000000 | static_cast<uint32_t>(input_len);
142
143 if(input_len <= 8)
144 {
145 /*
146 * Special case for small inputs: if input <= 8 bytes just use ECB
147 */
148 std::vector<uint8_t> block(16);
149 store_be(ICV, block.data());
150 copy_mem(block.data() + 8, input, input_len);
151 bc.encrypt(block);
152 return block;
153 }
154 else
155 {
156 return raw_nist_key_wrap(input, input_len, bc, ICV);
157 }
158 }

References Botan::BlockCipher::block_size(), copy_mem(), Botan::BlockCipher::encrypt(), and store_be().

Referenced by Botan::Encrypted_PSK_Database::get(), Botan::Encrypted_PSK_Database::remove(), and Botan::Encrypted_PSK_Database::set().

◆ normalized_montgomery_inverse()

BigInt Botan::normalized_montgomery_inverse ( const BigInt a,
const BigInt b 
)

Call almost_montgomery_inverse and correct the result to a^-1 mod b

Definition at line 75 of file mod_inv.cpp.

76 {
77 BigInt r;
78 size_t k = almost_montgomery_inverse(r, a, p);
79
80 for(size_t i = 0; i != k; ++i)
81 {
82 if(r.is_odd())
83 r += p;
84 r >>= 1;
85 }
86
87 return r;
88 }
size_t almost_montgomery_inverse(BigInt &result, const BigInt &a, const BigInt &p)
Definition mod_inv.cpp:27

References almost_montgomery_inverse(), and Botan::BigInt::is_odd().

◆ oaep_find_delim()

secure_vector< uint8_t > BOTAN_TEST_API Botan::oaep_find_delim ( uint8_t &  valid_mask,
const uint8_t  input[],
size_t  input_len,
const secure_vector< uint8_t > &  Phash 
)

Definition at line 95 of file oaep.cpp.

98 {
99 const size_t hlen = Phash.size();
100
101 // Too short to be valid, reject immediately
102 if(input_len < 1 + 2*hlen)
103 {
104 return secure_vector<uint8_t>();
105 }
106
107 CT::poison(input, input_len);
108
109 size_t delim_idx = 2 * hlen;
110 CT::Mask<uint8_t> waiting_for_delim = CT::Mask<uint8_t>::set();
111 CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
112
113 for(size_t i = delim_idx; i < input_len; ++i)
114 {
115 const auto zero_m = CT::Mask<uint8_t>::is_zero(input[i]);
116 const auto one_m = CT::Mask<uint8_t>::is_equal(input[i], 1);
117
118 const auto add_m = waiting_for_delim & zero_m;
119
120 bad_input_m |= waiting_for_delim & ~(zero_m | one_m);
121
122 delim_idx += add_m.if_set_return(1);
123
124 waiting_for_delim &= zero_m;
125 }
126
127 // If we never saw any non-zero byte, then it's not valid input
128 bad_input_m |= waiting_for_delim;
129 bad_input_m |= CT::Mask<uint8_t>::is_zero(ct_compare_u8(&input[hlen], Phash.data(), hlen));
130
131 delim_idx += 1;
132
133 valid_mask = (~bad_input_m).unpoisoned_value();
134 const secure_vector<uint8_t> output = CT::copy_output(bad_input_m, input, input_len, delim_idx);
135
136 CT::unpoison(input, input_len);
137
138 return output;
139 }

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), ct_compare_u8(), Botan::CT::Mask< T >::if_set_return(), Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::Mask< T >::set(), and Botan::CT::unpoison().

◆ operator!=() [1/13]

bool Botan::operator!= ( const AlgorithmIdentifier a1,
const AlgorithmIdentifier a2 
)

Definition at line 82 of file alg_id.cpp.

83 {
84 return !(a1 == a2);
85 }

◆ operator!=() [2/13]

bool Botan::operator!= ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 277 of file asn1_time.cpp.

278 { return (t1.cmp(t2) != 0); }
int32_t cmp(const ASN1_Time &other) const
Compare this time against another.

References Botan::ASN1_Time::cmp().

◆ operator!=() [3/13]

bool Botan::operator!= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1111 of file bigint.h.

1112 { return !a.is_equal(b); }
bool is_equal(const BigInt &n) const
Definition bigint.cpp:149

References Botan::BigInt::is_equal().

◆ operator!=() [4/13]

bool Botan::operator!= ( const BigInt a,
word  b 
)
inline

Definition at line 1124 of file bigint.h.

1125 { return (a.cmp_word(b) != 0); }
int32_t cmp_word(word n) const
Definition bigint.cpp:115

References Botan::BigInt::cmp_word().

◆ operator!=() [5/13]

bool Botan::operator!= ( const CRL_Entry ,
const CRL_Entry  
)

Test two CRL entries for inequality in at least one field.

Definition at line 58 of file crl_ent.cpp.

59 {
60 return !(a1 == a2);
61 }

◆ operator!=() [6/13]

bool Botan::operator!= ( const CurveGFp lhs,
const CurveGFp rhs 
)
inline

Definition at line 247 of file curve_gfp.h.

248 {
249 return !(lhs == rhs);
250 }

◆ operator!=() [7/13]

bool Botan::operator!= ( const EC_Group lhs,
const EC_Group rhs 
)
inline

Definition at line 387 of file ec_group.h.

389 {
390 return !(lhs == rhs);
391 }

◆ operator!=() [8/13]

bool Botan::operator!= ( const OctetString x,
const OctetString y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is not equal to y

Definition at line 106 of file symkey.cpp.

107 {
108 return !(s1 == s2);
109 }

◆ operator!=() [9/13]

bool Botan::operator!= ( const OID a,
const OID b 
)
inline

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is not equal to b

Definition at line 311 of file asn1_obj.h.

312 {
313 return !(a == b);
314 }

◆ operator!=() [10/13]

bool Botan::operator!= ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 355 of file point_gfp.h.

356 {
357 return !(rhs == lhs);
358 }

◆ operator!=() [11/13]

template<typename T , typename U >
bool Botan::operator!= ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

Definition at line 62 of file secmem.h.

63 { return false; }

◆ operator!=() [12/13]

bool Botan::operator!= ( const X509_Certificate cert1,
const X509_Certificate cert2 
)

Check two certificates for inequality

Parameters
cert1The first certificate
cert2The second certificate
Returns
true if the arguments represent different certificates, false if they are binary identical

Definition at line 831 of file x509cert.cpp.

832 {
833 return !(cert1 == cert2);
834 }

◆ operator!=() [13/13]

bool Botan::operator!= ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 174 of file x509_dn.cpp.

175 {
176 return !(dn1 == dn2);
177 }

◆ operator%() [1/2]

BigInt Botan::operator% ( const BigInt n,
const BigInt mod 
)

Definition at line 131 of file big_ops3.cpp.

132 {
133 if(mod.is_zero())
134 throw BigInt::DivideByZero();
135 if(mod.is_negative())
136 throw Invalid_Argument("BigInt::operator%: modulus must be > 0");
137 if(n.is_positive() && mod.is_positive() && n < mod)
138 return n;
139
140 if(mod.sig_words() == 1)
141 {
142 return n % mod.word_at(0);
143 }
144
145 BigInt q, r;
146 vartime_divide(n, mod, q, r);
147 return r;
148 }
bool is_positive() const
Definition bigint.h:533

References Botan::BigInt::is_negative(), Botan::BigInt::is_positive(), Botan::BigInt::is_zero(), Botan::BigInt::sig_words(), vartime_divide(), and Botan::BigInt::word_at().

◆ operator%() [2/2]

word Botan::operator% ( const BigInt n,
word  mod 
)

Definition at line 153 of file big_ops3.cpp.

154 {
155 if(mod == 0)
156 throw BigInt::DivideByZero();
157
158 if(mod == 1)
159 return 0;
160
161 word remainder = 0;
162
163 if(is_power_of_2(mod))
164 {
165 remainder = (n.word_at(0) & (mod - 1));
166 }
167 else
168 {
169 const size_t sw = n.sig_words();
170 for(size_t i = sw; i > 0; --i)
171 {
172 remainder = bigint_modop(remainder, n.word_at(i-1), mod);
173 }
174 }
175
176 if(remainder && n.sign() == BigInt::Negative)
177 return mod - remainder;
178 return remainder;
179 }
constexpr bool is_power_of_2(T arg)
Definition bit_ops.h:43

References bigint_modop(), is_power_of_2(), Botan::BigInt::Negative, Botan::BigInt::sig_words(), Botan::BigInt::sign(), and Botan::BigInt::word_at().

◆ operator&()

ECIES_Flags Botan::operator& ( ECIES_Flags  a,
ECIES_Flags  b 
)
inline

Definition at line 49 of file ecies.h.

50 {
51 return static_cast<ECIES_Flags>(static_cast<uint32_t>(a) & static_cast<uint32_t>(b));
52 }
ECIES_Flags
Definition ecies.h:28

◆ operator*() [1/7]

PointGFp Botan::operator* ( const BigInt scalar,
const PointGFp point 
)

Point multiplication operator

Parameters
scalarthe scalar value
pointthe point value
Returns
scalar*point on the curve

Definition at line 394 of file point_gfp.cpp.

395 {
397
398 const size_t scalar_bits = scalar.bits();
399
400 std::vector<BigInt> ws(PointGFp::WORKSPACE_SIZE);
401
402 PointGFp R[2] = { point.zero(), point };
403
404 for(size_t i = scalar_bits; i > 0; i--)
405 {
406 const size_t b = scalar.get_bit(i - 1);
407 R[b ^ 1].add(R[b], ws);
408 R[b].mult2(ws);
409 }
410
411 if(scalar.is_negative())
412 R[0].negate();
413
414 BOTAN_DEBUG_ASSERT(R[0].on_the_curve());
415
416 return R[0];
417 }
void mult2(std::vector< BigInt > &workspace)
PointGFp zero() const
Definition point_gfp.h:319
PointGFp & negate()
Definition point_gfp.h:137
bool on_the_curve() const
void add(const PointGFp &other, std::vector< BigInt > &workspace)
Definition point_gfp.h:221

References Botan::PointGFp::add(), Botan::BigInt::bits(), BOTAN_DEBUG_ASSERT, Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), Botan::PointGFp::mult2(), Botan::PointGFp::negate(), Botan::PointGFp::on_the_curve(), Botan::PointGFp::WORKSPACE_SIZE, and Botan::PointGFp::zero().

◆ operator*() [2/7]

BigInt Botan::operator* ( const BigInt x,
const BigInt y 
)

Definition at line 45 of file big_ops3.cpp.

46 {
47 const size_t x_sw = x.sig_words();
48 const size_t y_sw = y.sig_words();
49
50 BigInt z(BigInt::Positive, x.size() + y.size());
51
52 if(x_sw == 1 && y_sw)
53 bigint_linmul3(z.mutable_data(), y.data(), y_sw, x.word_at(0));
54 else if(y_sw == 1 && x_sw)
55 bigint_linmul3(z.mutable_data(), x.data(), x_sw, y.word_at(0));
56 else if(x_sw && y_sw)
57 {
58 secure_vector<word> workspace(z.size());
59
60 bigint_mul(z.mutable_data(), z.size(),
61 x.data(), x.size(), x_sw,
62 y.data(), y.size(), y_sw,
63 workspace.data(), workspace.size());
64 }
65
66 z.cond_flip_sign(x_sw > 0 && y_sw > 0 && x.sign() != y.sign());
67
68 return z;
69 }

References bigint_linmul3(), bigint_mul(), Botan::BigInt::cond_flip_sign(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::sig_words(), Botan::BigInt::sign(), Botan::BigInt::size(), and Botan::BigInt::word_at().

◆ operator*() [3/7]

BigInt Botan::operator* ( const BigInt x,
word  y 
)

Definition at line 74 of file big_ops3.cpp.

75 {
76 const size_t x_sw = x.sig_words();
77
78 BigInt z(BigInt::Positive, x_sw + 1);
79
80 if(x_sw && y)
81 {
82 bigint_linmul3(z.mutable_data(), x.data(), x_sw, y);
83 z.set_sign(x.sign());
84 }
85
86 return z;
87 }

References bigint_linmul3(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

◆ operator*() [4/7]

donna128 Botan::operator* ( const donna128 x,
uint64_t  y 
)
inline

Definition at line 83 of file donna128.h.

84 {
85 BOTAN_ARG_CHECK(x.hi() == 0, "High 64 bits of donna128 set to zero during multiply");
86
87 uint64_t lo = 0, hi = 0;
88 mul64x64_128(x.lo(), y, &lo, &hi);
89 return donna128(lo, hi);
90 }
uint64_t hi() const
Definition donna128.h:78
void mul64x64_128(uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
Definition mul128.h:85

References BOTAN_ARG_CHECK, Botan::donna128::hi(), Botan::donna128::lo(), and mul64x64_128().

◆ operator*() [5/7]

PointGFp Botan::operator* ( const PointGFp point,
const BigInt scalar 
)
inline

Definition at line 378 of file point_gfp.h.

379 {
380 return scalar * point;
381 }

◆ operator*() [6/7]

donna128 Botan::operator* ( uint64_t  y,
const donna128 x 
)
inline

Definition at line 92 of file donna128.h.

93 {
94 return x * y;
95 }

◆ operator*() [7/7]

BigInt Botan::operator* ( word  x,
const BigInt y 
)
inline

Definition at line 1097 of file bigint.h.

1097{ return y*x; }

◆ operator+() [1/8]

BigInt Botan::operator+ ( const BigInt x,
const BigInt y 
)
inline

Definition at line 1070 of file bigint.h.

1071 {
1072 return BigInt::add2(x, y.data(), y.sig_words(), y.sign());
1073 }

References Botan::BigInt::add2(), Botan::BigInt::data(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

◆ operator+() [2/8]

BigInt Botan::operator+ ( const BigInt x,
word  y 
)
inline

Definition at line 1075 of file bigint.h.

1076 {
1077 return BigInt::add2(x, &y, 1, BigInt::Positive);
1078 }

References Botan::BigInt::add2(), and Botan::BigInt::Positive.

◆ operator+() [3/8]

donna128 Botan::operator+ ( const donna128 x,
const donna128 y 
)
inline

Definition at line 97 of file donna128.h.

98 {
99 donna128 z = x;
100 z += y;
101 return z;
102 }

◆ operator+() [4/8]

donna128 Botan::operator+ ( const donna128 x,
uint64_t  y 
)
inline

Definition at line 104 of file donna128.h.

105 {
106 donna128 z = x;
107 z += y;
108 return z;
109 }

◆ operator+() [5/8]

OctetString Botan::operator+ ( const OctetString x,
const OctetString y 
)

Concatenate two strings

Parameters
xan octet string
yan octet string
Returns
x concatenated with y

Definition at line 114 of file symkey.cpp.

115 {
117 out += k1.bits_of();
118 out += k2.bits_of();
119 return OctetString(out);
120 }

References Botan::OctetString::bits_of().

◆ operator+() [6/8]

OID Botan::operator+ ( const OID oid,
uint32_t  new_comp 
)

Append another component onto the OID.

Parameters
oidthe OID to add the new component to
new_compthe new component to add

Definition at line 122 of file asn1_oid.cpp.

123 {
124 std::vector<uint32_t> val = oid.get_components();
125 val.push_back(new_component);
126 return OID(std::move(val));
127 }
const std::vector< uint32_t > & get_components() const
Definition asn1_obj.h:244

References Botan::OID::get_components().

◆ operator+() [7/8]

PointGFp Botan::operator+ ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 366 of file point_gfp.h.

367 {
368 PointGFp tmp(lhs);
369 return tmp += rhs;
370 }

◆ operator+() [8/8]

BigInt Botan::operator+ ( word  x,
const BigInt y 
)
inline

Definition at line 1080 of file bigint.h.

1081 {
1082 return y + x;
1083 }

◆ operator+=() [1/4]

template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< const T *, L > &  in 
)

Definition at line 94 of file secmem.h.

96 {
97 out.insert(out.end(), in.first, in.first + in.second);
98 return out;
99 }

◆ operator+=() [2/4]

template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< T *, L > &  in 
)

Definition at line 102 of file secmem.h.

104 {
105 out.insert(out.end(), in.first, in.first + in.second);
106 return out;
107 }

◆ operator+=() [3/4]

template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & Botan::operator+= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

Definition at line 79 of file secmem.h.

81 {
82 out.insert(out.end(), in.begin(), in.end());
83 return out;
84 }

◆ operator+=() [4/4]

template<typename T , typename Alloc >
std::vector< T, Alloc > & Botan::operator+= ( std::vector< T, Alloc > &  out,
T  in 
)

Definition at line 87 of file secmem.h.

88 {
89 out.push_back(in);
90 return out;
91 }

◆ operator-() [1/4]

BigInt Botan::operator- ( const BigInt x,
const BigInt y 
)
inline

Definition at line 1085 of file bigint.h.

1086 {
1087 return BigInt::add2(x, y.data(), y.sig_words(), y.reverse_sign());
1088 }
Sign reverse_sign() const
Definition bigint.h:544

References Botan::BigInt::add2(), Botan::BigInt::data(), Botan::BigInt::reverse_sign(), and Botan::BigInt::sig_words().

◆ operator-() [2/4]

BigInt Botan::operator- ( const BigInt x,
word  y 
)
inline

Definition at line 1090 of file bigint.h.

1091 {
1092 return BigInt::add2(x, &y, 1, BigInt::Negative);
1093 }

References Botan::BigInt::add2(), and Botan::BigInt::Negative.

◆ operator-() [3/4]

PointGFp Botan::operator- ( const PointGFp lhs)
inline

Definition at line 361 of file point_gfp.h.

362 {
363 return PointGFp(lhs).negate();
364 }

References Botan::PointGFp::negate().

◆ operator-() [4/4]

PointGFp Botan::operator- ( const PointGFp lhs,
const PointGFp rhs 
)
inline

Definition at line 372 of file point_gfp.h.

373 {
374 PointGFp tmp(lhs);
375 return tmp -= rhs;
376 }

◆ operator/() [1/2]

BigInt Botan::operator/ ( const BigInt x,
const BigInt y 
)

Definition at line 92 of file big_ops3.cpp.

93 {
94 if(y.sig_words() == 1)
95 {
96 return x / y.word_at(0);
97 }
98
99 BigInt q, r;
100 vartime_divide(x, y, q, r);
101 return q;
102 }

References Botan::BigInt::sig_words(), vartime_divide(), and Botan::BigInt::word_at().

◆ operator/() [2/2]

BigInt Botan::operator/ ( const BigInt x,
word  y 
)

Definition at line 107 of file big_ops3.cpp.

108 {
109 if(y == 0)
110 throw BigInt::DivideByZero();
111 else if(y == 1)
112 return x;
113 else if(y == 2)
114 return (x >> 1);
115 else if(y <= 255)
116 {
117 BigInt q;
118 uint8_t r;
119 ct_divide_u8(x, static_cast<uint8_t>(y), q, r);
120 return q;
121 }
122
123 BigInt q, r;
124 vartime_divide(x, y, q, r);
125 return q;
126 }
void ct_divide_u8(const BigInt &x, uint8_t y, BigInt &q_out, uint8_t &r_out)
Definition divide.cpp:82

References ct_divide_u8(), and vartime_divide().

◆ operator<() [1/5]

bool Botan::operator< ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 285 of file asn1_time.cpp.

286 { return (t1.cmp(t2) < 0); }

References Botan::ASN1_Time::cmp().

◆ operator<() [2/5]

bool Botan::operator< ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1117 of file bigint.h.

1118 { return a.is_less_than(b); }
bool is_less_than(const BigInt &n) const
Definition bigint.cpp:158

References Botan::BigInt::is_less_than().

◆ operator<() [3/5]

bool Botan::operator< ( const BigInt a,
word  b 
)
inline

Definition at line 1130 of file bigint.h.

1131 { return (a.cmp_word(b) < 0); }

References Botan::BigInt::cmp_word().

◆ operator<() [4/5]

bool Botan::operator< ( const OID a,
const OID b 
)

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is lexicographically smaller than b

Definition at line 132 of file asn1_oid.cpp.

133 {
134 const std::vector<uint32_t>& oid1 = a.get_components();
135 const std::vector<uint32_t>& oid2 = b.get_components();
136
137 return std::lexicographical_compare(oid1.begin(), oid1.end(),
138 oid2.begin(), oid2.end());
139 }

References Botan::OID::get_components().

◆ operator<() [5/5]

bool Botan::operator< ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 182 of file x509_dn.cpp.

183 {
184 auto attr1 = dn1.get_attributes();
185 auto attr2 = dn2.get_attributes();
186
187 // If they are not the same size, choose the smaller as the "lessor"
188 if(attr1.size() < attr2.size())
189 return true;
190 if(attr1.size() > attr2.size())
191 return false;
192
193 // We know they are the same # of elements, now compare the OIDs:
194 auto p1 = attr1.begin();
195 auto p2 = attr2.begin();
196
197 while(p1 != attr1.end() && p2 != attr2.end())
198 {
199 if(p1->first != p2->first)
200 {
201 return (p1->first < p2->first);
202 }
203
204 ++p1;
205 ++p2;
206 }
207
208 // We know this is true because maps have the same size
209 BOTAN_ASSERT_NOMSG(p1 == attr1.end());
210 BOTAN_ASSERT_NOMSG(p2 == attr2.end());
211
212 // Now we know all elements have the same OIDs, compare
213 // their string values:
214
215 p1 = attr1.begin();
216 p2 = attr2.begin();
217 while(p1 != attr1.end() && p2 != attr2.end())
218 {
219 BOTAN_DEBUG_ASSERT(p1->first == p2->first);
220
221 // They may be binary different but same by X.500 rules, check this
222 if(!x500_name_cmp(p1->second, p2->second))
223 {
224 // If they are not (by X.500) the same string, pick the
225 // lexicographic first as the lessor
226 return (p1->second < p2->second);
227 }
228
229 ++p1;
230 ++p2;
231 }
232
233 // if we reach here, then the DNs should be identical
234 BOTAN_DEBUG_ASSERT(dn1 == dn2);
235 return false;
236 }
std::multimap< OID, std::string > get_attributes() const
Definition x509_dn.cpp:44
bool x500_name_cmp(const std::string &name1, const std::string &name2)
Definition parsing.cpp:212

References BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, Botan::X509_DN::get_attributes(), and x500_name_cmp().

◆ operator<<() [1/7]

BigInt Botan::operator<< ( const BigInt x,
size_t  shift 
)

Definition at line 184 of file big_ops3.cpp.

185 {
186 const size_t shift_words = shift / BOTAN_MP_WORD_BITS,
187 shift_bits = shift % BOTAN_MP_WORD_BITS;
188
189 const size_t x_sw = x.sig_words();
190
191 BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0));
192 bigint_shl2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
193 return y;
194 }
void bigint_shl2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition mp_core.h:449

References bigint_shl2(), Botan::BigInt::data(), Botan::BigInt::mutable_data(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

◆ operator<<() [2/7]

int Botan::operator<< ( int  out,
Pipe pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters
outfile descriptor for an open output stream
pipethe pipe

Definition at line 17 of file fd_unix.cpp.

18 {
19 secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE);
20 while(pipe.remaining())
21 {
22 size_t got = pipe.read(buffer.data(), buffer.size());
23 size_t position = 0;
24 while(got)
25 {
26 ssize_t ret = ::write(fd, &buffer[position], got);
27 if(ret < 0)
28 throw Stream_IO_Error("Pipe output operator (unixfd) has failed");
29
30 position += static_cast<size_t>(ret);
31 got -= static_cast<size_t>(ret);
32 }
33 }
34 return fd;
35 }
size_t read(uint8_t output[], size_t length) override BOTAN_WARN_UNUSED_RESULT
Definition pipe_rw.cpp:82
size_t remaining(message_id msg=DEFAULT_MESSAGE) const BOTAN_WARN_UNUSED_RESULT
Definition pipe_rw.cpp:131

References Botan::Pipe::read(), and Botan::Pipe::remaining().

◆ operator<<() [3/7]

std::ostream & Botan::operator<< ( std::ostream &  os,
const GeneralName gn 
)

Definition at line 225 of file name_constraint.cpp.

226 {
227 os << gn.type() << ":" << gn.name();
228 return os;
229 }
const std::string & type() const
Definition pkix_types.h:225
const std::string & name() const
Definition pkix_types.h:230

References Botan::GeneralName::name(), and Botan::GeneralName::type().

◆ operator<<() [4/7]

std::ostream & Botan::operator<< ( std::ostream &  os,
const GeneralSubtree gs 
)

Definition at line 268 of file name_constraint.cpp.

269 {
270 os << gs.minimum() << "," << gs.maximum() << "," << gs.base();
271 return os;
272 }
size_t maximum() const
Definition pkix_types.h:299
size_t minimum() const
Definition pkix_types.h:294
const GeneralName & base() const
Definition pkix_types.h:289

References Botan::GeneralSubtree::base(), Botan::GeneralSubtree::maximum(), and Botan::GeneralSubtree::minimum().

◆ operator<<() [5/7]

std::ostream & Botan::operator<< ( std::ostream &  out,
const X509_DN dn 
)

Definition at line 333 of file x509_dn.cpp.

334 {
335 auto info = dn.dn_info();
336
337 for(size_t i = 0; i != info.size(); ++i)
338 {
339 out << to_short_form(info[i].first) << "=\"";
340 for(char c : info[i].second.value())
341 {
342 if(c == '\\' || c == '\"')
343 {
344 out << "\\";
345 }
346 out << c;
347 }
348 out << "\"";
349
350 if(i + 1 < info.size())
351 {
352 out << ",";
353 }
354 }
355 return out;
356 }
const std::vector< std::pair< OID, ASN1_String > > & dn_info() const
Definition pkix_types.h:74

References Botan::X509_DN::dn_info().

◆ operator<<() [6/7]

std::ostream & Botan::operator<< ( std::ostream &  out,
Pipe pipe 
)

Stream output operator; dumps the results from pipe's default message to the output stream.

Parameters
outan output stream
pipethe pipe

Definition at line 17 of file pipe_io.cpp.

18 {
19 secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE);
20 while(stream.good() && pipe.remaining())
21 {
22 const size_t got = pipe.read(buffer.data(), buffer.size());
23 stream.write(cast_uint8_ptr_to_char(buffer.data()), got);
24 }
25 if(!stream.good())
26 throw Stream_IO_Error("Pipe output operator (iostream) has failed");
27 return stream;
28 }
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition mem_ops.h:195

References cast_uint8_ptr_to_char(), Botan::Pipe::read(), and Botan::Pipe::remaining().

◆ operator<<() [7/7]

std::ostream & Botan::operator<< ( std::ostream &  stream,
const BigInt n 
)

Definition at line 17 of file big_io.cpp.

18 {
19 size_t base = 10;
20 if(stream.flags() & std::ios::hex)
21 base = 16;
22 if(stream.flags() & std::ios::oct)
23 throw Invalid_Argument("Octal output of BigInt not supported");
24
25 if(n == 0)
26 stream.write("0", 1);
27 else
28 {
29 if(n < 0)
30 stream.write("-", 1);
31
32 std::string enc;
33
34 if(base == 10)
35 enc = n.to_dec_string();
36 else
37 enc = n.to_hex_string();
38
39 size_t skip = 0;
40 while(skip < enc.size() && enc[skip] == '0')
41 ++skip;
42 stream.write(&enc[skip], enc.size() - skip);
43 }
44 if(!stream.good())
45 throw Stream_IO_Error("BigInt output operator has failed");
46 return stream;
47 }
std::string to_dec_string() const
Definition big_code.cpp:15
std::string to_hex_string() const
Definition big_code.cpp:42

References Botan::BigInt::to_dec_string(), and Botan::BigInt::to_hex_string().

◆ operator<=() [1/3]

bool Botan::operator<= ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 280 of file asn1_time.cpp.

281 { return (t1.cmp(t2) <= 0); }

References Botan::ASN1_Time::cmp().

◆ operator<=() [2/3]

bool Botan::operator<= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1113 of file bigint.h.

1114 { return (a.cmp(b) <= 0); }
int32_t cmp(const BigInt &n, bool check_signs=true) const
Definition bigint.cpp:130

References Botan::BigInt::cmp().

◆ operator<=() [3/3]

bool Botan::operator<= ( const BigInt a,
word  b 
)
inline

Definition at line 1126 of file bigint.h.

1127 { return (a.cmp_word(b) <= 0); }

References Botan::BigInt::cmp_word().

◆ operator==() [1/8]

bool Botan::operator== ( const AlgorithmIdentifier a1,
const AlgorithmIdentifier a2 
)

Definition at line 65 of file alg_id.cpp.

66 {
67 if(a1.get_oid() != a2.get_oid())
68 return false;
69
70 /*
71 * Treat NULL and empty as equivalent
72 */
75 {
76 return true;
77 }
78
79 return (a1.get_parameters() == a2.get_parameters());
80 }
bool parameters_are_null_or_empty() const
Definition asn1_obj.h:451
const std::vector< uint8_t > & get_parameters() const
Definition asn1_obj.h:446

References Botan::AlgorithmIdentifier::get_oid(), Botan::AlgorithmIdentifier::get_parameters(), and Botan::AlgorithmIdentifier::parameters_are_null_or_empty().

◆ operator==() [2/8]

bool Botan::operator== ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 275 of file asn1_time.cpp.

276 { return (t1.cmp(t2) == 0); }

References Botan::ASN1_Time::cmp().

◆ operator==() [3/8]

bool Botan::operator== ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1109 of file bigint.h.

1110 { return a.is_equal(b); }

References Botan::BigInt::is_equal().

◆ operator==() [4/8]

bool Botan::operator== ( const BigInt a,
word  b 
)
inline

Definition at line 1122 of file bigint.h.

1123 { return (a.cmp_word(b) == 0); }

References Botan::BigInt::cmp_word().

◆ operator==() [5/8]

bool Botan::operator== ( const CRL_Entry ,
const CRL_Entry  
)

Test two CRL entries for equality in all fields.

Definition at line 44 of file crl_ent.cpp.

45 {
46 if(a1.serial_number() != a2.serial_number())
47 return false;
48 if(a1.expire_time() != a2.expire_time())
49 return false;
50 if(a1.reason_code() != a2.reason_code())
51 return false;
52 return true;
53 }
CRL_Code reason_code() const
Definition crl_ent.cpp:129
const X509_Time & expire_time() const
Definition crl_ent.cpp:124
const std::vector< uint8_t > & serial_number() const
Definition crl_ent.cpp:119

References Botan::CRL_Entry::expire_time(), Botan::CRL_Entry::reason_code(), and Botan::CRL_Entry::serial_number().

◆ operator==() [6/8]

bool Botan::operator== ( const OctetString x,
const OctetString y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is equal to y

Definition at line 98 of file symkey.cpp.

99 {
100 return (s1.bits_of() == s2.bits_of());
101 }

References Botan::OctetString::bits_of().

◆ operator==() [7/8]

template<typename T , typename U >
bool Botan::operator== ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

Definition at line 58 of file secmem.h.

59 { return true; }

◆ operator==() [8/8]

bool Botan::operator== ( const X509_DN dn1,
const X509_DN dn2 
)

Definition at line 146 of file x509_dn.cpp.

147 {
148 auto attr1 = dn1.get_attributes();
149 auto attr2 = dn2.get_attributes();
150
151 if(attr1.size() != attr2.size()) return false;
152
153 auto p1 = attr1.begin();
154 auto p2 = attr2.begin();
155
156 while(true)
157 {
158 if(p1 == attr1.end() && p2 == attr2.end())
159 break;
160 if(p1 == attr1.end()) return false;
161 if(p2 == attr2.end()) return false;
162 if(p1->first != p2->first) return false;
163 if(!x500_name_cmp(p1->second, p2->second))
164 return false;
165 ++p1;
166 ++p2;
167 }
168 return true;
169 }

References Botan::X509_DN::get_attributes(), and x500_name_cmp().

◆ operator>() [1/3]

bool Botan::operator> ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 287 of file asn1_time.cpp.

288 { return (t1.cmp(t2) > 0); }

References Botan::ASN1_Time::cmp().

◆ operator>() [2/3]

bool Botan::operator> ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1119 of file bigint.h.

1120 { return b.is_less_than(a); }

References Botan::BigInt::is_less_than().

◆ operator>() [3/3]

bool Botan::operator> ( const BigInt a,
word  b 
)
inline

Definition at line 1132 of file bigint.h.

1133 { return (a.cmp_word(b) > 0); }

References Botan::BigInt::cmp_word().

◆ operator>=() [1/3]

bool Botan::operator>= ( const ASN1_Time t1,
const ASN1_Time t2 
)

Definition at line 282 of file asn1_time.cpp.

283 { return (t1.cmp(t2) >= 0); }

References Botan::ASN1_Time::cmp().

◆ operator>=() [2/3]

bool Botan::operator>= ( const BigInt a,
const BigInt b 
)
inline

Definition at line 1115 of file bigint.h.

1116 { return (a.cmp(b) >= 0); }

References Botan::BigInt::cmp().

◆ operator>=() [3/3]

bool Botan::operator>= ( const BigInt a,
word  b 
)
inline

Definition at line 1128 of file bigint.h.

1129 { return (a.cmp_word(b) >= 0); }

References Botan::BigInt::cmp_word().

◆ operator>>() [1/5]

BigInt Botan::operator>> ( const BigInt x,
size_t  shift 
)

Definition at line 199 of file big_ops3.cpp.

200 {
201 const size_t shift_words = shift / BOTAN_MP_WORD_BITS;
202 const size_t shift_bits = shift % BOTAN_MP_WORD_BITS;
203 const size_t x_sw = x.sig_words();
204
205 BigInt y(x.sign(), x_sw - shift_words);
206 bigint_shr2(y.mutable_data(), x.data(), x_sw, shift_words, shift_bits);
207
208 if(x.is_negative() && y.is_zero())
209 y.set_sign(BigInt::Positive);
210
211 return y;
212 }
void bigint_shr2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
Definition mp_core.h:466

References bigint_shr2(), Botan::BigInt::data(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), and Botan::BigInt::sign().

◆ operator>>() [2/5]

int Botan::operator>> ( int  in,
Pipe pipe 
)

File descriptor input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters
infile descriptor for an open input stream
pipethe pipe

Definition at line 40 of file fd_unix.cpp.

41 {
42 secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE);
43 while(true)
44 {
45 ssize_t ret = ::read(fd, buffer.data(), buffer.size());
46 if(ret < 0)
47 throw Stream_IO_Error("Pipe input operator (unixfd) has failed");
48 else if(ret == 0)
49 break;
50 pipe.write(buffer.data(), static_cast<size_t>(ret));
51 }
52 return fd;
53 }
void write(const uint8_t in[], size_t length)
Definition pipe_rw.cpp:35

References Botan::Pipe::write().

◆ operator>>() [3/5]

std::istream & Botan::operator>> ( std::istream &  in,
Pipe pipe 
)

Stream input operator; dumps the remaining bytes of input to the (assumed open) pipe message.

Parameters
inthe input stream
pipethe pipe

Definition at line 33 of file pipe_io.cpp.

34 {
35 secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE);
36 while(stream.good())
37 {
38 stream.read(cast_uint8_ptr_to_char(buffer.data()), buffer.size());
39 const size_t got = static_cast<size_t>(stream.gcount());
40 pipe.write(buffer.data(), got);
41 }
42 if(stream.bad() || (stream.fail() && !stream.eof()))
43 throw Stream_IO_Error("Pipe input operator (iostream) has failed");
44 return stream;
45 }

References cast_uint8_ptr_to_char(), and Botan::Pipe::write().

◆ operator>>() [4/5]

std::istream & Botan::operator>> ( std::istream &  in,
X509_DN dn 
)

Definition at line 358 of file x509_dn.cpp.

359 {
360 in >> std::noskipws;
361 do
362 {
363 std::string key;
364 std::string val;
365 char c;
366
367 while(in.good())
368 {
369 in >> c;
370
371 if(std::isspace(c) && key.empty())
372 continue;
373 else if(!std::isspace(c))
374 {
375 key.push_back(c);
376 break;
377 }
378 else
379 break;
380 }
381
382 while(in.good())
383 {
384 in >> c;
385
386 if(!std::isspace(c) && c != '=')
387 key.push_back(c);
388 else if(c == '=')
389 break;
390 else
391 throw Invalid_Argument("Ill-formed X.509 DN");
392 }
393
394 bool in_quotes = false;
395 while(in.good())
396 {
397 in >> c;
398
399 if(std::isspace(c))
400 {
401 if(!in_quotes && !val.empty())
402 break;
403 else if(in_quotes)
404 val.push_back(' ');
405 }
406 else if(c == '"')
407 in_quotes = !in_quotes;
408 else if(c == '\\')
409 {
410 if(in.good())
411 in >> c;
412 val.push_back(c);
413 }
414 else if(c == ',' && !in_quotes)
415 break;
416 else
417 val.push_back(c);
418 }
419
420 if(!key.empty() && !val.empty())
421 dn.add_attribute(X509_DN::deref_info_field(key),val);
422 else
423 break;
424 }
425 while(in.good());
426 return in;
427 }
void add_attribute(const std::string &key, const std::string &val)
Definition x509_dn.cpp:23

References Botan::X509_DN::add_attribute(), and Botan::X509_DN::deref_info_field().

◆ operator>>() [5/5]

std::istream & Botan::operator>> ( std::istream &  stream,
BigInt n 
)

Definition at line 52 of file big_io.cpp.

53 {
54 std::string str;
55 std::getline(stream, str);
56 if(stream.bad() || (stream.fail() && !stream.eof()))
57 throw Stream_IO_Error("BigInt input operator has failed");
58 n = BigInt(str);
59 return stream;
60 }

◆ operator^()

OctetString Botan::operator^ ( const OctetString x,
const OctetString y 
)

XOR two strings

Parameters
xan octet string
yan octet string
Returns
x XORed with y

Definition at line 125 of file symkey.cpp.

126 {
127 secure_vector<uint8_t> out(std::max(k1.length(), k2.length()));
128
129 copy_mem(out.data(), k1.begin(), k1.length());
130 xor_buf(out.data(), k2.begin(), k2.length());
131 return OctetString(out);
132 }

References Botan::OctetString::begin(), copy_mem(), Botan::OctetString::length(), and xor_buf().

◆ operator^=()

template<typename Alloc , typename Alloc2 >
std::vector< uint8_t, Alloc > & Botan::operator^= ( std::vector< uint8_t, Alloc > &  out,
const std::vector< uint8_t, Alloc2 > &  in 
)

Definition at line 353 of file mem_ops.h.

355 {
356 if(out.size() < in.size())
357 out.resize(in.size());
358
359 xor_buf(out.data(), in.data(), in.size());
360 return out;
361 }

References xor_buf().

◆ operator|() [1/2]

donna128 Botan::operator| ( const donna128 x,
const donna128 y 
)
inline

Definition at line 111 of file donna128.h.

112 {
113 return donna128(x.lo() | y.lo(), x.hi() | y.hi());
114 }

References Botan::donna128::hi(), and Botan::donna128::lo().

◆ operator|() [2/2]

ECIES_Flags Botan::operator| ( ECIES_Flags  a,
ECIES_Flags  b 
)
inline

Definition at line 44 of file ecies.h.

45 {
46 return static_cast<ECIES_Flags>(static_cast<uint32_t>(a) | static_cast<uint32_t>(b));
47 }

◆ OS2ECP() [1/3]

template<typename Alloc >
PointGFp Botan::OS2ECP ( const std::vector< uint8_t, Alloc > &  data,
const CurveGFp curve 
)

Definition at line 414 of file point_gfp.h.

415 { return OS2ECP(data.data(), data.size(), curve); }
PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)

References OS2ECP().

◆ OS2ECP() [2/3]

std::pair< BigInt, BigInt > BOTAN_UNSTABLE_API Botan::OS2ECP ( const uint8_t  data[],
size_t  data_len,
const BigInt curve_p,
const BigInt curve_a,
const BigInt curve_b 
)

Perform point decoding Use EC_Group::OS2ECP instead

Parameters
datathe encoded point
data_lenlength of data in bytes
curve_pthe curve equation prime
curve_athe curve equation a parameter
curve_bthe curve equation b parameter

Definition at line 684 of file point_gfp.cpp.

688 {
689 if(data_len <= 1)
690 throw Decoding_Error("OS2ECP invalid point");
691
692 const uint8_t pc = data[0];
693
694 BigInt x, y;
695
696 if(pc == 2 || pc == 3)
697 {
698 //compressed form
699 x = BigInt::decode(&data[1], data_len - 1);
700
701 const bool y_mod_2 = ((pc & 0x01) == 1);
702 y = decompress_point(y_mod_2, x, curve_p, curve_a, curve_b);
703 }
704 else if(pc == 4)
705 {
706 const size_t l = (data_len - 1) / 2;
707
708 // uncompressed form
709 x = BigInt::decode(&data[1], l);
710 y = BigInt::decode(&data[l+1], l);
711 }
712 else if(pc == 6 || pc == 7)
713 {
714 const size_t l = (data_len - 1) / 2;
715
716 // hybrid form
717 x = BigInt::decode(&data[1], l);
718 y = BigInt::decode(&data[l+1], l);
719
720 const bool y_mod_2 = ((pc & 0x01) == 1);
721
722 if(decompress_point(y_mod_2, x, curve_p, curve_a, curve_b) != y)
723 throw Illegal_Point("OS2ECP: Decoding error in hybrid format");
724 }
725 else
726 throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc));
727
728 return std::make_pair(x, y);
729 }

References Botan::BigInt::decode().

◆ OS2ECP() [3/3]

PointGFp Botan::OS2ECP ( const uint8_t  data[],
size_t  data_len,
const CurveGFp curve 
)

Perform point decoding Use EC_Group::OS2ECP instead

Definition at line 667 of file point_gfp.cpp.

669 {
670 // Should we really be doing this?
671 if(data_len <= 1)
672 return PointGFp(curve); // return zero
673
674 std::pair<BigInt, BigInt> xy = OS2ECP(data, data_len, curve.get_p(), curve.get_a(), curve.get_b());
675
676 PointGFp point(curve, xy.first, xy.second);
677
678 if(!point.on_the_curve())
679 throw Illegal_Point("OS2ECP: Decoded point was not on the curve");
680
681 return point;
682 }
const BigInt & get_a() const
Definition curve_gfp.h:123
const BigInt & get_p() const
Definition curve_gfp.h:134
const BigInt & get_b() const
Definition curve_gfp.h:128

References Botan::CurveGFp::get_a(), Botan::CurveGFp::get_b(), Botan::CurveGFp::get_p(), Botan::PointGFp::on_the_curve(), and OS2ECP().

Referenced by OS2ECP(), Botan::EC_Group::OS2ECP(), Botan::EC_Group::OS2ECP(), and OS2ECP().

◆ parse_algorithm_name()

std::vector< std::string > Botan::parse_algorithm_name ( const std::string &  scan_name)

Parse a SCAN-style algorithm name

Parameters
scan_namethe name
Returns
the name components

Definition at line 95 of file parsing.cpp.

96 {
97 if(namex.find('(') == std::string::npos &&
98 namex.find(')') == std::string::npos)
99 return std::vector<std::string>(1, namex);
100
101 std::string name = namex, substring;
102 std::vector<std::string> elems;
103 size_t level = 0;
104
105 elems.push_back(name.substr(0, name.find('(')));
106 name = name.substr(name.find('('));
107
108 for(auto i = name.begin(); i != name.end(); ++i)
109 {
110 char c = *i;
111
112 if(c == '(')
113 ++level;
114 if(c == ')')
115 {
116 if(level == 1 && i == name.end() - 1)
117 {
118 if(elems.size() == 1)
119 elems.push_back(substring.substr(1));
120 else
121 elems.push_back(substring);
122 return elems;
123 }
124
125 if(level == 0 || (level == 1 && i != name.end() - 1))
126 throw Invalid_Algorithm_Name(namex);
127 --level;
128 }
129
130 if(c == ',' && level == 1)
131 {
132 if(elems.size() == 1)
133 elems.push_back(substring.substr(1));
134 else
135 elems.push_back(substring);
136 substring.clear();
137 }
138 else
139 substring += c;
140 }
141
142 if(!substring.empty())
143 throw Invalid_Algorithm_Name(namex);
144
145 return elems;
146 }

References name.

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), get_eme(), and Botan::X509_Object::hash_used_for_signature().

◆ parse_asn1_oid()

std::vector< uint32_t > Botan::parse_asn1_oid ( const std::string &  oid)

Parse an ASN.1 OID

Parameters
oidthe OID in string form
Returns
OID components

Definition at line 199 of file parsing.cpp.

200 {
201#if defined(BOTAN_HAS_ASN1)
202 return OID(oid).get_components();
203#else
204 BOTAN_UNUSED(oid);
205 throw Not_Implemented("ASN1 support not available");
206#endif
207 }

References BOTAN_UNUSED, and Botan::OID::get_components().

◆ passes_miller_rabin_test()

bool Botan::passes_miller_rabin_test ( const BigInt n,
const Modular_Reducer mod_n,
const std::shared_ptr< Montgomery_Params > &  monty_n,
const BigInt a 
)

Perform a single Miller-Rabin test with specified base

Parameters
nthe positive integer to test
mod_na pre-created Modular_Reducer for n
monty_nMontgomery parameters for n
athe base to check
Returns
result of primality test

Definition at line 104 of file primality.cpp.

108 {
109 BOTAN_ASSERT_NOMSG(n > 1);
110
111 const BigInt n_minus_1 = n - 1;
112 const size_t s = low_zero_bits(n_minus_1);
113 const BigInt nm1_s = n_minus_1 >> s;
114 const size_t n_bits = n.bits();
115
116 const size_t powm_window = 4;
117
118 auto powm_a_n = monty_precompute(monty_n, a, powm_window);
119
120 BigInt y = monty_execute(*powm_a_n, nm1_s, n_bits);
121
122 if(y == 1 || y == n_minus_1)
123 return true;
124
125 for(size_t i = 1; i != s; ++i)
126 {
127 y = mod_n.square(y);
128
129 if(y == 1) // found a non-trivial square root
130 return false;
131
132 /*
133 -1 is the trivial square root of unity, so ``a`` is not a
134 witness for this number - give up
135 */
136 if(y == n_minus_1)
137 return true;
138 }
139
140 return false;
141 }
BigInt square(const BigInt &x) const
Definition reducer.h:39
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)

References Botan::BigInt::bits(), BOTAN_ASSERT_NOMSG, low_zero_bits(), monty_execute(), monty_precompute(), and Botan::Modular_Reducer::square().

Referenced by is_bailie_psw_probable_prime(), and is_miller_rabin_probable_prime().

◆ pbes2_decrypt()

secure_vector< uint8_t > Botan::pbes2_decrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
const std::vector< uint8_t > &  params 
)

Decrypt a PKCS #5 v2.0 encrypted stream

Parameters
key_bitsthe input
passphrasethe passphrase to use for decryption
paramsthe PBES2 parameters

Definition at line 303 of file pbes2.cpp.

306 {
307 AlgorithmIdentifier kdf_algo, enc_algo;
308
309 BER_Decoder(params)
310 .start_cons(SEQUENCE)
311 .decode(kdf_algo)
312 .decode(enc_algo)
313 .end_cons();
314
315 const std::string cipher = OIDS::oid2str_or_throw(enc_algo.get_oid());
316 const std::vector<std::string> cipher_spec = split_on(cipher, '/');
317 if(cipher_spec.size() != 2)
318 throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
319 if(!known_pbes_cipher_mode(cipher_spec[1]))
320 throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher);
321
323 BER_Decoder(enc_algo.get_parameters()).decode(iv, OCTET_STRING).verify_end();
324
325 std::unique_ptr<Cipher_Mode> dec = Cipher_Mode::create(cipher, DECRYPTION);
326 if(!dec)
327 throw Decoding_Error("PBE-PKCS5 cannot decrypt no cipher " + cipher);
328
329 dec->set_key(derive_key(passphrase, kdf_algo, dec->key_spec().maximum_keylength()));
330
331 dec->start(iv);
332
333 secure_vector<uint8_t> buf = key_bits;
334 dec->finish(buf);
335
336 return buf;
337 }
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition ber_dec.cpp:290
BER_Decoder & decode(bool &out)
Definition ber_dec.h:170
BER_Decoder & verify_end()
Definition ber_dec.cpp:208
BER_Decoder & end_cons()
Definition ber_dec.cpp:300

References Botan::Cipher_Mode::create(), Botan::BER_Decoder::decode(), DECRYPTION, Botan::BER_Decoder::end_cons(), Botan::AlgorithmIdentifier::get_oid(), Botan::AlgorithmIdentifier::get_parameters(), OCTET_STRING, Botan::OIDS::oid2str_or_throw(), SEQUENCE, split_on(), Botan::BER_Decoder::start_cons(), and Botan::BER_Decoder::verify_end().

◆ pbes2_encrypt()

std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 260 of file pbes2.cpp.

266 {
267 size_t msec_in_iterations_out = static_cast<size_t>(msec.count());
268 return pbes2_encrypt_shared(key_bits, passphrase, &msec_in_iterations_out, 0, cipher, digest, rng);
269 // return value msec_in_iterations_out discarded
270 }

◆ pbes2_encrypt_iter()

std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt_iter ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
size_t  iterations,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
iterationshow many iterations to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 292 of file pbes2.cpp.

298 {
299 return pbes2_encrypt_shared(key_bits, passphrase, nullptr, pbkdf_iter, cipher, digest, rng);
300 }

Referenced by Botan::PKCS8::BER_encode_encrypted_pbkdf_iter().

◆ pbes2_encrypt_msec()

std::pair< AlgorithmIdentifier, std::vector< uint8_t > > Botan::pbes2_encrypt_msec ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
size_t *  out_iterations_if_nonnull,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
out_iterations_if_nonnullif not null, set to the number of PBKDF iterations used
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

Definition at line 273 of file pbes2.cpp.

280 {
281 size_t msec_in_iterations_out = static_cast<size_t>(msec.count());
282
283 auto ret = pbes2_encrypt_shared(key_bits, passphrase, &msec_in_iterations_out, 0, cipher, digest, rng);
284
285 if(out_iterations_if_nonnull)
286 *out_iterations_if_nonnull = msec_in_iterations_out;
287
288 return ret;
289 }

Referenced by Botan::PKCS8::BER_encode(), and Botan::PKCS8::BER_encode_encrypted_pbkdf_msec().

◆ pbkdf2() [1/2]

size_t Botan::pbkdf2 ( MessageAuthenticationCode prf,
uint8_t  out[],
size_t  out_len,
const std::string &  password,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations,
std::chrono::milliseconds  msec 
)

Definition at line 35 of file pbkdf2.cpp.

42 {
43 if(iterations == 0)
44 {
45 iterations = PBKDF2(prf, out_len, msec).iterations();
46 }
47
48 PBKDF2 pbkdf2(prf, iterations);
49
50 pbkdf2.derive_key(out, out_len,
51 password.c_str(), password.size(),
52 salt, salt_len);
53
54 return iterations;
55 }
size_t iterations() const override
Definition pbkdf2.h:49

References Botan::PBKDF2::iterations(), pbkdf2(), and salt_len.

Referenced by Botan::PBKDF2::derive_key(), Botan::PKCS5_PBKDF2::pbkdf(), pbkdf2(), and scrypt().

◆ pbkdf2() [2/2]

void Botan::pbkdf2 ( MessageAuthenticationCode prf,
uint8_t  out[],
size_t  out_len,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations 
)

Perform PBKDF2. The prf is assumed to be keyed already.

Definition at line 108 of file pbkdf2.cpp.

114 {
115 if(iterations == 0)
116 throw Invalid_Argument("PBKDF2: Invalid iteration count");
117
118 clear_mem(out, out_len);
119
120 if(out_len == 0)
121 return;
122
123 const size_t prf_sz = prf.output_length();
124 BOTAN_ASSERT_NOMSG(prf_sz > 0);
125
126 secure_vector<uint8_t> U(prf_sz);
127
128 uint32_t counter = 1;
129 while(out_len)
130 {
131 const size_t prf_output = std::min<size_t>(prf_sz, out_len);
132
133 prf.update(salt, salt_len);
134 prf.update_be(counter++);
135 prf.final(U.data());
136
137 xor_buf(out, U.data(), prf_output);
138
139 for(size_t i = 1; i != iterations; ++i)
140 {
141 prf.update(U);
142 prf.final(U.data());
143 xor_buf(out, U.data(), prf_output);
144 }
145
146 out_len -= prf_output;
147 out += prf_output;
148 }
149 }
virtual size_t output_length() const =0
void update_be(uint16_t val)
Definition buf_comp.cpp:12

References BOTAN_ASSERT_NOMSG, clear_mem(), Botan::Buffered_Computation::final(), Botan::Buffered_Computation::output_length(), salt_len, Botan::Buffered_Computation::update(), Botan::Buffered_Computation::update_be(), and xor_buf().

◆ pkcs_hash_id()

std::vector< uint8_t > Botan::pkcs_hash_id ( const std::string &  hash_name)

Return the PKCS #1 hash identifier

See also
RFC 3447 section 9.2
Parameters
hash_namethe name of the hash function
Returns
uint8_t sequence identifying the hash
Exceptions
Invalid_Argumentif the hash has no known PKCS #1 hash id

Definition at line 77 of file hash_id.cpp.

78 {
79 // Special case for SSL/TLS RSA signatures
80 if(name == "Parallel(MD5,SHA-160)")
81 return std::vector<uint8_t>();
82
83 // If you add a value to this function, also update test_hash_id.cpp
84
85 if(name == "MD5")
86 return std::vector<uint8_t>(MD5_PKCS_ID,
87 MD5_PKCS_ID + sizeof(MD5_PKCS_ID));
88
89 if(name == "RIPEMD-160")
90 return std::vector<uint8_t>(RIPEMD_160_PKCS_ID,
91 RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID));
92
93 if(name == "SHA-160" || name == "SHA-1" || name == "SHA1")
94 return std::vector<uint8_t>(SHA_160_PKCS_ID,
95 SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID));
96
97 if(name == "SHA-224")
98 return std::vector<uint8_t>(SHA_224_PKCS_ID,
99 SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID));
100
101 if(name == "SHA-256")
102 return std::vector<uint8_t>(SHA_256_PKCS_ID,
103 SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID));
104
105 if(name == "SHA-384")
106 return std::vector<uint8_t>(SHA_384_PKCS_ID,
107 SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID));
108
109 if(name == "SHA-512")
110 return std::vector<uint8_t>(SHA_512_PKCS_ID,
111 SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID));
112
113 if(name == "SHA-512-256")
114 return std::vector<uint8_t>(SHA_512_256_PKCS_ID,
115 SHA_512_256_PKCS_ID + sizeof(SHA_512_256_PKCS_ID));
116
117 if(name == "SHA-3(224)")
118 return std::vector<uint8_t>(SHA3_224_PKCS_ID,
119 SHA3_224_PKCS_ID + sizeof(SHA3_224_PKCS_ID));
120
121 if(name == "SHA-3(256)")
122 return std::vector<uint8_t>(SHA3_256_PKCS_ID,
123 SHA3_256_PKCS_ID + sizeof(SHA3_256_PKCS_ID));
124
125 if(name == "SHA-3(384)")
126 return std::vector<uint8_t>(SHA3_384_PKCS_ID,
127 SHA3_384_PKCS_ID + sizeof(SHA3_384_PKCS_ID));
128
129 if(name == "SHA-3(512)")
130 return std::vector<uint8_t>(SHA3_512_PKCS_ID,
131 SHA3_512_PKCS_ID + sizeof(SHA3_512_PKCS_ID));
132
133 if(name == "SM3")
134 return std::vector<uint8_t>(SM3_PKCS_ID, SM3_PKCS_ID + sizeof(SM3_PKCS_ID));
135
136 if(name == "Tiger(24,3)")
137 return std::vector<uint8_t>(TIGER_PKCS_ID,
138 TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID));
139
140 throw Invalid_Argument("No PKCS #1 identifier for " + name);
141 }

References name.

Referenced by botan_pkcs_hash_id(), Botan::EMSA_PKCS1v15::EMSA_PKCS1v15(), and Botan::EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw().

◆ poly_double_n() [1/2]

void Botan::poly_double_n ( uint8_t  buf[],
size_t  n 
)
inline

Definition at line 27 of file poly_dbl.h.

28 {
29 return poly_double_n(buf, buf, n);
30 }
void poly_double_n(uint8_t out[], const uint8_t in[], size_t n)
Definition poly_dbl.cpp:73

References poly_double_n().

◆ poly_double_n() [2/2]

void BOTAN_TEST_API Botan::poly_double_n ( uint8_t  out[],
const uint8_t  in[],
size_t  n 
)

Polynomial doubling in GF(2^n)

Definition at line 73 of file poly_dbl.cpp.

74 {
75 switch(n)
76 {
77 case 8:
78 return poly_double<1, MinWeightPolynomial::P64>(out, in);
79 case 16:
80 return poly_double<2, MinWeightPolynomial::P128>(out, in);
81 case 24:
82 return poly_double<3, MinWeightPolynomial::P192>(out, in);
83 case 32:
84 return poly_double<4, MinWeightPolynomial::P256>(out, in);
85 case 64:
86 return poly_double<8, MinWeightPolynomial::P512>(out, in);
87 case 128:
88 return poly_double<16, MinWeightPolynomial::P1024>(out, in);
89 default:
90 throw Invalid_Argument("Unsupported size for poly_double_n");
91 }
92 }

Referenced by Botan::CMAC::poly_double(), poly_double_n(), and Botan::SIV_Mode::S2V().

◆ poly_double_n_le()

void BOTAN_TEST_API Botan::poly_double_n_le ( uint8_t  out[],
const uint8_t  in[],
size_t  n 
)

Definition at line 94 of file poly_dbl.cpp.

95 {
96 switch(n)
97 {
98 case 8:
99 return poly_double_le<1, MinWeightPolynomial::P64>(out, in);
100 case 16:
101 return poly_double_le<2, MinWeightPolynomial::P128>(out, in);
102 case 24:
103 return poly_double_le<3, MinWeightPolynomial::P192>(out, in);
104 case 32:
105 return poly_double_le<4, MinWeightPolynomial::P256>(out, in);
106 case 64:
107 return poly_double_le<8, MinWeightPolynomial::P512>(out, in);
108 case 128:
109 return poly_double_le<16, MinWeightPolynomial::P1024>(out, in);
110 default:
111 throw Invalid_Argument("Unsupported size for poly_double_n_le");
112 }
113 }

Referenced by Botan::XTS_Mode::update_tweak().

◆ poly_double_supported_size()

bool Botan::poly_double_supported_size ( size_t  n)
inline

Returns true iff poly_double_n is implemented for this size.

Definition at line 22 of file poly_dbl.h.

23 {
24 return (n == 8 || n == 16 || n == 24 || n == 32 || n == 64 || n == 128);
25 }

Referenced by Botan::CMAC::CMAC(), and Botan::XTS_Mode::XTS_Mode().

◆ power_mod()

BigInt Botan::power_mod ( const BigInt b,
const BigInt x,
const BigInt m 
)

Modular exponentation

Parameters
ban integer base
xa positive exponent
ma positive modulus
Returns
(b^x) % m

Definition at line 151 of file numthry.cpp.

152 {
153 if(mod.is_negative() || mod == 1)
154 {
155 return 0;
156 }
157
158 if(base.is_zero() || mod.is_zero())
159 {
160 if(exp.is_zero())
161 return 1;
162 return 0;
163 }
164
165 Modular_Reducer reduce_mod(mod);
166
167 const size_t exp_bits = exp.bits();
168
169 if(mod.is_odd())
170 {
171 const size_t powm_window = 4;
172
173 auto monty_mod = std::make_shared<Montgomery_Params>(mod, reduce_mod);
174 auto powm_base_mod = monty_precompute(monty_mod, reduce_mod.reduce(base), powm_window);
175 return monty_execute(*powm_base_mod, exp, exp_bits);
176 }
177
178 /*
179 Support for even modulus is just a convenience and not considered
180 cryptographically important, so this implementation is slow ...
181 */
182 BigInt accum = 1;
183 BigInt g = reduce_mod.reduce(base);
184 BigInt t;
185
186 for(size_t i = 0; i != exp_bits; ++i)
187 {
188 t = reduce_mod.multiply(g, accum);
189 g = reduce_mod.square(g);
190 accum.ct_cond_assign(exp.get_bit(i), t);
191 }
192 return accum;
193 }

References Botan::BigInt::bits(), Botan::BigInt::ct_cond_assign(), Botan::BigInt::get_bit(), Botan::BigInt::is_negative(), Botan::BigInt::is_odd(), Botan::BigInt::is_zero(), monty_execute(), monty_precompute(), Botan::Modular_Reducer::multiply(), Botan::Modular_Reducer::reduce(), and Botan::Modular_Reducer::square().

Referenced by botan_mp_powmod(), ressol(), srp6_client_agree(), Botan::SRP6_Server_Session::step2(), and Botan::DL_Group::verify_public_element().

◆ prefetch_readonly()

template<typename T >
void Botan::prefetch_readonly ( const T addr,
size_t  length 
)
inline

Definition at line 16 of file prefetch.h.

17 {
18#if defined(__GNUG__)
19 const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);
20
21 for(size_t i = 0; i <= length; i += Ts_per_cache_line)
22 __builtin_prefetch(addr + i, 0);
23#endif
24 }

References Botan::CPUID::cache_line_size(), and T.

◆ prefetch_readwrite()

template<typename T >
void Botan::prefetch_readwrite ( const T addr,
size_t  length 
)
inline

Definition at line 27 of file prefetch.h.

28 {
29#if defined(__GNUG__)
30 const size_t Ts_per_cache_line = CPUID::cache_line_size() / sizeof(T);
31
32 for(size_t i = 0; i <= length; i += Ts_per_cache_line)
33 __builtin_prefetch(addr + i, 1);
34#endif
35 }

References Botan::CPUID::cache_line_size(), and T.

◆ prime_p192()

const BigInt & Botan::prime_p192 ( )

Definition at line 105 of file nistp_redc.cpp.

106 {
107 static const BigInt p192("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF");
108 return p192;
109 }

◆ prime_p224()

const BigInt & Botan::prime_p224 ( )

Definition at line 200 of file nistp_redc.cpp.

201 {
202 static const BigInt p224("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001");
203 return p224;
204 }

◆ prime_p256()

const BigInt & Botan::prime_p256 ( )

Definition at line 302 of file nistp_redc.cpp.

303 {
304 static const BigInt p256("0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
305 return p256;
306 }

◆ prime_p384()

const BigInt & Botan::prime_p384 ( )

Definition at line 430 of file nistp_redc.cpp.

431 {
432 static const BigInt p384("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF");
433 return p384;
434 }

◆ prime_p521()

const BigInt & Botan::prime_p521 ( )

NIST Prime reduction functions.

Reduces the value in place

ws is a workspace function which is used as a temporary, and will be resized as needed.

Definition at line 15 of file nistp_redc.cpp.

16 {
17 static const BigInt p521("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
18 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
19
20 return p521;
21 }

◆ probe_provider_private_key()

std::vector< std::string > Botan::probe_provider_private_key ( const std::string &  alg_name,
const std::vector< std::string >  possible 
)

Definition at line 391 of file pk_algs.cpp.

393 {
394 std::vector<std::string> providers;
395 for(auto&& prov : possible)
396 {
397 if(prov == "base")
398 {
399 providers.push_back(prov); // available
400 }
401 }
402
403 BOTAN_UNUSED(alg_name);
404
405 return providers;
406 }

References BOTAN_UNUSED.

◆ probe_providers_of()

template<typename T >
std::vector< std::string > Botan::probe_providers_of ( const std::string &  algo_spec,
const std::vector< std::string > &  possible 
)

Definition at line 107 of file scan_name.h.

109 {
110 std::vector<std::string> providers;
111 for(auto&& prov : possible)
112 {
113 std::unique_ptr<T> o(T::create(algo_spec, prov));
114 if(o)
115 {
116 providers.push_back(prov); // available
117 }
118 }
119 return providers;
120 }

References probe_providers_of().

Referenced by probe_providers_of().

◆ quick_check_prime()

bool Botan::quick_check_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 198 of file numthry.h.

199 { return is_prime(n, rng, 32); }

References is_prime().

◆ random_code_element()

gf2m Botan::random_code_element ( uint16_t  code_length,
RandomNumberGenerator rng 
)

Definition at line 71 of file polyn_gf2m.cpp.

72 {
73 if(code_length == 0)
74 {
75 throw Invalid_Argument("random_code_element() was supplied a code length of zero");
76 }
77 const unsigned nlz = nlz_16bit(code_length-1);
78 const gf2m mask = (1 << (16-nlz)) - 1;
79
80 gf2m result;
81
82 do
83 {
84 result = random_gf2m(rng);
85 result &= mask;
86 } while(result >= code_length); // rejection sampling
87
88 return result;
89 }

References random_gf2m().

Referenced by Botan::polyn_gf2m::polyn_gf2m().

◆ random_gf2m()

gf2m Botan::random_gf2m ( RandomNumberGenerator rng)

Definition at line 64 of file polyn_gf2m.cpp.

65 {
66 uint8_t b[2];
67 rng.randomize(b, sizeof(b));
68 return make_uint16(b[1], b[0]);
69 }

References make_uint16(), and Botan::RandomNumberGenerator::randomize().

Referenced by random_code_element().

◆ random_prime()

BigInt Botan::random_prime ( RandomNumberGenerator rng,
size_t  bits,
const BigInt coprime = 0,
size_t  equiv = 1,
size_t  equiv_mod = 2,
size_t  prob = 128 
)

Randomly generate a prime suitable for discrete logarithm parameters

Parameters
rnga random number generator
bitshow large the resulting prime should be in bits
coprimea positive integer that (prime - 1) should be coprime to
equiva non-negative number that the result should be equivalent to modulo equiv_mod
equiv_modthe modulus equiv should be checked against
probuse test so false positive is bounded by 1/2**prob
Returns
random prime with the specified criteria

Definition at line 77 of file make_prm.cpp.

81 {
82 if(bits <= 1)
83 {
84 throw Invalid_Argument("random_prime: Can't make a prime of " +
85 std::to_string(bits) + " bits");
86 }
87 if(coprime.is_negative() || (!coprime.is_zero() && coprime.is_even()) || coprime.bits() >= bits)
88 {
89 throw Invalid_Argument("random_prime: invalid coprime");
90 }
91 if(modulo == 0)
92 {
93 throw Invalid_Argument("random_prime: Invalid modulo value");
94 }
95
96 equiv %= modulo;
97
98 if(equiv == 0)
99 throw Invalid_Argument("random_prime Invalid value for equiv/modulo");
100
101 // Handle small values:
102
103 if(bits <= 16)
104 {
105 if(equiv != 1 || modulo != 2 || coprime != 0)
106 throw Not_Implemented("random_prime equiv/modulo/coprime options not usable for small primes");
107
108 if(bits == 2)
109 {
110 return ((rng.next_byte() % 2) ? 2 : 3);
111 }
112 else if(bits == 3)
113 {
114 return ((rng.next_byte() % 2) ? 5 : 7);
115 }
116 else if(bits == 4)
117 {
118 return ((rng.next_byte() % 2) ? 11 : 13);
119 }
120 else
121 {
122 for(;;)
123 {
124 // This is slightly biased, but for small primes it does not seem to matter
125 uint8_t b[4];
126 rng.randomize(b, 4);
127 const size_t idx = load_le<uint32_t>(b, 0) % PRIME_TABLE_SIZE;
128 const uint16_t small_prime = PRIMES[idx];
129
130 if(high_bit(small_prime) == bits)
131 return small_prime;
132 }
133 }
134 }
135
136 const size_t MAX_ATTEMPTS = 32*1024;
137
138 const size_t mr_trials = miller_rabin_test_iterations(bits, prob, true);
139
140 while(true)
141 {
142 BigInt p(rng, bits);
143
144 // Force lowest and two top bits on
145 p.set_bit(bits - 1);
146 p.set_bit(bits - 2);
147 p.set_bit(0);
148
149 // Force p to be equal to equiv mod modulo
150 p += (modulo - (p % modulo)) + equiv;
151
152 Prime_Sieve sieve(p, bits);
153
154 for(size_t attempt = 0; attempt <= MAX_ATTEMPTS; ++attempt)
155 {
156 p += modulo;
157
158 sieve.step(modulo);
159
160 // p can be even if modulo is odd, continue on in that case
161 if(p.is_even() || sieve.passes(true) == false)
162 continue;
163
164 Modular_Reducer mod_p(p);
165
166 if(coprime > 1)
167 {
168 /*
169 First do a single M-R iteration to quickly elimate most non-primes,
170 before doing the coprimality check which is expensive
171 */
172 if(is_miller_rabin_probable_prime(p, mod_p, rng, 1) == false)
173 continue;
174
175 /*
176 * Check if p - 1 and coprime are relatively prime, using gcd.
177 * The gcd computation is const-time
178 */
179 if(gcd(p - 1, coprime) > 1)
180 continue;
181 }
182
183 if(p.bits() > bits)
184 break;
185
186 if(is_miller_rabin_probable_prime(p, mod_p, rng, mr_trials) == false)
187 continue;
188
189 if(prob > 32 && !is_lucas_probable_prime(p, mod_p))
190 continue;
191
192 return p;
193 }
194 }
195 }
const uint16_t PRIMES[]
Definition primes.cpp:12
const size_t PRIME_TABLE_SIZE
Definition numthry.h:287
size_t high_bit(T n)
Definition bit_ops.h:55

References Botan::BigInt::bits(), gcd(), high_bit(), Botan::BigInt::is_even(), is_lucas_probable_prime(), is_miller_rabin_probable_prime(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), load_le< uint32_t >(), miller_rabin_test_iterations(), Botan::RandomNumberGenerator::next_byte(), PRIME_TABLE_SIZE, PRIMES, Botan::RandomNumberGenerator::randomize(), and Botan::BigInt::set_bit().

Referenced by Botan::DL_Group::DL_Group(), and random_safe_prime().

◆ random_safe_prime()

BigInt Botan::random_safe_prime ( RandomNumberGenerator rng,
size_t  bits 
)

Return a 'safe' prime, of the form p=2*q+1 with q prime

Parameters
rnga random number generator
bitsis how long the resulting prime should be
Returns
prime randomly chosen from safe primes of length bits

Definition at line 268 of file make_prm.cpp.

269 {
270 if(bits <= 64)
271 throw Invalid_Argument("random_safe_prime: Can't make a prime of " +
272 std::to_string(bits) + " bits");
273
274 const size_t error_bound = 128;
275
276 BigInt q, p;
277 for(;;)
278 {
279 /*
280 Generate q == 2 (mod 3), since otherwise [in the case of q == 1 (mod 3)],
281 2*q+1 == 3 (mod 3) and so certainly not prime.
282 */
283 q = random_prime(rng, bits - 1, 0, 2, 3, error_bound);
284 p = (q << 1) + 1;
285
286 if(is_prime(p, rng, error_bound, true))
287 {
288 return p;
289 }
290 }
291 }
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition make_prm.cpp:77

References is_prime(), and random_prime().

Referenced by Botan::DL_Group::DL_Group().

◆ read_cfg()

std::map< std::string, std::string > Botan::read_cfg ( std::istream &  is)

Definition at line 28 of file read_cfg.cpp.

29 {
30 std::map<std::string, std::string> kv;
31 size_t line = 0;
32
33 while(is.good())
34 {
35 std::string s;
36
37 std::getline(is, s);
38
39 ++line;
40
41 if(s.empty() || s[0] == '#')
42 continue;
43
44 s = clean_ws(s.substr(0, s.find('#')));
45
46 if(s.empty())
47 continue;
48
49 auto eq = s.find("=");
50
51 if(eq == std::string::npos || eq == 0 || eq == s.size() - 1)
52 throw Decoding_Error("Bad read_cfg input '" + s + "' on line " + std::to_string(line));
53
54 const std::string key = clean_ws(s.substr(0, eq));
55 const std::string val = clean_ws(s.substr(eq + 1, std::string::npos));
56
57 kv[key] = val;
58 }
59
60 return kv;
61 }
std::string clean_ws(const std::string &s)
Definition read_cfg.cpp:13

References clean_ws().

Referenced by Botan::TLS::Text_Policy::Text_Policy().

◆ read_kv()

std::map< std::string, std::string > Botan::read_kv ( const std::string &  kv)

Accepts key value pairs deliminated by commas:

"" (returns empty map) "K=V" (returns map {'K': 'V'}) "K1=V1,K2=V2" "K1=V1,K2=V2,K3=V3" "K1=V1,K2=V2,K3=a_value\,with\,commas_and_\=equals"

Values may be empty, keys must be non-empty and unique. Duplicate keys cause an exception.

Within both key and value, comma and equals can be escaped with backslash. Backslash can also be escaped.

Definition at line 12 of file read_kv.cpp.

13 {
14 std::map<std::string, std::string> m;
15 if(kv == "")
16 return m;
17
18 std::vector<std::string> parts;
19
20 try
21 {
22 parts = split_on(kv, ',');
23 }
24 catch(std::exception&)
25 {
26 throw Invalid_Argument("Bad KV spec");
27 }
28
29 bool escaped = false;
30 bool reading_key = true;
31 std::string cur_key;
32 std::string cur_val;
33
34 for(char c : kv)
35 {
36 if(c == '\\' && !escaped)
37 {
38 escaped = true;
39 }
40 else if(c == ',' && !escaped)
41 {
42 if(cur_key.empty())
43 throw Invalid_Argument("Bad KV spec empty key");
44
45 if(m.find(cur_key) != m.end())
46 throw Invalid_Argument("Bad KV spec duplicated key");
47 m[cur_key] = cur_val;
48 cur_key = "";
49 cur_val = "";
50 reading_key = true;
51 }
52 else if(c == '=' && !escaped)
53 {
54 if(reading_key == false)
55 throw Invalid_Argument("Bad KV spec unexpected equals sign");
56 reading_key = false;
57 }
58 else
59 {
60 if(reading_key)
61 cur_key += c;
62 else
63 cur_val += c;
64
65 if(escaped)
66 escaped = false;
67 }
68 }
69
70 if(!cur_key.empty())
71 {
72 if(reading_key == false)
73 {
74 if(m.find(cur_key) != m.end())
75 throw Invalid_Argument("Bad KV spec duplicated key");
76 m[cur_key] = cur_val;
77 }
78 else
79 throw Invalid_Argument("Bad KV spec incomplete string");
80 }
81
82 return m;
83 }

References split_on().

◆ redc_mul()

void Botan::redc_mul ( int64_t &  s1,
int64_t &  s2,
int64_t &  s3,
int64_t &  s4,
int64_t &  s5,
int64_t &  s6,
int64_t &  X 
)
inline

Definition at line 65 of file ed25519_internal.h.

72 {
73 s1 += X * 666643;
74 s2 += X * 470296;
75 s3 += X * 654183;
76 s4 -= X * 997805;
77 s5 += X * 136657;
78 s6 -= X * 683901;
79 X = 0;
80 }

References X.

Referenced by sc_muladd(), and sc_reduce().

◆ redc_p192()

void Botan::redc_p192 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 111 of file nistp_redc.cpp.

112 {
113 BOTAN_UNUSED(ws);
114
115 static const size_t p192_limbs = 192 / BOTAN_MP_WORD_BITS;
116
117 x.grow_to(2*p192_limbs);
118 word* xw = x.mutable_data();
119
120 const uint64_t X00 = get_uint32(xw, 0);
121 const uint64_t X01 = get_uint32(xw, 1);
122 const uint64_t X02 = get_uint32(xw, 2);
123 const uint64_t X03 = get_uint32(xw, 3);
124 const uint64_t X04 = get_uint32(xw, 4);
125 const uint64_t X05 = get_uint32(xw, 5);
126 const uint64_t X06 = get_uint32(xw, 6);
127 const uint64_t X07 = get_uint32(xw, 7);
128 const uint64_t X08 = get_uint32(xw, 8);
129 const uint64_t X09 = get_uint32(xw, 9);
130 const uint64_t X10 = get_uint32(xw, 10);
131 const uint64_t X11 = get_uint32(xw, 11);
132
133 const uint64_t S0 = X00 + X06 + X10;
134 const uint64_t S1 = X01 + X07 + X11;
135 const uint64_t S2 = X02 + X06 + X08 + X10;
136 const uint64_t S3 = X03 + X07 + X09 + X11;
137 const uint64_t S4 = X04 + X08 + X10;
138 const uint64_t S5 = X05 + X09 + X11;
139
140 uint64_t S = 0;
141 uint32_t R0 = 0, R1 = 0;
142
143 S += S0;
144 R0 = static_cast<uint32_t>(S);
145 S >>= 32;
146
147 S += S1;
148 R1 = static_cast<uint32_t>(S);
149 S >>= 32;
150
151 set_words(xw, 0, R0, R1);
152
153 S += S2;
154 R0 = static_cast<uint32_t>(S);
155 S >>= 32;
156
157 S += S3;
158 R1 = static_cast<uint32_t>(S);
159 S >>= 32;
160
161 set_words(xw, 2, R0, R1);
162
163 S += S4;
164 R0 = static_cast<uint32_t>(S);
165 S >>= 32;
166
167 S += S5;
168 R1 = static_cast<uint32_t>(S);
169 S >>= 32;
170
171 set_words(xw, 4, R0, R1);
172
173 // No underflow possible
174
175 /*
176 This is a table of (i*P-192) % 2**192 for i in 1...3
177 */
178 static const word p192_mults[3][p192_limbs] = {
179#if (BOTAN_MP_WORD_BITS == 64)
180 {0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF},
181 {0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFF},
182 {0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFC, 0xFFFFFFFFFFFFFFFF},
183#else
184 {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
185 {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
186 {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
187#endif
188 };
189
190 CT::unpoison(S);
191 BOTAN_ASSERT(S <= 2, "Expected overflow");
192
193 BOTAN_ASSERT_NOMSG(x.size() >= p192_limbs + 1);
194 x.mask_bits(192);
195 word borrow = bigint_sub2(x.mutable_data(), p192_limbs + 1, p192_mults[S], p192_limbs);
196 BOTAN_DEBUG_ASSERT(borrow == 0 || borrow == 1);
197 bigint_cnd_add(borrow, x.mutable_data(), p192_limbs + 1, p192_mults[0], p192_limbs);
198 }
word * mutable_data()
Definition bigint.h:614
void grow_to(size_t n) const
Definition bigint.h:636
void mask_bits(size_t n)
Definition bigint.h:455
word bigint_sub2(word x[], size_t x_size, const word y[], size_t y_size)
Definition mp_core.h:300

References bigint_cnd_add(), bigint_sub2(), BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, Botan::BigInt::grow_to(), Botan::BigInt::mask_bits(), Botan::BigInt::mutable_data(), Botan::BigInt::size(), and Botan::CT::unpoison().

◆ redc_p224()

void Botan::redc_p224 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 206 of file nistp_redc.cpp.

207 {
208 static const size_t p224_limbs = (BOTAN_MP_WORD_BITS == 32) ? 7 : 4;
209
210 BOTAN_UNUSED(ws);
211
212 x.grow_to(2*p224_limbs);
213 word* xw = x.mutable_data();
214
215 const int64_t X00 = get_uint32(xw, 0);
216 const int64_t X01 = get_uint32(xw, 1);
217 const int64_t X02 = get_uint32(xw, 2);
218 const int64_t X03 = get_uint32(xw, 3);
219 const int64_t X04 = get_uint32(xw, 4);
220 const int64_t X05 = get_uint32(xw, 5);
221 const int64_t X06 = get_uint32(xw, 6);
222 const int64_t X07 = get_uint32(xw, 7);
223 const int64_t X08 = get_uint32(xw, 8);
224 const int64_t X09 = get_uint32(xw, 9);
225 const int64_t X10 = get_uint32(xw, 10);
226 const int64_t X11 = get_uint32(xw, 11);
227 const int64_t X12 = get_uint32(xw, 12);
228 const int64_t X13 = get_uint32(xw, 13);
229
230 // One full copy of P224 is added, so the result is always positive
231
232 const int64_t S0 = 0x00000001 + X00 - X07 - X11;
233 const int64_t S1 = 0x00000000 + X01 - X08 - X12;
234 const int64_t S2 = 0x00000000 + X02 - X09 - X13;
235 const int64_t S3 = 0xFFFFFFFF + X03 + X07 + X11 - X10;
236 const int64_t S4 = 0xFFFFFFFF + X04 + X08 + X12 - X11;
237 const int64_t S5 = 0xFFFFFFFF + X05 + X09 + X13 - X12;
238 const int64_t S6 = 0xFFFFFFFF + X06 + X10 - X13;
239
240 int64_t S = 0;
241 uint32_t R0 = 0, R1 = 0;
242
243 S += S0;
244 R0 = static_cast<uint32_t>(S);
245 S >>= 32;
246
247 S += S1;
248 R1 = static_cast<uint32_t>(S);
249 S >>= 32;
250
251 set_words(xw, 0, R0, R1);
252
253 S += S2;
254 R0 = static_cast<uint32_t>(S);
255 S >>= 32;
256
257 S += S3;
258 R1 = static_cast<uint32_t>(S);
259 S >>= 32;
260
261 set_words(xw, 2, R0, R1);
262
263 S += S4;
264 R0 = static_cast<uint32_t>(S);
265 S >>= 32;
266
267 S += S5;
268 R1 = static_cast<uint32_t>(S);
269 S >>= 32;
270
271 set_words(xw, 4, R0, R1);
272
273 S += S6;
274 R0 = static_cast<uint32_t>(S);
275 S >>= 32;
276
277 set_words(xw, 6, R0, 0);
278
279 static const word p224_mults[3][p224_limbs] = {
280#if (BOTAN_MP_WORD_BITS == 64)
281 {0x0000000000000001, 0xFFFFFFFF00000000, 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF},
282 {0x0000000000000002, 0xFFFFFFFE00000000, 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF},
283 {0x0000000000000003, 0xFFFFFFFD00000000, 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF},
284#else
285 {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
286 {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
287 {0x00000003, 0x00000000, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
288#endif
289
290 };
291
292 CT::unpoison(S);
293 BOTAN_ASSERT(S >= 0 && S <= 2, "Expected overflow");
294
295 BOTAN_ASSERT_NOMSG(x.size() >= p224_limbs + 1);
296 x.mask_bits(224);
297 word borrow = bigint_sub2(x.mutable_data(), p224_limbs + 1, p224_mults[S], p224_limbs);
298 BOTAN_DEBUG_ASSERT(borrow == 0 || borrow == 1);
299 bigint_cnd_add(borrow, x.mutable_data(), p224_limbs + 1, p224_mults[0], p224_limbs);
300 }

References bigint_cnd_add(), bigint_sub2(), BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, Botan::BigInt::grow_to(), Botan::BigInt::mask_bits(), Botan::BigInt::mutable_data(), Botan::BigInt::size(), and Botan::CT::unpoison().

◆ redc_p256()

void Botan::redc_p256 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 308 of file nistp_redc.cpp.

309 {
310 static const size_t p256_limbs = (BOTAN_MP_WORD_BITS == 32) ? 8 : 4;
311
312 BOTAN_UNUSED(ws);
313
314 x.grow_to(2*p256_limbs);
315 word* xw = x.mutable_data();
316
317 const int64_t X00 = get_uint32(xw, 0);
318 const int64_t X01 = get_uint32(xw, 1);
319 const int64_t X02 = get_uint32(xw, 2);
320 const int64_t X03 = get_uint32(xw, 3);
321 const int64_t X04 = get_uint32(xw, 4);
322 const int64_t X05 = get_uint32(xw, 5);
323 const int64_t X06 = get_uint32(xw, 6);
324 const int64_t X07 = get_uint32(xw, 7);
325 const int64_t X08 = get_uint32(xw, 8);
326 const int64_t X09 = get_uint32(xw, 9);
327 const int64_t X10 = get_uint32(xw, 10);
328 const int64_t X11 = get_uint32(xw, 11);
329 const int64_t X12 = get_uint32(xw, 12);
330 const int64_t X13 = get_uint32(xw, 13);
331 const int64_t X14 = get_uint32(xw, 14);
332 const int64_t X15 = get_uint32(xw, 15);
333
334 // Adds 6 * P-256 to prevent underflow
335 const int64_t S0 = 0xFFFFFFFA + X00 + X08 + X09 - (X11 + X12 + X13) - X14;
336 const int64_t S1 = 0xFFFFFFFF + X01 + X09 + X10 - X12 - (X13 + X14 + X15);
337 const int64_t S2 = 0xFFFFFFFF + X02 + X10 + X11 - (X13 + X14 + X15);
338 const int64_t S3 = 0x00000005 + X03 + (X11 + X12)*2 + X13 - X15 - X08 - X09;
339 const int64_t S4 = 0x00000000 + X04 + (X12 + X13)*2 + X14 - X09 - X10;
340 const int64_t S5 = 0x00000000 + X05 + (X13 + X14)*2 + X15 - X10 - X11;
341 const int64_t S6 = 0x00000006 + X06 + X13 + X14*3 + X15*2 - X08 - X09;
342 const int64_t S7 = 0xFFFFFFFA + X07 + X15*3 + X08 - X10 - (X11 + X12 + X13);
343
344 int64_t S = 0;
345
346 uint32_t R0 = 0, R1 = 0;
347
348 S += S0;
349 R0 = static_cast<uint32_t>(S);
350 S >>= 32;
351
352 S += S1;
353 R1 = static_cast<uint32_t>(S);
354 S >>= 32;
355
356 set_words(xw, 0, R0, R1);
357
358 S += S2;
359 R0 = static_cast<uint32_t>(S);
360 S >>= 32;
361
362 S += S3;
363 R1 = static_cast<uint32_t>(S);
364 S >>= 32;
365
366 set_words(xw, 2, R0, R1);
367
368 S += S4;
369 R0 = static_cast<uint32_t>(S);
370 S >>= 32;
371
372 S += S5;
373 R1 = static_cast<uint32_t>(S);
374 S >>= 32;
375
376 set_words(xw, 4, R0, R1);
377
378 S += S6;
379 R0 = static_cast<uint32_t>(S);
380 S >>= 32;
381
382 S += S7;
383 R1 = static_cast<uint32_t>(S);
384 S >>= 32;
385 set_words(xw, 6, R0, R1);
386
387 S += 5; // the top digits of 6*P-256
388
389 /*
390 This is a table of (i*P-256) % 2**256 for i in 1...10
391 */
392 static const word p256_mults[11][p256_limbs] = {
393#if (BOTAN_MP_WORD_BITS == 64)
394 {0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF, 0x0000000000000000, 0xFFFFFFFF00000001},
395 {0xFFFFFFFFFFFFFFFE, 0x00000001FFFFFFFF, 0x0000000000000000, 0xFFFFFFFE00000002},
396 {0xFFFFFFFFFFFFFFFD, 0x00000002FFFFFFFF, 0x0000000000000000, 0xFFFFFFFD00000003},
397 {0xFFFFFFFFFFFFFFFC, 0x00000003FFFFFFFF, 0x0000000000000000, 0xFFFFFFFC00000004},
398 {0xFFFFFFFFFFFFFFFB, 0x00000004FFFFFFFF, 0x0000000000000000, 0xFFFFFFFB00000005},
399 {0xFFFFFFFFFFFFFFFA, 0x00000005FFFFFFFF, 0x0000000000000000, 0xFFFFFFFA00000006},
400 {0xFFFFFFFFFFFFFFF9, 0x00000006FFFFFFFF, 0x0000000000000000, 0xFFFFFFF900000007},
401 {0xFFFFFFFFFFFFFFF8, 0x00000007FFFFFFFF, 0x0000000000000000, 0xFFFFFFF800000008},
402 {0xFFFFFFFFFFFFFFF7, 0x00000008FFFFFFFF, 0x0000000000000000, 0xFFFFFFF700000009},
403 {0xFFFFFFFFFFFFFFF6, 0x00000009FFFFFFFF, 0x0000000000000000, 0xFFFFFFF60000000A},
404 {0xFFFFFFFFFFFFFFF5, 0x0000000AFFFFFFFF, 0x0000000000000000, 0xFFFFFFF50000000B},
405#else
406 {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
407 {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
408 {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
409 {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
410 {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
411 {0xFFFFFFFA, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000005, 0x00000000, 0x00000000, 0x00000006, 0xFFFFFFFA},
412 {0xFFFFFFF9, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000006, 0x00000000, 0x00000000, 0x00000007, 0xFFFFFFF9},
413 {0xFFFFFFF8, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000007, 0x00000000, 0x00000000, 0x00000008, 0xFFFFFFF8},
414 {0xFFFFFFF7, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000008, 0x00000000, 0x00000000, 0x00000009, 0xFFFFFFF7},
415 {0xFFFFFFF6, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000009, 0x00000000, 0x00000000, 0x0000000A, 0xFFFFFFF6},
416 {0xFFFFFFF5, 0xFFFFFFFF, 0xFFFFFFFF, 0x0000000A, 0x00000000, 0x00000000, 0x0000000B, 0xFFFFFFF5},
417#endif
418 };
419
420 CT::unpoison(S);
421 BOTAN_ASSERT(S >= 0 && S <= 10, "Expected overflow");
422
423 BOTAN_ASSERT_NOMSG(x.size() >= p256_limbs + 1);
424 x.mask_bits(256);
425 word borrow = bigint_sub2(x.mutable_data(), p256_limbs + 1, p256_mults[S], p256_limbs);
426 BOTAN_DEBUG_ASSERT(borrow == 0 || borrow == 1);
427 bigint_cnd_add(borrow, x.mutable_data(), p256_limbs + 1, p256_mults[0], p256_limbs);
428 }

References bigint_cnd_add(), bigint_sub2(), BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, Botan::BigInt::grow_to(), Botan::BigInt::mask_bits(), Botan::BigInt::mutable_data(), Botan::BigInt::size(), and Botan::CT::unpoison().

◆ redc_p384()

void Botan::redc_p384 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 436 of file nistp_redc.cpp.

437 {
438 BOTAN_UNUSED(ws);
439
440 static const size_t p384_limbs = (BOTAN_MP_WORD_BITS == 32) ? 12 : 6;
441
442 x.grow_to(2*p384_limbs);
443 word* xw = x.mutable_data();
444
445 const int64_t X00 = get_uint32(xw, 0);
446 const int64_t X01 = get_uint32(xw, 1);
447 const int64_t X02 = get_uint32(xw, 2);
448 const int64_t X03 = get_uint32(xw, 3);
449 const int64_t X04 = get_uint32(xw, 4);
450 const int64_t X05 = get_uint32(xw, 5);
451 const int64_t X06 = get_uint32(xw, 6);
452 const int64_t X07 = get_uint32(xw, 7);
453 const int64_t X08 = get_uint32(xw, 8);
454 const int64_t X09 = get_uint32(xw, 9);
455 const int64_t X10 = get_uint32(xw, 10);
456 const int64_t X11 = get_uint32(xw, 11);
457 const int64_t X12 = get_uint32(xw, 12);
458 const int64_t X13 = get_uint32(xw, 13);
459 const int64_t X14 = get_uint32(xw, 14);
460 const int64_t X15 = get_uint32(xw, 15);
461 const int64_t X16 = get_uint32(xw, 16);
462 const int64_t X17 = get_uint32(xw, 17);
463 const int64_t X18 = get_uint32(xw, 18);
464 const int64_t X19 = get_uint32(xw, 19);
465 const int64_t X20 = get_uint32(xw, 20);
466 const int64_t X21 = get_uint32(xw, 21);
467 const int64_t X22 = get_uint32(xw, 22);
468 const int64_t X23 = get_uint32(xw, 23);
469
470 // One copy of P-384 is added to prevent underflow
471 const int64_t S0 = 0xFFFFFFFF + X00 + X12 + X20 + X21 - X23;
472 const int64_t S1 = 0x00000000 + X01 + X13 + X22 + X23 - X12 - X20;
473 const int64_t S2 = 0x00000000 + X02 + X14 + X23 - X13 - X21;
474 const int64_t S3 = 0xFFFFFFFF + X03 + X12 + X15 + X20 + X21 - X14 - X22 - X23;
475 const int64_t S4 = 0xFFFFFFFE + X04 + X12 + X13 + X16 + X20 + X21*2 + X22 - X15 - X23*2;
476 const int64_t S5 = 0xFFFFFFFF + X05 + X13 + X14 + X17 + X21 + X22*2 + X23 - X16;
477 const int64_t S6 = 0xFFFFFFFF + X06 + X14 + X15 + X18 + X22 + X23*2 - X17;
478 const int64_t S7 = 0xFFFFFFFF + X07 + X15 + X16 + X19 + X23 - X18;
479 const int64_t S8 = 0xFFFFFFFF + X08 + X16 + X17 + X20 - X19;
480 const int64_t S9 = 0xFFFFFFFF + X09 + X17 + X18 + X21 - X20;
481 const int64_t SA = 0xFFFFFFFF + X10 + X18 + X19 + X22 - X21;
482 const int64_t SB = 0xFFFFFFFF + X11 + X19 + X20 + X23 - X22;
483
484 int64_t S = 0;
485
486 uint32_t R0 = 0, R1 = 0;
487
488 S += S0;
489 R0 = static_cast<uint32_t>(S);
490 S >>= 32;
491
492 S += S1;
493 R1 = static_cast<uint32_t>(S);
494 S >>= 32;
495
496 set_words(xw, 0, R0, R1);
497
498 S += S2;
499 R0 = static_cast<uint32_t>(S);
500 S >>= 32;
501
502 S += S3;
503 R1 = static_cast<uint32_t>(S);
504 S >>= 32;
505
506 set_words(xw, 2, R0, R1);
507
508 S += S4;
509 R0 = static_cast<uint32_t>(S);
510 S >>= 32;
511
512 S += S5;
513 R1 = static_cast<uint32_t>(S);
514 S >>= 32;
515
516 set_words(xw, 4, R0, R1);
517
518 S += S6;
519 R0 = static_cast<uint32_t>(S);
520 S >>= 32;
521
522 S += S7;
523 R1 = static_cast<uint32_t>(S);
524 S >>= 32;
525
526 set_words(xw, 6, R0, R1);
527
528 S += S8;
529 R0 = static_cast<uint32_t>(S);
530 S >>= 32;
531
532 S += S9;
533 R1 = static_cast<uint32_t>(S);
534 S >>= 32;
535
536 set_words(xw, 8, R0, R1);
537
538 S += SA;
539 R0 = static_cast<uint32_t>(S);
540 S >>= 32;
541
542 S += SB;
543 R1 = static_cast<uint32_t>(S);
544 S >>= 32;
545
546 set_words(xw, 10, R0, R1);
547
548 /*
549 This is a table of (i*P-384) % 2**384 for i in 1...4
550 */
551 static const word p384_mults[5][p384_limbs] = {
552#if (BOTAN_MP_WORD_BITS == 64)
553 {0x00000000FFFFFFFF, 0xFFFFFFFF00000000, 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
554 {0x00000001FFFFFFFE, 0xFFFFFFFE00000000, 0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
555 {0x00000002FFFFFFFD, 0xFFFFFFFD00000000, 0xFFFFFFFFFFFFFFFC, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
556 {0x00000003FFFFFFFC, 0xFFFFFFFC00000000, 0xFFFFFFFFFFFFFFFB, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
557 {0x00000004FFFFFFFB, 0xFFFFFFFB00000000, 0xFFFFFFFFFFFFFFFA, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
558
559#else
560 {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
561 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
562 {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
563 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
564 {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
565 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
566 {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
567 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
568 {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
569 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
570#endif
571 };
572
573 CT::unpoison(S);
574 BOTAN_ASSERT(S >= 0 && S <= 4, "Expected overflow");
575
576 BOTAN_ASSERT_NOMSG(x.size() >= p384_limbs + 1);
577 x.mask_bits(384);
578 word borrow = bigint_sub2(x.mutable_data(), p384_limbs + 1, p384_mults[S], p384_limbs);
579 BOTAN_DEBUG_ASSERT(borrow == 0 || borrow == 1);
580 bigint_cnd_add(borrow, x.mutable_data(), p384_limbs + 1, p384_mults[0], p384_limbs);
581 }

References bigint_cnd_add(), bigint_sub2(), BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, BOTAN_UNUSED, Botan::BigInt::grow_to(), Botan::BigInt::mask_bits(), Botan::BigInt::mutable_data(), Botan::BigInt::size(), and Botan::CT::unpoison().

◆ redc_p521()

void Botan::redc_p521 ( BigInt x,
secure_vector< word > &  ws 
)

Definition at line 23 of file nistp_redc.cpp.

24 {
25 const size_t p_full_words = 521 / BOTAN_MP_WORD_BITS;
26 const size_t p_top_bits = 521 % BOTAN_MP_WORD_BITS;
27 const size_t p_words = p_full_words + 1;
28
29#if (BOTAN_MP_WORD_BITS == 64)
30 static const word p521_words[p_words] = {
31 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF,
32 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF,
33 0x1FF };
34#else
35 static const word p521_words[p_words] = {
36 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
37 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
38 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
39 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
40 0x1FF };
41#endif
42
43 if(ws.size() < p_words + 1)
44 ws.resize(p_words + 1);
45
46 clear_mem(ws.data(), ws.size());
47 bigint_shr2(ws.data(), x.data(), std::min(x.size(), 2*p_words), p_full_words, p_top_bits);
48
49 x.mask_bits(521);
50 x.grow_to(p_words);
51
52 // Word-level carry will be zero
53 word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words);
54 BOTAN_ASSERT_EQUAL(carry, 0, "Final carry in P-521 reduction");
55
56 const word top_word = x.word_at(p_full_words);
57
58 /*
59 * Check if we need to reduce modulo P
60 * There are two possible cases:
61 * - The result overflowed past 521 bits, in which case bit 522 will be set
62 * - The result is exactly 2**521 - 1
63 */
64 const auto bit_522_set = CT::Mask<word>::expand(top_word >> p_top_bits);
65
66 word and_512 = MP_WORD_MAX;
67 for(size_t i = 0; i != p_full_words; ++i)
68 and_512 &= x.word_at(i);
69 const auto all_512_low_bits_set = CT::Mask<word>::is_equal(and_512, MP_WORD_MAX);
70 const auto has_p521_top_word = CT::Mask<word>::is_equal(top_word, 0x1FF);
71 const auto is_p521 = all_512_low_bits_set & has_p521_top_word;
72
73 const auto needs_reduction = is_p521 | bit_522_set;
74
75 bigint_cnd_sub(needs_reduction.value(), x.mutable_data(), p521_words, p_words);
76 }
const word MP_WORD_MAX
Definition mp_core.h:22

References bigint_add3_nc(), bigint_cnd_sub(), bigint_shr2(), BOTAN_ASSERT_EQUAL, carry(), clear_mem(), Botan::BigInt::data(), Botan::CT::Mask< T >::expand(), Botan::BigInt::grow_to(), Botan::CT::Mask< T >::is_equal(), Botan::BigInt::mask_bits(), MP_WORD_MAX, Botan::BigInt::mutable_data(), Botan::BigInt::resize(), Botan::BigInt::size(), and Botan::BigInt::word_at().

◆ replace_char()

std::string Botan::replace_char ( const std::string &  str,
char  from_char,
char  to_char 
)

Replace a character in a string

Parameters
strthe input string
from_charthe character to replace
to_charthe character to replace it with
Returns
str with all instances of from_char replaced by to_char

Definition at line 316 of file parsing.cpp.

317 {
318 std::string out = str;
319
320 for(size_t i = 0; i != out.size(); ++i)
321 if(out[i] == from_char)
322 out[i] = to_char;
323
324 return out;
325 }

◆ replace_chars()

std::string Botan::replace_chars ( const std::string &  str,
const std::set< char > &  from_chars,
char  to_char 
)

Replace a character in a string

Parameters
strthe input string
from_charsthe characters to replace
to_charthe character to replace it with
Returns
str with all instances of from_chars replaced by to_char

Definition at line 303 of file parsing.cpp.

306 {
307 std::string out = str;
308
309 for(size_t i = 0; i != out.size(); ++i)
310 if(chars.count(out[i]))
311 out[i] = to_char;
312
313 return out;
314 }

◆ ressol()

BigInt Botan::ressol ( const BigInt x,
const BigInt p 
)

Compute the square root of x modulo a prime using the Tonelli-Shanks algorithm

Parameters
xthe input
pthe prime
Returns
y such that (y*y)p == x, or -1 if no such integer

Definition at line 16 of file ressol.cpp.

17 {
18 if(p <= 1 || p.is_even())
19 throw Invalid_Argument("ressol: invalid prime");
20
21 if(a == 0)
22 return 0;
23 else if(a < 0)
24 throw Invalid_Argument("ressol: value to solve for must be positive");
25 else if(a >= p)
26 throw Invalid_Argument("ressol: value to solve for must be less than p");
27
28 if(p == 2)
29 return a;
30
31 if(jacobi(a, p) != 1) // not a quadratic residue
32 return -BigInt(1);
33
34 if(p % 4 == 3) // The easy case
35 {
36 return power_mod(a, ((p+1) >> 2), p);
37 }
38
39 size_t s = low_zero_bits(p - 1);
40 BigInt q = p >> s;
41
42 q -= 1;
43 q >>= 1;
44
45 Modular_Reducer mod_p(p);
46
47 BigInt r = power_mod(a, q, p);
48 BigInt n = mod_p.multiply(a, mod_p.square(r));
49 r = mod_p.multiply(r, a);
50
51 if(n == 1)
52 return r;
53
54 // find random quadratic nonresidue z
55 word z = 2;
56 for(;;)
57 {
58 if(jacobi(z, p) == -1) // found one
59 break;
60
61 z += 1; // try next z
62
63 /*
64 * The expected number of tests to find a non-residue modulo a
65 * prime is 2. If we have not found one after 256 then almost
66 * certainly we have been given a non-prime p.
67 */
68 if(z >= 256)
69 return -BigInt(1);
70 }
71
72 BigInt c = power_mod(z, (q << 1) + 1, p);
73
74 while(n > 1)
75 {
76 q = n;
77
78 size_t i = 0;
79 while(q != 1)
80 {
81 q = mod_p.square(q);
82 ++i;
83
84 if(i >= s)
85 {
86 return -BigInt(1);
87 }
88 }
89
90 c = power_mod(c, BigInt::power_of_2(s-i-1), p);
91 r = mod_p.multiply(r, c);
92 c = mod_p.square(c);
93 n = mod_p.multiply(n, c);
94 s = i;
95 }
96
97 return r;
98 }
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition numthry.cpp:151

References Botan::BigInt::is_even(), jacobi(), low_zero_bits(), Botan::Modular_Reducer::multiply(), power_mod(), Botan::BigInt::power_of_2(), and Botan::Modular_Reducer::square().

◆ reverse_bytes() [1/3]

uint16_t Botan::reverse_bytes ( uint16_t  val)
inline

Swap a 16 bit integer

Definition at line 25 of file bswap.h.

26 {
27#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) || defined(BOTAN_BUILD_COMPILER_IS_XLC)
28 return __builtin_bswap16(val);
29#else
30 return static_cast<uint16_t>((val << 8) | (val >> 8));
31#endif
32 }

References reverse_bytes().

Referenced by bswap_4(), load_be(), load_le(), reverse_bytes(), reverse_bytes(), and reverse_bytes().

◆ reverse_bytes() [2/3]

uint32_t Botan::reverse_bytes ( uint32_t  val)
inline

Swap a 32 bit integer

Definition at line 37 of file bswap.h.

38 {
39#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) || defined(BOTAN_BUILD_COMPILER_IS_XLC)
40 return __builtin_bswap32(val);
41
42#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC)
43 return _byteswap_ulong(val);
44
45#elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_CPU_IS_X86_FAMILY)
46
47 // GCC-style inline assembly for x86 or x86-64
48 asm("bswapl %0" : "=r" (val) : "0" (val));
49 return val;
50
51#else
52 // Generic implementation
53 uint16_t hi = static_cast<uint16_t>(val >> 16);
54 uint16_t lo = static_cast<uint16_t>(val);
55
56 hi = reverse_bytes(hi);
57 lo = reverse_bytes(lo);
58
59 return (static_cast<uint32_t>(lo) << 16) | hi;
60#endif
61 }

References reverse_bytes().

◆ reverse_bytes() [3/3]

uint64_t Botan::reverse_bytes ( uint64_t  val)
inline

Swap a 64 bit integer

Definition at line 66 of file bswap.h.

67 {
68#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) || defined(BOTAN_BUILD_COMPILER_IS_XLC)
69 return __builtin_bswap64(val);
70
71#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC)
72 return _byteswap_uint64(val);
73
74#elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_ARCH_IS_X86_64)
75 // GCC-style inline assembly for x86-64
76 asm("bswapq %0" : "=r" (val) : "0" (val));
77 return val;
78
79#else
80 /* Generic implementation. Defined in terms of 32-bit bswap so any
81 * optimizations in that version can help.
82 */
83
84 uint32_t hi = static_cast<uint32_t>(val >> 32);
85 uint32_t lo = static_cast<uint32_t>(val);
86
87 hi = reverse_bytes(hi);
88 lo = reverse_bytes(lo);
89
90 return (static_cast<uint64_t>(lo) << 32) | hi;
91#endif
92 }

References reverse_bytes().

◆ rfc3394_keyunwrap()

secure_vector< uint8_t > Botan::rfc3394_keyunwrap ( const secure_vector< uint8_t > &  key,
const SymmetricKey kek 
)

Decrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe encrypted key to decrypt
kekthe key encryption key
Returns
key decrypted under kek

Definition at line 28 of file rfc3394.cpp.

30 {
31 BOTAN_ARG_CHECK(kek.size() == 16 || kek.size() == 24 || kek.size() == 32,
32 "Invalid KEK length for NIST key wrap");
33
34 BOTAN_ARG_CHECK(key.size() >= 16 && key.size() % 8 == 0,
35 "Bad input key size for NIST key unwrap");
36
37 const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
38 std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
39 aes->set_key(kek);
40
41 return nist_key_unwrap(key.data(), key.size(), *aes);
42 }
size_t size() const
Definition symkey.h:26
secure_vector< uint8_t > nist_key_unwrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)

References BOTAN_ARG_CHECK, Botan::BlockCipher::create_or_throw(), nist_key_unwrap(), and Botan::OctetString::size().

Referenced by botan_key_unwrap3394().

◆ rfc3394_keywrap()

secure_vector< uint8_t > Botan::rfc3394_keywrap ( const secure_vector< uint8_t > &  key,
const SymmetricKey kek 
)

Encrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe plaintext key to encrypt
kekthe key encryption key
Returns
key encrypted under kek

Definition at line 14 of file rfc3394.cpp.

16 {
17 BOTAN_ARG_CHECK(kek.size() == 16 || kek.size() == 24 || kek.size() == 32,
18 "Invalid KEK length for NIST key wrap");
19
20 const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
21 std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
22 aes->set_key(kek);
23
24 std::vector<uint8_t> wrapped = nist_key_wrap(key.data(), key.size(), *aes);
25 return secure_vector<uint8_t>(wrapped.begin(), wrapped.end());
26 }
std::vector< uint8_t > nist_key_wrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)

References BOTAN_ARG_CHECK, Botan::BlockCipher::create_or_throw(), nist_key_wrap(), and Botan::OctetString::size().

Referenced by botan_key_wrap3394().

◆ RFC4880_decode_count()

size_t Botan::RFC4880_decode_count ( uint8_t  encoded_iter)

Decode the iteration count from RFC 4880 encoding

Definition at line 69 of file pgp_s2k.cpp.

70 {
71 return OPENPGP_S2K_ITERS[iter];
72 }

Referenced by Botan::OpenPGP_S2K::decode_count(), and RFC4880_round_iterations().

◆ RFC4880_encode_count()

uint8_t Botan::RFC4880_encode_count ( size_t  iterations)

RFC 4880 encodes the iteration count to a single-byte value

Definition at line 56 of file pgp_s2k.cpp.

57 {
58 if(desired_iterations <= OPENPGP_S2K_ITERS[0])
59 return 0;
60
61 if(desired_iterations >= OPENPGP_S2K_ITERS[255])
62 return 255;
63
64 auto i = std::lower_bound(OPENPGP_S2K_ITERS, OPENPGP_S2K_ITERS + 256, desired_iterations);
65
66 return static_cast<uint8_t>(i - OPENPGP_S2K_ITERS);
67 }

Referenced by Botan::OpenPGP_S2K::encode_count(), and RFC4880_round_iterations().

◆ RFC4880_round_iterations()

size_t Botan::RFC4880_round_iterations ( size_t  iterations)
inline

Round an arbitrary iteration count to next largest iteration count supported by RFC4880 encoding.

Definition at line 40 of file pgp_s2k.h.

41 {
43 }
uint8_t RFC4880_encode_count(size_t desired_iterations)
Definition pgp_s2k.cpp:56
size_t RFC4880_decode_count(uint8_t iter)
Definition pgp_s2k.cpp:69

References RFC4880_decode_count(), and RFC4880_encode_count().

Referenced by Botan::RFC4880_S2K_Family::tune().

◆ rotate_left()

template<typename T >
T Botan::rotate_left ( T  input,
size_t  rot 
)
inline

Definition at line 96 of file rotate.h.

97 {
98 // rotl_var does not reduce
99 return rotl_var(input, rot % (8 * sizeof(T)));
100 }
T rotl_var(T input, size_t rot)
Definition rotate.h:48

References rotl_var(), and T.

◆ rotate_right()

template<typename T >
T Botan::rotate_right ( T  input,
size_t  rot 
)
inline

Definition at line 104 of file rotate.h.

105 {
106 // rotr_var does not reduce
107 return rotr_var(input, rot % (8 * sizeof(T)));
108 }
T rotr_var(T input, size_t rot)
Definition rotate.h:60

References rotr_var(), and T.

◆ rotl()

template<size_t ROT, typename T >
constexpr T Botan::rotl ( T  input)
inlineconstexpr

Bit rotation left by a compile-time constant amount

Parameters
inputthe input word
Returns
input rotated left by ROT bits

Definition at line 23 of file rotate.h.

24 {
25 static_assert(ROT > 0 && ROT < 8*sizeof(T), "Invalid rotation constant");
26 return static_cast<T>((input << ROT) | (input >> (8*sizeof(T) - ROT)));
27 }

References rotl(), and T.

Referenced by rotl().

◆ rotl_var()

template<typename T >
T Botan::rotl_var ( T  input,
size_t  rot 
)
inline

Bit rotation left, variable rotation amount

Parameters
inputthe input word
rotthe number of bits to rotate, must be between 0 and sizeof(T)*8-1
Returns
input rotated left by rot bits

Definition at line 48 of file rotate.h.

49 {
50 return rot ? static_cast<T>((input << rot) | (input >> (sizeof(T)*8 - rot))) : input;
51 }

References rotl_var(), and T.

Referenced by rotate_left(), and rotl_var().

◆ rotr()

template<size_t ROT, typename T >
constexpr T Botan::rotr ( T  input)
inlineconstexpr

Bit rotation right by a compile-time constant amount

Parameters
inputthe input word
Returns
input rotated right by ROT bits

Definition at line 35 of file rotate.h.

36 {
37 static_assert(ROT > 0 && ROT < 8*sizeof(T), "Invalid rotation constant");
38 return static_cast<T>((input >> ROT) | (input << (8*sizeof(T) - ROT)));
39 }

References rotr(), and T.

Referenced by rotr().

◆ rotr_var()

template<typename T >
T Botan::rotr_var ( T  input,
size_t  rot 
)
inline

Bit rotation right, variable rotation amount

Parameters
inputthe input word
rotthe number of bits to rotate, must be between 0 and sizeof(T)*8-1
Returns
input rotated right by rot bits

Definition at line 60 of file rotate.h.

61 {
62 return rot ? static_cast<T>((input >> rot) | (input << (sizeof(T)*8 - rot))) : input;
63 }

References rotr_var(), and T.

Referenced by rotate_right(), and rotr_var().

◆ round_down()

template<typename T >
constexpr T Botan::round_down ( T  n,
T  align_to 
)
inlineconstexpr

Round down

Parameters
nan integer
align_tothe alignment boundary
Returns
n rounded down to a multiple of align_to

Definition at line 37 of file rounding.h.

38 {
39 return (align_to == 0) ? n : (n - (n % align_to));
40 }

Referenced by Botan::Buffered_Filter::write().

◆ round_up()

size_t Botan::round_up ( size_t  n,
size_t  align_to 
)
inline

◆ runtime_version_check()

std::string Botan::runtime_version_check ( uint32_t  major,
uint32_t  minor,
uint32_t  patch 
)

Usable for checking that the DLL version loaded at runtime exactly matches the compile-time version. Call using BOTAN_VERSION_* macro values. Returns the empty string if an exact match, otherwise an appropriate message. Added with 1.11.26.

Definition at line 84 of file version.cpp.

87 {
88 if(major != version_major() || minor != version_minor() || patch != version_patch())
89 {
90 std::ostringstream oss;
91 oss << "Warning: linked version (" << short_version_string() << ")"
92 << " does not match version built against "
93 << "(" << major << '.' << minor << '.' << patch << ")\n";
94 return oss.str();
95 }
96
97 return "";
98 }
uint32_t version_minor()
Definition version.cpp:81
uint32_t version_major()
Definition version.cpp:80
uint32_t version_patch()
Definition version.cpp:82
std::string short_version_string()
Definition version.cpp:70

References short_version_string(), version_major(), version_minor(), and version_patch().

◆ same_mem()

template<typename T >
bool Botan::same_mem ( const T p1,
const T p2,
size_t  n 
)
inline

Memory comparison, input insensitive

Parameters
p1a pointer to an array
p2a pointer to another array
nthe number of Ts in p1 and p2
Returns
true iff p1[i] == p2[i] forall i in [0...n)

Definition at line 217 of file mem_ops.h.

218 {
219 volatile T difference = 0;
220
221 for(size_t i = 0; i != n; ++i)
222 difference |= (p1[i] ^ p2[i]);
223
224 return difference == 0;
225 }

References T.

Referenced by check_bcrypt(), Botan::PK_Verifier::check_signature(), Botan::Sodium::crypto_verify_16(), Botan::Sodium::crypto_verify_32(), Botan::Sodium::crypto_verify_64(), Botan::TLS::Session::decrypt(), and Botan::RTSS_Share::reconstruct().

◆ sc_muladd()

void Botan::sc_muladd ( uint8_t *  s,
const uint8_t *  a,
const uint8_t *  b,
const uint8_t *  c 
)

Definition at line 26 of file sc_muladd.cpp.

27 {
28 const int32_t MASK = 0x1fffff;
29
30 const int64_t a0 = MASK & load_3(a);
31 const int64_t a1 = MASK & (load_4(a + 2) >> 5);
32 const int64_t a2 = MASK & (load_3(a + 5) >> 2);
33 const int64_t a3 = MASK & (load_4(a + 7) >> 7);
34 const int64_t a4 = MASK & (load_4(a + 10) >> 4);
35 const int64_t a5 = MASK & (load_3(a + 13) >> 1);
36 const int64_t a6 = MASK & (load_4(a + 15) >> 6);
37 const int64_t a7 = MASK & (load_3(a + 18) >> 3);
38 const int64_t a8 = MASK & load_3(a + 21);
39 const int64_t a9 = MASK & (load_4(a + 23) >> 5);
40 const int64_t a10 = MASK & (load_3(a + 26) >> 2);
41 const int64_t a11 = (load_4(a + 28) >> 7);
42 const int64_t b0 = MASK & load_3(b);
43 const int64_t b1 = MASK & (load_4(b + 2) >> 5);
44 const int64_t b2 = MASK & (load_3(b + 5) >> 2);
45 const int64_t b3 = MASK & (load_4(b + 7) >> 7);
46 const int64_t b4 = MASK & (load_4(b + 10) >> 4);
47 const int64_t b5 = MASK & (load_3(b + 13) >> 1);
48 const int64_t b6 = MASK & (load_4(b + 15) >> 6);
49 const int64_t b7 = MASK & (load_3(b + 18) >> 3);
50 const int64_t b8 = MASK & load_3(b + 21);
51 const int64_t b9 = MASK & (load_4(b + 23) >> 5);
52 const int64_t b10 = MASK & (load_3(b + 26) >> 2);
53 const int64_t b11 = (load_4(b + 28) >> 7);
54 const int64_t c0 = MASK & load_3(c);
55 const int64_t c1 = MASK & (load_4(c + 2) >> 5);
56 const int64_t c2 = MASK & (load_3(c + 5) >> 2);
57 const int64_t c3 = MASK & (load_4(c + 7) >> 7);
58 const int64_t c4 = MASK & (load_4(c + 10) >> 4);
59 const int64_t c5 = MASK & (load_3(c + 13) >> 1);
60 const int64_t c6 = MASK & (load_4(c + 15) >> 6);
61 const int64_t c7 = MASK & (load_3(c + 18) >> 3);
62 const int64_t c8 = MASK & load_3(c + 21);
63 const int64_t c9 = MASK & (load_4(c + 23) >> 5);
64 const int64_t c10 = MASK & (load_3(c + 26) >> 2);
65 const int64_t c11 = (load_4(c + 28) >> 7);
66
67 int64_t s0 = c0 + a0*b0;
68 int64_t s1 = c1 + a0*b1 + a1*b0;
69 int64_t s2 = c2 + a0*b2 + a1*b1 + a2*b0;
70 int64_t s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
71 int64_t s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
72 int64_t s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
73 int64_t s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
74 int64_t s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
75 int64_t s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
76 int64_t s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
77 int64_t s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
78 int64_t s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
79 int64_t s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
80 int64_t s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
81 int64_t s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
82 int64_t s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
83 int64_t s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
84 int64_t s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
85 int64_t s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
86 int64_t s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
87 int64_t s20 = a9*b11 + a10*b10 + a11*b9;
88 int64_t s21 = a10*b11 + a11*b10;
89 int64_t s22 = a11*b11;
90 int64_t s23 = 0;
91
92 carry<21>(s0, s1);
93 carry<21>(s2, s3);
94 carry<21>(s4, s5);
95 carry<21>(s6, s7);
96 carry<21>(s8, s9);
97 carry<21>(s10, s11);
98 carry<21>(s12, s13);
99 carry<21>(s14, s15);
100 carry<21>(s16, s17);
101 carry<21>(s18, s19);
102 carry<21>(s20, s21);
103 carry<21>(s22, s23);
104
105 carry<21>(s1, s2);
106 carry<21>(s3, s4);
107 carry<21>(s5, s6);
108 carry<21>(s7, s8);
109 carry<21>(s9, s10);
110 carry<21>(s11, s12);
111 carry<21>(s13, s14);
112 carry<21>(s15, s16);
113 carry<21>(s17, s18);
114 carry<21>(s19, s20);
115 carry<21>(s21, s22);
116
117 redc_mul(s11, s12, s13, s14, s15, s16, s23);
118 redc_mul(s10, s11, s12, s13, s14, s15, s22);
119 redc_mul( s9, s10, s11, s12, s13, s14, s21);
120 redc_mul( s8, s9, s10, s11, s12, s13, s20);
121 redc_mul( s7, s8, s9, s10, s11, s12, s19);
122 redc_mul( s6, s7, s8, s9, s10, s11, s18);
123
124 carry<21>(s6, s7);
125 carry<21>(s8, s9);
126 carry<21>(s10, s11);
127 carry<21>(s12, s13);
128 carry<21>(s14, s15);
129 carry<21>(s16, s17);
130
131 carry<21>(s7, s8);
132 carry<21>(s9, s10);
133 carry<21>(s11, s12);
134 carry<21>(s13, s14);
135 carry<21>(s15, s16);
136
137 redc_mul(s5, s6, s7, s8, s9, s10, s17);
138 redc_mul(s4, s5, s6, s7, s8, s9, s16);
139 redc_mul(s3, s4, s5, s6, s7, s8, s15);
140 redc_mul(s2, s3, s4, s5, s6, s7, s14);
141 redc_mul(s1, s2, s3, s4, s5, s6, s13);
142 redc_mul(s0, s1, s2, s3, s4, s5, s12);
143
144 carry<21>(s0, s1);
145 carry<21>(s2, s3);
146 carry<21>(s4, s5);
147 carry<21>(s6, s7);
148 carry<21>(s8, s9);
149 carry<21>(s10, s11);
150
151 carry<21>(s1, s2);
152 carry<21>(s3, s4);
153 carry<21>(s5, s6);
154 carry<21>(s7, s8);
155 carry<21>(s9, s10);
156 carry<21>(s11, s12);
157
158 redc_mul(s0, s1, s2, s3, s4, s5, s12);
159
160 carry0<21>(s0, s1);
161 carry0<21>(s1, s2);
162 carry0<21>(s2, s3);
163 carry0<21>(s3, s4);
164 carry0<21>(s4, s5);
165 carry0<21>(s5, s6);
166 carry0<21>(s6, s7);
167 carry0<21>(s7, s8);
168 carry0<21>(s8, s9);
169 carry0<21>(s9, s10);
170 carry0<21>(s10, s11);
171 carry0<21>(s11, s12);
172
173 redc_mul(s0, s1, s2, s3, s4, s5, s12);
174
175 carry0<21>(s0, s1);
176 carry0<21>(s1, s2);
177 carry0<21>(s2, s3);
178 carry0<21>(s3, s4);
179 carry0<21>(s4, s5);
180 carry0<21>(s5, s6);
181 carry0<21>(s6, s7);
182 carry0<21>(s7, s8);
183 carry0<21>(s8, s9);
184 carry0<21>(s9, s10);
185 carry0<21>(s10, s11);
186
187 s[0] = static_cast<uint8_t>(s0 >> 0);
188 s[1] = static_cast<uint8_t>(s0 >> 8);
189 s[2] = static_cast<uint8_t>((s0 >> 16) | (s1 << 5));
190 s[3] = static_cast<uint8_t>(s1 >> 3);
191 s[4] = static_cast<uint8_t>(s1 >> 11);
192 s[5] = static_cast<uint8_t>((s1 >> 19) | (s2 << 2));
193 s[6] = static_cast<uint8_t>(s2 >> 6);
194 s[7] = static_cast<uint8_t>((s2 >> 14) | (s3 << 7));
195 s[8] = static_cast<uint8_t>(s3 >> 1);
196 s[9] = static_cast<uint8_t>(s3 >> 9);
197 s[10] = static_cast<uint8_t>((s3 >> 17) | (s4 << 4));
198 s[11] = static_cast<uint8_t>(s4 >> 4);
199 s[12] = static_cast<uint8_t>(s4 >> 12);
200 s[13] = static_cast<uint8_t>((s4 >> 20) | (s5 << 1));
201 s[14] = static_cast<uint8_t>(s5 >> 7);
202 s[15] = static_cast<uint8_t>((s5 >> 15) | (s6 << 6));
203 s[16] = static_cast<uint8_t>(s6 >> 2);
204 s[17] = static_cast<uint8_t>(s6 >> 10);
205 s[18] = static_cast<uint8_t>((s6 >> 18) | (s7 << 3));
206 s[19] = static_cast<uint8_t>(s7 >> 5);
207 s[20] = static_cast<uint8_t>(s7 >> 13);
208 s[21] = static_cast<uint8_t>(s8 >> 0);
209 s[22] = static_cast<uint8_t>(s8 >> 8);
210 s[23] = static_cast<uint8_t>((s8 >> 16) | (s9 << 5));
211 s[24] = static_cast<uint8_t>(s9 >> 3);
212 s[25] = static_cast<uint8_t>(s9 >> 11);
213 s[26] = static_cast<uint8_t>((s9 >> 19) | (s10 << 2));
214 s[27] = static_cast<uint8_t>(s10 >> 6);
215 s[28] = static_cast<uint8_t>((s10 >> 14) | (s11 << 7));
216 s[29] = static_cast<uint8_t>(s11 >> 1);
217 s[30] = static_cast<uint8_t>(s11 >> 9);
218 s[31] = static_cast<uint8_t>(s11 >> 17);
219 }
void redc_mul(int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
uint64_t load_4(const uint8_t *in)
uint64_t load_3(const uint8_t in[3])

References load_3(), load_4(), and redc_mul().

Referenced by ed25519_sign().

◆ sc_reduce()

void Botan::sc_reduce ( uint8_t *  s)

Definition at line 25 of file sc_reduce.cpp.

26 {
27 const uint32_t MASK = 0x1fffff;
28
29 int64_t s0 = MASK & load_3(s);
30 int64_t s1 = MASK & (load_4(s + 2) >> 5);
31 int64_t s2 = MASK & (load_3(s + 5) >> 2);
32 int64_t s3 = MASK & (load_4(s + 7) >> 7);
33 int64_t s4 = MASK & (load_4(s + 10) >> 4);
34 int64_t s5 = MASK & (load_3(s + 13) >> 1);
35 int64_t s6 = MASK & (load_4(s + 15) >> 6);
36 int64_t s7 = MASK & (load_3(s + 18) >> 3);
37 int64_t s8 = MASK & load_3(s + 21);
38 int64_t s9 = MASK & (load_4(s + 23) >> 5);
39 int64_t s10 = MASK & (load_3(s + 26) >> 2);
40 int64_t s11 = MASK & (load_4(s + 28) >> 7);
41 int64_t s12 = MASK & (load_4(s + 31) >> 4);
42 int64_t s13 = MASK & (load_3(s + 34) >> 1);
43 int64_t s14 = MASK & (load_4(s + 36) >> 6);
44 int64_t s15 = MASK & (load_3(s + 39) >> 3);
45 int64_t s16 = MASK & load_3(s + 42);
46 int64_t s17 = MASK & (load_4(s + 44) >> 5);
47 int64_t s18 = MASK & (load_3(s + 47) >> 2);
48 int64_t s19 = MASK & (load_4(s + 49) >> 7);
49 int64_t s20 = MASK & (load_4(s + 52) >> 4);
50 int64_t s21 = MASK & (load_3(s + 55) >> 1);
51 int64_t s22 = MASK & (load_4(s + 57) >> 6);
52 int64_t s23 = (load_4(s + 60) >> 3);
53
54 redc_mul(s11, s12, s13, s14, s15, s16, s23);
55 redc_mul(s10, s11, s12, s13, s14, s15, s22);
56 redc_mul( s9, s10, s11, s12, s13, s14, s21);
57 redc_mul( s8, s9, s10, s11, s12, s13, s20);
58 redc_mul( s7, s8, s9, s10, s11, s12, s19);
59 redc_mul( s6, s7, s8, s9, s10, s11, s18);
60
61 carry<21>(s6, s7);
62 carry<21>(s8, s9);
63 carry<21>(s10, s11);
64 carry<21>(s12, s13);
65 carry<21>(s14, s15);
66 carry<21>(s16, s17);
67
68 carry<21>(s7, s8);
69 carry<21>(s9, s10);
70 carry<21>(s11, s12);
71 carry<21>(s13, s14);
72 carry<21>(s15, s16);
73
74 redc_mul(s5, s6, s7, s8, s9, s10, s17);
75 redc_mul(s4, s5, s6, s7, s8, s9, s16);
76 redc_mul(s3, s4, s5, s6, s7, s8, s15);
77 redc_mul(s2, s3, s4, s5, s6, s7, s14);
78 redc_mul(s1, s2, s3, s4, s5, s6, s13);
79 redc_mul(s0, s1, s2, s3, s4, s5, s12);
80
81 carry<21>(s0, s1);
82 carry<21>(s2, s3);
83 carry<21>(s4, s5);
84 carry<21>(s6, s7);
85 carry<21>(s8, s9);
86 carry<21>(s10, s11);
87
88 carry<21>(s1, s2);
89 carry<21>(s3, s4);
90 carry<21>(s5, s6);
91 carry<21>(s7, s8);
92 carry<21>(s9, s10);
93 carry<21>(s11, s12);
94
95 redc_mul(s0, s1, s2, s3, s4, s5, s12);
96
97 carry0<21>(s0, s1);
98 carry0<21>(s1, s2);
99 carry0<21>(s2, s3);
100 carry0<21>(s3, s4);
101 carry0<21>(s4, s5);
102 carry0<21>(s5, s6);
103 carry0<21>(s6, s7);
104 carry0<21>(s7, s8);
105 carry0<21>(s8, s9);
106 carry0<21>(s9, s10);
107 carry0<21>(s10, s11);
108 carry0<21>(s11, s12);
109
110 redc_mul(s0, s1, s2, s3, s4, s5, s12);
111
112 carry0<21>(s0, s1);
113 carry0<21>(s1, s2);
114 carry0<21>(s2, s3);
115 carry0<21>(s3, s4);
116 carry0<21>(s4, s5);
117 carry0<21>(s5, s6);
118 carry0<21>(s6, s7);
119 carry0<21>(s7, s8);
120 carry0<21>(s8, s9);
121 carry0<21>(s9, s10);
122 carry0<21>(s10, s11);
123 carry0<21>(s11, s12);
124
125 s[0] = static_cast<uint8_t>(s0 >> 0);
126 s[1] = static_cast<uint8_t>(s0 >> 8);
127 s[2] = static_cast<uint8_t>((s0 >> 16) | (s1 << 5));
128 s[3] = static_cast<uint8_t>(s1 >> 3);
129 s[4] = static_cast<uint8_t>(s1 >> 11);
130 s[5] = static_cast<uint8_t>((s1 >> 19) | (s2 << 2));
131 s[6] = static_cast<uint8_t>(s2 >> 6);
132 s[7] = static_cast<uint8_t>((s2 >> 14) | (s3 << 7));
133 s[8] = static_cast<uint8_t>(s3 >> 1);
134 s[9] = static_cast<uint8_t>(s3 >> 9);
135 s[10] = static_cast<uint8_t>((s3 >> 17) | (s4 << 4));
136 s[11] = static_cast<uint8_t>(s4 >> 4);
137 s[12] = static_cast<uint8_t>(s4 >> 12);
138 s[13] = static_cast<uint8_t>((s4 >> 20) | (s5 << 1));
139 s[14] = static_cast<uint8_t>(s5 >> 7);
140 s[15] = static_cast<uint8_t>((s5 >> 15) | (s6 << 6));
141 s[16] = static_cast<uint8_t>(s6 >> 2);
142 s[17] = static_cast<uint8_t>(s6 >> 10);
143 s[18] = static_cast<uint8_t>((s6 >> 18) | (s7 << 3));
144 s[19] = static_cast<uint8_t>(s7 >> 5);
145 s[20] = static_cast<uint8_t>(s7 >> 13);
146 s[21] = static_cast<uint8_t>(s8 >> 0);
147 s[22] = static_cast<uint8_t>(s8 >> 8);
148 s[23] = static_cast<uint8_t>((s8 >> 16) | (s9 << 5));
149 s[24] = static_cast<uint8_t>(s9 >> 3);
150 s[25] = static_cast<uint8_t>(s9 >> 11);
151 s[26] = static_cast<uint8_t>((s9 >> 19) | (s10 << 2));
152 s[27] = static_cast<uint8_t>(s10 >> 6);
153 s[28] = static_cast<uint8_t>((s10 >> 14) | (s11 << 7));
154 s[29] = static_cast<uint8_t>(s11 >> 1);
155 s[30] = static_cast<uint8_t>(s11 >> 9);
156 s[31] = static_cast<uint8_t>(s11 >> 17);
157 }

References load_3(), load_4(), and redc_mul().

Referenced by ed25519_sign(), and ed25519_verify().

◆ scrypt() [1/2]

void Botan::scrypt ( uint8_t  output[],
size_t  output_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
size_t  N,
size_t  r,
size_t  p 
)

Scrypt key derivation function (RFC 7914)

Parameters
outputthe output will be placed here
output_lenlength of output
passwordthe user password
password_lenlength of password
saltthe salt
salt_lenlength of salt
Nthe CPU/Memory cost parameter, must be power of 2
rthe block size parameter
pthe parallelization parameter

Suitable parameters for most uses would be N = 32768, r = 8, p = 1

Scrypt uses approximately (p + N + 1) * 128 * r bytes of memory

Definition at line 211 of file scrypt.cpp.

215 {
216 const size_t S = 128 * r;
217 secure_vector<uint8_t> B(p * S);
218 // temp space
219 secure_vector<uint8_t> V((N+1) * S);
220
221 auto hmac_sha256 = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)");
222
223 try
224 {
225 hmac_sha256->set_key(cast_char_ptr_to_uint8(password), password_len);
226 }
227 catch(Invalid_Key_Length&)
228 {
229 throw Invalid_Argument("Scrypt cannot accept passphrases of the provided length");
230 }
231
232 pbkdf2(*hmac_sha256.get(),
233 B.data(), B.size(),
234 salt, salt_len,
235 1);
236
237 // these can be parallel
238 for(size_t i = 0; i != p; ++i)
239 {
240 scryptROMmix(r, N, &B[128*r*i], V);
241 }
242
243 pbkdf2(*hmac_sha256.get(),
244 output, output_len,
245 B.data(), B.size(),
246 1);
247 }
size_t pbkdf2(MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
Definition pbkdf2.cpp:35

References cast_char_ptr_to_uint8(), Botan::MessageAuthenticationCode::create_or_throw(), pbkdf2(), and salt_len.

Referenced by Botan::Scrypt::derive_key(), scrypt(), and Botan::Scrypt_Family::tune().

◆ scrypt() [2/2]

void Botan::scrypt ( uint8_t  output[],
size_t  output_len,
const std::string &  password,
const uint8_t  salt[],
size_t  salt_len,
size_t  N,
size_t  r,
size_t  p 
)
inline

Scrypt key derivation function (RFC 7914) Before 2.8 this function was the primary interface for scrypt

Parameters
outputthe output will be placed here
output_lenlength of output
passwordthe user password
saltthe salt
salt_lenlength of salt
Nthe CPU/Memory cost parameter, must be power of 2
rthe block size parameter
pthe parallelization parameter

Suitable parameters for most uses would be N = 32768, r = 8, p = 1

Scrypt uses approximately (p + N + 1) * 128 * r bytes of memory

Definition at line 109 of file scrypt.h.

113 {
114 return scrypt(output, output_len,
115 password.c_str(), password.size(),
116 salt, salt_len,
117 N, r, p);
118 }
void scrypt(uint8_t output[], size_t output_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
Definition scrypt.cpp:211

References salt_len, and scrypt().

◆ scrypt_memory_usage()

size_t Botan::scrypt_memory_usage ( size_t  N,
size_t  r,
size_t  p 
)
inline

Definition at line 120 of file scrypt.h.

121 {
122 return 128 * r * (N + p);
123 }

Referenced by Botan::Scrypt::total_memory_usage(), and Botan::Scrypt_Family::tune().

◆ search_map() [1/2]

template<typename K , typename V , typename R >
R Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const R &  null_result,
const R &  found_result 
)
inline

Definition at line 63 of file stl_util.h.

65 {
66 auto i = mapping.find(key);
67 if(i == mapping.end())
68 return null_result;
69 return found_result;
70 }

◆ search_map() [2/2]

template<typename K , typename V >
V Botan::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const V &  null_result = V() 
)
inline

Definition at line 52 of file stl_util.h.

55 {
56 auto i = mapping.find(key);
57 if(i == mapping.end())
58 return null_result;
59 return i->second;
60 }

Referenced by Botan::HTTP::http_sync().

◆ secure_scrub_memory()

void Botan::secure_scrub_memory ( void *  ptr,
size_t  n 
)

Scrub memory contents in a way that a compiler should not elide, using some system specific technique. Note that this function might not zero the memory (for example, in some hypothetical implementation it might combine the memory contents with the output of a system PRNG), but if you can detect any difference in behavior at runtime then the clearing is side-effecting and you can just use clear_mem.

Use this function to scrub memory just before deallocating it, or on a stack buffer before returning from the function.

Parameters
ptra pointer to memory to scrub
nthe number of bytes pointed to by ptr

Definition at line 66 of file os_utils.cpp.

67 {
68#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY)
69 ::RtlSecureZeroMemory(ptr, n);
70
71#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO)
72 ::explicit_bzero(ptr, n);
73
74#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET)
75 (void)::explicit_memset(ptr, 0, n);
76
77#elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1)
78 /*
79 Call memset through a static volatile pointer, which the compiler
80 should not elide. This construct should be safe in conforming
81 compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and
82 Clang 3.8 both create code that saves the memset address in the
83 data segment and unconditionally loads and jumps to that address.
84 */
85 static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset;
86 (memset_ptr)(ptr, 0, n);
87#else
88
89 volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr);
90
91 for(size_t i = 0; i != n; ++i)
92 p[i] = 0;
93#endif
94 }

Referenced by botan_scrub_mem(), deallocate_memory(), Botan::OS::free_locked_pages(), Botan::GHASH::ghash_update(), Botan::Sodium::sodium_free(), Botan::Sodium::sodium_memzero(), Botan::FE_25519::~FE_25519(), and Botan::newhope_poly::~newhope_poly().

◆ set_mem()

void Botan::set_mem ( uint8_t *  ptr,
size_t  n,
uint8_t  val 
)
inline

Set memory to a fixed value

Parameters
ptra pointer to an array of bytes
nthe number of Ts pointed to by ptr
valthe value to set each byte to

Definition at line 182 of file mem_ops.h.

183 {
184 if(n > 0)
185 {
186 std::memset(ptr, val, n);
187 }
188 }

◆ SHA3_round()

void Botan::SHA3_round ( uint64_t  T[25],
const uint64_t  A[25],
uint64_t  RC 
)
inline

Definition at line 53 of file sha3_round.h.

54 {
55#if defined(BOTAN_HAS_BROKEN_CLANG_SHA3)
56 const auto C_tup = xor_CNs(A);
57 const uint64_t C0 = std::get<0>(C_tup);
58 const uint64_t C1 = std::get<1>(C_tup);
59 const uint64_t C2 = std::get<2>(C_tup);
60 const uint64_t C3 = std::get<3>(C_tup);
61 const uint64_t C4 = std::get<4>(C_tup);
62#else
63 const uint64_t C0 = A[0] ^ A[5] ^ A[10] ^ A[15] ^ A[20];
64 const uint64_t C1 = A[1] ^ A[6] ^ A[11] ^ A[16] ^ A[21];
65 const uint64_t C2 = A[2] ^ A[7] ^ A[12] ^ A[17] ^ A[22];
66 const uint64_t C3 = A[3] ^ A[8] ^ A[13] ^ A[18] ^ A[23];
67 const uint64_t C4 = A[4] ^ A[9] ^ A[14] ^ A[19] ^ A[24];
68#endif
69
70 const uint64_t D0 = rotl<1>(C0) ^ C3;
71 const uint64_t D1 = rotl<1>(C1) ^ C4;
72 const uint64_t D2 = rotl<1>(C2) ^ C0;
73 const uint64_t D3 = rotl<1>(C3) ^ C1;
74 const uint64_t D4 = rotl<1>(C4) ^ C2;
75
76 const uint64_t B00 = A[ 0] ^ D1;
77 const uint64_t B01 = rotl<44>(A[ 6] ^ D2);
78 const uint64_t B02 = rotl<43>(A[12] ^ D3);
79 const uint64_t B03 = rotl<21>(A[18] ^ D4);
80 const uint64_t B04 = rotl<14>(A[24] ^ D0);
81 T[ 0] = B00 ^ (~B01 & B02) ^ RC;
82 T[ 1] = B01 ^ (~B02 & B03);
83 T[ 2] = B02 ^ (~B03 & B04);
84 T[ 3] = B03 ^ (~B04 & B00);
85 T[ 4] = B04 ^ (~B00 & B01);
86
87 const uint64_t B05 = rotl<28>(A[ 3] ^ D4);
88 const uint64_t B06 = rotl<20>(A[ 9] ^ D0);
89 const uint64_t B07 = rotl< 3>(A[10] ^ D1);
90 const uint64_t B08 = rotl<45>(A[16] ^ D2);
91 const uint64_t B09 = rotl<61>(A[22] ^ D3);
92 T[ 5] = B05 ^ (~B06 & B07);
93 T[ 6] = B06 ^ (~B07 & B08);
94 T[ 7] = B07 ^ (~B08 & B09);
95 T[ 8] = B08 ^ (~B09 & B05);
96 T[ 9] = B09 ^ (~B05 & B06);
97
98 const uint64_t B10 = rotl< 1>(A[ 1] ^ D2);
99 const uint64_t B11 = rotl< 6>(A[ 7] ^ D3);
100 const uint64_t B12 = rotl<25>(A[13] ^ D4);
101 const uint64_t B13 = rotl< 8>(A[19] ^ D0);
102 const uint64_t B14 = rotl<18>(A[20] ^ D1);
103 T[10] = B10 ^ (~B11 & B12);
104 T[11] = B11 ^ (~B12 & B13);
105 T[12] = B12 ^ (~B13 & B14);
106 T[13] = B13 ^ (~B14 & B10);
107 T[14] = B14 ^ (~B10 & B11);
108
109 const uint64_t B15 = rotl<27>(A[ 4] ^ D0);
110 const uint64_t B16 = rotl<36>(A[ 5] ^ D1);
111 const uint64_t B17 = rotl<10>(A[11] ^ D2);
112 const uint64_t B18 = rotl<15>(A[17] ^ D3);
113 const uint64_t B19 = rotl<56>(A[23] ^ D4);
114 T[15] = B15 ^ (~B16 & B17);
115 T[16] = B16 ^ (~B17 & B18);
116 T[17] = B17 ^ (~B18 & B19);
117 T[18] = B18 ^ (~B19 & B15);
118 T[19] = B19 ^ (~B15 & B16);
119
120 const uint64_t B20 = rotl<62>(A[ 2] ^ D3);
121 const uint64_t B21 = rotl<55>(A[ 8] ^ D4);
122 const uint64_t B22 = rotl<39>(A[14] ^ D0);
123 const uint64_t B23 = rotl<41>(A[15] ^ D1);
124 const uint64_t B24 = rotl< 2>(A[21] ^ D2);
125 T[20] = B20 ^ (~B21 & B22);
126 T[21] = B21 ^ (~B22 & B23);
127 T[22] = B22 ^ (~B23 & B24);
128 T[23] = B23 ^ (~B24 & B20);
129 T[24] = B24 ^ (~B20 & B21);
130 }

References T.

Referenced by Botan::SHA_3::permute().

◆ short_version_cstr()

const char * Botan::short_version_cstr ( )

Same as version_short_string except returning a pointer to the string.

Definition at line 22 of file version.cpp.

23 {
24 return STR(BOTAN_VERSION_MAJOR) "."
25 STR(BOTAN_VERSION_MINOR) "."
26 STR(BOTAN_VERSION_PATCH)
27#if defined(BOTAN_VERSION_SUFFIX)
28 STR(BOTAN_VERSION_SUFFIX)
29#endif
30 ;
31 }
#define STR(macro)
Definition version.cpp:20

References STR.

Referenced by short_version_string().

◆ short_version_string()

std::string Botan::short_version_string ( )

Return a version string of the form "MAJOR.MINOR.PATCH" where each of the values is an integer.

Definition at line 70 of file version.cpp.

71 {
72 return std::string(short_version_cstr());
73 }
const char * short_version_cstr()
Definition version.cpp:22

References short_version_cstr().

Referenced by runtime_version_check().

◆ sig_algo_and_pad_ok()

bool Botan::sig_algo_and_pad_ok ( const std::string  algo,
const std::string  padding 
)

Returns true iff the given padding scheme is valid for the given signature algorithm (key type).

Parameters
algothe signature algorithm to be used
paddingthe padding scheme to be used

Definition at line 39 of file padding.cpp.

40 {
41 std::vector<std::string> pads = get_sig_paddings(algo);
42 return std::find(pads.begin(), pads.end(), padding) != pads.end();
43 }
const std::vector< std::string > get_sig_paddings(const std::string algo)
Definition padding.cpp:32

References get_sig_paddings().

Referenced by Botan::EMSA1::config_for_x509(), Botan::EMSA_PKCS1v15::config_for_x509(), and Botan::PSSR::config_for_x509().

◆ significant_bytes()

template<typename T >
size_t Botan::significant_bytes ( T  n)
inline

Return the number of significant bytes in n

Parameters
nan integer value
Returns
number of significant bytes in n

Definition at line 77 of file bit_ops.h.

78 {
79 size_t b = 0;
80
81 for(size_t s = 8*sizeof(n) / 2; s >= 8; s /= 2)
82 {
83 const size_t z = s * (~ct_is_zero(n >> s) & 1);
84 b += z/8;
85 n >>= z;
86 }
87
88 b += (n != 0);
89
90 return b;
91 }

◆ sm2_compute_za()

std::vector< uint8_t > Botan::sm2_compute_za ( HashFunction hash,
const std::string &  user_id,
const EC_Group domain,
const PointGFp pubkey 
)

Definition at line 52 of file sm2.cpp.

56 {
57 if(user_id.size() >= 8192)
58 throw Invalid_Argument("SM2 user id too long to represent");
59
60 const uint16_t uid_len = static_cast<uint16_t>(8 * user_id.size());
61
62 hash.update(get_byte(0, uid_len));
63 hash.update(get_byte(1, uid_len));
64 hash.update(user_id);
65
66 const size_t p_bytes = domain.get_p_bytes();
67
68 hash.update(BigInt::encode_1363(domain.get_a(), p_bytes));
69 hash.update(BigInt::encode_1363(domain.get_b(), p_bytes));
70 hash.update(BigInt::encode_1363(domain.get_g_x(), p_bytes));
71 hash.update(BigInt::encode_1363(domain.get_g_y(), p_bytes));
72 hash.update(BigInt::encode_1363(pubkey.get_affine_x(), p_bytes));
73 hash.update(BigInt::encode_1363(pubkey.get_affine_y(), p_bytes));
74
75 std::vector<uint8_t> za(hash.output_length());
76 hash.final(za.data());
77
78 return za;
79 }
const BigInt & get_b() const
Definition ec_group.cpp:499
const BigInt & get_a() const
Definition ec_group.cpp:494
const BigInt & get_g_y() const
Definition ec_group.cpp:519
const BigInt & get_g_x() const
Definition ec_group.cpp:514
size_t get_p_bytes() const
Definition ec_group.cpp:474
BigInt get_affine_y() const
BigInt get_affine_x() const

References Botan::BigInt::encode_1363(), Botan::EC_Group::get_a(), Botan::PointGFp::get_affine_x(), Botan::PointGFp::get_affine_y(), Botan::EC_Group::get_b(), get_byte(), Botan::EC_Group::get_g_x(), Botan::EC_Group::get_g_y(), Botan::EC_Group::get_p_bytes(), and hash.

Referenced by botan_pubkey_sm2_compute_za().

◆ split_on()

std::vector< std::string > Botan::split_on ( const std::string &  str,
char  delim 
)

Split a string

Parameters
strthe input string
delimthe delimitor
Returns
string split by delim

Definition at line 148 of file parsing.cpp.

149 {
150 return split_on_pred(str, [delim](char c) { return c == delim; });
151 }
std::vector< std::string > split_on_pred(const std::string &str, std::function< bool(char)> pred)
Definition parsing.cpp:153

References split_on_pred().

Referenced by argon2_check_pwhash(), Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism(), create_private_key(), Botan::TLS::Text_Policy::get_list(), Botan::X509_Object::hash_used_for_signature(), Botan::TLS::Text_Policy::key_exchange_groups(), load_public_key(), pbes2_decrypt(), read_kv(), string_to_ipv4(), Botan::X509_Object::verify_signature(), Botan::OCSP::Response::verify_signature(), and Botan::X509_Cert_Options::X509_Cert_Options().

◆ split_on_pred()

std::vector< std::string > Botan::split_on_pred ( const std::string &  str,
std::function< bool(char)>  pred 
)

Split a string on a character predicate

Parameters
strthe input string
predthe predicate

This function will likely be removed in a future release

Definition at line 153 of file parsing.cpp.

155 {
156 std::vector<std::string> elems;
157 if(str.empty()) return elems;
158
159 std::string substr;
160 for(auto i = str.begin(); i != str.end(); ++i)
161 {
162 if(pred(*i))
163 {
164 if(!substr.empty())
165 elems.push_back(substr);
166 substr.clear();
167 }
168 else
169 substr += *i;
170 }
171
172 if(substr.empty())
173 throw Invalid_Argument("Unable to split string: " + str);
174 elems.push_back(substr);
175
176 return elems;
177 }

Referenced by split_on().

◆ square()

BigInt Botan::square ( const BigInt x)
Parameters
xan integer
Returns
(x*x)

Definition at line 19 of file mp_numth.cpp.

20 {
21 BigInt z = x;
23 z.square(ws);
24 return z;
25 }
BigInt & square(secure_vector< word > &ws)
Definition big_ops2.cpp:197

References Botan::BigInt::square().

Referenced by Botan::Modular_Reducer::cube(), and Botan::Modular_Reducer::square().

◆ srp6_client_agree() [1/2]

std::pair< BigInt, SymmetricKey > Botan::srp6_client_agree ( const std::string &  username,
const std::string &  password,
const DL_Group group,
const std::string &  hash_id,
const std::vector< uint8_t > &  salt,
const BigInt B,
size_t  a_bits,
RandomNumberGenerator rng 
)

SRP6a Client side

Parameters
usernamethe username we are attempting login for
passwordthe password we are attempting to use
groupspecifies the shared SRP group
hash_idspecifies a secure hash function
saltis the salt value sent by the server
Bis the server's public value
a_bitssize of secret exponent in bits
rngis a random number generator
Returns
(A,K) the client public key and the shared secret key

Definition at line 92 of file srp6.cpp.

100 {
101 const BigInt& g = group.get_g();
102 const BigInt& p = group.get_p();
103
104 const size_t p_bytes = group.p_bytes();
105
106 if(B <= 0 || B >= p)
107 throw Decoding_Error("Invalid SRP parameter from server");
108
109 const BigInt k = hash_seq(hash_id, p_bytes, p, g);
110
111 const BigInt a(rng, a_bits);
112
113 const BigInt A = group.power_g_p(a, a_bits);
114
115 const BigInt u = hash_seq(hash_id, p_bytes, A, B);
116
117 const BigInt x = compute_x(hash_id, identifier, password, salt);
118
119 const BigInt S = power_mod(group.mod_p(B - (k * power_mod(g, x, p))),
120 group.mod_p(a + (u * x)), p);
121
122 const SymmetricKey Sk(BigInt::encode_1363(S, p_bytes));
123
124 return std::make_pair(A, Sk);
125 }
BigInt mod_p(const BigInt &x) const
Definition dl_group.cpp:489
const BigInt & get_p() const
Definition dl_group.cpp:425
size_t p_bytes() const
Definition dl_group.cpp:456
const BigInt & get_g() const
Definition dl_group.cpp:433

References Botan::BigInt::encode_1363(), Botan::DL_Group::get_g(), Botan::DL_Group::get_p(), Botan::DL_Group::mod_p(), Botan::DL_Group::p_bytes(), Botan::DL_Group::power_g_p(), and power_mod().

◆ srp6_client_agree() [2/2]

std::pair< BigInt, SymmetricKey > Botan::srp6_client_agree ( const std::string &  username,
const std::string &  password,
const std::string &  group_id,
const std::string &  hash_id,
const std::vector< uint8_t > &  salt,
const BigInt B,
RandomNumberGenerator rng 
)

SRP6a Client side

Parameters
usernamethe username we are attempting login for
passwordthe password we are attempting to use
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function
saltis the salt value sent by the server
Bis the server's public value
rngis a random number generator
Returns
(A,K) the client public key and the shared secret key

Definition at line 77 of file srp6.cpp.

84 {
85 DL_Group group(group_id);
86 const size_t a_bits = group.exponent_bits();
87
88 return srp6_client_agree(identifier, password, group, hash_id, salt, B, a_bits, rng);
89 }
std::pair< BigInt, SymmetricKey > srp6_client_agree(const std::string &identifier, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const BigInt &B, RandomNumberGenerator &rng)
Definition srp6.cpp:77

References Botan::DL_Group::exponent_bits(), and srp6_client_agree().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), and srp6_client_agree().

◆ srp6_group_identifier()

std::string Botan::srp6_group_identifier ( const BigInt N,
const BigInt g 
)

Return the group id for this SRP param set, or else thrown an exception

Parameters
Nthe group modulus
gthe group generator
Returns
group identifier

Definition at line 53 of file srp6.cpp.

54 {
55 /*
56 This function assumes that only one 'standard' SRP parameter set has
57 been defined for a particular bitsize. As of this writing that is the case.
58 */
59 try
60 {
61 const std::string group_name = "modp/srp/" + std::to_string(N.bits());
62
63 DL_Group group(group_name);
64
65 if(group.get_p() == N && group.get_g() == g)
66 return group_name;
67 }
68 catch(...)
69 {
70 }
71
72 // If we didn't return, the group was unknown or did not match
73 throw Invalid_Argument("Invalid or unknown SRP group parameters");
74 }

References Botan::BigInt::bits(), Botan::DL_Group::get_g(), and Botan::DL_Group::get_p().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ store_be() [1/6]

void Botan::store_be ( uint16_t  in,
uint8_t  out[2] 
)
inline

Store a big-endian uint16_t

Parameters
inthe input uint16_t
outthe byte array to write to

Definition at line 438 of file loadstor.h.

439 {
440#if defined(BOTAN_ENDIAN_N2B)
441 uint16_t o = BOTAN_ENDIAN_N2B(in);
442 typecast_copy(out, o);
443#else
444 out[0] = get_byte(0, in);
445 out[1] = get_byte(1, in);
446#endif
447 }

References get_byte(), and typecast_copy().

Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::BigInt::binary_encode(), copy_out_be(), Botan::FPE_FE1::decrypt(), Botan::Blowfish::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::FPE_FE1::encrypt(), Botan::TLS::Session::encrypt(), Botan::Blowfish::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::TLS::Connection_Cipher_State::format_ad(), Botan::SP800_108_Counter::kdf(), Botan::SP800_108_Feedback::kdf(), Botan::SP800_108_Pipeline::kdf(), Botan::TLS::make_hello_random(), nist_key_wrap_padded(), Botan::CTR_BE::seek(), Botan::SIMD_4x32::store_be(), store_be(), store_be(), store_be(), Botan::Buffered_Computation::update_be(), Botan::Buffered_Computation::update_be(), Botan::Buffered_Computation::update_be(), and Botan::MDx_HashFunction::write_count().

◆ store_be() [2/6]

void Botan::store_be ( uint32_t  in,
uint8_t  out[4] 
)
inline

Store a big-endian uint32_t

Parameters
inthe input uint32_t
outthe byte array to write to

Definition at line 470 of file loadstor.h.

471 {
472#if defined(BOTAN_ENDIAN_B2N)
473 uint32_t o = BOTAN_ENDIAN_B2N(in);
474 typecast_copy(out, o);
475#else
476 out[0] = get_byte(0, in);
477 out[1] = get_byte(1, in);
478 out[2] = get_byte(2, in);
479 out[3] = get_byte(3, in);
480#endif
481 }

References get_byte(), and typecast_copy().

◆ store_be() [3/6]

void Botan::store_be ( uint64_t  in,
uint8_t  out[8] 
)
inline

Store a big-endian uint64_t

Parameters
inthe input uint64_t
outthe byte array to write to

Definition at line 506 of file loadstor.h.

507 {
508#if defined(BOTAN_ENDIAN_B2N)
509 uint64_t o = BOTAN_ENDIAN_B2N(in);
510 typecast_copy(out, o);
511#else
512 out[0] = get_byte(0, in);
513 out[1] = get_byte(1, in);
514 out[2] = get_byte(2, in);
515 out[3] = get_byte(3, in);
516 out[4] = get_byte(4, in);
517 out[5] = get_byte(5, in);
518 out[6] = get_byte(6, in);
519 out[7] = get_byte(7, in);
520#endif
521 }

References get_byte(), and typecast_copy().

◆ store_be() [4/6]

template<typename T >
void Botan::store_be ( uint8_t  out[],
T  x0,
T  x1 
)
inline

Store two big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word

Definition at line 565 of file loadstor.h.

566 {
567 store_be(x0, out + (0 * sizeof(T)));
568 store_be(x1, out + (1 * sizeof(T)));
569 }

References store_be(), and T.

◆ store_be() [5/6]

template<typename T >
void Botan::store_be ( uint8_t  out[],
T  x0,
T  x1,
T  x2,
T  x3 
)
inline

Store four big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 597 of file loadstor.h.

598 {
599 store_be(x0, out + (0 * sizeof(T)));
600 store_be(x1, out + (1 * sizeof(T)));
601 store_be(x2, out + (2 * sizeof(T)));
602 store_be(x3, out + (3 * sizeof(T)));
603 }

References store_be(), and T.

◆ store_be() [6/6]

template<typename T >
void Botan::store_be ( uint8_t  out[],
T  x0,
T  x1,
T  x2,
T  x3,
T  x4,
T  x5,
T  x6,
T  x7 
)
inline

Store eight big-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 644 of file loadstor.h.

646 {
647 store_be(x0, out + (0 * sizeof(T)));
648 store_be(x1, out + (1 * sizeof(T)));
649 store_be(x2, out + (2 * sizeof(T)));
650 store_be(x3, out + (3 * sizeof(T)));
651 store_be(x4, out + (4 * sizeof(T)));
652 store_be(x5, out + (5 * sizeof(T)));
653 store_be(x6, out + (6 * sizeof(T)));
654 store_be(x7, out + (7 * sizeof(T)));
655 }

References store_be(), and T.

◆ store_le() [1/6]

void Botan::store_le ( uint16_t  in,
uint8_t  out[2] 
)
inline

◆ store_le() [2/6]

void Botan::store_le ( uint32_t  in,
uint8_t  out[4] 
)
inline

Store a little-endian uint32_t

Parameters
inthe input uint32_t
outthe byte array to write to

Definition at line 488 of file loadstor.h.

489 {
490#if defined(BOTAN_ENDIAN_L2N)
491 uint32_t o = BOTAN_ENDIAN_L2N(in);
492 typecast_copy(out, o);
493#else
494 out[0] = get_byte(3, in);
495 out[1] = get_byte(2, in);
496 out[2] = get_byte(1, in);
497 out[3] = get_byte(0, in);
498#endif
499 }

References get_byte(), and typecast_copy().

◆ store_le() [3/6]

void Botan::store_le ( uint64_t  in,
uint8_t  out[8] 
)
inline

Store a little-endian uint64_t

Parameters
inthe input uint64_t
outthe byte array to write to

Definition at line 528 of file loadstor.h.

529 {
530#if defined(BOTAN_ENDIAN_L2N)
531 uint64_t o = BOTAN_ENDIAN_L2N(in);
532 typecast_copy(out, o);
533#else
534 out[0] = get_byte(7, in);
535 out[1] = get_byte(6, in);
536 out[2] = get_byte(5, in);
537 out[3] = get_byte(4, in);
538 out[4] = get_byte(3, in);
539 out[5] = get_byte(2, in);
540 out[6] = get_byte(1, in);
541 out[7] = get_byte(0, in);
542#endif
543 }

References get_byte(), and typecast_copy().

◆ store_le() [4/6]

template<typename T >
void Botan::store_le ( uint8_t  out[],
T  x0,
T  x1 
)
inline

Store two little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word

Definition at line 552 of file loadstor.h.

553 {
554 store_le(x0, out + (0 * sizeof(T)));
555 store_le(x1, out + (1 * sizeof(T)));
556 }

References store_le(), and T.

◆ store_le() [5/6]

template<typename T >
void Botan::store_le ( uint8_t  out[],
T  x0,
T  x1,
T  x2,
T  x3 
)
inline

Store four little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word

Definition at line 580 of file loadstor.h.

581 {
582 store_le(x0, out + (0 * sizeof(T)));
583 store_le(x1, out + (1 * sizeof(T)));
584 store_le(x2, out + (2 * sizeof(T)));
585 store_le(x3, out + (3 * sizeof(T)));
586 }

References store_le(), and T.

◆ store_le() [6/6]

template<typename T >
void Botan::store_le ( uint8_t  out[],
T  x0,
T  x1,
T  x2,
T  x3,
T  x4,
T  x5,
T  x6,
T  x7 
)
inline

Store eight little-endian words

Parameters
outthe output byte array
x0the first word
x1the second word
x2the third word
x3the fourth word
x4the fifth word
x5the sixth word
x6the seventh word
x7the eighth word

Definition at line 618 of file loadstor.h.

620 {
621 store_le(x0, out + (0 * sizeof(T)));
622 store_le(x1, out + (1 * sizeof(T)));
623 store_le(x2, out + (2 * sizeof(T)));
624 store_le(x3, out + (3 * sizeof(T)));
625 store_le(x4, out + (4 * sizeof(T)));
626 store_le(x5, out + (5 * sizeof(T)));
627 store_le(x6, out + (6 * sizeof(T)));
628 store_le(x7, out + (7 * sizeof(T)));
629 }

References store_le(), and T.

◆ string_join()

std::string Botan::string_join ( const std::vector< std::string > &  strs,
char  delim 
)

Join a string

Parameters
strsstrings to join
delimthe delimitor
Returns
string joined by delim

Definition at line 182 of file parsing.cpp.

183 {
184 std::string out = "";
185
186 for(size_t i = 0; i != strs.size(); ++i)
187 {
188 if(i != 0)
189 out += delim;
190 out += strs[i];
191 }
192
193 return out;
194 }

Referenced by Botan::Parallel::name(), and Botan::CPUID::to_string().

◆ string_to_ipv4()

uint32_t Botan::string_to_ipv4 ( const std::string &  ip_str)

Convert a string representation of an IPv4 address to a number

Parameters
ip_strthe string representation
Returns
integer IPv4 address

Definition at line 253 of file parsing.cpp.

254 {
255 std::vector<std::string> parts = split_on(str, '.');
256
257 if(parts.size() != 4)
258 throw Decoding_Error("Invalid IP string " + str);
259
260 uint32_t ip = 0;
261
262 for(auto part = parts.begin(); part != parts.end(); ++part)
263 {
264 uint32_t octet = to_u32bit(*part);
265
266 if(octet > 255)
267 throw Decoding_Error("Invalid IP string " + str);
268
269 ip = (ip << 8) | (octet & 0xFF);
270 }
271
272 return ip;
273 }

References split_on(), and to_u32bit().

◆ sub_mul()

BigInt Botan::sub_mul ( const BigInt a,
const BigInt b,
const BigInt c 
)

Fused subtract-multiply

Parameters
aan integer
ban integer
can integer
Returns
(a-b)*c

Definition at line 59 of file mp_numth.cpp.

60 {
61 if(a.is_negative() || b.is_negative())
62 throw Invalid_Argument("sub_mul: First two arguments must be >= 0");
63
64 BigInt r = a;
65 r -= b;
66 r *= c;
67 return r;
68 }

References Botan::BigInt::is_negative().

◆ swap_bits()

template<typename T >
void Botan::swap_bits ( T x,
T y,
T  mask,
size_t  shift 
)
inline

Definition at line 162 of file bit_ops.h.

163 {
164 const T swap = ((x >> shift) ^ y) & mask;
165 x ^= swap << shift;
166 y ^= swap;
167 }

References T.

◆ syndrome_init()

std::vector< polyn_gf2m > Botan::syndrome_init ( polyn_gf2m const &  generator,
std::vector< gf2m > const &  support,
int  n 
)

Definition at line 721 of file polyn_gf2m.cpp.

722 {
723 int i,j,t;
724 gf2m a;
725
726
727 std::shared_ptr<GF2m_Field> m_sp_field = generator.m_sp_field;
728
729 std::vector<polyn_gf2m> result;
730 t = generator.get_degree();
731
732 //g(z)=g_t+g_(t-1).z^(t-1)+......+g_1.z+g_0
733 //f(z)=f_(t-1).z^(t-1)+......+f_1.z+f_0
734
735 for(j=0;j<n;j++)
736 {
737 result.push_back(polyn_gf2m( t-1, m_sp_field));
738
739 (*&result[j]).set_coef(t-1,1);
740 for(i=t-2;i>=0;i--)
741 {
742 (*&result[j]).set_coef(i, (generator)[i+1] ^
743 m_sp_field->gf_mul(lex_to_gray(support[j]),result[j][i+1]));
744 }
745 a = ((generator)[0] ^ m_sp_field->gf_mul(lex_to_gray(support[j]),result[j][0]));
746 for(i=0;i<t;i++)
747 {
748 (*&result[j]).set_coef(i, m_sp_field->gf_div(result[j][i],a));
749 }
750 }
751 return result;
752 }
gf2m lex_to_gray(gf2m lex)

References Botan::polyn_gf2m::get_degree(), lex_to_gray(), and Botan::polyn_gf2m::m_sp_field.

Referenced by generate_mceliece_key().

◆ system_rng()

RandomNumberGenerator & Botan::system_rng ( )

Return a shared reference to a global PRNG instance provided by the operating system. For instance might be instantiated by /dev/urandom or CryptGenRandom.

Definition at line 283 of file system_rng.cpp.

284 {
285 static System_RNG_Impl g_system_rng;
286 return g_system_rng;
287 }

Referenced by Botan::System_RNG::accepts_input(), Botan::System_RNG::add_entropy(), botan_pk_op_decrypt_create(), botan_pk_op_encrypt_create(), botan_pk_op_key_agreement_create(), botan_pk_op_sign_create(), botan_rng_reseed(), Botan::System_RNG::clear(), Botan::System_RNG::is_seeded(), Botan::System_RNG::name(), Botan::Sodium::randombytes_buf(), Botan::System_RNG::randomize(), and Botan::Stateful_RNG::randomize_with_ts_input().

◆ throw_invalid_argument()

BOTAN_NORETURN void BOTAN_UNSTABLE_API Botan::throw_invalid_argument ( const char *  message,
const char *  func,
const char *  file 
)

Called when an invalid argument is used Throws Invalid_Argument

Definition at line 13 of file assert.cpp.

16 {
17 std::ostringstream format;
18 format << message << " in " << func << ":" << file;
19 throw Invalid_Argument(format.str());
20 }

◆ throw_invalid_state()

BOTAN_NORETURN void BOTAN_UNSTABLE_API Botan::throw_invalid_state ( const char *  message,
const char *  func,
const char *  file 
)

Called when an invalid state is encountered Throws Invalid_State

Definition at line 22 of file assert.cpp.

25 {
26 std::ostringstream format;
27 format << "Invalid state: " << expr << " was false in " << func << ":" << file;
28 throw Invalid_State(format.str());
29 }

◆ timespec_to_u32bit()

uint32_t Botan::timespec_to_u32bit ( const std::string &  timespec)

Convert a time specification to a number

Parameters
timespecthe time specification
Returns
number of seconds represented by timespec

Definition at line 64 of file parsing.cpp.

65 {
66 if(timespec.empty())
67 return 0;
68
69 const char suffix = timespec[timespec.size()-1];
70 std::string value = timespec.substr(0, timespec.size()-1);
71
72 uint32_t scale = 1;
73
74 if(Charset::is_digit(suffix))
75 value += suffix;
76 else if(suffix == 's')
77 scale = 1;
78 else if(suffix == 'm')
79 scale = 60;
80 else if(suffix == 'h')
81 scale = 60 * 60;
82 else if(suffix == 'd')
83 scale = 24 * 60 * 60;
84 else if(suffix == 'y')
85 scale = 365 * 24 * 60 * 60;
86 else
87 throw Decoding_Error("timespec_to_u32bit: Bad input " + timespec);
88
89 return scale * to_u32bit(value);
90 }

References Botan::Charset::is_digit(), and to_u32bit().

◆ to_byte_vector()

std::vector< uint8_t > Botan::to_byte_vector ( const std::string &  s)
inline

Definition at line 20 of file stl_util.h.

21 {
22 return std::vector<uint8_t>(s.cbegin(), s.cend());
23 }

Referenced by Botan::TLS::Channel::key_material_export().

◆ to_string() [1/3]

const char * Botan::to_string ( Certificate_Status_Code  code)

Convert a status code to a human readable diagnostic message

Parameters
codethe certifcate status
Returns
string literal constant, or nullptr if code unknown

Definition at line 11 of file cert_status.cpp.

12 {
13 switch(code)
14 {
15 case Certificate_Status_Code::VERIFIED:
16 return "Verified";
17 case Certificate_Status_Code::OCSP_RESPONSE_GOOD:
18 return "OCSP response accepted as affirming unrevoked status for certificate";
19 case Certificate_Status_Code::OCSP_SIGNATURE_OK:
20 return "Signature on OCSP response was found valid";
21 case Certificate_Status_Code::VALID_CRL_CHECKED:
22 return "Valid CRL examined";
23
24 case Certificate_Status_Code::CERT_SERIAL_NEGATIVE:
25 return "Certificate serial number is negative";
26 case Certificate_Status_Code::DN_TOO_LONG:
27 return "Distinguished name too long";
28 case Certificate_Status_Code::OCSP_NO_REVOCATION_URL:
29 return "OCSP URL not available";
30 case Certificate_Status_Code::OCSP_SERVER_NOT_AVAILABLE:
31 return "OCSP server not available";
32
33 case Certificate_Status_Code::NO_REVOCATION_DATA:
34 return "No revocation data";
35 case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
36 return "Signature method too weak";
37 case Certificate_Status_Code::UNTRUSTED_HASH:
38 return "Hash function used is considered too weak for security";
39
40 case Certificate_Status_Code::CERT_NOT_YET_VALID:
41 return "Certificate is not yet valid";
42 case Certificate_Status_Code::CERT_HAS_EXPIRED:
43 return "Certificate has expired";
44 case Certificate_Status_Code::OCSP_NOT_YET_VALID:
45 return "OCSP is not yet valid";
46 case Certificate_Status_Code::OCSP_HAS_EXPIRED:
47 return "OCSP response has expired";
48 case Certificate_Status_Code::OCSP_IS_TOO_OLD:
49 return "OCSP response is too old";
50 case Certificate_Status_Code::CRL_NOT_YET_VALID:
51 return "CRL response is not yet valid";
52 case Certificate_Status_Code::CRL_HAS_EXPIRED:
53 return "CRL has expired";
54
55 case Certificate_Status_Code::CERT_ISSUER_NOT_FOUND:
56 return "Certificate issuer not found";
57 case Certificate_Status_Code::CANNOT_ESTABLISH_TRUST:
58 return "Cannot establish trust";
59 case Certificate_Status_Code::CERT_CHAIN_LOOP:
60 return "Loop in certificate chain";
61 case Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT:
62 return "Certificate chain does not end in a CA certificate";
63 case Certificate_Status_Code::CHAIN_NAME_MISMATCH:
64 return "Certificate issuer does not match subject of issuing cert";
65
66 case Certificate_Status_Code::POLICY_ERROR:
67 return "Certificate policy error";
68 case Certificate_Status_Code::DUPLICATE_CERT_POLICY:
69 return "Certificate contains duplicate policy";
70 case Certificate_Status_Code::INVALID_USAGE:
71 return "Certificate does not allow the requested usage";
72 case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
73 return "Certificate chain too long";
74 case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
75 return "CA certificate not allowed to issue certs";
76 case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER:
77 return "CA certificate not allowed to issue CRLs";
78 case Certificate_Status_Code::NO_MATCHING_CRLDP:
79 return "No CRL with matching distribution point for certificate";
80 case Certificate_Status_Code::OCSP_CERT_NOT_LISTED:
81 return "OCSP cert not listed";
82 case Certificate_Status_Code::OCSP_BAD_STATUS:
83 return "OCSP bad status";
84 case Certificate_Status_Code::CERT_NAME_NOMATCH:
85 return "Certificate does not match provided name";
86 case Certificate_Status_Code::NAME_CONSTRAINT_ERROR:
87 return "Certificate does not pass name constraint";
88 case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION:
89 return "Unknown critical extension encountered";
90 case Certificate_Status_Code::DUPLICATE_CERT_EXTENSION:
91 return "Duplicate certificate extension encountered";
92 case Certificate_Status_Code::EXT_IN_V1_V2_CERT:
93 return "Encountered extension in certificate with version that does not allow it";
94 case Certificate_Status_Code::V2_IDENTIFIERS_IN_V1_CERT:
95 return "Encountered v2 identifiers in v1 certificate";
96 case Certificate_Status_Code::OCSP_SIGNATURE_ERROR:
97 return "OCSP signature error";
98 case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND:
99 return "Unable to find certificate issusing OCSP response";
100 case Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE:
101 return "OCSP issuer's keyusage prohibits OCSP";
102 case Certificate_Status_Code::OCSP_RESPONSE_INVALID:
103 return "OCSP parsing valid";
104 case Certificate_Status_Code::OCSP_NO_HTTP:
105 return "OCSP requests not available, no HTTP support compiled in";
106 case Certificate_Status_Code::CERT_IS_REVOKED:
107 return "Certificate is revoked";
108 case Certificate_Status_Code::CRL_BAD_SIGNATURE:
109 return "CRL bad signature";
110 case Certificate_Status_Code::SIGNATURE_ERROR:
111 return "Signature error";
112 case Certificate_Status_Code::CERT_PUBKEY_INVALID:
113 return "Certificate public key invalid";
114 case Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN:
115 return "Certificate signed with unknown/unavailable algorithm";
116 case Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS:
117 return "Certificate signature has invalid parameters";
118
119 // intentionally no default so we are warned if new enum values are added
120 }
121
122 return nullptr;
123 }

References CA_CERT_NOT_FOR_CERT_ISSUER, CA_CERT_NOT_FOR_CRL_ISSUER, CANNOT_ESTABLISH_TRUST, CERT_CHAIN_LOOP, CERT_CHAIN_TOO_LONG, CERT_HAS_EXPIRED, CERT_IS_REVOKED, CERT_ISSUER_NOT_FOUND, CERT_NAME_NOMATCH, CERT_NOT_YET_VALID, CERT_PUBKEY_INVALID, CERT_SERIAL_NEGATIVE, CHAIN_LACKS_TRUST_ROOT, CHAIN_NAME_MISMATCH, CRL_BAD_SIGNATURE, CRL_HAS_EXPIRED, CRL_NOT_YET_VALID, DN_TOO_LONG, DUPLICATE_CERT_EXTENSION, DUPLICATE_CERT_POLICY, EXT_IN_V1_V2_CERT, INVALID_USAGE, NAME_CONSTRAINT_ERROR, NO_MATCHING_CRLDP, NO_REVOCATION_DATA, OCSP_BAD_STATUS, OCSP_CERT_NOT_LISTED, OCSP_HAS_EXPIRED, OCSP_IS_TOO_OLD, OCSP_ISSUER_NOT_FOUND, OCSP_NO_HTTP, OCSP_NO_REVOCATION_URL, OCSP_NOT_YET_VALID, OCSP_RESPONSE_GOOD, OCSP_RESPONSE_INVALID, OCSP_RESPONSE_MISSING_KEYUSAGE, OCSP_SERVER_NOT_AVAILABLE, OCSP_SIGNATURE_ERROR, OCSP_SIGNATURE_OK, POLICY_ERROR, SIGNATURE_ALGO_BAD_PARAMS, SIGNATURE_ALGO_UNKNOWN, SIGNATURE_ERROR, SIGNATURE_METHOD_TOO_WEAK, UNKNOWN_CRITICAL_EXTENSION, UNTRUSTED_HASH, V2_IDENTIFIERS_IN_V1_CERT, VALID_CRL_CHECKED, and VERIFIED.

◆ to_string() [2/3]

std::string Botan::to_string ( const secure_vector< uint8_t > &  bytes)
inline

Definition at line 25 of file stl_util.h.

26 {
27 return std::string(bytes.cbegin(), bytes.cend());
28 }

◆ to_string() [3/3]

std::string Botan::to_string ( ErrorType  type)

Convert an ErrorType to string.

Definition at line 11 of file exceptn.cpp.

12 {
13 switch(type)
14 {
15 case ErrorType::Unknown:
16 return "Unknown";
17 case ErrorType::SystemError:
18 return "SystemError";
19 case ErrorType::NotImplemented:
20 return "NotImplemented";
21 case ErrorType::OutOfMemory:
22 return "OutOfMemory";
23 case ErrorType::InternalError:
24 return "InternalError";
25 case ErrorType::IoError:
26 return "IoError";
27 case ErrorType::InvalidObjectState :
28 return "InvalidObjectState";
29 case ErrorType::KeyNotSet:
30 return "KeyNotSet";
31 case ErrorType::InvalidArgument:
32 return "InvalidArgument";
33 case ErrorType::InvalidKeyLength:
34 return "InvalidKeyLength";
35 case ErrorType::InvalidNonceLength:
36 return "InvalidNonceLength";
37 case ErrorType::LookupError:
38 return "LookupError";
39 case ErrorType::EncodingFailure:
40 return "EncodingFailure";
41 case ErrorType::DecodingFailure:
42 return "DecodingFailure";
43 case ErrorType::TLSError:
44 return "TLSError";
45 case ErrorType::HttpError:
46 return "HttpError";
47 case ErrorType::InvalidTag:
48 return "InvalidTag";
49 case ErrorType::RoughtimeError:
50 return "RoughtimeError";
51 case ErrorType::OpenSSLError :
52 return "OpenSSLError";
53 case ErrorType::CommonCryptoError:
54 return "CommonCryptoError";
55 case ErrorType::Pkcs11Error:
56 return "Pkcs11Error";
57 case ErrorType::TPMError:
58 return "TPMError";
59 case ErrorType::DatabaseError:
60 return "DatabaseError";
61 case ErrorType::ZlibError :
62 return "ZlibError";
63 case ErrorType::Bzip2Error:
64 return "Bzip2Error" ;
65 case ErrorType::LzmaError:
66 return "LzmaError";
67 }
68
69 // No default case in above switch so compiler warns
70 return "Unrecognized Botan error";
71 }

References Bzip2Error, CommonCryptoError, DatabaseError, DecodingFailure, EncodingFailure, HttpError, InternalError, InvalidArgument, InvalidKeyLength, InvalidNonceLength, InvalidObjectState, InvalidTag, IoError, KeyNotSet, LookupError, LzmaError, NotImplemented, OpenSSLError, OutOfMemory, Pkcs11Error, RoughtimeError, SystemError, TLSError, TPMError, type, Unknown, and ZlibError.

Referenced by botan_x509_cert_validation_status(), Botan::BotanErrorCategory::message(), and Botan::Path_Validation_Result::status_string().

◆ to_u32bit()

uint32_t Botan::to_u32bit ( const std::string &  str)

Convert a string to a number

Parameters
strthe string to convert
Returns
number value of the string

Definition at line 35 of file parsing.cpp.

36 {
37 // std::stoul is not strict enough. Ensure that str is digit only [0-9]*
38 for(const char chr : str)
39 {
40 if(chr < '0' || chr > '9')
41 {
42 std::string chrAsString(1, chr);
43 throw Invalid_Argument("String contains non-digit char: " + chrAsString);
44 }
45 }
46
47 const unsigned long int x = std::stoul(str);
48
49 if(sizeof(unsigned long int) > 4)
50 {
51 // x might be uint64
52 if (x > std::numeric_limits<uint32_t>::max())
53 {
54 throw Invalid_Argument("Integer value of " + str + " exceeds 32 bit range");
55 }
56 }
57
58 return static_cast<uint32_t>(x);
59 }

Referenced by Botan::SCAN_Name::arg_as_integer(), argon2_check_pwhash(), create_private_key(), Botan::Data_Store::get1_uint32(), Botan::TLS::Text_Policy::get_len(), Botan::HTTP::http_sync(), string_to_ipv4(), timespec_to_u32bit(), and to_uint16().

◆ to_uint16()

uint16_t Botan::to_uint16 ( const std::string &  str)

Convert a string to a number

Parameters
strthe string to convert
Returns
number value of the string

Definition at line 25 of file parsing.cpp.

26 {
27 const uint32_t x = to_u32bit(str);
28
29 if(x >> 16)
30 throw Invalid_Argument("Integer value exceeds 16 bit range");
31
32 return static_cast<uint16_t>(x);
33 }

References to_u32bit().

Referenced by check_bcrypt(), and Botan::TLS::Text_Policy::srtp_profiles().

◆ tolower_string()

std::string Botan::tolower_string ( const std::string &  in)

Definition at line 327 of file parsing.cpp.

328 {
329 std::string s = in;
330 for(size_t i = 0; i != s.size(); ++i)
331 {
332 const int cu = static_cast<unsigned char>(s[i]);
333 if(std::isalpha(cu))
334 s[i] = static_cast<char>(std::tolower(cu));
335 }
336 return s;
337 }

Referenced by host_wildcard_match().

◆ typecast_copy() [1/5]

template<class To , class From >
To Botan::typecast_copy ( const From *  src)
inlinenoexcept

Definition at line 168 of file mem_ops.h.

169 {
170 static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(From) && std::is_trivial<To>::value, "");
171 To dst;
172 std::memcpy(&dst, src, sizeof(To));
173 return dst;
174 }
#define BOTAN_IS_TRIVIALLY_COPYABLE(T)
Definition mem_ops.h:124

References BOTAN_IS_TRIVIALLY_COPYABLE.

◆ typecast_copy() [2/5]

template<typename T >
void Botan::typecast_copy ( T out,
const uint8_t  in[] 
)
inline

Definition at line 162 of file mem_ops.h.

163 {
164 static_assert(std::is_trivial<typename std::decay<T>::type>::value, "");
165 typecast_copy(&out, in, 1);
166 }

References typecast_copy().

◆ typecast_copy() [3/5]

template<typename T >
void Botan::typecast_copy ( T  out[],
const uint8_t  in[],
size_t  N 
)
inline

Definition at line 151 of file mem_ops.h.

152 {
153 static_assert(std::is_trivial<T>::value, "");
154 std::memcpy(out, in, sizeof(T)*N);
155 }

References T.

◆ typecast_copy() [4/5]

template<typename T >
void Botan::typecast_copy ( uint8_t  out[],
T  in 
)
inline

Definition at line 157 of file mem_ops.h.

158 {
159 typecast_copy(out, &in, 1);
160 }

References typecast_copy().

◆ typecast_copy() [5/5]

template<typename T >
void Botan::typecast_copy ( uint8_t  out[],
T  in[],
size_t  N 
)
inline

◆ ucs2_to_utf8()

std::string BOTAN_UNSTABLE_API Botan::ucs2_to_utf8 ( const uint8_t  ucs2[],
size_t  len 
)

Convert a sequence of UCS-2 (big endian) characters to a UTF-8 string This is used for ASN.1 BMPString type

Parameters
ucs2the sequence of UCS-2 characters
lenlength of ucs2 in bytes, must be a multiple of 2

Definition at line 61 of file charset.cpp.

62 {
63 if(len % 2 != 0)
64 throw Decoding_Error("Invalid length for UCS-2 string");
65
66 const size_t chars = len / 2;
67
68 std::string s;
69 for(size_t i = 0; i != chars; ++i)
70 {
71 const uint16_t c = load_be<uint16_t>(ucs2, i);
72 append_utf8_for(s, c);
73 }
74
75 return s;
76 }

References load_be< uint16_t >().

Referenced by Botan::ASN1_String::decode_from().

◆ ucs4_to_utf8()

std::string BOTAN_UNSTABLE_API Botan::ucs4_to_utf8 ( const uint8_t  ucs4[],
size_t  len 
)

Convert a sequence of UCS-4 (big endian) characters to a UTF-8 string This is used for ASN.1 UniversalString type

Parameters
ucs4the sequence of UCS-4 characters
lenlength of ucs4 in bytes, must be a multiple of 4

Definition at line 78 of file charset.cpp.

79 {
80 if(len % 4 != 0)
81 throw Decoding_Error("Invalid length for UCS-4 string");
82
83 const size_t chars = len / 4;
84
85 std::string s;
86 for(size_t i = 0; i != chars; ++i)
87 {
88 const uint32_t c = load_be<uint32_t>(ucs4, i);
89 append_utf8_for(s, c);
90 }
91
92 return s;
93 }

References load_be< uint32_t >().

Referenced by Botan::ASN1_String::decode_from().

◆ unlock()

template<typename T >
std::vector< T > Botan::unlock ( const secure_vector< T > &  in)

◆ utf8_to_latin1()

std::string BOTAN_UNSTABLE_API Botan::utf8_to_latin1 ( const std::string &  utf8)

Convert a UTF-8 string to Latin-1 If a character outside the Latin-1 range is encountered, an exception is thrown.

Definition at line 98 of file charset.cpp.

99 {
100 std::string iso8859;
101
102 size_t position = 0;
103 while(position != utf8.size())
104 {
105 const uint8_t c1 = static_cast<uint8_t>(utf8[position++]);
106
107 if(c1 <= 0x7F)
108 {
109 iso8859 += static_cast<char>(c1);
110 }
111 else if(c1 >= 0xC0 && c1 <= 0xC7)
112 {
113 if(position == utf8.size())
114 throw Decoding_Error("UTF-8: sequence truncated");
115
116 const uint8_t c2 = static_cast<uint8_t>(utf8[position++]);
117 const uint8_t iso_char = ((c1 & 0x07) << 6) | (c2 & 0x3F);
118
119 if(iso_char <= 0x7F)
120 throw Decoding_Error("UTF-8: sequence longer than needed");
121
122 iso8859 += static_cast<char>(iso_char);
123 }
124 else
125 throw Decoding_Error("UTF-8: Unicode chars not in Latin1 used");
126 }
127
128 return iso8859;
129 }

Referenced by Botan::ASN1_String::iso_8859(), and Botan::Charset::transcode().

◆ value_exists()

template<typename T >
bool Botan::value_exists ( const std::vector< T > &  vec,
const T val 
)

Existence check for values

Definition at line 86 of file stl_util.h.

88 {
89 for(size_t i = 0; i != vec.size(); ++i)
90 if(vec[i] == val)
91 return true;
92 return false;
93 }

Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Policy::allowed_signature_hash(), Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::Policy::choose_key_exchange_group(), Botan::TLS::Policy::ciphersuite_list(), and Botan::TLS::Client_Hello::Client_Hello().

◆ var_ctz32()

size_t Botan::var_ctz32 ( uint32_t  n)
inline

Definition at line 139 of file bit_ops.h.

140 {
141#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG)
142 if(n == 0)
143 return 32;
144 return __builtin_ctz(n);
145#else
146 return ctz<uint32_t>(n);
147#endif
148 }

◆ vartime_divide()

void BOTAN_UNSTABLE_API Botan::vartime_divide ( const BigInt x,
const BigInt y,
BigInt q,
BigInt r 
)

BigInt Division

Parameters
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

Definition at line 159 of file divide.cpp.

160 {
161 if(y_arg.is_zero())
162 throw BigInt::DivideByZero();
163
164 const size_t y_words = y_arg.sig_words();
165
166 BOTAN_ASSERT_NOMSG(y_words > 0);
167
168 BigInt y = y_arg;
169
170 BigInt r = x;
171 BigInt q = 0;
173
174 r.set_sign(BigInt::Positive);
175 y.set_sign(BigInt::Positive);
176
177 // Calculate shifts needed to normalize y with high bit set
178 const size_t shifts = y.top_bits_free();
179
180 y <<= shifts;
181 r <<= shifts;
182
183 // we know y has not changed size, since we only shifted up to set high bit
184 const size_t t = y_words - 1;
185 const size_t n = std::max(y_words, r.sig_words()) - 1; // r may have changed size however
186
187 BOTAN_ASSERT_NOMSG(n >= t);
188
189 q.grow_to(n - t + 1);
190
191 word* q_words = q.mutable_data();
192
193 BigInt shifted_y = y << (BOTAN_MP_WORD_BITS * (n-t));
194
195 // Set q_{n-t} to number of times r > shifted_y
196 q_words[n-t] = r.reduce_below(shifted_y, ws);
197
198 const word y_t0 = y.word_at(t);
199 const word y_t1 = y.word_at(t-1);
200 BOTAN_DEBUG_ASSERT((y_t0 >> (BOTAN_MP_WORD_BITS-1)) == 1);
201
202 for(size_t j = n; j != t; --j)
203 {
204 const word x_j0 = r.word_at(j);
205 const word x_j1 = r.word_at(j-1);
206 const word x_j2 = r.word_at(j-2);
207
208 word qjt = bigint_divop(x_j0, x_j1, y_t0);
209
210 qjt = CT::Mask<word>::is_equal(x_j0, y_t0).select(MP_WORD_MAX, qjt);
211
212 // Per HAC 14.23, this operation is required at most twice
213 qjt -= division_check(qjt, y_t0, y_t1, x_j0, x_j1, x_j2);
214 qjt -= division_check(qjt, y_t0, y_t1, x_j0, x_j1, x_j2);
215 BOTAN_DEBUG_ASSERT(division_check(qjt, y_t0, y_t1, x_j0, x_j1, x_j2) == false);
216
217 shifted_y >>= BOTAN_MP_WORD_BITS;
218 // Now shifted_y == y << (BOTAN_MP_WORD_BITS * (j-t-1))
219
220 // TODO this sequence could be better
221 r -= qjt * shifted_y;
222 qjt -= r.is_negative();
223 r += static_cast<word>(r.is_negative()) * shifted_y;
224
225 q_words[j-t-1] = qjt;
226 }
227
228 r >>= shifts;
229
230 sign_fixup(x, y_arg, q, r);
231
232 r_out = r;
233 q_out = q;
234 }
size_t top_bits_free() const
Definition bigint.cpp:286
size_t reduce_below(const BigInt &mod, secure_vector< word > &ws)
Definition bigint.cpp:336

References bigint_divop(), BOTAN_ASSERT_NOMSG, BOTAN_DEBUG_ASSERT, Botan::BigInt::grow_to(), Botan::CT::Mask< T >::is_equal(), Botan::BigInt::is_negative(), Botan::BigInt::is_zero(), MP_WORD_MAX, Botan::BigInt::mutable_data(), Botan::BigInt::Positive, Botan::BigInt::reduce_below(), Botan::BigInt::set_sign(), Botan::BigInt::sig_words(), Botan::BigInt::top_bits_free(), and Botan::BigInt::word_at().

Referenced by botan_mp_div(), operator%(), operator/(), and operator/().

◆ verify_cert_constraints_valid_for_key_type()

void Botan::verify_cert_constraints_valid_for_key_type ( const Public_Key pub_key,
Key_Constraints  constraints 
)

Check that key constraints are permitted for a specific public key.

Parameters
pub_keythe public key on which the constraints shall be enforced on
constraintsthe constraints that shall be enforced on the key
Exceptions
Invalid_Argumentif the given constraints are not permitted for this key

Definition at line 70 of file key_constraint.cpp.

72 {
73 const std::string name = pub_key.algo_name();
74
75 size_t permitted = 0;
76
77 const bool can_agree = (name == "DH" || name == "ECDH");
78 const bool can_encrypt = (name == "RSA" || name == "ElGamal");
79
80 const bool can_sign =
81 (name == "RSA" || name == "DSA" ||
82 name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "Ed25519" ||
83 name == "GOST-34.10" || name == "GOST-34.10-2012-256" || name == "GOST-34.10-2012-512");
84
85 if(can_agree)
86 {
88 }
89
90 if(can_encrypt)
91 {
93 }
94
95 if(can_sign)
96 {
98 }
99
100 if(Key_Constraints(constraints & permitted) != constraints)
101 {
102 throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
103 }
104 }
virtual std::string algo_name() const =0
Key_Constraints
Definition pkix_enums.h:106
std::string key_constraints_to_string(Key_Constraints constraints)

References Botan::Public_Key::algo_name(), CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, key_constraints_to_string(), KEY_ENCIPHERMENT, name, and NON_REPUDIATION.

Referenced by Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

◆ verify_prime()

bool Botan::verify_prime ( const BigInt n,
RandomNumberGenerator rng 
)
inline

Definition at line 206 of file numthry.h.

207 { return is_prime(n, rng, 80); }

References is_prime().

◆ version_cstr()

const char * Botan::version_cstr ( )

Same as version_string() except returning a pointer to a statically allocated string.

Returns
version string

Definition at line 33 of file version.cpp.

34 {
35
36 /*
37 It is intentional that this string is a compile-time constant;
38 it makes it much easier to find in binaries.
39 */
40
41 return "Botan " STR(BOTAN_VERSION_MAJOR) "."
42 STR(BOTAN_VERSION_MINOR) "."
43 STR(BOTAN_VERSION_PATCH)
44#if defined(BOTAN_VERSION_SUFFIX)
45 STR(BOTAN_VERSION_SUFFIX)
46#endif
47 " ("
48#if defined(BOTAN_UNSAFE_FUZZER_MODE)
49 "UNSAFE FUZZER MODE BUILD "
50#endif
51 BOTAN_VERSION_RELEASE_TYPE
52#if (BOTAN_VERSION_DATESTAMP != 0)
53 ", dated " STR(BOTAN_VERSION_DATESTAMP)
54#endif
55 ", revision " BOTAN_VERSION_VC_REVISION
56 ", distribution " BOTAN_DISTRIBUTION_INFO ")";
57 }

References STR.

Referenced by botan_version_string(), and version_string().

◆ version_datestamp()

uint32_t Botan::version_datestamp ( )

Return the date this version of botan was released, in an integer of the form YYYYMMDD. For instance a version released on May 21, 2013 would return the integer 20130521. If the currently running version is not an official release, this function will return 0 instead.

Returns
release date, or zero if unreleased

Definition at line 75 of file version.cpp.

75{ return BOTAN_VERSION_DATESTAMP; }

Referenced by botan_version_datestamp().

◆ version_major()

uint32_t Botan::version_major ( )

Get the major version number.

Returns
major version number

Definition at line 80 of file version.cpp.

80{ return BOTAN_VERSION_MAJOR; }

Referenced by botan_version_major(), and runtime_version_check().

◆ version_minor()

uint32_t Botan::version_minor ( )

Get the minor version number.

Returns
minor version number

Definition at line 81 of file version.cpp.

81{ return BOTAN_VERSION_MINOR; }

Referenced by botan_version_minor(), and runtime_version_check().

◆ version_patch()

uint32_t Botan::version_patch ( )

Get the patch number.

Returns
patch number

Definition at line 82 of file version.cpp.

82{ return BOTAN_VERSION_PATCH; }

Referenced by botan_version_patch(), and runtime_version_check().

◆ version_string()

std::string Botan::version_string ( )

Get a human-readable string identifying the version of Botan. No particular format should be assumed.

Returns
version string

Definition at line 65 of file version.cpp.

66 {
67 return std::string(version_cstr());
68 }
const char * version_cstr()
Definition version.cpp:33

References version_cstr().

◆ word3_add()

void Botan::word3_add ( word *  w2,
word *  w1,
word *  w0,
word  x 
)
inline

Definition at line 500 of file mp_asmi.h.

501 {
502#if defined(BOTAN_MP_USE_X86_32_ASM)
503 asm(R"(
504 addl %[x],%[w0]
505 adcl $0,%[w1]
506 adcl $0,%[w2]
507 )"
508 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
509 : [x]"r"(x), "0"(*w0), "1"(*w1), "2"(*w2)
510 : "cc");
511
512#elif defined(BOTAN_MP_USE_X86_64_ASM)
513
514 asm(R"(
515 addq %[x],%[w0]
516 adcq $0,%[w1]
517 adcq $0,%[w2]
518 )"
519 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
520 : [x]"r"(x), "0"(*w0), "1"(*w1), "2"(*w2)
521 : "cc");
522
523#else
524 *w0 += x;
525 word c1 = (*w0 < x);
526 *w1 += c1;
527 word c2 = (*w1 < c1);
528 *w2 += c2;
529#endif
530 }

Referenced by bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), and bigint_monty_redc_8().

◆ word3_muladd()

void Botan::word3_muladd ( word *  w2,
word *  w1,
word *  w0,
word  x,
word  y 
)
inline

Definition at line 451 of file mp_asmi.h.

452 {
453#if defined(BOTAN_MP_USE_X86_32_ASM)
454 word z0 = 0, z1 = 0;
455
456 asm("mull %[y]"
457 : "=a"(z0),"=d"(z1)
458 : "a"(x), [y]"rm"(y)
459 : "cc");
460
461 asm(R"(
462 addl %[z0],%[w0]
463 adcl %[z1],%[w1]
464 adcl $0,%[w2]
465 )"
466 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
467 : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2)
468 : "cc");
469
470#elif defined(BOTAN_MP_USE_X86_64_ASM)
471
472 word z0 = 0, z1 = 0;
473
474 asm("mulq %[y]"
475 : "=a"(z0),"=d"(z1)
476 : "a"(x), [y]"rm"(y)
477 : "cc");
478
479 asm(R"(
480 addq %[z0],%[w0]
481 adcq %[z1],%[w1]
482 adcq $0,%[w2]
483 )"
484 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
485 : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2)
486 : "cc");
487
488#else
489 word carry = *w0;
490 *w0 = word_madd2(x, y, &carry);
491 *w1 += carry;
492 *w2 += (*w1 < carry);
493#endif
494 }

References carry(), and word_madd2().

Referenced by bigint_comba_mul16(), bigint_comba_mul24(), bigint_comba_mul4(), bigint_comba_mul6(), bigint_comba_mul8(), bigint_comba_mul9(), bigint_comba_sqr16(), bigint_comba_sqr24(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), bigint_comba_sqr9(), bigint_monty_redc_16(), bigint_monty_redc_24(), bigint_monty_redc_32(), bigint_monty_redc_4(), bigint_monty_redc_6(), and bigint_monty_redc_8().

◆ word3_muladd_2()

void Botan::word3_muladd_2 ( word *  w2,
word *  w1,
word *  w0,
word  x,
word  y 
)
inline

Definition at line 536 of file mp_asmi.h.

537 {
538#if defined(BOTAN_MP_USE_X86_32_ASM)
539
540 word z0 = 0, z1 = 0;
541
542 asm("mull %[y]"
543 : "=a"(z0),"=d"(z1)
544 : "a"(x), [y]"rm"(y)
545 : "cc");
546
547 asm(R"(
548 addl %[z0],%[w0]
549 adcl %[z1],%[w1]
550 adcl $0,%[w2]
551
552 addl %[z0],%[w0]
553 adcl %[z1],%[w1]
554 adcl $0,%[w2]
555 )"
556 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
557 : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2)
558 : "cc");
559
560#elif defined(BOTAN_MP_USE_X86_64_ASM)
561
562 word z0 = 0, z1 = 0;
563
564 asm("mulq %[y]"
565 : "=a"(z0),"=d"(z1)
566 : "a"(x), [y]"rm"(y)
567 : "cc");
568
569 asm(R"(
570 addq %[z0],%[w0]
571 adcq %[z1],%[w1]
572 adcq $0,%[w2]
573
574 addq %[z0],%[w0]
575 adcq %[z1],%[w1]
576 adcq $0,%[w2]
577 )"
578 : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2)
579 : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2)
580 : "cc");
581
582#else
583 word carry = 0;
584 x = word_madd2(x, y, &carry);
585 y = carry;
586
587 word top = (y >> (BOTAN_MP_WORD_BITS-1));
588 y <<= 1;
589 y |= (x >> (BOTAN_MP_WORD_BITS-1));
590 x <<= 1;
591
592 carry = 0;
593 *w0 = word_add(*w0, x, &carry);
594 *w1 = word_add(*w1, y, &carry);
595 *w2 = word_add(*w2, top, &carry);
596#endif
597 }

References carry(), word_add(), and word_madd2().

Referenced by bigint_comba_sqr16(), bigint_comba_sqr24(), bigint_comba_sqr4(), bigint_comba_sqr6(), bigint_comba_sqr8(), and bigint_comba_sqr9().

◆ word8_add2()

word Botan::word8_add2 ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 138 of file mp_asmi.h.

139 {
140#if defined(BOTAN_MP_USE_X86_32_ASM)
141 asm(
142 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcl"))
143 : [carry]"=r"(carry)
144 : [x]"r"(x), [y]"r"(y), "0"(carry)
145 : "cc", "memory");
146 return carry;
147
148#elif defined(BOTAN_MP_USE_X86_64_ASM)
149
150 asm(
151 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq"))
152 : [carry]"=r"(carry)
153 : [x]"r"(x), [y]"r"(y), "0"(carry)
154 : "cc", "memory");
155 return carry;
156
157#else
158 x[0] = word_add(x[0], y[0], &carry);
159 x[1] = word_add(x[1], y[1], &carry);
160 x[2] = word_add(x[2], y[2], &carry);
161 x[3] = word_add(x[3], y[3], &carry);
162 x[4] = word_add(x[4], y[4], &carry);
163 x[5] = word_add(x[5], y[5], &carry);
164 x[6] = word_add(x[6], y[6], &carry);
165 x[7] = word_add(x[7], y[7], &carry);
166 return carry;
167#endif
168 }

References carry(), and word_add().

Referenced by bigint_add2_nc().

◆ word8_add3()

word Botan::word8_add3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 173 of file mp_asmi.h.

175 {
176#if defined(BOTAN_MP_USE_X86_32_ASM)
177 asm(
178 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcl"))
179 : [carry]"=r"(carry)
180 : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
181 : "cc", "memory");
182 return carry;
183
184#elif defined(BOTAN_MP_USE_X86_64_ASM)
185
186 asm(
187 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq"))
188 : [carry]"=r"(carry)
189 : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
190 : "cc", "memory");
191 return carry;
192
193#else
194 z[0] = word_add(x[0], y[0], &carry);
195 z[1] = word_add(x[1], y[1], &carry);
196 z[2] = word_add(x[2], y[2], &carry);
197 z[3] = word_add(x[3], y[3], &carry);
198 z[4] = word_add(x[4], y[4], &carry);
199 z[5] = word_add(x[5], y[5], &carry);
200 z[6] = word_add(x[6], y[6], &carry);
201 z[7] = word_add(x[7], y[7], &carry);
202 return carry;
203#endif
204 }

References carry(), and word_add().

Referenced by bigint_add3_nc(), bigint_cnd_add(), bigint_cnd_add_or_sub(), and bigint_cnd_addsub().

◆ word8_linmul2()

word Botan::word8_linmul2 ( word  x[8],
word  y,
word  carry 
)
inline

Definition at line 346 of file mp_asmi.h.

347 {
348#if defined(BOTAN_MP_USE_X86_32_ASM)
349 asm(
350 DO_8_TIMES(LINMUL_OP, "x")
351 : [carry]"=r"(carry)
352 : [x]"r"(x), [y]"rm"(y), "0"(carry)
353 : "cc", "%eax", "%edx");
354 return carry;
355
356#elif defined(BOTAN_MP_USE_X86_64_ASM)
357
358 asm(
359 DO_8_TIMES(LINMUL_OP, "x")
360 : [carry]"=r"(carry)
361 : [x]"r"(x), [y]"rm"(y), "0"(carry)
362 : "cc", "%rax", "%rdx");
363 return carry;
364
365#else
366 x[0] = word_madd2(x[0], y, &carry);
367 x[1] = word_madd2(x[1], y, &carry);
368 x[2] = word_madd2(x[2], y, &carry);
369 x[3] = word_madd2(x[3], y, &carry);
370 x[4] = word_madd2(x[4], y, &carry);
371 x[5] = word_madd2(x[5], y, &carry);
372 x[6] = word_madd2(x[6], y, &carry);
373 x[7] = word_madd2(x[7], y, &carry);
374 return carry;
375#endif
376 }

References carry(), and word_madd2().

Referenced by bigint_linmul2().

◆ word8_linmul3()

word Botan::word8_linmul3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
)
inline

Definition at line 381 of file mp_asmi.h.

382 {
383#if defined(BOTAN_MP_USE_X86_32_ASM)
384 asm(
385 DO_8_TIMES(LINMUL_OP, "z")
386 : [carry]"=r"(carry)
387 : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
388 : "cc", "%eax", "%edx");
389 return carry;
390
391#elif defined(BOTAN_MP_USE_X86_64_ASM)
392 asm(
393 DO_8_TIMES(LINMUL_OP, "z")
394 : [carry]"=r"(carry)
395 : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
396 : "cc", "%rax", "%rdx");
397 return carry;
398
399#else
400 z[0] = word_madd2(x[0], y, &carry);
401 z[1] = word_madd2(x[1], y, &carry);
402 z[2] = word_madd2(x[2], y, &carry);
403 z[3] = word_madd2(x[3], y, &carry);
404 z[4] = word_madd2(x[4], y, &carry);
405 z[5] = word_madd2(x[5], y, &carry);
406 z[6] = word_madd2(x[6], y, &carry);
407 z[7] = word_madd2(x[7], y, &carry);
408 return carry;
409#endif
410 }

References carry(), and word_madd2().

Referenced by bigint_linmul3().

◆ word8_madd3()

word Botan::word8_madd3 ( word  z[8],
const word  x[8],
word  y,
word  carry 
)
inline

Definition at line 415 of file mp_asmi.h.

416 {
417#if defined(BOTAN_MP_USE_X86_32_ASM)
418 asm(
419 DO_8_TIMES(MULADD_OP, "")
420 : [carry]"=r"(carry)
421 : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
422 : "cc", "%eax", "%edx");
423 return carry;
424
425#elif defined(BOTAN_MP_USE_X86_64_ASM)
426
427 asm(
428 DO_8_TIMES(MULADD_OP, "")
429 : [carry]"=r"(carry)
430 : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry)
431 : "cc", "%rax", "%rdx");
432 return carry;
433
434#else
435 z[0] = word_madd3(x[0], y, z[0], &carry);
436 z[1] = word_madd3(x[1], y, z[1], &carry);
437 z[2] = word_madd3(x[2], y, z[2], &carry);
438 z[3] = word_madd3(x[3], y, z[3], &carry);
439 z[4] = word_madd3(x[4], y, z[4], &carry);
440 z[5] = word_madd3(x[5], y, z[5], &carry);
441 z[6] = word_madd3(x[6], y, z[6], &carry);
442 z[7] = word_madd3(x[7], y, z[7], &carry);
443 return carry;
444#endif
445 }
word word_madd3(word a, word b, word c, word *d)
Definition mp_madd.h:92

References carry(), and word_madd3().

◆ word8_sub2()

word Botan::word8_sub2 ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 240 of file mp_asmi.h.

241 {
242#if defined(BOTAN_MP_USE_X86_32_ASM)
243 asm(
244 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbl"))
245 : [carry]"=r"(carry)
246 : [x]"r"(x), [y]"r"(y), "0"(carry)
247 : "cc", "memory");
248 return carry;
249
250#elif defined(BOTAN_MP_USE_X86_64_ASM)
251
252 asm(
253 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq"))
254 : [carry]"=r"(carry)
255 : [x]"r"(x), [y]"r"(y), "0"(carry)
256 : "cc", "memory");
257 return carry;
258
259#else
260 x[0] = word_sub(x[0], y[0], &carry);
261 x[1] = word_sub(x[1], y[1], &carry);
262 x[2] = word_sub(x[2], y[2], &carry);
263 x[3] = word_sub(x[3], y[3], &carry);
264 x[4] = word_sub(x[4], y[4], &carry);
265 x[5] = word_sub(x[5], y[5], &carry);
266 x[6] = word_sub(x[6], y[6], &carry);
267 x[7] = word_sub(x[7], y[7], &carry);
268 return carry;
269#endif
270 }

References carry(), and word_sub().

Referenced by bigint_sub2().

◆ word8_sub2_rev()

word Botan::word8_sub2_rev ( word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 275 of file mp_asmi.h.

276 {
277#if defined(BOTAN_MP_USE_X86_32_ASM)
278 asm(
279 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbl"))
280 : [carry]"=r"(carry)
281 : [x]"r"(y), [y]"r"(x), [z]"r"(x), "0"(carry)
282 : "cc", "memory");
283 return carry;
284
285#elif defined(BOTAN_MP_USE_X86_64_ASM)
286
287 asm(
288 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq"))
289 : [carry]"=r"(carry)
290 : [x]"r"(y), [y]"r"(x), [z]"r"(x), "0"(carry)
291 : "cc", "memory");
292 return carry;
293
294#else
295 x[0] = word_sub(y[0], x[0], &carry);
296 x[1] = word_sub(y[1], x[1], &carry);
297 x[2] = word_sub(y[2], x[2], &carry);
298 x[3] = word_sub(y[3], x[3], &carry);
299 x[4] = word_sub(y[4], x[4], &carry);
300 x[5] = word_sub(y[5], x[5], &carry);
301 x[6] = word_sub(y[6], x[6], &carry);
302 x[7] = word_sub(y[7], x[7], &carry);
303 return carry;
304#endif
305 }

References carry(), and word_sub().

Referenced by bigint_sub2_rev().

◆ word8_sub3()

word Botan::word8_sub3 ( word  z[8],
const word  x[8],
const word  y[8],
word  carry 
)
inline

Definition at line 310 of file mp_asmi.h.

312 {
313#if defined(BOTAN_MP_USE_X86_32_ASM)
314 asm(
315 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbl"))
316 : [carry]"=r"(carry)
317 : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
318 : "cc", "memory");
319 return carry;
320
321#elif defined(BOTAN_MP_USE_X86_64_ASM)
322
323 asm(
324 ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq"))
325 : [carry]"=r"(carry)
326 : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry)
327 : "cc", "memory");
328 return carry;
329
330#else
331 z[0] = word_sub(x[0], y[0], &carry);
332 z[1] = word_sub(x[1], y[1], &carry);
333 z[2] = word_sub(x[2], y[2], &carry);
334 z[3] = word_sub(x[3], y[3], &carry);
335 z[4] = word_sub(x[4], y[4], &carry);
336 z[5] = word_sub(x[5], y[5], &carry);
337 z[6] = word_sub(x[6], y[6], &carry);
338 z[7] = word_sub(x[7], y[7], &carry);
339 return carry;
340#endif
341 }

References carry(), and word_sub().

Referenced by bigint_cnd_add_or_sub(), bigint_cnd_addsub(), bigint_cnd_sub(), bigint_sub3(), and bigint_sub_abs().

◆ word_add()

word Botan::word_add ( word  x,
word  y,
word *  carry 
)
inline

Definition at line 107 of file mp_asmi.h.

108 {
109#if defined(BOTAN_MP_USE_X86_32_ASM)
110 asm(
111 ADD_OR_SUBTRACT(ASM("adcl %[y],%[x]"))
112 : [x]"=r"(x), [carry]"=r"(*carry)
113 : "0"(x), [y]"rm"(y), "1"(*carry)
114 : "cc");
115 return x;
116
117#elif defined(BOTAN_MP_USE_X86_64_ASM)
118
119 asm(
120 ADD_OR_SUBTRACT(ASM("adcq %[y],%[x]"))
121 : [x]"=r"(x), [carry]"=r"(*carry)
122 : "0"(x), [y]"rm"(y), "1"(*carry)
123 : "cc");
124 return x;
125
126#else
127 word z = x + y;
128 word c1 = (z < x);
129 z += *carry;
130 *carry = c1 | (z < *carry);
131 return z;
132#endif
133 }

References carry().

Referenced by bigint_add2_nc(), bigint_add3_nc(), bigint_cnd_abs(), bigint_cnd_add(), bigint_cnd_add_or_sub(), bigint_cnd_addsub(), word3_muladd_2(), word8_add2(), and word8_add3().

◆ word_madd2()

word Botan::word_madd2 ( word  a,
word  b,
word *  c 
)
inline

Definition at line 46 of file mp_madd.h.

47 {
48#if defined(BOTAN_MP_USE_X86_32_ASM)
49 asm(R"(
50 mull %[b]
51 addl %[c],%[a]
52 adcl $0,%[carry]
53 )"
54 : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c)
55 : "0"(a), "1"(b), [c]"g"(*c) : "cc");
56
57 return a;
58
59#elif defined(BOTAN_MP_USE_X86_64_ASM)
60 asm(R"(
61 mulq %[b]
62 addq %[c],%[a]
63 adcq $0,%[carry]
64 )"
65 : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c)
66 : "0"(a), "1"(b), [c]"g"(*c) : "cc");
67
68 return a;
69
70#elif defined(BOTAN_HAS_MP_DWORD)
71 const dword s = static_cast<dword>(a) * b + *c;
72 *c = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
73 return static_cast<word>(s);
74#else
75 static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");
76
77 word hi = 0, lo = 0;
78
79 mul64x64_128(a, b, &lo, &hi);
80
81 lo += *c;
82 hi += (lo < *c); // carry?
83
84 *c = hi;
85 return lo;
86#endif
87 }

References carry(), and mul64x64_128().

Referenced by bigint_linmul2(), bigint_linmul3(), bigint_modop(), word3_muladd(), word3_muladd_2(), word8_linmul2(), and word8_linmul3().

◆ word_madd3()

word Botan::word_madd3 ( word  a,
word  b,
word  c,
word *  d 
)
inline

Definition at line 92 of file mp_madd.h.

93 {
94#if defined(BOTAN_MP_USE_X86_32_ASM)
95 asm(R"(
96 mull %[b]
97
98 addl %[c],%[a]
99 adcl $0,%[carry]
100
101 addl %[d],%[a]
102 adcl $0,%[carry]
103 )"
104 : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d)
105 : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc");
106
107 return a;
108
109#elif defined(BOTAN_MP_USE_X86_64_ASM)
110 asm(R"(
111 mulq %[b]
112 addq %[c],%[a]
113 adcq $0,%[carry]
114 addq %[d],%[a]
115 adcq $0,%[carry]
116 )"
117 : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d)
118 : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc");
119
120 return a;
121
122#elif defined(BOTAN_HAS_MP_DWORD)
123 const dword s = static_cast<dword>(a) * b + c + *d;
124 *d = static_cast<word>(s >> BOTAN_MP_WORD_BITS);
125 return static_cast<word>(s);
126#else
127 static_assert(BOTAN_MP_WORD_BITS == 64, "Unexpected word size");
128
129 word hi = 0, lo = 0;
130
131 mul64x64_128(a, b, &lo, &hi);
132
133 lo += c;
134 hi += (lo < c); // carry?
135
136 lo += *d;
137 hi += (lo < *d); // carry?
138
139 *d = hi;
140 return lo;
141#endif
142 }

References carry(), and mul64x64_128().

Referenced by word8_madd3().

◆ word_sub()

word Botan::word_sub ( word  x,
word  y,
word *  carry 
)
inline

Definition at line 209 of file mp_asmi.h.

210 {
211#if defined(BOTAN_MP_USE_X86_32_ASM)
212 asm(
213 ADD_OR_SUBTRACT(ASM("sbbl %[y],%[x]"))
214 : [x]"=r"(x), [carry]"=r"(*carry)
215 : "0"(x), [y]"rm"(y), "1"(*carry)
216 : "cc");
217 return x;
218
219#elif defined(BOTAN_MP_USE_X86_64_ASM)
220
221 asm(
222 ADD_OR_SUBTRACT(ASM("sbbq %[y],%[x]"))
223 : [x]"=r"(x), [carry]"=r"(*carry)
224 : "0"(x), [y]"rm"(y), "1"(*carry)
225 : "cc");
226 return x;
227
228#else
229 word t0 = x - y;
230 word c1 = (t0 > x);
231 word z = t0 - *carry;
232 *carry = c1 | (z > t0);
233 return z;
234#endif
235 }

References carry().

Referenced by bigint_cnd_add_or_sub(), bigint_cnd_addsub(), bigint_cnd_sub(), bigint_monty_redc_4(), bigint_monty_redc_6(), bigint_monty_redc_8(), bigint_sub2(), bigint_sub2_rev(), bigint_sub3(), bigint_sub_abs(), word8_sub2(), word8_sub2_rev(), and word8_sub3().

◆ x500_name_cmp()

bool Botan::x500_name_cmp ( const std::string &  name1,
const std::string &  name2 
)

Compare two names using the X.509 comparison algorithm

Parameters
name1the first name
name2the second name
Returns
true if name1 is the same as name2 by the X.509 comparison rules

Definition at line 212 of file parsing.cpp.

213 {
214 auto p1 = name1.begin();
215 auto p2 = name2.begin();
216
217 while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
218 while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
219
220 while(p1 != name1.end() && p2 != name2.end())
221 {
222 if(Charset::is_space(*p1))
223 {
224 if(!Charset::is_space(*p2))
225 return false;
226
227 while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
228 while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
229
230 if(p1 == name1.end() && p2 == name2.end())
231 return true;
232 if(p1 == name1.end() || p2 == name2.end())
233 return false;
234 }
235
236 if(!Charset::caseless_cmp(*p1, *p2))
237 return false;
238 ++p1;
239 ++p2;
240 }
241
242 while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;
243 while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;
244
245 if((p1 != name1.end()) || (p2 != name2.end()))
246 return false;
247 return true;
248 }

References Botan::Charset::caseless_cmp(), and Botan::Charset::is_space().

Referenced by operator<(), and operator==().

◆ x509_path_validate() [1/4]

Path_Validation_Result Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions restrictions,
const Certificate_Store store,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response > > &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certscertificate chain to validate
restrictionspath validation restrictions
storestore that contains trusted certificates
hostnameif not empty, compared against the DNS name in end_certs[0]
usageif not set to UNSPECIFIED, compared against the key usage in end_certs[0]
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 944 of file x509path.cpp.

953 {
954 std::vector<Certificate_Store*> trusted_roots;
955 trusted_roots.push_back(const_cast<Certificate_Store*>(&store));
956
957 return x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
958 }
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:850

References x509_path_validate().

◆ x509_path_validate() [2/4]

Path_Validation_Result Botan::x509_path_validate ( const std::vector< X509_Certificate > &  end_certs,
const Path_Validation_Restrictions restrictions,
const std::vector< Certificate_Store * > &  trusted_roots,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response > > &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certscertificate chain to validate (with end entity certificate in end_certs[0])
restrictionspath validation restrictions
trusted_rootslist of certificate stores that contain trusted certificates
hostnameif not empty, compared against the DNS name in end_certs[0]
usageif not set to UNSPECIFIED, compared against the key usage in end_certs[0]
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation note: when enabled, OCSP check is softfail by default: if the OCSP server is not reachable, Path_Validation_Result::successful_validation() will return true. Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings().

Definition at line 850 of file x509path.cpp.

859 {
860 if(end_certs.empty())
861 {
862 throw Invalid_Argument("x509_path_validate called with no subjects");
863 }
864
865 std::shared_ptr<const X509_Certificate> end_entity(std::make_shared<const X509_Certificate>(end_certs[0]));
866 std::vector<std::shared_ptr<const X509_Certificate>> end_entity_extra;
867 for(size_t i = 1; i < end_certs.size(); ++i)
868 {
869 end_entity_extra.push_back(std::make_shared<const X509_Certificate>(end_certs[i]));
870 }
871
872 std::vector<std::vector<std::shared_ptr<const X509_Certificate>>> cert_paths;
873 Certificate_Status_Code path_building_result = PKIX::build_all_certificate_paths(cert_paths, trusted_roots, end_entity, end_entity_extra);
874
875 // If we cannot successfully build a chain to a trusted self-signed root, stop now
876 if(path_building_result != Certificate_Status_Code::OK)
877 {
878 return Path_Validation_Result(path_building_result);
879 }
880
881 std::vector<Path_Validation_Result> error_results;
882 // Try validating all the potentially valid paths and return the first one to validate properly
883 for(auto cert_path : cert_paths)
884 {
886 PKIX::check_chain(cert_path, ref_time,
887 hostname, usage,
888 restrictions.minimum_key_strength(),
889 restrictions.trusted_hashes());
890
891 CertificatePathStatusCodes crl_status =
892 PKIX::check_crl(cert_path, trusted_roots, ref_time);
893
894 CertificatePathStatusCodes ocsp_status;
895
896 if(ocsp_resp.size() > 0)
897 {
898 ocsp_status = PKIX::check_ocsp(cert_path, ocsp_resp, trusted_roots, ref_time, restrictions.max_ocsp_age());
899 }
900
901 if(ocsp_status.empty() && ocsp_timeout != std::chrono::milliseconds(0))
902 {
903#if defined(BOTAN_TARGET_OS_HAS_THREADS) && defined(BOTAN_HAS_HTTP_UTIL)
904 ocsp_status = PKIX::check_ocsp_online(cert_path, trusted_roots, ref_time,
905 ocsp_timeout, restrictions.ocsp_all_intermediates());
906#else
907 ocsp_status.resize(1);
908 ocsp_status[0].insert(Certificate_Status_Code::OCSP_NO_HTTP);
909#endif
910 }
911
912 PKIX::merge_revocation_status(status, crl_status, ocsp_status,
913 restrictions.require_revocation_information(),
914 restrictions.ocsp_all_intermediates());
915
916 Path_Validation_Result pvd(status, std::move(cert_path));
917 if(pvd.successful_validation())
918 {
919 return pvd;
920 }
921 else
922 {
923 error_results.push_back(std::move(pvd));
924 }
925 }
926 return error_results[0];
927 }
bool require_revocation_information() const
Definition x509path.h:85
const std::set< std::string > & trusted_hashes() const
Definition x509path.h:98
std::chrono::seconds max_ocsp_age() const
Definition x509path.h:111
std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
Definition x509path.h:29
Certificate_Status_Code
Definition pkix_enums.h:17

References Botan::Path_Validation_Restrictions::max_ocsp_age(), Botan::Path_Validation_Restrictions::minimum_key_strength(), Botan::Path_Validation_Restrictions::ocsp_all_intermediates(), OCSP_NO_HTTP, OK, Botan::Path_Validation_Restrictions::require_revocation_information(), Botan::Path_Validation_Result::successful_validation(), and Botan::Path_Validation_Restrictions::trusted_hashes().

Referenced by botan_x509_cert_verify(), botan_x509_cert_verify_with_crl(), Botan::TLS::Callbacks::tls_verify_cert_chain(), x509_path_validate(), x509_path_validate(), and x509_path_validate().

◆ x509_path_validate() [3/4]

Path_Validation_Result Botan::x509_path_validate ( const X509_Certificate end_cert,
const Path_Validation_Restrictions restrictions,
const Certificate_Store store,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response > > &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certcertificate to validate
restrictionspath validation restrictions
storestore that contains trusted certificates
hostnameif not empty, compared against the DNS name in end_cert
usageif not set to UNSPECIFIED, compared against the key usage in end_cert
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 960 of file x509path.cpp.

969 {
970 std::vector<X509_Certificate> certs;
971 certs.push_back(end_cert);
972
973 std::vector<Certificate_Store*> trusted_roots;
974 trusted_roots.push_back(const_cast<Certificate_Store*>(&store));
975
976 return x509_path_validate(certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
977 }

References x509_path_validate().

◆ x509_path_validate() [4/4]

Path_Validation_Result Botan::x509_path_validate ( const X509_Certificate end_cert,
const Path_Validation_Restrictions restrictions,
const std::vector< Certificate_Store * > &  trusted_roots,
const std::string &  hostname = "",
Usage_Type  usage = Usage_Type::UNSPECIFIED,
std::chrono::system_clock::time_point  validation_time = std::chrono::system_clock::now(),
std::chrono::milliseconds  ocsp_timeout = std::chrono::milliseconds(0),
const std::vector< std::shared_ptr< const OCSP::Response > > &  ocsp_resp = {} 
)

PKIX Path Validation

Parameters
end_certcertificate to validate
restrictionspath validation restrictions
trusted_rootslist of stores that contain trusted certificates
hostnameif not empty, compared against the DNS name in end_cert
usageif not set to UNSPECIFIED, compared against the key usage in end_cert
validation_timewhat reference time to use for validation
ocsp_timeouttimeout for OCSP operations, 0 disables OCSP check
ocsp_respadditional OCSP responses to consider (eg from peer)
Returns
result of the path validation

Definition at line 929 of file x509path.cpp.

938 {
939 std::vector<X509_Certificate> certs;
940 certs.push_back(end_cert);
941 return x509_path_validate(certs, restrictions, trusted_roots, hostname, usage, when, ocsp_timeout, ocsp_resp);
942 }

References x509_path_validate().

◆ xor_buf() [1/5]

template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const std::vector< uint8_t, Alloc2 > &  in,
size_t  n 
)

Definition at line 327 of file mem_ops.h.

330 {
331 xor_buf(out.data(), in.data(), n);
332 }

References xor_buf().

◆ xor_buf() [2/5]

template<typename Alloc , typename Alloc2 >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const uint8_t *  in,
const std::vector< uint8_t, Alloc2 > &  in2,
size_t  n 
)

Definition at line 343 of file mem_ops.h.

347 {
348 xor_buf(out.data(), in, in2.data(), n);
349 }

References xor_buf().

◆ xor_buf() [3/5]

template<typename Alloc >
void Botan::xor_buf ( std::vector< uint8_t, Alloc > &  out,
const uint8_t *  in,
size_t  n 
)

Definition at line 335 of file mem_ops.h.

338 {
339 xor_buf(out.data(), in, n);
340 }

References xor_buf().

◆ xor_buf() [4/5]

void Botan::xor_buf ( uint8_t  out[],
const uint8_t  in[],
const uint8_t  in2[],
size_t  length 
)
inline

XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length

Parameters
outthe output buffer
inthe first input buffer
in2the second output buffer
lengththe length of the three buffers

Definition at line 297 of file mem_ops.h.

301 {
302 const size_t blocks = length - (length % 32);
303
304 for(size_t i = 0; i != blocks; i += 32)
305 {
306 uint64_t x[4];
307 uint64_t y[4];
308
309 typecast_copy(x, in + i, 4);
310 typecast_copy(y, in2 + i, 4);
311
312 x[0] ^= y[0];
313 x[1] ^= y[1];
314 x[2] ^= y[2];
315 x[3] ^= y[3];
316
317 typecast_copy(out + i, x, 4);
318 }
319
320 for(size_t i = blocks; i != length; ++i)
321 {
322 out[i] = in[i] ^ in2[i];
323 }
324 }

References typecast_copy().

◆ xor_buf() [5/5]

void Botan::xor_buf ( uint8_t  out[],
const uint8_t  in[],
size_t  length 
)
inline

XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length

Parameters
outthe input/output buffer
inthe read-only input buffer
lengththe length of the buffers

Definition at line 262 of file mem_ops.h.

265 {
266 const size_t blocks = length - (length % 32);
267
268 for(size_t i = 0; i != blocks; i += 32)
269 {
270 uint64_t x[4];
271 uint64_t y[4];
272
273 typecast_copy(x, out + i, 4);
274 typecast_copy(y, in + i, 4);
275
276 x[0] ^= y[0];
277 x[1] ^= y[1];
278 x[2] ^= y[2];
279 x[3] ^= y[3];
280
281 typecast_copy(out + i, x, 4);
282 }
283
284 for(size_t i = blocks; i != length; ++i)
285 {
286 out[i] ^= in[i];
287 }
288 }

References typecast_copy().

Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::TLS::Connection_Cipher_State::aead_nonce(), aont_package(), aont_unpackage(), Botan::XMSS_WOTS_PublicKey::chain(), Botan::ChaCha::cipher(), Botan::CTR_BE::cipher(), Botan::OFB::cipher(), Botan::RC4::cipher(), Botan::Salsa20::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::DESX::decrypt_n(), Botan::Lion::decrypt_n(), Botan::BlockCipher::decrypt_n_xex(), Botan::Block_Cipher_Fixed_Params< BS, KMIN, KMAX, KMOD, BaseClass >::decrypt_n_xex(), Botan::DESX::encrypt_n(), Botan::Lion::encrypt_n(), Botan::BlockCipher::encrypt_n_xex(), Botan::Block_Cipher_Fixed_Params< BS, KMIN, KMAX, KMOD, BaseClass >::encrypt_n_xex(), Botan::CCM_Encryption::finish(), Botan::CCM_Decryption::finish(), Botan::EAX_Encryption::finish(), Botan::OCB_Encryption::finish(), Botan::OCB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CTS_Decryption::finish(), Botan::XTS_Encryption::finish(), Botan::XTS_Decryption::finish(), mgf1_mask(), operator^(), Botan::OctetString::operator^=(), operator^=(), pbkdf2(), Botan::CBC_Encryption::process(), Botan::CBC_Decryption::process(), Botan::CFB_Encryption::process(), Botan::SIV_Mode::S2V(), xor_buf(), xor_buf(), and xor_buf().

◆ zap()

template<typename T , typename Alloc >
void Botan::zap ( std::vector< T, Alloc > &  vec)

◆ zeroise()

template<typename T , typename Alloc >
void Botan::zeroise ( std::vector< T, Alloc > &  vec)

Variable Documentation

◆ allowed_signature_paddings

const std::map<const std::string, std::vector<std::string> > Botan::allowed_signature_paddings
Initial value:
=
{
{ "DSA", {"EMSA1"} },
{ "ECDSA", {"EMSA1"} },
{ "ECGDSA", {"EMSA1"} },
{ "ECKCDSA", {"EMSA1"} },
{ "GOST-34.10", {"EMSA1"} },
{ "GOST-34.10-2012-256", {"EMSA1"} },
{ "GOST-34.10-2012-512", {"EMSA1"} },
{ "RSA", {"EMSA4", "EMSA3"} },
}

Definition at line 20 of file padding.cpp.

21 {
22 { "DSA", {"EMSA1"} },
23 { "ECDSA", {"EMSA1"} },
24 { "ECGDSA", {"EMSA1"} },
25 { "ECKCDSA", {"EMSA1"} },
26 { "GOST-34.10", {"EMSA1"} },
27 { "GOST-34.10-2012-256", {"EMSA1"} },
28 { "GOST-34.10-2012-512", {"EMSA1"} },
29 { "RSA", {"EMSA4", "EMSA3"} },
30 };

Referenced by get_sig_paddings().

◆ CAST_SBOX1

const uint32_t Botan::CAST_SBOX1[256]

Definition at line 15 of file cast_sboxes.h.

15 {
16 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, 0x1E213F2F, 0x9C004DD3,
17 0x6003E540, 0xCF9FC949, 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
18 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, 0x28683B6F, 0xC07FD059,
19 0xFF2379C8, 0x775F50E2, 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
20 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, 0x2ABE32E1, 0xAA54166B,
21 0x22568E3A, 0xA2D341D0, 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
22 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, 0xB82CBAEF, 0xD751D159,
23 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
24 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, 0xB7332290, 0xE93B159F,
25 0xB48EE411, 0x4BFF345D, 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
26 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, 0x882240F2, 0x0C6E4F38,
27 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
28 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, 0x57538AD5, 0x6A390493,
29 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
30 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, 0x38901091, 0xC6B505EB,
31 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
32 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, 0x6C00B32D, 0x73E2BB14,
33 0xA0BEBC3C, 0x54623779, 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
34 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, 0x81383F05, 0x6963C5C8,
35 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
36 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, 0x31366241, 0x051EF495,
37 0xAA573B04, 0x4A805D8D, 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
38 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426,
39 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
40 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98,
41 0xE31231B2, 0x2AD5AD6C, 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
42 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD,
43 0x1B069505, 0x41ECE491, 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
44 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, 0xE01063DA, 0x4736F464,
45 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
46 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, 0x3F04442F, 0x6188B153,
47 0xE0397A2E, 0x5727CB79, 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
48 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, 0x4744EAD4, 0xB11C3274,
49 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
50 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, 0x580304F0, 0xCA042CF1,
51 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
52 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, 0x7C63B2CF, 0x700B45E1,
53 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
54 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, 0x474D6AD7, 0x7C0C5E5C,
55 0xD1231959, 0x381B7298, 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
56 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, 0x962BDA1C, 0xE1E696FF,
57 0xB141AB08, 0x7CCA89B9, 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
58 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF };

◆ CAST_SBOX2

const uint32_t Botan::CAST_SBOX2[256]

Definition at line 60 of file cast_sboxes.h.

60 {
61 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, 0xFE61CF7A, 0xEEC5207A,
62 0x55889C94, 0x72FC0651, 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
63 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605,
64 0xEE15B094, 0xE9FFD909, 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
65 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B,
66 0x25A1FF41, 0xE180F806, 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
67 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, 0xE113C85B, 0xACC40083,
68 0xD7503525, 0xF7EA615F, 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
69 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, 0x071F6181, 0x39F7627F,
70 0x361E3084, 0xE4EB573B, 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
71 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, 0x10843094, 0x2537A95E,
72 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
73 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, 0x8A45388C, 0x1D804366,
74 0x721D9BFD, 0xA58684BB, 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
75 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, 0xC5D655DD, 0xEB667064,
76 0x77840B4D, 0xA1B6A801, 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
77 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, 0xB5625DBF, 0x68561BE6,
78 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
79 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, 0x81ED6F61, 0x20E74364,
80 0xB45E1378, 0xDE18639B, 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
81 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, 0x488CB402, 0x1BA4FE5B,
82 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
83 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, 0xEE41E729, 0x6E1D2D7C,
84 0x50045286, 0x1E6685F3, 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
85 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, 0xCDFF33A6, 0xA02B1741,
86 0x7CBAD9A2, 0x2180036F, 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
87 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, 0xCDF0B680, 0x17844D3B,
88 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
89 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, 0xB3FAEC54, 0x157FD7FA,
90 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
91 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, 0xB8DA230C, 0x80823028,
92 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
93 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, 0x8B1C34BC, 0x301E16E6,
94 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
95 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1,
96 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
97 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB,
98 0x145892F5, 0x91584F7F, 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
99 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, 0xB284600C, 0xD835731D,
100 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
101 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, 0x649DA589, 0xA345415E,
102 0x5C038323, 0x3E5D3BB9, 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
103 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 };

◆ CAST_SBOX3

const uint32_t Botan::CAST_SBOX3[256]

Definition at line 105 of file cast_sboxes.h.

105 {
106 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, 0x47607FFF, 0x369FE44B,
107 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
108 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, 0x11107D9F, 0x07647DB9,
109 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
110 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD,
111 0x9255C5ED, 0x1257A240, 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
112 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, 0xA8C01DB7, 0x579FC264,
113 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
114 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, 0xA197C81C, 0x4A012D6E,
115 0xC5884A28, 0xCCC36F71, 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
116 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, 0xA747D2D0, 0x1651192E,
117 0xAF70BF3E, 0x58C31380, 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
118 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, 0x8427F4A0, 0x1EAC5790,
119 0x796FB449, 0x8252DC15, 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
120 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, 0x23EFE941, 0xA903F12E,
121 0x60270DF2, 0x0276E4B6, 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
122 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, 0x842F7D83, 0x340CE5C8,
123 0x96BBB682, 0x93B4B148, 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
124 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, 0x8B907CEE, 0xB51FD240,
125 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
126 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, 0xF76CEDD9, 0xBDA8229C,
127 0x127DADAA, 0x438A074E, 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
128 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, 0x68CC7BFB, 0xD90F2788,
129 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
130 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, 0x6D498623, 0x193CBCFA,
131 0x27627545, 0x825CF47A, 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
132 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, 0x285BA1C8, 0x3C62F44F,
133 0x35C0EAA5, 0xE805D231, 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
134 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, 0x694BCC11, 0x236A5CAE,
135 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
136 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, 0x3A609437, 0xEC00C9A9,
137 0x44715253, 0x0A874B49, 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
138 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, 0x07478CD1, 0x006E1888,
139 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
140 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, 0x947B0001, 0x570075D2,
141 0xF9BB88F8, 0x8942019E, 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
142 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2,
143 0xF1AC2571, 0xCC8239C2, 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
144 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, 0x5727C148, 0x2BE98A1D,
145 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
146 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, 0x642B1E31, 0x9C305A00,
147 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
148 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 };

◆ CAST_SBOX4

const uint32_t Botan::CAST_SBOX4[256]

Definition at line 150 of file cast_sboxes.h.

150 {
151 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, 0x4A4F7BDB, 0x64AD8C57,
152 0x85510443, 0xFA020ED1, 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
153 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD,
154 0xC9430040, 0x0CC32220, 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
155 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, 0x1A05645F, 0x0C13FEFE,
156 0x081B08CA, 0x05170121, 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
157 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, 0xCE84FFDF, 0xF5718801,
158 0x3DD64B04, 0xA26F263B, 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
159 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, 0xD3772061, 0x11B638E1,
160 0x72500E03, 0xF80EB2BB, 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
161 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, 0x4D351805, 0x7F3D5CE3,
162 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
163 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, 0x022083B8, 0x3FB6180C,
164 0x18F8931E, 0x281658E6, 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
165 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, 0x69DEAD38, 0x1574CA16,
166 0xDF871B62, 0x211C40B7, 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
167 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, 0x557BE8DE, 0x00EAE4A7,
168 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
169 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, 0x6E85CB75, 0xBE07C002,
170 0xC2325577, 0x893FF4EC, 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
171 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7,
172 0x041AFA32, 0x1D16625A, 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
173 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, 0x026A4CEB, 0x52437EFF,
174 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
175 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, 0x1741A254, 0xE5B6A035,
176 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
177 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, 0x63315C21, 0x5E0A72EC,
178 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
179 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E,
180 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
181 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6,
182 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
183 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, 0x29908415, 0x7FBB977F,
184 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
185 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, 0x77079103, 0xDEA03AF6,
186 0x78A8565E, 0xDEE356DF, 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
187 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2,
188 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
189 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA,
190 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
191 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, 0x41823979, 0x932BCDF6,
192 0xB657C34D, 0x4EDFD282, 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
193 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 };

◆ DES_SPBOX1

const uint32_t Botan::DES_SPBOX1

Definition at line 12 of file des_tab.cpp.

12 {
13 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
14 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
15 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
16 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
17 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
18 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
19 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
20 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
21 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
22 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
23 0x00010004, 0x00010400, 0x00000000, 0x01010004, 0x01010400, 0x00000000,
24 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
25 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004,
26 0x01000000, 0x00000004, 0x00000404, 0x01000400, 0x01000400, 0x00010400,
27 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004, 0x01000004,
28 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
29 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000,
30 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400, 0x01000004,
31 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004,
32 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
33 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400,
34 0x00000000, 0x01010004, 0x01010400, 0x00000000, 0x00010000, 0x01010404,
35 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400,
36 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
37 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000,
38 0x01010000, 0x01000404, 0x00010004, 0x01000004, 0x01000004, 0x00010004,
39 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404,
40 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
41 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004,
42 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404,
43 0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400,
44 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004,
45 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
46 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
47 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
48 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
49 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
50 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
51 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
52 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
53 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
54 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
55 0x00010004, 0x00010400, 0x00000000, 0x01010004 };

◆ DES_SPBOX2

const uint32_t Botan::DES_SPBOX2

Definition at line 57 of file des_tab.cpp.

57 {
58 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
59 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
60 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
61 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
62 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
63 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
64 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
65 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
66 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
67 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
68 0x80000000, 0x80100020, 0x80108020, 0x00108000, 0x80108020, 0x80008000,
69 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
70 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000,
71 0x00000020, 0x80100020, 0x00108000, 0x00100020, 0x80008020, 0x00000000,
72 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020, 0x80000020,
73 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
74 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000,
75 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020, 0x80108020,
76 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000,
77 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
78 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020,
79 0x80108020, 0x00108000, 0x80108020, 0x80008000, 0x00008000, 0x00108020,
80 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020,
81 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
82 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000,
83 0x00108020, 0x80100000, 0x00100020, 0x80000020, 0x00000000, 0x00108000,
84 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020,
85 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
86 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020,
87 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020,
88 0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000,
89 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000,
90 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
91 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
92 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
93 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
94 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
95 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
96 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
97 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
98 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
99 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
100 0x80000000, 0x80100020, 0x80108020, 0x00108000 };

◆ DES_SPBOX3

const uint32_t Botan::DES_SPBOX3

Definition at line 102 of file des_tab.cpp.

102 {
103 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
104 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
105 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
106 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
107 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
108 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
109 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
110 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
111 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
112 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
113 0x00020208, 0x00000008, 0x08020008, 0x00020200, 0x00000208, 0x08020200,
114 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
115 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008,
116 0x08020000, 0x00000208, 0x08000000, 0x00000008, 0x08020200, 0x00000200,
117 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208, 0x00020200,
118 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
119 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200,
120 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208, 0x08000200,
121 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000,
122 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
123 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008,
124 0x08020008, 0x00020200, 0x00000208, 0x08020200, 0x00000000, 0x08020008,
125 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008,
126 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
127 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000,
128 0x08020008, 0x00020208, 0x08000208, 0x00020200, 0x00020000, 0x08000208,
129 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000,
130 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
131 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200,
132 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208,
133 0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208,
134 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200,
135 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
136 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
137 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
138 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
139 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
140 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
141 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
142 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
143 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
144 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
145 0x00020208, 0x00000008, 0x08020008, 0x00020200 };

◆ DES_SPBOX4

const uint32_t Botan::DES_SPBOX4

Definition at line 147 of file des_tab.cpp.

147 {
148 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
149 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
150 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
151 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
152 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
153 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
155 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
156 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
157 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
158 0x00000080, 0x00800000, 0x00002000, 0x00802080, 0x00802001, 0x00002081,
159 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
160 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000,
161 0x00800080, 0x00800001, 0x00000001, 0x00002000, 0x00800000, 0x00802001,
162 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081, 0x00000001,
163 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
164 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000,
165 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081, 0x00000001,
166 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081,
167 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
168 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000,
169 0x00002000, 0x00802080, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
170 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000,
171 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
172 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000,
173 0x00002001, 0x00002080, 0x00800081, 0x00000001, 0x00002080, 0x00800080,
174 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001,
175 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
176 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081,
177 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000,
178 0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080,
179 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080,
180 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
181 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
182 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
183 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
184 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
185 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
186 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
187 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
188 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
189 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
190 0x00000080, 0x00800000, 0x00002000, 0x00802080 };

◆ DES_SPBOX5

const uint32_t Botan::DES_SPBOX5

Definition at line 192 of file des_tab.cpp.

192 {
193 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
194 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
195 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
196 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
197 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
198 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
199 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
200 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
201 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
202 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
203 0x00000000, 0x40080000, 0x02080100, 0x40000100, 0x00000100, 0x02080100,
204 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
205 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000,
206 0x00080100, 0x40000000, 0x02000000, 0x40080000, 0x40080000, 0x00000000,
207 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000, 0x40000100,
208 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
209 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000,
210 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000, 0x02080100,
211 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100,
212 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
213 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000,
214 0x02080100, 0x40000100, 0x00000100, 0x02080100, 0x02080000, 0x42000100,
215 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000,
216 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
217 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100,
218 0x42080100, 0x02000100, 0x42080000, 0x40000100, 0x00000000, 0x42000000,
219 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100,
220 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
221 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100,
222 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100,
223 0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100,
224 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100,
225 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
226 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
227 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
228 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
229 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
230 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
231 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
232 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
233 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
234 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
235 0x00000000, 0x40080000, 0x02080100, 0x40000100 };

◆ DES_SPBOX6

const uint32_t Botan::DES_SPBOX6

Definition at line 237 of file des_tab.cpp.

237 {
238 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
239 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
240 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
241 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
242 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
243 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
244 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
245 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
246 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
247 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
248 0x20404000, 0x20000000, 0x00400010, 0x20004010, 0x20000010, 0x20400000,
249 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
250 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000,
251 0x20000000, 0x00004010, 0x00000000, 0x00400010, 0x20004010, 0x00004000,
252 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010, 0x00000000,
253 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
254 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000,
255 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000, 0x00004010,
256 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000,
257 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
258 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000,
259 0x00400010, 0x20004010, 0x20000010, 0x20400000, 0x00004000, 0x20404010,
260 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010,
261 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
262 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010,
263 0x00000010, 0x20400010, 0x20400010, 0x00000000, 0x00404010, 0x20404000,
264 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010,
265 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
266 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010,
267 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010,
268 0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010,
269 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010,
270 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
271 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
272 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
273 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
274 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
275 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
276 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
277 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
278 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
279 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
280 0x20404000, 0x20000000, 0x00400010, 0x20004010 };

◆ DES_SPBOX7

const uint32_t Botan::DES_SPBOX7

Definition at line 282 of file des_tab.cpp.

282 {
283 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
284 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
285 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
286 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
287 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
288 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
289 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
290 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
291 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
292 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
293 0x04000002, 0x04000800, 0x00000800, 0x00200002, 0x00200000, 0x04200002,
294 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
295 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000,
296 0x04200002, 0x00000802, 0x04000800, 0x00200802, 0x00200002, 0x04000800,
297 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000, 0x00000800,
298 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
299 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002,
300 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800, 0x00200000,
301 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002,
302 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
303 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800,
304 0x00000800, 0x00200002, 0x00200000, 0x04200002, 0x04000802, 0x00000000,
305 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000,
306 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
307 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000,
308 0x04200800, 0x00200002, 0x04200000, 0x00000800, 0x00000802, 0x04200802,
309 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800,
310 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
311 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802,
312 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000,
313 0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802,
314 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002,
315 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
316 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
317 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
318 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
319 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
320 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
321 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
322 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
323 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
324 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
325 0x04000002, 0x04000800, 0x00000800, 0x00200002 };

◆ DES_SPBOX8

const uint32_t Botan::DES_SPBOX8

Definition at line 327 of file des_tab.cpp.

327 {
328 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
329 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
330 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
331 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
332 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
333 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
334 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
335 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
336 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
337 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
338 0x00001040, 0x00040040, 0x10000000, 0x10041000, 0x10001040, 0x00001000,
339 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
340 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040,
341 0x00001000, 0x00000040, 0x10040000, 0x10000040, 0x10001000, 0x00001040,
342 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040, 0x00000000,
343 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
344 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040,
345 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040, 0x10040000,
346 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040,
347 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
348 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040,
349 0x10000000, 0x10041000, 0x10001040, 0x00001000, 0x00040000, 0x10041040,
350 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000,
351 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
352 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040,
353 0x10040040, 0x10041000, 0x00001040, 0x00000000, 0x00000000, 0x10040040,
354 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000,
355 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
356 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000,
357 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040,
358 0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000,
359 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000,
360 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
361 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
362 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
363 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
364 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
365 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
366 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
367 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
368 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
369 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
370 0x00001040, 0x00040040, 0x10000000, 0x10041000 };

◆ HEX_CODEC_BUFFER_SIZE

const size_t Botan::HEX_CODEC_BUFFER_SIZE = 256

Size used for internal buffer in hex encoder/decoder

Definition at line 18 of file hex_filt.cpp.

Referenced by Botan::Hex_Decoder::Hex_Decoder(), Botan::Hex_Encoder::Hex_Encoder(), and Botan::Hex_Encoder::Hex_Encoder().

◆ MP_WORD_MAX

const word Botan::MP_WORD_MAX = ~static_cast<word>(0)

Definition at line 22 of file mp_core.h.

Referenced by monty_inverse(), redc_p521(), and vartime_divide().

◆ PRIME_TABLE_SIZE

const size_t Botan::PRIME_TABLE_SIZE = 6541

The size of the PRIMES[] array

Definition at line 287 of file numthry.h.

Referenced by Botan::DL_Group::DL_Group(), is_prime(), and random_prime().

◆ PRIMES

const uint16_t Botan::PRIMES

A const array of all odd primes less than 65535

Definition at line 12 of file primes.cpp.

12 {
13 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
14 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83,
15 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139,
16 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197,
17 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
18 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331,
19 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397,
20 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461,
21 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541,
22 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607,
23 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673,
24 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751,
25 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827,
26 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907,
27 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
28 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051,
29 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123,
30 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, 1217,
31 1223, 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 1289, 1291,
32 1297, 1301, 1303, 1307, 1319, 1321, 1327, 1361, 1367, 1373, 1381,
33 1399, 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
34 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 1523, 1531, 1543,
35 1549, 1553, 1559, 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
36 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 1697,
37 1699, 1709, 1721, 1723, 1733, 1741, 1747, 1753, 1759, 1777, 1783,
38 1787, 1789, 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, 1873,
39 1877, 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 1951, 1973,
40 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, 2027, 2029, 2039,
41 2053, 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
42 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 2207, 2213, 2221,
43 2237, 2239, 2243, 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
44 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 2381,
45 2383, 2389, 2393, 2399, 2411, 2417, 2423, 2437, 2441, 2447, 2459,
46 2467, 2473, 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, 2557,
47 2579, 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 2659, 2663,
48 2671, 2677, 2683, 2687, 2689, 2693, 2699, 2707, 2711, 2713, 2719,
49 2729, 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
50 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 2879, 2887, 2897,
51 2903, 2909, 2917, 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
52 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 3083,
53 3089, 3109, 3119, 3121, 3137, 3163, 3167, 3169, 3181, 3187, 3191,
54 3203, 3209, 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, 3299,
55 3301, 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, 3359, 3361,
56 3371, 3373, 3389, 3391, 3407, 3413, 3433, 3449, 3457, 3461, 3463,
57 3467, 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
58 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, 3613, 3617, 3623,
59 3631, 3637, 3643, 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
60 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, 3803,
61 3821, 3823, 3833, 3847, 3851, 3853, 3863, 3877, 3881, 3889, 3907,
62 3911, 3917, 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, 4001,
63 4003, 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 4073, 4079,
64 4091, 4093, 4099, 4111, 4127, 4129, 4133, 4139, 4153, 4157, 4159,
65 4177, 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
66 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, 4339, 4349, 4357,
67 4363, 4373, 4391, 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
68 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, 4549,
69 4561, 4567, 4583, 4591, 4597, 4603, 4621, 4637, 4639, 4643, 4649,
70 4651, 4657, 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, 4733,
71 4751, 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, 4817, 4831,
72 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, 4943,
73 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
74 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, 5099, 5101, 5107,
75 5113, 5119, 5147, 5153, 5167, 5171, 5179, 5189, 5197, 5209, 5227,
76 5231, 5233, 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, 5323,
77 5333, 5347, 5351, 5381, 5387, 5393, 5399, 5407, 5413, 5417, 5419,
78 5431, 5437, 5441, 5443, 5449, 5471, 5477, 5479, 5483, 5501, 5503,
79 5507, 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, 5581, 5591,
80 5623, 5639, 5641, 5647, 5651, 5653, 5657, 5659, 5669, 5683, 5689,
81 5693, 5701, 5711, 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
82 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, 5851, 5857, 5861,
83 5867, 5869, 5879, 5881, 5897, 5903, 5923, 5927, 5939, 5953, 5981,
84 5987, 6007, 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, 6079,
85 6089, 6091, 6101, 6113, 6121, 6131, 6133, 6143, 6151, 6163, 6173,
86 6197, 6199, 6203, 6211, 6217, 6221, 6229, 6247, 6257, 6263, 6269,
87 6271, 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, 6337, 6343,
88 6353, 6359, 6361, 6367, 6373, 6379, 6389, 6397, 6421, 6427, 6449,
89 6451, 6469, 6473, 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
90 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, 6653, 6659, 6661,
91 6673, 6679, 6689, 6691, 6701, 6703, 6709, 6719, 6733, 6737, 6761,
92 6763, 6779, 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, 6841,
93 6857, 6863, 6869, 6871, 6883, 6899, 6907, 6911, 6917, 6947, 6949,
94 6959, 6961, 6967, 6971, 6977, 6983, 6991, 6997, 7001, 7013, 7019,
95 7027, 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, 7127, 7129,
96 7151, 7159, 7177, 7187, 7193, 7207, 7211, 7213, 7219, 7229, 7237,
97 7243, 7247, 7253, 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
98 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, 7459, 7477, 7481,
99 7487, 7489, 7499, 7507, 7517, 7523, 7529, 7537, 7541, 7547, 7549,
100 7559, 7561, 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, 7639,
101 7643, 7649, 7669, 7673, 7681, 7687, 7691, 7699, 7703, 7717, 7723,
102 7727, 7741, 7753, 7757, 7759, 7789, 7793, 7817, 7823, 7829, 7841,
103 7853, 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, 7927, 7933,
104 7937, 7949, 7951, 7963, 7993, 8009, 8011, 8017, 8039, 8053, 8059,
105 8069, 8081, 8087, 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
106 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, 8233, 8237, 8243,
107 8263, 8269, 8273, 8287, 8291, 8293, 8297, 8311, 8317, 8329, 8353,
108 8363, 8369, 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, 8447,
109 8461, 8467, 8501, 8513, 8521, 8527, 8537, 8539, 8543, 8563, 8573,
110 8581, 8597, 8599, 8609, 8623, 8627, 8629, 8641, 8647, 8663, 8669,
111 8677, 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, 8737, 8741,
112 8747, 8753, 8761, 8779, 8783, 8803, 8807, 8819, 8821, 8831, 8837,
113 8839, 8849, 8861, 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
114 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, 9013, 9029, 9041,
115 9043, 9049, 9059, 9067, 9091, 9103, 9109, 9127, 9133, 9137, 9151,
116 9157, 9161, 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, 9239,
117 9241, 9257, 9277, 9281, 9283, 9293, 9311, 9319, 9323, 9337, 9341,
118 9343, 9349, 9371, 9377, 9391, 9397, 9403, 9413, 9419, 9421, 9431,
119 9433, 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, 9497, 9511,
120 9521, 9533, 9539, 9547, 9551, 9587, 9601, 9613, 9619, 9623, 9629,
121 9631, 9643, 9649, 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
122 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, 9803, 9811, 9817,
123 9829, 9833, 9839, 9851, 9857, 9859, 9871, 9883, 9887, 9901, 9907,
124 9923, 9929, 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, 10039,
12510061, 10067, 10069, 10079, 10091, 10093, 10099, 10103, 10111, 10133, 10139,
12610141, 10151, 10159, 10163, 10169, 10177, 10181, 10193, 10211, 10223, 10243,
12710247, 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, 10313, 10321,
12810331, 10333, 10337, 10343, 10357, 10369, 10391, 10399, 10427, 10429, 10433,
12910453, 10457, 10459, 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
13010559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, 10631, 10639, 10651,
13110657, 10663, 10667, 10687, 10691, 10709, 10711, 10723, 10729, 10733, 10739,
13210753, 10771, 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, 10861,
13310867, 10883, 10889, 10891, 10903, 10909, 10937, 10939, 10949, 10957, 10973,
13410979, 10987, 10993, 11003, 11027, 11047, 11057, 11059, 11069, 11071, 11083,
13511087, 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, 11171, 11173,
13611177, 11197, 11213, 11239, 11243, 11251, 11257, 11261, 11273, 11279, 11287,
13711299, 11311, 11317, 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
13811411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, 11489, 11491, 11497,
13911503, 11519, 11527, 11549, 11551, 11579, 11587, 11593, 11597, 11617, 11621,
14011633, 11657, 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, 11743,
14111777, 11779, 11783, 11789, 11801, 11807, 11813, 11821, 11827, 11831, 11833,
14211839, 11863, 11867, 11887, 11897, 11903, 11909, 11923, 11927, 11933, 11939,
14311941, 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, 12037, 12041,
14412043, 12049, 12071, 12073, 12097, 12101, 12107, 12109, 12113, 12119, 12143,
14512149, 12157, 12161, 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
14612253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, 12329, 12343, 12347,
14712373, 12377, 12379, 12391, 12401, 12409, 12413, 12421, 12433, 12437, 12451,
14812457, 12473, 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, 12539,
14912541, 12547, 12553, 12569, 12577, 12583, 12589, 12601, 12611, 12613, 12619,
15012637, 12641, 12647, 12653, 12659, 12671, 12689, 12697, 12703, 12713, 12721,
15112739, 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, 12823, 12829,
15212841, 12853, 12889, 12893, 12899, 12907, 12911, 12917, 12919, 12923, 12941,
15312953, 12959, 12967, 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
15413037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, 13121, 13127, 13147,
15513151, 13159, 13163, 13171, 13177, 13183, 13187, 13217, 13219, 13229, 13241,
15613249, 13259, 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, 13339,
15713367, 13381, 13397, 13399, 13411, 13417, 13421, 13441, 13451, 13457, 13463,
15813469, 13477, 13487, 13499, 13513, 13523, 13537, 13553, 13567, 13577, 13591,
15913597, 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, 13687, 13691,
16013693, 13697, 13709, 13711, 13721, 13723, 13729, 13751, 13757, 13759, 13763,
16113781, 13789, 13799, 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
16213883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, 13963, 13967, 13997,
16313999, 14009, 14011, 14029, 14033, 14051, 14057, 14071, 14081, 14083, 14087,
16414107, 14143, 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, 14243,
16514249, 14251, 14281, 14293, 14303, 14321, 14323, 14327, 14341, 14347, 14369,
16614387, 14389, 14401, 14407, 14411, 14419, 14423, 14431, 14437, 14447, 14449,
16714461, 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, 14551, 14557,
16814561, 14563, 14591, 14593, 14621, 14627, 14629, 14633, 14639, 14653, 14657,
16914669, 14683, 14699, 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
17014759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, 14827, 14831, 14843,
17114851, 14867, 14869, 14879, 14887, 14891, 14897, 14923, 14929, 14939, 14947,
17214951, 14957, 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, 15077,
17315083, 15091, 15101, 15107, 15121, 15131, 15137, 15139, 15149, 15161, 15173,
17415187, 15193, 15199, 15217, 15227, 15233, 15241, 15259, 15263, 15269, 15271,
17515277, 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, 15349, 15359,
17615361, 15373, 15377, 15383, 15391, 15401, 15413, 15427, 15439, 15443, 15451,
17715461, 15467, 15473, 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
17815581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, 15647, 15649, 15661,
17915667, 15671, 15679, 15683, 15727, 15731, 15733, 15737, 15739, 15749, 15761,
18015767, 15773, 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, 15877,
18115881, 15887, 15889, 15901, 15907, 15913, 15919, 15923, 15937, 15959, 15971,
18215973, 15991, 16001, 16007, 16033, 16057, 16061, 16063, 16067, 16069, 16073,
18316087, 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, 16187, 16189,
18416193, 16217, 16223, 16229, 16231, 16249, 16253, 16267, 16273, 16301, 16319,
18516333, 16339, 16349, 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
18616433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, 16519, 16529, 16547,
18716553, 16561, 16567, 16573, 16603, 16607, 16619, 16631, 16633, 16649, 16651,
18816657, 16661, 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, 16759,
18916763, 16787, 16811, 16823, 16829, 16831, 16843, 16871, 16879, 16883, 16889,
19016901, 16903, 16921, 16927, 16931, 16937, 16943, 16963, 16979, 16981, 16987,
19116993, 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, 17077, 17093,
19217099, 17107, 17117, 17123, 17137, 17159, 17167, 17183, 17189, 17191, 17203,
19317207, 17209, 17231, 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
19417333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, 17393, 17401, 17417,
19517419, 17431, 17443, 17449, 17467, 17471, 17477, 17483, 17489, 17491, 17497,
19617509, 17519, 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, 17609,
19717623, 17627, 17657, 17659, 17669, 17681, 17683, 17707, 17713, 17729, 17737,
19817747, 17749, 17761, 17783, 17789, 17791, 17807, 17827, 17837, 17839, 17851,
19917863, 17881, 17891, 17903, 17909, 17911, 17921, 17923, 17929, 17939, 17957,
20017959, 17971, 17977, 17981, 17987, 17989, 18013, 18041, 18043, 18047, 18049,
20118059, 18061, 18077, 18089, 18097, 18119, 18121, 18127, 18131, 18133, 18143,
20218149, 18169, 18181, 18191, 18199, 18211, 18217, 18223, 18229, 18233, 18251,
20318253, 18257, 18269, 18287, 18289, 18301, 18307, 18311, 18313, 18329, 18341,
20418353, 18367, 18371, 18379, 18397, 18401, 18413, 18427, 18433, 18439, 18443,
20518451, 18457, 18461, 18481, 18493, 18503, 18517, 18521, 18523, 18539, 18541,
20618553, 18583, 18587, 18593, 18617, 18637, 18661, 18671, 18679, 18691, 18701,
20718713, 18719, 18731, 18743, 18749, 18757, 18773, 18787, 18793, 18797, 18803,
20818839, 18859, 18869, 18899, 18911, 18913, 18917, 18919, 18947, 18959, 18973,
20918979, 19001, 19009, 19013, 19031, 19037, 19051, 19069, 19073, 19079, 19081,
21019087, 19121, 19139, 19141, 19157, 19163, 19181, 19183, 19207, 19211, 19213,
21119219, 19231, 19237, 19249, 19259, 19267, 19273, 19289, 19301, 19309, 19319,
21219333, 19373, 19379, 19381, 19387, 19391, 19403, 19417, 19421, 19423, 19427,
21319429, 19433, 19441, 19447, 19457, 19463, 19469, 19471, 19477, 19483, 19489,
21419501, 19507, 19531, 19541, 19543, 19553, 19559, 19571, 19577, 19583, 19597,
21519603, 19609, 19661, 19681, 19687, 19697, 19699, 19709, 19717, 19727, 19739,
21619751, 19753, 19759, 19763, 19777, 19793, 19801, 19813, 19819, 19841, 19843,
21719853, 19861, 19867, 19889, 19891, 19913, 19919, 19927, 19937, 19949, 19961,
21819963, 19973, 19979, 19991, 19993, 19997, 20011, 20021, 20023, 20029, 20047,
21920051, 20063, 20071, 20089, 20101, 20107, 20113, 20117, 20123, 20129, 20143,
22020147, 20149, 20161, 20173, 20177, 20183, 20201, 20219, 20231, 20233, 20249,
22120261, 20269, 20287, 20297, 20323, 20327, 20333, 20341, 20347, 20353, 20357,
22220359, 20369, 20389, 20393, 20399, 20407, 20411, 20431, 20441, 20443, 20477,
22320479, 20483, 20507, 20509, 20521, 20533, 20543, 20549, 20551, 20563, 20593,
22420599, 20611, 20627, 20639, 20641, 20663, 20681, 20693, 20707, 20717, 20719,
22520731, 20743, 20747, 20749, 20753, 20759, 20771, 20773, 20789, 20807, 20809,
22620849, 20857, 20873, 20879, 20887, 20897, 20899, 20903, 20921, 20929, 20939,
22720947, 20959, 20963, 20981, 20983, 21001, 21011, 21013, 21017, 21019, 21023,
22821031, 21059, 21061, 21067, 21089, 21101, 21107, 21121, 21139, 21143, 21149,
22921157, 21163, 21169, 21179, 21187, 21191, 21193, 21211, 21221, 21227, 21247,
23021269, 21277, 21283, 21313, 21317, 21319, 21323, 21341, 21347, 21377, 21379,
23121383, 21391, 21397, 21401, 21407, 21419, 21433, 21467, 21481, 21487, 21491,
23221493, 21499, 21503, 21517, 21521, 21523, 21529, 21557, 21559, 21563, 21569,
23321577, 21587, 21589, 21599, 21601, 21611, 21613, 21617, 21647, 21649, 21661,
23421673, 21683, 21701, 21713, 21727, 21737, 21739, 21751, 21757, 21767, 21773,
23521787, 21799, 21803, 21817, 21821, 21839, 21841, 21851, 21859, 21863, 21871,
23621881, 21893, 21911, 21929, 21937, 21943, 21961, 21977, 21991, 21997, 22003,
23722013, 22027, 22031, 22037, 22039, 22051, 22063, 22067, 22073, 22079, 22091,
23822093, 22109, 22111, 22123, 22129, 22133, 22147, 22153, 22157, 22159, 22171,
23922189, 22193, 22229, 22247, 22259, 22271, 22273, 22277, 22279, 22283, 22291,
24022303, 22307, 22343, 22349, 22367, 22369, 22381, 22391, 22397, 22409, 22433,
24122441, 22447, 22453, 22469, 22481, 22483, 22501, 22511, 22531, 22541, 22543,
24222549, 22567, 22571, 22573, 22613, 22619, 22621, 22637, 22639, 22643, 22651,
24322669, 22679, 22691, 22697, 22699, 22709, 22717, 22721, 22727, 22739, 22741,
24422751, 22769, 22777, 22783, 22787, 22807, 22811, 22817, 22853, 22859, 22861,
24522871, 22877, 22901, 22907, 22921, 22937, 22943, 22961, 22963, 22973, 22993,
24623003, 23011, 23017, 23021, 23027, 23029, 23039, 23041, 23053, 23057, 23059,
24723063, 23071, 23081, 23087, 23099, 23117, 23131, 23143, 23159, 23167, 23173,
24823189, 23197, 23201, 23203, 23209, 23227, 23251, 23269, 23279, 23291, 23293,
24923297, 23311, 23321, 23327, 23333, 23339, 23357, 23369, 23371, 23399, 23417,
25023431, 23447, 23459, 23473, 23497, 23509, 23531, 23537, 23539, 23549, 23557,
25123561, 23563, 23567, 23581, 23593, 23599, 23603, 23609, 23623, 23627, 23629,
25223633, 23663, 23669, 23671, 23677, 23687, 23689, 23719, 23741, 23743, 23747,
25323753, 23761, 23767, 23773, 23789, 23801, 23813, 23819, 23827, 23831, 23833,
25423857, 23869, 23873, 23879, 23887, 23893, 23899, 23909, 23911, 23917, 23929,
25523957, 23971, 23977, 23981, 23993, 24001, 24007, 24019, 24023, 24029, 24043,
25624049, 24061, 24071, 24077, 24083, 24091, 24097, 24103, 24107, 24109, 24113,
25724121, 24133, 24137, 24151, 24169, 24179, 24181, 24197, 24203, 24223, 24229,
25824239, 24247, 24251, 24281, 24317, 24329, 24337, 24359, 24371, 24373, 24379,
25924391, 24407, 24413, 24419, 24421, 24439, 24443, 24469, 24473, 24481, 24499,
26024509, 24517, 24527, 24533, 24547, 24551, 24571, 24593, 24611, 24623, 24631,
26124659, 24671, 24677, 24683, 24691, 24697, 24709, 24733, 24749, 24763, 24767,
26224781, 24793, 24799, 24809, 24821, 24841, 24847, 24851, 24859, 24877, 24889,
26324907, 24917, 24919, 24923, 24943, 24953, 24967, 24971, 24977, 24979, 24989,
26425013, 25031, 25033, 25037, 25057, 25073, 25087, 25097, 25111, 25117, 25121,
26525127, 25147, 25153, 25163, 25169, 25171, 25183, 25189, 25219, 25229, 25237,
26625243, 25247, 25253, 25261, 25301, 25303, 25307, 25309, 25321, 25339, 25343,
26725349, 25357, 25367, 25373, 25391, 25409, 25411, 25423, 25439, 25447, 25453,
26825457, 25463, 25469, 25471, 25523, 25537, 25541, 25561, 25577, 25579, 25583,
26925589, 25601, 25603, 25609, 25621, 25633, 25639, 25643, 25657, 25667, 25673,
27025679, 25693, 25703, 25717, 25733, 25741, 25747, 25759, 25763, 25771, 25793,
27125799, 25801, 25819, 25841, 25847, 25849, 25867, 25873, 25889, 25903, 25913,
27225919, 25931, 25933, 25939, 25943, 25951, 25969, 25981, 25997, 25999, 26003,
27326017, 26021, 26029, 26041, 26053, 26083, 26099, 26107, 26111, 26113, 26119,
27426141, 26153, 26161, 26171, 26177, 26183, 26189, 26203, 26209, 26227, 26237,
27526249, 26251, 26261, 26263, 26267, 26293, 26297, 26309, 26317, 26321, 26339,
27626347, 26357, 26371, 26387, 26393, 26399, 26407, 26417, 26423, 26431, 26437,
27726449, 26459, 26479, 26489, 26497, 26501, 26513, 26539, 26557, 26561, 26573,
27826591, 26597, 26627, 26633, 26641, 26647, 26669, 26681, 26683, 26687, 26693,
27926699, 26701, 26711, 26713, 26717, 26723, 26729, 26731, 26737, 26759, 26777,
28026783, 26801, 26813, 26821, 26833, 26839, 26849, 26861, 26863, 26879, 26881,
28126891, 26893, 26903, 26921, 26927, 26947, 26951, 26953, 26959, 26981, 26987,
28226993, 27011, 27017, 27031, 27043, 27059, 27061, 27067, 27073, 27077, 27091,
28327103, 27107, 27109, 27127, 27143, 27179, 27191, 27197, 27211, 27239, 27241,
28427253, 27259, 27271, 27277, 27281, 27283, 27299, 27329, 27337, 27361, 27367,
28527397, 27407, 27409, 27427, 27431, 27437, 27449, 27457, 27479, 27481, 27487,
28627509, 27527, 27529, 27539, 27541, 27551, 27581, 27583, 27611, 27617, 27631,
28727647, 27653, 27673, 27689, 27691, 27697, 27701, 27733, 27737, 27739, 27743,
28827749, 27751, 27763, 27767, 27773, 27779, 27791, 27793, 27799, 27803, 27809,
28927817, 27823, 27827, 27847, 27851, 27883, 27893, 27901, 27917, 27919, 27941,
29027943, 27947, 27953, 27961, 27967, 27983, 27997, 28001, 28019, 28027, 28031,
29128051, 28057, 28069, 28081, 28087, 28097, 28099, 28109, 28111, 28123, 28151,
29228163, 28181, 28183, 28201, 28211, 28219, 28229, 28277, 28279, 28283, 28289,
29328297, 28307, 28309, 28319, 28349, 28351, 28387, 28393, 28403, 28409, 28411,
29428429, 28433, 28439, 28447, 28463, 28477, 28493, 28499, 28513, 28517, 28537,
29528541, 28547, 28549, 28559, 28571, 28573, 28579, 28591, 28597, 28603, 28607,
29628619, 28621, 28627, 28631, 28643, 28649, 28657, 28661, 28663, 28669, 28687,
29728697, 28703, 28711, 28723, 28729, 28751, 28753, 28759, 28771, 28789, 28793,
29828807, 28813, 28817, 28837, 28843, 28859, 28867, 28871, 28879, 28901, 28909,
29928921, 28927, 28933, 28949, 28961, 28979, 29009, 29017, 29021, 29023, 29027,
30029033, 29059, 29063, 29077, 29101, 29123, 29129, 29131, 29137, 29147, 29153,
30129167, 29173, 29179, 29191, 29201, 29207, 29209, 29221, 29231, 29243, 29251,
30229269, 29287, 29297, 29303, 29311, 29327, 29333, 29339, 29347, 29363, 29383,
30329387, 29389, 29399, 29401, 29411, 29423, 29429, 29437, 29443, 29453, 29473,
30429483, 29501, 29527, 29531, 29537, 29567, 29569, 29573, 29581, 29587, 29599,
30529611, 29629, 29633, 29641, 29663, 29669, 29671, 29683, 29717, 29723, 29741,
30629753, 29759, 29761, 29789, 29803, 29819, 29833, 29837, 29851, 29863, 29867,
30729873, 29879, 29881, 29917, 29921, 29927, 29947, 29959, 29983, 29989, 30011,
30830013, 30029, 30047, 30059, 30071, 30089, 30091, 30097, 30103, 30109, 30113,
30930119, 30133, 30137, 30139, 30161, 30169, 30181, 30187, 30197, 30203, 30211,
31030223, 30241, 30253, 30259, 30269, 30271, 30293, 30307, 30313, 30319, 30323,
31130341, 30347, 30367, 30389, 30391, 30403, 30427, 30431, 30449, 30467, 30469,
31230491, 30493, 30497, 30509, 30517, 30529, 30539, 30553, 30557, 30559, 30577,
31330593, 30631, 30637, 30643, 30649, 30661, 30671, 30677, 30689, 30697, 30703,
31430707, 30713, 30727, 30757, 30763, 30773, 30781, 30803, 30809, 30817, 30829,
31530839, 30841, 30851, 30853, 30859, 30869, 30871, 30881, 30893, 30911, 30931,
31630937, 30941, 30949, 30971, 30977, 30983, 31013, 31019, 31033, 31039, 31051,
31731063, 31069, 31079, 31081, 31091, 31121, 31123, 31139, 31147, 31151, 31153,
31831159, 31177, 31181, 31183, 31189, 31193, 31219, 31223, 31231, 31237, 31247,
31931249, 31253, 31259, 31267, 31271, 31277, 31307, 31319, 31321, 31327, 31333,
32031337, 31357, 31379, 31387, 31391, 31393, 31397, 31469, 31477, 31481, 31489,
32131511, 31513, 31517, 31531, 31541, 31543, 31547, 31567, 31573, 31583, 31601,
32231607, 31627, 31643, 31649, 31657, 31663, 31667, 31687, 31699, 31721, 31723,
32331727, 31729, 31741, 31751, 31769, 31771, 31793, 31799, 31817, 31847, 31849,
32431859, 31873, 31883, 31891, 31907, 31957, 31963, 31973, 31981, 31991, 32003,
32532009, 32027, 32029, 32051, 32057, 32059, 32063, 32069, 32077, 32083, 32089,
32632099, 32117, 32119, 32141, 32143, 32159, 32173, 32183, 32189, 32191, 32203,
32732213, 32233, 32237, 32251, 32257, 32261, 32297, 32299, 32303, 32309, 32321,
32832323, 32327, 32341, 32353, 32359, 32363, 32369, 32371, 32377, 32381, 32401,
32932411, 32413, 32423, 32429, 32441, 32443, 32467, 32479, 32491, 32497, 32503,
33032507, 32531, 32533, 32537, 32561, 32563, 32569, 32573, 32579, 32587, 32603,
33132609, 32611, 32621, 32633, 32647, 32653, 32687, 32693, 32707, 32713, 32717,
33232719, 32749, 32771, 32779, 32783, 32789, 32797, 32801, 32803, 32831, 32833,
33332839, 32843, 32869, 32887, 32909, 32911, 32917, 32933, 32939, 32941, 32957,
33432969, 32971, 32983, 32987, 32993, 32999, 33013, 33023, 33029, 33037, 33049,
33533053, 33071, 33073, 33083, 33091, 33107, 33113, 33119, 33149, 33151, 33161,
33633179, 33181, 33191, 33199, 33203, 33211, 33223, 33247, 33287, 33289, 33301,
33733311, 33317, 33329, 33331, 33343, 33347, 33349, 33353, 33359, 33377, 33391,
33833403, 33409, 33413, 33427, 33457, 33461, 33469, 33479, 33487, 33493, 33503,
33933521, 33529, 33533, 33547, 33563, 33569, 33577, 33581, 33587, 33589, 33599,
34033601, 33613, 33617, 33619, 33623, 33629, 33637, 33641, 33647, 33679, 33703,
34133713, 33721, 33739, 33749, 33751, 33757, 33767, 33769, 33773, 33791, 33797,
34233809, 33811, 33827, 33829, 33851, 33857, 33863, 33871, 33889, 33893, 33911,
34333923, 33931, 33937, 33941, 33961, 33967, 33997, 34019, 34031, 34033, 34039,
34434057, 34061, 34123, 34127, 34129, 34141, 34147, 34157, 34159, 34171, 34183,
34534211, 34213, 34217, 34231, 34253, 34259, 34261, 34267, 34273, 34283, 34297,
34634301, 34303, 34313, 34319, 34327, 34337, 34351, 34361, 34367, 34369, 34381,
34734403, 34421, 34429, 34439, 34457, 34469, 34471, 34483, 34487, 34499, 34501,
34834511, 34513, 34519, 34537, 34543, 34549, 34583, 34589, 34591, 34603, 34607,
34934613, 34631, 34649, 34651, 34667, 34673, 34679, 34687, 34693, 34703, 34721,
35034729, 34739, 34747, 34757, 34759, 34763, 34781, 34807, 34819, 34841, 34843,
35134847, 34849, 34871, 34877, 34883, 34897, 34913, 34919, 34939, 34949, 34961,
35234963, 34981, 35023, 35027, 35051, 35053, 35059, 35069, 35081, 35083, 35089,
35335099, 35107, 35111, 35117, 35129, 35141, 35149, 35153, 35159, 35171, 35201,
35435221, 35227, 35251, 35257, 35267, 35279, 35281, 35291, 35311, 35317, 35323,
35535327, 35339, 35353, 35363, 35381, 35393, 35401, 35407, 35419, 35423, 35437,
35635447, 35449, 35461, 35491, 35507, 35509, 35521, 35527, 35531, 35533, 35537,
35735543, 35569, 35573, 35591, 35593, 35597, 35603, 35617, 35671, 35677, 35729,
35835731, 35747, 35753, 35759, 35771, 35797, 35801, 35803, 35809, 35831, 35837,
35935839, 35851, 35863, 35869, 35879, 35897, 35899, 35911, 35923, 35933, 35951,
36035963, 35969, 35977, 35983, 35993, 35999, 36007, 36011, 36013, 36017, 36037,
36136061, 36067, 36073, 36083, 36097, 36107, 36109, 36131, 36137, 36151, 36161,
36236187, 36191, 36209, 36217, 36229, 36241, 36251, 36263, 36269, 36277, 36293,
36336299, 36307, 36313, 36319, 36341, 36343, 36353, 36373, 36383, 36389, 36433,
36436451, 36457, 36467, 36469, 36473, 36479, 36493, 36497, 36523, 36527, 36529,
36536541, 36551, 36559, 36563, 36571, 36583, 36587, 36599, 36607, 36629, 36637,
36636643, 36653, 36671, 36677, 36683, 36691, 36697, 36709, 36713, 36721, 36739,
36736749, 36761, 36767, 36779, 36781, 36787, 36791, 36793, 36809, 36821, 36833,
36836847, 36857, 36871, 36877, 36887, 36899, 36901, 36913, 36919, 36923, 36929,
36936931, 36943, 36947, 36973, 36979, 36997, 37003, 37013, 37019, 37021, 37039,
37037049, 37057, 37061, 37087, 37097, 37117, 37123, 37139, 37159, 37171, 37181,
37137189, 37199, 37201, 37217, 37223, 37243, 37253, 37273, 37277, 37307, 37309,
37237313, 37321, 37337, 37339, 37357, 37361, 37363, 37369, 37379, 37397, 37409,
37337423, 37441, 37447, 37463, 37483, 37489, 37493, 37501, 37507, 37511, 37517,
37437529, 37537, 37547, 37549, 37561, 37567, 37571, 37573, 37579, 37589, 37591,
37537607, 37619, 37633, 37643, 37649, 37657, 37663, 37691, 37693, 37699, 37717,
37637747, 37781, 37783, 37799, 37811, 37813, 37831, 37847, 37853, 37861, 37871,
37737879, 37889, 37897, 37907, 37951, 37957, 37963, 37967, 37987, 37991, 37993,
37837997, 38011, 38039, 38047, 38053, 38069, 38083, 38113, 38119, 38149, 38153,
37938167, 38177, 38183, 38189, 38197, 38201, 38219, 38231, 38237, 38239, 38261,
38038273, 38281, 38287, 38299, 38303, 38317, 38321, 38327, 38329, 38333, 38351,
38138371, 38377, 38393, 38431, 38447, 38449, 38453, 38459, 38461, 38501, 38543,
38238557, 38561, 38567, 38569, 38593, 38603, 38609, 38611, 38629, 38639, 38651,
38338653, 38669, 38671, 38677, 38693, 38699, 38707, 38711, 38713, 38723, 38729,
38438737, 38747, 38749, 38767, 38783, 38791, 38803, 38821, 38833, 38839, 38851,
38538861, 38867, 38873, 38891, 38903, 38917, 38921, 38923, 38933, 38953, 38959,
38638971, 38977, 38993, 39019, 39023, 39041, 39043, 39047, 39079, 39089, 39097,
38739103, 39107, 39113, 39119, 39133, 39139, 39157, 39161, 39163, 39181, 39191,
38839199, 39209, 39217, 39227, 39229, 39233, 39239, 39241, 39251, 39293, 39301,
38939313, 39317, 39323, 39341, 39343, 39359, 39367, 39371, 39373, 39383, 39397,
39039409, 39419, 39439, 39443, 39451, 39461, 39499, 39503, 39509, 39511, 39521,
39139541, 39551, 39563, 39569, 39581, 39607, 39619, 39623, 39631, 39659, 39667,
39239671, 39679, 39703, 39709, 39719, 39727, 39733, 39749, 39761, 39769, 39779,
39339791, 39799, 39821, 39827, 39829, 39839, 39841, 39847, 39857, 39863, 39869,
39439877, 39883, 39887, 39901, 39929, 39937, 39953, 39971, 39979, 39983, 39989,
39540009, 40013, 40031, 40037, 40039, 40063, 40087, 40093, 40099, 40111, 40123,
39640127, 40129, 40151, 40153, 40163, 40169, 40177, 40189, 40193, 40213, 40231,
39740237, 40241, 40253, 40277, 40283, 40289, 40343, 40351, 40357, 40361, 40387,
39840423, 40427, 40429, 40433, 40459, 40471, 40483, 40487, 40493, 40499, 40507,
39940519, 40529, 40531, 40543, 40559, 40577, 40583, 40591, 40597, 40609, 40627,
40040637, 40639, 40693, 40697, 40699, 40709, 40739, 40751, 40759, 40763, 40771,
40140787, 40801, 40813, 40819, 40823, 40829, 40841, 40847, 40849, 40853, 40867,
40240879, 40883, 40897, 40903, 40927, 40933, 40939, 40949, 40961, 40973, 40993,
40341011, 41017, 41023, 41039, 41047, 41051, 41057, 41077, 41081, 41113, 41117,
40441131, 41141, 41143, 41149, 41161, 41177, 41179, 41183, 41189, 41201, 41203,
40541213, 41221, 41227, 41231, 41233, 41243, 41257, 41263, 41269, 41281, 41299,
40641333, 41341, 41351, 41357, 41381, 41387, 41389, 41399, 41411, 41413, 41443,
40741453, 41467, 41479, 41491, 41507, 41513, 41519, 41521, 41539, 41543, 41549,
40841579, 41593, 41597, 41603, 41609, 41611, 41617, 41621, 41627, 41641, 41647,
40941651, 41659, 41669, 41681, 41687, 41719, 41729, 41737, 41759, 41761, 41771,
41041777, 41801, 41809, 41813, 41843, 41849, 41851, 41863, 41879, 41887, 41893,
41141897, 41903, 41911, 41927, 41941, 41947, 41953, 41957, 41959, 41969, 41981,
41241983, 41999, 42013, 42017, 42019, 42023, 42043, 42061, 42071, 42073, 42083,
41342089, 42101, 42131, 42139, 42157, 42169, 42179, 42181, 42187, 42193, 42197,
41442209, 42221, 42223, 42227, 42239, 42257, 42281, 42283, 42293, 42299, 42307,
41542323, 42331, 42337, 42349, 42359, 42373, 42379, 42391, 42397, 42403, 42407,
41642409, 42433, 42437, 42443, 42451, 42457, 42461, 42463, 42467, 42473, 42487,
41742491, 42499, 42509, 42533, 42557, 42569, 42571, 42577, 42589, 42611, 42641,
41842643, 42649, 42667, 42677, 42683, 42689, 42697, 42701, 42703, 42709, 42719,
41942727, 42737, 42743, 42751, 42767, 42773, 42787, 42793, 42797, 42821, 42829,
42042839, 42841, 42853, 42859, 42863, 42899, 42901, 42923, 42929, 42937, 42943,
42142953, 42961, 42967, 42979, 42989, 43003, 43013, 43019, 43037, 43049, 43051,
42243063, 43067, 43093, 43103, 43117, 43133, 43151, 43159, 43177, 43189, 43201,
42343207, 43223, 43237, 43261, 43271, 43283, 43291, 43313, 43319, 43321, 43331,
42443391, 43397, 43399, 43403, 43411, 43427, 43441, 43451, 43457, 43481, 43487,
42543499, 43517, 43541, 43543, 43573, 43577, 43579, 43591, 43597, 43607, 43609,
42643613, 43627, 43633, 43649, 43651, 43661, 43669, 43691, 43711, 43717, 43721,
42743753, 43759, 43777, 43781, 43783, 43787, 43789, 43793, 43801, 43853, 43867,
42843889, 43891, 43913, 43933, 43943, 43951, 43961, 43963, 43969, 43973, 43987,
42943991, 43997, 44017, 44021, 44027, 44029, 44041, 44053, 44059, 44071, 44087,
43044089, 44101, 44111, 44119, 44123, 44129, 44131, 44159, 44171, 44179, 44189,
43144201, 44203, 44207, 44221, 44249, 44257, 44263, 44267, 44269, 44273, 44279,
43244281, 44293, 44351, 44357, 44371, 44381, 44383, 44389, 44417, 44449, 44453,
43344483, 44491, 44497, 44501, 44507, 44519, 44531, 44533, 44537, 44543, 44549,
43444563, 44579, 44587, 44617, 44621, 44623, 44633, 44641, 44647, 44651, 44657,
43544683, 44687, 44699, 44701, 44711, 44729, 44741, 44753, 44771, 44773, 44777,
43644789, 44797, 44809, 44819, 44839, 44843, 44851, 44867, 44879, 44887, 44893,
43744909, 44917, 44927, 44939, 44953, 44959, 44963, 44971, 44983, 44987, 45007,
43845013, 45053, 45061, 45077, 45083, 45119, 45121, 45127, 45131, 45137, 45139,
43945161, 45179, 45181, 45191, 45197, 45233, 45247, 45259, 45263, 45281, 45289,
44045293, 45307, 45317, 45319, 45329, 45337, 45341, 45343, 45361, 45377, 45389,
44145403, 45413, 45427, 45433, 45439, 45481, 45491, 45497, 45503, 45523, 45533,
44245541, 45553, 45557, 45569, 45587, 45589, 45599, 45613, 45631, 45641, 45659,
44345667, 45673, 45677, 45691, 45697, 45707, 45737, 45751, 45757, 45763, 45767,
44445779, 45817, 45821, 45823, 45827, 45833, 45841, 45853, 45863, 45869, 45887,
44545893, 45943, 45949, 45953, 45959, 45971, 45979, 45989, 46021, 46027, 46049,
44646051, 46061, 46073, 46091, 46093, 46099, 46103, 46133, 46141, 46147, 46153,
44746171, 46181, 46183, 46187, 46199, 46219, 46229, 46237, 46261, 46271, 46273,
44846279, 46301, 46307, 46309, 46327, 46337, 46349, 46351, 46381, 46399, 46411,
44946439, 46441, 46447, 46451, 46457, 46471, 46477, 46489, 46499, 46507, 46511,
45046523, 46549, 46559, 46567, 46573, 46589, 46591, 46601, 46619, 46633, 46639,
45146643, 46649, 46663, 46679, 46681, 46687, 46691, 46703, 46723, 46727, 46747,
45246751, 46757, 46769, 46771, 46807, 46811, 46817, 46819, 46829, 46831, 46853,
45346861, 46867, 46877, 46889, 46901, 46919, 46933, 46957, 46993, 46997, 47017,
45447041, 47051, 47057, 47059, 47087, 47093, 47111, 47119, 47123, 47129, 47137,
45547143, 47147, 47149, 47161, 47189, 47207, 47221, 47237, 47251, 47269, 47279,
45647287, 47293, 47297, 47303, 47309, 47317, 47339, 47351, 47353, 47363, 47381,
45747387, 47389, 47407, 47417, 47419, 47431, 47441, 47459, 47491, 47497, 47501,
45847507, 47513, 47521, 47527, 47533, 47543, 47563, 47569, 47581, 47591, 47599,
45947609, 47623, 47629, 47639, 47653, 47657, 47659, 47681, 47699, 47701, 47711,
46047713, 47717, 47737, 47741, 47743, 47777, 47779, 47791, 47797, 47807, 47809,
46147819, 47837, 47843, 47857, 47869, 47881, 47903, 47911, 47917, 47933, 47939,
46247947, 47951, 47963, 47969, 47977, 47981, 48017, 48023, 48029, 48049, 48073,
46348079, 48091, 48109, 48119, 48121, 48131, 48157, 48163, 48179, 48187, 48193,
46448197, 48221, 48239, 48247, 48259, 48271, 48281, 48299, 48311, 48313, 48337,
46548341, 48353, 48371, 48383, 48397, 48407, 48409, 48413, 48437, 48449, 48463,
46648473, 48479, 48481, 48487, 48491, 48497, 48523, 48527, 48533, 48539, 48541,
46748563, 48571, 48589, 48593, 48611, 48619, 48623, 48647, 48649, 48661, 48673,
46848677, 48679, 48731, 48733, 48751, 48757, 48761, 48767, 48779, 48781, 48787,
46948799, 48809, 48817, 48821, 48823, 48847, 48857, 48859, 48869, 48871, 48883,
47048889, 48907, 48947, 48953, 48973, 48989, 48991, 49003, 49009, 49019, 49031,
47149033, 49037, 49043, 49057, 49069, 49081, 49103, 49109, 49117, 49121, 49123,
47249139, 49157, 49169, 49171, 49177, 49193, 49199, 49201, 49207, 49211, 49223,
47349253, 49261, 49277, 49279, 49297, 49307, 49331, 49333, 49339, 49363, 49367,
47449369, 49391, 49393, 49409, 49411, 49417, 49429, 49433, 49451, 49459, 49463,
47549477, 49481, 49499, 49523, 49529, 49531, 49537, 49547, 49549, 49559, 49597,
47649603, 49613, 49627, 49633, 49639, 49663, 49667, 49669, 49681, 49697, 49711,
47749727, 49739, 49741, 49747, 49757, 49783, 49787, 49789, 49801, 49807, 49811,
47849823, 49831, 49843, 49853, 49871, 49877, 49891, 49919, 49921, 49927, 49937,
47949939, 49943, 49957, 49991, 49993, 49999, 50021, 50023, 50033, 50047, 50051,
48050053, 50069, 50077, 50087, 50093, 50101, 50111, 50119, 50123, 50129, 50131,
48150147, 50153, 50159, 50177, 50207, 50221, 50227, 50231, 50261, 50263, 50273,
48250287, 50291, 50311, 50321, 50329, 50333, 50341, 50359, 50363, 50377, 50383,
48350387, 50411, 50417, 50423, 50441, 50459, 50461, 50497, 50503, 50513, 50527,
48450539, 50543, 50549, 50551, 50581, 50587, 50591, 50593, 50599, 50627, 50647,
48550651, 50671, 50683, 50707, 50723, 50741, 50753, 50767, 50773, 50777, 50789,
48650821, 50833, 50839, 50849, 50857, 50867, 50873, 50891, 50893, 50909, 50923,
48750929, 50951, 50957, 50969, 50971, 50989, 50993, 51001, 51031, 51043, 51047,
48851059, 51061, 51071, 51109, 51131, 51133, 51137, 51151, 51157, 51169, 51193,
48951197, 51199, 51203, 51217, 51229, 51239, 51241, 51257, 51263, 51283, 51287,
49051307, 51329, 51341, 51343, 51347, 51349, 51361, 51383, 51407, 51413, 51419,
49151421, 51427, 51431, 51437, 51439, 51449, 51461, 51473, 51479, 51481, 51487,
49251503, 51511, 51517, 51521, 51539, 51551, 51563, 51577, 51581, 51593, 51599,
49351607, 51613, 51631, 51637, 51647, 51659, 51673, 51679, 51683, 51691, 51713,
49451719, 51721, 51749, 51767, 51769, 51787, 51797, 51803, 51817, 51827, 51829,
49551839, 51853, 51859, 51869, 51871, 51893, 51899, 51907, 51913, 51929, 51941,
49651949, 51971, 51973, 51977, 51991, 52009, 52021, 52027, 52051, 52057, 52067,
49752069, 52081, 52103, 52121, 52127, 52147, 52153, 52163, 52177, 52181, 52183,
49852189, 52201, 52223, 52237, 52249, 52253, 52259, 52267, 52289, 52291, 52301,
49952313, 52321, 52361, 52363, 52369, 52379, 52387, 52391, 52433, 52453, 52457,
50052489, 52501, 52511, 52517, 52529, 52541, 52543, 52553, 52561, 52567, 52571,
50152579, 52583, 52609, 52627, 52631, 52639, 52667, 52673, 52691, 52697, 52709,
50252711, 52721, 52727, 52733, 52747, 52757, 52769, 52783, 52807, 52813, 52817,
50352837, 52859, 52861, 52879, 52883, 52889, 52901, 52903, 52919, 52937, 52951,
50452957, 52963, 52967, 52973, 52981, 52999, 53003, 53017, 53047, 53051, 53069,
50553077, 53087, 53089, 53093, 53101, 53113, 53117, 53129, 53147, 53149, 53161,
50653171, 53173, 53189, 53197, 53201, 53231, 53233, 53239, 53267, 53269, 53279,
50753281, 53299, 53309, 53323, 53327, 53353, 53359, 53377, 53381, 53401, 53407,
50853411, 53419, 53437, 53441, 53453, 53479, 53503, 53507, 53527, 53549, 53551,
50953569, 53591, 53593, 53597, 53609, 53611, 53617, 53623, 53629, 53633, 53639,
51053653, 53657, 53681, 53693, 53699, 53717, 53719, 53731, 53759, 53773, 53777,
51153783, 53791, 53813, 53819, 53831, 53849, 53857, 53861, 53881, 53887, 53891,
51253897, 53899, 53917, 53923, 53927, 53939, 53951, 53959, 53987, 53993, 54001,
51354011, 54013, 54037, 54049, 54059, 54083, 54091, 54101, 54121, 54133, 54139,
51454151, 54163, 54167, 54181, 54193, 54217, 54251, 54269, 54277, 54287, 54293,
51554311, 54319, 54323, 54331, 54347, 54361, 54367, 54371, 54377, 54401, 54403,
51654409, 54413, 54419, 54421, 54437, 54443, 54449, 54469, 54493, 54497, 54499,
51754503, 54517, 54521, 54539, 54541, 54547, 54559, 54563, 54577, 54581, 54583,
51854601, 54617, 54623, 54629, 54631, 54647, 54667, 54673, 54679, 54709, 54713,
51954721, 54727, 54751, 54767, 54773, 54779, 54787, 54799, 54829, 54833, 54851,
52054869, 54877, 54881, 54907, 54917, 54919, 54941, 54949, 54959, 54973, 54979,
52154983, 55001, 55009, 55021, 55049, 55051, 55057, 55061, 55073, 55079, 55103,
52255109, 55117, 55127, 55147, 55163, 55171, 55201, 55207, 55213, 55217, 55219,
52355229, 55243, 55249, 55259, 55291, 55313, 55331, 55333, 55337, 55339, 55343,
52455351, 55373, 55381, 55399, 55411, 55439, 55441, 55457, 55469, 55487, 55501,
52555511, 55529, 55541, 55547, 55579, 55589, 55603, 55609, 55619, 55621, 55631,
52655633, 55639, 55661, 55663, 55667, 55673, 55681, 55691, 55697, 55711, 55717,
52755721, 55733, 55763, 55787, 55793, 55799, 55807, 55813, 55817, 55819, 55823,
52855829, 55837, 55843, 55849, 55871, 55889, 55897, 55901, 55903, 55921, 55927,
52955931, 55933, 55949, 55967, 55987, 55997, 56003, 56009, 56039, 56041, 56053,
53056081, 56087, 56093, 56099, 56101, 56113, 56123, 56131, 56149, 56167, 56171,
53156179, 56197, 56207, 56209, 56237, 56239, 56249, 56263, 56267, 56269, 56299,
53256311, 56333, 56359, 56369, 56377, 56383, 56393, 56401, 56417, 56431, 56437,
53356443, 56453, 56467, 56473, 56477, 56479, 56489, 56501, 56503, 56509, 56519,
53456527, 56531, 56533, 56543, 56569, 56591, 56597, 56599, 56611, 56629, 56633,
53556659, 56663, 56671, 56681, 56687, 56701, 56711, 56713, 56731, 56737, 56747,
53656767, 56773, 56779, 56783, 56807, 56809, 56813, 56821, 56827, 56843, 56857,
53756873, 56891, 56893, 56897, 56909, 56911, 56921, 56923, 56929, 56941, 56951,
53856957, 56963, 56983, 56989, 56993, 56999, 57037, 57041, 57047, 57059, 57073,
53957077, 57089, 57097, 57107, 57119, 57131, 57139, 57143, 57149, 57163, 57173,
54057179, 57191, 57193, 57203, 57221, 57223, 57241, 57251, 57259, 57269, 57271,
54157283, 57287, 57301, 57329, 57331, 57347, 57349, 57367, 57373, 57383, 57389,
54257397, 57413, 57427, 57457, 57467, 57487, 57493, 57503, 57527, 57529, 57557,
54357559, 57571, 57587, 57593, 57601, 57637, 57641, 57649, 57653, 57667, 57679,
54457689, 57697, 57709, 57713, 57719, 57727, 57731, 57737, 57751, 57773, 57781,
54557787, 57791, 57793, 57803, 57809, 57829, 57839, 57847, 57853, 57859, 57881,
54657899, 57901, 57917, 57923, 57943, 57947, 57973, 57977, 57991, 58013, 58027,
54758031, 58043, 58049, 58057, 58061, 58067, 58073, 58099, 58109, 58111, 58129,
54858147, 58151, 58153, 58169, 58171, 58189, 58193, 58199, 58207, 58211, 58217,
54958229, 58231, 58237, 58243, 58271, 58309, 58313, 58321, 58337, 58363, 58367,
55058369, 58379, 58391, 58393, 58403, 58411, 58417, 58427, 58439, 58441, 58451,
55158453, 58477, 58481, 58511, 58537, 58543, 58549, 58567, 58573, 58579, 58601,
55258603, 58613, 58631, 58657, 58661, 58679, 58687, 58693, 58699, 58711, 58727,
55358733, 58741, 58757, 58763, 58771, 58787, 58789, 58831, 58889, 58897, 58901,
55458907, 58909, 58913, 58921, 58937, 58943, 58963, 58967, 58979, 58991, 58997,
55559009, 59011, 59021, 59023, 59029, 59051, 59053, 59063, 59069, 59077, 59083,
55659093, 59107, 59113, 59119, 59123, 59141, 59149, 59159, 59167, 59183, 59197,
55759207, 59209, 59219, 59221, 59233, 59239, 59243, 59263, 59273, 59281, 59333,
55859341, 59351, 59357, 59359, 59369, 59377, 59387, 59393, 59399, 59407, 59417,
55959419, 59441, 59443, 59447, 59453, 59467, 59471, 59473, 59497, 59509, 59513,
56059539, 59557, 59561, 59567, 59581, 59611, 59617, 59621, 59627, 59629, 59651,
56159659, 59663, 59669, 59671, 59693, 59699, 59707, 59723, 59729, 59743, 59747,
56259753, 59771, 59779, 59791, 59797, 59809, 59833, 59863, 59879, 59887, 59921,
56359929, 59951, 59957, 59971, 59981, 59999, 60013, 60017, 60029, 60037, 60041,
56460077, 60083, 60089, 60091, 60101, 60103, 60107, 60127, 60133, 60139, 60149,
56560161, 60167, 60169, 60209, 60217, 60223, 60251, 60257, 60259, 60271, 60289,
56660293, 60317, 60331, 60337, 60343, 60353, 60373, 60383, 60397, 60413, 60427,
56760443, 60449, 60457, 60493, 60497, 60509, 60521, 60527, 60539, 60589, 60601,
56860607, 60611, 60617, 60623, 60631, 60637, 60647, 60649, 60659, 60661, 60679,
56960689, 60703, 60719, 60727, 60733, 60737, 60757, 60761, 60763, 60773, 60779,
57060793, 60811, 60821, 60859, 60869, 60887, 60889, 60899, 60901, 60913, 60917,
57160919, 60923, 60937, 60943, 60953, 60961, 61001, 61007, 61027, 61031, 61043,
57261051, 61057, 61091, 61099, 61121, 61129, 61141, 61151, 61153, 61169, 61211,
57361223, 61231, 61253, 61261, 61283, 61291, 61297, 61331, 61333, 61339, 61343,
57461357, 61363, 61379, 61381, 61403, 61409, 61417, 61441, 61463, 61469, 61471,
57561483, 61487, 61493, 61507, 61511, 61519, 61543, 61547, 61553, 61559, 61561,
57661583, 61603, 61609, 61613, 61627, 61631, 61637, 61643, 61651, 61657, 61667,
57761673, 61681, 61687, 61703, 61717, 61723, 61729, 61751, 61757, 61781, 61813,
57861819, 61837, 61843, 61861, 61871, 61879, 61909, 61927, 61933, 61949, 61961,
57961967, 61979, 61981, 61987, 61991, 62003, 62011, 62017, 62039, 62047, 62053,
58062057, 62071, 62081, 62099, 62119, 62129, 62131, 62137, 62141, 62143, 62171,
58162189, 62191, 62201, 62207, 62213, 62219, 62233, 62273, 62297, 62299, 62303,
58262311, 62323, 62327, 62347, 62351, 62383, 62401, 62417, 62423, 62459, 62467,
58362473, 62477, 62483, 62497, 62501, 62507, 62533, 62539, 62549, 62563, 62581,
58462591, 62597, 62603, 62617, 62627, 62633, 62639, 62653, 62659, 62683, 62687,
58562701, 62723, 62731, 62743, 62753, 62761, 62773, 62791, 62801, 62819, 62827,
58662851, 62861, 62869, 62873, 62897, 62903, 62921, 62927, 62929, 62939, 62969,
58762971, 62981, 62983, 62987, 62989, 63029, 63031, 63059, 63067, 63073, 63079,
58863097, 63103, 63113, 63127, 63131, 63149, 63179, 63197, 63199, 63211, 63241,
58963247, 63277, 63281, 63299, 63311, 63313, 63317, 63331, 63337, 63347, 63353,
59063361, 63367, 63377, 63389, 63391, 63397, 63409, 63419, 63421, 63439, 63443,
59163463, 63467, 63473, 63487, 63493, 63499, 63521, 63527, 63533, 63541, 63559,
59263577, 63587, 63589, 63599, 63601, 63607, 63611, 63617, 63629, 63647, 63649,
59363659, 63667, 63671, 63689, 63691, 63697, 63703, 63709, 63719, 63727, 63737,
59463743, 63761, 63773, 63781, 63793, 63799, 63803, 63809, 63823, 63839, 63841,
59563853, 63857, 63863, 63901, 63907, 63913, 63929, 63949, 63977, 63997, 64007,
59664013, 64019, 64033, 64037, 64063, 64067, 64081, 64091, 64109, 64123, 64151,
59764153, 64157, 64171, 64187, 64189, 64217, 64223, 64231, 64237, 64271, 64279,
59864283, 64301, 64303, 64319, 64327, 64333, 64373, 64381, 64399, 64403, 64433,
59964439, 64451, 64453, 64483, 64489, 64499, 64513, 64553, 64567, 64577, 64579,
60064591, 64601, 64609, 64613, 64621, 64627, 64633, 64661, 64663, 64667, 64679,
60164693, 64709, 64717, 64747, 64763, 64781, 64783, 64793, 64811, 64817, 64849,
60264853, 64871, 64877, 64879, 64891, 64901, 64919, 64921, 64927, 64937, 64951,
60364969, 64997, 65003, 65011, 65027, 65029, 65033, 65053, 65063, 65071, 65089,
60465099, 65101, 65111, 65119, 65123, 65129, 65141, 65147, 65167, 65171, 65173,
60565179, 65183, 65203, 65213, 65239, 65257, 65267, 65269, 65287, 65293, 65309,
60665323, 65327, 65353, 65357, 65371, 65381, 65393, 65407, 65413, 65419, 65423,
60765437, 65447, 65449, 65479, 65497, 65519, 65521, 0 };

Referenced by Botan::DL_Group::DL_Group(), is_prime(), and random_prime().

◆ STREEBOG_Ax

const uint64_t Botan::STREEBOG_Ax
extern

Definition at line 34 of file streebog_precalc.cpp.

35 {
36 {
37 0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL,
38 0x6ac1068fa186465bULL, 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL,
39 0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, 0xf14be6b78df36248ULL,
40 0xc585bd689a625cffULL, 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL,
41 0xb0833d48749f6c35ULL, 0xa1998c23b1ecbc7cULL, 0x8d70c431ac02a736ULL,
42 0xd6dfbc2fd0a8b69eULL, 0x37aeb3e551fa198bULL, 0x0b7d128a40b5cf9cULL,
43 0x5a8f2008b5780cbcULL, 0xedec882284e333e5ULL, 0xd25fc177d3c7c2ceULL,
44 0x5e0f5d50b61778ecULL, 0x1d873683c0c24cb9ULL, 0xad040bcbb45d208cULL,
45 0x2f89a0285b853c76ULL, 0x5732fff6791b8d58ULL, 0x3e9311439ef6ec3fULL,
46 0xc9183a809fd3c00fULL, 0x83adf3f5260a01eeULL, 0xa6791941f4e8ef10ULL,
47 0x103ae97d0ca1cd5dULL, 0x2ce948121dee1b4aULL, 0x39738421dbf2bf53ULL,
48 0x093da2a6cf0cf5b4ULL, 0xcd9847d89cbcb45fULL, 0xf9561c078b2d8ae8ULL,
49 0x9c6a755a6971777fULL, 0xbc1ebaa0712ef0c5ULL, 0x72e61542abf963a6ULL,
50 0x78bb5fde229eb12eULL, 0x14ba94250fceb90dULL, 0x844d6697630e5282ULL,
51 0x98ea08026a1e032fULL, 0xf06bbea144217f5cULL, 0xdb6263d11ccb377aULL,
52 0x641c314b2b8ee083ULL, 0x320e96ab9b4770cfULL, 0x1ee7deb986a96b85ULL,
53 0xe96cf57a878c47b5ULL, 0xfdd6615f8842feb8ULL, 0xc83862965601dd1bULL,
54 0x2ea9f83e92572162ULL, 0xf876441142ff97fcULL, 0xeb2c455608357d9dULL,
55 0x5612a7e0b0c9904cULL, 0x6c01cbfb2d500823ULL, 0x4548a6a7fa037a2dULL,
56 0xabc4c6bf388b6ef4ULL, 0xbade77d4fdf8bebdULL, 0x799b07c8eb4cac3aULL,
57 0x0c9d87e805b19cf0ULL, 0xcb588aac106afa27ULL, 0xea0c1d40c1e76089ULL,
58 0x2869354a1e816f1aULL, 0xff96d17307fbc490ULL, 0x9f0a9d602f1a5043ULL,
59 0x96373fc6e016a5f7ULL, 0x5292dab8b3a6e41cULL, 0x9b8ae0382c752413ULL,
60 0x4f15ec3b7364a8a5ULL, 0x3fb349555724f12bULL, 0xc7c50d4415db66d7ULL,
61 0x92b7429ee379d1a7ULL, 0xd37f99611a15dfdaULL, 0x231427c05e34a086ULL,
62 0xa439a96d7b51d538ULL, 0xb403401077f01865ULL, 0xdda2aea5901d7902ULL,
63 0x0a5d4a9c8967d288ULL, 0xc265280adf660f93ULL, 0x8bb0094520d4e94eULL,
64 0x2a29856691385532ULL, 0x42a833c5bf072941ULL, 0x73c64d54622b7eb2ULL,
65 0x07e095624504536cULL, 0x8a905153e906f45aULL, 0x6f6123c16b3b2f1fULL,
66 0xc6e55552dc097bc3ULL, 0x4468feb133d16739ULL, 0xe211e7f0c7398829ULL,
67 0xa2f96419f7879b40ULL, 0x19074bdbc3ad38e9ULL, 0xf4ebc3f9474e0b0cULL,
68 0x43886bd376d53455ULL, 0xd8028beb5aa01046ULL, 0x51f23282f5cdc320ULL,
69 0xe7b1c2be0d84e16dULL, 0x081dfab006dee8a0ULL, 0x3b33340d544b857bULL,
70 0x7f5bcabc679ae242ULL, 0x0edd37c48a08a6d8ULL, 0x81ed43d9a9b33bc6ULL,
71 0xb1a3655ebd4d7121ULL, 0x69a1eeb5e7ed6167ULL, 0xf6ab73d5c8f73124ULL,
72 0x1a67a3e185c61fd5ULL, 0x2dc91004d43c065eULL, 0x0240b02c8fb93a28ULL,
73 0x90f7f2b26cc0eb8fULL, 0x3cd3a16f114fd617ULL, 0xaae49ea9f15973e0ULL,
74 0x06c0cd748cd64e78ULL, 0xda423bc7d5192a6eULL, 0xc345701c16b41287ULL,
75 0x6d2193ede4821537ULL, 0xfcf639494190e3acULL, 0x7c3b228621f1c57eULL,
76 0xfb16ac2b0494b0c0ULL, 0xbf7e529a3745d7f9ULL, 0x6881b6a32e3f7c73ULL,
77 0xca78d2bad9b8e733ULL, 0xbbfe2fc2342aa3a9ULL, 0x0dbddffecc6381e4ULL,
78 0x70a6a56e2440598eULL, 0xe4d12a844befc651ULL, 0x8c509c2765d0ba22ULL,
79 0xee8c6018c28814d9ULL, 0x17da7c1f49a59e31ULL, 0x609c4c1328e194d3ULL,
80 0xb3e3d57232f44b09ULL, 0x91d7aaa4a512f69bULL, 0x0ffd6fd243dabbccULL,
81 0x50d26a943c1fde34ULL, 0x6be15e9968545b4fULL, 0x94778fea6faf9fdfULL,
82 0x2b09dd7058ea4826ULL, 0x677cd9716de5c7bfULL, 0x49d5214fffb2e6ddULL,
83 0x0360e83a466b273cULL, 0x1fc786af4f7b7691ULL, 0xa0b9d435783ea168ULL,
84 0xd49f0c035f118cb6ULL, 0x01205816c9d21d14ULL, 0xac2453dd7d8f3d98ULL,
85 0x545217cc3f70aa64ULL, 0x26b4028e9489c9c2ULL, 0xdec2469fd6765e3eULL,
86 0x04807d58036f7450ULL, 0xe5f17292823ddb45ULL, 0xf30b569b024a5860ULL,
87 0x62dcfc3fa758aefbULL, 0xe84cad6c4e5e5aa1ULL, 0xccb81fce556ea94bULL,
88 0x53b282ae7a74f908ULL, 0x1b47fbf74c1402c1ULL, 0x368eebf39828049fULL,
89 0x7afbeff2ad278b06ULL, 0xbe5e0a8cfe97caedULL, 0xcfd8f7f413058e77ULL,
90 0xf78b2bc301252c30ULL, 0x4d555c17fcdd928dULL, 0x5f2f05467fc565f8ULL,
91 0x24f4b2a21b30f3eaULL, 0x860dd6bbecb768aaULL, 0x4c750401350f8f99ULL,
92 0x0000000000000000ULL, 0xecccd0344d312ef1ULL, 0xb5231806be220571ULL,
93 0xc105c030990d28afULL, 0x653c695de25cfd97ULL, 0x159acc33c61ca419ULL,
94 0xb89ec7f872418495ULL, 0xa9847693b73254dcULL, 0x58cf90243ac13694ULL,
95 0x59efc832f3132b80ULL, 0x5c4fed7c39ae42c4ULL, 0x828dabe3efd81cfaULL,
96 0xd13f294d95ace5f2ULL, 0x7d1b7a90e823d86aULL, 0xb643f03cf849224dULL,
97 0x3df3f979d89dcb03ULL, 0x7426d836272f2ddeULL, 0xdfe21e891fa4432aULL,
98 0x3a136c1b9d99986fULL, 0xfa36f43dcd46add4ULL, 0xc025982650df35bbULL,
99 0x856d3e81aadc4f96ULL, 0xc4a5e57e53b041ebULL, 0x4708168b75ba4005ULL,
100 0xaf44bbe73be41aa4ULL, 0x971767d029c4b8e3ULL, 0xb9be9feebb939981ULL,
101 0x215497ecd18d9aaeULL, 0x316e7e91dd2c57f3ULL, 0xcef8afe2dad79363ULL,
102 0x3853dc371220a247ULL, 0x35ee03c9de4323a3ULL, 0xe6919aa8c456fc79ULL,
103 0xe05157dc4880b201ULL, 0x7bdbb7e464f59612ULL, 0x127a59518318f775ULL,
104 0x332ecebd52956ddbULL, 0x8f30741d23bb9d1eULL, 0xd922d3fd93720d52ULL,
105 0x7746300c61440ae2ULL, 0x25d4eab4d2e2eefeULL, 0x75068020eefd30caULL,
106 0x135a01474acaea61ULL, 0x304e268714fe4ae7ULL, 0xa519f17bb283c82cULL,
107 0xdc82f6b359cf6416ULL, 0x5baf781e7caa11a8ULL, 0xb2c38d64fb26561dULL,
108 0x34ce5bdf17913eb7ULL, 0x5d6fb56af07c5fd0ULL, 0x182713cd0a7f25fdULL,
109 0x9e2ac576e6c84d57ULL, 0x9aaab82ee5a73907ULL, 0xa3d93c0f3e558654ULL,
110 0x7e7b92aaae48ff56ULL, 0x872d8ead256575beULL, 0x41c8dbfff96c0e7dULL,
111 0x99ca5014a3cc1e3bULL, 0x40e883e930be1369ULL, 0x1ca76e95091051adULL,
112 0x4e35b42dbab6b5b1ULL, 0x05a0254ecabd6944ULL, 0xe1710fca8152af15ULL,
113 0xf22b0e8dcb984574ULL, 0xb763a82a319b3f59ULL, 0x63fca4296e8ab3efULL,
114 0x9d4a2d4ca0a36a6bULL, 0xe331bfe60eeb953dULL, 0xd5bf541596c391a2ULL,
115 0xf5cb9bef8e9c1618ULL, 0x46284e9dbc685d11ULL, 0x2074cffa185f87baULL,
116 0xbd3ee2b6b8fcedd1ULL, 0xae64e3f1f23607b0ULL, 0xfeb68965ce29d984ULL,
117 0x55724fdaf6a2b770ULL, 0x29496d5cd753720eULL, 0xa75941573d3af204ULL,
118 0x8e102c0bea69800aULL, 0x111ab16bc573d049ULL, 0xd7ffe439197aab8aULL,
119 0xefac380e0b5a09cdULL, 0x48f579593660fbc9ULL, 0x22347fd697e6bd92ULL,
120 0x61bc1405e13389c7ULL, 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL,
121 0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, 0x88d0e17f66bfce72ULL,
122 0x27945a985d5bd4d6ULL
123 },
124 {
125 0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL,
126 0x36d343cb8b1e9d85ULL, 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL,
127 0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, 0x85c3f77cf8593f80ULL,
128 0x3c91315fbe737cb2ULL, 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL,
129 0xc830c1c495c9fb0fULL, 0x981a76102086a0aaULL, 0xaa16012142f35760ULL,
130 0x35cc54060c763cf6ULL, 0x42907d66cc45db2dULL, 0x8203d44b965af4bcULL,
131 0x3d6f3cefc3a0e868ULL, 0xbc73ff69d292bda7ULL, 0x8722ed0102e20a29ULL,
132 0x8f8185e8cd34deb7ULL, 0x9b0561dda7ee01d9ULL, 0x5335a0193227fad6ULL,
133 0xc9cecc74e81a6fd5ULL, 0x54f5832e5c2431eaULL, 0x99e47ba05d553470ULL,
134 0xf7bee756acd226ceULL, 0x384e05a5571816fdULL, 0xd1367452a47d0e6aULL,
135 0xf29fde1c386ad85bULL, 0x320c77316275f7caULL, 0xd0c879e2d9ae9ab0ULL,
136 0xdb7406c69110ef5dULL, 0x45505e51a2461011ULL, 0xfc029872e46c5323ULL,
137 0xfa3cb6f5f7bc0cc5ULL, 0x031f17cd8768a173ULL, 0xbd8df2d9af41297dULL,
138 0x9d3b4f5ab43e5e3fULL, 0x4071671b36feee84ULL, 0x716207e7d3e3b83dULL,
139 0x48d20ff2f9283a1aULL, 0x27769eb4757cbc7eULL, 0x5c56ebc793f2e574ULL,
140 0xa48b474f9ef5dc18ULL, 0x52cbada94ff46e0cULL, 0x60c7da982d8199c6ULL,
141 0x0e9d466edc068b78ULL, 0x4eec2175eaf865fcULL, 0x550b8e9e21f7a530ULL,
142 0x6b7ba5bc653fec2bULL, 0x5eb7f1ba6949d0ddULL, 0x57ea94e3db4c9099ULL,
143 0xf640eae6d101b214ULL, 0xdd4a284182c0b0bbULL, 0xff1d8fbf6304f250ULL,
144 0xb8accb933bf9d7e8ULL, 0xe8867c478eb68c4dULL, 0x3f8e2692391bddc1ULL,
145 0xcb2fd60912a15a7cULL, 0xaec935dbab983d2fULL, 0xf55ffd2b56691367ULL,
146 0x80e2ce366ce1c115ULL, 0x179bf3f8edb27e1dULL, 0x01fe0db07dd394daULL,
147 0xda8a0b76ecc37b87ULL, 0x44ae53e1df9584cbULL, 0xb310b4b77347a205ULL,
148 0xdfab323c787b8512ULL, 0x3b511268d070b78eULL, 0x65e6e3d2b9396753ULL,
149 0x6864b271e2574d58ULL, 0x259784c98fc789d7ULL, 0x02e11a7dfabb35a9ULL,
150 0x8841a6dfa337158bULL, 0x7ade78c39b5dcdd0ULL, 0xb7cf804d9a2cc84aULL,
151 0x20b6bd831b7f7742ULL, 0x75bd331d3a88d272ULL, 0x418f6aab4b2d7a5eULL,
152 0xd9951cbb6babdaf4ULL, 0xb6318dfde7ff5c90ULL, 0x1f389b112264aa83ULL,
153 0x492c024284fbaec0ULL, 0xe33a0363c608f9a0ULL, 0x2688930408af28a4ULL,
154 0xc7538a1a341ce4adULL, 0x5da8e677ee2171aeULL, 0x8c9e92254a5c7fc4ULL,
155 0x63d8cd55aae938b5ULL, 0x29ebd8daa97a3706ULL, 0x959827b37be88aa1ULL,
156 0x1484e4356adadf6eULL, 0xa7945082199d7d6bULL, 0xbf6ce8a455fa1cd4ULL,
157 0x9cc542eac9edcae5ULL, 0x79c16f0e1c356ca3ULL, 0x89bfab6fdee48151ULL,
158 0xd4174d1830c5f0ffULL, 0x9258048415eb419dULL, 0x6139d72850520d1cULL,
159 0x6a85a80c18ec78f1ULL, 0xcd11f88e0171059aULL, 0xcceff53e7ca29140ULL,
160 0xd229639f2315af19ULL, 0x90b91ef9ef507434ULL, 0x5977d28d074a1be1ULL,
161 0x311360fce51d56b9ULL, 0xc093a92d5a1f2f91ULL, 0x1a19a25bb6dc5416ULL,
162 0xeb996b8a09de2d3eULL, 0xfee3820f1ed7668aULL, 0xd7085ad5b7ad518cULL,
163 0x7fff41890fe53345ULL, 0xec5948bd67dde602ULL, 0x2fd5f65dbaaa68e0ULL,
164 0xa5754affe32648c2ULL, 0xf8ddac880d07396cULL, 0x6fa491468c548664ULL,
165 0x0c7c5c1326bdbed1ULL, 0x4a33158f03930fb3ULL, 0x699abfc19f84d982ULL,
166 0xe4fa2054a80b329cULL, 0x6707f9af438252faULL, 0x08a368e9cfd6d49eULL,
167 0x47b1442c58fd25b8ULL, 0xbbb3dc5ebc91769bULL, 0x1665fe489061eac7ULL,
168 0x33f27a811fa66310ULL, 0x93a609346838d547ULL, 0x30ed6d4c98cec263ULL,
169 0x1dd9816cd8df9f2aULL, 0x94662a03063b1e7bULL, 0x83fdd9fbeb896066ULL,
170 0x7b207573e68e590aULL, 0x5f49fc0a149a4407ULL, 0x343259b671a5a82cULL,
171 0xfbc2bb458a6f981fULL, 0xc272b350a0a41a38ULL, 0x3aaf1fd8ada32354ULL,
172 0x6cbb868b0b3c2717ULL, 0xa2b569c88d2583feULL, 0xf180c9d1bf027928ULL,
173 0xaf37386bd64ba9f5ULL, 0x12bacab2790a8088ULL, 0x4c0d3b0810435055ULL,
174 0xb2eeb9070e9436dfULL, 0xc5b29067cea7d104ULL, 0xdcb425f1ff132461ULL,
175 0x4f122cc5972bf126ULL, 0xac282fa651230886ULL, 0xe7e537992f6393efULL,
176 0xe61b3a2952b00735ULL, 0x709c0a57ae302ce7ULL, 0xe02514ae416058d3ULL,
177 0xc44c9dd7b37445deULL, 0x5a68c5408022ba92ULL, 0x1c278cdca50c0bf0ULL,
178 0x6e5a9cf6f18712beULL, 0x86dce0b17f319ef3ULL, 0x2d34ec2040115d49ULL,
179 0x4bcd183f7e409b69ULL, 0x2815d56ad4a9a3dcULL, 0x24698979f2141d0dULL,
180 0x0000000000000000ULL, 0x1ec696a15fb73e59ULL, 0xd86b110b16784e2eULL,
181 0x8e7f8858b0e74a6dULL, 0x063e2e8713d05fe6ULL, 0xe2c40ed3bbdb6d7aULL,
182 0xb1f1aeca89fc97acULL, 0xe1db191e3cb3cc09ULL, 0x6418ee62c4eaf389ULL,
183 0xc6ad87aa49cf7077ULL, 0xd6f65765ca7ec556ULL, 0x9afb6c6dda3d9503ULL,
184 0x7ce05644888d9236ULL, 0x8d609f95378feb1eULL, 0x23a9aa4e9c17d631ULL,
185 0x6226c0e5d73aac6fULL, 0x56149953a69f0443ULL, 0xeeb852c09d66d3abULL,
186 0x2b0ac2a753c102afULL, 0x07c023376e03cb3cULL, 0x2ccae1903dc2c993ULL,
187 0xd3d76e2f5ec63bc3ULL, 0x9e2458973356ff4cULL, 0xa66a5d32644ee9b1ULL,
188 0x0a427294356de137ULL, 0x783f62be61e6f879ULL, 0x1344c70204d91452ULL,
189 0x5b96c8f0fdf12e48ULL, 0xa90916ecc59bf613ULL, 0xbe92e5142829880eULL,
190 0x727d102a548b194eULL, 0x1be7afebcb0fc0ccULL, 0x3e702b2244c8491bULL,
191 0xd5e940a84d166425ULL, 0x66f9f41f3e51c620ULL, 0xabe80c913f20c3baULL,
192 0xf07ec461c2d1edf2ULL, 0xf361d3ac45b94c81ULL, 0x0521394a94b8fe95ULL,
193 0xadd622162cf09c5cULL, 0xe97871f7f3651897ULL, 0xf4a1f09b2bba87bdULL,
194 0x095d6559b2054044ULL, 0x0bbc7f2448be75edULL, 0x2af4cf172e129675ULL,
195 0x157ae98517094bb4ULL, 0x9fda55274e856b96ULL, 0x914713499283e0eeULL,
196 0xb952c623462a4332ULL, 0x74433ead475b46a8ULL, 0x8b5eb112245fb4f8ULL,
197 0xa34b6478f0f61724ULL, 0x11a5dd7ffe6221fbULL, 0xc16da49d27ccbb4bULL,
198 0x76a224d0bde07301ULL, 0x8aa0bca2598c2022ULL, 0x4df336b86d90c48fULL,
199 0xea67663a740db9e4ULL, 0xef465f70e0b54771ULL, 0x39b008152acb8227ULL,
200 0x7d1e5bf4f55e06ecULL, 0x105bd0cf83b1b521ULL, 0x775c2960c033e7dbULL,
201 0x7e014c397236a79fULL, 0x811cc386113255cfULL, 0xeda7450d1a0e72d8ULL,
202 0x5889df3d7a998f3bULL, 0x2e2bfbedc779fc3aULL, 0xce0eef438619a4e9ULL,
203 0x372d4e7bf6cd095fULL, 0x04df34fae96b6a4fULL, 0xf923a13870d4adb6ULL,
204 0xa1aa7e050a4d228dULL, 0xa8f71b5cb84862c9ULL, 0xb52e9a306097fde3ULL,
205 0x0d8251a35b6e2a0bULL, 0x2257a7fee1c442ebULL, 0x73831d9a29588d94ULL,
206 0x51d4ba64c89ccf7fULL, 0x502ab7d4b54f5ba5ULL, 0x97793dce8153bf08ULL,
207 0xe5042de4d5d8a646ULL, 0x9687307efc802bd2ULL, 0xa05473b5779eb657ULL,
208 0xb4d097801d446939ULL, 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL,
209 0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, 0xba4dd1eec142e241ULL,
210 0xb00fa37af42f0376ULL
211 },
212 {
213 0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL,
214 0xd2fe0ec8c2355492ULL, 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL,
215 0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, 0x198a780f38f6ea9dULL,
216 0x2ab30c8f55ec48cbULL, 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL,
217 0x409c9a541358df11ULL, 0xd3ce8a56dfde3fe3ULL, 0xc3e9224312c8c1a0ULL,
218 0x0d6dfa58816ba507ULL, 0xddf3e1b179952777ULL, 0x04c02a42748bb1d9ULL,
219 0x94c2abff9f2decb8ULL, 0x4f91752da8f8acf4ULL, 0x78682befb169bf7bULL,
220 0xe1c77a48af2ff6c4ULL, 0x0c5d7ec69c80ce76ULL, 0x4cc1e4928fd81167ULL,
221 0xfeed3d24d9997b62ULL, 0x518bb6dfc3a54a23ULL, 0x6dbf2d26151f9b90ULL,
222 0xb5bc624b05ea664fULL, 0xe86aaa525acfe21aULL, 0x4801ced0fb53a0beULL,
223 0xc91463e6c00868edULL, 0x1027a815cd16fe43ULL, 0xf67069a0319204cdULL,
224 0xb04ccc976c8abce7ULL, 0xc0b9b3fc35e87c33ULL, 0xf380c77c58f2de65ULL,
225 0x50bb3241de4e2152ULL, 0xdf93f490435ef195ULL, 0xf1e0d25d62390887ULL,
226 0xaf668bfb1a3c3141ULL, 0xbc11b251f00a7291ULL, 0x73a5eed47e427d47ULL,
227 0x25bee3f6ee4c3b2eULL, 0x43cc0beb34786282ULL, 0xc824e778dde3039cULL,
228 0xf97d86d98a327728ULL, 0xf2b043e24519b514ULL, 0xe297ebf7880f4b57ULL,
229 0x3a94a49a98fab688ULL, 0x868516cb68f0c419ULL, 0xeffa11af0964ee50ULL,
230 0xa4ab4ec0d517f37dULL, 0xa9c6b498547c567aULL, 0x8e18424f80fbbbb6ULL,
231 0x0bcdc53bcf2bc23cULL, 0x137739aaea3643d0ULL, 0x2c1333ec1bac2ff0ULL,
232 0x8d48d3f0a7db0625ULL, 0x1e1ac3f26b5de6d7ULL, 0xf520f81f16b2b95eULL,
233 0x9f0f6ec450062e84ULL, 0x0130849e1deb6b71ULL, 0xd45e31ab8c7533a9ULL,
234 0x652279a2fd14e43fULL, 0x3209f01e70f1c927ULL, 0xbe71a770cac1a473ULL,
235 0x0e3d6be7a64b1894ULL, 0x7ec8148cff29d840ULL, 0xcb7476c7fac3be0fULL,
236 0x72956a4a63a91636ULL, 0x37f95ec21991138fULL, 0x9e3fea5a4ded45f5ULL,
237 0x7b38ba50964902e8ULL, 0x222e580bbde73764ULL, 0x61e253e0899f55e6ULL,
238 0xfc8d2805e352ad80ULL, 0x35994be3235ac56dULL, 0x09add01af5e014deULL,
239 0x5e8659a6780539c6ULL, 0xb17c48097161d796ULL, 0x026015213acbd6e2ULL,
240 0xd1ae9f77e515e901ULL, 0xb7dc776a3f21b0adULL, 0xaba6a1b96eb78098ULL,
241 0x9bcf4486248d9f5dULL, 0x582666c536455efdULL, 0xfdbdac9bfeb9c6f1ULL,
242 0xc47999be4163cdeaULL, 0x765540081722a7efULL, 0x3e548ed8ec710751ULL,
243 0x3d041f67cb51bac2ULL, 0x7958af71ac82d40aULL, 0x36c9da5c047a78feULL,
244 0xed9a048e33af38b2ULL, 0x26ee7249c96c86bdULL, 0x900281bdeba65d61ULL,
245 0x11172c8bd0fd9532ULL, 0xea0abf73600434f8ULL, 0x42fc8f75299309f3ULL,
246 0x34a9cf7d3eb1ae1cULL, 0x2b838811480723baULL, 0x5ce64c8742ceef24ULL,
247 0x1adae9b01fd6570eULL, 0x3c349bf9d6bad1b3ULL, 0x82453c891c7b75c0ULL,
248 0x97923a40b80d512bULL, 0x4a61dbf1c198765cULL, 0xb48ce6d518010d3eULL,
249 0xcfb45c858e480fd6ULL, 0xd933cbf30d1e96aeULL, 0xd70ea014ab558e3aULL,
250 0xc189376228031742ULL, 0x9262949cd16d8b83ULL, 0xeb3a3bed7def5f89ULL,
251 0x49314a4ee6b8cbcfULL, 0xdcc3652f647e4c06ULL, 0xda635a4c2a3e2b3dULL,
252 0x470c21a940f3d35bULL, 0x315961a157d174b4ULL, 0x6672e81dda3459acULL,
253 0x5b76f77a1165e36eULL, 0x445cb01667d36ec8ULL, 0xc5491d205c88a69bULL,
254 0x456c34887a3805b9ULL, 0xffddb9bac4721013ULL, 0x99af51a71e4649bfULL,
255 0xa15be01cbc7729d5ULL, 0x52db2760e485f7b0ULL, 0x8c78576eba306d54ULL,
256 0xae560f6507d75a30ULL, 0x95f22f6182c687c9ULL, 0x71c5fbf54489aba5ULL,
257 0xca44f259e728d57eULL, 0x88b87d2ccebbdc8dULL, 0xbab18d32be4a15aaULL,
258 0x8be8ec93e99b611eULL, 0x17b713e89ebdf209ULL, 0xb31c5d284baa0174ULL,
259 0xeeca9531148f8521ULL, 0xb8d198138481c348ULL, 0x8988f9b2d350b7fcULL,
260 0xb9e11c8d996aa839ULL, 0x5a4673e40c8e881fULL, 0x1687977683569978ULL,
261 0xbf4123eed72acf02ULL, 0x4ea1f1b3b513c785ULL, 0xe767452be16f91ffULL,
262 0x7505d1b730021a7cULL, 0xa59bca5ec8fc980cULL, 0xad069eda20f7e7a3ULL,
263 0x38f4b1bba231606aULL, 0x60d2d77e94743e97ULL, 0x9affc0183966f42cULL,
264 0x248e6768f3a7505fULL, 0xcdd449a4b483d934ULL, 0x87b59255751baf68ULL,
265 0x1bea6d2e023d3c7fULL, 0x6b1f12455b5ffcabULL, 0x743555292de9710dULL,
266 0xd8034f6d10f5fddfULL, 0xc6198c9f7ba81b08ULL, 0xbb8109aca3a17edbULL,
267 0xfa2d1766ad12cabbULL, 0xc729080166437079ULL, 0x9c5fff7b77269317ULL,
268 0x0000000000000000ULL, 0x15d706c9a47624ebULL, 0x6fdf38072fd44d72ULL,
269 0x5fb6dd3865ee52b7ULL, 0xa33bf53d86bcff37ULL, 0xe657c1b5fc84fa8eULL,
270 0xaa962527735cebe9ULL, 0x39c43525bfda0b1bULL, 0x204e4d2a872ce186ULL,
271 0x7a083ece8ba26999ULL, 0x554b9c9db72efbfaULL, 0xb22cd9b656416a05ULL,
272 0x96a2bedea5e63a5aULL, 0x802529a826b0a322ULL, 0x8115ad363b5bc853ULL,
273 0x8375b81701901eb1ULL, 0x3069e53f4a3a1fc5ULL, 0xbd2136cfede119e0ULL,
274 0x18bafc91251d81ecULL, 0x1d4a524d4c7d5b44ULL, 0x05f0aedc6960daa8ULL,
275 0x29e39d3072ccf558ULL, 0x70f57f6b5962c0d4ULL, 0x989fd53903ad22ceULL,
276 0xf84d024797d91c59ULL, 0x547b1803aac5908bULL, 0xf0d056c37fd263f6ULL,
277 0xd56eb535919e58d8ULL, 0x1c7ad6d351963035ULL, 0x2e7326cd2167f912ULL,
278 0xac361a443d1c8cd2ULL, 0x697f076461942a49ULL, 0x4b515f6fdc731d2dULL,
279 0x8ad8680df4700a6fULL, 0x41ac1eca0eb3b460ULL, 0x7d988533d80965d3ULL,
280 0xa8f6300649973d0bULL, 0x7765c4960ac9cc9eULL, 0x7ca801adc5e20ea2ULL,
281 0xdea3700e5eb59ae4ULL, 0xa06b6482a19c42a4ULL, 0x6a2f96db46b497daULL,
282 0x27def6d7d487edccULL, 0x463ca5375d18b82aULL, 0xa6cb5be1efdc259fULL,
283 0x53eba3fef96e9cc1ULL, 0xce84d81b93a364a7ULL, 0xf4107c810b59d22fULL,
284 0x333974806d1aa256ULL, 0x0f0def79bba073e5ULL, 0x231edc95a00c5c15ULL,
285 0xe437d494c64f2c6cULL, 0x91320523f64d3610ULL, 0x67426c83c7df32ddULL,
286 0x6eefbc99323f2603ULL, 0x9d6f7be56acdf866ULL, 0x5916e25b2bae358cULL,
287 0x7ff89012e2c2b331ULL, 0x035091bf2720bd93ULL, 0x561b0d22900e4669ULL,
288 0x28d319ae6f279e29ULL, 0x2f43a2533c8c9263ULL, 0xd09e1be9f8fe8270ULL,
289 0xf740ed3e2c796fbcULL, 0xdb53ded237d5404cULL, 0x62b2c25faebfe875ULL,
290 0x0afd41a5d2c0a94dULL, 0x6412fd3ce0ff8f4eULL, 0xe3a76f6995e42026ULL,
291 0x6c8fa9b808f4f0e1ULL, 0xc2d9a6dd0f23aad1ULL, 0x8f28c6d19d10d0c7ULL,
292 0x85d587744fd0798aULL, 0xa20b71a39b579446ULL, 0x684f83fa7c7f4138ULL,
293 0xe507500adba4471dULL, 0x3f640a46f19a6c20ULL, 0x1247bd34f7dd28a1ULL,
294 0x2d23b77206474481ULL, 0x93521002cc86e0f2ULL, 0x572b89bc8de52d18ULL,
295 0xfb1d93f8b0f9a1caULL, 0xe95a2ecc4724896bULL, 0x3ba420048511ddf9ULL,
296 0xd63e248ab6bee54bULL, 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL,
297 0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, 0xecaa80102e4453c3ULL,
298 0x14e78257b99d4f9aULL
299 },
300 {
301 0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL,
302 0x8266a47b850dfa8bULL, 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL,
303 0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, 0xbc20180a800bc5f8ULL,
304 0xb4a2f701b2dc65beULL, 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL,
305 0x42cad9930f0a4195ULL, 0xefa47b64aacccd20ULL, 0x71180a8960409a42ULL,
306 0x8bb3329bf6a44e0cULL, 0xd34c35de2d36daccULL, 0xa92f5b7cbc23dc96ULL,
307 0xb31a85aa68bb09c3ULL, 0x13e04836a73161d2ULL, 0xb24dfc4129c51d02ULL,
308 0x8ae44b70b7da5acdULL, 0xe671ed84d96579a7ULL, 0xa4bb3417d66f3832ULL,
309 0x4572ab38d56d2de8ULL, 0xb1b47761ea47215cULL, 0xe81c09cf70aba15dULL,
310 0xffbdb872ce7f90acULL, 0xa8782297fd5dc857ULL, 0x0d946f6b6a4ce4a4ULL,
311 0xe4df1f4f5b995138ULL, 0x9ebc71edca8c5762ULL, 0x0a2c1dc0b02b88d9ULL,
312 0x3b503c115d9d7b91ULL, 0xc64376a8111ec3a2ULL, 0xcec199a323c963e4ULL,
313 0xdc76a87ec58616f7ULL, 0x09d596e073a9b487ULL, 0x14583a9d7d560dafULL,
314 0xf4c6dc593f2a0cb4ULL, 0xdd21d19584f80236ULL, 0x4a4836983ddde1d3ULL,
315 0xe58866a41ae745f9ULL, 0xf591a5b27e541875ULL, 0x891dc05074586693ULL,
316 0x5b068c651810a89eULL, 0xa30346bc0c08544fULL, 0x3dbf3751c684032dULL,
317 0x2a1e86ec785032dcULL, 0xf73f5779fca830eaULL, 0xb60c05ca30204d21ULL,
318 0x0cc316802b32f065ULL, 0x8770241bdd96be69ULL, 0xb861e18199ee95dbULL,
319 0xf805cad91418fcd1ULL, 0x29e70dccbbd20e82ULL, 0xc7140f435060d763ULL,
320 0x0f3a9da0e8b0cc3bULL, 0xa2543f574d76408eULL, 0xbd7761e1c175d139ULL,
321 0x4b1f4f737ca3f512ULL, 0x6dc2df1f2fc137abULL, 0xf1d05c3967b14856ULL,
322 0xa742bf3715ed046cULL, 0x654030141d1697edULL, 0x07b872abda676c7dULL,
323 0x3ce84eba87fa17ecULL, 0xc1fb0403cb79afdfULL, 0x3e46bc7105063f73ULL,
324 0x278ae987121cd678ULL, 0xa1adb4778ef47cd0ULL, 0x26dd906c5362c2b9ULL,
325 0x05168060589b44e2ULL, 0xfbfc41f9d79ac08fULL, 0x0e6de44ba9ced8faULL,
326 0x9feb08068bf243a3ULL, 0x7b341749d06b129bULL, 0x229c69e74a87929aULL,
327 0xe09ee6c4427c011bULL, 0x5692e30e725c4c3aULL, 0xda99a33e5e9f6e4bULL,
328 0x353dd85af453a36bULL, 0x25241b4c90e0fee7ULL, 0x5de987258309d022ULL,
329 0xe230140fc0802984ULL, 0x93281e86a0c0b3c6ULL, 0xf229d719a4337408ULL,
330 0x6f6c2dd4ad3d1f34ULL, 0x8ea5b2fbae3f0aeeULL, 0x8331dd90c473ee4aULL,
331 0x346aa1b1b52db7aaULL, 0xdf8f235e06042aa9ULL, 0xcc6f6b68a1354b7bULL,
332 0x6c95a6f46ebf236aULL, 0x52d31a856bb91c19ULL, 0x1a35ded6d498d555ULL,
333 0xf37eaef2e54d60c9ULL, 0x72e181a9a3c2a61cULL, 0x98537aad51952fdeULL,
334 0x16f6c856ffaa2530ULL, 0xd960281e9d1d5215ULL, 0x3a0745fa1ce36f50ULL,
335 0x0b7b642bf1559c18ULL, 0x59a87eae9aec8001ULL, 0x5e100c05408bec7cULL,
336 0x0441f98b19e55023ULL, 0xd70dcc5534d38aefULL, 0x927f676de1bea707ULL,
337 0x9769e70db925e3e5ULL, 0x7a636ea29115065aULL, 0x468b201816ef11b6ULL,
338 0xab81a9b73edff409ULL, 0xc0ac7de88a07bb1eULL, 0x1f235eb68c0391b7ULL,
339 0x6056b074458dd30fULL, 0xbe8eeac102f7ed67ULL, 0xcd381283e04b5fbaULL,
340 0x5cbefecec277c4e3ULL, 0xd21b4c356c48ce0dULL, 0x1019c31664b35d8cULL,
341 0x247362a7d19eea26ULL, 0xebe582efb3299d03ULL, 0x02aef2cb82fc289fULL,
342 0x86275df09ce8aaa8ULL, 0x28b07427faac1a43ULL, 0x38a9b7319e1f47cfULL,
343 0xc82e92e3b8d01b58ULL, 0x06ef0b409b1978bcULL, 0x62f842bfc771fb90ULL,
344 0x9904034610eb3b1fULL, 0xded85ab5477a3e68ULL, 0x90d195a663428f98ULL,
345 0x5384636e2ac708d8ULL, 0xcbd719c37b522706ULL, 0xae9729d76644b0ebULL,
346 0x7c8c65e20a0c7ee6ULL, 0x80c856b007f1d214ULL, 0x8c0b40302cc32271ULL,
347 0xdbcedad51fe17a8aULL, 0x740e8ae938dbdea0ULL, 0xa615c6dc549310adULL,
348 0x19cc55f6171ae90bULL, 0x49b1bdb8fe5fdd8dULL, 0xed0a89af2830e5bfULL,
349 0x6a7aadb4f5a65bd6ULL, 0x7e22972988f05679ULL, 0xf952b3325566e810ULL,
350 0x39fecedadf61530eULL, 0x6101c99f04f3c7ceULL, 0x2e5f7f6761b562ffULL,
351 0xf08725d226cf5c97ULL, 0x63af3b54860fef51ULL, 0x8ff2cb10ef411e2fULL,
352 0x884ab9bb35267252ULL, 0x4df04433e7ba8daeULL, 0x9afd8866d3690741ULL,
353 0x66b9bb34de94abb3ULL, 0x9baaf18d92171380ULL, 0x543c11c5f0a064a5ULL,
354 0x17a1b1bdbed431f1ULL, 0xb5f58eeaf3a2717fULL, 0xc355f6c849858740ULL,
355 0xec5df044694ef17eULL, 0xd83751f5dc6346d4ULL, 0xfc4433520dfdacf2ULL,
356 0x0000000000000000ULL, 0x5a51f58e596ebc5fULL, 0x3285aaf12e34cf16ULL,
357 0x8d5c39db6dbd36b0ULL, 0x12b731dde64f7513ULL, 0x94906c2d7aa7dfbbULL,
358 0x302b583aacc8e789ULL, 0x9d45facd090e6b3cULL, 0x2165e2c78905aec4ULL,
359 0x68d45f7f775a7349ULL, 0x189b2c1d5664fdcaULL, 0xe1c99f2f030215daULL,
360 0x6983269436246788ULL, 0x8489af3b1e148237ULL, 0xe94b702431d5b59cULL,
361 0x33d2d31a6f4adbd7ULL, 0xbfd9932a4389f9a6ULL, 0xb0e30e8aab39359dULL,
362 0xd1e2c715afcaf253ULL, 0x150f43763c28196eULL, 0xc4ed846393e2eb3dULL,
363 0x03f98b20c3823c5eULL, 0xfd134ab94c83b833ULL, 0x556b682eb1de7064ULL,
364 0x36c4537a37d19f35ULL, 0x7559f30279a5ca61ULL, 0x799ae58252973a04ULL,
365 0x9c12832648707ffdULL, 0x78cd9c6913e92ec5ULL, 0x1d8dac7d0effb928ULL,
366 0x439da0784e745554ULL, 0x413352b3cc887dcbULL, 0xbacf134a1b12bd44ULL,
367 0x114ebafd25cd494dULL, 0x2f08068c20cb763eULL, 0x76a07822ba27f63fULL,
368 0xeab2fb04f25789c2ULL, 0xe3676de481fe3d45ULL, 0x1b62a73d95e6c194ULL,
369 0x641749ff5c68832cULL, 0xa5ec4dfc97112cf3ULL, 0xf6682e92bdd6242bULL,
370 0x3f11c59a44782bb2ULL, 0x317c21d1edb6f348ULL, 0xd65ab5be75ad9e2eULL,
371 0x6b2dd45fb4d84f17ULL, 0xfaab381296e4d44eULL, 0xd0b5befeeeb4e692ULL,
372 0x0882ef0b32d7a046ULL, 0x512a91a5a83b2047ULL, 0x963e9ee6f85bf724ULL,
373 0x4e09cf132438b1f0ULL, 0x77f701c9fb59e2feULL, 0x7ddb1c094b726a27ULL,
374 0x5f4775ee01f5f8bdULL, 0x9186ec4d223c9b59ULL, 0xfeeac1998f01846dULL,
375 0xac39db1ce4b89874ULL, 0xb75b7c21715e59e0ULL, 0xafc0503c273aa42aULL,
376 0x6e3b543fec430bf5ULL, 0x704f7362213e8e83ULL, 0x58ff0745db9294c0ULL,
377 0x67eec2df9feabf72ULL, 0xa0facd9ccf8a6811ULL, 0xb936986ad890811aULL,
378 0x95c715c63bd9cb7aULL, 0xca8060283a2c33c7ULL, 0x507de84ee9453486ULL,
379 0x85ded6d05f6a96f6ULL, 0x1cdad5964f81ade9ULL, 0xd5a33e9eb62fa270ULL,
380 0x40642b588df6690aULL, 0x7f75eec2c98e42b8ULL, 0x2cf18dace3494a60ULL,
381 0x23cb100c0bf9865bULL, 0xeef3028febb2d9e1ULL, 0x4425d2d394133929ULL,
382 0xaad6d05c7fa1e0c8ULL, 0xad6ea2f7a5c68cb5ULL, 0xc2028f2308fb9381ULL,
383 0x819f2f5b468fc6d5ULL, 0xc5bafd88d29cfffcULL, 0x47dc59f357910577ULL,
384 0x2b49ff07392e261dULL, 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL,
385 0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, 0x015779eb417e14c1ULL,
386 0x37932a9176af8bf4ULL
387 },
388 {
389 0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL,
390 0x330b7ba4d5564d9fULL, 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL,
391 0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, 0x10ed0a1825438f96ULL,
392 0x516101f72c233d17ULL, 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL,
393 0x653793d90d3f5b1bULL, 0x5240647b96b0fc2fULL, 0x0c84890ad27623e0ULL,
394 0xd7189b32703aaea3ULL, 0x2685de3523bd9c41ULL, 0x99317c5b11bffefaULL,
395 0x0d9baa854f079703ULL, 0x70b93648fbd48ac5ULL, 0xa80441fce30bc6beULL,
396 0x7287704bdc36ff1eULL, 0xb65384ed33dc1f13ULL, 0xd36417343ee34408ULL,
397 0x39cd38ab6e1bf10fULL, 0x5ab861770a1f3564ULL, 0x0ebacf09f594563bULL,
398 0xd04572b884708530ULL, 0x3cae9722bdb3af47ULL, 0x4a556b6f2f5cbaf2ULL,
399 0xe1704f1f76c4bd74ULL, 0x5ec4ed7144c6dfcfULL, 0x16afc01d4c7810e6ULL,
400 0x283f113cd629ca7aULL, 0xaf59a8761741ed2dULL, 0xeed5a3991e215facULL,
401 0x3bf37ea849f984d4ULL, 0xe413e096a56ce33cULL, 0x2c439d3a98f020d1ULL,
402 0x637559dc6404c46bULL, 0x9e6c95d1e5f5d569ULL, 0x24bb9836045fe99aULL,
403 0x44efa466dac8ecc9ULL, 0xc6eab2a5c80895d6ULL, 0x803b50c035220cc4ULL,
404 0x0321658cba93c138ULL, 0x8f9ebc465dc7ee1cULL, 0xd15a5137190131d3ULL,
405 0x0fa5ec8668e5e2d8ULL, 0x91c979578d1037b1ULL, 0x0642ca05693b9f70ULL,
406 0xefca80168350eb4fULL, 0x38d21b24f36a45ecULL, 0xbeab81e1af73d658ULL,
407 0x8cbfd9cae7542f24ULL, 0xfd19cc0d81f11102ULL, 0x0ac6430fbb4dbc90ULL,
408 0x1d76a09d6a441895ULL, 0x2a01573ff1cbbfa1ULL, 0xb572e161894fde2bULL,
409 0x8124734fa853b827ULL, 0x614b1fdf43e6b1b0ULL, 0x68ac395c4238cc18ULL,
410 0x21d837bfd7f7b7d2ULL, 0x20c714304a860331ULL, 0x5cfaab726324aa14ULL,
411 0x74c5ba4eb50d606eULL, 0xf3a3030474654739ULL, 0x23e671bcf015c209ULL,
412 0x45f087e947b9582aULL, 0xd8bd77b418df4c7bULL, 0xe06f6c90ebb50997ULL,
413 0x0bd96080263c0873ULL, 0x7e03f9410e40dcfeULL, 0xb8e94be4c6484928ULL,
414 0xfb5b0608e8ca8e72ULL, 0x1a2b49179e0e3306ULL, 0x4e29e76961855059ULL,
415 0x4f36c4e6fcf4e4baULL, 0x49740ee395cf7bcaULL, 0xc2963ea386d17f7dULL,
416 0x90d65ad810618352ULL, 0x12d34c1b02a1fa4dULL, 0xfa44258775bb3a91ULL,
417 0x18150f14b9ec46ddULL, 0x1491861e6b9a653dULL, 0x9a1019d7ab2c3fc2ULL,
418 0x3668d42d06fe13d7ULL, 0xdcc1fbb25606a6d0ULL, 0x969490dd795a1c22ULL,
419 0x3549b1a1bc6dd2efULL, 0xc94f5e23a0ed770eULL, 0xb9f6686b5b39fdcbULL,
420 0xc4d4f4a6efeae00dULL, 0xe732851a1fff2204ULL, 0x94aad6de5eb869f9ULL,
421 0x3f8ff2ae07206e7fULL, 0xfe38a9813b62d03aULL, 0xa7a1ad7a8bee2466ULL,
422 0x7b6056c8dde882b6ULL, 0x302a1e286fc58ca7ULL, 0x8da0fa457a259bc7ULL,
423 0xb3302b64e074415bULL, 0x5402ae7eff8b635fULL, 0x08f8050c9cafc94bULL,
424 0xae468bf98a3059ceULL, 0x88c355cca98dc58fULL, 0xb10e6d67c7963480ULL,
425 0xbad70de7e1aa3cf3ULL, 0xbfb4a26e320262bbULL, 0xcb711820870f02d5ULL,
426 0xce12b7a954a75c9dULL, 0x563ce87dd8691684ULL, 0x9f73b65e7884618aULL,
427 0x2b1e74b06cba0b42ULL, 0x47cec1ea605b2df1ULL, 0x1c698312f735ac76ULL,
428 0x5fdbcefed9b76b2cULL, 0x831a354c8fb1cdfcULL, 0x820516c312c0791fULL,
429 0xb74ca762aeadabf0ULL, 0xfc06ef821c80a5e1ULL, 0x5723cbf24518a267ULL,
430 0x9d4df05d5f661451ULL, 0x588627742dfd40bfULL, 0xda8331b73f3d39a0ULL,
431 0x17b0e392d109a405ULL, 0xf965400bcf28fba9ULL, 0x7c3dbf4229a2a925ULL,
432 0x023e460327e275dbULL, 0x6cd0b55a0ce126b3ULL, 0xe62da695828e96e7ULL,
433 0x42ad6e63b3f373b9ULL, 0xe50cc319381d57dfULL, 0xc5cbd729729b54eeULL,
434 0x46d1e265fd2a9912ULL, 0x6428b056904eeff8ULL, 0x8be23040131e04b7ULL,
435 0x6709d5da2add2ec0ULL, 0x075de98af44a2b93ULL, 0x8447dcc67bfbe66fULL,
436 0x6616f655b7ac9a23ULL, 0xd607b8bded4b1a40ULL, 0x0563af89d3a85e48ULL,
437 0x3db1b4ad20c21ba4ULL, 0x11f22997b8323b75ULL, 0x292032b34b587e99ULL,
438 0x7f1cdace9331681dULL, 0x8e819fc9c0b65affULL, 0xa1e3677fe2d5bb16ULL,
439 0xcd33d225ee349da5ULL, 0xd9a2543b85aef898ULL, 0x795e10cbfa0af76dULL,
440 0x25a4bbb9992e5d79ULL, 0x78413344677b438eULL, 0xf0826688cef68601ULL,
441 0xd27b34bba392f0ebULL, 0x551d8df162fad7bcULL, 0x1e57c511d0d7d9adULL,
442 0xdeffbdb171e4d30bULL, 0xf4feea8e802f6caaULL, 0xa480c8f6317de55eULL,
443 0xa0fc44f07fa40ff5ULL, 0x95b5f551c3c9dd1aULL, 0x22f952336d6476eaULL,
444 0x0000000000000000ULL, 0xa6be8ef5169f9085ULL, 0xcc2cf1aa73452946ULL,
445 0x2e7ddb39bf12550aULL, 0xd526dd3157d8db78ULL, 0x486b2d6c08becf29ULL,
446 0x9b0f3a58365d8b21ULL, 0xac78cdfaadd22c15ULL, 0xbc95c7e28891a383ULL,
447 0x6a927f5f65dab9c3ULL, 0xc3891d2c1ba0cb9eULL, 0xeaa92f9f50f8b507ULL,
448 0xcf0d9426c9d6e87eULL, 0xca6e3baf1a7eb636ULL, 0xab25247059980786ULL,
449 0x69b31ad3df4978fbULL, 0xe2512a93cc577c4cULL, 0xff278a0ea61364d9ULL,
450 0x71a615c766a53e26ULL, 0x89dc764334fc716cULL, 0xf87a638452594f4aULL,
451 0xf2bc208be914f3daULL, 0x8766b94ac1682757ULL, 0xbbc82e687cdb8810ULL,
452 0x626a7a53f9757088ULL, 0xa2c202f358467a2eULL, 0x4d0882e5db169161ULL,
453 0x09e7268301de7da8ULL, 0xe897699c771ac0dcULL, 0xc8507dac3d9cc3edULL,
454 0xc0a878a0a1330aa6ULL, 0x978bb352e42ba8c1ULL, 0xe9884a13ea6b743fULL,
455 0x279afdbabecc28a2ULL, 0x047c8c064ed9eaabULL, 0x507e2278b15289f4ULL,
456 0x599904fbb08cf45cULL, 0xbd8ae46d15e01760ULL, 0x31353da7f2b43844ULL,
457 0x8558ff49e68a528cULL, 0x76fbfc4d92ef15b5ULL, 0x3456922e211c660cULL,
458 0x86799ac55c1993b4ULL, 0x3e90d1219a51da9cULL, 0x2d5cbeb505819432ULL,
459 0x982e5fd48cce4a19ULL, 0xdb9c1238a24c8d43ULL, 0xd439febecaa96f9bULL,
460 0x418c0bef0960b281ULL, 0x158ea591f6ebd1deULL, 0x1f48e69e4da66d4eULL,
461 0x8afd13cf8e6fb054ULL, 0xf5e1c9011d5ed849ULL, 0xe34e091c5126c8afULL,
462 0xad67ee7530a398f6ULL, 0x43b24dec2e82c75aULL, 0x75da99c1287cd48dULL,
463 0x92e81cdb3783f689ULL, 0xa3dd217cc537cecdULL, 0x60543c50de970553ULL,
464 0x93f73f54aaf2426aULL, 0xa91b62737e7a725dULL, 0xf19d4507538732e2ULL,
465 0x77e4dfc20f9ea156ULL, 0x7d229ccdb4d31dc6ULL, 0x1b346a98037f87e5ULL,
466 0xedf4c615a4b29e94ULL, 0x4093286094110662ULL, 0xb0114ee85ae78063ULL,
467 0x6ff1d0d6b672e78bULL, 0x6dcf96d591909250ULL, 0xdfe09e3eec9567e8ULL,
468 0x3214582b4827f97cULL, 0xb46dc2ee143e6ac8ULL, 0xf6c0ac8da7cd1971ULL,
469 0xebb60c10cd8901e4ULL, 0xf7df8f023abcad92ULL, 0x9c52d3d2c217a0b2ULL,
470 0x6b8d5cd0f8ab0d20ULL, 0x3777f7a29b8fa734ULL, 0x011f238f9d71b4e3ULL,
471 0xc1b75b2f3c42be45ULL, 0x5de588fdfe551ef7ULL, 0x6eeef3592b035368ULL,
472 0xaa3a07ffc4e9b365ULL, 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL,
473 0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, 0xa59feb79ac0c51bdULL,
474 0xc7f5912a55792135ULL
475 },
476 {
477 0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL,
478 0xbe90a9eb35c2f139ULL, 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL,
479 0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, 0x0e34133ef6382827ULL,
480 0x52a02ba1ec55048bULL, 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL,
481 0xcdf1d36258137622ULL, 0xfe6cb708dedf8ddbULL, 0x8a174a9ec8121e5dULL,
482 0x679896036b81560eULL, 0x59ed033395795feeULL, 0x1dd778ab8b74edafULL,
483 0xee533ef92d9f926dULL, 0x2a8c79baf8a8d8f5ULL, 0x6bcf398e69b119f6ULL,
484 0xe20491742fafdd95ULL, 0x276488e0809c2aecULL, 0xea955b82d88f5cceULL,
485 0x7102c63a99d9e0c4ULL, 0xf9763017a5c39946ULL, 0x429fa2501f151b3dULL,
486 0x4659c72bea05d59eULL, 0x984b7fdccf5a6634ULL, 0xf742232953fbb161ULL,
487 0x3041860e08c021c7ULL, 0x747bfd9616cd9386ULL, 0x4bb1367192312787ULL,
488 0x1b72a1638a6c44d3ULL, 0x4a0e68a6e8359a66ULL, 0x169a5039f258b6caULL,
489 0xb98a2ef44edee5a4ULL, 0xd9083fe85e43a737ULL, 0x967f6ce239624e13ULL,
490 0x8874f62d3c1a7982ULL, 0x3c1629830af06e3fULL, 0x9165ebfd427e5a8eULL,
491 0xb5dd81794ceeaa5cULL, 0x0de8f15a7834f219ULL, 0x70bd98ede3dd5d25ULL,
492 0xaccc9ca9328a8950ULL, 0x56664eda1945ca28ULL, 0x221db34c0f8859aeULL,
493 0x26dbd637fa98970dULL, 0x1acdffb4f068f932ULL, 0x4585254f64090fa0ULL,
494 0x72de245e17d53afaULL, 0x1546b25d7c546cf4ULL, 0x207e0ffffb803e71ULL,
495 0xfaaad2732bcf4378ULL, 0xb462dfae36ea17bdULL, 0xcf926fd1ac1b11fdULL,
496 0xe0672dc7dba7ba4aULL, 0xd3fa49ad5d6b41b3ULL, 0x8ba81449b216a3bcULL,
497 0x14f9ec8a0650d115ULL, 0x40fc1ee3eb1d7ce2ULL, 0x23a2ed9b758ce44fULL,
498 0x782c521b14fddc7eULL, 0x1c68267cf170504eULL, 0xbcf31558c1ca96e6ULL,
499 0xa781b43b4ba6d235ULL, 0xf6fd7dfe29ff0c80ULL, 0xb0a4bad5c3fad91eULL,
500 0xd199f51ea963266cULL, 0x414340349119c103ULL, 0x5405f269ed4dadf7ULL,
501 0xabd61bb649969dcdULL, 0x6813dbeae7bdc3c8ULL, 0x65fb2ab09f8931d1ULL,
502 0xf1e7fae152e3181dULL, 0xc1a67cef5a2339daULL, 0x7a4feea8e0f5bba1ULL,
503 0x1e0b9acf05783791ULL, 0x5b8ebf8061713831ULL, 0x80e53cdbcb3af8d9ULL,
504 0x7e898bd315e57502ULL, 0xc6bcfbf0213f2d47ULL, 0x95a38e86b76e942dULL,
505 0x092e94218d243cbaULL, 0x8339debf453622e7ULL, 0xb11be402b9fe64ffULL,
506 0x57d9100d634177c9ULL, 0xcc4e8db52217cbc3ULL, 0x3b0cae9c71ec7aa2ULL,
507 0xfb158ca451cbfe99ULL, 0x2b33276d82ac6514ULL, 0x01bf5ed77a04bde1ULL,
508 0xc5601994af33f779ULL, 0x75c4a3416cc92e67ULL, 0xf3844652a6eb7fc2ULL,
509 0x3487e375fdd0ef64ULL, 0x18ae430704609eedULL, 0x4d14efb993298efbULL,
510 0x815a620cb13e4538ULL, 0x125c354207487869ULL, 0x9eeea614ce42cf48ULL,
511 0xce2d3106d61fac1cULL, 0xbbe99247bad6827bULL, 0x071a871f7b1c149dULL,
512 0x2e4a1cc10db81656ULL, 0x77a71ff298c149b8ULL, 0x06a5d9c80118a97cULL,
513 0xad73c27e488e34b1ULL, 0x443a7b981e0db241ULL, 0xe3bbcfa355ab6074ULL,
514 0x0af276450328e684ULL, 0x73617a896dd1871bULL, 0x58525de4ef7de20fULL,
515 0xb7be3dcab8e6cd83ULL, 0x19111dd07e64230cULL, 0x842359a03e2a367aULL,
516 0x103f89f1f3401fb6ULL, 0xdc710444d157d475ULL, 0xb835702334da5845ULL,
517 0x4320fc876511a6dcULL, 0xd026abc9d3679b8dULL, 0x17250eee885c0b2bULL,
518 0x90dab52a387ae76fULL, 0x31fed8d972c49c26ULL, 0x89cba8fa461ec463ULL,
519 0x2ff5421677bcabb7ULL, 0x396f122f85e41d7dULL, 0xa09b332430bac6a8ULL,
520 0xc888e8ced7070560ULL, 0xaeaf201ac682ee8fULL, 0x1180d7268944a257ULL,
521 0xf058a43628e7a5fcULL, 0xbd4c4b8fbbce2b07ULL, 0xa1246df34abe7b49ULL,
522 0x7d5569b79be9af3cULL, 0xa9b5a705bd9efa12ULL, 0xdb6b835baa4bc0e8ULL,
523 0x05793bac8f147342ULL, 0x21c1512881848390ULL, 0xfdb0556c50d357e5ULL,
524 0x613d4fcb6a99ff72ULL, 0x03dce2648e0cda3eULL, 0xe949b9e6568386f0ULL,
525 0xfc0f0bbb2ad7ea04ULL, 0x6a70675913b5a417ULL, 0x7f36d5046fe1c8e3ULL,
526 0x0c57af8d02304ff8ULL, 0x32223abdfcc84618ULL, 0x0891caf6f720815bULL,
527 0xa63eeaec31a26fd4ULL, 0x2507345374944d33ULL, 0x49d28ac266394058ULL,
528 0xf5219f9aa7f3d6beULL, 0x2d96fea583b4cc68ULL, 0x5a31e1571b7585d0ULL,
529 0x8ed12fe53d02d0feULL, 0xdfade6205f5b0e4bULL, 0x4cabb16ee92d331aULL,
530 0x04c6657bf510cea3ULL, 0xd73c2cd6a87b8f10ULL, 0xe1d87310a1a307abULL,
531 0x6cd5be9112ad0d6bULL, 0x97c032354366f3f2ULL, 0xd4e0ceb22677552eULL,
532 0x0000000000000000ULL, 0x29509bde76a402cbULL, 0xc27a9e8bd42fe3e4ULL,
533 0x5ef7842cee654b73ULL, 0xaf107ecdbc86536eULL, 0x3fcacbe784fcb401ULL,
534 0xd55f90655c73e8cfULL, 0xe6c2f40fdabf1336ULL, 0xe8f6e7312c873b11ULL,
535 0xeb2a0555a28be12fULL, 0xe4a148bc2eb774e9ULL, 0x9b979db84156bc0aULL,
536 0x6eb60222e6a56ab4ULL, 0x87ffbbc4b026ec44ULL, 0xc703a5275b3b90a6ULL,
537 0x47e699fc9001687fULL, 0x9c8d1aa73a4aa897ULL, 0x7cea3760e1ed12ddULL,
538 0x4ec80ddd1d2554c5ULL, 0x13e36b957d4cc588ULL, 0x5d2b66486069914dULL,
539 0x92b90999cc7280b0ULL, 0x517cc9c56259deb5ULL, 0xc937b619ad03b881ULL,
540 0xec30824ad997f5b2ULL, 0xa45d565fc5aa080bULL, 0xd6837201d27f32f1ULL,
541 0x635ef3789e9198adULL, 0x531f75769651b96aULL, 0x4f77530a6721e924ULL,
542 0x486dd4151c3dfdb9ULL, 0x5f48dafb9461f692ULL, 0x375b011173dc355aULL,
543 0x3da9775470f4d3deULL, 0x8d0dcd81b30e0ac0ULL, 0x36e45fc609d888bbULL,
544 0x55baacbe97491016ULL, 0x8cb29356c90ab721ULL, 0x76184125e2c5f459ULL,
545 0x99f4210bb55edbd5ULL, 0x6f095cf59ca1d755ULL, 0x9f51f8c3b44672a9ULL,
546 0x3538bda287d45285ULL, 0x50c39712185d6354ULL, 0xf23b1885dcefc223ULL,
547 0x79930ccc6ef9619fULL, 0xed8fdc9da3934853ULL, 0xcb540aaa590bdf5eULL,
548 0x5c94389f1a6d2cacULL, 0xe77daad8a0bbaed7ULL, 0x28efc5090ca0bf2aULL,
549 0xbf2ff73c4fc64cd8ULL, 0xb37858b14df60320ULL, 0xf8c96ec0dfc724a7ULL,
550 0x828680683f329f06ULL, 0x941cd051cd6a29ccULL, 0xc3c5c05cae2b5e05ULL,
551 0xb601631dc2e27062ULL, 0xc01922382027843bULL, 0x24b86a840e90f0d2ULL,
552 0xd245177a276ffc52ULL, 0x0f8b4de98c3c95c6ULL, 0x3e759530fef809e0ULL,
553 0x0b4d2892792c5b65ULL, 0xc4df4743d5374a98ULL, 0xa5e20888bfaeb5eaULL,
554 0xba56cc90c0d23f9aULL, 0x38d04cf8ffe0a09cULL, 0x62e1adafe495254cULL,
555 0x0263bcb3f40867dfULL, 0xcaeb547d230f62bfULL, 0x6082111c109d4293ULL,
556 0xdad4dd8cd04f7d09ULL, 0xefec602e579b2f8cULL, 0x1fb4c4187f7c8a70ULL,
557 0xffd3e9dfa4db303aULL, 0x7bf0b07f9af10640ULL, 0xf49ec14dddf76b5fULL,
558 0x8f6e713247066d1fULL, 0x339d646a86ccfbf9ULL, 0x64447467e58d8c30ULL,
559 0x2c29a072f9b07189ULL, 0xd8b7613f24471ad6ULL, 0x6627c8d41185ebefULL,
560 0xa347d140beb61c96ULL, 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL,
561 0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, 0x859c0777442e8b9bULL,
562 0x69ac853d9db97e29ULL
563 },
564 {
565 0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL,
566 0x5219ff11a75bed86ULL, 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL,
567 0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, 0x0c6550fb6b48d8f3ULL,
568 0xf57508c427ff1c62ULL, 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL,
569 0xe284ec2349355f9fULL, 0xb3c307c53d7c84ecULL, 0x05e23c0468365a02ULL,
570 0x190bac4d6c9ebfa8ULL, 0x94bbbee9e28b80faULL, 0xa34fc777529cb9b5ULL,
571 0xcc7b39f095bcd978ULL, 0x2426addb0ce532e3ULL, 0x7e79329312ce4fc7ULL,
572 0xab09a72eebec2917ULL, 0xf8d15499f6b9d6c2ULL, 0x1a55b8babf8c895dULL,
573 0xdb8add17fb769a85ULL, 0xb57f2f368658e81bULL, 0x8acd36f18f3f41f6ULL,
574 0x5ce3b7bba50f11d3ULL, 0x114dcc14d5ee2f0aULL, 0xb91a7fcded1030e8ULL,
575 0x81d5425fe55de7a1ULL, 0xb6213bc1554adeeeULL, 0x80144ef95f53f5f2ULL,
576 0x1e7688186db4c10cULL, 0x3b912965db5fe1bcULL, 0xc281715a97e8252dULL,
577 0x54a5d7e21c7f8171ULL, 0x4b12535ccbc5522eULL, 0x1d289cefbea6f7f9ULL,
578 0x6ef5f2217d2e729eULL, 0xe6a7dc819b0d17ceULL, 0x1b94b41c05829b0eULL,
579 0x33d7493c622f711eULL, 0xdcf7f942fa5ce421ULL, 0x600fba8b7f7a8ecbULL,
580 0x46b60f011a83988eULL, 0x235b898e0dcf4c47ULL, 0x957ab24f588592a9ULL,
581 0x4354330572b5c28cULL, 0xa5f3ef84e9b8d542ULL, 0x8c711e02341b2d01ULL,
582 0x0b1874ae6a62a657ULL, 0x1213d8e306fc19ffULL, 0xfe6d7c6a4d9dba35ULL,
583 0x65ed868f174cd4c9ULL, 0x88522ea0e6236550ULL, 0x899322065c2d7703ULL,
584 0xc01e690bfef4018bULL, 0x915982ed8abddaf8ULL, 0xbe675b98ec3a4e4cULL,
585 0xa996bf7f82f00db1ULL, 0xe1daf8d49a27696aULL, 0x2effd5d3dc8986e7ULL,
586 0xd153a51f2b1a2e81ULL, 0x18caa0ebd690adfbULL, 0x390e3134b243c51aULL,
587 0x2778b92cdff70416ULL, 0x029f1851691c24a6ULL, 0x5e7cafeacc133575ULL,
588 0xfa4e4cc89fa5f264ULL, 0x5a5f9f481e2b7d24ULL, 0x484c47ab18d764dbULL,
589 0x400a27f2a1a7f479ULL, 0xaeeb9b2a83da7315ULL, 0x721c626879869734ULL,
590 0x042330a2d2384851ULL, 0x85f672fd3765aff0ULL, 0xba446b3a3e02061dULL,
591 0x73dd6ecec3888567ULL, 0xffac70ccf793a866ULL, 0xdfa9edb5294ed2d4ULL,
592 0x6c6aea7014325638ULL, 0x834a5a0e8c41c307ULL, 0xcdba35562fb2cb2bULL,
593 0x0ad97808d06cb404ULL, 0x0f3b440cb85aee06ULL, 0xe5f9c876481f213bULL,
594 0x98deee1289c35809ULL, 0x59018bbfcd394bd1ULL, 0xe01bf47220297b39ULL,
595 0xde68e1139340c087ULL, 0x9fa3ca4788e926adULL, 0xbb85679c840c144eULL,
596 0x53d8f3b71d55ffd5ULL, 0x0da45c5dd146caa0ULL, 0x6f34fe87c72060cdULL,
597 0x57fbc315cf6db784ULL, 0xcee421a1fca0fddeULL, 0x3d2d0196607b8d4bULL,
598 0x642c8a29ad42c69aULL, 0x14aff010bdd87508ULL, 0xac74837beac657b3ULL,
599 0x3216459ad821634dULL, 0x3fb219c70967a9edULL, 0x06bc28f3bb246cf7ULL,
600 0xf2082c9126d562c6ULL, 0x66b39278c45ee23cULL, 0xbd394f6f3f2878b9ULL,
601 0xfd33689d9e8f8cc0ULL, 0x37f4799eb017394fULL, 0x108cc0b26fe03d59ULL,
602 0xda4bd1b1417888d6ULL, 0xb09d1332ee6eb219ULL, 0x2f3ed975668794b4ULL,
603 0x58c0871977375982ULL, 0x7561463d78ace990ULL, 0x09876cff037e82f1ULL,
604 0x7fb83e35a8c05d94ULL, 0x26b9b58a65f91645ULL, 0xef20b07e9873953fULL,
605 0x3148516d0b3355b8ULL, 0x41cb2b541ba9e62aULL, 0x790416c613e43163ULL,
606 0xa011d380818e8f40ULL, 0x3a5025c36151f3efULL, 0xd57095bdf92266d0ULL,
607 0x498d4b0da2d97688ULL, 0x8b0c3a57353153a5ULL, 0x21c491df64d368e1ULL,
608 0x8f2f0af5e7091bf4ULL, 0x2da1c1240f9bb012ULL, 0xc43d59a92ccc49daULL,
609 0xbfa6573e56345c1fULL, 0x828b56a8364fd154ULL, 0x9a41f643e0df7cafULL,
610 0xbcf843c985266aeaULL, 0x2b1de9d7b4bfdce5ULL, 0x20059d79dedd7ab2ULL,
611 0x6dabe6d6ae3c446bULL, 0x45e81bf6c991ae7bULL, 0x6351ae7cac68b83eULL,
612 0xa432e32253b6c711ULL, 0xd092a9b991143cd2ULL, 0xcac711032e98b58fULL,
613 0xd8d4c9e02864ac70ULL, 0xc5fc550f96c25b89ULL, 0xd7ef8dec903e4276ULL,
614 0x67729ede7e50f06fULL, 0xeac28c7af045cf3dULL, 0xb15c1f945460a04aULL,
615 0x9cfddeb05bfb1058ULL, 0x93c69abce3a1fe5eULL, 0xeb0380dc4a4bdd6eULL,
616 0xd20db1e8f8081874ULL, 0x229a8528b7c15e14ULL, 0x44291750739fbc28ULL,
617 0xd3ccbd4e42060a27ULL, 0xf62b1c33f4ed2a97ULL, 0x86a8660ae4779905ULL,
618 0xd62e814a2a305025ULL, 0x477703a7a08d8addULL, 0x7b9b0e977af815c5ULL,
619 0x78c51a60a9ea2330ULL, 0xa6adfb733aaae3b7ULL, 0x97e5aa1e3199b60fULL,
620 0x0000000000000000ULL, 0xf4b404629df10e31ULL, 0x5564db44a6719322ULL,
621 0x9207961a59afec0dULL, 0x9624a6b88b97a45cULL, 0x363575380a192b1cULL,
622 0x2c60cd82b595a241ULL, 0x7d272664c1dc7932ULL, 0x7142769faa94a1c1ULL,
623 0xa1d0df263b809d13ULL, 0x1630e841d4c451aeULL, 0xc1df65ad44fa13d8ULL,
624 0x13d2d445bcf20bacULL, 0xd915c546926abe23ULL, 0x38cf3d92084dd749ULL,
625 0xe766d0272103059dULL, 0xc7634d5effde7f2fULL, 0x077d2455012a7ea4ULL,
626 0xedbfa82ff16fb199ULL, 0xaf2a978c39d46146ULL, 0x42953fa3c8bbd0dfULL,
627 0xcb061da59496a7dcULL, 0x25e7a17db6eb20b0ULL, 0x34aa6d6963050fbaULL,
628 0xa76cf7d580a4f1e4ULL, 0xf7ea10954ee338c4ULL, 0xfcf2643b24819e93ULL,
629 0xcf252d0746aeef8dULL, 0x4ef06f58a3f3082cULL, 0x563acfb37563a5d7ULL,
630 0x5086e740ce47c920ULL, 0x2982f186dda3f843ULL, 0x87696aac5e798b56ULL,
631 0x5d22bb1d1f010380ULL, 0x035e14f7d31236f5ULL, 0x3cec0d30da759f18ULL,
632 0xf3c920379cdb7095ULL, 0xb8db736b571e22bbULL, 0xdd36f5e44052f672ULL,
633 0xaac8ab8851e23b44ULL, 0xa857b3d938fe1fe2ULL, 0x17f1e4e76eca43fdULL,
634 0xec7ea4894b61a3caULL, 0x9e62c6e132e734feULL, 0xd4b1991b432c7483ULL,
635 0x6ad6c283af163acfULL, 0x1ce9904904a8e5aaULL, 0x5fbda34c761d2726ULL,
636 0xf910583f4cb7c491ULL, 0xc6a241f845d06d7cULL, 0x4f3163fe19fd1a7fULL,
637 0xe99c988d2357f9c8ULL, 0x8eee06535d0709a7ULL, 0x0efa48aa0254fc55ULL,
638 0xb4be23903c56fa48ULL, 0x763f52caabbedf65ULL, 0xeee1bcd8227d876cULL,
639 0xe345e085f33b4dccULL, 0x3e731561b369bbbeULL, 0x2843fd2067adea10ULL,
640 0x2adce5710eb1ceb6ULL, 0xb7e03767ef44ccbdULL, 0x8db012a48e153f52ULL,
641 0x61ceb62dc5749c98ULL, 0xe85d942b9959eb9bULL, 0x4c6f7709caef2c8aULL,
642 0x84377e5b8d6bbda3ULL, 0x30895dcbb13d47ebULL, 0x74a04a9bc2a2fbc3ULL,
643 0x6b17ce251518289cULL, 0xe438c4d0f2113368ULL, 0x1fb784bed7bad35fULL,
644 0x9b80fae55ad16efcULL, 0x77fe5e6c11b0cd36ULL, 0xc858095247849129ULL,
645 0x08466059b97090a2ULL, 0x01c10ca6ba0e1253ULL, 0x6988d6747c040c3aULL,
646 0x6849dad2c60a1e69ULL, 0x5147ebe67449db73ULL, 0xc99905f4fd8a837aULL,
647 0x991fe2b433cd4a5aULL, 0xf09734c04fc94660ULL, 0xa28ecbd1e892abe6ULL,
648 0xf1563866f5c75433ULL, 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL,
649 0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, 0xb2020b63877296bfULL,
650 0x156efcb607d6675bULL
651 },
652 {
653 0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL,
654 0x5b43d3775d521f6aULL, 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL,
655 0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, 0x48f7c3dbae0c83f1ULL,
656 0xff31916642f5c8c5ULL, 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL,
657 0x35c130e908e2b9b0ULL, 0x7c761a61f0b34fa1ULL, 0x3601161cf205268dULL,
658 0x9e54ccfe2219b7d6ULL, 0x8b7d90a538940837ULL, 0x9cd403588ea35d0bULL,
659 0xbc3c6fea9ccc5b5aULL, 0xe5ff733b6d24aeedULL, 0xceed22de0f7eb8d2ULL,
660 0xec8581cab1ab545eULL, 0xb96105e88ff8e71dULL, 0x8ca03501871a5eadULL,
661 0x76ccce65d6db2a2fULL, 0x5883f582a7b58057ULL, 0x3f7be4ed2e8adc3eULL,
662 0x0fe7be06355cd9c9ULL, 0xee054e6c1d11be83ULL, 0x1074365909b903a6ULL,
663 0x5dde9f80b4813c10ULL, 0x4a770c7d02b6692cULL, 0x5379c8d5d7809039ULL,
664 0xb4067448161ed409ULL, 0x5f5e5026183bd6cdULL, 0xe898029bf4c29df9ULL,
665 0x7fb63c940a54d09cULL, 0xc5171f897f4ba8bcULL, 0xa6f28db7b31d3d72ULL,
666 0x2e4f3be7716eaa78ULL, 0x0d6771a099e63314ULL, 0x82076254e41bf284ULL,
667 0x2f0fd2b42733df98ULL, 0x5c9e76d3e2dc49f0ULL, 0x7aeb569619606cdbULL,
668 0x83478b07b2468764ULL, 0xcfadcb8d5923cd32ULL, 0x85dac7f05b95a41eULL,
669 0xb5469d1b4043a1e9ULL, 0xb821ecbbd9a592fdULL, 0x1b8e0b0e798c13c8ULL,
670 0x62a57b6d9a0be02eULL, 0xfcf1b793b81257f8ULL, 0x9d94ea0bd8fe28ebULL,
671 0x4cea408aeb654a56ULL, 0x23284a47e888996cULL, 0x2d8f1d128b893545ULL,
672 0xf4cbac3132c0d8abULL, 0xbd7c86b9ca912ebaULL, 0x3a268eef3dbe6079ULL,
673 0xf0d62f6077a9110cULL, 0x2735c916ade150cbULL, 0x89fd5f03942ee2eaULL,
674 0x1acee25d2fd16628ULL, 0x90f39bab41181bffULL, 0x430dfe8cde39939fULL,
675 0xf70b8ac4c8274796ULL, 0x1c53aeaac6024552ULL, 0x13b410acf35e9c9bULL,
676 0xa532ab4249faa24fULL, 0x2b1251e5625a163fULL, 0xd7e3e676da4841c7ULL,
677 0xa7b264e4e5404892ULL, 0xda8497d643ae72d3ULL, 0x861ae105a1723b23ULL,
678 0x38a6414991048aa4ULL, 0x6578dec92585b6b4ULL, 0x0280cfa6acbaeaddULL,
679 0x88bdb650c273970aULL, 0x9333bd5ebbff84c2ULL, 0x4e6a8f2c47dfa08bULL,
680 0x321c954db76cef2aULL, 0x418d312a72837942ULL, 0xb29b38bfffcdf773ULL,
681 0x6c022c38f90a4c07ULL, 0x5a033a240b0f6a8aULL, 0x1f93885f3ce5da6fULL,
682 0xc38a537e96988bc6ULL, 0x39e6a81ac759ff44ULL, 0x29929e43cee0fce2ULL,
683 0x40cdd87924de0ca2ULL, 0xe9d8ebc8a29fe819ULL, 0x0c2798f3cfbb46f4ULL,
684 0x55e484223e53b343ULL, 0x4650948ecd0d2fd8ULL, 0x20e86cb2126f0651ULL,
685 0x6d42c56baf5739e7ULL, 0xa06fc1405ace1e08ULL, 0x7babbfc54f3d193bULL,
686 0x424d17df8864e67fULL, 0xd8045870ef14980eULL, 0xc6d7397c85ac3781ULL,
687 0x21a885e1443273b1ULL, 0x67f8116f893f5c69ULL, 0x24f5efe35706cff6ULL,
688 0xd56329d076f2ab1aULL, 0x5e1eb9754e66a32dULL, 0x28d2771098bd8902ULL,
689 0x8f6013f47dfdc190ULL, 0x17a993fdb637553cULL, 0xe0a219397e1012aaULL,
690 0x786b9930b5da8606ULL, 0x6e82e39e55b0a6daULL, 0x875a0856f72f4ec3ULL,
691 0x3741ff4fa458536dULL, 0xac4859b3957558fcULL, 0x7ef6d5c75c09a57cULL,
692 0xc04a758b6c7f14fbULL, 0xf9acdd91ab26ebbfULL, 0x7391a467c5ef9668ULL,
693 0x335c7c1ee1319acaULL, 0xa91533b18641e4bbULL, 0xe4bf9a683b79db0dULL,
694 0x8e20faa72ba0b470ULL, 0x51f907737b3a7ae4ULL, 0x2268a314bed5ec8cULL,
695 0xd944b123b949edeeULL, 0x31dcb3b84d8b7017ULL, 0xd3fe65279f218860ULL,
696 0x097af2f1dc8ffab3ULL, 0x9b09a6fc312d0b91ULL, 0xcc6ded78a3c4520fULL,
697 0x3481d9ba5ebfcc50ULL, 0x4f2a667f1182d56bULL, 0xdfd9fdd4509ace94ULL,
698 0x26752045fbbc252bULL, 0xbffc491f662bc467ULL, 0xdd593272fc202449ULL,
699 0x3cbbc218d46d4303ULL, 0x91b372f817456e1fULL, 0x681faf69bc6385a0ULL,
700 0xb686bbeebaa43ed4ULL, 0x1469b5084cd0ca01ULL, 0x98c98009cbca94acULL,
701 0x6438379a73d8c354ULL, 0xc2caba2dc0c5fe26ULL, 0x3e3b0dbe78d7a9deULL,
702 0x50b9ee202d670f04ULL, 0x4590b27b37eab0e5ULL, 0x6025b4cb36b10af3ULL,
703 0xfb2c1237079c0162ULL, 0xa12f28130c936be8ULL, 0x4b37e52e54eb1cccULL,
704 0x083a1ba28ad28f53ULL, 0xc10a9cd83a22611bULL, 0x9f1425ad7444c236ULL,
705 0x069d4cf7e9d3237aULL, 0xedc56899e7f621beULL, 0x778c273680865fcfULL,
706 0x309c5aeb1bd605f7ULL, 0x8de0dc52d1472b4dULL, 0xf8ec34c2fd7b9e5fULL,
707 0xea18cd3d58787724ULL, 0xaad515447ca67b86ULL, 0x9989695a9d97e14cULL,
708 0x0000000000000000ULL, 0xf196c63321f464ecULL, 0x71116bc169557cb5ULL,
709 0xaf887f466f92c7c1ULL, 0x972e3e0ffe964d65ULL, 0x190ec4a8d536f915ULL,
710 0x95aef1a9522ca7b8ULL, 0xdc19db21aa7d51a9ULL, 0x94ee18fa0471d258ULL,
711 0x8087adf248a11859ULL, 0xc457f6da2916dd5cULL, 0xfa6cfb6451c17482ULL,
712 0xf256e0c6db13fbd1ULL, 0x6a9f60cf10d96f7dULL, 0x4daaa9d9bd383fb6ULL,
713 0x03c026f5fae79f3dULL, 0xde99148706c7bb74ULL, 0x2a52b8b6340763dfULL,
714 0x6fc20acd03edd33aULL, 0xd423c08320afdefaULL, 0xbbe1ca4e23420dc0ULL,
715 0x966ed75ca8cb3885ULL, 0xeb58246e0e2502c4ULL, 0x055d6a021334bc47ULL,
716 0xa47242111fa7d7afULL, 0xe3623fcc84f78d97ULL, 0x81c744a11efc6db9ULL,
717 0xaec8961539cfb221ULL, 0xf31609958d4e8e31ULL, 0x63e5923ecc5695ceULL,
718 0x47107ddd9b505a38ULL, 0xa3afe7b5a0298135ULL, 0x792b7063e387f3e6ULL,
719 0x0140e953565d75e0ULL, 0x12f4f9ffa503e97bULL, 0x750ce8902c3cb512ULL,
720 0xdbc47e8515f30733ULL, 0x1ed3610c6ab8af8fULL, 0x5239218681dde5d9ULL,
721 0xe222d69fd2aaf877ULL, 0xfe71783514a8bd25ULL, 0xcaf0a18f4a177175ULL,
722 0x61655d9860ec7f13ULL, 0xe77fbc9dc19e4430ULL, 0x2ccff441ddd440a5ULL,
723 0x16e97aaee06a20dcULL, 0xa855dae2d01c915bULL, 0x1d1347f9905f30b2ULL,
724 0xb7c652bdecf94b34ULL, 0xd03e43d265c6175dULL, 0xfdb15ec0ee4f2218ULL,
725 0x57644b8492e9599eULL, 0x07dda5a4bf8e569aULL, 0x54a46d71680ec6a3ULL,
726 0x5624a2d7c4b42c7eULL, 0xbebca04c3076b187ULL, 0x7d36f332a6ee3a41ULL,
727 0x3b6667bc6be31599ULL, 0x695f463aea3ef040ULL, 0xad08b0e0c3282d1cULL,
728 0xb15b1e4a052a684eULL, 0x44d05b2861b7c505ULL, 0x15295c5b1a8dbfe1ULL,
729 0x744c01c37a61c0f2ULL, 0x59c31cd1f1e8f5b7ULL, 0xef45a73f4b4ccb63ULL,
730 0x6bdf899c46841a9dULL, 0x3dfb2b4b823036e3ULL, 0xa2ef0ee6f674f4d5ULL,
731 0x184e2dfb836b8cf5ULL, 0x1134df0a5fe47646ULL, 0xbaa1231d751f7820ULL,
732 0xd17eaa81339b62bdULL, 0xb01bf71953771daeULL, 0x849a2ea30dc8d1feULL,
733 0x705182923f080955ULL, 0x0ea757556301ac29ULL, 0x041d83514569c9a7ULL,
734 0x0abad4042668658eULL, 0x49b72a88f851f611ULL, 0x8a3d79f66ec97dd7ULL,
735 0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, 0x9273540deda2f122ULL,
736 0xc797d02fd3f14261ULL, 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL,
737 0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, 0x72d14d3493b2e388ULL,
738 0xd6a30f258c153427ULL
739 }
740 };

◆ STREEBOG_C

const uint64_t Botan::STREEBOG_C
extern

Definition at line 742 of file streebog_precalc.cpp.

743 {
744 {
745 0xdd806559f2a64507ULL,
746 0x05767436cc744d23ULL,
747 0xa2422a08a460d315ULL,
748 0x4b7ce09192676901ULL,
749 0x714eb88d7585c4fcULL,
750 0x2f6a76432e45d016ULL,
751 0xebcb2f81c0657c1fULL,
752 0xb1085bda1ecadae9ULL
753 },
754 {
755 0xe679047021b19bb7ULL,
756 0x55dda21bd7cbcd56ULL,
757 0x5cb561c2db0aa7caULL,
758 0x9ab5176b12d69958ULL,
759 0x61d55e0f16b50131ULL,
760 0xf3feea720a232b98ULL,
761 0x4fe39d460f70b5d7ULL,
762 0x6fa3b58aa99d2f1aULL
763 },
764 {
765 0x991e96f50aba0ab2ULL,
766 0xc2b6f443867adb31ULL,
767 0xc1c93a376062db09ULL,
768 0xd3e20fe490359eb1ULL,
769 0xf2ea7514b1297b7bULL,
770 0x06f15e5f529c1f8bULL,
771 0x0a39fc286a3d8435ULL,
772 0xf574dcac2bce2fc7ULL
773 },
774 {
775 0x220cbebc84e3d12eULL,
776 0x3453eaa193e837f1ULL,
777 0xd8b71333935203beULL,
778 0xa9d72c82ed03d675ULL,
779 0x9d721cad685e353fULL,
780 0x488e857e335c3c7dULL,
781 0xf948e1a05d71e4ddULL,
782 0xef1fdfb3e81566d2ULL
783 },
784 {
785 0x601758fd7c6cfe57ULL,
786 0x7a56a27ea9ea63f5ULL,
787 0xdfff00b723271a16ULL,
788 0xbfcd1747253af5a3ULL,
789 0x359e35d7800fffbdULL,
790 0x7f151c1f1686104aULL,
791 0x9a3f410c6ca92363ULL,
792 0x4bea6bacad474799ULL
793 },
794 {
795 0xfa68407a46647d6eULL,
796 0xbf71c57236904f35ULL,
797 0x0af21f66c2bec6b6ULL,
798 0xcffaa6b71c9ab7b4ULL,
799 0x187f9ab49af08ec6ULL,
800 0x2d66c4f95142a46cULL,
801 0x6fa4c33b7a3039c0ULL,
802 0xae4faeae1d3ad3d9ULL
803 },
804 {
805 0x8886564d3a14d493ULL,
806 0x3517454ca23c4af3ULL,
807 0x06476983284a0504ULL,
808 0x0992abc52d822c37ULL,
809 0xd3473e33197a93c9ULL,
810 0x399ec6c7e6bf87c9ULL,
811 0x51ac86febf240954ULL,
812 0xf4c70e16eeaac5ecULL
813 },
814 {
815 0xa47f0dd4bf02e71eULL,
816 0x36acc2355951a8d9ULL,
817 0x69d18d2bd1a5c42fULL,
818 0xf4892bcb929b0690ULL,
819 0x89b4443b4ddbc49aULL,
820 0x4eb7f8719c36de1eULL,
821 0x03e7aa020c6e4141ULL,
822 0x9b1f5b424d93c9a7ULL
823 },
824 {
825 0x7261445183235adbULL,
826 0x0e38dc92cb1f2a60ULL,
827 0x7b2b8a9aa6079c54ULL,
828 0x800a440bdbb2ceb1ULL,
829 0x3cd955b7e00d0984ULL,
830 0x3a7d3a1b25894224ULL,
831 0x944c9ad8ec165fdeULL,
832 0x378f5a541631229bULL
833 },
834 {
835 0x74b4c7fb98459cedULL,
836 0x3698fad1153bb6c3ULL,
837 0x7a1e6c303b7652f4ULL,
838 0x9fe76702af69334bULL,
839 0x1fffe18a1b336103ULL,
840 0x8941e71cff8a78dbULL,
841 0x382ae548b2e4f3f3ULL,
842 0xabbedea680056f52ULL
843 },
844 {
845 0x6bcaa4cd81f32d1bULL,
846 0xdea2594ac06fd85dULL,
847 0xefbacd1d7d476e98ULL,
848 0x8a1d71efea48b9caULL,
849 0x2001802114846679ULL,
850 0xd8fa6bbbebab0761ULL,
851 0x3002c6cd635afe94ULL,
852 0x7bcd9ed0efc889fbULL
853 },
854 {
855 0x48bc924af11bd720ULL,
856 0xfaf417d5d9b21b99ULL,
857 0xe71da4aa88e12852ULL,
858 0x5d80ef9d1891cc86ULL,
859 0xf82012d430219f9bULL,
860 0xcda43c32bcdf1d77ULL,
861 0xd21380b00449b17aULL,
862 0x378ee767f11631baULL
863 }
864 };

Referenced by Botan::Streebog::compress_64().