nil::crypto3 Namespace Reference

Namespaces

 adaptors
 
 asn1
 
 block
 
 cert_extension
 
 Charset
 
 codec
 
 CryptoBox
 
 ct
 
 detail
 
 ffi
 
 FPE
 
 hash
 
 kdf
 
 key_pair
 
 mac
 
 ocsp
 
 oids
 
 OS
 
 pem_code
 
 pk_operations
 
 PKCS11
 
 pkcs8
 
 pkix
 
 pubkey
 
 public_key
 
 tls
 
 TLS
 
 x509
 

Classes

class  aead_mode
 
class  agreement_key
 
class  algorithm_identifier
 
class  Algorithm_Not_Found
 
class  alternative_name
 
class  ANSI_X919_MAC
 
class  ANSI_X923_Padding
 
class  asn1_formatter
 
class  asn1_object
 
class  asn1_pretty_printer
 
class  asn1_string
 
class  Atomic
 
class  attribute
 
class  AutoSeeded_RNG
 
class  BearSSL_Error
 
class  ber_bad_tag
 
class  ber_decoder
 
class  ber_decoding_error
 
class  ber_object
 
class  big_int
 
class  blinder
 
class  Block_Cipher_Fixed_Params
 
class  block_cipher_mode_padding_method
 
class  BlockCipher
 
class  buffered_computation
 
class  calendar_point
 
class  cbc_decryption
 
class  cbc_encryption
 
class  CBC_MAC
 
class  cbc_mode
 
class  CCM_Decryption
 
class  CCM_Encryption
 
class  CCM_Mode
 
class  CECPQ1_key
 
class  certificate_extension
 
class  certificate_store
 
class  certificate_store_in_memory
 
class  cfb_decryption
 
class  cfb_encryption
 
class  cfb_mode
 CFB Mode. More...
 
class  ChaCha
 
class  ChaCha20Poly1305_Decryption
 
class  ChaCha20Poly1305_Encryption
 
class  ChaCha20Poly1305_Mode
 
class  ChaCha_RNG
 
class  cipher_mode
 
class  CMAC
 
class  Comb4P
 Comb4P scheme. Combines two hash functions using a Feistel scheme. Described in "On the Security of Hash Function Combiners", Anja Lehmann. More...
 
class  concept_container
 Normalizes input data with Preprocessor and the inserted result with Postprocessor for the further processing. More...
 
class  cpuid
 
class  credentials_manager
 
struct  crl_data
 
class  crl_entry
 
struct  crl_entry_data
 
class  CTR_BE
 
class  cts_decryption
 
class  cts_encryption
 
class  curve25519_private_key
 
class  curve25519_public_key
 
class  curve_gfp
 This class represents an elliptic curve over GF(p) More...
 
class  curve_montgomery
 
class  curve_nist
 
class  curve_nist_policy
 
class  data_source
 
class  data_source_memory
 
class  data_store
 
class  DataSource_Stream
 
class  decoding_error
 
class  der_encoder
 
class  dh_private_key
 
class  dh_public_key
 
class  dl_group
 
class  dl_group_data
 
struct  dl_group_info
 
class  dl_scheme_private_key
 
class  dl_scheme_public_key
 
class  DLIES_Decryptor
 
class  dlies_encryptor
 
class  donna128
 A minimal 128-bit integer type for curve25519-donna. More...
 
struct  dsa_botan
 
struct  dsa_jce
 DSA group. More...
 
struct  dsa_jce< 1024 >
 
class  dsa_private_key_policy
 
class  dsa_public_key_policy
 
class  Dynamically_Loaded_Library
 
class  EAX_Decryption
 
class  EAX_Encryption
 
class  EAX_Mode
 
class  ec_group
 Class representing an elliptic curve. More...
 
class  ec_group_data
 
class  ec_group_data_map
 
class  ec_private_key
 
class  ec_public_key
 
class  ecdh
 
class  ecdh_private_key
 
class  ecdh_public_key
 
class  ecdsa
 
class  ecdsa_private_key
 
class  ecdsa_public_key
 
class  ecgdsa
 
class  ecgdsa_private_key
 
class  ecgdsa_public_key
 
class  ecies_decryptor
 
class  ecies_encryptor
 
class  ecies_ka_operation
 
class  ecies_ka_params
 
class  ecies_system_params
 
class  eckcdsa
 
class  eckcdsa_private_key
 
class  eckcdsa_public_key
 
class  ed25519
 
class  ed25519_private_key
 
class  ed25519_public_key
 
class  el_gamal
 
class  el_gamal_private_key
 
class  el_gamal_public_key
 
class  eme
 
class  EME_PKCS1v15
 
class  eme_pkcs1v15
 EME from PKCS #1 v1.5. More...
 
class  EME_Raw
 
class  eme_raw
 
class  emsa
 
class  EMSA1
 
class  emsa1
 
class  EMSA_PKCS1v15
 
class  emsa_pkcs1v15
 
  • PKCS #1 v1.5 signature padding aka PKCS #1 block type 1 aka EMSA3 from IEEE 1363
More...
 
class  emsa_pkcs1v15_base
 
class  EMSA_PKCS1v15_Raw
 
class  emsa_pkcs1v15_raw
 EMSA_PKCS1v15_Raw which is EMSA_PKCS1v15 without a hash or digest id (which according to QCA docs is "identical to PKCS#11's CKM_RSA_PKCS mechanism", something I have not confirmed) More...
 
class  emsa_pssr
 PSSR aka EMSA4 in IEEE 1363. More...
 
class  EMSA_Raw
 
class  emsa_raw
 
class  EMSA_X931
 
class  emsa_x931
 
class  Encoding_Error
 
class  Encrypted_PSK_Database
 
class  ESP_Padding
 
class  Exception
 
class  extensions
 
class  fe25519
 
struct  ffdhe_ietf
 TLS FFDHE groups. More...
 
struct  ffdhe_ietf< 2048 >
 
struct  ffdhe_ietf< 3072 >
 
struct  ffdhe_ietf< 4096 >
 
struct  ffdhe_ietf< 6144 >
 
struct  ffdhe_ietf< 8192 >
 
class  fixed_base_power_mod
 
class  fixed_exponent_power_mod
 
class  fixed_window_exponentiator
 
class  FPE_FE1
 
class  GCM_Decryption
 
class  GCM_Encryption
 
class  GCM_Mode
 
struct  ge_p3
 
class  general_name
 X.509 GeneralName Type. More...
 
class  general_subtree
 A single Name Constraint. More...
 
class  getentropy_random_device
 This class models a nondeterministic_random_number_generator. It uses one or more implementation-defined stochastic processes to generate a sequence of uniformly distributed non-deterministic random numbers. For those environments where a non-deterministic random number generator is not available, class getentropy_random_device must not be implemented. See. More...
 
class  gf2m_field
 
class  GHASH
 
class  GMAC
 
class  gost_3410
 
class  gost_3410_private_key
 
class  gost_3410_public_key
 
class  hardware_rng
 
class  HashFunction
 
class  HKDF
 
class  HKDF_Expand
 
class  HKDF_Extract
 
class  HMAC
 
class  hmac_drbg
 
class  HOTP
 
class  illegal_point
 
class  illegal_transformation
 
class  Integer_Overflow_Detected
 
class  Integrity_Failure
 
class  Internal_Error
 
class  Invalid_Algorithm_Name
 
class  Invalid_IV_Length
 
class  Invalid_Key_Length
 
class  Invalid_OID
 
class  Invalid_State
 
class  iso_9796
 
class  ISO_9796_DS2
 
class  iso_9796_ds2
 
class  ISO_9796_DS3
 
class  iso_9796_ds3
 
class  kdf
 
class  KDF1
 
class  KDF1_18033
 
class  KDF2
 
class  Keccak_1600
 Keccaak[1600]. SHA-3 competitor. More...
 
class  key_length_spec_t
 
class  Key_Not_Set
 
class  L_computer
 
class  lock_guard
 
class  lookup_error
 
class  mc_eliece_private_key
 
class  mc_eliece_public_key
 
class  mceliece
 
class  memory_pool
 
class  MessageAuthenticationCode
 
class  mlock_allocator
 
struct  modp_ietf
 IETF IPsec groups. More...
 
struct  modp_ietf< 1024 >
 
struct  modp_ietf< 1536 >
 
struct  modp_ietf< 2048 >
 
struct  modp_ietf< 3072 >
 
struct  modp_ietf< 4096 >
 
struct  modp_ietf< 6144 >
 
struct  modp_ietf< 8192 >
 
struct  modp_srp
 SRP groups. More...
 
struct  modp_srp< 1024 >
 
struct  modp_srp< 1536 >
 
struct  modp_srp< 2048 >
 
struct  modp_srp< 3072 >
 
struct  modp_srp< 4096 >
 
struct  modp_srp< 6144 >
 
struct  modp_srp< 8192 >
 
class  modular_exponentiator
 
class  modular_reducer
 
class  montgomery_exponentation_state
 
class  montgomery_exponentiator
 
class  montgomery_int
 
class  montgomery_params
 
class  name_constraints
 Name Constraints. More...
 
class  newhope_poly
 
class  No_Provider_Found
 
class  noop_mutex
 
class  Not_Implemented
 
class  Null_Padding
 
class  null_rng
 
class  OAEP
 
class  oaep
 OAEP (called EME1 in IEEE 1363 and in earlier versions of the library) as specified in PKCS#1 v2.0 (RFC 2437) More...
 
class  OCB_Decryption
 
class  OCB_Encryption
 
class  OCB_Mode
 
class  octet_string
 
class  OFB
 
class  oid_t
 
class  OneAndZeros_Padding
 
class  OpenPGP_S2K
 
class  OpenSSL_Error
 
class  p192
 
class  p224
 
class  p256
 
class  p384
 
class  p521
 
class  path_validation_restrictions
 
class  path_validation_result
 
class  PBKDF
 
class  pk_decryptor
 
class  pk_decryptor_eme
 
class  pk_encryptor
 
class  pk_encryptor_eme
 
class  pk_kem_decryptor
 
class  pk_kem_encryptor
 
class  pk_key_agreement
 
class  pk_key_agreement_key
 
class  pk_signer
 
class  pk_verifier
 
struct  pkcs10__data
 
class  pkcs10_request
 
class  PKCS5_PBKDF1
 
class  PKCS5_PBKDF2
 
class  PKCS7_Padding
 
class  pkcs8_exception
 
class  point_gfp
 This class represents one point on a curve of GF(p) More...
 
class  point_gfp_base_point_precompute
 
class  point_gfp_multi_point_precompute
 
class  point_gfp_var_point_precompute
 
class  Policy_Violation
 
class  Poly1305
 
class  polyn_gf2m
 
class  power_mod
 
class  private_key
 
class  private_key_policy
 
class  PRNG_Unseeded
 
class  Provider_Not_Found
 
class  PSK_Database
 
class  PSSR
 
class  PSSR_Raw
 
class  public_key
 
class  public_key_policy
 
class  random_number_generator
 
class  RC4
 
class  rdrand_rng
 
class  rdseed_random_device
 This class models a nondeterministic_random_number_generator. It uses one or more implementation-defined stochastic processes to generate a sequence of uniformly distributed non-deterministic random numbers. For those environments where a non-deterministic random number generator is not available, class rdseed_random_device must not be implemented. See. More...
 
class  rfc6979_nonce_generator
 
class  rsa
 
class  rsa_private_key
 
class  rsa_public_key
 
class  RTSS_Share
 
class  Salsa20
 
class  scan_name
 
class  secure_allocator
 
class  Self_Test_Failure
 
class  SHA_3
 SHA3. The new NIST standard hash. Fairly slow. More...
 
class  SHA_3_224
 
class  SHA_3_256
 
class  SHA_3_384
 
class  SHA_3_512
 
class  SHAKE_128
 Shake. These are actually XOFs (extensible output functions) based on SHA-3, which can output a value of any length. More...
 
class  SHAKE_128_Cipher
 
class  SHAKE_256
 
class  SIMD_4x32
 
class  SipHash
 
class  SIV_Decryption
 
class  SIV_Encryption
 
class  SIV_Mode
 
class  sm2_encryption_private_key
 
class  sm2_encryption_public_key
 
class  sm2_signature_private_key
 
class  sm2_signature_public_key
 
class  SP800_108_Counter
 
class  SP800_108_Feedback
 
class  SP800_108_Pipeline
 
class  SP800_56A_Hash
 
class  SP800_56A_HMAC
 
class  SP800_56C
 
class  SRP6_Server_Session
 
class  Stateful_RNG
 
class  Stream_IO_Error
 
class  StreamCipher
 
class  symmetric_algorithm
 
class  System_RNG
 
class  TLS_12_PRF
 
class  TLS_PRF
 
class  TOTP
 
class  TPM_Context
 
class  TPM_Error
 
class  tpm_private_key
 
class  TPM_RNG
 
class  Unsupported_Argument
 
class  UUID
 
class  Win32_EntropySource
 
class  x509_ca
 
class  x509_cert_options
 
class  x509_certificate
 
struct  x509_certificate_data
 
class  x509_crl
 
class  x509_dn
 
class  x509_object
 
class  x509_time
 
class  X942_PRF
 
class  XMSS_Address
 
class  XMSS_Common_Ops
 
class  XMSS_Hash
 
class  XMSS_Index_Registry
 
class  XMSS_Key_Pair
 
class  XMSS_PublicKey
 
class  XMSS_Signature
 
class  XMSS_Signature_Operation
 
class  XMSS_Tools
 
class  XMSS_Verification_Operation
 
class  XMSS_WOTS_Addressed_PrivateKey
 
class  XMSS_WOTS_Addressed_PublicKey
 
class  XMSS_WOTS_Parameters
 
class  XMSS_WOTS_PrivateKey
 
class  XMSS_WOTS_PublicKey
 
class  xts_decryption
 
class  xts_encryption
 
class  xts_mode
 IEEE P1619 XTS Mode. More...
 

Typedefs

typedef x509_time ASN1_Time
 
using byte = std::uint8_t
 
typedef std::vector< std::set< certificate_status_code > > certificate_path_status_codes
 
typedef fe25519 fe
 
typedef uint16_t gf2m
 
using InitializationVector = octet_string
 
template<typename T >
using lock_guard_type = lock_guard< T >
 
typedef noop_mutex mutex_type
 
typedef newhope_poly poly
 
typedef random_number_generator RNG
 
template<typename T >
using secure_deque = std::deque< T, secure_allocator< T > >
 
template<typename T >
using secure_vector = std::vector< T, secure_allocator< T > >
 
typedef SIMD_4x32 SIMD_32
 
using symmetric_key = octet_string
 
typedef std::vector< secure_vector< uint8_t > > wots_keysig_t
 

Enumerations

enum  asn1_tag : uint32_t {
  UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, CONSTRUCTED = 0x20,
  PRIVATE = CONSTRUCTED | CONTEXT_SPECIFIC, EOC = 0x00, BOOLEAN = 0x01, INTEGER = 0x02,
  BIT_STRING = 0x03, OCTET_STRING = 0x04, NULL_TAG = 0x05, OBJECT_ID = 0x06,
  ENUMERATED = 0x0A, SEQUENCE = 0x10, SET = 0x11, UTF8_STRING = 0x0C,
  NUMERIC_STRING = 0x12, PRINTABLE_STRING = 0x13, T61_STRING = 0x14, IA5_STRING = 0x16,
  VISIBLE_STRING = 0x1A, UNIVERSAL_STRING = 0x1C, BMP_STRING = 0x1E, UTC_TIME = 0x17,
  GENERALIZED_TIME = 0x18, UTC_OR_GENERALIZED_TIME = 0x19, NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01
}
 
enum  certificate_status_code {
  certificate_status_code::OK = 0, certificate_status_code::VERIFIED = 0, certificate_status_code::OCSP_RESPONSE_GOOD = 1, certificate_status_code::OCSP_SIGNATURE_OK = 2,
  certificate_status_code::VALID_CRL_CHECKED = 3, certificate_status_code::OCSP_NO_HTTP = 4, certificate_status_code::FIRST_WARNING_STATUS = 500, certificate_status_code::CERT_SERIAL_NEGATIVE = 500,
  certificate_status_code::DN_TOO_LONG = 501, certificate_status_code::OSCP_NO_REVOCATION_URL = 502, certificate_status_code::OSCP_SERVER_NOT_AVAILABLE = 503, certificate_status_code::FIRST_ERROR_STATUS = 1000,
  certificate_status_code::SIGNATURE_METHOD_TOO_WEAK = 1000, certificate_status_code::UNTRUSTED_HASH = 1001, certificate_status_code::NO_REVOCATION_DATA = 1002, certificate_status_code::NO_MATCHING_CRLDP = 1003,
  certificate_status_code::CERT_NOT_YET_VALID = 2000, certificate_status_code::CERT_HAS_EXPIRED = 2001, certificate_status_code::OCSP_NOT_YET_VALID = 2002, certificate_status_code::OCSP_HAS_EXPIRED = 2003,
  certificate_status_code::CRL_NOT_YET_VALID = 2004, certificate_status_code::CRL_HAS_EXPIRED = 2005, certificate_status_code::CERT_ISSUER_NOT_FOUND = 3000, certificate_status_code::CANNOT_ESTABLISH_TRUST = 3001,
  certificate_status_code::CERT_CHAIN_LOOP = 3002, certificate_status_code::CHAIN_LACKS_TRUST_ROOT = 3003, certificate_status_code::CHAIN_NAME_MISMATCH = 3004, certificate_status_code::POLICY_ERROR = 4000,
  certificate_status_code::INVALID_USAGE = 4001, certificate_status_code::CERT_CHAIN_TOO_LONG = 4002, certificate_status_code::CA_CERT_NOT_FOR_CERT_ISSUER = 4003, certificate_status_code::NAME_CONSTRAINT_ERROR = 4004,
  certificate_status_code::CA_CERT_NOT_FOR_CRL_ISSUER = 4005, certificate_status_code::OCSP_CERT_NOT_LISTED = 4006, certificate_status_code::OCSP_BAD_STATUS = 4007, certificate_status_code::CERT_NAME_NOMATCH = 4008,
  certificate_status_code::UNKNOWN_CRITICAL_EXTENSION = 4009, certificate_status_code::DUPLICATE_CERT_EXTENSION = 4010, certificate_status_code::OCSP_SIGNATURE_ERROR = 4501, certificate_status_code::OCSP_ISSUER_NOT_FOUND = 4502,
  certificate_status_code::OCSP_RESPONSE_MISSING_KEYUSAGE = 4503, certificate_status_code::OCSP_RESPONSE_INVALID = 4504, certificate_status_code::EXT_IN_V1_V2_CERT = 4505, certificate_status_code::DUPLICATE_CERT_POLICY = 4506,
  certificate_status_code::CERT_IS_REVOKED = 5000, certificate_status_code::CRL_BAD_SIGNATURE = 5001, certificate_status_code::SIGNATURE_ERROR = 5002, certificate_status_code::CERT_PUBKEY_INVALID = 5003,
  certificate_status_code::SIGNATURE_ALGO_UNKNOWN = 5004, certificate_status_code::SIGNATURE_ALGO_BAD_PARAMS = 5005
}
 
enum  Character_Set { LOCAL_CHARSET, UCS2_CHARSET, UTF8_CHARSET, LATIN1_CHARSET }
 
enum  cipher_dir : int { ENCRYPTION, DECRYPTION }
 
enum  crl_code : uint32_t {
  UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, AFFILIATION_CHANGED = 3,
  SUPERSEDED = 4, CESSATION_OF_OPERATION = 5, CERTIFICATE_HOLD = 6, REMOVE_FROM_CRL = 8,
  PRIVLEDGE_WITHDRAWN = 9, AA_COMPROMISE = 10, DELETE_CRL_ENTRY = 0xFF00, OCSP_GOOD = 0xFF01,
  OCSP_UNKNOWN = 0xFF02
}
 
enum  ec_group_encoding { EC_DOMPAR_ENC_EXPLICIT = 0, EC_DOMPAR_ENC_IMPLICITCA = 1, EC_DOMPAR_ENC_oid_t = 2 }
 
enum  ecies_flags : uint32_t {
  ecies_flags::NONE = 0, ecies_flags::SINGLE_HASH_MODE = 1, ecies_flags::COFACTOR_MODE = 2, ecies_flags::OLD_COFACTOR_MODE = 4,
  ecies_flags::CHECK_MODE = 8
}
 
enum  key_constraints {
  NO_CONSTRAINTS = 0, DIGITAL_SIGNATURE = 1 << 15, NON_REPUDIATION = 1 << 14, KEY_ENCIPHERMENT = 1 << 13,
  DATA_ENCIPHERMENT = 1 << 12, KEY_AGREEMENT = 1 << 11, KEY_CERT_SIGN = 1 << 10, CRL_SIGN = 1 << 9,
  ENCIPHER_ONLY = 1 << 8, DECIPHER_ONLY = 1 << 7
}
 
enum  newhope_mode { newhope_mode::SHA3, newhope_mode::BoringSSL }
 
enum  newhope_params {
  NEWHOPE_SENDABYTES = 1824, NEWHOPE_SENDBBYTES = 2048, NEWHOPE_OFFER_BYTES = 1824, NEWHOPE_ACCEPT_BYTES = 2048,
  NEWHOPE_SHARED_KEY_BYTES = 32, NEWHOPE_SEED_BYTES = 32, NEWHOPE_POLY_BYTES = 1792, CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
  CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32, CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
}
 
enum  signature_format { IEEE_1363, DER_SEQUENCE }
 
enum  TPM_Storage_Type { TPM_Storage_Type::User, TPM_Storage_Type::System }
 
enum  usage_type {
  usage_type::UNSPECIFIED, usage_type::TLS_SERVER_AUTH, usage_type::TLS_CLIENT_AUTH, usage_type::CERTIFICATE_AUTHORITY,
  usage_type::OCSP_RESPONDER
}
 
enum  x509_encoding { RAW_BER, PEM }
 

Functions

CRYPTO3_MALLOC_FN void * allocate_memory (size_t elems, size_t elem_size)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > almost_montgomery_inverse (number< Backend, ExpressionTemplates > &result, const number< Backend, ExpressionTemplates > &a, const number< Backend, ExpressionTemplates > &b)
 Sets result to a^-1 * 2^k mod a with n <= k <= 2n. More...
 
template<typename BlockCipher >
void aont_package (random_number_generator &rng, BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
template<typename BlockCipher >
void aont_unpackage (BlockCipher *cipher, const uint8_t input[], size_t input_len, uint8_t output[])
 
std::string asn1_tag_to_string (asn1_tag type)
 
CRYPTO3_NORETURN void assertion_failure (const char *expr_str, const char *assertion_made, const char *func, const char *file, int line)
 
void bigint_add2 (word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add2_nc (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_add3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
word bigint_add3_nc (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
int32_t bigint_cmp (const word x[], size_t x_size, const word y[], size_t y_size)
 
CRYPTO3_TEST_API void bigint_cnd_abs (word cnd, word x[], size_t size)
 
CRYPTO3_TEST_API word bigint_cnd_add (word cnd, word x[], const word y[], size_t size)
 
CRYPTO3_TEST_API word bigint_cnd_sub (word cnd, word x[], const word y[], size_t size)
 
CRYPTO3_TEST_API void bigint_cnd_swap (word cnd, word x[], word y[], size_t size)
 
void bigint_comba_mul16 (word z[32], const word x[16], const word y[16])
 
void bigint_comba_mul4 (word z[8], const word x[4], const word y[4])
 
void bigint_comba_mul6 (word z[12], const word x[6], const word y[6])
 
void bigint_comba_mul8 (word z[16], const word x[8], const word y[8])
 
void bigint_comba_mul9 (word z[18], const word x[9], const word y[9])
 
void bigint_comba_sqr16 (word out[32], const word in[16])
 
void bigint_comba_sqr4 (word out[8], const word in[4])
 
void bigint_comba_sqr6 (word out[12], const word in[6])
 
void bigint_comba_sqr8 (word out[16], const word in[8])
 
void bigint_comba_sqr9 (word out[18], const word in[9])
 
word bigint_divop (word n1, word n0, word d)
 
void bigint_linmul2 (word x[], size_t x_size, word y)
 
void bigint_linmul3 (word z[], const word x[], size_t x_size, word y)
 
word bigint_modop (word n1, word n0, word d)
 
void bigint_monty_redc (word z[], const word p[], size_t p_size, word p_dash, word workspace[], size_t ws_size)
 
void bigint_mul (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
 
void bigint_shl1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shl2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr1 (word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_shr2 (word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift)
 
void bigint_sqr (word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
 
word bigint_sub2 (word x[], size_t x_size, const word y[], size_t y_size)
 
void bigint_sub2_rev (word x[], const word y[], size_t y_size)
 
word bigint_sub3 (word z[], const word x[], size_t x_size, const word y[], size_t y_size)
 
uint32_t bit_size_to_32bit_size (uint32_t bit_size)
 
uint32_t bit_size_to_byte_size (uint32_t bit_size)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > blind (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &modulus)
 
template<typename Backend , expression_template_option ExpressionTemplates, typename ModularExponentiator >
number< Backend, ExpressionTemplates > blind (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &modulus, const number< Backend, ExpressionTemplates > &nonce, const ModularExponentiator &exp)
 
template<typename T >
void bswap_4 (T x[4])
 
template<typename T , typename Alloc >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
 
template<typename T , typename Alloc , typename Alloc2 >
size_t buffer_insert (std::vector< T, Alloc > &buf, size_t buf_offset, const std::vector< T, Alloc2 > &input)
 
calendar_point calendar_value (const std::chrono::system_clock::time_point &time_point)
 
template<size_t S, int64_t MUL = 1>
void carry (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int64_t &h0, int64_t &h1)
 
template<size_t S>
void carry0 (int32_t &h0, int32_t &h1)
 
uint64_t carry_shift (const donna128 &a, size_t shift)
 
const uint8_t * cast_char_ptr_to_uint8 (const char *s)
 
uint8_t * cast_char_ptr_to_uint8 (char *s)
 
const char * cast_uint8_ptr_to_char (const uint8_t *b)
 
char * cast_uint8_ptr_to_char (uint8_t *b)
 
void CECPQ1_accept (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], uint8_t send[CECPQ1_ACCEPT_BYTES], const uint8_t received[CECPQ1_OFFER_BYTES], RandomNumberGenerator &rng)
 
void CECPQ1_accept (uint8_t *shared_key, uint8_t *accept_message, const uint8_t *offer_message, RandomNumberGenerator &rng)
 
void CECPQ1_finish (uint8_t *shared_key, const CECPQ1_key &offer_key, const uint8_t *accept_message)
 
void CECPQ1_finish (uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES], const CECPQ1_key &offer_key, const uint8_t received[CECPQ1_ACCEPT_BYTES])
 
void CECPQ1_offer (uint8_t send[CECPQ1_OFFER_BYTES], CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
void CECPQ1_offer (uint8_t *offer_message, CECPQ1_key *offer_key_output, RandomNumberGenerator &rng)
 
template<typename T >
size_t ceil_log2 (T x)
 
bool check_bcrypt (const std::string &password, const std::string &hash)
 
bool check_passhash9 (const std::string &password, const std::string &hash)
 
size_t checked_add (size_t x, size_t y, const char *file, int line)
 
pk_signerchoose_sig_format (const private_key_policy &key, random_number_generator &rng, const std::string &hash_fn, algorithm_identifier &alg_id)
 
pk_signerchoose_sig_format (const private_key_policy &key, const std::map< std::string, std::string > &opts, random_number_generator &rng, const std::string &hash_fn, algorithm_identifier &alg_id)
 
size_t clamp (size_t n, size_t lower_bound, size_t upper_bound)
 
std::string clean_ws (const std::string &s)
 
void clear_bytes (void *ptr, size_t bytes)
 
template<typename T >
void clear_mem (T *ptr, size_t n)
 
uint64_t combine_lower (const donna128 &a, size_t s1, const donna128 &b, size_t s2)
 
bool constant_time_compare (const uint8_t x[], const uint8_t y[], size_t len)
 
template<typename T >
void copy_mem (T *out, const T *in, size_t n)
 
template<typename T >
void copy_out_be (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T >
void copy_out_le (uint8_t out[], size_t out_bytes, const T in[])
 
template<typename T , typename Alloc >
void copy_out_vec_be (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
template<typename T , typename Alloc >
void copy_out_vec_le (uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
 
alternative_name create_alt_name (const data_store &info)
 
x509_dn create_dn (const data_store &info)
 
std::string create_hex_fingerprint (const uint8_t bits[], size_t len, const std::string &hash_name)
 
template<typename Alloc >
std::string create_hex_fingerprint (const std::vector< uint8_t, Alloc > &vec, const std::string &hash_name)
 
std::unique_ptr< private_key_policycreate_private_key (const std::string &algo_name, random_number_generator &rng, const std::string &algo_params="", const std::string &provider="")
 
alternative_name CRYPTO3_DEPRECATED ("Avoid roundtripping names through data_store") create_alt_name(const data_store &info)
 
class CRYPTO3_PUBLIC_API (2, 0) XMSS_Parameters
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > ct_inverse_mod_odd_modulus (const number< Backend, ExpressionTemplates > &n, const number< Backend, ExpressionTemplates > &mod)
 Const time modular inversion. More...
 
template<typename T >
size_t ctz (T n)
 
void curve25519_basepoint (uint8_t mypublic[32], const uint8_t secret[32])
 
void curve25519_donna (uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
 
void curve25519_donna (uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint)
 
void deallocate_memory (void *p, size_t elems, size_t elem_size)
 
template<typename Decoder , typename InputIterator , typename OutputIterator >
OutputIterator decode (InputIterator first, InputIterator last, OutputIterator out)
 
template<typename Decoder , typename InputIterator , typename StreamDecoder = typename codec::itr_stream_codec_traits<typename Decoder::stream_decoder_type, InputIterator>::type>
codec::detail::range_codec_impl< codec::detail::value_codec_impl< StreamDecoder > > decode (InputIterator first, InputIterator last)
 
template<typename Decoder , typename SinglePassRange , typename OutputIterator >
OutputIterator decode (const SinglePassRange &rng, OutputIterator out)
 
template<typename Decoder , typename SinglePassRange , typename StreamDecoder = typename codec::range_stream_codec_traits< typename Decoder::stream_decoder_type, SinglePassRange>::type>
codec::detail::range_codec_impl< codec::detail::value_codec_impl< StreamDecoder > > decode (const SinglePassRange &r)
 
gf2m decode_gf2m (const uint8_t *mem)
 
template<typename BlockCipher , typename InputIterator , typename InputKeyIterator , typename OutputIterator >
OutputIterator decrypt (InputIterator first, InputIterator last, InputKeyIterator key_first, InputKeyIterator key_last, OutputIterator out)
 
template<typename PublicKeyCipher , typename InputIterator , typename PrivateKeyIterator , typename OutputIterator , typename StreamDecrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
OutputIterator decrypt (InputIterator first, InputIterator last, PrivateKeyIterator key_first, PrivateKeyIterator key_last, OutputIterator out)
 
template<typename BlockCipher , typename InputIterator , typename InputKeyIterator , typename CipherState = typename detail::itr_stream_encrypter_traits< typename BlockCipher::stream_encrypter_type, InputIterator>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< CipherState > > decrypt (InputIterator first, InputIterator last, InputKeyIterator key_first, InputKeyIterator key_last)
 
template<typename PublicKeyCipher , typename InputIterator , typename OutputIterator , typename StreamDecrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
OutputIterator decrypt (InputIterator first, InputIterator last, OutputIterator out, const private_key< PublicKeyCipher > &key)
 
template<typename PublicKeyCipher , typename InputIterator , typename PrivateKeyIterator , typename StreamDecrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::value_encrypt_impl< StreamDecrypter > > decrypt (InputIterator first, InputIterator last, PrivateKeyIterator key_first, PrivateKeyIterator key_last)
 
template<typename PublicKeyCipher , typename InputIterator , typename StreamDecrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::ref_encrypt_impl< StreamDecrypter > > decrypt (InputIterator first, InputIterator last, const private_key< PublicKeyCipher > &key)
 
template<typename PublicKeyCipher , typename SinglePassRange , typename PrivateKeyRange , typename OutputIterator , typename StreamDecrypter = typename detail::range_stream_encrypt_traits<PublicKeyCipher, SinglePassRange>::type>
OutputIterator decrypt (const SinglePassRange &rng, const PrivateKeyRange &key, OutputIterator out)
 
template<typename Decrypter , typename SinglePassRange , typename OutputIterator , typename StreamDecrypter = typename detail::range_stream_encrypt_traits<Decrypter, SinglePassRange>::type>
OutputIterator decrypt (const SinglePassRange &rng, OutputIterator out, StreamDecrypter &sh)
 
template<typename PublicKeyCipher , typename SinglePassRange , typename PrivateKeyRange , typename StreamDecrypter = typename detail::range_stream_encrypt_traits<PublicKeyCipher, SinglePassRange>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::value_encrypt_impl< StreamDecrypter > > decrypt (const SinglePassRange &r, const PrivateKeyRange &key)
 
template<typename CipherMode , typename InputIterator , typename KeyIterator , typename OutputIterator , typename StreamDecrypter = typename detail::itr_stream_hash_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
OutputIterator decrypt (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last, OutputIterator out)
 
template<typename PublicKeyCipher , typename SinglePassRange , typename StreamHash = typename detail::range_stream_encrypt_traits<PublicKeyCipher, SinglePassRange>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::ref_encrypt_impl< StreamHash > > decrypt (const SinglePassRange &rng, StreamHash &sh)
 
template<typename CipherMode , typename InputIterator , typename OutputIterator , typename StreamDecrypter = typename detail::itr_stream_hash_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
OutputIterator decrypt (InputIterator first, InputIterator last, OutputIterator out, StreamDecrypter &sh)
 
template<typename CipherMode , typename InputIterator , typename StreamDecrypter = typename detail::itr_stream_hash_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
detail::range_decrypter_impl< CipherMode, detail::value_decrypter_impl< StreamDecrypter > > decrypt (InputIterator first, InputIterator last)
 
template<typename CipherMode , typename InputIterator , typename StreamDecrypter = typename detail::itr_stream_hash_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
detail::range_decrypter_impl< CipherMode, detail::ref_decrypter_impl< StreamDecrypter > > decrypt (InputIterator first, InputIterator last, StreamDecrypter &sh)
 
template<typename CipherMode , typename SinglePassRange , typename OutputIterator , typename StreamDecrypter = typename detail::range_stream_hash_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
OutputIterator decrypt (const SinglePassRange &rng, OutputIterator out)
 
template<typename CipherMode , typename SinglePassRange , typename OutputIterator , typename StreamDecrypter = typename detail::range_stream_hash_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
OutputIterator decrypt (const SinglePassRange &rng, OutputIterator out, StreamDecrypter &sh)
 
template<typename CipherMode , typename SinglePassRange , typename StreamDecrypter = typename detail::range_stream_hash_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
detail::range_decrypter_impl< CipherMode, detail::value_decrypter_impl< StreamDecrypter > > decrypt (const SinglePassRange &r)
 
template<typename CipherMode , typename SinglePassRange , typename StreamDecrypter = typename detail::range_stream_hash_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_decrypter<StreamDecrypter>::value>::type>
detail::range_decrypter_impl< CipherMode, detail::ref_decrypter_impl< StreamDecrypter > > decrypt (const SinglePassRange &rng, StreamDecrypter &sh)
 
void divide (const big_int &x, const big_int &y, big_int &q, big_int &r)
 
size_t dl_exponent_size (size_t prime_group_size)
 
size_t dl_work_factor (size_t prime_group_size)
 
size_t ecp_work_factor (size_t prime_group_size)
 
void ed25519_gen_keypair (uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
 
void ed25519_gen_keypair (uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32])
 
void ed25519_sign (uint8_t sig[64], const uint8_t *m, size_t mlen, const uint8_t *sk)
 
void ed25519_sign (uint8_t sig[64], const uint8_t msg[], size_t msg_len, const uint8_t sk[64])
 
bool ed25519_verify (const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk)
 
bool ed25519_verify (const uint8_t msg[], size_t msg_len, const uint8_t sig[64], const uint8_t pk[32])
 
template<typename Encoder , typename InputIterator , typename OutputIterator >
OutputIterator encode (InputIterator first, InputIterator last, OutputIterator out)
 
template<typename Encoder , typename InputIterator , typename EncoderState = typename codec::itr_stream_codec_traits<typename Encoder::stream_encoder_type, InputIterator>::type>
codec::detail::range_codec_impl< codec::detail::value_codec_impl< EncoderState > > encode (InputIterator first, InputIterator last)
 
template<typename Encoder , typename SinglePassRange , typename OutputIterator >
OutputIterator encode (const SinglePassRange &rng, OutputIterator out)
 
template<typename Encoder , typename SinglePassRange , typename EncoderState = typename codec::range_stream_codec_traits< typename Encoder::stream_encoder_type, SinglePassRange>::type>
codec::detail::range_codec_impl< codec::detail::value_codec_impl< EncoderState > > encode (const SinglePassRange &r)
 
uint32_t encode_gf2m (gf2m to_enc, uint8_t *mem)
 
template<typename BlockCipher , typename InputIterator , typename KeyIterator , typename OutputIterator >
OutputIterator encrypt (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last, OutputIterator out)
 
template<typename PublicKeyCipher , typename InputIterator , typename PublicKeyIterator , typename OutputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
OutputIterator encrypt (InputIterator first, InputIterator last, PublicKeyIterator key_first, PublicKeyIterator key_last, OutputIterator out)
 
template<typename BlockCipher , typename InputIterator , typename KeyIterator , typename CipherState = typename detail::itr_stream_encrypter_traits< typename BlockCipher::stream_encrypter_type, InputIterator>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< CipherState > > encrypt (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last)
 
template<typename PublicKeyCipher , typename InputIterator , typename OutputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
OutputIterator encrypt (InputIterator first, InputIterator last, OutputIterator out, const public_key< PublicKeyCipher > &pk)
 
template<typename BlockCipher , typename SinglePassRange , typename KeyRange , typename OutputIterator >
OutputIterator encrypt (const SinglePassRange &rng, const KeyRange &key, OutputIterator out)
 
template<typename PublicKeyCipher , typename InputIterator , typename PublicKeyIterator , typename StreamEncrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::value_encrypt_impl< StreamEncrypter > > encrypt (InputIterator first, InputIterator last, PublicKeyIterator key_first, PublicKeyIterator key_last)
 
template<typename BlockCipher , typename SinglePassRange , typename KeyRange , typename StreamEncrypter = typename detail::range_stream_encrypter_traits< typename BlockCipher::stream_decrypter_type, SinglePassRange>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< StreamEncrypter > > encrypt (const SinglePassRange &r, const KeyRange &key)
 
template<typename BlockCipher , typename SinglePassRange , typename KeyRange , typename CipherState = typename detail::range_stream_encrypter_traits< typename BlockCipher::stream_encrypter_type, SinglePassRange>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< CipherState > > encrypt (const SinglePassRange &r, const KeyRange &key)
 
template<typename PublicKeyCipher , typename InputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypt_traits<PublicKeyCipher, InputIterator>::type>
detail::range_encrypt_impl< PublicKeyCipher, detail::ref_encrypt_impl< StreamEncrypter > > encrypt (InputIterator first, InputIterator last, const public_key< PublicKeyCipher > &pk)
 
template<typename PublicKeyCipher , typename SinglePassRange , typename PublicKeyRange , typename OutputIterator , typename StreamEncrypter = typename detail::range_stream_encrypt_traits<PublicKeyCipher, SinglePassRange>::type>
OutputIterator encrypt (const SinglePassRange &rng, const PublicKeyRange &key, OutputIterator out)
 
template<typename Encrypter , typename SinglePassRange , typename OutputIterator >
OutputIterator encrypt (const SinglePassRange &rng, const public_key< Encrypter > &pk, OutputIterator out)
 
template<typename PublicKeyCipher , typename SinglePassRange , typename PublicKeyRange >
detail::range_encrypt_impl< PublicKeyCipher, detail::value_encrypt_impl< StreamEncrypter > > encrypt (const SinglePassRange &r, const PublicKeyRange &key)
 
template<typename CipherMode , typename InputIterator , typename KeyIterator , typename OutputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypter_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
OutputIterator encrypt (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last, OutputIterator out)
 
template<typename PublicKeyCipher , typename SinglePassRange >
detail::range_encrypt_impl< PublicKeyCipher, detail::ref_encrypt_impl< StreamHash > > encrypt (const SinglePassRange &rng, const public_key< PublicKeyCipher > &pk)
 
template<typename CipherMode , typename InputIterator , typename OutputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypter_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
OutputIterator encrypt (InputIterator first, InputIterator last, OutputIterator out, StreamEncrypter &sh)
 
template<typename CipherMode , typename InputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypter_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< StreamEncrypter > > encrypt (InputIterator first, InputIterator last)
 
template<typename CipherMode , typename InputIterator , typename StreamEncrypter = typename detail::itr_stream_encrypter_traits<CipherMode, InputIterator>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
detail::range_encrypter_impl< detail::ref_encrypter_impl< StreamEncrypter > > encrypt (InputIterator first, InputIterator last, StreamEncrypter &sh)
 
template<typename CipherMode , typename SinglePassRange , typename OutputIterator , typename StreamEncrypter = typename detail::range_stream_encrypter_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
OutputIterator encrypt (const SinglePassRange &rng, OutputIterator out)
 
template<typename CipherMode , typename SinglePassRange , typename OutputIterator , typename StreamEncrypter = typename detail::range_stream_encrypter_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
OutputIterator encrypt (const SinglePassRange &rng, OutputIterator out, StreamEncrypter &sh)
 
template<typename CipherMode , typename SinglePassRange , typename StreamEncrypter = typename detail::range_stream_encrypter_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
detail::range_encrypter_impl< detail::value_encrypter_impl< StreamEncrypter > > encrypt (const SinglePassRange &r)
 
template<typename CipherMode , typename SinglePassRange , typename StreamEncrypter = typename detail::range_stream_encrypter_traits<CipherMode, SinglePassRange>::type, typename = typename std::enable_if<block::detail::is_stream_encrypter<StreamEncrypter>::value>::type>
detail::range_encrypter_impl< detail::ref_encrypter_impl< StreamEncrypter > > encrypt (const SinglePassRange &rng, StreamEncrypter &sh)
 
template<typename Backend >
Backend eval_almost_montgomery_inverse (Backend &result, const Backend &a, const Backend &b)
 
template<typename Backend >
Backend eval_ct_inverse_mod_odd_modulus (const Backend &n, const Backend &mod)
 
template<typename Backend , expression_template_option ExpressionTemplates>
Backend eval_inverse_euclid (const Backend &n, const Backend &mod)
 
template<typename Backend >
Backend eval_inverse_mod (const Backend &x, const Backend &mod)
 
template<typename Backend >
limb_type eval_jacobi (const Backend &a, const Backend &n)
 
template<typename Backend , typename Integer >
void eval_mask_bits (Backend &val, Integer n)
 
template<typename Backend >
Backend eval_mod_redc (const Backend &x, const Backend &mod)
 
template<typename Backend >
Backend eval_normalized_montgomery_inverse (const Backend &a, const Backend &p)
 
template<typename Backend >
Backend eval_power_mod (const Backend &base, const Backend &exp, const Backend &mod)
 
template<typename Backend >
Backend eval_reduce_below (Backend &val, const Backend &mod)
 
template<typename Backend >
Backend eval_ressol (const Backend &a, const Backend &p)
 
template<typename T >
uint16_t expand_mask_16bit (T tst)
 
void fe_0 (fe &x)
 
void fe_1 (fe &x)
 
void fe_add (fe &x, const fe &a, const fe &b)
 
void fe_copy (fe &a, const fe &b)
 
void fe_frombytes (fe &x, const uint8_t *b)
 
void fe_invert (fe &x, const fe &z)
 
int fe_isnegative (const fe &x)
 
int fe_isnonzero (const fe &x)
 
void fe_mul (fe &x, const fe &a, const fe &b)
 
void fe_neg (fe &x, const fe &z)
 
void fe_pow22523 (fe &x, const fe &y)
 
void fe_sq (fe &x, const fe &z)
 
void fe_sq2 (fe &x, const fe &z)
 
void fe_sq_iter (fe &x, const fe &z, size_t iter)
 
void fe_sub (fe &x, const fe &a, const fe &b)
 
void fe_tobytes (uint8_t *b, const fe &x)
 
secure_vector< gf2mfind_roots_gf2m_decomp (const polyn_gf2m &polyn, uint32_t code_length)
 
void gcm_clmul_precompute (const uint8_t H[16], uint64_t H_pow[4 *2])
 
void gcm_multiply_clmul (uint8_t x[16], const uint64_t H_pow[4 *2], const uint8_t input[], size_t blocks)
 
void gcm_multiply_clmul (uint8_t x[16], const uint64_t H_pow[8], const uint8_t input_bytes[], size_t blocks)
 
void gcm_multiply_pmull (uint8_t x[16], const uint64_t H[8], const uint8_t input[], size_t blocks)
 
void gcm_multiply_ssse3 (uint8_t x[16], const uint64_t HM[256], const uint8_t input[], size_t blocks)
 
void gcm_pmull_precompute (const uint8_t H[16], uint64_t H_pow[4 *2])
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])
 
void ge_double_scalarmult_vartime (uint8_t out[32], const uint8_t *a, const ge_p3 *A, const uint8_t *b)
 
int ge_frombytes_negate_vartime (ge_p3 *, const uint8_t *)
 
void ge_scalarmult_base (uint8_t out[32], const uint8_t in[32])
 
std::string generate_bcrypt (const std::string &password, random_number_generator &rng, uint16_t work_factor=10)
 
template<template< std::size_t QBits > class hash::sha< QBits > , std::size_t PBits, std::size_t QBits, typename Backend , expression_template_option ExpressionTemplates, typename UniformRandomNumberGenerator >
bool generate_dsa_primes (number< Backend, ExpressionTemplates > &q_out, const std::vector< uint8_t > &seed_c, size_t offset=0, UniformRandomNumberGenerator &rng, Hasher &hasher)
 Generate DSA parameters using the FIPS 186 kosherizer. More...
 
McEliece_PrivateKey generate_mceliece_key (random_number_generator &rng, uint32_t ext_deg, uint32_t code_length, uint32_t t)
 
McEliece_PrivateKey generate_mceliece_key (RandomNumberGenerator &rng, uint32_t ext_deg, uint32_t code_length, uint32_t t)
 
std::string generate_passhash9 (const std::string &password, random_number_generator &rng, uint16_t work_factor=10, uint8_t alg_id=1)
 
boost::multiprecision::cpp_int generate_rfc6979_nonce (const boost::multiprecision::cpp_int &x, const boost::multiprecision::cpp_int &q, const boost::multiprecision::cpp_int &h, const std::string &hash)
 
boost::multiprecision::cpp_int generate_srp6_verifier (const std::string &identifier, const std::string &password, const std::vector< uint8_t > &salt, const std::string &group_id, const std::string &hash_id)
 
aead_modeget_aead (const std::string &name, cipher_dir direction)
 
block_cipher_mode_padding_methodget_bc_pad (const std::string &algo_spec)
 
template<typename T >
uint8_t get_byte (size_t byte_num, T input)
 
cipher_modeget_cipher_mode (const std::string &algo_spec, cipher_dir direction, const std::string &provider="")
 
emeget_eme (const std::string &algo_spec)
 
emsaget_emsa (const std::string &algo_spec)
 
kdfget_kdf (const std::string &algo_spec)
 
PBKDFget_pbkdf (const std::string &algo_spec, const std::string &provider="")
 
CRYPTO3_TEST_API const std::vector< std::string > get_sig_paddings (const std::string &algo)
 
gf2m gray_to_lex (gf2m gray)
 
template<typename T >
size_t hamming_weight (T n)
 
std::string hash_for_emsa (const std::string &algo_spec)
 
template<typename T >
size_t high_bit (T n)
 
secure_vector< uint8_t > hkdf_expand_label (const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
 
bool host_wildcard_match (const std::string &wildcard, const std::string &host)
 
uint8_t ieee1363_hash_id (const std::string &hash_name)
 
size_t if_work_factor (size_t n_bits)
 
void initialize_allocator ()
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > inverse_euclid (const number< Backend, ExpressionTemplates > &n, const number< Backend, ExpressionTemplates > &mod)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > inverse_mod (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &mod)
 Modular inversion. More...
 
std::string ipv4_to_string (uint32_t ip_addr)
 
bool is_passhash9_alg_supported (uint8_t alg_id)
 
template<typename T >
bool is_power_of_2 (T arg)
 
template<typename Backend , expression_template_option ExpressionTemplates>
std::enable_if< number_category< Backend >::value==number_kind_integer, limb_type >::type jacobi (const number< Backend, ExpressionTemplates > &a, const number< Backend, ExpressionTemplates > &n)
 
std::string key_constraints_to_string (key_constraints)
 
gf2m lex_to_gray (gf2m lex)
 
uint64_t load_3 (const uint8_t in[3])
 
uint64_t load_4 (const uint8_t *in)
 
template<typename T >
T load_be (const uint8_t in[], std::size_t off=0)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_be (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_be (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_be< uint16_t > (const uint8_t in[], std::size_t off)
 
template<>
uint32_t load_be< uint32_t > (const uint8_t in[], std::size_t off)
 
template<>
uint64_t load_be< uint64_t > (const uint8_t in[], std::size_t off)
 
template<typename T >
T load_le (const uint8_t in[], std::size_t off=0)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3)
 
template<typename T >
void load_le (const uint8_t in[], T &x0, T &x1, T &x2, T &x3, T &x4, T &x5, T &x6, T &x7)
 
template<typename T >
void load_le (T out[], const uint8_t in[], size_t count)
 
template<>
uint16_t load_le< uint16_t > (const uint8_t in[], std::size_t off)
 
template<>
uint32_t load_le< uint32_t > (const uint8_t in[], std::size_t off)
 
template<>
uint64_t load_le< uint64_t > (const uint8_t in[], std::size_t off)
 
std::unique_ptr< private_key_policyload_private_key (const algorithm_identifier &alg_id, const secure_vector< uint8_t > &key_bits)
 
std::unique_ptr< public_key_policyload_public_key (const algorithm_identifier &alg_id, const std::vector< uint8_t > &key_bits)
 
template<typename T >
size_t low_bit (T n)
 
std::unique_ptr< HashFunctionmake_bearssl_hash (const std::string &name)
 
std::unique_ptr< BlockCiphermake_openssl_block_cipher (const std::string &name)
 
cipher_modemake_openssl_cipher_mode (const std::string &name, cipher_dir direction)
 
cipher_modemake_openssl_cipher_mode (const std::string &name, Cipher_Dir direction)
 
std::unique_ptr< HashFunctionmake_openssl_hash (const std::string &name)
 
uint16_t make_uint16 (uint8_t i0, uint8_t i1)
 
uint32_t make_uint32 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
 
uint64_t make_uint64 (uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3, uint8_t i4, uint8_t i5, uint8_t i6, uint8_t i7)
 
template<typename K , typename V >
std::set< K > map_keys_as_set (const std::map< K, V > &kv)
 
template<typename T , typename Pred >
void map_remove_if (Pred pred, T &assoc)
 
template<typename Backend , expression_template_option ExpressionTemplates, typename Integer >
void mask_bits (number< Backend, ExpressionTemplates > &val, Integer n)
 
secure_vector< uint8_t > mceies_decrypt (const mc_eliece_private_key &privkey, const uint8_t ct[], size_t ct_len, const uint8_t ad[], size_t ad_len, const std::string &aead="AES-256/OCB")
 
secure_vector< uint8_t > mceies_encrypt (const mc_eliece_public_key &pubkey, const uint8_t pt[], size_t pt_len, const uint8_t ad[], size_t ad_len, random_number_generator &rng, const std::string &aead="AES-256/OCB")
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const uint8_t ciphertext[], size_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_decrypt (secure_vector< uint8_t > &plaintext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &ciphertext, const McEliece_PrivateKey &key)
 
secure_vector< uint8_t > mceliece_decrypt (secure_vector< gf2m > &error_pos, const uint8_t *ciphertext, uint32_t ciphertext_len, const McEliece_PrivateKey &key)
 
void mceliece_encrypt (secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, random_number_generator &rng)
 
size_t mceliece_work_factor (size_t code_size, size_t t)
 
template<typename Hasher , typename InputIterator , typename OutputIterator , typename StreamHasher = typename Hasher::template stream_hash< std::numeric_limits<typename std::iterator_traits<InputIterator>::value_type>::digits + std::numeric_limits<typename std::iterator_traits<InputIterator>::value_type>::is_signed>::type>
OutputIterator mgf1_mask (InputIterator first, InputIterator last, OutputIterator out, StreamHasher sh=StreamHasher())
 MGF1 from PKCS #1 v2.0. More...
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > mod_redc (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &mod)
 
cpp_int monty_execute (const montgomery_exponentation_state &precomputed_state, const cpp_int &k)
 
cpp_int monty_execute_vartime (const montgomery_exponentation_state &precomputed_state, const cpp_int &k)
 
template<typename Word >
std::enable_if< number_category< Word >::value==number_kind_integer, Word >::type monty_inverse (Word input)
 
cpp_int monty_multi_exp (const montgomery_params &params_p, const cpp_int &x, const cpp_int &z1, const cpp_int &y, const cpp_int &z2)
 
montgomery_exponentation_state monty_precompute (const montgomery_params &params_p, const cpp_int &g, size_t window_bits)
 
void mul64x64_128 (uint64_t a, uint64_t b, uint64_t *lo, uint64_t *hi)
 
template<typename Backend , expression_templates ExpressionTemplates>
point_gfp< Backend, ExpressionTemplates > multi_exponentiate (const point_gfp< Backend, ExpressionTemplates > &p1, const number< Backend, ExpressionTemplates > &z1, const point_gfp< Backend, ExpressionTemplates > &p2, const number< Backend, ExpressionTemplates > &z2)
 ECC point multiexponentiation (Non const-time). More...
 
template<typename K , typename V >
void multimap_insert (std::multimap< K, V > &multimap, const K &key, const V &value)
 
void newhope_keygen (uint8_t send[NEWHOPE_SENDABYTES], newhope_poly *sk, random_number_generator &rng, newhope_mode=newhope_mode::SHA3)
 
void newhope_keygen (uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
 
void newhope_shareda (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], const newhope_poly *ska, const uint8_t *received, newhope_mode mode=newhope_mode::SHA3)
 
void newhope_shareda (uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
 
void newhope_sharedb (uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], uint8_t send[], const uint8_t *received, random_number_generator &rng, newhope_mode mode=newhope_mode::SHA3)
 
void newhope_sharedb (uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
 
secure_vector< uint8_t > nist_key_unwrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
secure_vector< uint8_t > nist_key_unwrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
std::vector< uint8_t > nist_key_wrap_padded (const uint8_t input[], size_t input_len, const BlockCipher &bc)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > normalized_montgomery_inverse (const number< Backend, ExpressionTemplates > &a, const number< Backend, ExpressionTemplates > &p)
 Call almost_montgomery_inverse and correct the result to a^-1 mod b. More...
 
ecies_flags operator & (ecies_flags a, ecies_flags b)
 
bool operator!= (const algorithm_identifier &, const algorithm_identifier &)
 
bool operator!= (const x509_time &, const x509_time &)
 
template<typename T , typename U >
bool operator!= (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator!= (const x509_dn &, const x509_dn &)
 
template<typename NumberType1 , typename NumberType2 >
bool operator!= (const curve_gfp< NumberType1 > &lhs, const curve_gfp< NumberType2 > &rhs)
 
bool operator!= (const crl_entry &, const crl_entry &)
 
bool operator!= (const oid_t &a, const oid_t &b)
 
bool operator!= (const octet_string &x, const octet_string &y)
 
bool operator!= (const ec_group &lhs, const ec_group &rhs)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator!= (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator!= (const x509_certificate &cert1, const x509_certificate &cert2)
 
bool operator!= (const big_int &a, const big_int &b)
 
bool operator!= (const point_gfp &lhs, const point_gfp &rhs)
 
big_int operator% (const big_int &x, const big_int &m)
 
word operator% (const big_int &x, word m)
 
donna128 operator* (const donna128 &x, uint64_t y)
 
donna128 operator* (uint64_t y, const donna128 &x)
 
big_int operator* (const big_int &x, const big_int &y)
 
template<typename CurveType >
point_gfp< CurveType > operator* (const number< Backend, ExpressionTemplates > &scalar, const point_gfp< CurveType > &point)
 
point_gfp operator* (const point_gfp &point, const cpp_int &scalar)
 
donna128 operator+ (const donna128 &x, const donna128 &y)
 
oid_t operator+ (const oid_t &oid, uint32_t new_comp)
 
donna128 operator+ (const donna128 &x, uint64_t y)
 
octet_string operator+ (const octet_string &x, const octet_string &y)
 
big_int operator+ (const big_int &x, const big_int &y)
 
point_gfp operator+ (const point_gfp &lhs, const point_gfp &rhs)
 
template<typename T , typename Alloc , typename Alloc2 >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
 
template<typename T , typename Alloc >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, T in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< const T *, L > &in)
 
template<typename T , typename Alloc , typename L >
std::vector< T, Alloc > & operator+= (std::vector< T, Alloc > &out, const std::pair< T *, L > &in)
 
big_int operator- (const big_int &x, const big_int &y)
 
point_gfp operator- (const point_gfp &lhs)
 
point_gfp operator- (const point_gfp &lhs, const point_gfp &rhs)
 
big_int operator/ (const big_int &x, const big_int &d)
 
bool operator< (const x509_time &, const x509_time &)
 
bool operator< (const x509_dn &, const x509_dn &)
 
bool operator< (const oid_t &a, const oid_t &b)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator< (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator< (const big_int &a, const big_int &b)
 
std::ostream & operator<< (std::ostream &os, const general_name &gn)
 
std::ostream & operator<< (std::ostream &out, const x509_dn &dn)
 
std::ostream & operator<< (std::ostream &os, const general_subtree &gs)
 
big_int operator<< (const big_int &x, size_t n)
 
std::ostream & operator<< (std::ostream &, const big_int &)
 
bool operator<= (const x509_time &, const x509_time &)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator<= (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator<= (const big_int &a, const big_int &b)
 
bool operator== (const algorithm_identifier &, const algorithm_identifier &)
 
bool operator== (const x509_time &, const x509_time &)
 
template<typename T , typename U >
bool operator== (const secure_allocator< T > &, const secure_allocator< U > &)
 
bool operator== (const x509_dn &, const x509_dn &)
 
bool operator== (const crl_entry &, const crl_entry &)
 
bool operator== (const octet_string &x, const octet_string &y)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator== (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator== (const big_int &a, const big_int &b)
 
bool operator> (const x509_time &, const x509_time &)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator> (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator> (const big_int &a, const big_int &b)
 
bool operator>= (const x509_time &, const x509_time &)
 
template<typename SequenceContainer , typename Preprocessor >
bool operator>= (const concept_container< SequenceContainer, Preprocessor > &x, const concept_container< SequenceContainer, Preprocessor > &y)
 
bool operator>= (const big_int &a, const big_int &b)
 
std::istream & operator>> (std::istream &in, x509_dn &dn)
 
big_int operator>> (const big_int &x, size_t n)
 
std::istream & operator>> (std::istream &, big_int &)
 
octet_string operator^ (const octet_string &x, const octet_string &y)
 
template<typename Alloc , typename Alloc2 >
std::vector< uint8_t, Alloc > & operator^= (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in)
 
ecies_flags operator| (ecies_flags a, ecies_flags b)
 
donna128 operator| (const donna128 &x, const donna128 &y)
 
point_gfp os2ecp (const uint8_t data[], size_t data_len, const curve_gfp &curve)
 
std::pair< cpp_int, cpp_intos2ecp (const uint8_t data[], size_t data_len, const cpp_int &curve_p, const cpp_int &curve_a, const cpp_int &curve_b)
 
template<typename Alloc >
point_gfp os2ecp (const std::vector< uint8_t, Alloc > &data, const curve_gfp &curve)
 
std::vector< std::string > parse_algorithm_name (const std::string &scan_name)
 
std::vector< uint32_t > parse_asn1_oid (const std::string &oid)
 
secure_vector< uint8_t > pbes2_decrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, const std::vector< uint8_t > &params)
 Decrypt a PKCS #5 v2.0 encrypted stream. More...
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, random_number_generator &rng)
 Encrypt with PBES2 from PKCS #5 v2.0. More...
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t iterations, const std::string &cipher, const std::string &digest, random_number_generator &rng)
 Encrypt with PBES2 from PKCS #5 v2.0. More...
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt_iter (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, size_t pbkdf_iter, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, random_number_generator &rng)
 Encrypt with PBES2 from PKCS #5 v2.0. More...
 
std::pair< algorithm_identifier, std::vector< uint8_t > > pbes2_encrypt_msec (const secure_vector< uint8_t > &key_bits, const std::string &passphrase, std::chrono::milliseconds msec, size_t *out_iterations_if_nonnull, const std::string &cipher, const std::string &digest, RandomNumberGenerator &rng)
 
size_t pbkdf2 (MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
 
std::vector< uint8_t > pkcs_hash_id (const std::string &hash_name)
 
void poly_double_n (uint8_t out[], const uint8_t in[], size_t n)
 
void poly_double_n (uint8_t buf[], size_t n)
 
void poly_double_n_le (uint8_t out[], const uint8_t in[], size_t n)
 
bool poly_double_supported_size (size_t n)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > power_mod (const number< Backend, ExpressionTemplates > &base, const number< Backend, ExpressionTemplates > &exp, const number< Backend, ExpressionTemplates > &mod)
 
template<typename T >
void prefetch_readonly (const T *addr, size_t length)
 
template<typename T >
void prefetch_readwrite (const T *addr, size_t length)
 
std::vector< std::string > probe_provider_private_key (const std::string &algo_name, const std::vector< std::string > &possible)
 
template<typename T >
std::vector< std::string > probe_providers_of (const std::string &algo_spec, const std::vector< std::string > &possible)
 
secure_vector< uint8_t > pss_encode (HashFunction &hash, const secure_vector< uint8_t > &msg, const secure_vector< uint8_t > &salt, size_t output_bits)
 
bool pss_verify (HashFunction &hash, const secure_vector< uint8_t > &pss_repr, const secure_vector< uint8_t > &message_hash, size_t key_bits, size_t *out_salt_size)
 
gf2m random_code_element (unsigned code_length, RandomNumberGenerator &rng)
 
gf2m random_code_element (unsigned code_length, random_number_generator &rng)
 
gf2m random_gf2m (RandomNumberGenerator &rng)
 
gf2m random_gf2m (random_number_generator &rng)
 
template<typename Backend , expression_template_option ExpressionTemplates, typename UniformRandomNumberGenerator >
number< Backend, ExpressionTemplates > random_prime (UniformRandomNumberGenerator &rng, size_t bits, const number< Backend, ExpressionTemplates > &coprime=0, std::size_t equiv=1, std::size_t modulo=2, std::size_t prob=128)
 
template<typename UniformRandomNumberGenerator , typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > random_safe_prime (UniformRandomNumberGenerator &rng, std::size_t bits)
 
std::map< std::string, std::string > read_cfg (std::istream &is)
 
void redc_mul (int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > reduce_below (number< Backend, ExpressionTemplates > &val, const number< Backend, ExpressionTemplates > &mod)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > ressol (const number< Backend, ExpressionTemplates > &a, const number< Backend, ExpressionTemplates > &p)
 
uint16_t reverse_bytes (uint16_t val)
 
uint32_t reverse_bytes (uint32_t val)
 
uint64_t reverse_bytes (uint64_t val)
 
secure_vector< uint8_t > rfc3394_keyunwrap (const secure_vector< uint8_t > &key, const symmetric_key &kek)
 
secure_vector< uint8_t > rfc3394_keywrap (const secure_vector< uint8_t > &key, const symmetric_key &kek)
 
template<size_t ROT, typename T >
T rotl (T input)
 
template<typename T >
T rotl_var (T input, size_t rot)
 
template<size_t ROT, typename T >
T rotr (T input)
 
template<typename T >
T rotr_var (T input, size_t rot)
 
template<typename T >
T round_down (T n, T align_to)
 
size_t round_up (size_t n, size_t align_to)
 
std::string runtime_version_check (uint32_t major, uint32_t minor, uint32_t patch)
 
template<typename T >
bool same_mem (const T *p1, const T *p2, size_t n)
 
void sc_muladd (uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
 
void sc_reduce (uint8_t *)
 
template<typename K , typename V >
search_map (const std::map< K, V > &mapping, const K &key, const V &null_result=V())
 
template<typename K , typename V , typename R >
search_map (const std::map< K, V > &mapping, const K &key, const R &null_result, const R &found_result)
 
void secure_scrub_memory (void *ptr, size_t n)
 
template<typename T >
void set_mem (T *ptr, size_t n, uint8_t val)
 
const char * short_version_cstr ()
 
std::string short_version_string ()
 
bool sig_algo_and_pad_ok (const std::string &algo, const std::string &padding)
 
template<typename Signer , typename InputIterator , typename KeyIterator , typename OutputIterator , typename StreamSigner = typename detail::itr_stream_sign_traits<Signer, InputIterator>::type>
OutputIterator sign (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last, OutputIterator out)
 
template<typename Signer , typename InputIterator , typename OutputIterator , typename StreamSigner = typename detail::itr_stream_sign_traits<Signer, InputIterator>::type>
OutputIterator sign (InputIterator first, InputIterator last, const private_key< Signer > &pk, OutputIterator out)
 
template<typename Signer , typename InputIterator , typename KeyIterator , typename StreamSigner = typename detail::itr_stream_sign_traits<Signer, InputIterator>::type>
detail::range_sign_impl< Signer, detail::value_sign_impl< StreamSigner > > sign (InputIterator first, InputIterator last, KeyIterator key_first, KeyIterator key_last)
 
template<typename Signer , typename InputIterator , typename StreamSigner = typename detail::itr_stream_sign_traits<Signer, InputIterator>::type>
detail::range_sign_impl< Signer, detail::ref_sign_impl< StreamSigner > > sign (InputIterator first, InputIterator last, const private_key< Signer > &pk)
 
template<typename Signer , typename SinglePassRange , typename KeyRange , typename OutputIterator , typename StreamSigner = typename detail::range_stream_sign_traits<Signer, SinglePassRange>::type>
OutputIterator sign (const SinglePassRange &rng, const KeyRange &key, OutputIterator out)
 
template<typename Signer , typename SinglePassRange , typename OutputIterator , typename StreamSigner = typename detail::range_stream_sign_traits<Signer, SinglePassRange>::type>
OutputIterator sign (const SinglePassRange &rng, OutputIterator out, const private_key< Signer > &pk)
 
template<typename Signer , typename SinglePassRange , typename KeyRange , typename StreamSigner = typename detail::range_stream_sign_traits<Signer, SinglePassRange>::type>
detail::range_sign_impl< Signer, detail::value_sign_impl< StreamSigner > > sign (const SinglePassRange &r, const KeyRange &key)
 
template<typename Signer , typename SinglePassRange , typename StreamSigner = typename detail::range_stream_sign_traits<Signer, SinglePassRange>::type>
detail::range_sign_impl< Signer, detail::ref_sign_impl< StreamSigner > > sign (const SinglePassRange &rng, const private_key< Signer > &pk)
 
template<typename T >
size_t significant_bytes (T n)
 
std::vector< uint8_t > sm2_compute_za (HashFunction &hash, const std::string &user_id, const ec_group &domain, const point_gfp &pubkey)
 
std::vector< std::string > split_on (const std::string &str, char delim)
 
std::vector< std::string > split_on_pred (const std::string &str, std::function< bool(char)> pred)
 
std::pair< boost::multiprecision::cpp_int, symmetric_keysrp6_client_agree (const std::string &username, const std::string &password, const std::string &group_id, const std::string &hash_id, const std::vector< uint8_t > &salt, const boost::multiprecision::cpp_int &B, random_number_generator &rng)
 
std::string srp6_group_identifier (const boost::multiprecision::cpp_int &N, const boost::multiprecision::cpp_int &g)
 
template<class InputIt , class T >
std::iterator_traits< InputIt >::difference_type std_count (InputIt first, InputIt last, const T &value)
 
void store_be (uint16_t in, uint8_t out[2])
 
void store_be (uint32_t in, uint8_t out[4])
 
void store_be (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_be (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
void store_le (uint16_t in, uint8_t out[2])
 
void store_le (uint32_t in, uint8_t out[4])
 
void store_le (uint64_t in, uint8_t out[8])
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3)
 
template<typename T >
void store_le (uint8_t out[], T x0, T x1, T x2, T x3, T x4, T x5, T x6, T x7)
 
std::string string_join (const std::vector< std::string > &strs, char delim)
 
uint32_t CRYPTO3_DEPRECATED("Not used anymore") timespec_to_u32bit(const std uint32_t string_to_ipv4 (const std::string &ip_str)
 
std::vector< polyn_gf2msyndrome_init (polyn_gf2m const &generator, std::vector< gf2m > const &support, int n)
 
random_number_generatorsystem_rng ()
 
uint32_t timespec_to_u32bit (const std::string &timespec)
 
std::vector< uint8_t > to_byte_vector (const std::string &s)
 
std::string to_string (const secure_vector< uint8_t > &bytes)
 
const char * to_string (certificate_status_code code)
 
uint32_t to_u32bit (const std::string &str)
 
uint16_t to_uint16 (const std::string &str)
 
std::string CRYPTO3_UNSTABLE_API ucs2_to_utf8 (const uint8_t ucs2[], size_t len)
 
std::string CRYPTO3_UNSTABLE_API ucs4_to_utf8 (const uint8_t ucs4[], size_t len)
 
template<typename Backend , expression_template_option ExpressionTemplates>
number< Backend, ExpressionTemplates > unblind (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &modulus)
 
template<typename Backend , expression_template_option ExpressionTemplates, typename ModularInverter >
number< Backend, ExpressionTemplates > unblind (const number< Backend, ExpressionTemplates > &x, const number< Backend, ExpressionTemplates > &modulus, const number< Backend, ExpressionTemplates > &nonce, const ModularInverter &exp)
 
template<typename T >
std::vector< Tunlock (const secure_vector< T > &in)
 
std::string CRYPTO3_UNSTABLE_API utf8_to_latin1 (const std::string &utf8)
 
template<typename T >
bool value_exists (const std::vector< T > &vec, const T &val)
 
void verify_cert_constraints_valid_for_key_type (const public_key_policy &pub_key, key_constraints constraints)
 
const char * version_cstr ()
 
uint32_t version_datestamp ()
 
uint32_t version_major ()
 
uint32_t version_minor ()
 
uint32_t version_patch ()
 
std::string version_string ()
 
void word3_add (word *w2, word *w1, word *w0, word x)
 
void word3_muladd (word *w2, word *w1, word *w0, word x, word y)
 
void word3_muladd_2 (word *w2, word *w1, word *w0, word x, word y)
 
word word8_add2 (word x[8], const word y[8], word carry)
 
word word8_add3 (word z[8], const word x[8], const word y[8], word carry)
 
word word8_linmul2 (word x[8], word y, word carry)
 
word word8_linmul3 (word z[8], const word x[8], word y, word carry)
 
word word8_madd3 (word z[8], const word x[8], word y, word carry)
 
word word8_sub2 (word x[8], const word y[8], word carry)
 
word word8_sub2_rev (word x[8], const word y[8], word carry)
 
word word8_sub3 (word z[8], const word x[8], const word y[8], word carry)
 
word word_add (word x, word y, word *carry)
 
template<typename Word >
std::enable_if< sizeof(Word)==4, Word >::type word_madd2 (Word a, Word b, Word *c)
 
template<typename Word >
std::enable_if< sizeof(Word)==8, Word >::type word_madd2 (Word a, Word b, Word *c)
 
template<typename Word >
std::enable_if< sizeof(Word)==4, Word >::type word_madd3 (Word a, Word b, Word c, Word *d)
 
word word_sub (word x, word y, word *carry)
 
bool x500_name_cmp (const std::string &name1, const std::string &name2)
 
path_validation_result x509_path_validate (const std::vector< x509_certificate > &end_certs, const path_validation_restrictions &restrictions, const std::vector< certificate_store *> &trusted_roots, const std::string &hostname="", usage_type usage=usage_type::UNSPECIFIED, std::chrono::system_clock::time_point validation_time=std::chrono::system_clock::now(), std::chrono::milliseconds ocsp_timeout=std::chrono::milliseconds(0), const std::vector< std::shared_ptr< const ocsp::response >> &ocsp_resp={})
 
path_validation_result x509_path_validate (const x509_certificate &end_cert, const path_validation_restrictions &restrictions, const std::vector< certificate_store *> &trusted_roots, const std::string &hostname="", usage_type usage=usage_type::UNSPECIFIED, std::chrono::system_clock::time_point validation_time=std::chrono::system_clock::now(), std::chrono::milliseconds ocsp_timeout=std::chrono::milliseconds(0), const std::vector< std::shared_ptr< const ocsp::response >> &ocsp_resp={})
 
path_validation_result x509_path_validate (const x509_certificate &end_cert, const path_validation_restrictions &restrictions, const certificate_store &store, const std::string &hostname="", usage_type usage=usage_type::UNSPECIFIED, std::chrono::system_clock::time_point validation_time=std::chrono::system_clock::now(), std::chrono::milliseconds ocsp_timeout=std::chrono::milliseconds(0), const std::vector< std::shared_ptr< const ocsp::response >> &ocsp_resp={})
 
path_validation_result x509_path_validate (const std::vector< x509_certificate > &end_certs, const path_validation_restrictions &restrictions, const certificate_store &store, const std::string &hostname="", usage_type usage=usage_type::UNSPECIFIED, std::chrono::system_clock::time_point validation_time=std::chrono::system_clock::now(), std::chrono::milliseconds ocsp_timeout=std::chrono::milliseconds(0), const std::vector< std::shared_ptr< const ocsp::response >> &ocsp_resp={})
 
void xor_buf (uint8_t out[], const uint8_t in[], size_t length)
 
void xor_buf (uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const std::vector< uint8_t, Alloc2 > &in, size_t n)
 
template<typename Alloc >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, size_t n)
 
template<typename Alloc , typename Alloc2 >
void xor_buf (std::vector< uint8_t, Alloc > &out, const uint8_t *in, const std::vector< uint8_t, Alloc2 > &in2, size_t n)
 
template<typename T , typename Alloc >
void zap (std::vector< T, Alloc > &vec)
 
template<typename T , typename Alloc >
void zeroise (std::vector< T, Alloc > &vec)
 

Variables

const std::map< const std::string, std::vector< std::string > > allowed_signature_paddings
 
x509_dn CRYPTO3_DEPRECATED ("Avoid roundtripping names through data_store") create_dn(const data_store &info)
 
const word MP_WORD_MASK = ~static_cast<word>(0)
 
const word MP_WORD_MAX = MP_WORD_MASK
 
const word MP_WORD_TOP_BIT = static_cast<word>(1) << (8 * sizeof(word) - 1)
 

Typedef Documentation

◆ ASN1_Time

◆ byte

using nil::crypto3::byte = typedef std::uint8_t

◆ certificate_path_status_codes

This type represents the validation status of an entire certificate path. There is one set of status codes for each certificate in the path.

◆ fe

◆ gf2m

typedef uint16_t nil::crypto3::gf2m

◆ InitializationVector

Alternate name for octet string showing intent to use as an IV

◆ lock_guard_type

template<typename T >
using nil::crypto3::lock_guard_type = typedef lock_guard<T>

◆ mutex_type

◆ poly

◆ RNG

Convenience typedef

◆ secure_deque

template<typename T >
using nil::crypto3::secure_deque = typedef std::deque<T, secure_allocator<T> >

◆ secure_vector

template<typename T >
using nil::crypto3::secure_vector = typedef std::vector<T, secure_allocator<T> >

◆ SIMD_32

◆ symmetric_key

Alternate name for octet string showing intent to use as a key

◆ wots_keysig_t

typedef std::vector< secure_vector< uint8_t > > nil::crypto3::wots_keysig_t

Enumeration Type Documentation

◆ asn1_tag

enum nil::crypto3::asn1_tag : uint32_t

ASN.1 Type and Class Tags

Enumerator
UNIVERSAL 
APPLICATION 
CONTEXT_SPECIFIC 
CONSTRUCTED 
PRIVATE 
EOC 
BOOLEAN 
INTEGER 
BIT_STRING 
OCTET_STRING 
NULL_TAG 
OBJECT_ID 
ENUMERATED 
SEQUENCE 
SET 
UTF8_STRING 
NUMERIC_STRING 
PRINTABLE_STRING 
T61_STRING 
IA5_STRING 
VISIBLE_STRING 
UNIVERSAL_STRING 
BMP_STRING 
UTC_TIME 
GENERALIZED_TIME 
UTC_OR_GENERALIZED_TIME 
NO_OBJECT 
DIRECTORY_STRING 

◆ certificate_status_code

Certificate validation status code

Enumerator
OK 
VERIFIED 
OCSP_RESPONSE_GOOD 
OCSP_SIGNATURE_OK 
VALID_CRL_CHECKED 
OCSP_NO_HTTP 
FIRST_WARNING_STATUS 
CERT_SERIAL_NEGATIVE 
DN_TOO_LONG 
OSCP_NO_REVOCATION_URL 
OSCP_SERVER_NOT_AVAILABLE 
FIRST_ERROR_STATUS 
SIGNATURE_METHOD_TOO_WEAK 
UNTRUSTED_HASH 
NO_REVOCATION_DATA 
NO_MATCHING_CRLDP 
CERT_NOT_YET_VALID 
CERT_HAS_EXPIRED 
OCSP_NOT_YET_VALID 
OCSP_HAS_EXPIRED 
CRL_NOT_YET_VALID 
CRL_HAS_EXPIRED 
CERT_ISSUER_NOT_FOUND 
CANNOT_ESTABLISH_TRUST 
CERT_CHAIN_LOOP 
CHAIN_LACKS_TRUST_ROOT 
CHAIN_NAME_MISMATCH 
POLICY_ERROR 
INVALID_USAGE 
CERT_CHAIN_TOO_LONG 
CA_CERT_NOT_FOR_CERT_ISSUER 
NAME_CONSTRAINT_ERROR 
CA_CERT_NOT_FOR_CRL_ISSUER 
OCSP_CERT_NOT_LISTED 
OCSP_BAD_STATUS 
CERT_NAME_NOMATCH 
UNKNOWN_CRITICAL_EXTENSION 
DUPLICATE_CERT_EXTENSION 
OCSP_SIGNATURE_ERROR 
OCSP_ISSUER_NOT_FOUND 
OCSP_RESPONSE_MISSING_KEYUSAGE 
OCSP_RESPONSE_INVALID 
EXT_IN_V1_V2_CERT 
DUPLICATE_CERT_POLICY 
CERT_IS_REVOKED 
CRL_BAD_SIGNATURE 
SIGNATURE_ERROR 
CERT_PUBKEY_INVALID 
SIGNATURE_ALGO_UNKNOWN 
SIGNATURE_ALGO_BAD_PARAMS 

◆ Character_Set

The different charsets (nominally) supported by Botan.

Enumerator
LOCAL_CHARSET 
UCS2_CHARSET 
UTF8_CHARSET 
LATIN1_CHARSET 

◆ cipher_dir

The two possible directions for cipher filters, determining whether they actually perform encryption or decryption.

Enumerator
ENCRYPTION 
DECRYPTION 

◆ crl_code

enum nil::crypto3::crl_code : uint32_t

X.509v2 CRL Reason Code.

Enumerator
UNSPECIFIED 
KEY_COMPROMISE 
CA_COMPROMISE 
AFFILIATION_CHANGED 
SUPERSEDED 
CESSATION_OF_OPERATION 
CERTIFICATE_HOLD 
REMOVE_FROM_CRL 
PRIVLEDGE_WITHDRAWN 
AA_COMPROMISE 
DELETE_CRL_ENTRY 
OCSP_GOOD 
OCSP_UNKNOWN 

◆ ec_group_encoding

This class represents elliptic curve domain parameters

Enumerator
EC_DOMPAR_ENC_EXPLICIT 
EC_DOMPAR_ENC_IMPLICITCA 
EC_DOMPAR_ENC_oid_t 

◆ ecies_flags

enum nil::crypto3::ecies_flags : uint32_t
strong
Enumerator
NONE 
SINGLE_HASH_MODE 

if set: prefix the input of the (ecdh) key agreement with the encoded (ephemeral) public key

COFACTOR_MODE 

(decryption only) if set: use cofactor multiplication during (ecdh) key agreement

OLD_COFACTOR_MODE 

if set: use ecdhc instead of ecdh

CHECK_MODE 

(decryption only) if set: test if the (ephemeral) public key is on the curve

◆ key_constraints

X.509v3 Key Constraints. If updating update copy in ffi.h

Enumerator
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

◆ newhope_mode

This chooses the XOF + hash for NewHope The official NewHope specification and reference implementation use SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode

Enumerator
SHA3 
BoringSSL 

◆ newhope_params

Enumerator
NEWHOPE_SENDABYTES 
NEWHOPE_SENDBBYTES 
NEWHOPE_OFFER_BYTES 
NEWHOPE_ACCEPT_BYTES 
NEWHOPE_SHARED_KEY_BYTES 
NEWHOPE_SEED_BYTES 
NEWHOPE_POLY_BYTES 
CECPQ1_OFFER_BYTES 
CECPQ1_ACCEPT_BYTES 
CECPQ1_SHARED_KEY_BYTES 

◆ signature_format

The two types of signature format supported by Botan.

Enumerator
IEEE_1363 
DER_SEQUENCE 

◆ TPM_Storage_Type

Enumerator
User 
System 

◆ usage_type

Enumerator
UNSPECIFIED 
TLS_SERVER_AUTH 
TLS_CLIENT_AUTH 
CERTIFICATE_AUTHORITY 
OCSP_RESPONDER 

◆ x509_encoding

The two types of X509 encoding supported by Botan. This enum is not used anymore, and will be removed in a future major release.

Enumerator
RAW_BER 
PEM 

Function Documentation

◆ allocate_memory()

CRYPTO3_MALLOC_FN void * nil::crypto3::allocate_memory ( size_t  elems,
size_t  elem_size 
)

Allocate a memory buffer by some method. This should only be used for primitive types (uint8_t, uint32_t, etc).

Parameters
elemsthe number of elements
elem_sizethe size of each element
Returns
pointer to allocated and zeroed memory, or throw std::bad_alloc on failure

◆ almost_montgomery_inverse()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::almost_montgomery_inverse ( number< Backend, ExpressionTemplates > &  result,
const number< Backend, ExpressionTemplates > &  a,
const number< Backend, ExpressionTemplates > &  b 
)
inline

Sets result to a^-1 * 2^k mod a with n <= k <= 2n.

"The Montgomery Modular Inverse - Revisited" Çetin Koç, E. Savas https://citeseerx.ist.psu.edu/viewdoc/citations?doi=10.1.1.75.8377

A const time implementation of this algorithm is described in "Constant Time Modular Inversion" Joppe W. Bos http://www.joppebos.com/files/CTInversion.pdf

Note
Non-const time
Parameters
result
a
b
Returns
a^-1 * 2^k mod b

◆ aont_package()

template<typename BlockCipher >
void nil::crypto3::aont_package ( random_number_generator rng,
BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform

Parameters
rngthe random number generator to use
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len + cipher->BLOCK_SIZE bytes long)

◆ aont_unpackage()

template<typename BlockCipher >
void nil::crypto3::aont_unpackage ( BlockCipher cipher,
const uint8_t  input[],
size_t  input_len,
uint8_t  output[] 
)

Rivest's Package Tranform (Inversion)

Parameters
cipherthe block cipher to use (aont_package takes ownership)
inputthe input data buffer
input_lenthe length of the input data in bytes
outputthe output data buffer (must be at least input_len - cipher->BLOCK_SIZE bytes long)

◆ asn1_tag_to_string()

std::string nil::crypto3::asn1_tag_to_string ( asn1_tag  type)

◆ assertion_failure()

void nil::crypto3::assertion_failure ( const char *  expr_str,
const char *  assertion_made,
const char *  func,
const char *  file,
int  line 
)

Called when an assertion fails

◆ bigint_add2()

void nil::crypto3::bigint_add2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition

Parameters
xthe first operand (and output)
x_sizesize of x
ythe second operand
y_sizesize of y (must be >= x_size)

◆ bigint_add2_nc()

word nil::crypto3::bigint_add2_nc ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand addition with carry out

◆ bigint_add3()

void nil::crypto3::bigint_add3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition

◆ bigint_add3_nc()

word nil::crypto3::bigint_add3_nc ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand addition with carry out

◆ bigint_cmp()

int32_t nil::crypto3::bigint_cmp ( const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Compare x and y

◆ bigint_cnd_abs()

void nil::crypto3::bigint_cnd_abs ( word  cnd,
word  x[],
size_t  size 
)

◆ bigint_cnd_add()

word nil::crypto3::bigint_cnd_add ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

◆ bigint_cnd_sub()

word nil::crypto3::bigint_cnd_sub ( word  cnd,
word  x[],
const word  y[],
size_t  size 
)

◆ bigint_cnd_swap()

void nil::crypto3::bigint_cnd_swap ( word  cnd,
word  x[],
word  y[],
size_t  size 
)

◆ bigint_comba_mul16()

void nil::crypto3::bigint_comba_mul16 ( word  z[32],
const word  x[16],
const word  y[16] 
)

◆ bigint_comba_mul4()

void nil::crypto3::bigint_comba_mul4 ( word  z[8],
const word  x[4],
const word  y[4] 
)

◆ bigint_comba_mul6()

void nil::crypto3::bigint_comba_mul6 ( word  z[12],
const word  x[6],
const word  y[6] 
)

◆ bigint_comba_mul8()

void nil::crypto3::bigint_comba_mul8 ( word  z[16],
const word  x[8],
const word  y[8] 
)

◆ bigint_comba_mul9()

void nil::crypto3::bigint_comba_mul9 ( word  z[18],
const word  x[9],
const word  y[9] 
)

◆ bigint_comba_sqr16()

void nil::crypto3::bigint_comba_sqr16 ( word  out[32],
const word  in[16] 
)

◆ bigint_comba_sqr4()

void nil::crypto3::bigint_comba_sqr4 ( word  out[8],
const word  in[4] 
)

◆ bigint_comba_sqr6()

void nil::crypto3::bigint_comba_sqr6 ( word  out[12],
const word  in[6] 
)

◆ bigint_comba_sqr8()

void nil::crypto3::bigint_comba_sqr8 ( word  out[16],
const word  in[8] 
)

◆ bigint_comba_sqr9()

void nil::crypto3::bigint_comba_sqr9 ( word  out[18],
const word  in[9] 
)

◆ bigint_divop()

word nil::crypto3::bigint_divop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) / d

◆ bigint_linmul2()

void nil::crypto3::bigint_linmul2 ( word  x[],
size_t  x_size,
word  y 
)

◆ bigint_linmul3()

void nil::crypto3::bigint_linmul3 ( word  z[],
const word  x[],
size_t  x_size,
word  y 
)

◆ bigint_modop()

word nil::crypto3::bigint_modop ( word  n1,
word  n0,
word  d 
)

Compute ((n1<<bits) + n0) % d

◆ bigint_monty_redc()

void nil::crypto3::bigint_monty_redc ( word  z[],
const word  p[],
size_t  p_size,
word  p_dash,
word  workspace[],
size_t  ws_size 
)

Montgomery Reduction

Parameters
zinteger to reduce, of size exactly 2*(p_size+1). Output is in the first p_size+1 words, higher words are set to zero.
pmodulus
p_sizesize of p
p_dashMontgomery value
workspacearray of at least 2*(p_size+1) words
ws_sizesize of workspace in words

◆ bigint_mul()

void nil::crypto3::bigint_mul ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
const word  y[],
size_t  y_size,
size_t  y_sw,
word  workspace[],
size_t  ws_size 
)

◆ bigint_shl1()

void nil::crypto3::bigint_shl1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

◆ bigint_shl2()

void nil::crypto3::bigint_shl2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

◆ bigint_shr1()

void nil::crypto3::bigint_shr1 ( word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

◆ bigint_shr2()

void nil::crypto3::bigint_shr2 ( word  y[],
const word  x[],
size_t  x_size,
size_t  word_shift,
size_t  bit_shift 
)

◆ bigint_sqr()

void nil::crypto3::bigint_sqr ( word  z[],
size_t  z_size,
const word  x[],
size_t  x_size,
size_t  x_sw,
word  workspace[],
size_t  ws_size 
)

◆ bigint_sub2()

word nil::crypto3::bigint_sub2 ( word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Two operand subtraction

◆ bigint_sub2_rev()

void nil::crypto3::bigint_sub2_rev ( word  x[],
const word  y[],
size_t  y_size 
)

Two operand subtraction, x = y - x; assumes y >= x

◆ bigint_sub3()

word nil::crypto3::bigint_sub3 ( word  z[],
const word  x[],
size_t  x_size,
const word  y[],
size_t  y_size 
)

Three operand subtraction

◆ bit_size_to_32bit_size()

uint32_t nil::crypto3::bit_size_to_32bit_size ( uint32_t  bit_size)
inline

◆ bit_size_to_byte_size()

uint32_t nil::crypto3::bit_size_to_byte_size ( uint32_t  bit_size)
inline

◆ blind() [1/2]

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::blind ( const number< Backend, ExpressionTemplates > &  x,
const number< Backend, ExpressionTemplates > &  modulus 
)

◆ blind() [2/2]

template<typename Backend , expression_template_option ExpressionTemplates, typename ModularExponentiator >
number<Backend, ExpressionTemplates> nil::crypto3::blind ( const number< Backend, ExpressionTemplates > &  x,
const number< Backend, ExpressionTemplates > &  modulus,
const number< Backend, ExpressionTemplates > &  nonce,
const ModularExponentiator &  exp 
)

◆ bswap_4()

template<typename T >
void nil::crypto3::bswap_4 ( T  x[4])
inline

Swap 4 Ts in an array

◆ buffer_insert() [1/2]

template<typename T , typename Alloc >
size_t nil::crypto3::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const T  input[],
size_t  input_length 
)

◆ buffer_insert() [2/2]

template<typename T , typename Alloc , typename Alloc2 >
size_t nil::crypto3::buffer_insert ( std::vector< T, Alloc > &  buf,
size_t  buf_offset,
const std::vector< T, Alloc2 > &  input 
)

◆ calendar_value()

calendar_point nil::crypto3::calendar_value ( const std::chrono::system_clock::time_point &  time_point)

Convert a time_point to a calendar_point

Parameters
time_pointa time point from the system clock
Returns
calendar_point object representing this time point

◆ carry()

template<size_t S, int64_t MUL = 1>
void nil::crypto3::carry ( int64_t &  h0,
int64_t &  h1 
)
inline

◆ carry0() [1/2]

template<size_t S>
void nil::crypto3::carry0 ( int64_t &  h0,
int64_t &  h1 
)
inline

◆ carry0() [2/2]

template<size_t S>
void nil::crypto3::carry0 ( int32_t &  h0,
int32_t &  h1 
)
inline

◆ carry_shift()

uint64_t nil::crypto3::carry_shift ( const donna128 a,
size_t  shift 
)
inline

◆ cast_char_ptr_to_uint8() [1/2]

const uint8_t* nil::crypto3::cast_char_ptr_to_uint8 ( const char *  s)
inline

◆ cast_char_ptr_to_uint8() [2/2]

uint8_t* nil::crypto3::cast_char_ptr_to_uint8 ( char *  s)
inline

◆ cast_uint8_ptr_to_char() [1/2]

const char* nil::crypto3::cast_uint8_ptr_to_char ( const uint8_t *  b)
inline

◆ cast_uint8_ptr_to_char() [2/2]

char* nil::crypto3::cast_uint8_ptr_to_char ( uint8_t *  b)
inline

◆ CECPQ1_accept() [1/2]

void nil::crypto3::CECPQ1_accept ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
uint8_t  send[CECPQ1_ACCEPT_BYTES],
const uint8_t  received[CECPQ1_OFFER_BYTES],
RandomNumberGenerator &  rng 
)

◆ CECPQ1_accept() [2/2]

void nil::crypto3::CECPQ1_accept ( uint8_t *  shared_key,
uint8_t *  accept_message,
const uint8_t *  offer_message,
RandomNumberGenerator &  rng 
)

◆ CECPQ1_finish() [1/2]

void nil::crypto3::CECPQ1_finish ( uint8_t *  shared_key,
const CECPQ1_key offer_key,
const uint8_t *  accept_message 
)

◆ CECPQ1_finish() [2/2]

void nil::crypto3::CECPQ1_finish ( uint8_t  shared_key[CECPQ1_SHARED_KEY_BYTES],
const CECPQ1_key offer_key,
const uint8_t  received[CECPQ1_ACCEPT_BYTES] 
)

◆ CECPQ1_offer() [1/2]

void nil::crypto3::CECPQ1_offer ( uint8_t  send[CECPQ1_OFFER_BYTES],
CECPQ1_key offer_key_output,
RandomNumberGenerator &  rng 
)

◆ CECPQ1_offer() [2/2]

void nil::crypto3::CECPQ1_offer ( uint8_t *  offer_message,
CECPQ1_key offer_key_output,
RandomNumberGenerator &  rng 
)

◆ ceil_log2()

template<typename T >
size_t nil::crypto3::ceil_log2 ( T  x)

◆ check_bcrypt()

bool nil::crypto3::check_bcrypt ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

◆ check_passhash9()

bool nil::crypto3::check_passhash9 ( const std::string &  password,
const std::string &  hash 
)

Check a previously created password hash

Parameters
passwordthe password to check against
hashthe stored hash to check against

◆ checked_add()

size_t nil::crypto3::checked_add ( size_t  x,
size_t  y,
const char *  file,
int  line 
)
inline

◆ choose_sig_format() [1/2]

pk_signer * nil::crypto3::choose_sig_format ( const private_key_policy key,
random_number_generator rng,
const std::string &  hash_fn,
algorithm_identifier alg_id 
)

Choose the default signature format for a certain public key signature scheme.

Parameters
keywill be the key to choose a padding scheme for
rngthe random generator to use
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

◆ choose_sig_format() [2/2]

pk_signer * nil::crypto3::choose_sig_format ( const private_key_policy key,
const std::map< std::string, std::string > &  opts,
random_number_generator rng,
const std::string &  hash_fn,
algorithm_identifier alg_id 
)
* Choose the default signature format for a certain public key signature
* scheme.
*
* The only option recognized by opts at this moment is "padding"
* Find an entry from src/build-data/oids.txt under [signature] of the form
* <sig_algo>/<padding>[(<hash_algo>)] and add {"padding",<padding>}
* to opts.
* 
Parameters
keywill be the key to choose a padding scheme for
optscontains additional options for building the certificate
rngthe random generator to use
hash_fnis the desired hash function
alg_idwill be set to the chosen scheme
Returns
A PK_Signer object for generating signatures

◆ clamp()

size_t nil::crypto3::clamp ( size_t  n,
size_t  lower_bound,
size_t  upper_bound 
)
inline

Clamp

◆ clean_ws()

std::string nil::crypto3::clean_ws ( const std::string &  s)

◆ clear_bytes()

void nil::crypto3::clear_bytes ( void *  ptr,
size_t  bytes 
)
inline

Zero out some bytes

Parameters
ptra pointer to memory to zero
bytesthe number of bytes to zero in ptr

◆ clear_mem()

template<typename T >
void nil::crypto3::clear_mem ( T ptr,
size_t  n 
)
inline

Zero memory before use. This simply calls memset and should not be used in cases where the compiler cannot see the call as a side-effecting operation (for example, if calling clear_mem before deallocating memory, the compiler would be allowed to omit the call to memset entirely under the as-if rule.)

Parameters
ptra pointer to an array of Ts to zero
nthe number of Ts pointed to by ptr

◆ combine_lower()

uint64_t nil::crypto3::combine_lower ( const donna128 a,
size_t  s1,
const donna128 b,
size_t  s2 
)
inline

◆ constant_time_compare()

bool nil::crypto3::constant_time_compare ( const uint8_t  x[],
const uint8_t  y[],
size_t  len 
)

Memory comparison, input insensitive

Parameters
xa pointer to an array
ya pointer to another array
lenthe number of Ts in x and y
Returns
true iff x[i] == y[i] forall i in [0...n)

◆ copy_mem()

template<typename T >
void nil::crypto3::copy_mem ( T out,
const T in,
size_t  n 
)
inline

Copy memory

Parameters
outthe destination array
inthe source array
nthe number of elements of in/out

◆ copy_out_be()

template<typename T >
void nil::crypto3::copy_out_be ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

◆ copy_out_le()

template<typename T >
void nil::crypto3::copy_out_le ( uint8_t  out[],
size_t  out_bytes,
const T  in[] 
)

◆ copy_out_vec_be()

template<typename T , typename Alloc >
void nil::crypto3::copy_out_vec_be ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

◆ copy_out_vec_le()

template<typename T , typename Alloc >
void nil::crypto3::copy_out_vec_le ( uint8_t  out[],
size_t  out_bytes,
const std::vector< T, Alloc > &  in 
)

◆ create_alt_name()

alternative_name nil::crypto3::create_alt_name ( const data_store info)

◆ create_dn()

x509_dn nil::crypto3::create_dn ( const data_store info)

◆ create_hex_fingerprint() [1/2]

std::string nil::crypto3::create_hex_fingerprint ( const uint8_t  bits[],
size_t  len,
const std::string &  hash_name 
)

◆ create_hex_fingerprint() [2/2]

template<typename Alloc >
std::string nil::crypto3::create_hex_fingerprint ( const std::vector< uint8_t, Alloc > &  vec,
const std::string &  hash_name 
)

◆ create_private_key()

std::unique_ptr< private_key_policy > nil::crypto3::create_private_key ( const std::string &  algo_name,
random_number_generator rng,
const std::string &  algo_params = "",
const std::string &  provider = "" 
)

Create a new key For ECC keys, algo_params specifies EC group (eg, "secp256r1") For DH/DSA/ElGamal keys, algo_params is DL group (eg, "modp/ietf/2048") For RSA, algo_params is integer keylength For McEliece, algo_params is n,t If algo_params is left empty, suitable default parameters are chosen.

◆ CRYPTO3_DEPRECATED()

alternative_name nil::crypto3::CRYPTO3_DEPRECATED ( "Avoid roundtripping names through data_store ) const &

◆ CRYPTO3_PUBLIC_API()

class nil::crypto3::CRYPTO3_PUBLIC_API ( ,
 
)

Descibes a signature method for XMSS, as defined in: [1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1

Returns
XMSS registry name for the chosen parameter set.

Retrieves the uniform length of a message, and the size of each node. This correlates to XMSS parameter "n" defined in [1].

Returns
element length in bytes.
The height (number of levels - 1) of the tree

The Winternitz parameter.

Returns
numeric base used for internal representation of data.

Returns the estimated pre-quantum security level of the chosen algorithm.

◆ ct_inverse_mod_odd_modulus()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::ct_inverse_mod_odd_modulus ( const number< Backend, ExpressionTemplates > &  n,
const number< Backend, ExpressionTemplates > &  mod 
)
inline

Const time modular inversion.

Parameters
n
mod
Note
Requires the modulus be odd

◆ ctz()

template<typename T >
size_t nil::crypto3::ctz ( T  n)
inline

Count the trailing zero bits in n

Parameters
nan integer value
Returns
maximum x st 2^x divides n

◆ curve25519_basepoint()

void nil::crypto3::curve25519_basepoint ( uint8_t  mypublic[32],
const uint8_t  secret[32] 
)

Exponentiate by the x25519 base point

Parameters
mypublicoutput value
secretrandom scalar

◆ curve25519_donna() [1/2]

void nil::crypto3::curve25519_donna ( uint8_t  mypublic[32],
const uint8_t  secret[32],
const uint8_t  basepoint[32] 
)

◆ curve25519_donna() [2/2]

void nil::crypto3::curve25519_donna ( uint8_t *  mypublic,
const uint8_t *  secret,
const uint8_t *  basepoint 
)

◆ deallocate_memory()

void nil::crypto3::deallocate_memory ( void *  p,
size_t  elems,
size_t  elem_size 
)

Free a pointer returned by allocate_memory

Parameters
pthe pointer returned by allocate_memory
elemsthe number of elements, as passed to allocate_memory
elem_sizethe size of each element, as passed to allocate_memory

◆ decode_gf2m()

gf2m nil::crypto3::decode_gf2m ( const uint8_t *  mem)

◆ divide()

void nil::crypto3::divide ( const big_int x,
const big_int y,
big_int q,
big_int r 
)

big_int Division

Parameters
xan integer
ya non-zero integer
qwill be set to x / y
rwill be set to x % y

◆ dl_exponent_size()

size_t nil::crypto3::dl_exponent_size ( size_t  prime_group_size)

Return the appropriate exponent size to use for a particular prime group. This is twice the size of the estimated cost of breaking the key using an index calculus attack; the assumption is that if an arbitrary discrete log on a group of size bits would take about 2^n effort, and thus using an exponent of size 2^(2*n) implies that all available attacks are about as easy (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) operations) while minimizing the exponent size for performance reasons.

◆ dl_work_factor()

size_t nil::crypto3::dl_work_factor ( size_t  prime_group_size)

Estimate work factor for discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

◆ ecp_work_factor()

size_t nil::crypto3::ecp_work_factor ( size_t  prime_group_size)

Estimate work factor for EC discrete logarithm

Parameters
prime_group_sizesize of the group in bits
Returns
estimated security level for this group

◆ ed25519_gen_keypair() [1/2]

void nil::crypto3::ed25519_gen_keypair ( uint8_t *  pk,
uint8_t *  sk,
const uint8_t  seed[32] 
)

◆ ed25519_gen_keypair() [2/2]

void nil::crypto3::ed25519_gen_keypair ( uint8_t  pk[32],
uint8_t  sk[64],
const uint8_t  seed[32] 
)

◆ ed25519_sign() [1/2]

void nil::crypto3::ed25519_sign ( uint8_t  sig[64],
const uint8_t *  m,
size_t  mlen,
const uint8_t *  sk 
)

◆ ed25519_sign() [2/2]

void nil::crypto3::ed25519_sign ( uint8_t  sig[64],
const uint8_t  msg[],
size_t  msg_len,
const uint8_t  sk[64] 
)

◆ ed25519_verify() [1/2]

bool nil::crypto3::ed25519_verify ( const uint8_t *  m,
size_t  mlen,
const uint8_t  sig[64],
const uint8_t *  pk 
)

◆ ed25519_verify() [2/2]

bool nil::crypto3::ed25519_verify ( const uint8_t  msg[],
size_t  msg_len,
const uint8_t  sig[64],
const uint8_t  pk[32] 
)

◆ encode_gf2m()

uint32_t nil::crypto3::encode_gf2m ( gf2m  to_enc,
uint8_t *  mem 
)

◆ encrypt()

template<typename BlockCipher , typename SinglePassRange , typename KeyRange , typename CipherState = typename detail::range_stream_encrypter_traits< typename BlockCipher::stream_encrypter_type, SinglePassRange>::type>
detail::range_encrypter_impl<detail::value_encrypter_impl<CipherState> > nil::crypto3::encrypt ( const SinglePassRange &  r,
const KeyRange &  key 
)
Template Parameters
BlockCipher
SinglePassRange
CipherState
Parameters
r
Returns

◆ eval_almost_montgomery_inverse()

template<typename Backend >
Backend nil::crypto3::eval_almost_montgomery_inverse ( Backend &  result,
const Backend &  a,
const Backend &  b 
)
inline

◆ eval_ct_inverse_mod_odd_modulus()

template<typename Backend >
Backend nil::crypto3::eval_ct_inverse_mod_odd_modulus ( const Backend &  n,
const Backend &  mod 
)
inline

◆ eval_inverse_euclid()

template<typename Backend , expression_template_option ExpressionTemplates>
Backend nil::crypto3::eval_inverse_euclid ( const Backend &  n,
const Backend &  mod 
)
inline

◆ eval_inverse_mod()

template<typename Backend >
Backend nil::crypto3::eval_inverse_mod ( const Backend &  x,
const Backend &  mod 
)
inline

◆ eval_jacobi()

template<typename Backend >
limb_type nil::crypto3::eval_jacobi ( const Backend &  a,
const Backend &  n 
)
inline

◆ eval_mask_bits()

template<typename Backend , typename Integer >
void nil::crypto3::eval_mask_bits ( Backend &  val,
Integer  n 
)

◆ eval_mod_redc()

template<typename Backend >
Backend nil::crypto3::eval_mod_redc ( const Backend &  x,
const Backend &  mod 
)
inline

◆ eval_normalized_montgomery_inverse()

template<typename Backend >
Backend nil::crypto3::eval_normalized_montgomery_inverse ( const Backend &  a,
const Backend &  p 
)
inline

Call almost_montgomery_inverse and correct the result to a^-1 mod b

◆ eval_power_mod()

template<typename Backend >
Backend nil::crypto3::eval_power_mod ( const Backend &  base,
const Backend &  exp,
const Backend &  mod 
)
inline

Modular exponentation

Parameters
basean integer base
expa positive exponent
moda positive modulus
Returns
(b^x) % m

◆ eval_reduce_below()

template<typename Backend >
Backend nil::crypto3::eval_reduce_below ( Backend &  val,
const Backend &  mod 
)

◆ eval_ressol()

template<typename Backend >
Backend nil::crypto3::eval_ressol ( const Backend &  a,
const Backend &  p 
)
inline

Compute the square root of x modulo a prime using the Shanks-Tonnelli algorithm

Parameters
xthe input
pthe prime
Returns
y such that (y*y)p == x, or -1 if no such integer

◆ expand_mask_16bit()

template<typename T >
uint16_t nil::crypto3::expand_mask_16bit ( T  tst)

Expand an input to a bit mask depending on it being being zero or non-zero

Parameters
tstthe input
Returns
the mask 0xFFFF if tst is non-zero and 0 otherwise

◆ fe_0()

void nil::crypto3::fe_0 ( fe x)
inline

◆ fe_1()

void nil::crypto3::fe_1 ( fe x)
inline

◆ fe_add()

void nil::crypto3::fe_add ( fe x,
const fe a,
const fe b 
)
inline

◆ fe_copy()

void nil::crypto3::fe_copy ( fe a,
const fe b 
)
inline

◆ fe_frombytes()

void nil::crypto3::fe_frombytes ( fe x,
const uint8_t *  b 
)
inline

◆ fe_invert()

void nil::crypto3::fe_invert ( fe x,
const fe z 
)
inline

◆ fe_isnegative()

int nil::crypto3::fe_isnegative ( const fe x)
inline

◆ fe_isnonzero()

int nil::crypto3::fe_isnonzero ( const fe x)
inline

◆ fe_mul()

void nil::crypto3::fe_mul ( fe x,
const fe a,
const fe b 
)
inline

◆ fe_neg()

void nil::crypto3::fe_neg ( fe x,
const fe z 
)
inline

◆ fe_pow22523()

void nil::crypto3::fe_pow22523 ( fe x,
const fe y 
)
inline

◆ fe_sq()

void nil::crypto3::fe_sq ( fe x,
const fe z 
)
inline

◆ fe_sq2()

void nil::crypto3::fe_sq2 ( fe x,
const fe z 
)
inline

◆ fe_sq_iter()

void nil::crypto3::fe_sq_iter ( fe x,
const fe z,
size_t  iter 
)
inline

◆ fe_sub()

void nil::crypto3::fe_sub ( fe x,
const fe a,
const fe b 
)
inline

◆ fe_tobytes()

void nil::crypto3::fe_tobytes ( uint8_t *  b,
const fe x 
)
inline

◆ find_roots_gf2m_decomp()

secure_vector< gf2m > nil::crypto3::find_roots_gf2m_decomp ( const polyn_gf2m polyn,
uint32_t  code_length 
)

Find the roots of a polynomial over GF(2^m) using the method by Federenko et al.

◆ gcm_clmul_precompute()

void nil::crypto3::gcm_clmul_precompute ( const uint8_t  H[16],
uint64_t  H_pow[4 *2] 
)

◆ gcm_multiply_clmul() [1/2]

void nil::crypto3::gcm_multiply_clmul ( uint8_t  x[16],
const uint64_t  H_pow[4 *2],
const uint8_t  input[],
size_t  blocks 
)

◆ gcm_multiply_clmul() [2/2]

void nil::crypto3::gcm_multiply_clmul ( uint8_t  x[16],
const uint64_t  H_pow[8],
const uint8_t  input_bytes[],
size_t  blocks 
)

◆ gcm_multiply_pmull()

void nil::crypto3::gcm_multiply_pmull ( uint8_t  x[16],
const uint64_t  H[8],
const uint8_t  input[],
size_t  blocks 
)

◆ gcm_multiply_ssse3()

void nil::crypto3::gcm_multiply_ssse3 ( uint8_t  x[16],
const uint64_t  HM[256],
const uint8_t  input[],
size_t  blocks 
)

◆ gcm_pmull_precompute()

void nil::crypto3::gcm_pmull_precompute ( const uint8_t  H[16],
uint64_t  H_pow[4 *2] 
)

◆ ge_double_scalarmult_vartime() [1/2]

void nil::crypto3::ge_double_scalarmult_vartime ( uint8_t  out[32],
const uint8_t  a[],
const ge_p3 A,
const uint8_t  b[] 
)

◆ ge_double_scalarmult_vartime() [2/2]

void nil::crypto3::ge_double_scalarmult_vartime ( uint8_t  out[32],
const uint8_t *  a,
const ge_p3 A,
const uint8_t *  b 
)

◆ ge_frombytes_negate_vartime()

int nil::crypto3::ge_frombytes_negate_vartime ( ge_p3 h,
const uint8_t *  s 
)

◆ ge_scalarmult_base()

void nil::crypto3::ge_scalarmult_base ( uint8_t  out[32],
const uint8_t  in[32] 
)

◆ generate_bcrypt()

std::string nil::crypto3::generate_bcrypt ( const std::string &  password,
random_number_generator rng,
uint16_t  work_factor = 10 
)

Create a password hash using Bcrypt

Parameters
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
See also
https://www.usenix.org/events/usenix99/provos/provos_html/

◆ generate_dsa_primes()

template<template< std::size_t QBits > class hash::sha< QBits > , std::size_t PBits, std::size_t QBits, typename Backend , expression_template_option ExpressionTemplates, typename UniformRandomNumberGenerator >
bool nil::crypto3::generate_dsa_primes ( number< Backend, ExpressionTemplates > &  q_out,
const std::vector< uint8_t > &  seed_c,
size_t  offset = 0,
UniformRandomNumberGenerator &  rng,
Hasher &  hasher 
)

Generate DSA parameters using the FIPS 186 kosherizer.

Template Parameters
Hasher
UniformRandomNumberGenerator
Parameters
rnga random number generator
p_outwhere the prime p will be stored
q_outwhere the prime q will be stored
pbitshow long p will be in bits
qbitshow long q will be in bits
seed_cthe seed used to generate the parameters
offsetoptional offset from seed to start searching at
Returns
true if seed generated a valid DSA parameter set, otherwise false. p_out and q_out are only valid if true was returned.

◆ generate_mceliece_key() [1/2]

McEliece_PrivateKey nil::crypto3::generate_mceliece_key ( random_number_generator rng,
uint32_t  ext_deg,
uint32_t  code_length,
uint32_t  t 
)

◆ generate_mceliece_key() [2/2]

McEliece_PrivateKey nil::crypto3::generate_mceliece_key ( RandomNumberGenerator &  rng,
uint32_t  ext_deg,
uint32_t  code_length,
uint32_t  t 
)

◆ generate_passhash9()

std::string nil::crypto3::generate_passhash9 ( const std::string &  password,
random_number_generator rng,
uint16_t  work_factor = 10,
uint8_t  alg_id = 1 
)

Create a password hash using PBKDF2

Parameters
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
alg_idspecifies which PRF to use with PBKDF2 0 is HMAC(SHA-1) 1 is HMAC(SHA-256) 2 is CMAC(Blowfish) 3 is HMAC(SHA-384) 4 is HMAC(SHA-512) all other values are currently undefined

◆ generate_rfc6979_nonce()

boost::multiprecision::cpp_int nil::crypto3::generate_rfc6979_nonce ( const boost::multiprecision::cpp_int x,
const boost::multiprecision::cpp_int q,
const boost::multiprecision::cpp_int h,
const std::string &  hash 
)
Parameters
xthe secret (EC)DSA key
qthe group order
hthe message hash already reduced mod q
hashthe hash function used to generate h

◆ generate_srp6_verifier()

boost::multiprecision::cpp_int nil::crypto3::generate_srp6_verifier ( const std::string &  identifier,
const std::string &  password,
const std::vector< uint8_t > &  salt,
const std::string &  group_id,
const std::string &  hash_id 
)

Generate a new SRP-6 verifier

Parameters
identifiera username or other client identifier
passwordthe secret used to authenticate user
salta randomly chosen value, at least 128 bits long
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function

◆ get_aead()

aead_mode* nil::crypto3::get_aead ( const std::string &  name,
cipher_dir  direction 
)
inline

Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX")

Parameters
nameAEAD name
directionENCRYPTION or DECRYPTION

◆ get_bc_pad()

block_cipher_mode_padding_method * nil::crypto3::get_bc_pad ( const std::string &  algo_spec)

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

◆ get_byte()

template<typename T >
uint8_t nil::crypto3::get_byte ( size_t  byte_num,
T  input 
)
inline

Byte extraction

Parameters
byte_numwhich byte to extract, 0 == highest byte
inputthe value to extract from
Returns
byte byte_num of input

◆ get_cipher_mode()

cipher_mode* nil::crypto3::get_cipher_mode ( const std::string &  algo_spec,
cipher_dir  direction,
const std::string &  provider = "" 
)
inline

Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS")

Parameters
algo_speccipher name
directionENCRYPTION or DECRYPTION
providerprovider implementation to choose

◆ get_eme()

eme * nil::crypto3::get_eme ( const std::string &  algo_spec)

Factory method for EME (message-encoding methods for encryption) objects

Parameters
algo_specthe name of the EME to create
Returns
pointer to newly allocated object of that type

◆ get_emsa()

emsa * nil::crypto3::get_emsa ( const std::string &  algo_spec)

Factory method for EMSA (message-encoding methods for signatures with appendix) objects

Parameters
algo_specthe name of the EMSA to create
Returns
pointer to newly allocated object of that type

◆ get_kdf()

kdf * nil::crypto3::get_kdf ( const std::string &  algo_spec)

Factory method for KDF (key derivation function)

Parameters
algo_specthe name of the KDF to create
Returns
pointer to newly allocated object of that type

◆ get_pbkdf()

PBKDF* nil::crypto3::get_pbkdf ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
inline

Password based key derivation function factory method

Parameters
algo_specthe name of the desired PBKDF algorithm
providerthe provider to use
Returns
pointer to newly allocated object of that type

◆ get_sig_paddings()

const std::vector< std::string > nil::crypto3::get_sig_paddings ( const std::string &  algo)

Returns the allowed padding schemes when using the given algorithm (key type) for creating digital signatures.

Parameters
algothe algorithm for which to look up supported padding schemes
Returns
a vector of supported padding schemes

◆ gray_to_lex()

gf2m nil::crypto3::gray_to_lex ( gf2m  gray)
inline

◆ hamming_weight()

template<typename T >
size_t nil::crypto3::hamming_weight ( T  n)
inline

Compute Hamming weights

Parameters
nan integer value
Returns
number of bits in n set to 1

◆ hash_for_emsa()

std::string nil::crypto3::hash_for_emsa ( const std::string &  algo_spec)

Returns the hash function used in the given EMSA scheme If the hash function is not specified or not understood, returns "SHA-512"

Parameters
algo_specthe name of the EMSA
Returns
hash function used in the given EMSA scheme

◆ high_bit()

template<typename T >
size_t nil::crypto3::high_bit ( T  n)
inline

Return the index of the highest set bit T is an unsigned integer type

Parameters
nan integer value
Returns
index of the highest set bit in n

◆ hkdf_expand_label()

secure_vector< uint8_t > nil::crypto3::hkdf_expand_label ( const std::string &  hash_fn,
const uint8_t  secret[],
size_t  secret_len,
const std::string &  label,
const uint8_t  hash_val[],
size_t  hash_val_len,
size_t  length 
)

HKDF-Expand-Label from TLS 1.3/QUIC

Parameters
hash_fnthe hash to use
secretthe secret bits
secret_lenthe length of secret
labelthe full label (no "TLS 1.3, " or "tls13 " prefix is applied)
hash_valthe previous hash value (used for chaining, may be empty)
hash_val_lenthe length of hash_val
lengththe desired output length

◆ host_wildcard_match()

bool nil::crypto3::host_wildcard_match ( const std::string &  wildcard,
const std::string &  host 
)

◆ ieee1363_hash_id()

uint8_t nil::crypto3::ieee1363_hash_id ( const std::string &  hash_name)

Return the IEEE 1363 hash identifier

Parameters
hash_namethe name of the hash function
Returns
uint8_t code identifying the hash, or 0 if not known

◆ if_work_factor()

size_t nil::crypto3::if_work_factor ( size_t  n_bits)

Estimate work factor for integer factorization

Parameters
n_bitssize of modulus in bits
Returns
estimated security level for this modulus

◆ initialize_allocator()

void nil::crypto3::initialize_allocator ( )

Ensure the allocator is initialized

◆ inverse_euclid()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::inverse_euclid ( const number< Backend, ExpressionTemplates > &  n,
const number< Backend, ExpressionTemplates > &  mod 
)
inline

Modular inversion using extended binary Euclidian algorithm

Parameters
xa positive integer
modulusa positive integer
Returns
y st (x*y) % modulus == 1 or 0 if no such value
Note
Non-const time

◆ inverse_mod()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::inverse_mod ( const number< Backend, ExpressionTemplates > &  x,
const number< Backend, ExpressionTemplates > &  mod 
)
inline

Modular inversion.

Parameters
xa positive integer
moda positive integer
Returns
y st (x*y) % modulus == 1 or 0 if no such value
Note
Non-const time

◆ ipv4_to_string()

std::string nil::crypto3::ipv4_to_string ( uint32_t  ip_addr)

Convert an IPv4 address to a string

Parameters
ip_addrthe IPv4 address to convert
Returns
string representation of the IPv4 address

◆ is_passhash9_alg_supported()

bool nil::crypto3::is_passhash9_alg_supported ( uint8_t  alg_id)

Check if the PRF used with PBKDF2 is supported

Parameters
alg_idalg_id used in generate_passhash9()

◆ is_power_of_2()

template<typename T >
bool nil::crypto3::is_power_of_2 ( T  arg)
inline

Power of 2 test. T should be an unsigned integer type

Parameters
argan integer value
Returns
true iff arg is 2^n for some n > 0

◆ jacobi()

template<typename Backend , expression_template_option ExpressionTemplates>
std::enable_if<number_category<Backend>::value == number_kind_integer, limb_type>::type nil::crypto3::jacobi ( const number< Backend, ExpressionTemplates > &  a,
const number< Backend, ExpressionTemplates > &  n 
)
inline

Compute the Jacobi symbol. If n is prime, this is equivalent to the Legendre symbol.

See also
http://mathworld.wolfram.com/JacobiSymbol.html
Parameters
ais a non-negative integer
nis an odd integer > 1
Returns
(n / m)

◆ key_constraints_to_string()

std::string nil::crypto3::key_constraints_to_string ( key_constraints  constraints)

◆ lex_to_gray()

gf2m nil::crypto3::lex_to_gray ( gf2m  lex)
inline

◆ load_3()

uint64_t nil::crypto3::load_3 ( const uint8_t  in[3])
inline

◆ load_4()

uint64_t nil::crypto3::load_4 ( const uint8_t *  in)
inline

◆ load_be() [1/5]

template<typename T >
T nil::crypto3::load_be ( const uint8_t  in[],
std::size_t  off = 0 
)
inline

Load a big-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a big-endian value

◆ load_be() [2/5]

template<typename T >
void nil::crypto3::load_be ( const uint8_t  in[],
T x0,
T x1 
)
inline

Load two big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

◆ load_be() [3/5]

template<typename T >
void nil::crypto3::load_be ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3 
)
inline

Load four big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

◆ load_be() [4/5]

template<typename T >
void nil::crypto3::load_be ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3,
T x4,
T x5,
T x6,
T x7 
)
inline

Load eight big-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

◆ load_be() [5/5]

template<typename T >
void nil::crypto3::load_be ( T  out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of big-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

◆ load_be< uint16_t >()

template<>
uint16_t nil::crypto3::load_be< uint16_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a big-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a big-endian value

◆ load_be< uint32_t >()

template<>
uint32_t nil::crypto3::load_be< uint32_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a big-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a big-endian value

◆ load_be< uint64_t >()

template<>
uint64_t nil::crypto3::load_be< uint64_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a big-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a big-endian value

◆ load_le() [1/5]

template<typename T >
T nil::crypto3::load_le ( const uint8_t  in[],
std::size_t  off = 0 
)
inline

Load a little-endian word

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th T of in, as a litte-endian value

◆ load_le() [2/5]

template<typename T >
void nil::crypto3::load_le ( const uint8_t  in[],
T x0,
T x1 
)
inline

Load two little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written

◆ load_le() [3/5]

template<typename T >
void nil::crypto3::load_le ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3 
)
inline

Load four little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written

◆ load_le() [4/5]

template<typename T >
void nil::crypto3::load_le ( const uint8_t  in[],
T x0,
T x1,
T x2,
T x3,
T x4,
T x5,
T x6,
T x7 
)
inline

Load eight little-endian words

Parameters
ina pointer to some bytes
x0where the first word will be written
x1where the second word will be written
x2where the third word will be written
x3where the fourth word will be written
x4where the fifth word will be written
x5where the sixth word will be written
x6where the seventh word will be written
x7where the eighth word will be written

◆ load_le() [5/5]

template<typename T >
void nil::crypto3::load_le ( T  out[],
const uint8_t  in[],
size_t  count 
)
inline

Load a variable number of little-endian words

Parameters
outthe output array of words
inthe input array of bytes
counthow many words are in in

◆ load_le< uint16_t >()

template<>
uint16_t nil::crypto3::load_le< uint16_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a little-endian uint16_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint16_t of in, as a little-endian value

◆ load_le< uint32_t >()

template<>
uint32_t nil::crypto3::load_le< uint32_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a little-endian uint32_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint32_t of in, as a little-endian value

◆ load_le< uint64_t >()

template<>
uint64_t nil::crypto3::load_le< uint64_t > ( const uint8_t  in[],
std::size_t  off 
)
inline

Load a little-endian uint64_t

Parameters
ina pointer to some bytes
offan offset into the array
Returns
off'th uint64_t of in, as a little-endian value

◆ load_private_key()

std::unique_ptr< private_key_policy > nil::crypto3::load_private_key ( const algorithm_identifier alg_id,
const secure_vector< uint8_t > &  key_bits 
)

◆ load_public_key()

std::unique_ptr< public_key_policy > nil::crypto3::load_public_key ( const algorithm_identifier alg_id,
const std::vector< uint8_t > &  key_bits 
)

◆ low_bit()

template<typename T >
size_t nil::crypto3::low_bit ( T  n)
inline

Return the index of the lowest set bit T is an unsigned integer type

Parameters
nan integer value
Returns
index of the lowest set bit in n

◆ make_bearssl_hash()

std::unique_ptr< HashFunction > nil::crypto3::make_bearssl_hash ( const std::string &  name)

◆ make_openssl_block_cipher()

std::unique_ptr< BlockCipher > nil::crypto3::make_openssl_block_cipher ( const std::string &  name)

◆ make_openssl_cipher_mode() [1/2]

cipher_mode* nil::crypto3::make_openssl_cipher_mode ( const std::string &  name,
cipher_dir  direction 
)

◆ make_openssl_cipher_mode() [2/2]

cipher_mode* nil::crypto3::make_openssl_cipher_mode ( const std::string &  name,
Cipher_Dir  direction 
)

◆ make_openssl_hash()

std::unique_ptr< HashFunction > nil::crypto3::make_openssl_hash ( const std::string &  name)

◆ make_uint16()

uint16_t nil::crypto3::make_uint16 ( uint8_t  i0,
uint8_t  i1 
)
inline

Make a uint16_t from two bytes

Parameters
i0the first byte
i1the second byte
Returns
i0 || i1

◆ make_uint32()

uint32_t nil::crypto3::make_uint32 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3 
)
inline

Make a uint32_t from four bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
Returns
i0 || i1 || i2 || i3

◆ make_uint64()

uint64_t nil::crypto3::make_uint64 ( uint8_t  i0,
uint8_t  i1,
uint8_t  i2,
uint8_t  i3,
uint8_t  i4,
uint8_t  i5,
uint8_t  i6,
uint8_t  i7 
)
inline

Make a uint64_t from eight bytes

Parameters
i0the first byte
i1the second byte
i2the third byte
i3the fourth byte
i4the fifth byte
i5the sixth byte
i6the seventh byte
i7the eighth byte
Returns
i0 || i1 || i2 || i3 || i4 || i5 || i6 || i7

◆ map_keys_as_set()

template<typename K , typename V >
std::set<K> nil::crypto3::map_keys_as_set ( const std::map< K, V > &  kv)

Return the keys of a map as a std::set

◆ map_remove_if()

template<typename T , typename Pred >
void nil::crypto3::map_remove_if ( Pred  pred,
T assoc 
)

◆ mask_bits()

template<typename Backend , expression_template_option ExpressionTemplates, typename Integer >
void nil::crypto3::mask_bits ( number< Backend, ExpressionTemplates > &  val,
Integer  n 
)
inline

◆ mceies_decrypt()

secure_vector< uint8_t > nil::crypto3::mceies_decrypt ( const mc_eliece_private_key privkey,
const uint8_t  ct[],
size_t  ct_len,
const uint8_t  ad[],
size_t  ad_len,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and decrypt/authenticate the ciphertext and AD using AES-256 in OCB mode.

◆ mceies_encrypt()

secure_vector< uint8_t > nil::crypto3::mceies_encrypt ( const mc_eliece_public_key pubkey,
const uint8_t  pt[],
size_t  pt_len,
const uint8_t  ad[],
size_t  ad_len,
random_number_generator rng,
const std::string &  aead = "AES-256/OCB" 
)

McEliece Integrated Encryption System Derive a shared key using MCE KEM and encrypt/authenticate the plaintext and AD using AES-256 in OCB mode.

◆ mceliece_decrypt() [1/3]

void nil::crypto3::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext_out,
secure_vector< uint8_t > &  error_mask_out,
const uint8_t  ciphertext[],
size_t  ciphertext_len,
const McEliece_PrivateKey &  key 
)

◆ mceliece_decrypt() [2/3]

void nil::crypto3::mceliece_decrypt ( secure_vector< uint8_t > &  plaintext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  ciphertext,
const McEliece_PrivateKey &  key 
)

◆ mceliece_decrypt() [3/3]

secure_vector< uint8_t > nil::crypto3::mceliece_decrypt ( secure_vector< gf2m > &  error_pos,
const uint8_t *  ciphertext,
uint32_t  ciphertext_len,
const McEliece_PrivateKey &  key 
)

p_err_pos_len must point to the available length of error_pos on input, the function will set it to the actual number of errors returned in the error_pos array

◆ mceliece_encrypt()

void nil::crypto3::mceliece_encrypt ( secure_vector< uint8_t > &  ciphertext_out,
secure_vector< uint8_t > &  error_mask_out,
const secure_vector< uint8_t > &  plaintext,
const McEliece_PublicKey &  key,
random_number_generator rng 
)

◆ mceliece_work_factor()

size_t nil::crypto3::mceliece_work_factor ( size_t  code_size,
size_t  t 
)

Estimate work factor for McEliece

Returns
estimated security level for these key parameters

◆ mgf1_mask()

template<typename Hasher , typename InputIterator , typename OutputIterator , typename StreamHasher = typename Hasher::template stream_hash< std::numeric_limits<typename std::iterator_traits<InputIterator>::value_type>::digits + std::numeric_limits<typename std::iterator_traits<InputIterator>::value_type>::is_signed>::type>
OutputIterator nil::crypto3::mgf1_mask ( InputIterator  first,
InputIterator  last,
OutputIterator  out,
StreamHasher  sh = StreamHasher() 
)

MGF1 from PKCS #1 v2.0.

Template Parameters
HasherHash function type to use
InputIteratorInput buffer iterator type
OutputIteratorOutput buffer iterator type
Parameters
firstInput buffer first iterator
lastInput buffer last iterator
outOutput buffer first iterator
shStream hash function instance

◆ mod_redc()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::mod_redc ( const number< Backend, ExpressionTemplates > &  x,
const number< Backend, ExpressionTemplates > &  mod 
)
inline

◆ monty_execute()

cpp_int nil::crypto3::monty_execute ( const montgomery_exponentation_state precomputed_state,
const cpp_int k 
)

◆ monty_execute_vartime()

cpp_int nil::crypto3::monty_execute_vartime ( const montgomery_exponentation_state precomputed_state,
const cpp_int k 
)

◆ monty_inverse()

template<typename Word >
std::enable_if<number_category<Word>::value == number_kind_integer, Word>::type nil::crypto3::monty_inverse ( Word  input)

Compute -input^-1 mod 2^MP_WORD_BITS. Returns zero if input is even. If input is odd, input and 2^n are relatively prime and an inverse exists.

◆ monty_multi_exp()

cpp_int nil::crypto3::monty_multi_exp ( const montgomery_params params_p,
const cpp_int x,
const cpp_int z1,
const cpp_int y,
const cpp_int z2 
)

Return (x^z1 * y^z2) % p

◆ monty_precompute()

montgomery_exponentation_state nil::crypto3::monty_precompute ( const montgomery_params params_p,
const cpp_int g,
size_t  window_bits 
)

◆ mul64x64_128()

void nil::crypto3::mul64x64_128 ( uint64_t  a,
uint64_t  b,
uint64_t *  lo,
uint64_t *  hi 
)
inline

Perform a 64x64->128 bit multiplication

◆ multi_exponentiate()

template<typename Backend , expression_templates ExpressionTemplates>
point_gfp<Backend, ExpressionTemplates> nil::crypto3::multi_exponentiate ( const point_gfp< Backend, ExpressionTemplates > &  p1,
const number< Backend, ExpressionTemplates > &  z1,
const point_gfp< Backend, ExpressionTemplates > &  p2,
const number< Backend, ExpressionTemplates > &  z2 
)

ECC point multiexponentiation (Non const-time).

Parameters
p1a point
z1a scalar
p2a point
z2a scalar
Returns
(p1 * z1 + p2 * z2)

◆ multimap_insert()

template<typename K , typename V >
void nil::crypto3::multimap_insert ( std::multimap< K, V > &  multimap,
const K &  key,
const V &  value 
)

◆ newhope_keygen() [1/2]

void nil::crypto3::newhope_keygen ( uint8_t  send[NEWHOPE_SENDABYTES],
newhope_poly sk,
random_number_generator rng,
newhope_mode  = newhope_mode::SHA3 
)

◆ newhope_keygen() [2/2]

void nil::crypto3::newhope_keygen ( uint8_t *  send,
poly sk,
RandomNumberGenerator &  rng,
Newhope_Mode  mode 
)

◆ newhope_shareda() [1/2]

void nil::crypto3::newhope_shareda ( uint8_t  sharedkey[NEWHOPE_SHARED_KEY_BYTES],
const newhope_poly ska,
const uint8_t *  received,
newhope_mode  mode = newhope_mode::SHA3 
)

◆ newhope_shareda() [2/2]

void nil::crypto3::newhope_shareda ( uint8_t  sharedkey[],
const poly sk,
const uint8_t  received[],
Newhope_Mode  mode 
)

◆ newhope_sharedb() [1/2]

void nil::crypto3::newhope_sharedb ( uint8_t  sharedkey[NEWHOPE_SHARED_KEY_BYTES],
uint8_t  send[],
const uint8_t *  received,
random_number_generator rng,
newhope_mode  mode = newhope_mode::SHA3 
)

◆ newhope_sharedb() [2/2]

void nil::crypto3::newhope_sharedb ( uint8_t *  sharedkey,
uint8_t *  send,
const uint8_t *  received,
RandomNumberGenerator &  rng,
Newhope_Mode  mode 
)

◆ nist_key_unwrap()

secure_vector< uint8_t > nil::crypto3::nist_key_unwrap ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)
Parameters
inputthe value to be decrypted, output of nist_key_wrap
input_lenlength of input
bca keyed 128-bit block cipher that will be used to decrypt input
Returns
input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.

◆ nist_key_unwrap_padded()

secure_vector< uint8_t > nil::crypto3::nist_key_unwrap_padded ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)
Parameters
inputthe value to be decrypted, output of nist_key_wrap
input_lenlength of input
bca keyed 128-bit block cipher that will be used to decrypt input
Returns
input decrypted under NIST key wrap algorithm Throws an exception if decryption fails.

◆ nist_key_wrap()

std::vector< uint8_t > nil::crypto3::nist_key_wrap ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)

Key wrap. See RFC 3394 and NIST SP800-38F

Parameters
inputthe value to be encrypted
input_lenlength of input, must be a multiple of 8
bca keyed 128-bit block cipher that will be used to encrypt input
Returns
input encrypted under NIST key wrap algorithm

◆ nist_key_wrap_padded()

std::vector< uint8_t > nil::crypto3::nist_key_wrap_padded ( const uint8_t  input[],
size_t  input_len,
const BlockCipher bc 
)

KWP (key wrap with padding). See RFC 5649 and NIST SP800-38F

Parameters
inputthe value to be encrypted
input_lenlength of input
bca keyed 128-bit block cipher that will be used to encrypt input
Returns
input encrypted under NIST key wrap algorithm

◆ normalized_montgomery_inverse()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::normalized_montgomery_inverse ( const number< Backend, ExpressionTemplates > &  a,
const number< Backend, ExpressionTemplates > &  p 
)
inline

Call almost_montgomery_inverse and correct the result to a^-1 mod b.

◆ operator &()

ecies_flags nil::crypto3::operator& ( ecies_flags  a,
ecies_flags  b 
)
inline

◆ operator!=() [1/13]

bool nil::crypto3::operator!= ( const algorithm_identifier a1,
const algorithm_identifier a2 
)

◆ operator!=() [2/13]

bool nil::crypto3::operator!= ( const x509_time t1,
const x509_time t2 
)

◆ operator!=() [3/13]

template<typename T , typename U >
bool nil::crypto3::operator!= ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

◆ operator!=() [4/13]

bool nil::crypto3::operator!= ( const x509_dn dn1,
const x509_dn dn2 
)

◆ operator!=() [5/13]

template<typename NumberType1 , typename NumberType2 >
bool nil::crypto3::operator!= ( const curve_gfp< NumberType1 > &  lhs,
const curve_gfp< NumberType2 > &  rhs 
)
inline

◆ operator!=() [6/13]

bool nil::crypto3::operator!= ( const crl_entry a1,
const crl_entry a2 
)

Test two CRL entries for inequality in at least one field.

◆ operator!=() [7/13]

bool nil::crypto3::operator!= ( const oid_t a,
const oid_t b 
)

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is not equal to b

◆ operator!=() [8/13]

bool nil::crypto3::operator!= ( const octet_string x,
const octet_string y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is not equal to y

◆ operator!=() [9/13]

bool nil::crypto3::operator!= ( const ec_group lhs,
const ec_group rhs 
)
inline

◆ operator!=() [10/13]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator!= ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator!=() [11/13]

bool nil::crypto3::operator!= ( const x509_certificate cert1,
const x509_certificate cert2 
)

Check two certificates for inequality

Parameters
cert1The first certificate
cert2The second certificate
Returns
true if the arguments represent different certificates, false if they are binary identical

◆ operator!=() [12/13]

bool nil::crypto3::operator!= ( const big_int a,
const big_int b 
)
inline

◆ operator!=() [13/13]

bool nil::crypto3::operator!= ( const point_gfp lhs,
const point_gfp rhs 
)
inline

◆ operator%() [1/2]

big_int nil::crypto3::operator% ( const big_int x,
const big_int m 
)

◆ operator%() [2/2]

word nil::crypto3::operator% ( const big_int x,
word  m 
)

◆ operator*() [1/5]

donna128 nil::crypto3::operator* ( const donna128 x,
uint64_t  y 
)
inline

◆ operator*() [2/5]

donna128 nil::crypto3::operator* ( uint64_t  y,
const donna128 x 
)
inline

◆ operator*() [3/5]

big_int nil::crypto3::operator* ( const big_int x,
const big_int y 
)

◆ operator*() [4/5]

template<typename CurveType >
point_gfp<CurveType> nil::crypto3::operator* ( const number< Backend, ExpressionTemplates > &  scalar,
const point_gfp< CurveType > &  point 
)

Point multiplication operator

Parameters
scalarthe scalar value
pointthe point value
Returns
scalar*point on the curve

◆ operator*() [5/5]

point_gfp nil::crypto3::operator* ( const point_gfp point,
const cpp_int scalar 
)
inline

◆ operator+() [1/6]

donna128 nil::crypto3::operator+ ( const donna128 x,
const donna128 y 
)
inline

◆ operator+() [2/6]

oid_t nil::crypto3::operator+ ( const oid_t oid,
uint32_t  new_comp 
)

Append another component onto the OID.

Parameters
oidthe OID to add the new component to
new_compthe new component to add

◆ operator+() [3/6]

donna128 nil::crypto3::operator+ ( const donna128 x,
uint64_t  y 
)
inline

◆ operator+() [4/6]

octet_string nil::crypto3::operator+ ( const octet_string x,
const octet_string y 
)

Concatenate two strings

Parameters
xan octet string
yan octet string
Returns
x concatenated with y

◆ operator+() [5/6]

big_int nil::crypto3::operator+ ( const big_int x,
const big_int y 
)

◆ operator+() [6/6]

point_gfp nil::crypto3::operator+ ( const point_gfp lhs,
const point_gfp rhs 
)
inline

◆ operator+=() [1/4]

template<typename T , typename Alloc , typename Alloc2 >
std::vector<T, Alloc>& nil::crypto3::operator+= ( std::vector< T, Alloc > &  out,
const std::vector< T, Alloc2 > &  in 
)

◆ operator+=() [2/4]

template<typename T , typename Alloc >
std::vector<T, Alloc>& nil::crypto3::operator+= ( std::vector< T, Alloc > &  out,
T  in 
)

◆ operator+=() [3/4]

template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& nil::crypto3::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< const T *, L > &  in 
)

◆ operator+=() [4/4]

template<typename T , typename Alloc , typename L >
std::vector<T, Alloc>& nil::crypto3::operator+= ( std::vector< T, Alloc > &  out,
const std::pair< T *, L > &  in 
)

◆ operator-() [1/3]

big_int nil::crypto3::operator- ( const big_int x,
const big_int y 
)

◆ operator-() [2/3]

point_gfp nil::crypto3::operator- ( const point_gfp lhs)
inline

◆ operator-() [3/3]

point_gfp nil::crypto3::operator- ( const point_gfp lhs,
const point_gfp rhs 
)
inline

◆ operator/()

big_int nil::crypto3::operator/ ( const big_int x,
const big_int d 
)

◆ operator<() [1/5]

bool nil::crypto3::operator< ( const x509_time t1,
const x509_time t2 
)

◆ operator<() [2/5]

bool nil::crypto3::operator< ( const x509_dn dn1,
const x509_dn dn2 
)

◆ operator<() [3/5]

bool nil::crypto3::operator< ( const oid_t a,
const oid_t b 
)

Compare two OIDs.

Parameters
athe first OID
bthe second OID
Returns
true if a is lexicographically smaller than b

◆ operator<() [4/5]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator< ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator<() [5/5]

bool nil::crypto3::operator< ( const big_int a,
const big_int b 
)
inline

◆ operator<<() [1/5]

std::ostream & nil::crypto3::operator<< ( std::ostream &  os,
const general_name gn 
)

◆ operator<<() [2/5]

std::ostream & nil::crypto3::operator<< ( std::ostream &  out,
const x509_dn dn 
)

◆ operator<<() [3/5]

std::ostream & nil::crypto3::operator<< ( std::ostream &  os,
const general_subtree gs 
)

◆ operator<<() [4/5]

big_int nil::crypto3::operator<< ( const big_int x,
size_t  n 
)

◆ operator<<() [5/5]

std::ostream & nil::crypto3::operator<< ( std::ostream &  stream,
const big_int n 
)

◆ operator<=() [1/3]

bool nil::crypto3::operator<= ( const x509_time t1,
const x509_time t2 
)

◆ operator<=() [2/3]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator<= ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator<=() [3/3]

bool nil::crypto3::operator<= ( const big_int a,
const big_int b 
)
inline

◆ operator==() [1/8]

bool nil::crypto3::operator== ( const algorithm_identifier a1,
const algorithm_identifier a2 
)

◆ operator==() [2/8]

bool nil::crypto3::operator== ( const x509_time t1,
const x509_time t2 
)

◆ operator==() [3/8]

template<typename T , typename U >
bool nil::crypto3::operator== ( const secure_allocator< T > &  ,
const secure_allocator< U > &   
)
inline

◆ operator==() [4/8]

bool nil::crypto3::operator== ( const x509_dn dn1,
const x509_dn dn2 
)

◆ operator==() [5/8]

bool nil::crypto3::operator== ( const crl_entry a1,
const crl_entry a2 
)

Test two CRL entries for equality in all fields.

◆ operator==() [6/8]

bool nil::crypto3::operator== ( const octet_string x,
const octet_string y 
)

Compare two strings

Parameters
xan octet string
yan octet string
Returns
if x is equal to y

◆ operator==() [7/8]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator== ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator==() [8/8]

bool nil::crypto3::operator== ( const big_int a,
const big_int b 
)
inline

◆ operator>() [1/3]

bool nil::crypto3::operator> ( const x509_time t1,
const x509_time t2 
)

◆ operator>() [2/3]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator> ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator>() [3/3]

bool nil::crypto3::operator> ( const big_int a,
const big_int b 
)
inline

◆ operator>=() [1/3]

bool nil::crypto3::operator>= ( const x509_time t1,
const x509_time t2 
)

◆ operator>=() [2/3]

template<typename SequenceContainer , typename Preprocessor >
bool nil::crypto3::operator>= ( const concept_container< SequenceContainer, Preprocessor > &  x,
const concept_container< SequenceContainer, Preprocessor > &  y 
)

◆ operator>=() [3/3]

bool nil::crypto3::operator>= ( const big_int a,
const big_int b 
)
inline

◆ operator>>() [1/3]

std::istream & nil::crypto3::operator>> ( std::istream &  in,
x509_dn dn 
)

◆ operator>>() [2/3]

big_int nil::crypto3::operator>> ( const big_int x,
size_t  n 
)

◆ operator>>() [3/3]

std::istream & nil::crypto3::operator>> ( std::istream &  stream,
big_int n 
)

◆ operator^()

octet_string nil::crypto3::operator^ ( const octet_string x,
const octet_string y 
)

XOR two strings

Parameters
xan octet string
yan octet string
Returns
x XORed with y

◆ operator^=()

template<typename Alloc , typename Alloc2 >
std::vector<uint8_t, Alloc>& nil::crypto3::operator^= ( std::vector< uint8_t, Alloc > &  out,
const std::vector< uint8_t, Alloc2 > &  in 
)

◆ operator|() [1/2]

ecies_flags nil::crypto3::operator| ( ecies_flags  a,
ecies_flags  b 
)
inline

◆ operator|() [2/2]

donna128 nil::crypto3::operator| ( const donna128 x,
const donna128 y 
)
inline

◆ os2ecp() [1/3]

point_gfp nil::crypto3::os2ecp ( const uint8_t  data[],
size_t  data_len,
const curve_gfp curve 
)

Perform point decoding Use ec_group::os2ecp instead

◆ os2ecp() [2/3]

std::pair< cpp_int, cpp_int > nil::crypto3::os2ecp ( const uint8_t  data[],
size_t  data_len,
const cpp_int curve_p,
const cpp_int curve_a,
const cpp_int curve_b 
)

Perform point decoding Use ec_group::os2ecp instead

Parameters
datathe encoded point
data_lenlength of data in bytes
curve_pthe curve equation prime
curve_athe curve equation a parameter
curve_bthe curve equation b parameter

◆ os2ecp() [3/3]

template<typename Alloc >
point_gfp nil::crypto3::os2ecp ( const std::vector< uint8_t, Alloc > &  data,
const curve_gfp curve 
)

◆ parse_algorithm_name()

std::vector< std::string > nil::crypto3::parse_algorithm_name ( const std::string &  scan_name)

Parse a SCAN-style algorithm name

Parameters
scan_namethe name
Returns
the name components

◆ parse_asn1_oid()

std::vector< uint32_t > nil::crypto3::parse_asn1_oid ( const std::string &  oid)

Parse an ASN.1 OID

Parameters
oidthe OID in string form
Returns
OID components

◆ pbes2_decrypt()

secure_vector< uint8_t > nil::crypto3::pbes2_decrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
const std::vector< uint8_t > &  params 
)

Decrypt a PKCS #5 v2.0 encrypted stream.

Parameters
key_bitsthe input
passphrasethe passphrase to use for decryption
paramsthe PBES2 parameters

◆ pbes2_encrypt() [1/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
const std::string &  cipher,
const std::string &  digest,
random_number_generator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0.

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

◆ pbes2_encrypt() [2/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator &  rng 
)

◆ pbes2_encrypt_iter() [1/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt_iter ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
size_t  iterations,
const std::string &  cipher,
const std::string &  digest,
random_number_generator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0.

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
iterationshow many iterations to run PBKDF2
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

◆ pbes2_encrypt_iter() [2/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt_iter ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
size_t  pbkdf_iter,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator &  rng 
)

◆ pbes2_encrypt_msec() [1/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt_msec ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
size_t *  out_iterations_if_nonnull,
const std::string &  cipher,
const std::string &  digest,
random_number_generator rng 
)

Encrypt with PBES2 from PKCS #5 v2.0.

Parameters
key_bitsthe input
passphrasethe passphrase to use for encryption
msechow many milliseconds to run PBKDF2
out_iterations_if_nonnullif not null, set to the number of PBKDF iterations used
cipherspecifies the block cipher to use to encrypt
digestspecifies the PRF to use with PBKDF2 (eg "HMAC(SHA-1)")
rnga random number generator

◆ pbes2_encrypt_msec() [2/2]

std::pair<algorithm_identifier, std::vector<uint8_t> > nil::crypto3::pbes2_encrypt_msec ( const secure_vector< uint8_t > &  key_bits,
const std::string &  passphrase,
std::chrono::milliseconds  msec,
size_t *  out_iterations_if_nonnull,
const std::string &  cipher,
const std::string &  digest,
RandomNumberGenerator &  rng 
)

◆ pbkdf2()

size_t nil::crypto3::pbkdf2 ( MessageAuthenticationCode prf,
uint8_t  out[],
size_t  out_len,
const std::string &  passphrase,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations,
std::chrono::milliseconds  msec 
)

◆ pkcs_hash_id()

std::vector< uint8_t > nil::crypto3::pkcs_hash_id ( const std::string &  hash_name)

Return the PKCS #1 hash identifier

See also
RFC 3447 section 9.2
Parameters
hash_namethe name of the hash function
Returns
uint8_t sequence identifying the hash
Exceptions
std::invalid_argumentif the hash has no known PKCS #1 hash id

◆ poly_double_n() [1/2]

void nil::crypto3::poly_double_n ( uint8_t  out[],
const uint8_t  in[],
size_t  n 
)

Polynomial doubling in GF(2^n)

◆ poly_double_n() [2/2]

void nil::crypto3::poly_double_n ( uint8_t  buf[],
size_t  n 
)
inline

◆ poly_double_n_le()

void nil::crypto3::poly_double_n_le ( uint8_t  out[],
const uint8_t  in[],
size_t  n 
)

◆ poly_double_supported_size()

bool nil::crypto3::poly_double_supported_size ( size_t  n)
inline

Returns true iff poly_double_n is implemented for this size.

◆ power_mod()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::power_mod ( const number< Backend, ExpressionTemplates > &  base,
const number< Backend, ExpressionTemplates > &  exp,
const number< Backend, ExpressionTemplates > &  mod 
)
inline

◆ prefetch_readonly()

template<typename T >
void nil::crypto3::prefetch_readonly ( const T addr,
size_t  length 
)
inline

◆ prefetch_readwrite()

template<typename T >
void nil::crypto3::prefetch_readwrite ( const T addr,
size_t  length 
)
inline

◆ probe_provider_private_key()

std::vector< std::string > nil::crypto3::probe_provider_private_key ( const std::string &  algo_name,
const std::vector< std::string > &  possible 
)

◆ probe_providers_of()

template<typename T >
std::vector<std::string> nil::crypto3::probe_providers_of ( const std::string &  algo_spec,
const std::vector< std::string > &  possible 
)

◆ pss_encode()

secure_vector<uint8_t> nil::crypto3::pss_encode ( HashFunction hash,
const secure_vector< uint8_t > &  msg,
const secure_vector< uint8_t > &  salt,
size_t  output_bits 
)

◆ pss_verify()

bool nil::crypto3::pss_verify ( HashFunction hash,
const secure_vector< uint8_t > &  pss_repr,
const secure_vector< uint8_t > &  message_hash,
size_t  key_bits,
size_t *  out_salt_size 
)

◆ random_code_element() [1/2]

gf2m nil::crypto3::random_code_element ( unsigned  code_length,
RandomNumberGenerator &  rng 
)

◆ random_code_element() [2/2]

gf2m nil::crypto3::random_code_element ( unsigned  code_length,
random_number_generator rng 
)

◆ random_gf2m() [1/2]

gf2m nil::crypto3::random_gf2m ( RandomNumberGenerator &  rng)

◆ random_gf2m() [2/2]

gf2m nil::crypto3::random_gf2m ( random_number_generator rng)

◆ random_prime()

template<typename Backend , expression_template_option ExpressionTemplates, typename UniformRandomNumberGenerator >
number<Backend, ExpressionTemplates> nil::crypto3::random_prime ( UniformRandomNumberGenerator &  rng,
size_t  bits,
const number< Backend, ExpressionTemplates > &  coprime = 0,
std::size_t  equiv = 1,
std::size_t  modulo = 2,
std::size_t  prob = 128 
)

Randomly generate a prime

Parameters
rnga random number generator
bitshow large the resulting prime should be in bits
coprimea positive integer that (prime - 1) should be coprime to
equiva non-negative number that the result should be equivalent to modulo equiv_mod
equiv_modthe modulus equiv should be checked against
probuse test so false positive is bounded by 1/2**prob
Returns
random prime with the specified criteria

◆ random_safe_prime()

template<typename UniformRandomNumberGenerator , typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::random_safe_prime ( UniformRandomNumberGenerator &  rng,
std::size_t  bits 
)

Return a 'safe' prime, of the form p=2*q+1 with q prime

Parameters
rnga random number generator
bitsis how long the resulting prime should be
Returns
prime randomly chosen from safe primes of length bits

◆ read_cfg()

std::map< std::string, std::string > nil::crypto3::read_cfg ( std::istream &  is)

◆ redc_mul()

void nil::crypto3::redc_mul ( int64_t &  s1,
int64_t &  s2,
int64_t &  s3,
int64_t &  s4,
int64_t &  s5,
int64_t &  s6,
int64_t &  X 
)
inline

◆ reduce_below()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::reduce_below ( number< Backend, ExpressionTemplates > &  val,
const number< Backend, ExpressionTemplates > &  mod 
)

◆ ressol()

template<typename Backend , expression_template_option ExpressionTemplates>
number<Backend, ExpressionTemplates> nil::crypto3::ressol ( const number< Backend, ExpressionTemplates > &  a,
const number< Backend, ExpressionTemplates > &  p 
)
inline

◆ reverse_bytes() [1/3]

uint16_t nil::crypto3::reverse_bytes ( uint16_t  val)
inline

Swap a 16 bit integer

◆ reverse_bytes() [2/3]

uint32_t nil::crypto3::reverse_bytes ( uint32_t  val)
inline

Swap a 32 bit integer

◆ reverse_bytes() [3/3]

uint64_t nil::crypto3::reverse_bytes ( uint64_t  val)
inline

Swap a 64 bit integer

◆ rfc3394_keyunwrap()

secure_vector< uint8_t > nil::crypto3::rfc3394_keyunwrap ( const secure_vector< uint8_t > &  key,
const symmetric_key kek 
)

Decrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe encrypted key to decrypt
kekthe key encryption key
Returns
key decrypted under kek

◆ rfc3394_keywrap()

secure_vector< uint8_t > nil::crypto3::rfc3394_keywrap ( const secure_vector< uint8_t > &  key,
const symmetric_key kek 
)

Encrypt a key under a key encryption key using the algorithm described in RFC 3394

Parameters
keythe plaintext key to encrypt
kekthe key encryption key
Returns
key encrypted under kek

◆ rotl()

template<size_t ROT, typename T >
T nil::crypto3::rotl ( T  input)
inline

Bit rotation left by a compile-time constant amount

Parameters
inputthe input word
Returns
input rotated left by ROT bits

◆ rotl_var()

template<typename T >
T nil::crypto3::rotl_var ( T  input,
size_t  rot 
)
inline

Bit rotation left, variable rotation amount

Parameters
inputthe input word
rotthe number of bits to rotate, must be between 0 and sizeof(T)*8-1
Returns
input rotated left by rot bits

◆ rotr()

template<size_t ROT, typename T >
T nil::crypto3::rotr ( T  input)
inline

Bit rotation right by a compile-time constant amount

Parameters
inputthe input word
Returns
input rotated right by ROT bits

◆ rotr_var()

template<typename T >
T nil::crypto3::rotr_var ( T  input,
size_t  rot 
)
inline

Bit rotation right, variable rotation amount

Parameters
inputthe input word
rotthe number of bits to rotate, must be between 0 and sizeof(T)*8-1
Returns
input rotated right by rot bits

◆ round_down()

template<typename T >
T nil::crypto3::round_down ( T  n,
T  align_to 
)
inline

Round down

Parameters
nan integer
align_tothe alignment boundary
Returns
n rounded down to a multiple of align_to

◆ round_up()

size_t nil::crypto3::round_up ( size_t  n,
size_t  align_to 
)
inline

Round up

Parameters
na non-negative integer
align_tothe alignment boundary
Returns
n rounded up to a multiple of align_to

◆ runtime_version_check()

std::string nil::crypto3::runtime_version_check ( uint32_t  major,
uint32_t  minor,
uint32_t  patch 
)

Usable for checking that the DLL version loaded at runtime exactly matches the compile-time version. Call using CRYPTO3_VERSION_* macro values. Returns the empty string if an exact match, otherwise an appropriate message. Added with 1.11.26.

◆ same_mem()

template<typename T >
bool nil::crypto3::same_mem ( const T p1,
const T p2,
size_t  n 
)
inline

Memory comparison, input insensitive

Parameters
p1a pointer to an array
p2a pointer to another array
nthe number of Ts in p1 and p2
Returns
true iff p1[i] == p2[i] forall i in [0...n)

◆ sc_muladd()

void nil::crypto3::sc_muladd ( uint8_t *  s,
const uint8_t *  a,
const uint8_t *  b,
const uint8_t *  c 
)

◆ sc_reduce()

void nil::crypto3::sc_reduce ( uint8_t *  s)

◆ search_map() [1/2]

template<typename K , typename V >
V nil::crypto3::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const V &  null_result = V() 
)
inline

◆ search_map() [2/2]

template<typename K , typename V , typename R >
R nil::crypto3::search_map ( const std::map< K, V > &  mapping,
const K &  key,
const R &  null_result,
const R &  found_result 
)
inline

◆ secure_scrub_memory()

void nil::crypto3::secure_scrub_memory ( void *  ptr,
size_t  n 
)

Scrub memory contents in a way that a compiler should not elide, using some system specific technique. Note that this function might not zero the memory (for example, in some hypothetical implementation it might combine the memory contents with the output of a system PRNG), but if you can detect any difference in behavior at runtime then the clearing is side-effecting and you can just use clear_mem.

Use this function to scrub memory just before deallocating it, or on a stack buffer before returning from the function.

Parameters
ptra pointer to memory to scrub
nthe number of bytes pointed to by ptr

◆ set_mem()

template<typename T >
void nil::crypto3::set_mem ( T ptr,
size_t  n,
uint8_t  val 
)
inline

Set memory to a fixed value

Parameters
ptra pointer to an array
nthe number of Ts pointed to by ptr
valthe value to set each byte to

◆ short_version_cstr()

const char * nil::crypto3::short_version_cstr ( )

Same as version_short_string except returning a pointer to the string.

◆ short_version_string()

std::string nil::crypto3::short_version_string ( )

Return a version string of the form "MAJOR.MINOR.PATCH" where each of the values is an integer.

◆ sig_algo_and_pad_ok()

bool nil::crypto3::sig_algo_and_pad_ok ( const std::string &  algo,
const std::string &  padding 
)

Returns true iff the given padding scheme is valid for the given signature algorithm (key type).

Parameters
algothe signature algorithm to be used
paddingthe padding scheme to be used

◆ significant_bytes()

template<typename T >
size_t nil::crypto3::significant_bytes ( T  n)
inline

Return the number of significant bytes in n

Parameters
nan integer value
Returns
number of significant bytes in n

◆ sm2_compute_za()

std::vector< uint8_t > nil::crypto3::sm2_compute_za ( HashFunction hash,
const std::string &  user_id,
const ec_group domain,
const point_gfp pubkey 
)

◆ split_on()

std::vector< std::string > nil::crypto3::split_on ( const std::string &  str,
char  delim 
)

Split a string

Parameters
strthe input string
delimthe delimitor
Returns
string split by delim

◆ split_on_pred()

std::vector< std::string > nil::crypto3::split_on_pred ( const std::string &  str,
std::function< bool(char)>  pred 
)

Split a string on a character predicate

Parameters
strthe input string
predthe predicate

◆ srp6_client_agree()

std::pair< boost::multiprecision::cpp_int, symmetric_key > nil::crypto3::srp6_client_agree ( const std::string &  username,
const std::string &  password,
const std::string &  group_id,
const std::string &  hash_id,
const std::vector< uint8_t > &  salt,
const boost::multiprecision::cpp_int B,
random_number_generator rng 
)

SRP6a Client side

Parameters
usernamethe username we are attempting login for
passwordthe password we are attempting to use
group_idspecifies the shared SRP group
hash_idspecifies a secure hash function
saltis the salt value sent by the server
Bis the server's public value
rngis a random number generator
Returns
(A,K) the client public key and the shared secret key

◆ srp6_group_identifier()

std::string nil::crypto3::srp6_group_identifier ( const boost::multiprecision::cpp_int N,
const boost::multiprecision::cpp_int g 
)

Return the group id for this SRP param set, or else thrown an exception

Parameters
Nthe group modulus
gthe group generator
Returns
group identifier

◆ std_count()

template<class InputIt , class T >
std::iterator_traits<InputIt>::difference_type nil::crypto3::std_count ( InputIt  first,
InputIt  last,
const T value 
)

◆ store_be() [1/6]

void nil::crypto3::store_be ( uint16_t  in,
uint8_t  out[2] 
)
inline

Store a big-endian uint16_t

Parameters
inthe input uint16_t
outthe byte array to write to

◆ store_be() [2/6]

void nil::crypto3::store_be ( uint32_t  in,
uint8_t  out[4] 
)
inline

Store a big-endian uint32_t

Parameters
inthe input uint32_t
outthe byte array to write to

◆ store_be() [3/6]

void nil::crypto3::store_be ( uint64_t  in,
uint8_t  out[8] 
)
inline

Store a big-endian uint64_t

Parameters
inthe input uint64_t
outthe byte array to write to

◆ store_be() [4/6]

template<typename T >
void nil::crypto3::store_be ( uint8_t  out[],
T  x0,
T  x1