_ZNK5Botan17Barrett_Reduction4cubeERKNS_6BigIntE: 66| 12| BigInt cube(const BigInt& x) const { return this->multiply(x, this->square(x)); } _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEmEET_S2_: 28| 4.80M|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 4.80M| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 4.80M| return static_cast(0) - top; 31| 4.80M|} _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEmEET_S2_: 37| 4.78M|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 4.78M| return ct_expand_top_bit(~x & (x - 1)); 39| 4.78M|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 216| 25.9M|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 25.9M| return (b ^ (mask & (a ^ b))); 219| 25.9M|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEjEEmT_: 73| 15|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 15| size_t hb = 0; 75| | 76| 90| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 75, False: 15] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 75| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 75| hb += z; 80| 75| n >>= z; 81| 75| } 82| | 83| 15| hb += n; 84| | 85| 15| return hb; 86| 15|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEjEEmT_m: 45| 75|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 75| const T a = ~x & (x - 1); 51| 75| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 75| const size_t mask = static_cast(0) - a_top; 53| 75| return mask & s; 54| 75|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEmEEmT_m: 45| 576|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 576| const T a = ~x & (x - 1); 51| 576| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 576| const size_t mask = static_cast(0) - a_top; 53| 576| return mask & s; 54| 576|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEmEEmT_: 73| 96|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 96| size_t hb = 0; 75| | 76| 672| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 576, False: 96] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 576| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 576| hb += z; 80| 576| n >>= z; 81| 576| } 82| | 83| 96| hb += n; 84| | 85| 96| return hb; 86| 96|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEmQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 101k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| | } else if constexpr(sizeof(T) == 2) { 31| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| | return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| | } else if constexpr(sizeof(T) == 4) { 37| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| | return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| 101k| } else if constexpr(sizeof(T) == 8) { 45| 101k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| 101k| return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| 101k| } 57| 101k|} _ZN5Botan2CT6Choice9from_maskEm: 303| 125k| constexpr static Choice from_mask(underlying_type v) { return Choice(v); } _ZN5Botan2CT6Choice2noEv: 307| 12| constexpr static Choice no() { return Choice(0); } _ZNK5Botan2CT6ChoicentEv: 309| 11.5k| constexpr Choice operator!() const { return Choice(~value()); } _ZNK5Botan2CT6ChoiceaaERKS1_: 311| 34.4k| constexpr Choice operator&&(const Choice& other) const { return Choice(value() & other.value()); } _ZNK5Botan2CT6ChoiceooERKS1_: 313| 24.3k| constexpr Choice operator||(const Choice& other) const { return Choice(value() | other.value()); } _ZNK5Botan2CT6Choice7as_boolEv: 329| 66.9k| constexpr bool as_bool() const { return m_value != 0; } _ZNK5Botan2CT6Choice5valueEv: 332| 151k| constexpr underlying_type value() const { return value_barrier(m_value); } _ZN5Botan2CT6ChoiceC2Em: 341| 196k| constexpr explicit Choice(underlying_type v) : m_value(CT::value_barrier(v)) {} _ZN5Botan2CT4MaskImE7is_zeroEm: 437| 4.76M| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZNK5Botan2CT4MaskImE5valueEv: 630| 9.31M| constexpr T value() const { return value_barrier(m_mask); } _ZNK5Botan2CT4MaskImEcoEv: 533| 4.48M| constexpr Mask operator~() const { return Mask(~value()); } _ZN5Botan2CT4MaskImE6expandEm: 392| 4.48M| static constexpr Mask expand(T v) { return ~Mask::is_zero(value_barrier(v)); } _ZN5Botan2CT6poisonImEEvPKT_m: 56| 96|constexpr inline void poison(const T* p, size_t n) { 57| |#if defined(BOTAN_HAS_VALGRIND) 58| | if(!std::is_constant_evaluated()) { 59| | VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); 60| | } 61| |#endif 62| | 63| 96| BOTAN_UNUSED(p, n); ------------------ | | 144| 96|#define BOTAN_UNUSED Botan::ignore_params ------------------ 64| 96|} _ZN5Botan2CT8unpoisonImEEvPKT_m: 67| 133k|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 133k| BOTAN_UNUSED(p, n); ------------------ | | 144| 133k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 133k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__16vectorImNS_16secure_allocatorImEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt19custom_unpoisonableISC_EEEvRKSC_: 128| 288|constexpr void unpoison(const R& r) { 129| 288| const std::span s{r}; 130| 288| unpoison(s.data(), s.size()); 131| 288|} _ZNK5Botan2CT4MaskImE6selectEmm: 548| 30.7k| constexpr T select(T x, T y) const { return choose(value(), x, y); } _ZN5Botan2CT9all_zerosImEENS0_4MaskIT_EEPKS3_m: 785| 107k|constexpr inline CT::Mask all_zeros(const T elem[], size_t len) { 786| 107k| T sum = 0; 787| 721k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (787:22): [True: 613k, False: 107k] ------------------ 788| 613k| sum |= elem[i]; 789| 613k| } 790| 107k| return CT::Mask::is_zero(sum); 791| 107k|} _ZN5Botan2CT4MaskImEC2Em: 637| 9.30M| constexpr explicit Mask(T m) : m_mask(m) {} _ZNK5Botan2CT4MaskImE7as_boolEv: 614| 4.96k| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskImE16unpoisoned_valueEv: 598| 130k| constexpr T unpoisoned_value() const { 599| 130k| T r = value(); 600| 130k| CT::unpoison(r); 601| 130k| return r; 602| 130k| } _ZN5Botan2CT8unpoisonITkNSt3__18integralEmEEvRKT_: 112| 131k|constexpr void unpoison(const T& p) { 113| 131k| unpoison(&p, 1); 114| 131k|} _ZN5Botan2CT4MaskImE8is_equalEmm: 442| 28.4k| static constexpr Mask is_equal(T x, T y) { 443| 28.4k| const T diff = value_barrier(x) ^ value_barrier(y); 444| 28.4k| return Mask::is_zero(diff); 445| 28.4k| } _ZNK5Botan2CT4MaskImE13if_set_returnEm: 538| 4.63k| constexpr T if_set_return(T x) const { return value() & x; } _ZN5Botan2CT4MaskImE5is_ltEmm: 450| 28.3k| static constexpr Mask is_lt(T x, T y) { 451| 28.3k| T u = x ^ ((x ^ y) | ((x - y) ^ x)); 452| 28.3k| return Mask::expand_top_bit(u); 453| 28.3k| } _ZN5Botan2CT4MaskImE14expand_top_bitEm: 415| 28.3k| static constexpr Mask expand_top_bit(T v) { return Mask(ct_expand_top_bit(v)); } _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES3_PS3_PKS3_S7_m: 738| 96|constexpr inline Mask conditional_copy_mem(T cnd, T* dest, const T* if_set, const T* if_unset, size_t elems) { 739| 96| const auto mask = CT::Mask::expand(cnd); 740| 96| return CT::conditional_copy_mem(mask, dest, if_set, if_unset, elems); 741| 96|} _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES4_PS3_PKS3_S7_m: 732| 96|constexpr inline Mask conditional_copy_mem(Mask mask, T* dest, const T* if_set, const T* if_unset, size_t elems) { 733| 96| mask.select_n(dest, if_set, if_unset, elems); 734| 96| return mask; 735| 96|} _ZNK5Botan2CT4MaskImE8select_nEPmPKmS5_m: 565| 4.36M| constexpr void select_n(T output[], const T x[], const T y[], size_t len) const { 566| 4.36M| const T mask = value(); 567| 29.8M| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (567:28): [True: 25.4M, False: 4.36M] ------------------ 568| 25.4M| output[i] = choose(mask, x[i], y[i]); 569| 25.4M| } 570| 4.36M| } _ZNK5Botan2CT4MaskImE11select_maskES2_S2_: 559| 26.0k| Mask select_mask(Mask x, Mask y) const { return Mask(select(x.value(), y.value())); } _ZN5Botan2CT4MaskImEaNES2_: 494| 98| Mask& operator&=(Mask o) { 495| 98| m_mask &= o.value(); 496| 98| return (*this); 497| 98| } _ZNK5Botan2CT4MaskImE9as_choiceEv: 619| 125k| constexpr CT::Choice as_choice() const { 620| 125k| if constexpr(sizeof(T) >= sizeof(Choice::underlying_type)) { 621| 125k| return CT::Choice::from_mask(static_cast(unpoisoned_value())); 622| | } else { 623| | return CT::Choice::from_int(unpoisoned_value()); 624| | } 625| 125k| } _ZN5Botan2CT6Choice8from_intIjQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 108| constexpr static Choice from_int(T v) { 269| 108| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 108| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 108| } _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt17custom_poisonableISB_EEEvRKSB_: 121| 96|constexpr void poison(const R& r) { 122| 96| const std::span s{r}; 123| 96| poison(s.data(), s.size()); 124| 96|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt19custom_unpoisonableISB_EEEvRKSB_: 128| 96|constexpr void unpoison(const R& r) { 129| 96| const std::span s{r}; 130| 96| unpoison(s.data(), s.size()); 131| 96|} _ZN5Botan2CT22conditional_assign_memImEENS0_4MaskIT_EES3_PS3_PKS3_m: 749| 4.36M|constexpr inline Mask conditional_assign_mem(T cnd, T* dest, const T* src, size_t elems) { 750| 4.36M| const auto mask = CT::Mask::expand(cnd); 751| 4.36M| mask.select_n(dest, src, dest, elems); 752| 4.36M| return mask; 753| 4.36M|} _ZNK5Botan2CT6Choice12into_bitmaskImQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES3_v: 291| 22.8k| constexpr T into_bitmask() const { 292| 22.8k| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 293| | // The inner mask is already |0| or |1| so just truncate 294| 22.8k| return static_cast(value()); 295| | } else { 296| | return ~ct_is_zero(value()); 297| | } 298| 22.8k| } _ZN5Botan2CT8is_equalImEENS0_4MaskIT_EEPKS3_S6_m: 798| 30.1k|constexpr inline CT::Mask is_equal(const T x[], const T y[], size_t len) { 799| 30.1k| if(std::is_constant_evaluated()) { ------------------ | Branch (799:7): [Folded, False: 30.1k] ------------------ 800| 0| T difference = 0; 801| | 802| 0| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (802:25): [True: 0, False: 0] ------------------ 803| 0| difference = difference | (x[i] ^ y[i]); 804| 0| } 805| | 806| 0| return CT::Mask::is_zero(difference); 807| 30.1k| } else { 808| 30.1k| volatile T difference = 0; 809| | 810| 184k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (810:25): [True: 154k, False: 30.1k] ------------------ 811| 154k| difference = difference | (x[i] ^ y[i]); 812| 154k| } 813| | 814| 30.1k| return CT::Mask::is_zero(difference); 815| 30.1k| } 816| 30.1k|} _ZNK5Botan13EC_Group_Data11order_bytesEv: 209| 12.6k| size_t order_bytes() const { return m_order_bytes; } _ZNK5Botan13EC_Group_Data1pEv: 169| 24| const BigInt& p() const { return m_p; } _ZNK5Botan13EC_Group_Data3oidEv: 165| 78| const OID& oid() const { return m_oid; } _ZNK5Botan13EC_Group_Data5montyEv: 184| 60| const Montgomery_Params& monty() const { return m_monty; } _ZNK5Botan13EC_Group_Data7p_wordsEv: 201| 12| size_t p_words() const { return m_p_words; } _ZNK5Botan13EC_Group_Data6pcurveEv: 282| 106k| const PCurve::PrimeOrderCurve& pcurve() const { 283| 106k| BOTAN_ASSERT_NONNULL(m_pcurve); ------------------ | | 116| 106k| do { \ | | 117| 106k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 106k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 106k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 106k] | | ------------------ ------------------ 284| 106k| return *m_pcurve; 285| 106k| } _ZN5Botan14EC_Scalar_DataD2Ev: 38| 68.4k| virtual ~EC_Scalar_Data() = default; _ZNK5Botan17EC_Scalar_Data_PC5valueEv: 53| 2.56k| const auto& value() const { return m_v; } _ZN5Botan17EC_Scalar_Data_PCC2ENSt3__110shared_ptrIKNS_13EC_Group_DataEEENS_6PCurve15PrimeOrderCurve6ScalarE: 19| 68.4k| m_group(std::move(group)), m_v(std::move(v)) {} _ZN5Botan11checked_mulITkNSt3__117unsigned_integralEmEENS1_8optionalIT_EES3_S3_: 46| 1.19k|constexpr inline std::optional checked_mul(T a, T b) { 47| | // Multiplication by 1U is a hack to work around C's insane 48| | // integer promotion rules. 49| | // https://stackoverflow.com/questions/24795651 50| 1.19k| const T r = (1U * a) * b; 51| | // If a == 0 then the multiply certainly did not overflow 52| | // Otherwise r / a == b unless overflow occurred 53| 1.19k| if(a != 0 && r / a != b) { ------------------ | Branch (53:7): [True: 1.19k, False: 0] | Branch (53:17): [True: 0, False: 1.19k] ------------------ 54| 0| return {}; 55| 0| } 56| 1.19k| return r; 57| 1.19k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEjEENS1_8optionalIT_EES3_S3_: 19| 12|constexpr inline std::optional checked_add(T a, T b) { 20| 12| const T r = a + b; 21| 12| if(r < a || r < b) { ------------------ | Branch (21:7): [True: 0, False: 12] | Branch (21:16): [True: 0, False: 12] ------------------ 22| 0| return {}; 23| 0| } 24| 12| return r; 25| 12|} _ZN5Botan13swar_in_rangeITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 114| 5.64k|constexpr T swar_in_range(T v, T lower, T upper) { 115| | // The constant 0x808080... as a T 116| 5.64k| constexpr T hi1 = (static_cast(-1) / 255) << 7; 117| | // The constant 0x7F7F7F... as a T 118| 5.64k| constexpr T lo7 = ~hi1; 119| | 120| 5.64k| const T sub = ((v | hi1) - (lower & lo7)) ^ ((v ^ (~lower)) & hi1); 121| 5.64k| const T a_lo = sub & lo7; 122| 5.64k| const T a_hi = sub & hi1; 123| 5.64k| return (lo7 - a_lo + upper) & hi1 & ~a_hi; 124| 5.64k|} _ZN5Botan23index_of_first_set_byteITkNSt3__117unsigned_integralEmEEmT_: 130| 5.64k|constexpr size_t index_of_first_set_byte(T v) { 131| | // The constant 0x010101... as a T 132| 5.64k| constexpr T lo1 = (static_cast(-1) / 255); 133| | // The constant 0x808080... as a T 134| 5.64k| constexpr T hi1 = lo1 << 7; 135| | // How many bits to shift in order to get the top byte 136| 5.64k| constexpr size_t bits = (sizeof(T) * 8) - 8; 137| | 138| 5.64k| return static_cast((((((v & hi1) - 1) & lo1) * lo1) >> bits) - 1); 139| 5.64k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 25.3k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 25.3k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 25.3k| using InT = decltype(in); 528| 25.3k| ranges::assert_exact_byte_length(out_range); 529| 25.3k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 25.3k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 25.3k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 25.3k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 25.3k| } else { 542| 25.3k| static_assert(opposite(endianness) == std::endian::native); 543| 25.3k| typecast_copy(out, reverse_bytes(in)); 544| 25.3k| } 545| 25.3k| } 546| 25.3k|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEmEEDaT_: 190| 25.3k|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 25.3k| } else { 195| 25.3k| return Botan::unwrap_strong_type(t); 196| 25.3k| } 197| 25.3k|} _ZN5Botan7load_beImJNSt3__14spanIKhLm8EEEEEEDaDpOT0_: 504| 348|inline constexpr auto load_be(ParamTs&&... params) { 505| 348| return detail::load_any(std::forward(params)...); 506| 348|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 76.2k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 76.2k| using OutT = detail::wrapped_type; 280| 76.2k| ranges::assert_exact_byte_length(in_range); 281| | 282| 76.2k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 76.2k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 76.2k| return fallback_load_any(std::forward(in_range)); 288| 76.2k| } else { 289| 76.2k| const std::span in{in_range}; 290| 76.2k| if constexpr(sizeof(OutT) == 1) { 291| 76.2k| return static_cast(in[0]); 292| 76.2k| } else if constexpr(endianness == std::endian::native) { 293| 76.2k| return typecast_copy(in); 294| 76.2k| } else { 295| 76.2k| static_assert(opposite(endianness) == std::endian::native); 296| 76.2k| return reverse_bytes(typecast_copy(in)); 297| 76.2k| } 298| 76.2k| } 299| 76.2k| }()); 300| 76.2k|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEmTkNSt3__117unsigned_integralEmEEDaT0_: 200| 76.2k|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 76.2k| } else { 204| 76.2k| return Botan::wrap_strong_type(t); 205| 76.2k| } 206| 76.2k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 76.2k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 76.2k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 76.2k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 76.2k| } else { 289| 76.2k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 76.2k| } else { 295| 76.2k| static_assert(opposite(endianness) == std::endian::native); 296| 76.2k| return reverse_bytes(typecast_copy(in)); 297| 76.2k| } 298| 76.2k| } 299| 76.2k| }()); _ZN5Botan7load_beImJRNSt3__15arrayIhLm8EEEEEEDaDpOT0_: 504| 16|inline constexpr auto load_be(ParamTs&&... params) { 505| 16| return detail::load_any(std::forward(params)...); 506| 16|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 16|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 16| using OutT = detail::wrapped_type; 280| 16| ranges::assert_exact_byte_length(in_range); 281| | 282| 16| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 16| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 16| return fallback_load_any(std::forward(in_range)); 288| 16| } else { 289| 16| const std::span in{in_range}; 290| 16| if constexpr(sizeof(OutT) == 1) { 291| 16| return static_cast(in[0]); 292| 16| } else if constexpr(endianness == std::endian::native) { 293| 16| return typecast_copy(in); 294| 16| } else { 295| 16| static_assert(opposite(endianness) == std::endian::native); 296| 16| return reverse_bytes(typecast_copy(in)); 297| 16| } 298| 16| } 299| 16| }()); 300| 16|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 16| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 16| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 16] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 16| } else { 289| 16| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 16| } else { 295| 16| static_assert(opposite(endianness) == std::endian::native); 296| 16| return reverse_bytes(typecast_copy(in)); 297| 16| } 298| 16| } 299| 16| }()); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 25.3k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 25.3k| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 25.3k| auto store_one = [off = 0](auto o, T i) mutable { 585| 25.3k| store_any(i, o.subspan(off).template first()); 586| 25.3k| off += sizeof(T); 587| 25.3k| }; 588| | 589| 25.3k| (store_one(std::span{out}, ins), ...); 590| 25.3k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clImS7_EEDaS9_SE_: 584| 25.3k| auto store_one = [off = 0](auto o, T i) mutable { 585| 25.3k| store_any(i, o.subspan(off).template first()); 586| 25.3k| off += sizeof(T); 587| 25.3k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm32EEERNS3_5arrayImLm4EEEEEEDaDpOT0_: 745| 2.00k|inline constexpr auto store_be(ParamTs&&... params) { 746| 2.00k| return detail::store_any(std::forward(params)...); 747| 2.00k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 2.00k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 2.00k| ranges::assert_equal_byte_lengths(out, in); 605| 2.00k| using element_type = std::ranges::range_value_t; 606| | 607| 2.00k| auto store_elementwise = [&] { 608| 2.00k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.00k| std::span out_s(out); 610| 2.00k| for(auto in_elem : in) { 611| 2.00k| store_any(out_s.template first(), in_elem); 612| 2.00k| out_s = out_s.subspan(bytes_per_element); 613| 2.00k| } 614| 2.00k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 2.00k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 2.00k] ------------------ 620| 0| store_elementwise(); 621| 2.00k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 2.00k| } else { 625| 2.00k| store_elementwise(); 626| 2.00k| } 627| 2.00k| } 628| 2.00k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 2.00k| auto store_elementwise = [&] { 608| 2.00k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.00k| std::span out_s(out); 610| 8.03k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 8.03k, False: 2.00k] ------------------ 611| 8.03k| store_any(out_s.template first(), in_elem); 612| 8.03k| out_s = out_s.subspan(bytes_per_element); 613| 8.03k| } 614| 2.00k| }; _ZN5Botan7load_beImJPKhmEEEDaDpOT0_: 504| 75.9k|inline constexpr auto load_be(ParamTs&&... params) { 505| 75.9k| return detail::load_any(std::forward(params)...); 506| 75.9k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmEET0_PKhm: 454| 75.9k|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 75.9k| constexpr size_t out_size = sizeof(OutT); 457| 75.9k| return load_any(std::span(in + off * out_size, out_size)); 458| 75.9k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm48EEERNS3_5arrayImLm6EEEEEEDaDpOT0_: 745| 702|inline constexpr auto store_be(ParamTs&&... params) { 746| 702| return detail::store_any(std::forward(params)...); 747| 702|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 702|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 702| ranges::assert_equal_byte_lengths(out, in); 605| 702| using element_type = std::ranges::range_value_t; 606| | 607| 702| auto store_elementwise = [&] { 608| 702| constexpr size_t bytes_per_element = sizeof(element_type); 609| 702| std::span out_s(out); 610| 702| for(auto in_elem : in) { 611| 702| store_any(out_s.template first(), in_elem); 612| 702| out_s = out_s.subspan(bytes_per_element); 613| 702| } 614| 702| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 702| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 702] ------------------ 620| 0| store_elementwise(); 621| 702| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 702| } else { 625| 702| store_elementwise(); 626| 702| } 627| 702| } 628| 702|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 702| auto store_elementwise = [&] { 608| 702| constexpr size_t bytes_per_element = sizeof(element_type); 609| 702| std::span out_s(out); 610| 4.21k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 4.21k, False: 702] ------------------ 611| 4.21k| store_any(out_s.template first(), in_elem); 612| 4.21k| out_s = out_s.subspan(bytes_per_element); 613| 4.21k| } 614| 702| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm64EEERNS3_5arrayImLm8EEEEEEDaDpOT0_: 745| 748|inline constexpr auto store_be(ParamTs&&... params) { 746| 748| return detail::store_any(std::forward(params)...); 747| 748|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 748|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 748| ranges::assert_equal_byte_lengths(out, in); 605| 748| using element_type = std::ranges::range_value_t; 606| | 607| 748| auto store_elementwise = [&] { 608| 748| constexpr size_t bytes_per_element = sizeof(element_type); 609| 748| std::span out_s(out); 610| 748| for(auto in_elem : in) { 611| 748| store_any(out_s.template first(), in_elem); 612| 748| out_s = out_s.subspan(bytes_per_element); 613| 748| } 614| 748| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 748| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 748] ------------------ 620| 0| store_elementwise(); 621| 748| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 748| } else { 625| 748| store_elementwise(); 626| 748| } 627| 748| } 628| 748|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 748| auto store_elementwise = [&] { 608| 748| constexpr size_t bytes_per_element = sizeof(element_type); 609| 748| std::span out_s(out); 610| 5.98k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 5.98k, False: 748] ------------------ 611| 5.98k| store_any(out_s.template first(), in_elem); 612| 5.98k| out_s = out_s.subspan(bytes_per_element); 613| 5.98k| } 614| 748| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__15arrayImLm9EEEEEEDaDpOT0_: 745| 366|inline constexpr auto store_be(ParamTs&&... params) { 746| 366| return detail::store_any(std::forward(params)...); 747| 366|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_: 663| 366|inline constexpr auto store_any(InR&& in_range) { 664| 366| auto out = []([[maybe_unused]] const auto& in) { 665| 366| if constexpr(std::same_as) { 666| 366| if constexpr(ranges::statically_spanable_range) { 667| 366| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 366| return std::array(); 669| 366| } else { 670| 366| static_assert( 671| 366| !std::same_as, 672| 366| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 366| } 674| 366| } else if constexpr(concepts::resizable_byte_buffer) { 675| 366| return OutR(std::span{in}.size_bytes()); 676| 366| } else { 677| 366| return OutR{}; 678| 366| } 679| 366| }(in_range); 680| | 681| 366| store_any>(out, std::forward(in_range)); 682| 366| return out; 683| 366|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSE_: 664| 366| auto out = []([[maybe_unused]] const auto& in) { 665| 366| if constexpr(std::same_as) { 666| 366| if constexpr(ranges::statically_spanable_range) { 667| 366| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 366| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 366| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 366|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 366| ranges::assert_equal_byte_lengths(out, in); 605| 366| using element_type = std::ranges::range_value_t; 606| | 607| 366| auto store_elementwise = [&] { 608| 366| constexpr size_t bytes_per_element = sizeof(element_type); 609| 366| std::span out_s(out); 610| 366| for(auto in_elem : in) { 611| 366| store_any(out_s.template first(), in_elem); 612| 366| out_s = out_s.subspan(bytes_per_element); 613| 366| } 614| 366| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 366| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 366] ------------------ 620| 0| store_elementwise(); 621| 366| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 366| } else { 625| 366| store_elementwise(); 626| 366| } 627| 366| } 628| 366|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 366| auto store_elementwise = [&] { 608| 366| constexpr size_t bytes_per_element = sizeof(element_type); 609| 366| std::span out_s(out); 610| 3.29k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 3.29k, False: 366] ------------------ 611| 3.29k| store_any(out_s.template first(), in_elem); 612| 3.29k| out_s = out_s.subspan(bytes_per_element); 613| 3.29k| } 614| 366| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm24EEERNS3_5arrayImLm3EEEEEEDaDpOT0_: 745| 599|inline constexpr auto store_be(ParamTs&&... params) { 746| 599| return detail::store_any(std::forward(params)...); 747| 599|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm24EEETkNS5_14spanable_rangeENS2_5arrayImLm3EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 599|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 599| ranges::assert_equal_byte_lengths(out, in); 605| 599| using element_type = std::ranges::range_value_t; 606| | 607| 599| auto store_elementwise = [&] { 608| 599| constexpr size_t bytes_per_element = sizeof(element_type); 609| 599| std::span out_s(out); 610| 599| for(auto in_elem : in) { 611| 599| store_any(out_s.template first(), in_elem); 612| 599| out_s = out_s.subspan(bytes_per_element); 613| 599| } 614| 599| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 599| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 599] ------------------ 620| 0| store_elementwise(); 621| 599| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 599| } else { 625| 599| store_elementwise(); 626| 599| } 627| 599| } 628| 599|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm24EEETkNS5_14spanable_rangeENS2_5arrayImLm3EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 599| auto store_elementwise = [&] { 608| 599| constexpr size_t bytes_per_element = sizeof(element_type); 609| 599| std::span out_s(out); 610| 1.79k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 1.79k, False: 599] ------------------ 611| 1.79k| store_any(out_s.template first(), in_elem); 612| 1.79k| out_s = out_s.subspan(bytes_per_element); 613| 1.79k| } 614| 599| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__15arrayImLm4EEEEEEDaDpOT0_: 745| 509|inline constexpr auto store_be(ParamTs&&... params) { 746| 509| return detail::store_any(std::forward(params)...); 747| 509|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm4EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_: 663| 509|inline constexpr auto store_any(InR&& in_range) { 664| 509| auto out = []([[maybe_unused]] const auto& in) { 665| 509| if constexpr(std::same_as) { 666| 509| if constexpr(ranges::statically_spanable_range) { 667| 509| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 509| return std::array(); 669| 509| } else { 670| 509| static_assert( 671| 509| !std::same_as, 672| 509| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 509| } 674| 509| } else if constexpr(concepts::resizable_byte_buffer) { 675| 509| return OutR(std::span{in}.size_bytes()); 676| 509| } else { 677| 509| return OutR{}; 678| 509| } 679| 509| }(in_range); 680| | 681| 509| store_any>(out, std::forward(in_range)); 682| 509| return out; 683| 509|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm4EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSE_: 664| 509| auto out = []([[maybe_unused]] const auto& in) { 665| 509| if constexpr(std::same_as) { 666| 509| if constexpr(ranges::statically_spanable_range) { 667| 509| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 509| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 509| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm32EEETkNS4_14spanable_rangeENS6_ImLm4EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 509|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 509| ranges::assert_equal_byte_lengths(out, in); 605| 509| using element_type = std::ranges::range_value_t; 606| | 607| 509| auto store_elementwise = [&] { 608| 509| constexpr size_t bytes_per_element = sizeof(element_type); 609| 509| std::span out_s(out); 610| 509| for(auto in_elem : in) { 611| 509| store_any(out_s.template first(), in_elem); 612| 509| out_s = out_s.subspan(bytes_per_element); 613| 509| } 614| 509| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 509| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 509] ------------------ 620| 0| store_elementwise(); 621| 509| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 509| } else { 625| 509| store_elementwise(); 626| 509| } 627| 509| } 628| 509|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm32EEETkNS4_14spanable_rangeENS6_ImLm4EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 509| auto store_elementwise = [&] { 608| 509| constexpr size_t bytes_per_element = sizeof(element_type); 609| 509| std::span out_s(out); 610| 2.03k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 2.03k, False: 509] ------------------ 611| 2.03k| store_any(out_s.template first(), in_elem); 612| 2.03k| out_s = out_s.subspan(bytes_per_element); 613| 2.03k| } 614| 509| }; _ZN5Botan14zeroize_bufferITkNSt3__117unsigned_integralEmEEvPT_m: 37| 690|inline void zeroize_buffer(T buf[], size_t n) { 38| 690| if(n > 0) { ------------------ | Branch (38:7): [True: 684, False: 6] ------------------ 39| 684| std::memset(buf, 0, sizeof(T) * n); 40| 684| } 41| 690|} _ZN5Botan21unchecked_copy_memoryITkNSt3__117unsigned_integralEmEEvPT_PKS2_m: 44| 270|inline void unchecked_copy_memory(T* out, const T* in, size_t n) { 45| 270| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (45:7): [True: 270, False: 0] | Branch (45:24): [True: 270, False: 0] | Branch (45:42): [True: 270, False: 0] ------------------ 46| 270| std::memmove(out, in, sizeof(T) * n); 47| 270| } 48| 270|} _ZNK5Botan17Montgomery_Params1pEv: 41| 48| const BigInt& p() const { return m_data->p(); } _ZNK5Botan17Montgomery_Params2R1Ev: 43| 12| const BigInt& R1() const { return m_data->r1(); } _ZNK5Botan17Montgomery_Params2R2Ev: 45| 48| const BigInt& R2() const { return m_data->r2(); } _ZNK5Botan17Montgomery_Params6p_dashEv: 49| 48| word p_dash() const { return m_data->p_dash(); } _ZNK5Botan17Montgomery_Params7p_wordsEv: 51| 72| size_t p_words() const { return m_data->p_size(); } _ZNK5Botan17Montgomery_Params4Data1pEv: 76| 48| const BigInt& p() const { return m_p; } _ZNK5Botan17Montgomery_Params4Data2r1Ev: 78| 12| const BigInt& r1() const { return m_r1; } _ZNK5Botan17Montgomery_Params4Data2r2Ev: 80| 48| const BigInt& r2() const { return m_r2; } _ZNK5Botan17Montgomery_Params4Data6p_dashEv: 84| 48| word p_dash() const { return m_p_dash; } _ZNK5Botan17Montgomery_Params4Data6p_sizeEv: 86| 72| size_t p_size() const { return m_p_words; } _ZN5Botan10word8_add2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 268| 405k|inline constexpr auto word8_add2(W x[8], const W y[8], W carry) -> W { 269| 405k|#if defined(BOTAN_MP_USE_X86_64_ASM) 270| 405k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (270:7): [True: 0, Folded] | Branch (270:36): [True: 0, Folded] ------------------ 271| 405k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq")) 272| 405k| : [carry] "=r"(carry) 273| 405k| : [x] "r"(x), [y] "r"(y), "0"(carry) 274| 405k| : "cc", "memory"); 275| 405k| return carry; 276| 405k| } 277| 0|#endif 278| | 279| 0| x[0] = word_add(x[0], y[0], &carry); 280| 0| x[1] = word_add(x[1], y[1], &carry); 281| 0| x[2] = word_add(x[2], y[2], &carry); 282| 0| x[3] = word_add(x[3], y[3], &carry); 283| 0| x[4] = word_add(x[4], y[4], &carry); 284| 0| x[5] = word_add(x[5], y[5], &carry); 285| 0| x[6] = word_add(x[6], y[6], &carry); 286| 0| x[7] = word_add(x[7], y[7], &carry); 287| 0| return carry; 288| 405k|} _ZN5Botan8word_addITkNS_8WordTypeEmEET_S1_S1_PS1_: 231| 11.9M|inline constexpr auto word_add(W x, W y, W* carry) -> W { 232| 11.9M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_addc) 233| 11.9M| if(!std::is_constant_evaluated()) { ------------------ | Branch (233:7): [True: 11.9M, Folded] ------------------ 234| | if constexpr(std::same_as) { 235| | return __builtin_addc(x, y, *carry & 1, carry); 236| 11.9M| } else if constexpr(std::same_as) { 237| 11.9M| return __builtin_addcl(x, y, *carry & 1, carry); 238| | } else if constexpr(std::same_as) { 239| | return __builtin_addcll(x, y, *carry & 1, carry); 240| | } 241| 11.9M| } 242| 0|#endif 243| | 244| | if constexpr(WordInfo::dword_is_native && use_dword_for_word_add) { 245| | /* 246| | TODO(Botan4) this is largely a performance hack for GCCs that don't 247| | support __builtin_addc, if we increase the minimum supported version of 248| | GCC to GCC 14 then we can remove this and not worry about it 249| | */ 250| | const W cb = *carry & 1; 251| | const auto s = typename WordInfo::dword(x) + y + cb; 252| | *carry = static_cast(s >> WordInfo::bits); 253| | return static_cast(s); 254| 11.9M| } else { 255| 11.9M| const W cb = *carry & 1; 256| 11.9M| W z = x + y; 257| 11.9M| W c1 = (z < x); 258| 11.9M| z += cb; 259| 11.9M| *carry = c1 | (z < cb); 260| 11.9M| return z; 261| 11.9M| } 262| 11.9M|} _ZN5Botan10word8_sub2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 345| 156|inline constexpr auto word8_sub2(W x[8], const W y[8], W carry) -> W { 346| 156|#if defined(BOTAN_MP_USE_X86_64_ASM) 347| 156| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (347:7): [True: 0, Folded] | Branch (347:36): [True: 0, Folded] ------------------ 348| 156| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq")) 349| 156| : [carry] "=r"(carry) 350| 156| : [x] "r"(x), [y] "r"(y), "0"(carry) 351| 156| : "cc", "memory"); 352| 156| return carry; 353| 156| } 354| 0|#endif 355| | 356| 0| x[0] = word_sub(x[0], y[0], &carry); 357| 0| x[1] = word_sub(x[1], y[1], &carry); 358| 0| x[2] = word_sub(x[2], y[2], &carry); 359| 0| x[3] = word_sub(x[3], y[3], &carry); 360| 0| x[4] = word_sub(x[4], y[4], &carry); 361| 0| x[5] = word_sub(x[5], y[5], &carry); 362| 0| x[6] = word_sub(x[6], y[6], &carry); 363| 0| x[7] = word_sub(x[7], y[7], &carry); 364| 0| return carry; 365| 156|} _ZN5Botan8word_subITkNS_8WordTypeEmEET_S1_S1_PS1_: 320| 32.2M|inline constexpr auto word_sub(W x, W y, W* carry) -> W { 321| 32.2M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_subc) 322| 32.2M| if(!std::is_constant_evaluated()) { ------------------ | Branch (322:7): [True: 32.2M, Folded] ------------------ 323| | if constexpr(std::same_as) { 324| | return __builtin_subc(x, y, *carry & 1, carry); 325| 32.2M| } else if constexpr(std::same_as) { 326| 32.2M| return __builtin_subcl(x, y, *carry & 1, carry); 327| | } else if constexpr(std::same_as) { 328| | return __builtin_subcll(x, y, *carry & 1, carry); 329| | } 330| 32.2M| } 331| 0|#endif 332| | 333| 0| const W cb = *carry & 1; 334| 32.2M| W t0 = x - y; 335| 32.2M| W c1 = (t0 > x); 336| 32.2M| W z = t0 - cb; 337| 32.2M| *carry = c1 | (z > t0); 338| 32.2M| return z; 339| 32.2M|} _ZN5Botan10word8_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 371| 600k|inline constexpr auto word8_sub3(W z[8], const W x[8], const W y[8], W carry) -> W { 372| 600k|#if defined(BOTAN_MP_USE_X86_64_ASM) 373| 600k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (373:7): [True: 0, Folded] | Branch (373:36): [True: 0, Folded] ------------------ 374| 600k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq")) 375| 600k| : [carry] "=r"(carry) 376| 600k| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 377| 600k| : "cc", "memory"); 378| 600k| return carry; 379| 600k| } 380| 0|#endif 381| | 382| 0| z[0] = word_sub(x[0], y[0], &carry); 383| 0| z[1] = word_sub(x[1], y[1], &carry); 384| 0| z[2] = word_sub(x[2], y[2], &carry); 385| 0| z[3] = word_sub(x[3], y[3], &carry); 386| 0| z[4] = word_sub(x[4], y[4], &carry); 387| 0| z[5] = word_sub(x[5], y[5], &carry); 388| 0| z[6] = word_sub(x[6], y[6], &carry); 389| 0| z[7] = word_sub(x[7], y[7], &carry); 390| 0| return carry; 391| 600k|} _ZN5Botan10word8_add3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 294| 4|inline constexpr auto word8_add3(W z[8], const W x[8], const W y[8], W carry) -> W { 295| 4|#if defined(BOTAN_MP_USE_X86_64_ASM) 296| 4| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (296:7): [True: 0, Folded] | Branch (296:36): [True: 0, Folded] ------------------ 297| 4| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq")) 298| 4| : [carry] "=r"(carry) 299| 4| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 300| 4| : "cc", "memory"); 301| 4| return carry; 302| 4| } 303| 0|#endif 304| | 305| 0| z[0] = word_add(x[0], y[0], &carry); 306| 0| z[1] = word_add(x[1], y[1], &carry); 307| 0| z[2] = word_add(x[2], y[2], &carry); 308| 0| z[3] = word_add(x[3], y[3], &carry); 309| 0| z[4] = word_add(x[4], y[4], &carry); 310| 0| z[5] = word_add(x[5], y[5], &carry); 311| 0| z[6] = word_add(x[6], y[6], &carry); 312| 0| z[7] = word_add(x[7], y[7], &carry); 313| 0| return carry; 314| 4|} _ZN5Botan13word8_linmul3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 397| 60|inline constexpr auto word8_linmul3(W z[8], const W x[8], W y, W carry) -> W { 398| 60|#if defined(BOTAN_MP_USE_X86_64_ASM) 399| 60| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (399:7): [True: 0, Folded] | Branch (399:36): [True: 0, Folded] ------------------ 400| 60| asm(DO_8_TIMES(LINMUL_OP, "z") 401| 60| : [carry] "=r"(carry) 402| 60| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 403| 60| : "cc", "%rax", "%rdx", "memory"); 404| 60| return carry; 405| 60| } 406| 0|#endif 407| | 408| 0| z[0] = word_madd2(x[0], y, &carry); 409| 0| z[1] = word_madd2(x[1], y, &carry); 410| 0| z[2] = word_madd2(x[2], y, &carry); 411| 0| z[3] = word_madd2(x[3], y, &carry); 412| 0| z[4] = word_madd2(x[4], y, &carry); 413| 0| z[5] = word_madd2(x[5], y, &carry); 414| 0| z[6] = word_madd2(x[6], y, &carry); 415| 0| z[7] = word_madd2(x[7], y, &carry); 416| 0| return carry; 417| 60|} _ZN5Botan10word_madd2ITkNS_8WordTypeEmEET_S1_S1_PS1_: 90| 87.8k|inline constexpr auto word_madd2(W a, W b, W* c) -> W { 91| 87.8k|#if defined(BOTAN_MP_USE_X86_64_ASM) 92| 87.8k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (92:7): [True: 0, Folded] | Branch (92:36): [True: 0, Folded] ------------------ 93| 87.8k| asm(R"( 94| 87.8k| mulq %[b] 95| 87.8k| addq %[c],%[a] 96| 87.8k| adcq $0,%[carry] 97| 87.8k| )" 98| 87.8k| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*c) 99| 87.8k| : "0"(a), "1"(b), [c] "g"(*c) 100| 87.8k| : "cc"); 101| | 102| 87.8k| return a; 103| 87.8k| } 104| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 105| | if(std::same_as && !std::is_constant_evaluated()) { 106| | W lo = 0; 107| | W hi = 0; 108| | asm(R"( 109| | mul %[lo], %[a], %[b] 110| | umulh %[hi], %[a], %[b] 111| | adds %[lo], %[lo], %[c] 112| | adc %[hi], %[hi], xzr 113| | )" 114| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 115| | : [a] "r"(a), [b] "r"(b), [c] "r"(*c) 116| | : "cc"); 117| | 118| | *c = hi; 119| | return lo; 120| | } 121| |#endif 122| | 123| 0| typedef typename WordInfo::dword dword; 124| 0| const dword s = dword(a) * b + *c; 125| 0| *c = static_cast(s >> WordInfo::bits); 126| 0| return static_cast(s); 127| 87.8k|} _ZN5Botan11word8_madd3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 423| 152|inline constexpr auto word8_madd3(W z[8], const W x[8], W y, W carry) -> W { 424| 152|#if defined(BOTAN_MP_USE_X86_64_ASM) 425| 152| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (425:7): [True: 0, Folded] | Branch (425:36): [True: 0, Folded] ------------------ 426| 152| asm(DO_8_TIMES(MULADD_OP, "") 427| 152| : [carry] "=r"(carry) 428| 152| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 429| 152| : "cc", "%rax", "%rdx", "memory"); 430| 152| return carry; 431| 152| } 432| 0|#endif 433| | 434| 0| z[0] = word_madd3(x[0], y, z[0], &carry); 435| 0| z[1] = word_madd3(x[1], y, z[1], &carry); 436| 0| z[2] = word_madd3(x[2], y, z[2], &carry); 437| 0| z[3] = word_madd3(x[3], y, z[3], &carry); 438| 0| z[4] = word_madd3(x[4], y, z[4], &carry); 439| 0| z[5] = word_madd3(x[5], y, z[5], &carry); 440| 0| z[6] = word_madd3(x[6], y, z[6], &carry); 441| 0| z[7] = word_madd3(x[7], y, z[7], &carry); 442| 0| return carry; 443| 152|} _ZN5Botan10word_madd3ITkNS_8WordTypeEmEET_S1_S1_S1_PS1_: 133| 580k|inline constexpr auto word_madd3(W a, W b, W c, W* d) -> W { 134| 580k|#if defined(BOTAN_MP_USE_X86_64_ASM) 135| 580k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (135:7): [True: 0, Folded] | Branch (135:36): [True: 0, Folded] ------------------ 136| 580k| asm(R"( 137| 580k| mulq %[b] 138| 580k| 139| 580k| addq %[c],%[a] 140| 580k| adcq $0,%[carry] 141| 580k| 142| 580k| addq %[d],%[a] 143| 580k| adcq $0,%[carry] 144| 580k| )" 145| 580k| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*d) 146| 580k| : "0"(a), "1"(b), [c] "g"(c), [d] "g"(*d) 147| 580k| : "cc"); 148| | 149| 580k| return a; 150| 580k| } 151| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 152| | if(std::same_as && !std::is_constant_evaluated()) { 153| | W lo = 0; 154| | W hi = 0; 155| | asm(R"( 156| | mul %[lo], %[a], %[b] 157| | umulh %[hi], %[a], %[b] 158| | adds %[lo], %[lo], %[c] 159| | adc %[hi], %[hi], xzr 160| | adds %[lo], %[lo], %[d] 161| | adc %[hi], %[hi], xzr 162| | )" 163| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 164| | : [a] "r"(a), [b] "r"(b), [c] "r"(c), [d] "r"(*d) 165| | : "cc"); 166| | 167| | *d = hi; 168| | return lo; 169| | } 170| |#endif 171| | 172| 0| typedef typename WordInfo::dword dword; 173| 0| const dword s = dword(a) * b + c + *d; 174| 0| *d = static_cast(s >> WordInfo::bits); 175| 0| return static_cast(s); 176| 580k|} _ZN5Botan5word3ImE3mulEmm: 460| 165M| inline constexpr void mul(W x, W y) { m_w += static_cast(x) * y; } _ZN5Botan5word3ImE7extractEv: 466| 60.7M| inline constexpr W extract() { 467| 60.7M| W r = static_cast(m_w); 468| 60.7M| m_w >>= WordInfo::bits; 469| 60.7M| return r; 470| 60.7M| } _ZN5Botan5word3ImE3addEm: 464| 36.1M| inline constexpr void add(W x) { m_w += x; } _ZN5Botan5word3ImE10monty_stepEmm: 472| 18.0M| inline constexpr W monty_step(W p0, W p_dash) { 473| 18.0M| const W w0 = static_cast(m_w); 474| 18.0M| const W r = w0 * p_dash; 475| 18.0M| mul(r, p0); 476| 18.0M| m_w >>= WordInfo::bits; 477| 18.0M| return r; 478| 18.0M| } _ZN5Botan5word3ImEC2Ev: 458| 6.50M| constexpr word3() : m_w(0) {} _ZN5Botan5word3ImE6mul_x2Emm: 462| 40.7M| inline constexpr void mul_x2(W x, W y) { m_w += static_cast(x) * y * 2; } _ZN5Botan11bigint_add2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 94| 1.21M|inline constexpr auto bigint_add2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 95| 1.21M| W carry = 0; 96| | 97| 1.21M| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 1.21M| do { \ | | 65| 1.21M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 1.21M| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 1.21M] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 1.21M| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 1.21M] | | ------------------ ------------------ 98| | 99| 1.21M| const size_t blocks = y_size - (y_size % 8); 100| | 101| 1.62M| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (101:22): [True: 405k, False: 1.21M] ------------------ 102| 405k| carry = word8_add2(x + i, y + i, carry); 103| 405k| } 104| | 105| 4.72M| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (105:27): [True: 3.50M, False: 1.21M] ------------------ 106| 3.50M| x[i] = word_add(x[i], y[i], &carry); 107| 3.50M| } 108| | 109| 1.62M| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (109:27): [True: 406k, False: 1.21M] ------------------ 110| 406k| x[i] = word_add(x[i], static_cast(0), &carry); 111| 406k| } 112| | 113| 1.21M| return carry; 114| 1.21M|} _ZN5Botan10bigint_cmpITkNS_8WordTypeEmEEiPKT_mS3_m: 439| 314|inline constexpr int32_t bigint_cmp(const W x[], size_t x_size, const W y[], size_t y_size) { 440| 314| static_assert(sizeof(W) >= sizeof(uint32_t), "Size assumption"); 441| | 442| 314| const W LT = static_cast(-1); 443| 314| const W EQ = 0; 444| 314| const W GT = 1; 445| | 446| 314| const size_t common_elems = std::min(x_size, y_size); 447| | 448| 314| W result = EQ; // until found otherwise 449| | 450| 2.65k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (450:22): [True: 2.34k, False: 314] ------------------ 451| 2.34k| const auto is_eq = CT::Mask::is_equal(x[i], y[i]); 452| 2.34k| const auto is_lt = CT::Mask::is_lt(x[i], y[i]); 453| | 454| 2.34k| result = is_eq.select(result, is_lt.select(LT, GT)); 455| 2.34k| } 456| | 457| 314| if(x_size < y_size) { ------------------ | Branch (457:7): [True: 0, False: 314] ------------------ 458| 0| W mask = 0; 459| 0| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (459:30): [True: 0, False: 0] ------------------ 460| 0| mask |= y[i]; 461| 0| } 462| | 463| | // If any bits were set in high part of y, then x < y 464| 0| result = CT::Mask::is_zero(mask).select(result, LT); 465| 314| } else if(y_size < x_size) { ------------------ | Branch (465:14): [True: 49, False: 265] ------------------ 466| 49| W mask = 0; 467| 138| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (467:30): [True: 89, False: 49] ------------------ 468| 89| mask |= x[i]; 469| 89| } 470| | 471| | // If any bits were set in high part of x, then x > y 472| 49| result = CT::Mask::is_zero(mask).select(result, GT); 473| 49| } 474| | 475| 314| CT::unpoison(result); 476| 314| BOTAN_DEBUG_ASSERT(result == LT || result == GT || result == EQ); ------------------ | | 130| 314| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 314| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 314] | | ------------------ ------------------ 477| 314| return static_cast(result); 478| 314|} _ZN5Botan11bigint_sub2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 148| 265|inline constexpr auto bigint_sub2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 149| 265| W borrow = 0; 150| | 151| 265| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 265| do { \ | | 65| 265| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 265| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 265] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 265| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 265] | | ------------------ ------------------ 152| | 153| 265| const size_t blocks = y_size - (y_size % 8); 154| | 155| 421| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (155:22): [True: 156, False: 265] ------------------ 156| 156| borrow = word8_sub2(x + i, y + i, borrow); 157| 156| } 158| | 159| 1.22k| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (159:27): [True: 960, False: 265] ------------------ 160| 960| x[i] = word_sub(x[i], y[i], &borrow); 161| 960| } 162| | 163| 302| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (163:27): [True: 37, False: 265] ------------------ 164| 37| x[i] = word_sub(x[i], static_cast(0), &borrow); 165| 37| } 166| | 167| 265| return borrow; 168| 265|} _ZN5Botan11bigint_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 192| 1.65M|inline constexpr auto bigint_sub3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 193| 1.65M| W borrow = 0; 194| | 195| 1.65M| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 1.65M| do { \ | | 65| 1.65M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 1.65M| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 1.65M] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 1.65M| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 1.65M] | | ------------------ ------------------ 196| | 197| 1.65M| const size_t blocks = y_size - (y_size % 8); 198| | 199| 2.25M| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (199:22): [True: 600k, False: 1.65M] ------------------ 200| 600k| borrow = word8_sub3(z + i, x + i, y + i, borrow); 201| 600k| } 202| | 203| 6.51M| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (203:27): [True: 4.85M, False: 1.65M] ------------------ 204| 4.85M| z[i] = word_sub(x[i], y[i], &borrow); 205| 4.85M| } 206| | 207| 1.65M| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (207:27): [True: 280, False: 1.65M] ------------------ 208| 280| z[i] = word_sub(x[i], static_cast(0), &borrow); 209| 280| } 210| | 211| 1.65M| return borrow; 212| 1.65M|} _ZN5Botan11bigint_add3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 120| 25|inline constexpr auto bigint_add3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 121| 25| if(x_size < y_size) { ------------------ | Branch (121:7): [True: 1, False: 24] ------------------ 122| 1| return bigint_add3(z, y, y_size, x, x_size); 123| 1| } 124| | 125| 24| W carry = 0; 126| | 127| 24| const size_t blocks = y_size - (y_size % 8); 128| | 129| 28| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (129:22): [True: 4, False: 24] ------------------ 130| 4| carry = word8_add3(z + i, x + i, y + i, carry); 131| 4| } 132| | 133| 99| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (133:27): [True: 75, False: 24] ------------------ 134| 75| z[i] = word_add(x[i], y[i], &carry); 135| 75| } 136| | 137| 46| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (137:27): [True: 22, False: 24] ------------------ 138| 22| z[i] = word_add(x[i], static_cast(0), &carry); 139| 22| } 140| | 141| 24| return carry; 142| 25|} _ZN5Botan14bigint_linmul3ITkNS_8WordTypeEmEEvPT_PKS1_mS1_: 416| 132|inline constexpr void bigint_linmul3(W z[], const W x[], size_t x_size, W y) { 417| 132| const size_t blocks = x_size - (x_size % 8); 418| | 419| 132| W carry = 0; 420| | 421| 192| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (421:22): [True: 60, False: 132] ------------------ 422| 60| carry = word8_linmul3(z + i, x + i, y, carry); 423| 60| } 424| | 425| 682| for(size_t i = blocks; i != x_size; ++i) { ------------------ | Branch (425:27): [True: 550, False: 132] ------------------ 426| 550| z[i] = word_madd2(x[i], y, &carry); 427| 550| } 428| | 429| 132| z[x_size] = carry; 430| 132|} _ZN5Botan14divide_precompImEC2Em: 574| 36| explicit constexpr divide_precomp(W divisor) : m_divisor(divisor) { 575| 36| BOTAN_ARG_CHECK(m_divisor != 0, "Division by zero"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 576| 36| } _ZNK5Botan14divide_precompImE16vartime_div_2to1Emm: 581| 226| inline constexpr W vartime_div_2to1(W n1, W n0) const { 582| 226| BOTAN_ASSERT_NOMSG(n1 < m_divisor); ------------------ | | 77| 226| do { \ | | 78| 226| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 226| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 226] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 226| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 226] | | ------------------ ------------------ 583| | 584| 226| if(m_divisor == WordInfo::max) { ------------------ | Branch (584:13): [True: 118, False: 108] ------------------ 585| 118| return vartime_div_2to1_max_d(n1, n0); 586| 118| } 587| | 588| 108| if(m_divisor == WordInfo::top_bit) { ------------------ | Branch (588:13): [True: 0, False: 108] ------------------ 589| | // Simply a shift by N-1 bits 590| 0| return (n1 << 1) | (n0 >> (WordInfo::bits - 1)); 591| 0| } 592| | 593| 108| if(!std::is_constant_evaluated()) { ------------------ | Branch (593:13): [True: 108, Folded] ------------------ 594| 108|#if defined(BOTAN_MP_USE_X86_64_ASM) 595| 108| if constexpr(std::same_as) { 596| 108| W quotient = 0; 597| 108| W remainder = 0; 598| | // NOLINTNEXTLINE(*-no-assembler) 599| 108| asm("divq %[v]" : "=a"(quotient), "=d"(remainder) : [v] "r"(m_divisor), "a"(n0), "d"(n1) : "cc"); 600| 108| return quotient; 601| 108| } 602| 0|#endif 603| | 604| 0|#if !defined(BOTAN_BUILD_COMPILER_IS_CLANGCL) 605| | 606| | /* clang-cl has a bug where on encountering a 128/64 division it emits 607| | * a call to __udivti3() but then fails to link the relevant builtin into 608| | * the binary, causing a link failure. Work around this by simply omitting 609| | * such code for clang-cl 610| | * 611| | * See https://github.com/llvm/llvm-project/issues/25679 612| | */ 613| 108| if constexpr(WordInfo::dword_is_native) { 614| 108| typename WordInfo::dword n = n1; 615| 108| n <<= WordInfo::bits; 616| 108| n |= n0; 617| 108| return static_cast(n / m_divisor); 618| 108| } 619| 108|#endif 620| 108| } 621| | 622| 0| W high = n1; 623| 108| W quotient = 0; 624| | 625| 108| for(size_t i = 0; i != WordInfo::bits; ++i) { ------------------ | Branch (625:28): [True: 0, False: 108] ------------------ 626| 0| const W high_top_bit = high >> (WordInfo::bits - 1); 627| | 628| 0| high <<= 1; 629| 0| high |= (n0 >> (WordInfo::bits - 1 - i)) & 1; 630| 0| quotient <<= 1; 631| | 632| 0| if(high_top_bit || high >= m_divisor) { ------------------ | Branch (632:16): [True: 0, False: 0] | Branch (632:32): [True: 0, False: 0] ------------------ 633| 0| high -= m_divisor; 634| 0| quotient |= 1; 635| 0| } 636| 0| } 637| | 638| 108| return quotient; 639| 108| } _ZN5Botan14divide_precompImE22vartime_div_2to1_max_dEmm: 657| 118| static inline constexpr W vartime_div_2to1_max_d(W n1, W n0) { 658| | /* 659| | Use k to refer to WordInfo::bits 660| | 661| | We are dividing n = (n1 * 2^k) + n0 by 2^k - 1 662| | 663| | Recall that 2^k = 1 (mod 2^k - 1) 664| | 665| | Rewrite n = n1*2^k + n0 as n1*(2^k - 1) + n1 + n0 666| | 667| | The result of dividing n by (2^k - 1) will be equal to 668| | (n1*(2^k-1) + n1 + n0) / (2^k-1) = 669| | n1 + ((n1 + n0) / (2^k-1) 670| | 671| | Use c to refer to ((n1 + n0) / (2^k-1)) 672| | 673| | If (n1 + n0) < (2^k - 1) then c is 0 674| | If (n1 + n0) >= (2^k - 1) then c is 1 675| | 676| | Since n1 < 2^k - 1 [*] and n0 <= 2^k - 1 it is impossible for (n1 + n0) / (2^k -1) 677| | to be greater than 1. 678| | 679| | [*] We require n1 be strictly less than the divisor to ensure that the 680| | output fits in a single word; this is checked at the start of vartime_div_2to1. 681| | */ 682| | 683| 118| const W s = n0 + n1; 684| | // did n0 + n1 overflow? or does (n0 + n1) == 2^k - 1? if either, c == 1 685| 118| if(s < n0 || s == WordInfo::max) { ------------------ | Branch (685:13): [True: 14, False: 104] | Branch (685:23): [True: 0, False: 104] ------------------ 686| 14| n1 += 1; 687| 14| } 688| | 689| 118| return n1; 690| 118| } _ZN5Botan11bigint_shl1ITkNS_8WordTypeEmEEvPT_mmm: 309| 6|inline constexpr void bigint_shl1(W x[], size_t x_size, size_t x_words, size_t shift) { 310| 6| const size_t word_shift = shift / WordInfo::bits; 311| 6| const size_t bit_shift = shift % WordInfo::bits; 312| | 313| 6| BOTAN_ASSERT_NOMSG(word_shift <= x_size); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 314| 6| BOTAN_ASSERT_NOMSG(x_words <= x_size - word_shift); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 315| | 316| 6| unchecked_copy_memory(x + word_shift, x, x_words); 317| 6| zeroize_buffer(x, word_shift); 318| | 319| 6| const auto carry_mask = CT::Mask::expand(bit_shift); 320| 6| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 321| | 322| 6| W carry = 0; 323| 51| for(size_t i = word_shift; i != x_size; ++i) { ------------------ | Branch (323:31): [True: 45, False: 6] ------------------ 324| 45| const W w = x[i]; 325| 45| x[i] = (w << bit_shift) | carry; 326| 45| carry = carry_mask.if_set_return(w >> carry_shift); 327| 45| } 328| 6|} _ZN5Botan11bigint_shr1ITkNS_8WordTypeEmEEvPT_mm: 331| 228|inline constexpr void bigint_shr1(W x[], size_t x_size, size_t shift) { 332| 228| const size_t word_shift = shift / WordInfo::bits; 333| 228| const size_t bit_shift = shift % WordInfo::bits; 334| | 335| 228| const size_t top = x_size >= word_shift ? (x_size - word_shift) : 0; ------------------ | Branch (335:23): [True: 228, False: 0] ------------------ 336| | 337| 228| if(top > 0) { ------------------ | Branch (337:7): [True: 228, False: 0] ------------------ 338| 228| unchecked_copy_memory(x, x + word_shift, top); 339| 228| } 340| 228| zeroize_buffer(x + top, std::min(word_shift, x_size)); 341| | 342| 228| const auto carry_mask = CT::Mask::expand(bit_shift); 343| 228| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 344| | 345| 228| W carry = 0; 346| | 347| 4.32k| for(size_t i = 0; i != top; ++i) { ------------------ | Branch (347:22): [True: 4.09k, False: 228] ------------------ 348| 4.09k| const W w = x[top - i - 1]; 349| 4.09k| x[top - i - 1] = (w >> bit_shift) | carry; 350| 4.09k| carry = carry_mask.if_set_return(w << carry_shift); 351| 4.09k| } 352| 228|} _ZN5Botan17bigint_monty_redcEPmPKmS2_mmS0_m: 924| 48| word r[], const word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 925| 48| const size_t z_size = 2 * p_size; 926| | 927| 48| BOTAN_ARG_CHECK(ws_size >= p_size, "Montgomery reduction workspace too small"); ------------------ | | 35| 48| do { \ | | 36| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 48| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 48] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 48| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 48] | | ------------------ ------------------ 928| | 929| 48| if(p_size == 4) { ------------------ | Branch (929:7): [True: 24, False: 24] ------------------ 930| 24| bigint_monty_redc_4(r, z, p, p_dash, ws); 931| 24| } else if(p_size == 6) { ------------------ | Branch (931:14): [True: 8, False: 16] ------------------ 932| 8| bigint_monty_redc_6(r, z, p, p_dash, ws); 933| 16| } else if(p_size == 8) { ------------------ | Branch (933:14): [True: 8, False: 8] ------------------ 934| 8| bigint_monty_redc_8(r, z, p, p_dash, ws); 935| 8| } else if(p_size == 12) { ------------------ | Branch (935:14): [True: 0, False: 8] ------------------ 936| 0| bigint_monty_redc_12(r, z, p, p_dash, ws); 937| 8| } else if(p_size == 16) { ------------------ | Branch (937:14): [True: 0, False: 8] ------------------ 938| 0| bigint_monty_redc_16(r, z, p, p_dash, ws); 939| 8| } else if(p_size == 24) { ------------------ | Branch (939:14): [True: 0, False: 8] ------------------ 940| 0| bigint_monty_redc_24(r, z, p, p_dash, ws); 941| 8| } else if(p_size == 32) { ------------------ | Branch (941:14): [True: 0, False: 8] ------------------ 942| 0| bigint_monty_redc_32(r, z, p, p_dash, ws); 943| 8| } else { 944| 8| bigint_monty_redc_generic(r, z, z_size, p, p_size, p_dash, ws); 945| 8| } 946| 48|} _ZN5Botan25bigint_monty_redc_inplaceEPmPKmmmS0_m: 948| 48|inline void bigint_monty_redc_inplace(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 949| 48| bigint_monty_redc(z, z, p, p_size, p_dash, ws, ws_size); 950| 48| zeroize_buffer(z + p_size, p_size); 951| 48|} _ZN5Botan11bigint_shl2ITkNS_8WordTypeEmEEvPT_mPKS1_mm: 355| 36|inline constexpr void bigint_shl2(W y[], size_t y_size, const W x[], size_t x_size, size_t shift) { 356| 36| const size_t word_shift = shift / WordInfo::bits; 357| 36| const size_t bit_shift = shift % WordInfo::bits; 358| | 359| 36| BOTAN_ASSERT_NOMSG(word_shift <= y_size); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 360| 36| BOTAN_ASSERT_NOMSG(x_size < y_size - word_shift); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 361| | 362| 36| unchecked_copy_memory(y + word_shift, x, x_size); 363| 36| zeroize_buffer(y, word_shift); 364| 36| zeroize_buffer(y + word_shift + x_size, y_size - word_shift - x_size); 365| | 366| 36| const auto carry_mask = CT::Mask::expand(bit_shift); 367| 36| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 368| | 369| 36| W carry = 0; 370| 264| for(size_t i = word_shift; i != x_size + word_shift + 1; ++i) { ------------------ | Branch (370:31): [True: 228, False: 36] ------------------ 371| 228| const W w = y[i]; 372| 228| y[i] = (w << bit_shift) | carry; 373| 228| carry = carry_mask.if_set_return(w >> carry_shift); 374| 228| } 375| 36|} _ZN5Botan15bigint_ct_is_eqITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_m: 519| 24|inline constexpr auto bigint_ct_is_eq(const W x[], size_t x_size, const W y[], size_t y_size) -> CT::Mask { 520| 24| const size_t common_elems = std::min(x_size, y_size); 521| | 522| 24| W diff = 0; 523| | 524| 304| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (524:22): [True: 280, False: 24] ------------------ 525| 280| diff |= (x[i] ^ y[i]); 526| 280| } 527| | 528| | // If any bits were set in high part of x/y, then they are not equal 529| 24| if(x_size < y_size) { ------------------ | Branch (529:7): [True: 2, False: 22] ------------------ 530| 18| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (530:30): [True: 16, False: 2] ------------------ 531| 16| diff |= y[i]; 532| 16| } 533| 22| } else if(y_size < x_size) { ------------------ | Branch (533:14): [True: 0, False: 22] ------------------ 534| 0| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (534:30): [True: 0, False: 0] ------------------ 535| 0| diff |= x[i]; 536| 0| } 537| 0| } 538| | 539| 24| return CT::Mask::is_zero(diff); 540| 24|} _ZN5Botan15bigint_ct_is_ltITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_mb: 487| 5.05k| -> CT::Mask { 488| 5.05k| const size_t common_elems = std::min(x_size, y_size); 489| | 490| 5.05k| auto is_lt = CT::Mask::expand(lt_or_equal); 491| | 492| 31.0k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (492:22): [True: 26.0k, False: 5.05k] ------------------ 493| 26.0k| const auto eq = CT::Mask::is_equal(x[i], y[i]); 494| 26.0k| const auto lt = CT::Mask::is_lt(x[i], y[i]); 495| 26.0k| is_lt = eq.select_mask(is_lt, lt); 496| 26.0k| } 497| | 498| 5.05k| if(x_size < y_size) { ------------------ | Branch (498:7): [True: 0, False: 5.05k] ------------------ 499| 0| W mask = 0; 500| 0| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (500:30): [True: 0, False: 0] ------------------ 501| 0| mask |= y[i]; 502| 0| } 503| | // If any bits were set in high part of y, then is_lt should be forced true 504| 0| is_lt |= CT::Mask::expand(mask); 505| 5.05k| } else if(y_size < x_size) { ------------------ | Branch (505:14): [True: 98, False: 4.95k] ------------------ 506| 98| W mask = 0; 507| 746| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (507:30): [True: 648, False: 98] ------------------ 508| 648| mask |= x[i]; 509| 648| } 510| | 511| | // If any bits were set in high part of x, then is_lt should be false 512| 98| is_lt &= CT::Mask::is_zero(mask); 513| 98| } 514| | 515| 5.05k| return is_lt; 516| 5.05k|} _ZN5Botan14bigint_sub_absITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPS3_PKS3_S7_mS5_: 279| 96|inline constexpr auto bigint_sub_abs(W z[], const W x[], const W y[], size_t N, W ws[]) -> CT::Mask { 280| | // Subtract in both direction then conditional copy out the result 281| | 282| 96| W* ws0 = ws; 283| 96| W* ws1 = ws + N; 284| | 285| 96| W borrow0 = 0; 286| 96| W borrow1 = 0; 287| | 288| 96| const size_t blocks = N - (N % 8); 289| | 290| 120| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (290:22): [True: 24, False: 96] ------------------ 291| 24| borrow0 = word8_sub3(ws0 + i, x + i, y + i, borrow0); 292| 24| borrow1 = word8_sub3(ws1 + i, y + i, x + i, borrow1); 293| 24| } 294| | 295| 512| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (295:27): [True: 416, False: 96] ------------------ 296| 416| ws0[i] = word_sub(x[i], y[i], &borrow0); 297| 416| ws1[i] = word_sub(y[i], x[i], &borrow1); 298| 416| } 299| | 300| 96| return CT::conditional_copy_mem(borrow0, z, ws1, ws0, N); 301| 96|} _ZN5Botan13monty_inverseITkNS_8WordTypeEmEET_S1_: 703| 12|inline constexpr auto monty_inverse(W a) -> W { 704| 12| BOTAN_ARG_CHECK(a % 2 == 1, "Cannot compute Montgomery inverse of an even integer"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 705| | 706| | // Newton's Method, following https://lemire.me/blog/2017/09/18/computing-the-inverse-of-odd-integers/ 707| | 708| 12| constexpr size_t iter = WordInfo::bits == 64 ? 4 : 3; ------------------ | Branch (708:28): [True: 0, Folded] ------------------ 709| | 710| | // Initial guess provides 5 bits of accuracy 711| 12| W r = (3 * a) ^ 2; 712| | 713| | // Each iteration doubles the accuracy 714| 60| for(size_t i = 0; i != iter; ++i) { ------------------ | Branch (714:22): [True: 48, False: 12] ------------------ 715| 48| r = r * (2 - r * a); 716| 48| } 717| | 718| | // Now invert in addition space 719| 12| r = (WordInfo::max - r) + 1; 720| | 721| 12| return r; 722| 12|} _ZN5Botan22bigint_monty_maybe_subITkNS_8WordTypeEmEEvmPT_S1_PKS1_S4_: 225| 8|inline constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[]) { 226| 8| W borrow = 0; 227| | 228| 8| const size_t blocks = N - (N % 8); 229| | 230| 12| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (230:22): [True: 4, False: 8] ------------------ 231| 4| borrow = word8_sub3(z + i, x + i, p + i, borrow); 232| 4| } 233| | 234| 24| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (234:27): [True: 16, False: 8] ------------------ 235| 16| z[i] = word_sub(x[i], p[i], &borrow); 236| 16| } 237| | 238| 8| borrow = (x0 - borrow) > x0; 239| | 240| 8| CT::conditional_assign_mem(borrow, z, x, N); 241| 8|} _ZN5Botan9comba_sqrILm4ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 993k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 993k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 993k, Folded] ------------------ 856| 993k| if constexpr(std::same_as && N == 4) { 857| 993k| return bigint_comba_sqr4(z, x); 858| 993k| } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 993k| } 875| | 876| 0| word3 accum; 877| | 878| 993k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 993k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 993k|} _ZN5Botan22bigint_monty_maybe_subILm4ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 1.68M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 1.68M| W borrow = 0; 256| | 257| 8.40M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 6.72M, False: 1.68M] ------------------ 258| 6.72M| z[i] = word_sub(x[i], y[i], &borrow); 259| 6.72M| } 260| | 261| 1.68M| borrow = (x0 - borrow) > x0; 262| | 263| 1.68M| CT::conditional_assign_mem(borrow, z, x, N); 264| 1.68M|} _ZN5Botan9comba_mulILm4ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 342k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 342k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 342k, Folded] ------------------ 820| 342k| if constexpr(std::same_as && N == 4) { 821| 342k| return bigint_comba_mul4(z, x, y); 822| 342k| } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 342k| } 839| | 840| 0| word3 accum; 841| | 842| 342k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 342k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 342k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 39.1k|inline constexpr W shift_left(std::array& x) { 726| 39.1k| static_assert(N >= 1, "Invalid input size"); 727| 39.1k| static_assert(S > 0, "Zero shift not supported"); 728| 39.1k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 39.1k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 156k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 117k, False: 39.1k] ------------------ 733| 117k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 117k| } 735| 39.1k| x[0] <<= S; 736| | 737| 39.1k| return carry; 738| 39.1k|} _ZN5Botan16read_window_bitsILm4EmLm4EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 115k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 115k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 115k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 115k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 115k| const auto bit_shift = offset % W_bits; 1078| 115k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 115k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 115k, False: 0] | Branch (1080:74): [True: 0, False: 0] ------------------ 1081| | 1082| 115k| const auto w0 = words[word_offset]; 1083| | 1084| 115k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 115k, False: 0] ------------------ 1085| 115k| return (w0 >> bit_shift) & WindowMask; 1086| 115k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 0| const auto w1 = words[word_offset - 1]; 1089| 0| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 0| return combined & WindowMask; 1091| 0| } 1092| 115k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 1.81M|inline constexpr W shift_right(std::array& x) { 742| 1.81M| static_assert(N >= 1, "Invalid input size"); 743| 1.81M| static_assert(S > 0, "Zero shift not supported"); 744| 1.81M| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 1.81M| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 7.25M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 5.43M, False: 1.81M] ------------------ 749| 5.43M| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 5.43M| } 751| 1.81M| x[N - 1] >>= S; 752| | 753| 1.81M| return carry; 754| 1.81M|} _ZN5Botan9comba_sqrILm6ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 435k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 435k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 435k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| 435k| if constexpr(std::same_as && N == 6) { 860| 435k| return bigint_comba_sqr6(z, x); 861| 435k| } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 435k| } 875| | 876| 0| word3 accum; 877| | 878| 435k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 435k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 435k|} _ZN5Botan22bigint_monty_maybe_subILm6ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 741k|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 741k| W borrow = 0; 256| | 257| 5.19M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 4.44M, False: 741k] ------------------ 258| 4.44M| z[i] = word_sub(x[i], y[i], &borrow); 259| 4.44M| } 260| | 261| 741k| borrow = (x0 - borrow) > x0; 262| | 263| 741k| CT::conditional_assign_mem(borrow, z, x, N); 264| 741k|} _ZN5Botan9comba_mulILm6ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 142k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 142k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 142k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| 142k| if constexpr(std::same_as && N == 6) { 824| 142k| return bigint_comba_mul6(z, x, y); 825| 142k| } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 142k| } 839| | 840| 0| word3 accum; 841| | 842| 142k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 142k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 142k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 19.8k|inline constexpr W shift_left(std::array& x) { 726| 19.8k| static_assert(N >= 1, "Invalid input size"); 727| 19.8k| static_assert(S > 0, "Zero shift not supported"); 728| 19.8k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 19.8k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 119k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 99.2k, False: 19.8k] ------------------ 733| 99.2k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 99.2k| } 735| 19.8k| x[0] <<= S; 736| | 737| 19.8k| return carry; 738| 19.8k|} _ZN5Botan16read_window_bitsILm5EmLm6EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 36.3k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 36.3k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 36.3k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 36.3k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 36.3k| const auto bit_shift = offset % W_bits; 1078| 36.3k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 36.3k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 33.9k, False: 2.36k] | Branch (1080:74): [True: 472, False: 1.88k] ------------------ 1081| | 1082| 36.3k| const auto w0 = words[word_offset]; 1083| | 1084| 36.3k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 34.4k, False: 1.88k] ------------------ 1085| 34.4k| return (w0 >> bit_shift) & WindowMask; 1086| 34.4k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 1.88k| const auto w1 = words[word_offset - 1]; 1089| 1.88k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 1.88k| return combined & WindowMask; 1091| 1.88k| } 1092| 36.3k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 757k|inline constexpr W shift_right(std::array& x) { 742| 757k| static_assert(N >= 1, "Invalid input size"); 743| 757k| static_assert(S > 0, "Zero shift not supported"); 744| 757k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 757k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 4.54M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 3.78M, False: 757k] ------------------ 749| 3.78M| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 3.78M| } 751| 757k| x[N - 1] >>= S; 752| | 753| 757k| return carry; 754| 757k|} _ZN5Botan9comba_sqrILm8ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 624k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 624k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 624k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| 624k| if constexpr(std::same_as && N == 8) { 866| 624k| return bigint_comba_sqr8(z, x); 867| 624k| } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 624k| } 875| | 876| 0| word3 accum; 877| | 878| 624k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 624k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 624k|} _ZN5Botan22bigint_monty_maybe_subILm8ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 1.06M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 1.06M| W borrow = 0; 256| | 257| 9.62M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 8.55M, False: 1.06M] ------------------ 258| 8.55M| z[i] = word_sub(x[i], y[i], &borrow); 259| 8.55M| } 260| | 261| 1.06M| borrow = (x0 - borrow) > x0; 262| | 263| 1.06M| CT::conditional_assign_mem(borrow, z, x, N); 264| 1.06M|} _ZN5Botan9comba_mulILm8ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 219k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 219k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 219k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| 219k| if constexpr(std::same_as && N == 8) { 830| 219k| return bigint_comba_mul8(z, x, y); 831| 219k| } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 219k| } 839| | 840| 0| word3 accum; 841| | 842| 219k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 219k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 219k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 26.3k|inline constexpr W shift_left(std::array& x) { 726| 26.3k| static_assert(N >= 1, "Invalid input size"); 727| 26.3k| static_assert(S > 0, "Zero shift not supported"); 728| 26.3k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 26.3k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 211k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 184k, False: 26.3k] ------------------ 733| 184k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 184k| } 735| 26.3k| x[0] <<= S; 736| | 737| 26.3k| return carry; 738| 26.3k|} _ZN5Botan16read_window_bitsILm5EmLm8EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 115k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 115k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 115k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 115k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 115k| const auto bit_shift = offset % W_bits; 1078| 115k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 115k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 107k, False: 7.86k] | Branch (1080:74): [True: 1.12k, False: 6.73k] ------------------ 1081| | 1082| 115k| const auto w0 = words[word_offset]; 1083| | 1084| 115k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 108k, False: 6.73k] ------------------ 1085| 108k| return (w0 >> bit_shift) & WindowMask; 1086| 108k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 6.73k| const auto w1 = words[word_offset - 1]; 1089| 6.73k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 6.73k| return combined & WindowMask; 1091| 6.73k| } 1092| 115k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 1.09M|inline constexpr W shift_right(std::array& x) { 742| 1.09M| static_assert(N >= 1, "Invalid input size"); 743| 1.09M| static_assert(S > 0, "Zero shift not supported"); 744| 1.09M| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 1.09M| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 8.72M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 7.63M, False: 1.09M] ------------------ 749| 7.63M| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 7.63M| } 751| 1.09M| x[N - 1] >>= S; 752| | 753| 1.09M| return carry; 754| 1.09M|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 13.1k|inline constexpr W shift_left(std::array& x) { 726| 13.1k| static_assert(N >= 1, "Invalid input size"); 727| 13.1k| static_assert(S > 0, "Zero shift not supported"); 728| 13.1k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 13.1k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 118k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 105k, False: 13.1k] ------------------ 733| 105k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 105k| } 735| 13.1k| x[0] <<= S; 736| | 737| 13.1k| return carry; 738| 13.1k|} _ZN5Botan22bigint_monty_maybe_subILm9ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 469k|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 469k| W borrow = 0; 256| | 257| 4.69M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 4.22M, False: 469k] ------------------ 258| 4.22M| z[i] = word_sub(x[i], y[i], &borrow); 259| 4.22M| } 260| | 261| 469k| borrow = (x0 - borrow) > x0; 262| | 263| 469k| CT::conditional_assign_mem(borrow, z, x, N); 264| 469k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 530k|inline constexpr W shift_right(std::array& x) { 742| 530k| static_assert(N >= 1, "Invalid input size"); 743| 530k| static_assert(S > 0, "Zero shift not supported"); 744| 530k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 530k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 4.77M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 4.24M, False: 530k] ------------------ 749| 4.24M| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 4.24M| } 751| 530k| x[N - 1] >>= S; 752| | 753| 530k| return carry; 754| 530k|} _ZN5Botan13redc_crandallITkNS_8WordTypeEmLm8ETnT_Lm569EEENSt3__15arrayIS1_XT0_EEENS2_4spanIKS1_XmlLi2ET0_EEE: 992| 58.1k|constexpr std::array redc_crandall(std::span z) { 993| 58.1k| static_assert(N >= 2); 994| | 995| 58.1k| std::array hi = {}; 996| | 997| | // hi = hi * c + lo 998| | 999| 58.1k| W carry = 0; 1000| 523k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (1000:22): [True: 465k, False: 58.1k] ------------------ 1001| 465k| hi[i] = word_madd3(z[i + N], C, z[i], &carry); 1002| 465k| } 1003| | 1004| | // hi += carry * C 1005| 58.1k| word carry_c[2] = {0}; 1006| 58.1k| carry_c[0] = word_madd2(carry, C, &carry_c[1]); 1007| | 1008| 58.1k| carry = bigint_add2(hi.data(), N, carry_c, 2); 1009| | 1010| 58.1k| constexpr W P0 = WordInfo::max - (C - 1); 1011| | 1012| 58.1k| std::array r = {}; 1013| | 1014| 58.1k| W borrow = 0; 1015| | 1016| | /* 1017| | * For undetermined reasons, on GCC (only) removing this asm block causes 1018| | * massive (up to 20%) performance regressions in secp256k1. 1019| | * 1020| | * The generated code without the asm seems quite reasonable, and timing 1021| | * repeated calls to redc_crandall with the cycle counter show that GCC 1022| | * computes it in about the same number of cycles with or without the asm. 1023| | * 1024| | * So the cause of the regression is unclear. But it is reproducible across 1025| | * machines and GCC versions. 1026| | */ 1027| |#if defined(BOTAN_MP_USE_X86_64_ASM) && defined(__GNUC__) && !defined(__clang__) 1028| | if constexpr(N == 4 && std::same_as) { 1029| | if(!std::is_constant_evaluated()) { 1030| | asm volatile(R"( 1031| | movq 0(%[x]), %[borrow] 1032| | subq %[p0], %[borrow] 1033| | movq %[borrow], 0(%[r]) 1034| | movq 8(%[x]), %[borrow] 1035| | sbbq $-1, %[borrow] 1036| | movq %[borrow], 8(%[r]) 1037| | movq 16(%[x]), %[borrow] 1038| | sbbq $-1, %[borrow] 1039| | movq %[borrow], 16(%[r]) 1040| | movq 24(%[x]), %[borrow] 1041| | sbbq $-1, %[borrow] 1042| | movq %[borrow], 24(%[r]) 1043| | sbbq %[borrow],%[borrow] 1044| | negq %[borrow] 1045| | )" 1046| | : [borrow] "=r"(borrow) 1047| | : [x] "r"(hi.data()), [p0] "r"(P0), [r] "r"(r.data()), "0"(borrow) 1048| | : "cc", "memory"); 1049| | 1050| | borrow = (carry - borrow) > carry; 1051| | CT::conditional_assign_mem(borrow, r.data(), hi.data(), N); 1052| | return r; 1053| | } 1054| | } 1055| |#endif 1056| | 1057| 58.1k| r[0] = word_sub(hi[0], P0, &borrow); 1058| 465k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (1058:22): [True: 407k, False: 58.1k] ------------------ 1059| 407k| r[i] = word_sub(hi[i], WordInfo::max, &borrow); 1060| 407k| } 1061| | 1062| 58.1k| borrow = (carry - borrow) > carry; 1063| | 1064| 58.1k| CT::conditional_assign_mem(borrow, r.data(), hi.data(), N); 1065| | 1066| 58.1k| return r; 1067| 58.1k|} _ZN5Botan9comba_sqrILm3ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 181k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 181k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 181k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 181k| } 875| | 876| 181k| word3 accum; 877| | 878| 1.27M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 1.08M, False: 181k] ------------------ 879| 1.08M| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 363k, False: 726k] ------------------ 880| 1.08M| const size_t end = std::min(N, i + 1); 881| | 882| 2.72M| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 1.63M, False: 1.08M] ------------------ 883| 1.63M| accum.mul(x[j], x[i - j]); 884| 1.63M| } 885| 1.08M| z[i] = accum.extract(); 886| 1.08M| } 887| 181k|} _ZN5Botan9comba_mulILm3ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 69.4k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 69.4k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 69.4k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 69.4k| } 839| | 840| 69.4k| word3 accum; 841| | 842| 486k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 416k, False: 69.4k] ------------------ 843| 416k| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 138k, False: 277k] ------------------ 844| 416k| const size_t end = std::min(N, i + 1); 845| | 846| 1.04M| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 625k, False: 416k] ------------------ 847| 625k| accum.mul(x[j], y[i - j]); 848| 625k| } 849| 416k| z[i] = accum.extract(); 850| 416k| } 851| 69.4k|} _ZN5Botan22bigint_monty_maybe_subILm3ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 313k|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 313k| W borrow = 0; 256| | 257| 1.25M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 939k, False: 313k] ------------------ 258| 939k| z[i] = word_sub(x[i], y[i], &borrow); 259| 939k| } 260| | 261| 313k| borrow = (x0 - borrow) > x0; 262| | 263| 313k| CT::conditional_assign_mem(borrow, z, x, N); 264| 313k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm3EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 5.03k|inline constexpr W shift_left(std::array& x) { 726| 5.03k| static_assert(N >= 1, "Invalid input size"); 727| 5.03k| static_assert(S > 0, "Zero shift not supported"); 728| 5.03k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 5.03k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 15.0k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 10.0k, False: 5.03k] ------------------ 733| 10.0k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 10.0k| } 735| 5.03k| x[0] <<= S; 736| | 737| 5.03k| return carry; 738| 5.03k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm3EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 323k|inline constexpr W shift_right(std::array& x) { 742| 323k| static_assert(N >= 1, "Invalid input size"); 743| 323k| static_assert(S > 0, "Zero shift not supported"); 744| 323k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 323k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 970k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 646k, False: 323k] ------------------ 749| 646k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 646k| } 751| 323k| x[N - 1] >>= S; 752| | 753| 323k| return carry; 754| 323k|} _ZN5Botan16read_window_bitsILm4EmLm3EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 43.1k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 43.1k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 43.1k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 43.1k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 43.1k| const auto bit_shift = offset % W_bits; 1078| 43.1k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 43.1k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 43.1k, False: 0] | Branch (1080:74): [True: 0, False: 0] ------------------ 1081| | 1082| 43.1k| const auto w0 = words[word_offset]; 1083| | 1084| 43.1k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 43.1k, False: 0] ------------------ 1085| 43.1k| return (w0 >> bit_shift) & WindowMask; 1086| 43.1k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 0| const auto w1 = words[word_offset - 1]; 1089| 0| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 0| return combined & WindowMask; 1091| 0| } 1092| 43.1k|} _ZN5Botan10shift_leftILm32ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 509|inline constexpr W shift_left(std::array& x) { 726| 509| static_assert(N >= 1, "Invalid input size"); 727| 509| static_assert(S > 0, "Zero shift not supported"); 728| 509| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 509| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 2.03k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 1.52k, False: 509] ------------------ 733| 1.52k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 1.52k| } 735| 509| x[0] <<= S; 736| | 737| 509| return carry; 738| 509|} _ZN5Botan13redc_crandallITkNS_8WordTypeEmLm4ETnT_Lm4294968273EEENSt3__15arrayIS1_XT0_EEENS2_4spanIKS1_XmlLi2ET0_EEE: 992| 28.5k|constexpr std::array redc_crandall(std::span z) { 993| 28.5k| static_assert(N >= 2); 994| | 995| 28.5k| std::array hi = {}; 996| | 997| | // hi = hi * c + lo 998| | 999| 28.5k| W carry = 0; 1000| 142k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (1000:22): [True: 114k, False: 28.5k] ------------------ 1001| 114k| hi[i] = word_madd3(z[i + N], C, z[i], &carry); 1002| 114k| } 1003| | 1004| | // hi += carry * C 1005| 28.5k| word carry_c[2] = {0}; 1006| 28.5k| carry_c[0] = word_madd2(carry, C, &carry_c[1]); 1007| | 1008| 28.5k| carry = bigint_add2(hi.data(), N, carry_c, 2); 1009| | 1010| 28.5k| constexpr W P0 = WordInfo::max - (C - 1); 1011| | 1012| 28.5k| std::array r = {}; 1013| | 1014| 28.5k| W borrow = 0; 1015| | 1016| | /* 1017| | * For undetermined reasons, on GCC (only) removing this asm block causes 1018| | * massive (up to 20%) performance regressions in secp256k1. 1019| | * 1020| | * The generated code without the asm seems quite reasonable, and timing 1021| | * repeated calls to redc_crandall with the cycle counter show that GCC 1022| | * computes it in about the same number of cycles with or without the asm. 1023| | * 1024| | * So the cause of the regression is unclear. But it is reproducible across 1025| | * machines and GCC versions. 1026| | */ 1027| |#if defined(BOTAN_MP_USE_X86_64_ASM) && defined(__GNUC__) && !defined(__clang__) 1028| | if constexpr(N == 4 && std::same_as) { 1029| | if(!std::is_constant_evaluated()) { 1030| | asm volatile(R"( 1031| | movq 0(%[x]), %[borrow] 1032| | subq %[p0], %[borrow] 1033| | movq %[borrow], 0(%[r]) 1034| | movq 8(%[x]), %[borrow] 1035| | sbbq $-1, %[borrow] 1036| | movq %[borrow], 8(%[r]) 1037| | movq 16(%[x]), %[borrow] 1038| | sbbq $-1, %[borrow] 1039| | movq %[borrow], 16(%[r]) 1040| | movq 24(%[x]), %[borrow] 1041| | sbbq $-1, %[borrow] 1042| | movq %[borrow], 24(%[r]) 1043| | sbbq %[borrow],%[borrow] 1044| | negq %[borrow] 1045| | )" 1046| | : [borrow] "=r"(borrow) 1047| | : [x] "r"(hi.data()), [p0] "r"(P0), [r] "r"(r.data()), "0"(borrow) 1048| | : "cc", "memory"); 1049| | 1050| | borrow = (carry - borrow) > carry; 1051| | CT::conditional_assign_mem(borrow, r.data(), hi.data(), N); 1052| | return r; 1053| | } 1054| | } 1055| |#endif 1056| | 1057| 28.5k| r[0] = word_sub(hi[0], P0, &borrow); 1058| 114k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (1058:22): [True: 85.6k, False: 28.5k] ------------------ 1059| 85.6k| r[i] = word_sub(hi[i], WordInfo::max, &borrow); 1060| 85.6k| } 1061| | 1062| 28.5k| borrow = (carry - borrow) > carry; 1063| | 1064| 28.5k| CT::conditional_assign_mem(borrow, r.data(), hi.data(), N); 1065| | 1066| 28.5k| return r; 1067| 28.5k|} _ZN5Botan9comba_sqrILm9ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 300k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 300k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 300k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| 300k| if constexpr(std::same_as && N == 9) { 869| 300k| return bigint_comba_sqr9(z, x); 870| 300k| } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 300k| } 875| | 876| 0| word3 accum; 877| | 878| 300k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 300k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 300k|} _ZN5Botan9comba_mulILm9ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 82.4k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 82.4k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 82.4k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| 82.4k| if constexpr(std::same_as && N == 9) { 833| 82.4k| return bigint_comba_mul9(z, x, y); 834| 82.4k| } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 82.4k| } 839| | 840| 0| word3 accum; 841| | 842| 82.4k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 82.4k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 82.4k|} _ZN5Botan10shift_leftILm16ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 366|inline constexpr W shift_left(std::array& x) { 726| 366| static_assert(N >= 1, "Invalid input size"); 727| 366| static_assert(S > 0, "Zero shift not supported"); 728| 366| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 366| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 3.29k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 2.92k, False: 366] ------------------ 733| 2.92k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 2.92k| } 735| 366| x[0] <<= S; 736| | 737| 366| return carry; 738| 366|} _ZN5Botan10shift_leftILm32ETkNS_8WordTypeEmLm18EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 382|inline constexpr W shift_left(std::array& x) { 726| 382| static_assert(N >= 1, "Invalid input size"); 727| 382| static_assert(S > 0, "Zero shift not supported"); 728| 382| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 382| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 6.87k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 6.49k, False: 382] ------------------ 733| 6.49k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 6.49k| } 735| 382| x[0] <<= S; 736| | 737| 382| return carry; 738| 382|} _ZN5Botan6PCurve15PrimeOrderCurve6ScalarD2Ev: 72| 215k| ~Scalar() = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2EOS2_: 69| 139k| Scalar(Scalar&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ERKS2_: 68| 7.49k| Scalar(const Scalar& other) = default; _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_curveEv: 76| 174k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_valueEv: 78| 174k| const auto& _value() const { return m_value; } _ZN5Botan6PCurve15PrimeOrderCurve6Scalar7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 80| 68.4k| static Scalar _create(CurvePtr curve, StorageUnit v) { return Scalar(std::move(curve), v); } _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 83| 68.4k| Scalar(CurvePtr curve, StorageUnit v) : m_curve(std::move(curve)), m_value(v) {} _ZN5Botan6PCurve15PrimeOrderCurve6ScalaraSEOS2_: 71| 2.56k| Scalar& operator=(Scalar&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurveD2Ev: 163| 12| virtual ~PrimeOrderCurve() = default; pcurves_brainpool256r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 833|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 833| const auto z2 = pt.z().square(); 400| 833| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 833| const auto y2 = pt.y().square(); 404| 833| const auto s = pt.x().mul4() * y2; 405| 833| const auto nx = m.square() - s.mul2(); 406| 833| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 833| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 833| return ProjectivePoint(nx, ny, nz); 410| 833|} pcurves_brainpool256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_brainpool256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool384r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 1.24k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 1.24k| const auto z2 = pt.z().square(); 400| 1.24k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 1.24k| const auto y2 = pt.y().square(); 404| 1.24k| const auto s = pt.x().mul4() * y2; 405| 1.24k| const auto nx = m.square() - s.mul2(); 406| 1.24k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 1.24k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 1.24k| return ProjectivePoint(nx, ny, nz); 410| 1.24k|} pcurves_brainpool384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_brainpool384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool512r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 1.64k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 1.64k| const auto z2 = pt.z().square(); 400| 1.64k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 1.64k| const auto y2 = pt.y().square(); 404| 1.64k| const auto s = pt.x().mul4() * y2; 405| 1.64k| const auto nx = m.square() - s.mul2(); 406| 1.64k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 1.64k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 1.64k| return ProjectivePoint(nx, ny, nz); 410| 1.64k|} pcurves_brainpool512r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_brainpool512r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool512r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_frp256v1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES3_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 833|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 833| const auto z2 = pt.z().square(); 368| 833| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 833| const auto y2 = pt.y().square(); 372| 833| const auto s = pt.x().mul4() * y2; 373| 833| const auto nx = m.square() - s.mul2(); 374| 833| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 833| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 833| return ProjectivePoint(nx, ny, nz); 378| 833|} pcurves_frp256v1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_frp256v1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_18frp256v15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_frp256v1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_18frp256v15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_numsp512d1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 1.64k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 1.64k| const auto z2 = pt.z().square(); 368| 1.64k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 1.64k| const auto y2 = pt.y().square(); 372| 1.64k| const auto s = pt.x().mul4() * y2; 373| 1.64k| const auto nx = m.square() - s.mul2(); 374| 1.64k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 1.64k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 1.64k| return ProjectivePoint(nx, ny, nz); 378| 1.64k|} pcurves_numsp512d1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_numsp512d1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_110numsp512d15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_numsp512d1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_110numsp512d15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp192r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 629|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 629| const auto z2 = pt.z().square(); 368| 629| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 629| const auto y2 = pt.y().square(); 372| 629| const auto s = pt.x().mul4() * y2; 373| 629| const auto nx = m.square() - s.mul2(); 374| 629| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 629| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 629| return ProjectivePoint(nx, ny, nz); 378| 629|} pcurves_secp192r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 555|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 555| const auto a_is_identity = a.is_identity(); 189| 555| const auto b_is_identity = b.is_identity(); 190| | 191| 555| const auto Z1Z1 = a.z().square(); 192| 555| const auto Z2Z2 = b.z().square(); 193| 555| const auto U1 = a.x() * Z2Z2; 194| 555| const auto U2 = b.x() * Z1Z1; 195| 555| const auto S1 = a.y() * b.z() * Z2Z2; 196| 555| const auto S2 = b.y() * a.z() * Z1Z1; 197| 555| const auto H = U2 - U1; 198| 555| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 555| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 555] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 555| const auto HH = H.square(); 215| 555| const auto HHH = H * HH; 216| 555| const auto V = U1 * HH; 217| 555| const auto t2 = r.square(); 218| 555| const auto t3 = V + V; 219| 555| const auto t4 = t2 - HHH; 220| 555| auto X3 = t4 - t3; 221| 555| const auto t5 = V - X3; 222| 555| const auto t6 = S1 * HHH; 223| 555| const auto t7 = r * t5; 224| 555| auto Y3 = t7 - t6; 225| 555| const auto t8 = b.z() * H; 226| 555| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 555| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 555| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 555| return ProjectivePoint(X3, Y3, Z3); 235| 555|} pcurves_secp192r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp192r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.18k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.18k, False: 1] ------------------ 117| 1.18k| any_identity = any_identity || pt.is_identity(); 118| 1.18k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.18k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.18k, False: 1] ------------------ 146| 1.18k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.18k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.18k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.18k, False: 1] ------------------ 158| 1.18k| const auto& p = projective[i]; 159| | 160| 1.18k| const auto z_inv = s_inv * c[i - 1]; 161| 1.18k| const auto z2_inv = z_inv.square(); 162| 1.18k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.18k| s_inv = s_inv * p.z(); 165| | 166| 1.18k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.18k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp192r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp192r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp224r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 731|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 731| const auto z2 = pt.z().square(); 368| 731| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 731| const auto y2 = pt.y().square(); 372| 731| const auto s = pt.x().mul4() * y2; 373| 731| const auto nx = m.square() - s.mul2(); 374| 731| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 731| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 731| return ProjectivePoint(nx, ny, nz); 378| 731|} pcurves_secp224r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 645|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 645| const auto a_is_identity = a.is_identity(); 189| 645| const auto b_is_identity = b.is_identity(); 190| | 191| 645| const auto Z1Z1 = a.z().square(); 192| 645| const auto Z2Z2 = b.z().square(); 193| 645| const auto U1 = a.x() * Z2Z2; 194| 645| const auto U2 = b.x() * Z1Z1; 195| 645| const auto S1 = a.y() * b.z() * Z2Z2; 196| 645| const auto S2 = b.y() * a.z() * Z1Z1; 197| 645| const auto H = U2 - U1; 198| 645| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 645| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 645] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 645| const auto HH = H.square(); 215| 645| const auto HHH = H * HH; 216| 645| const auto V = U1 * HH; 217| 645| const auto t2 = r.square(); 218| 645| const auto t3 = V + V; 219| 645| const auto t4 = t2 - HHH; 220| 645| auto X3 = t4 - t3; 221| 645| const auto t5 = V - X3; 222| 645| const auto t6 = S1 * HHH; 223| 645| const auto t7 = r * t5; 224| 645| auto Y3 = t7 - t6; 225| 645| const auto t8 = b.z() * H; 226| 645| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 645| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 645| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 645| return ProjectivePoint(X3, Y3, Z3); 235| 645|} pcurves_secp224r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp224r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.37k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.37k, False: 1] ------------------ 117| 1.37k| any_identity = any_identity || pt.is_identity(); 118| 1.37k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.37k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.37k, False: 1] ------------------ 146| 1.37k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.37k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.37k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.37k, False: 1] ------------------ 158| 1.37k| const auto& p = projective[i]; 159| | 160| 1.37k| const auto z_inv = s_inv * c[i - 1]; 161| 1.37k| const auto z2_inv = z_inv.square(); 162| 1.37k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.37k| s_inv = s_inv * p.z(); 165| | 166| 1.37k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.37k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp224r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp224r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp256k1.cpp:_ZN5Botan10dbl_a_zeroINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 381| 833|inline constexpr ProjectivePoint dbl_a_zero(const ProjectivePoint& pt) { 382| | // If a == 0 then 3*x^2 + a*z^4 == 3*x^2 383| | // Cost: 1S + 1*3 384| 833| const auto m = pt.x().square().mul3(); 385| | 386| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 387| 833| const auto y2 = pt.y().square(); 388| 833| const auto s = pt.x().mul4() * y2; 389| 833| const auto nx = m.square() - s.mul2(); 390| 833| const auto ny = m * (s - nx) - y2.square().mul8(); 391| 833| const auto nz = pt.y().mul2() * pt.z(); 392| | 393| 833| return ProjectivePoint(nx, ny, nz); 394| 833|} pcurves_secp256k1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_secp256k1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256k15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp256k1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256k15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp256r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 833|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 833| const auto z2 = pt.z().square(); 368| 833| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 833| const auto y2 = pt.y().square(); 372| 833| const auto s = pt.x().mul4() * y2; 373| 833| const auto nx = m.square() - s.mul2(); 374| 833| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 833| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 833| return ProjectivePoint(nx, ny, nz); 378| 833|} pcurves_secp256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_secp256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp384r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 1.24k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 1.24k| const auto z2 = pt.z().square(); 368| 1.24k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 1.24k| const auto y2 = pt.y().square(); 372| 1.24k| const auto s = pt.x().mul4() * y2; 373| 1.24k| const auto nx = m.square() - s.mul2(); 374| 1.24k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 1.24k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 1.24k| return ProjectivePoint(nx, ny, nz); 378| 1.24k|} pcurves_secp384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_secp384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp521r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 1.64k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 1.64k| const auto z2 = pt.z().square(); 368| 1.64k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 1.64k| const auto y2 = pt.y().square(); 372| 1.64k| const auto s = pt.x().mul4() * y2; 373| 1.64k| const auto nx = m.square() - s.mul2(); 374| 1.64k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 1.64k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 1.64k| return ProjectivePoint(nx, ny, nz); 378| 1.64k|} pcurves_secp521r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_secp521r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp521r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_sm2p256v1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 833|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 833| const auto z2 = pt.z().square(); 368| 833| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 833| const auto y2 = pt.y().square(); 372| 833| const auto s = pt.x().mul4() * y2; 373| 833| const auto nx = m.square() - s.mul2(); 374| 833| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 833| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 833| return ProjectivePoint(nx, ny, nz); 378| 833|} pcurves_sm2p256v1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_sm2p256v1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19sm2p256v15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_sm2p256v1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19sm2p256v15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE3oneEv: 99| 1| constexpr static std::array one() { return R1; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 47.2k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 4.51k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.56k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 833| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 833| } else { 1127| 833| return dbl_generic(*this, A); 1128| 833| } 1129| 833| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 13.7k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 9.50k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 9.50k| std::array z; // NOLINT(*-member-init) 428| 9.50k| comba_sqr(z.data(), this->data()); 429| 9.50k| return Self(Rep::redc(z)); 430| 9.50k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 53.1k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 31.0k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 31.0k| } else { 108| 31.0k| return monty_redc(z, P, P_dash); 109| 31.0k| } 110| 31.0k| } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 265| 2.57k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 2.57k| std::array t; // NOLINT(*-member-init) 267| | 268| 2.57k| W carry = 0; 269| 12.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 10.3k, False: 2.57k] ------------------ 270| 10.3k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 10.3k| } 272| | 273| 2.57k| std::array r; // NOLINT(*-member-init) 274| 2.57k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 2.57k| return Self(r); 276| 2.57k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 6.17k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 833| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 346| 21.5k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 21.5k| std::array z; // NOLINT(*-member-init) 348| 21.5k| comba_mul(z.data(), a.data(), b.data()); 349| 21.5k| return Self(Rep::redc(z)); 350| 21.5k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 6.17k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 833| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 281| 6.90k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 6.90k| std::array r; // NOLINT(*-member-init) 283| 6.90k| W carry = 0; 284| 34.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 27.6k, False: 6.90k] ------------------ 285| 27.6k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 27.6k| } 287| | 288| 6.90k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 6.90k| carry = 0; 291| | 292| 34.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 27.6k, False: 6.90k] ------------------ 293| 27.6k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 27.6k| } 295| | 296| 6.90k| return Self(r); 297| 6.90k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 6.66k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 6.66k| std::array t = value(); 327| 6.66k| const W carry = shift_left<1>(t); 328| | 329| 6.66k| std::array r; // NOLINT(*-member-init) 330| 6.66k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 6.66k| return Self(r); 332| 6.66k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 6.66k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 833| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 3.03k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.47k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.47k| const W mask = cond.into_bitmask(); 397| | 398| 7.35k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.88k, False: 1.47k] ------------------ 399| 5.88k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.88k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.88k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.88k| } 403| 1.47k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 177| for(;;) { 618| | // Conditional ok: this function is variable time 619| 177| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 176] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 176| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 176| std::array r; // NOLINT(*-member-init) 640| 176| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 176| if(carry == 0) { ------------------ | Branch (643:16): [True: 94, False: 82] ------------------ 644| | // b > a 645| 94| b.m_val = r; 646| 94| x = nx; 647| 94| Self::_invert_vartime_div2_helper(b, x); 648| 94| } else { 649| | // We know this can't underflow because a > b 650| 82| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 82| a.m_val = r; 652| 82| y = nx; 653| 82| Self::_invert_vartime_div2_helper(a, y); 654| 82| } 655| 176| } 656| 1| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 1| constexpr static std::array from_rep(const std::array& z) { 138| 1| std::array ze = {}; 139| 1| copy_mem(std::span{ze}.template first(), z); 140| 1| return Self::redc(ze); 141| 1| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 178| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 178| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 553| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 375, False: 178] ------------------ 552| 375| shift_right<1>(a.m_val); 553| | 554| 375| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 375| if(borrow) { ------------------ | Branch (557:16): [True: 193, False: 182] ------------------ 558| 193| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 193| } 560| 375| } 561| 178| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 1| constexpr static std::array to_rep(const std::array& x) { 116| 1| std::array z; // NOLINT(*-member-init) 117| 1| comba_mul(z.data(), x.data(), R2.data()); 118| 1| return Self::redc(z); 119| 1| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.56k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 352| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 704| constexpr static std::array from_rep(const std::array& z) { 138| 704| std::array ze = {}; 139| 704| copy_mem(std::span{ze}.template first(), z); 140| 704| return Self::redc(ze); 141| 704| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 176k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 176k| } else { 108| 176k| return monty_redc(z, P, P_dash); 109| 176k| } 110| 176k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 352| constexpr void serialize_to(std::span bytes) const { 740| 352| auto v = Rep::from_rep(m_val); 741| 352| std::reverse(v.begin(), v.end()); 742| | 743| 352| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 352| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 352| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 12.5k| static Self from_stash(const std::array& stash) { 775| 12.5k| static_assert(L >= N); 776| 12.5k| std::array val = {}; 777| 62.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 50.0k, False: 12.5k] ------------------ 778| 50.0k| val[i] = stash[i]; 779| 50.0k| } 780| 12.5k| return Self(val); 781| 12.5k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 82.6k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 4.90k| std::array stash_value() const { 760| 4.90k| static_assert(L >= N); 761| 4.90k| std::array stash = {}; 762| 24.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 19.6k, False: 4.90k] ------------------ 763| 19.6k| stash[i] = m_val[i]; 764| 19.6k| } 765| 4.90k| return stash; 766| 4.90k| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 368| constexpr static std::array wide_to_rep(const std::array& x) { 128| 368| auto redc_x = Self::redc(x); 129| 368| std::array z; // NOLINT(*-member-init) 130| 368| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 368| return Self::redc(z); 132| 368| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 1.80k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 352| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 352| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 352] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 352| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 352| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 352] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 352| return Self::from_words(words); 807| 352| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 352| static constexpr Self from_words(std::array w) { 212| 352| if constexpr(L == N) { 213| 352| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 352| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 704| constexpr static std::array to_rep(const std::array& x) { 116| 704| std::array z; // NOLINT(*-member-init) 117| 704| comba_mul(z.data(), x.data(), R2.data()); 118| 704| return Self::redc(z); 119| 704| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 368| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 368| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 368] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 368| std::array padded_bytes = {}; 836| 368| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 368| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 368| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE3oneEv: 200| 716| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE3oneEv: 99| 716| constexpr static std::array one() { return R1; } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEESC_: 265| 57.6k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 57.6k| std::array t; // NOLINT(*-member-init) 267| | 268| 57.6k| W carry = 0; 269| 288k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 230k, False: 57.6k] ------------------ 270| 230k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 230k| } 272| | 273| 57.6k| std::array r; // NOLINT(*-member-init) 274| 57.6k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 57.6k| return Self(r); 276| 57.6k| } pcurves_brainpool256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEESC_: 281| 184| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 184| std::array r; // NOLINT(*-member-init) 283| 184| W carry = 0; 284| 920| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 736, False: 184] ------------------ 285| 736| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 736| } 287| | 288| 184| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 184| carry = 0; 291| | 292| 920| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 736, False: 184] ------------------ 293| 736| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 736| } 295| | 296| 184| return Self(r); 297| 184| } pcurves_brainpool256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEESC_: 346| 5.36k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 5.36k| std::array z; // NOLINT(*-member-init) 348| 5.36k| comba_mul(z.data(), a.data(), b.data()); 349| 5.36k| return Self(Rep::redc(z)); 350| 5.36k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE4dataEv: 896| 401k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE6squareEv: 426| 3.90k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 3.90k| std::array z; // NOLINT(*-member-init) 428| 3.90k| comba_sqr(z.data(), this->data()); 429| 3.90k| return Self(Rep::redc(z)); 430| 3.90k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE6invertEv: 538| 532| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm4EEE: 477| 532| constexpr Self pow_vartime(const std::array& exp) const { 478| 532| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 532| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 532| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 532| std::array tbl; 490| | 491| 532| tbl[0] = (*this); 492| | 493| 7.98k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 7.44k, False: 532] ------------------ 494| | // Conditional ok: table indexes are public here 495| 7.44k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 3.72k, False: 3.72k] ------------------ 496| 3.72k| tbl[i] = tbl[i / 2].square(); 497| 3.72k| } else { 498| 3.72k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 3.72k| } 500| 7.44k| } 501| | 502| 532| auto r = Self::one(); 503| | 504| 532| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 532| if(w0 > 0) { ------------------ | Branch (507:13): [True: 532, False: 0] ------------------ 508| 532| r = tbl[w0 - 1]; 509| 532| } 510| | 511| 34.0k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 33.5k, False: 532] ------------------ 512| 33.5k| r.square_n(WindowBits); 513| | 514| 33.5k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 33.5k| if(w > 0) { ------------------ | Branch (517:16): [True: 31.3k, False: 2.12k] ------------------ 518| 31.3k| r *= tbl[w - 1]; 519| 31.3k| } 520| 33.5k| } 521| | 522| 532| return r; 523| 532| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEC2Ev: 180| 7.98k| constexpr IntMod() : m_val({}) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE8square_nEm: 439| 33.5k| constexpr void square_n(size_t n) { 440| 33.5k| std::array z; // NOLINT(*-member-init) 441| 167k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 134k, False: 33.5k] ------------------ 442| 134k| comba_sqr(z.data(), this->data()); 443| 134k| m_val = Rep::redc(z); 444| 134k| } 445| 33.5k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEmLERKSA_: 355| 31.3k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 31.3k| std::array z; // NOLINT(*-member-init) 357| 31.3k| comba_mul(z.data(), data(), other.data()); 358| 31.3k| m_val = Rep::redc(z); 359| 31.3k| return (*this); 360| 31.3k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE14invert_vartimeEv: 598| 352| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 352| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 352] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 352| auto x = Self(std::array{1}); // 1 in standard domain 605| 352| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 352| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 352| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 352| auto y = x; 613| | 614| | // First half of second loop iteration 615| 352| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 57.1k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 57.1k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 352, False: 56.7k] ------------------ 620| | // At this point it should be that a == b == 1 621| 352| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 352| r.m_val = Rep::to_rep(r.m_val); 625| 352| return r; 626| 352| } 627| | 628| 56.7k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 56.7k| std::array r; // NOLINT(*-member-init) 640| 56.7k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 56.7k| if(carry == 0) { ------------------ | Branch (643:16): [True: 20.9k, False: 35.7k] ------------------ 644| | // b > a 645| 20.9k| b.m_val = r; 646| 20.9k| x = nx; 647| 20.9k| Self::_invert_vartime_div2_helper(b, x); 648| 35.7k| } else { 649| | // We know this can't underflow because a > b 650| 35.7k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 35.7k| a.m_val = r; 652| 35.7k| y = nx; 653| 35.7k| Self::_invert_vartime_div2_helper(a, y); 654| 35.7k| } 655| 56.7k| } 656| 352| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 57.4k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 57.4k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 187k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 130k, False: 57.4k] ------------------ 552| 130k| shift_right<1>(a.m_val); 553| | 554| 130k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 130k| if(borrow) { ------------------ | Branch (557:16): [True: 65.6k, False: 64.6k] ------------------ 558| 65.6k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 65.6k| } 560| 130k| } 561| 57.4k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE6negateEv: 452| 888| constexpr Self negate() const { 453| 888| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 888| std::array r; // NOLINT(*-member-init) 456| 888| W carry = 0; 457| 4.44k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 3.55k, False: 888] ------------------ 458| 3.55k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 3.55k| } 460| | 461| 888| return Self(r); 462| 888| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEeqERKSA_: 722| 2.15k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.15k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.15k| } pcurves_brainpool384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE3oneEv: 99| 1| constexpr static std::array one() { return R1; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 70.3k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 7| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 6, False: 1] ------------------ 414| 6| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 6| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 6| x.m_val[i] = nx; 417| 6| y.m_val[i] = ny; 418| 6| } 419| 1| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 6.71k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 2.33k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 1.24k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 1.24k| } else { 1127| 1.24k| return dbl_generic(*this, A); 1128| 1.24k| } 1129| 1.24k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 20.4k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 14.1k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 14.1k| std::array z; // NOLINT(*-member-init) 428| 14.1k| comba_sqr(z.data(), this->data()); 429| 14.1k| return Self(Rep::redc(z)); 430| 14.1k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 79.1k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 46.2k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 46.2k| } else { 108| 46.2k| return monty_redc(z, P, P_dash); 109| 46.2k| } 110| 46.2k| } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 265| 3.83k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 3.83k| std::array t; // NOLINT(*-member-init) 267| | 268| 3.83k| W carry = 0; 269| 26.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 23.0k, False: 3.83k] ------------------ 270| 23.0k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 23.0k| } 272| | 273| 3.83k| std::array r; // NOLINT(*-member-init) 274| 3.83k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 3.83k| return Self(r); 276| 3.83k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 9.19k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 1.24k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 346| 32.1k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 32.1k| std::array z; // NOLINT(*-member-init) 348| 32.1k| comba_mul(z.data(), a.data(), b.data()); 349| 32.1k| return Self(Rep::redc(z)); 350| 32.1k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 9.19k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 1.24k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 281| 10.2k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 10.2k| std::array r; // NOLINT(*-member-init) 283| 10.2k| W carry = 0; 284| 72.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 61.7k, False: 10.2k] ------------------ 285| 61.7k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 61.7k| } 287| | 288| 10.2k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 10.2k| carry = 0; 291| | 292| 72.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 61.7k, False: 10.2k] ------------------ 293| 61.7k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 61.7k| } 295| | 296| 10.2k| return Self(r); 297| 10.2k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 9.92k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 9.92k| std::array t = value(); 327| 9.92k| const W carry = shift_left<1>(t); 328| | 329| 9.92k| std::array r; // NOLINT(*-member-init) 330| 9.92k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 9.92k| return Self(r); 332| 9.92k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 9.92k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 1.24k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 4.52k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 2.19k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 2.19k| const W mask = cond.into_bitmask(); 397| | 398| 15.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 13.1k, False: 2.19k] ------------------ 399| 13.1k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 13.1k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 13.1k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 13.1k| } 403| 2.19k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 262| for(;;) { 618| | // Conditional ok: this function is variable time 619| 262| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 261] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 261| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 261| std::array r; // NOLINT(*-member-init) 640| 261| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 261| if(carry == 0) { ------------------ | Branch (643:16): [True: 128, False: 133] ------------------ 644| | // b > a 645| 128| b.m_val = r; 646| 128| x = nx; 647| 128| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 261| } 656| 1| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 1| constexpr static std::array from_rep(const std::array& z) { 138| 1| std::array ze = {}; 139| 1| copy_mem(std::span{ze}.template first(), z); 140| 1| return Self::redc(ze); 141| 1| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 263| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 263| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 814| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 551, False: 263] ------------------ 552| 551| shift_right<1>(a.m_val); 553| | 554| 551| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 551| if(borrow) { ------------------ | Branch (557:16): [True: 291, False: 260] ------------------ 558| 291| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 291| } 560| 551| } 561| 263| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 14| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 12, False: 2] ------------------ 458| 12| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 12| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 1| constexpr static std::array to_rep(const std::array& x) { 116| 1| std::array z; // NOLINT(*-member-init) 117| 1| comba_mul(z.data(), x.data(), R2.data()); 118| 1| return Self::redc(z); 119| 1| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 2.33k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 315| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 630| constexpr static std::array from_rep(const std::array& z) { 138| 630| std::array ze = {}; 139| 630| copy_mem(std::span{ze}.template first(), z); 140| 630| return Self::redc(ze); 141| 630| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 231k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 231k| } else { 108| 231k| return monty_redc(z, P, P_dash); 109| 231k| } 110| 231k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 315| constexpr void serialize_to(std::span bytes) const { 740| 315| auto v = Rep::from_rep(m_val); 741| 315| std::reverse(v.begin(), v.end()); 742| | 743| 315| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 315| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 315| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 11.1k| static Self from_stash(const std::array& stash) { 775| 11.1k| static_assert(L >= N); 776| 11.1k| std::array val = {}; 777| 78.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 66.9k, False: 11.1k] ------------------ 778| 66.9k| val[i] = stash[i]; 779| 66.9k| } 780| 11.1k| return Self(val); 781| 11.1k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 110k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 4.36k| std::array stash_value() const { 760| 4.36k| static_assert(L >= N); 761| 4.36k| std::array stash = {}; 762| 30.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 26.2k, False: 4.36k] ------------------ 763| 26.2k| stash[i] = m_val[i]; 764| 26.2k| } 765| 4.36k| return stash; 766| 4.36k| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm12EEE: 127| 328| constexpr static std::array wide_to_rep(const std::array& x) { 128| 328| auto redc_x = Self::redc(x); 129| 328| std::array z; // NOLINT(*-member-init) 130| 328| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 328| return Self::redc(z); 132| 328| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 1.61k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 315| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 315| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 315] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 315| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 315| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 315] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 315| return Self::from_words(words); 807| 315| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 315| static constexpr Self from_words(std::array w) { 212| 315| if constexpr(L == N) { 213| 315| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 315| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 630| constexpr static std::array to_rep(const std::array& x) { 116| 630| std::array z; // NOLINT(*-member-init) 117| 630| comba_mul(z.data(), x.data(), R2.data()); 118| 630| return Self::redc(z); 119| 630| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 328| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 328| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 328] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 328| std::array padded_bytes = {}; 836| 328| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 328| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 328| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE3oneEv: 200| 636| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE3oneEv: 99| 636| constexpr static std::array one() { return R1; } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEESC_: 265| 81.0k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 81.0k| std::array t; // NOLINT(*-member-init) 267| | 268| 81.0k| W carry = 0; 269| 567k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 486k, False: 81.0k] ------------------ 270| 486k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 486k| } 272| | 273| 81.0k| std::array r; // NOLINT(*-member-init) 274| 81.0k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 81.0k| return Self(r); 276| 81.0k| } pcurves_brainpool384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEESC_: 281| 164| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 164| std::array r; // NOLINT(*-member-init) 283| 164| W carry = 0; 284| 1.14k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 984, False: 164] ------------------ 285| 984| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 984| } 287| | 288| 164| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 164| carry = 0; 291| | 292| 1.14k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 984, False: 164] ------------------ 293| 984| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 984| } 295| | 296| 164| return Self(r); 297| 164| } pcurves_brainpool384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEESC_: 346| 8.54k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 8.54k| std::array z; // NOLINT(*-member-init) 348| 8.54k| comba_mul(z.data(), a.data(), b.data()); 349| 8.54k| return Self(Rep::redc(z)); 350| 8.54k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE4dataEv: 896| 530k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE6squareEv: 426| 7.24k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.24k| std::array z; // NOLINT(*-member-init) 428| 7.24k| comba_sqr(z.data(), this->data()); 429| 7.24k| return Self(Rep::redc(z)); 430| 7.24k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE6invertEv: 538| 472| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm6EEE: 477| 472| constexpr Self pow_vartime(const std::array& exp) const { 478| 472| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 472] ------------------ 479| 472| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 472| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 472| std::array tbl; 490| | 491| 472| tbl[0] = (*this); 492| | 493| 14.6k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 14.1k, False: 472] ------------------ 494| | // Conditional ok: table indexes are public here 495| 14.1k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 7.08k, False: 7.08k] ------------------ 496| 7.08k| tbl[i] = tbl[i / 2].square(); 497| 7.08k| } else { 498| 7.08k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 7.08k| } 500| 14.1k| } 501| | 502| 472| auto r = Self::one(); 503| | 504| 472| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 472| if(w0 > 0) { ------------------ | Branch (507:13): [True: 472, False: 0] ------------------ 508| 472| r = tbl[w0 - 1]; 509| 472| } 510| | 511| 36.3k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 35.8k, False: 472] ------------------ 512| 35.8k| r.square_n(WindowBits); 513| | 514| 35.8k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 35.8k| if(w > 0) { ------------------ | Branch (517:16): [True: 34.9k, False: 944] ------------------ 518| 34.9k| r *= tbl[w - 1]; 519| 34.9k| } 520| 35.8k| } 521| | 522| 472| return r; 523| 472| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEC2Ev: 180| 14.6k| constexpr IntMod() : m_val({}) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE8square_nEm: 439| 35.8k| constexpr void square_n(size_t n) { 440| 35.8k| std::array z; // NOLINT(*-member-init) 441| 215k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 179k, False: 35.8k] ------------------ 442| 179k| comba_sqr(z.data(), this->data()); 443| 179k| m_val = Rep::redc(z); 444| 179k| } 445| 35.8k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEmLERKSA_: 355| 34.9k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 34.9k| std::array z; // NOLINT(*-member-init) 357| 34.9k| comba_mul(z.data(), data(), other.data()); 358| 34.9k| m_val = Rep::redc(z); 359| 34.9k| return (*this); 360| 34.9k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE14invert_vartimeEv: 598| 315| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 315| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 315] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 315| auto x = Self(std::array{1}); // 1 in standard domain 605| 315| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 315| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 315| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 315| auto y = x; 613| | 614| | // First half of second loop iteration 615| 315| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 80.5k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 80.5k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 315, False: 80.2k] ------------------ 620| | // At this point it should be that a == b == 1 621| 315| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 315| r.m_val = Rep::to_rep(r.m_val); 625| 315| return r; 626| 315| } 627| | 628| 80.2k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 80.2k| std::array r; // NOLINT(*-member-init) 640| 80.2k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 80.2k| if(carry == 0) { ------------------ | Branch (643:16): [True: 34.3k, False: 45.8k] ------------------ 644| | // b > a 645| 34.3k| b.m_val = r; 646| 34.3k| x = nx; 647| 34.3k| Self::_invert_vartime_div2_helper(b, x); 648| 45.8k| } else { 649| | // We know this can't underflow because a > b 650| 45.8k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 45.8k| a.m_val = r; 652| 45.8k| y = nx; 653| 45.8k| Self::_invert_vartime_div2_helper(a, y); 654| 45.8k| } 655| 80.2k| } 656| 315| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 80.8k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 80.8k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 250k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 169k, False: 80.8k] ------------------ 552| 169k| shift_right<1>(a.m_val); 553| | 554| 169k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 169k| if(borrow) { ------------------ | Branch (557:16): [True: 86.1k, False: 83.8k] ------------------ 558| 86.1k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 86.1k| } 560| 169k| } 561| 80.8k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE6negateEv: 452| 794| constexpr Self negate() const { 453| 794| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 794| std::array r; // NOLINT(*-member-init) 456| 794| W carry = 0; 457| 5.55k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.76k, False: 794] ------------------ 458| 4.76k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.76k| } 460| | 461| 794| return Self(r); 462| 794| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEeqERKSA_: 722| 1.92k| constexpr CT::Choice operator==(const Self& other) const { 723| 1.92k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 1.92k| } pcurves_brainpool512r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE3oneEv: 99| 1| constexpr static std::array one() { return R1; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 93.4k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 9| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 8, False: 1] ------------------ 414| 8| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 8| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 8| x.m_val[i] = nx; 417| 8| y.m_val[i] = ny; 418| 8| } 419| 1| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 8.92k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 3.10k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 1.64k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 1.64k| } else { 1127| 1.64k| return dbl_generic(*this, A); 1128| 1.64k| } 1129| 1.64k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 27.1k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 18.8k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 18.8k| std::array z; // NOLINT(*-member-init) 428| 18.8k| comba_sqr(z.data(), this->data()); 429| 18.8k| return Self(Rep::redc(z)); 430| 18.8k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 105k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 61.4k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 61.4k| } else { 108| 61.4k| return monty_redc(z, P, P_dash); 109| 61.4k| } 110| 61.4k| } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 265| 5.11k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 5.11k| std::array t; // NOLINT(*-member-init) 267| | 268| 5.11k| W carry = 0; 269| 46.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 40.9k, False: 5.11k] ------------------ 270| 40.9k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 40.9k| } 272| | 273| 5.11k| std::array r; // NOLINT(*-member-init) 274| 5.11k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 5.11k| return Self(r); 276| 5.11k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 12.2k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 1.64k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool512r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 346| 42.6k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 42.6k| std::array z; // NOLINT(*-member-init) 348| 42.6k| comba_mul(z.data(), a.data(), b.data()); 349| 42.6k| return Self(Rep::redc(z)); 350| 42.6k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 12.2k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 1.64k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 281| 13.6k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 13.6k| std::array r; // NOLINT(*-member-init) 283| 13.6k| W carry = 0; 284| 123k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 109k, False: 13.6k] ------------------ 285| 109k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 109k| } 287| | 288| 13.6k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 13.6k| carry = 0; 291| | 292| 123k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 109k, False: 13.6k] ------------------ 293| 109k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 109k| } 295| | 296| 13.6k| return Self(r); 297| 13.6k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 13.1k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 13.1k| std::array t = value(); 327| 13.1k| const W carry = shift_left<1>(t); 328| | 329| 13.1k| std::array r; // NOLINT(*-member-init) 330| 13.1k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 13.1k| return Self(r); 332| 13.1k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 13.1k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 1.64k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 6.01k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 2.91k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 2.91k| const W mask = cond.into_bitmask(); 397| | 398| 26.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 23.2k, False: 2.91k] ------------------ 399| 23.2k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 23.2k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 23.2k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 23.2k| } 403| 2.91k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 366| for(;;) { 618| | // Conditional ok: this function is variable time 619| 366| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 365] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 365| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 365| std::array r; // NOLINT(*-member-init) 640| 365| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 365| if(carry == 0) { ------------------ | Branch (643:16): [True: 175, False: 190] ------------------ 644| | // b > a 645| 175| b.m_val = r; 646| 175| x = nx; 647| 175| Self::_invert_vartime_div2_helper(b, x); 648| 190| } else { 649| | // We know this can't underflow because a > b 650| 190| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 190| a.m_val = r; 652| 190| y = nx; 653| 190| Self::_invert_vartime_div2_helper(a, y); 654| 190| } 655| 365| } 656| 1| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 1| constexpr static std::array from_rep(const std::array& z) { 138| 1| std::array ze = {}; 139| 1| copy_mem(std::span{ze}.template first(), z); 140| 1| return Self::redc(ze); 141| 1| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 367| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 367| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.08k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 713, False: 367] ------------------ 552| 713| shift_right<1>(a.m_val); 553| | 554| 713| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 713| if(borrow) { ------------------ | Branch (557:16): [True: 362, False: 351] ------------------ 558| 362| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 362| } 560| 713| } 561| 367| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 18| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 16, False: 2] ------------------ 458| 16| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 16| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 1| constexpr static std::array to_rep(const std::array& x) { 116| 1| std::array z; // NOLINT(*-member-init) 117| 1| comba_mul(z.data(), x.data(), R2.data()); 118| 1| return Self::redc(z); 119| 1| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 3.10k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 404| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 808| constexpr static std::array from_rep(const std::array& z) { 138| 808| std::array ze = {}; 139| 808| copy_mem(std::span{ze}.template first(), z); 140| 808| return Self::redc(ze); 141| 808| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 391k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 391k| } else { 108| 391k| return monty_redc(z, P, P_dash); 109| 391k| } 110| 391k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 404| constexpr void serialize_to(std::span bytes) const { 740| 404| auto v = Rep::from_rep(m_val); 741| 404| std::reverse(v.begin(), v.end()); 742| | 743| 404| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 404| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 404| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 14.2k| static Self from_stash(const std::array& stash) { 775| 14.2k| static_assert(L >= N); 776| 14.2k| std::array val = {}; 777| 127k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 113k, False: 14.2k] ------------------ 778| 113k| val[i] = stash[i]; 779| 113k| } 780| 14.2k| return Self(val); 781| 14.2k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 171k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.56k| std::array stash_value() const { 760| 5.56k| static_assert(L >= N); 761| 5.56k| std::array stash = {}; 762| 50.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 44.5k, False: 5.56k] ------------------ 763| 44.5k| stash[i] = m_val[i]; 764| 44.5k| } 765| 5.56k| return stash; 766| 5.56k| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm16EEE: 127| 416| constexpr static std::array wide_to_rep(const std::array& x) { 128| 416| auto redc_x = Self::redc(x); 129| 416| std::array z; // NOLINT(*-member-init) 130| 416| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 416| return Self::redc(z); 132| 416| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 2.05k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 404| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 404| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 404] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 404| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 404| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 404] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 404| return Self::from_words(words); 807| 404| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm8EEESA_NSt3__15arrayImXT_EEE: 211| 404| static constexpr Self from_words(std::array w) { 212| 404| if constexpr(L == N) { 213| 404| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 404| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 808| constexpr static std::array to_rep(const std::array& x) { 116| 808| std::array z; // NOLINT(*-member-init) 117| 808| comba_mul(z.data(), x.data(), R2.data()); 118| 808| return Self::redc(z); 119| 808| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 416| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 416| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 416] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 416| std::array padded_bytes = {}; 836| 416| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 416| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 416| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE3oneEv: 200| 815| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE3oneEv: 99| 815| constexpr static std::array one() { return R1; } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEESC_: 265| 133k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 133k| std::array t; // NOLINT(*-member-init) 267| | 268| 133k| W carry = 0; 269| 1.19M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.06M, False: 133k] ------------------ 270| 1.06M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.06M| } 272| | 273| 133k| std::array r; // NOLINT(*-member-init) 274| 133k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 133k| return Self(r); 276| 133k| } pcurves_brainpool512r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEESC_: 281| 208| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 208| std::array r; // NOLINT(*-member-init) 283| 208| W carry = 0; 284| 1.87k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 1.66k, False: 208] ------------------ 285| 1.66k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 1.66k| } 287| | 288| 208| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 208| carry = 0; 291| | 292| 1.87k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 1.66k, False: 208] ------------------ 293| 1.66k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 1.66k| } 295| | 296| 208| return Self(r); 297| 208| } pcurves_brainpool512r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEESC_: 346| 10.9k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 10.9k| std::array z; // NOLINT(*-member-init) 348| 10.9k| comba_mul(z.data(), a.data(), b.data()); 349| 10.9k| return Self(Rep::redc(z)); 350| 10.9k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE4dataEv: 896| 894k| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE6squareEv: 426| 9.31k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 9.31k| std::array z; // NOLINT(*-member-init) 428| 9.31k| comba_sqr(z.data(), this->data()); 429| 9.31k| return Self(Rep::redc(z)); 430| 9.31k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE6invertEv: 538| 607| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm8EEE: 477| 607| constexpr Self pow_vartime(const std::array& exp) const { 478| 607| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 607] ------------------ 479| 607| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 607| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 607| std::array tbl; 490| | 491| 607| tbl[0] = (*this); 492| | 493| 18.8k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 18.2k, False: 607] ------------------ 494| | // Conditional ok: table indexes are public here 495| 18.2k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 9.10k, False: 9.10k] ------------------ 496| 9.10k| tbl[i] = tbl[i / 2].square(); 497| 9.10k| } else { 498| 9.10k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 9.10k| } 500| 18.2k| } 501| | 502| 607| auto r = Self::one(); 503| | 504| 607| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 607| if(w0 > 0) { ------------------ | Branch (507:13): [True: 607, False: 0] ------------------ 508| 607| r = tbl[w0 - 1]; 509| 607| } 510| | 511| 62.5k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 61.9k, False: 607] ------------------ 512| 61.9k| r.square_n(WindowBits); 513| | 514| 61.9k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 61.9k| if(w > 0) { ------------------ | Branch (517:16): [True: 58.8k, False: 3.03k] ------------------ 518| 58.8k| r *= tbl[w - 1]; 519| 58.8k| } 520| 61.9k| } 521| | 522| 607| return r; 523| 607| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEC2Ev: 180| 18.8k| constexpr IntMod() : m_val({}) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE8square_nEm: 439| 61.9k| constexpr void square_n(size_t n) { 440| 61.9k| std::array z; // NOLINT(*-member-init) 441| 371k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 309k, False: 61.9k] ------------------ 442| 309k| comba_sqr(z.data(), this->data()); 443| 309k| m_val = Rep::redc(z); 444| 309k| } 445| 61.9k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEmLERKSA_: 355| 58.8k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 58.8k| std::array z; // NOLINT(*-member-init) 357| 58.8k| comba_mul(z.data(), data(), other.data()); 358| 58.8k| m_val = Rep::redc(z); 359| 58.8k| return (*this); 360| 58.8k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE14invert_vartimeEv: 598| 404| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 404| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 404] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 404| auto x = Self(std::array{1}); // 1 in standard domain 605| 404| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 404| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 404| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 404| auto y = x; 613| | 614| | // First half of second loop iteration 615| 404| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 132k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 132k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 404, False: 132k] ------------------ 620| | // At this point it should be that a == b == 1 621| 404| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 404| r.m_val = Rep::to_rep(r.m_val); 625| 404| return r; 626| 404| } 627| | 628| 132k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 132k| std::array r; // NOLINT(*-member-init) 640| 132k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 132k| if(carry == 0) { ------------------ | Branch (643:16): [True: 49.2k, False: 82.8k] ------------------ 644| | // b > a 645| 49.2k| b.m_val = r; 646| 49.2k| x = nx; 647| 49.2k| Self::_invert_vartime_div2_helper(b, x); 648| 82.8k| } else { 649| | // We know this can't underflow because a > b 650| 82.8k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 82.8k| a.m_val = r; 652| 82.8k| y = nx; 653| 82.8k| Self::_invert_vartime_div2_helper(a, y); 654| 82.8k| } 655| 132k| } 656| 404| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 132k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 132k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 427k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 294k, False: 132k] ------------------ 552| 294k| shift_right<1>(a.m_val); 553| | 554| 294k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 294k| if(borrow) { ------------------ | Branch (557:16): [True: 145k, False: 149k] ------------------ 558| 145k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 145k| } 560| 294k| } 561| 132k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE6negateEv: 452| 1.01k| constexpr Self negate() const { 453| 1.01k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.01k| std::array r; // NOLINT(*-member-init) 456| 1.01k| W carry = 0; 457| 9.14k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8.12k, False: 1.01k] ------------------ 458| 8.12k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8.12k| } 460| | 461| 1.01k| return Self(r); 462| 1.01k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEeqERKSA_: 722| 2.45k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.45k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.45k| } pcurves_frp256v1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_18frp256v15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_frp256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_frp256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_frp256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E11FieldParamsEE3oneEv: 99| 1| constexpr static std::array one() { return R1; } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 46.3k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_frp256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 4.51k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_frp256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.56k| m_x(x), m_y(y), m_z(z) {} pcurves_frp256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 833| constexpr Self dbl() const { 1122| 833| if constexpr(Self::A_is_minus_3) { 1123| 833| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 833| } pcurves_frp256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 13.7k| constexpr const FieldElement& z() const { return m_z; } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 7.84k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.84k| std::array z; // NOLINT(*-member-init) 428| 7.84k| comba_sqr(z.data(), this->data()); 429| 7.84k| return Self(Rep::redc(z)); 430| 7.84k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 51.5k| constexpr const W* data() const { return m_val.data(); } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 29.3k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 29.3k| } else { 108| 29.3k| return monty_redc(z, P, P_dash); 109| 29.3k| } 110| 29.3k| } pcurves_frp256v1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEEESC_: 346| 21.5k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 21.5k| std::array z; // NOLINT(*-member-init) 348| 21.5k| comba_mul(z.data(), a.data(), b.data()); 349| 21.5k| return Self(Rep::redc(z)); 350| 21.5k| } pcurves_frp256v1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEEESC_: 281| 7.74k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 7.74k| std::array r; // NOLINT(*-member-init) 283| 7.74k| W carry = 0; 284| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 30.9k, False: 7.74k] ------------------ 285| 30.9k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 30.9k| } 287| | 288| 7.74k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 7.74k| carry = 0; 291| | 292| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 30.9k, False: 7.74k] ------------------ 293| 30.9k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 30.9k| } 295| | 296| 7.74k| return Self(r); 297| 7.74k| } pcurves_frp256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 7.00k| constexpr const FieldElement& x() const { return m_x; } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 833| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_frp256v1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEEESC_: 265| 2.57k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 2.57k| std::array t; // NOLINT(*-member-init) 267| | 268| 2.57k| W carry = 0; 269| 12.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 10.3k, False: 2.57k] ------------------ 270| 10.3k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 10.3k| } 272| | 273| 2.57k| std::array r; // NOLINT(*-member-init) 274| 2.57k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 2.57k| return Self(r); 276| 2.57k| } pcurves_frp256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 6.17k| constexpr const FieldElement& y() const { return m_y; } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 833| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 6.66k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 6.66k| std::array t = value(); 327| 6.66k| const W carry = shift_left<1>(t); 328| | 329| 6.66k| std::array r; // NOLINT(*-member-init) 330| 6.66k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 6.66k| return Self(r); 332| 6.66k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 6.66k| constexpr const std::array& value() const { return m_val; } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 833| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_frp256v1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_frp256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_frp256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 3.03k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.47k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.47k| const W mask = cond.into_bitmask(); 397| | 398| 7.35k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.88k, False: 1.47k] ------------------ 399| 5.88k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.88k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.88k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.88k| } 403| 1.47k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 179| for(;;) { 618| | // Conditional ok: this function is variable time 619| 179| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 178] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 178| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 178| std::array r; // NOLINT(*-member-init) 640| 178| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 178| if(carry == 0) { ------------------ | Branch (643:16): [True: 82, False: 96] ------------------ 644| | // b > a 645| 82| b.m_val = r; 646| 82| x = nx; 647| 82| Self::_invert_vartime_div2_helper(b, x); 648| 96| } else { 649| | // We know this can't underflow because a > b 650| 96| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 96| a.m_val = r; 652| 96| y = nx; 653| 96| Self::_invert_vartime_div2_helper(a, y); 654| 96| } 655| 178| } 656| 1| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 1| constexpr static std::array from_rep(const std::array& z) { 138| 1| std::array ze = {}; 139| 1| copy_mem(std::span{ze}.template first(), z); 140| 1| return Self::redc(ze); 141| 1| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 180| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 180| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 535| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 355, False: 180] ------------------ 552| 355| shift_right<1>(a.m_val); 553| | 554| 355| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 355| if(borrow) { ------------------ | Branch (557:16): [True: 171, False: 184] ------------------ 558| 171| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 171| } 560| 355| } 561| 180| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 1| constexpr static std::array to_rep(const std::array& x) { 116| 1| std::array z; // NOLINT(*-member-init) 117| 1| comba_mul(z.data(), x.data(), R2.data()); 118| 1| return Self::redc(z); 119| 1| } pcurves_frp256v1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.56k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 441| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 882| constexpr static std::array from_rep(const std::array& z) { 138| 882| std::array ze = {}; 139| 882| copy_mem(std::span{ze}.template first(), z); 140| 882| return Self::redc(ze); 141| 882| } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 221k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 221k| } else { 108| 221k| return monty_redc(z, P, P_dash); 109| 221k| } 110| 221k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 441| constexpr void serialize_to(std::span bytes) const { 740| 441| auto v = Rep::from_rep(m_val); 741| 441| std::reverse(v.begin(), v.end()); 742| | 743| 441| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 441| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 441| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 15.5k| static Self from_stash(const std::array& stash) { 775| 15.5k| static_assert(L >= N); 776| 15.5k| std::array val = {}; 777| 77.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 62.3k, False: 15.5k] ------------------ 778| 62.3k| val[i] = stash[i]; 779| 62.3k| } 780| 15.5k| return Self(val); 781| 15.5k| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 103k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 6.10k| std::array stash_value() const { 760| 6.10k| static_assert(L >= N); 761| 6.10k| std::array stash = {}; 762| 30.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 24.4k, False: 6.10k] ------------------ 763| 24.4k| stash[i] = m_val[i]; 764| 24.4k| } 765| 6.10k| return stash; 766| 6.10k| } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 458| constexpr static std::array wide_to_rep(const std::array& x) { 128| 458| auto redc_x = Self::redc(x); 129| 458| std::array z; // NOLINT(*-member-init) 130| 458| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 458| return Self::redc(z); 132| 458| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 2.25k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 441| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 441| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 441] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 441| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 441| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 441] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 441| return Self::from_words(words); 807| 441| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 441| static constexpr Self from_words(std::array w) { 212| 441| if constexpr(L == N) { 213| 441| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 441| } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 882| constexpr static std::array to_rep(const std::array& x) { 116| 882| std::array z; // NOLINT(*-member-init) 117| 882| comba_mul(z.data(), x.data(), R2.data()); 118| 882| return Self::redc(z); 119| 882| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 458| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 458| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 458] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 458| std::array padded_bytes = {}; 836| 458| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 458| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 458| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE3oneEv: 200| 893| static constexpr Self one() { return Self(Rep::one()); } pcurves_frp256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES0_E12ScalarParamsEE3oneEv: 99| 893| constexpr static std::array one() { return R1; } pcurves_frp256v1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEESC_: 265| 72.1k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 72.1k| std::array t; // NOLINT(*-member-init) 267| | 268| 72.1k| W carry = 0; 269| 360k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 288k, False: 72.1k] ------------------ 270| 288k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 288k| } 272| | 273| 72.1k| std::array r; // NOLINT(*-member-init) 274| 72.1k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 72.1k| return Self(r); 276| 72.1k| } pcurves_frp256v1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEESC_: 281| 229| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 229| std::array r; // NOLINT(*-member-init) 283| 229| W carry = 0; 284| 1.14k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 916, False: 229] ------------------ 285| 916| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 916| } 287| | 288| 229| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 229| carry = 0; 291| | 292| 1.14k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 916, False: 229] ------------------ 293| 916| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 916| } 295| | 296| 229| return Self(r); 297| 229| } pcurves_frp256v1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEESC_: 346| 6.69k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 6.69k| std::array z; // NOLINT(*-member-init) 348| 6.69k| comba_mul(z.data(), a.data(), b.data()); 349| 6.69k| return Self(Rep::redc(z)); 350| 6.69k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE4dataEv: 896| 502k| constexpr const W* data() const { return m_val.data(); } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE6squareEv: 426| 4.87k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 4.87k| std::array z; // NOLINT(*-member-init) 428| 4.87k| comba_sqr(z.data(), this->data()); 429| 4.87k| return Self(Rep::redc(z)); 430| 4.87k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE6invertEv: 538| 664| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm4EEE: 477| 664| constexpr Self pow_vartime(const std::array& exp) const { 478| 664| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 664| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 664| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 664| std::array tbl; 490| | 491| 664| tbl[0] = (*this); 492| | 493| 9.96k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 9.29k, False: 664] ------------------ 494| | // Conditional ok: table indexes are public here 495| 9.29k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 4.64k, False: 4.64k] ------------------ 496| 4.64k| tbl[i] = tbl[i / 2].square(); 497| 4.64k| } else { 498| 4.64k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 4.64k| } 500| 9.29k| } 501| | 502| 664| auto r = Self::one(); 503| | 504| 664| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 664| if(w0 > 0) { ------------------ | Branch (507:13): [True: 664, False: 0] ------------------ 508| 664| r = tbl[w0 - 1]; 509| 664| } 510| | 511| 42.4k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 41.8k, False: 664] ------------------ 512| 41.8k| r.square_n(WindowBits); 513| | 514| 41.8k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 41.8k| if(w > 0) { ------------------ | Branch (517:16): [True: 39.8k, False: 1.99k] ------------------ 518| 39.8k| r *= tbl[w - 1]; 519| 39.8k| } 520| 41.8k| } 521| | 522| 664| return r; 523| 664| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEC2Ev: 180| 9.96k| constexpr IntMod() : m_val({}) {} pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE8square_nEm: 439| 41.8k| constexpr void square_n(size_t n) { 440| 41.8k| std::array z; // NOLINT(*-member-init) 441| 209k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 167k, False: 41.8k] ------------------ 442| 167k| comba_sqr(z.data(), this->data()); 443| 167k| m_val = Rep::redc(z); 444| 167k| } 445| 41.8k| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEmLERKSA_: 355| 39.8k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 39.8k| std::array z; // NOLINT(*-member-init) 357| 39.8k| comba_mul(z.data(), data(), other.data()); 358| 39.8k| m_val = Rep::redc(z); 359| 39.8k| return (*this); 360| 39.8k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE14invert_vartimeEv: 598| 441| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 441| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 441] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 441| auto x = Self(std::array{1}); // 1 in standard domain 605| 441| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 441| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 441| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 441| auto y = x; 613| | 614| | // First half of second loop iteration 615| 441| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 71.4k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 71.4k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 441, False: 70.9k] ------------------ 620| | // At this point it should be that a == b == 1 621| 441| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 441| r.m_val = Rep::to_rep(r.m_val); 625| 441| return r; 626| 441| } 627| | 628| 70.9k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 70.9k| std::array r; // NOLINT(*-member-init) 640| 70.9k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 70.9k| if(carry == 0) { ------------------ | Branch (643:16): [True: 26.3k, False: 44.6k] ------------------ 644| | // b > a 645| 26.3k| b.m_val = r; 646| 26.3k| x = nx; 647| 26.3k| Self::_invert_vartime_div2_helper(b, x); 648| 44.6k| } else { 649| | // We know this can't underflow because a > b 650| 44.6k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 44.6k| a.m_val = r; 652| 44.6k| y = nx; 653| 44.6k| Self::_invert_vartime_div2_helper(a, y); 654| 44.6k| } 655| 70.9k| } 656| 441| } pcurves_frp256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 71.8k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 71.8k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 232k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 160k, False: 71.8k] ------------------ 552| 160k| shift_right<1>(a.m_val); 553| | 554| 160k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 160k| if(borrow) { ------------------ | Branch (557:16): [True: 81.2k, False: 79.2k] ------------------ 558| 81.2k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 81.2k| } 560| 160k| } 561| 71.8k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEE6negateEv: 452| 1.11k| constexpr Self negate() const { 453| 1.11k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.11k| std::array r; // NOLINT(*-member-init) 456| 1.11k| W carry = 0; 457| 5.55k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.44k, False: 1.11k] ------------------ 458| 4.44k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.44k| } 460| | 461| 1.11k| return Self(r); 462| 1.11k| } pcurves_frp256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_18frp256v16ParamsES1_E12ScalarParamsEEEEeqERKSA_: 722| 2.69k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.69k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.69k| } pcurves_numsp512d1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_110numsp512d15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_13Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_numsp512d1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_numsp512d1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_numsp512d1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 91.8k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 9| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 8, False: 1] ------------------ 414| 8| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 8| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 8| x.m_val[i] = nx; 417| 8| y.m_val[i] = ny; 418| 8| } 419| 1| } pcurves_numsp512d1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 8.92k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_numsp512d1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 3.10k| m_x(x), m_y(y), m_z(z) {} pcurves_numsp512d1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 1.64k| constexpr Self dbl() const { 1122| 1.64k| if constexpr(Self::A_is_minus_3) { 1123| 1.64k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 1.64k| } pcurves_numsp512d1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 27.1k| constexpr const FieldElement& z() const { return m_z; } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 15.5k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 15.5k| std::array z; // NOLINT(*-member-init) 428| 15.5k| comba_sqr(z.data(), this->data()); 429| 15.5k| return Self(Rep::redc(z)); 430| 15.5k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 102k| constexpr const W* data() const { return m_val.data(); } pcurves_numsp512d1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 42.6k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 42.6k| std::array z; // NOLINT(*-member-init) 348| 42.6k| comba_mul(z.data(), a.data(), b.data()); 349| 42.6k| return Self(Rep::redc(z)); 350| 42.6k| } pcurves_numsp512d1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 15.3k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 15.3k| std::array r; // NOLINT(*-member-init) 283| 15.3k| W carry = 0; 284| 137k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 122k, False: 15.3k] ------------------ 285| 122k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 122k| } 287| | 288| 15.3k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 15.3k| carry = 0; 291| | 292| 137k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 122k, False: 15.3k] ------------------ 293| 122k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 122k| } 295| | 296| 15.3k| return Self(r); 297| 15.3k| } pcurves_numsp512d1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 13.8k| constexpr const FieldElement& x() const { return m_x; } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 1.64k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_numsp512d1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 5.12k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 5.12k| std::array t; // NOLINT(*-member-init) 267| | 268| 5.12k| W carry = 0; 269| 46.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 41.0k, False: 5.12k] ------------------ 270| 41.0k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 41.0k| } 272| | 273| 5.12k| std::array r; // NOLINT(*-member-init) 274| 5.12k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 5.12k| return Self(r); 276| 5.12k| } pcurves_numsp512d1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 12.2k| constexpr const FieldElement& y() const { return m_y; } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 1.64k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 13.1k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 13.1k| std::array t = value(); 327| 13.1k| const W carry = shift_left<1>(t); 328| | 329| 13.1k| std::array r; // NOLINT(*-member-init) 330| 13.1k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 13.1k| return Self(r); 332| 13.1k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 13.1k| constexpr const std::array& value() const { return m_val; } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 1.64k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_numsp512d1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_numsp512d1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_numsp512d1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 6.01k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 2.91k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 2.91k| const W mask = cond.into_bitmask(); 397| | 398| 26.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 23.2k, False: 2.91k] ------------------ 399| 23.2k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 23.2k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 23.2k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 23.2k| } 403| 2.91k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 375| for(;;) { 618| | // Conditional ok: this function is variable time 619| 375| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 374] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 374| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 374| std::array r; // NOLINT(*-member-init) 640| 374| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 374| if(carry == 0) { ------------------ | Branch (643:16): [True: 177, False: 197] ------------------ 644| | // b > a 645| 177| b.m_val = r; 646| 177| x = nx; 647| 177| Self::_invert_vartime_div2_helper(b, x); 648| 197| } else { 649| | // We know this can't underflow because a > b 650| 197| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 197| a.m_val = r; 652| 197| y = nx; 653| 197| Self::_invert_vartime_div2_helper(a, y); 654| 197| } 655| 374| } 656| 1| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 376| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 376| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.09k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 715, False: 376] ------------------ 552| 715| shift_right<1>(a.m_val); 553| | 554| 715| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 715| if(borrow) { ------------------ | Branch (557:16): [True: 363, False: 352] ------------------ 558| 363| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 363| } 560| 715| } 561| 376| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 18| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 16, False: 2] ------------------ 458| 16| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 16| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_numsp512d1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 3.10k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 344| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_numsp512d1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS4_13Numsp512d1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 688| constexpr static std::array from_rep(const std::array& z) { 138| 688| std::array ze = {}; 139| 688| copy_mem(std::span{ze}.template first(), z); 140| 688| return Self::redc(ze); 141| 688| } pcurves_numsp512d1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS4_13Numsp512d1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 335k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 335k| } else { 108| 335k| return monty_redc(z, P, P_dash); 109| 335k| } 110| 335k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 344| constexpr void serialize_to(std::span bytes) const { 740| 344| auto v = Rep::from_rep(m_val); 741| 344| std::reverse(v.begin(), v.end()); 742| | 743| 344| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 344| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 344| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 12.1k| static Self from_stash(const std::array& stash) { 775| 12.1k| static_assert(L >= N); 776| 12.1k| std::array val = {}; 777| 109k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 97.0k, False: 12.1k] ------------------ 778| 97.0k| val[i] = stash[i]; 779| 97.0k| } 780| 12.1k| return Self(val); 781| 12.1k| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 144k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 4.75k| std::array stash_value() const { 760| 4.75k| static_assert(L >= N); 761| 4.75k| std::array stash = {}; 762| 42.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 38.0k, False: 4.75k] ------------------ 763| 38.0k| stash[i] = m_val[i]; 764| 38.0k| } 765| 4.75k| return stash; 766| 4.75k| } pcurves_numsp512d1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS4_13Numsp512d1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm16EEE: 127| 356| constexpr static std::array wide_to_rep(const std::array& x) { 128| 356| auto redc_x = Self::redc(x); 129| 356| std::array z; // NOLINT(*-member-init) 130| 356| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 356| return Self::redc(z); 132| 356| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 1.75k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 344| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 344| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 344] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 344| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 344| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 344] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 344| return Self::from_words(words); 807| 344| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE10from_wordsILm8EEESB_NSt3__15arrayImXT_EEE: 211| 344| static constexpr Self from_words(std::array w) { 212| 344| if constexpr(L == N) { 213| 344| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 344| } pcurves_numsp512d1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS4_13Numsp512d1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 688| constexpr static std::array to_rep(const std::array& x) { 116| 688| std::array z; // NOLINT(*-member-init) 117| 688| comba_mul(z.data(), x.data(), R2.data()); 118| 688| return Self::redc(z); 119| 688| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 356| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 356| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 356] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 356| std::array padded_bytes = {}; 836| 356| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 356| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 356| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE3oneEv: 200| 694| static constexpr Self one() { return Self(Rep::one()); } pcurves_numsp512d1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS4_13Numsp512d1RepEE12ScalarParamsEE3oneEv: 99| 694| constexpr static std::array one() { return R1; } pcurves_numsp512d1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEESD_: 265| 111k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 111k| std::array t; // NOLINT(*-member-init) 267| | 268| 111k| W carry = 0; 269| 1.00M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 893k, False: 111k] ------------------ 270| 893k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 893k| } 272| | 273| 111k| std::array r; // NOLINT(*-member-init) 274| 111k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 111k| return Self(r); 276| 111k| } pcurves_numsp512d1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEESD_: 281| 178| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 178| std::array r; // NOLINT(*-member-init) 283| 178| W carry = 0; 284| 1.60k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 1.42k, False: 178] ------------------ 285| 1.42k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 1.42k| } 287| | 288| 178| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 178| carry = 0; 291| | 292| 1.60k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 1.42k, False: 178] ------------------ 293| 1.42k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 1.42k| } 295| | 296| 178| return Self(r); 297| 178| } pcurves_numsp512d1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEESD_: 346| 9.33k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 9.33k| std::array z; // NOLINT(*-member-init) 348| 9.33k| comba_mul(z.data(), a.data(), b.data()); 349| 9.33k| return Self(Rep::redc(z)); 350| 9.33k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE4dataEv: 896| 766k| constexpr const W* data() const { return m_val.data(); } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE6squareEv: 426| 7.91k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.91k| std::array z; // NOLINT(*-member-init) 428| 7.91k| comba_sqr(z.data(), this->data()); 429| 7.91k| return Self(Rep::redc(z)); 430| 7.91k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE6invertEv: 538| 516| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm8EEE: 477| 516| constexpr Self pow_vartime(const std::array& exp) const { 478| 516| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 516] ------------------ 479| 516| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 516| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 516| std::array tbl; 490| | 491| 516| tbl[0] = (*this); 492| | 493| 15.9k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 15.4k, False: 516] ------------------ 494| | // Conditional ok: table indexes are public here 495| 15.4k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 7.74k, False: 7.74k] ------------------ 496| 7.74k| tbl[i] = tbl[i / 2].square(); 497| 7.74k| } else { 498| 7.74k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 7.74k| } 500| 15.4k| } 501| | 502| 516| auto r = Self::one(); 503| | 504| 516| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 516| if(w0 > 0) { ------------------ | Branch (507:13): [True: 516, False: 0] ------------------ 508| 516| r = tbl[w0 - 1]; 509| 516| } 510| | 511| 53.1k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 52.6k, False: 516] ------------------ 512| 52.6k| r.square_n(WindowBits); 513| | 514| 52.6k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 52.6k| if(w > 0) { ------------------ | Branch (517:16): [True: 52.6k, False: 0] ------------------ 518| 52.6k| r *= tbl[w - 1]; 519| 52.6k| } 520| 52.6k| } 521| | 522| 516| return r; 523| 516| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEC2Ev: 180| 15.9k| constexpr IntMod() : m_val({}) {} pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE8square_nEm: 439| 52.6k| constexpr void square_n(size_t n) { 440| 52.6k| std::array z; // NOLINT(*-member-init) 441| 315k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 263k, False: 52.6k] ------------------ 442| 263k| comba_sqr(z.data(), this->data()); 443| 263k| m_val = Rep::redc(z); 444| 263k| } 445| 52.6k| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEmLERKSB_: 355| 52.6k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 52.6k| std::array z; // NOLINT(*-member-init) 357| 52.6k| comba_mul(z.data(), data(), other.data()); 358| 52.6k| m_val = Rep::redc(z); 359| 52.6k| return (*this); 360| 52.6k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 344| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 344| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 344] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 344| auto x = Self(std::array{1}); // 1 in standard domain 605| 344| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 344| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 344| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 344| auto y = x; 613| | 614| | // First half of second loop iteration 615| 344| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 111k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 111k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 344, False: 110k] ------------------ 620| | // At this point it should be that a == b == 1 621| 344| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 344| r.m_val = Rep::to_rep(r.m_val); 625| 344| return r; 626| 344| } 627| | 628| 110k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 110k| std::array r; // NOLINT(*-member-init) 640| 110k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 110k| if(carry == 0) { ------------------ | Branch (643:16): [True: 38.4k, False: 72.3k] ------------------ 644| | // b > a 645| 38.4k| b.m_val = r; 646| 38.4k| x = nx; 647| 38.4k| Self::_invert_vartime_div2_helper(b, x); 648| 72.3k| } else { 649| | // We know this can't underflow because a > b 650| 72.3k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 72.3k| a.m_val = r; 652| 72.3k| y = nx; 653| 72.3k| Self::_invert_vartime_div2_helper(a, y); 654| 72.3k| } 655| 110k| } 656| 344| } pcurves_numsp512d1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 111k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 111k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 360k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 249k, False: 111k] ------------------ 552| 249k| shift_right<1>(a.m_val); 553| | 554| 249k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 249k| if(borrow) { ------------------ | Branch (557:16): [True: 125k, False: 123k] ------------------ 558| 125k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 125k| } 560| 249k| } 561| 111k| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEE6negateEv: 452| 866| constexpr Self negate() const { 453| 866| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 866| std::array r; // NOLINT(*-member-init) 456| 866| W carry = 0; 457| 7.79k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 6.92k, False: 866] ------------------ 458| 6.92k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 6.92k| } 460| | 461| 866| return Self(r); 462| 866| } pcurves_numsp512d1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_110numsp512d16ParamsENS5_13Numsp512d1RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.09k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.09k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.09k| } pcurves_secp192r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp192r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_12Secp192r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp192r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp192r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp192r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm3EEE: 898| 35.0k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 4| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 3, False: 1] ------------------ 414| 3| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 3| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 3| x.m_val[i] = nx; 417| 3| y.m_val[i] = ny; 418| 3| } 419| 1| } pcurves_secp192r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 3.40k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp192r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.18k| m_x(x), m_y(y), m_z(z) {} pcurves_secp192r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 629| constexpr Self dbl() const { 1122| 629| if constexpr(Self::A_is_minus_3) { 1123| 629| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 629| } pcurves_secp192r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 10.3k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 5.92k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 5.92k| std::array z; // NOLINT(*-member-init) 428| 5.92k| comba_sqr(z.data(), this->data()); 429| 5.92k| return Self(Rep::redc(z)); 430| 5.92k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 38.9k| constexpr const W* data() const { return m_val.data(); } pcurves_secp192r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 16.2k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 16.2k| std::array z; // NOLINT(*-member-init) 348| 16.2k| comba_mul(z.data(), a.data(), b.data()); 349| 16.2k| return Self(Rep::redc(z)); 350| 16.2k| } pcurves_secp192r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 5.84k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 5.84k| std::array r; // NOLINT(*-member-init) 283| 5.84k| W carry = 0; 284| 23.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 17.5k, False: 5.84k] ------------------ 285| 17.5k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 17.5k| } 287| | 288| 5.84k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 5.84k| carry = 0; 291| | 292| 23.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 17.5k, False: 5.84k] ------------------ 293| 17.5k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 17.5k| } 295| | 296| 5.84k| return Self(r); 297| 5.84k| } pcurves_secp192r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 5.29k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 629| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp192r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 1.95k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 1.95k| std::array t; // NOLINT(*-member-init) 267| | 268| 1.95k| W carry = 0; 269| 7.82k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 5.86k, False: 1.95k] ------------------ 270| 5.86k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 5.86k| } 272| | 273| 1.95k| std::array r; // NOLINT(*-member-init) 274| 1.95k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 1.95k| return Self(r); 276| 1.95k| } pcurves_secp192r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 4.66k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 629| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 5.03k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 5.03k| std::array t = value(); 327| 5.03k| const W carry = shift_left<1>(t); 328| | 329| 5.03k| std::array r; // NOLINT(*-member-init) 330| 5.03k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 5.03k| return Self(r); 332| 5.03k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 5.03k| constexpr const std::array& value() const { return m_val; } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 629| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp192r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 555| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp192r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 555| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp192r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 2.29k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.11k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.11k| const W mask = cond.into_bitmask(); 397| | 398| 4.44k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 3.33k, False: 1.11k] ------------------ 399| 3.33k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 3.33k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 3.33k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 3.33k| } 403| 1.11k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 144| for(;;) { 618| | // Conditional ok: this function is variable time 619| 144| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 143] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 143| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 143| std::array r; // NOLINT(*-member-init) 640| 143| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 143| if(carry == 0) { ------------------ | Branch (643:16): [True: 74, False: 69] ------------------ 644| | // b > a 645| 74| b.m_val = r; 646| 74| x = nx; 647| 74| Self::_invert_vartime_div2_helper(b, x); 648| 74| } else { 649| | // We know this can't underflow because a > b 650| 69| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 69| a.m_val = r; 652| 69| y = nx; 653| 69| Self::_invert_vartime_div2_helper(a, y); 654| 69| } 655| 143| } 656| 1| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 145| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 145| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 402| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 257, False: 145] ------------------ 552| 257| shift_right<1>(a.m_val); 553| | 554| 257| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 257| if(borrow) { ------------------ | Branch (557:16): [True: 110, False: 147] ------------------ 558| 110| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 110| } 560| 257| } 561| 145| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 8| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 6, False: 2] ------------------ 458| 6| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 6| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp192r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.18k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 599| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp192r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS4_12Secp192r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm3EEE: 137| 1.19k| constexpr static std::array from_rep(const std::array& z) { 138| 1.19k| std::array ze = {}; 139| 1.19k| copy_mem(std::span{ze}.template first(), z); 140| 1.19k| return Self::redc(ze); 141| 1.19k| } pcurves_secp192r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS4_12Secp192r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm6EEE: 104| 230k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 230k| } else { 108| 230k| return monty_redc(z, P, P_dash); 109| 230k| } 110| 230k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm24EEE: 739| 599| constexpr void serialize_to(std::span bytes) const { 740| 599| auto v = Rep::from_rep(m_val); 741| 599| std::reverse(v.begin(), v.end()); 742| | 743| 599| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 599| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 599| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 21.3k| static Self from_stash(const std::array& stash) { 775| 21.3k| static_assert(L >= N); 776| 21.3k| std::array val = {}; 777| 85.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 64.0k, False: 21.3k] ------------------ 778| 64.0k| val[i] = stash[i]; 779| 64.0k| } 780| 21.3k| return Self(val); 781| 21.3k| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm3EEE: 898| 117k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 8.36k| std::array stash_value() const { 760| 8.36k| static_assert(L >= N); 761| 8.36k| std::array stash = {}; 762| 33.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 25.0k, False: 8.36k] ------------------ 763| 25.0k| stash[i] = m_val[i]; 764| 25.0k| } 765| 8.36k| return stash; 766| 8.36k| } pcurves_secp192r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS4_12Secp192r1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm6EEE: 127| 630| constexpr static std::array wide_to_rep(const std::array& x) { 128| 630| auto redc_x = Self::redc(x); 129| 630| std::array z; // NOLINT(*-member-init) 130| 630| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 630| return Self::redc(z); 132| 630| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 3.08k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 599| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 599| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 599] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 599| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 599| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 599] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 599| return Self::from_words(words); 807| 599| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE10from_wordsILm3EEESB_NSt3__15arrayImXT_EEE: 211| 599| static constexpr Self from_words(std::array w) { 212| 599| if constexpr(L == N) { 213| 599| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 599| } pcurves_secp192r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS4_12Secp192r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm3EEE: 115| 1.19k| constexpr static std::array to_rep(const std::array& x) { 116| 1.19k| std::array z; // NOLINT(*-member-init) 117| 1.19k| comba_mul(z.data(), x.data(), R2.data()); 118| 1.19k| return Self::redc(z); 119| 1.19k| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 630| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 630| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 630] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 630| std::array padded_bytes = {}; 836| 630| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 630| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 630| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE3oneEv: 200| 1.21k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp192r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS4_12Secp192r1RepEE12ScalarParamsEE3oneEv: 99| 1.21k| constexpr static std::array one() { return R1; } pcurves_secp192r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEESD_: 265| 75.4k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 75.4k| std::array t; // NOLINT(*-member-init) 267| | 268| 75.4k| W carry = 0; 269| 301k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 226k, False: 75.4k] ------------------ 270| 226k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 226k| } 272| | 273| 75.4k| std::array r; // NOLINT(*-member-init) 274| 75.4k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 75.4k| return Self(r); 276| 75.4k| } pcurves_secp192r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEESD_: 281| 315| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 315| std::array r; // NOLINT(*-member-init) 283| 315| W carry = 0; 284| 1.26k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 945, False: 315] ------------------ 285| 945| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 945| } 287| | 288| 315| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 315| carry = 0; 291| | 292| 1.26k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 945, False: 315] ------------------ 293| 945| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 945| } 295| | 296| 315| return Self(r); 297| 315| } pcurves_secp192r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEESD_: 346| 9.09k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 9.09k| std::array z; // NOLINT(*-member-init) 348| 9.09k| comba_mul(z.data(), a.data(), b.data()); 349| 9.09k| return Self(Rep::redc(z)); 350| 9.09k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE4dataEv: 896| 528k| constexpr const W* data() const { return m_val.data(); } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE6squareEv: 426| 6.60k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 6.60k| std::array z; // NOLINT(*-member-init) 428| 6.60k| comba_sqr(z.data(), this->data()); 429| 6.60k| return Self(Rep::redc(z)); 430| 6.60k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE6invertEv: 538| 899| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm3EEE: 477| 899| constexpr Self pow_vartime(const std::array& exp) const { 478| 899| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 899| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 899| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 899| std::array tbl; 490| | 491| 899| tbl[0] = (*this); 492| | 493| 13.4k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 12.5k, False: 899] ------------------ 494| | // Conditional ok: table indexes are public here 495| 12.5k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 6.29k, False: 6.29k] ------------------ 496| 6.29k| tbl[i] = tbl[i / 2].square(); 497| 6.29k| } else { 498| 6.29k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 6.29k| } 500| 12.5k| } 501| | 502| 899| auto r = Self::one(); 503| | 504| 899| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 899| if(w0 > 0) { ------------------ | Branch (507:13): [True: 899, False: 0] ------------------ 508| 899| r = tbl[w0 - 1]; 509| 899| } 510| | 511| 43.1k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 42.2k, False: 899] ------------------ 512| 42.2k| r.square_n(WindowBits); 513| | 514| 42.2k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 42.2k| if(w > 0) { ------------------ | Branch (517:16): [True: 42.2k, False: 0] ------------------ 518| 42.2k| r *= tbl[w - 1]; 519| 42.2k| } 520| 42.2k| } 521| | 522| 899| return r; 523| 899| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEC2Ev: 180| 13.4k| constexpr IntMod() : m_val({}) {} pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE8square_nEm: 439| 42.2k| constexpr void square_n(size_t n) { 440| 42.2k| std::array z; // NOLINT(*-member-init) 441| 211k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 169k, False: 42.2k] ------------------ 442| 169k| comba_sqr(z.data(), this->data()); 443| 169k| m_val = Rep::redc(z); 444| 169k| } 445| 42.2k| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEmLERKSB_: 355| 42.2k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 42.2k| std::array z; // NOLINT(*-member-init) 357| 42.2k| comba_mul(z.data(), data(), other.data()); 358| 42.2k| m_val = Rep::redc(z); 359| 42.2k| return (*this); 360| 42.2k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 599| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 599| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 599] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 599| auto x = Self(std::array{1}); // 1 in standard domain 605| 599| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 599| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 599| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 599| auto y = x; 613| | 614| | // First half of second loop iteration 615| 599| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 74.4k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 74.4k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 599, False: 73.8k] ------------------ 620| | // At this point it should be that a == b == 1 621| 599| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 599| r.m_val = Rep::to_rep(r.m_val); 625| 599| return r; 626| 599| } 627| | 628| 73.8k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 73.8k| std::array r; // NOLINT(*-member-init) 640| 73.8k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 73.8k| if(carry == 0) { ------------------ | Branch (643:16): [True: 27.1k, False: 46.7k] ------------------ 644| | // b > a 645| 27.1k| b.m_val = r; 646| 27.1k| x = nx; 647| 27.1k| Self::_invert_vartime_div2_helper(b, x); 648| 46.7k| } else { 649| | // We know this can't underflow because a > b 650| 46.7k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 46.7k| a.m_val = r; 652| 46.7k| y = nx; 653| 46.7k| Self::_invert_vartime_div2_helper(a, y); 654| 46.7k| } 655| 73.8k| } 656| 599| } pcurves_secp192r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 75.0k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 75.0k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 236k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 161k, False: 75.0k] ------------------ 552| 161k| shift_right<1>(a.m_val); 553| | 554| 161k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 161k| if(borrow) { ------------------ | Branch (557:16): [True: 81.6k, False: 79.7k] ------------------ 558| 81.6k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 81.6k| } 560| 161k| } 561| 75.0k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEE6negateEv: 452| 1.51k| constexpr Self negate() const { 453| 1.51k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.51k| std::array r; // NOLINT(*-member-init) 456| 1.51k| W carry = 0; 457| 6.05k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.53k, False: 1.51k] ------------------ 458| 4.53k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.53k| } 460| | 461| 1.51k| return Self(r); 462| 1.51k| } pcurves_secp192r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp192r16ParamsENS5_12Secp192r1RepEE12ScalarParamsEEEEeqERKSB_: 722| 3.67k| constexpr CT::Choice operator==(const Self& other) const { 723| 3.67k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 3.67k| } pcurves_secp224r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp224r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_12Secp224r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp224r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp224r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp224r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 40.7k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_secp224r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 3.95k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp224r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.37k| m_x(x), m_y(y), m_z(z) {} pcurves_secp224r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 731| constexpr Self dbl() const { 1122| 731| if constexpr(Self::A_is_minus_3) { 1123| 731| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 731| } pcurves_secp224r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 12.0k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 6.88k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 6.88k| std::array z; // NOLINT(*-member-init) 428| 6.88k| comba_sqr(z.data(), this->data()); 429| 6.88k| return Self(Rep::redc(z)); 430| 6.88k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 45.1k| constexpr const W* data() const { return m_val.data(); } pcurves_secp224r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 18.9k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 18.9k| std::array z; // NOLINT(*-member-init) 348| 18.9k| comba_mul(z.data(), a.data(), b.data()); 349| 18.9k| return Self(Rep::redc(z)); 350| 18.9k| } pcurves_secp224r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 6.79k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 6.79k| std::array r; // NOLINT(*-member-init) 283| 6.79k| W carry = 0; 284| 33.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 27.1k, False: 6.79k] ------------------ 285| 27.1k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 27.1k| } 287| | 288| 6.79k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 6.79k| carry = 0; 291| | 292| 33.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 27.1k, False: 6.79k] ------------------ 293| 27.1k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 27.1k| } 295| | 296| 6.79k| return Self(r); 297| 6.79k| } pcurves_secp224r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 6.14k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 731| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp224r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 2.25k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 2.25k| std::array t; // NOLINT(*-member-init) 267| | 268| 2.25k| W carry = 0; 269| 11.2k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 9.03k, False: 2.25k] ------------------ 270| 9.03k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 9.03k| } 272| | 273| 2.25k| std::array r; // NOLINT(*-member-init) 274| 2.25k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 2.25k| return Self(r); 276| 2.25k| } pcurves_secp224r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 5.41k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 731| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 5.84k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 5.84k| std::array t = value(); 327| 5.84k| const W carry = shift_left<1>(t); 328| | 329| 5.84k| std::array r; // NOLINT(*-member-init) 330| 5.84k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 5.84k| return Self(r); 332| 5.84k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 5.84k| constexpr const std::array& value() const { return m_val; } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 731| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp224r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 645| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp224r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 645| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp224r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 2.66k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.29k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.29k| const W mask = cond.into_bitmask(); 397| | 398| 6.45k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.16k, False: 1.29k] ------------------ 399| 5.16k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.16k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.16k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.16k| } 403| 1.29k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 153| for(;;) { 618| | // Conditional ok: this function is variable time 619| 153| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 152] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 152| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 152| std::array r; // NOLINT(*-member-init) 640| 152| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 152| if(carry == 0) { ------------------ | Branch (643:16): [True: 81, False: 71] ------------------ 644| | // b > a 645| 81| b.m_val = r; 646| 81| x = nx; 647| 81| Self::_invert_vartime_div2_helper(b, x); 648| 81| } else { 649| | // We know this can't underflow because a > b 650| 71| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 71| a.m_val = r; 652| 71| y = nx; 653| 71| Self::_invert_vartime_div2_helper(a, y); 654| 71| } 655| 152| } 656| 1| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 154| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 154| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 479| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 325, False: 154] ------------------ 552| 325| shift_right<1>(a.m_val); 553| | 554| 325| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 325| if(borrow) { ------------------ | Branch (557:16): [True: 200, False: 125] ------------------ 558| 200| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 200| } 560| 325| } 561| 154| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp224r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.37k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 509| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp224r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS4_12Secp224r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 1.01k| constexpr static std::array from_rep(const std::array& z) { 138| 1.01k| std::array ze = {}; 139| 1.01k| copy_mem(std::span{ze}.template first(), z); 140| 1.01k| return Self::redc(ze); 141| 1.01k| } pcurves_secp224r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS4_12Secp224r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 200k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 200k| } else { 108| 200k| return monty_redc(z, P, P_dash); 109| 200k| } 110| 200k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm28EEE: 739| 509| constexpr void serialize_to(std::span bytes) const { 740| 509| auto v = Rep::from_rep(m_val); 741| 509| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 509| } else { 746| | // Remove leading zero bytes 747| 509| const auto padded_bytes = store_be(v); 748| 509| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 509| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 509| } 751| 509| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 17.8k| static Self from_stash(const std::array& stash) { 775| 17.8k| static_assert(L >= N); 776| 17.8k| std::array val = {}; 777| 89.2k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 71.4k, False: 17.8k] ------------------ 778| 71.4k| val[i] = stash[i]; 779| 71.4k| } 780| 17.8k| return Self(val); 781| 17.8k| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 107k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 6.99k| std::array stash_value() const { 760| 6.99k| static_assert(L >= N); 761| 6.99k| std::array stash = {}; 762| 34.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 27.9k, False: 6.99k] ------------------ 763| 27.9k| stash[i] = m_val[i]; 764| 27.9k| } 765| 6.99k| return stash; 766| 6.99k| } pcurves_secp224r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS4_12Secp224r1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 522| constexpr static std::array wide_to_rep(const std::array& x) { 128| 522| auto redc_x = Self::redc(x); 129| 522| std::array z; // NOLINT(*-member-init) 130| 522| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 522| return Self::redc(z); 132| 522| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 2.58k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 509| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 509| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 509] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 509| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 509| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 509] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 509| return Self::from_words(words); 807| 509| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 509| static constexpr Self from_words(std::array w) { 212| 509| if constexpr(L == N) { 213| 509| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 509| } pcurves_secp224r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS4_12Secp224r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 1.01k| constexpr static std::array to_rep(const std::array& x) { 116| 1.01k| std::array z; // NOLINT(*-member-init) 117| 1.01k| comba_mul(z.data(), x.data(), R2.data()); 118| 1.01k| return Self::redc(z); 119| 1.01k| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 522| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 522| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 522] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 522| std::array padded_bytes = {}; 836| 522| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 522| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 522| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE3oneEv: 200| 261| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp224r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS4_12Secp224r1RepEE12ScalarParamsEE3oneEv: 99| 261| constexpr static std::array one() { return R1; } pcurves_secp224r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEESD_: 265| 72.6k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 72.6k| std::array t; // NOLINT(*-member-init) 267| | 268| 72.6k| W carry = 0; 269| 363k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 290k, False: 72.6k] ------------------ 270| 290k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 290k| } 272| | 273| 72.6k| std::array r; // NOLINT(*-member-init) 274| 72.6k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 72.6k| return Self(r); 276| 72.6k| } pcurves_secp224r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEESD_: 281| 261| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 261| std::array r; // NOLINT(*-member-init) 283| 261| W carry = 0; 284| 1.30k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 1.04k, False: 261] ------------------ 285| 1.04k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 1.04k| } 287| | 288| 261| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 261| carry = 0; 291| | 292| 1.30k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 1.04k, False: 261] ------------------ 293| 1.04k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 1.04k| } 295| | 296| 261| return Self(r); 297| 261| } pcurves_secp224r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEESD_: 346| 9.98k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 9.98k| std::array z; // NOLINT(*-member-init) 348| 9.98k| comba_mul(z.data(), a.data(), b.data()); 349| 9.98k| return Self(Rep::redc(z)); 350| 9.98k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE4dataEv: 896| 475k| constexpr const W* data() const { return m_val.data(); } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE6squareEv: 426| 3.32k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 3.32k| std::array z; // NOLINT(*-member-init) 428| 3.32k| comba_sqr(z.data(), this->data()); 429| 3.32k| return Self(Rep::redc(z)); 430| 3.32k| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEmLERKSB_: 355| 18.3k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 18.3k| std::array z; // NOLINT(*-member-init) 357| 18.3k| comba_mul(z.data(), data(), other.data()); 358| 18.3k| m_val = Rep::redc(z); 359| 18.3k| return (*this); 360| 18.3k| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE8square_nEm: 439| 16.8k| constexpr void square_n(size_t n) { 440| 16.8k| std::array z; // NOLINT(*-member-init) 441| 182k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 166k, False: 16.8k] ------------------ 442| 166k| comba_sqr(z.data(), this->data()); 443| 166k| m_val = Rep::redc(z); 444| 166k| } 445| 16.8k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 509| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 509| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 509] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 509| auto x = Self(std::array{1}); // 1 in standard domain 605| 509| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 509| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 509| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 509| auto y = x; 613| | 614| | // First half of second loop iteration 615| 509| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 71.8k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 71.8k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 509, False: 71.3k] ------------------ 620| | // At this point it should be that a == b == 1 621| 509| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 509| r.m_val = Rep::to_rep(r.m_val); 625| 509| return r; 626| 509| } 627| | 628| 71.3k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 71.3k| std::array r; // NOLINT(*-member-init) 640| 71.3k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 71.3k| if(carry == 0) { ------------------ | Branch (643:16): [True: 21.7k, False: 49.6k] ------------------ 644| | // b > a 645| 21.7k| b.m_val = r; 646| 21.7k| x = nx; 647| 21.7k| Self::_invert_vartime_div2_helper(b, x); 648| 49.6k| } else { 649| | // We know this can't underflow because a > b 650| 49.6k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 49.6k| a.m_val = r; 652| 49.6k| y = nx; 653| 49.6k| Self::_invert_vartime_div2_helper(a, y); 654| 49.6k| } 655| 71.3k| } 656| 509| } pcurves_secp224r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 72.3k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 72.3k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 233k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 160k, False: 72.3k] ------------------ 552| 160k| shift_right<1>(a.m_val); 553| | 554| 160k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 160k| if(borrow) { ------------------ | Branch (557:16): [True: 79.8k, False: 80.9k] ------------------ 558| 79.8k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 79.8k| } 560| 160k| } 561| 72.3k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEE6negateEv: 452| 1.27k| constexpr Self negate() const { 453| 1.27k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.27k| std::array r; // NOLINT(*-member-init) 456| 1.27k| W carry = 0; 457| 6.39k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 5.11k, False: 1.27k] ------------------ 458| 5.11k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 5.11k| } 460| | 461| 1.27k| return Self(r); 462| 1.27k| } pcurves_secp224r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp224r16ParamsENS5_12Secp224r1RepEE12ScalarParamsEEEEeqERKSB_: 722| 3.08k| constexpr CT::Choice operator==(const Self& other) const { 723| 3.08k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 3.08k| } pcurves_secp256k1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256k15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_12Secp256k1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp256k1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp256k1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256k1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 43.8k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_secp256k1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 4.51k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256k1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.56k| m_x(x), m_y(y), m_z(z) {} pcurves_secp256k1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 833| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| 833| } else if constexpr(Self::A_is_zero) { 1125| 833| return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 833| } pcurves_secp256k1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 6.17k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 7.84k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.84k| std::array z; // NOLINT(*-member-init) 428| 7.84k| comba_sqr(z.data(), this->data()); 429| 7.84k| return Self(Rep::redc(z)); 430| 7.84k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 49.7k| constexpr const W* data() const { return m_val.data(); } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 833| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp256k1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 1.74k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 1.74k| std::array t; // NOLINT(*-member-init) 267| | 268| 1.74k| W carry = 0; 269| 8.71k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 6.97k, False: 1.74k] ------------------ 270| 6.97k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 6.97k| } 272| | 273| 1.74k| std::array r; // NOLINT(*-member-init) 274| 1.74k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 1.74k| return Self(r); 276| 1.74k| } pcurves_secp256k1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 6.17k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256k1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 20.7k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 20.7k| std::array z; // NOLINT(*-member-init) 348| 20.7k| comba_mul(z.data(), a.data(), b.data()); 349| 20.7k| return Self(Rep::redc(z)); 350| 20.7k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 833| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp256k1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 6.90k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 6.90k| std::array r; // NOLINT(*-member-init) 283| 6.90k| W carry = 0; 284| 34.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 27.6k, False: 6.90k] ------------------ 285| 27.6k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 27.6k| } 287| | 288| 6.90k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 6.90k| carry = 0; 291| | 292| 34.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 27.6k, False: 6.90k] ------------------ 293| 27.6k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 27.6k| } 295| | 296| 6.90k| return Self(r); 297| 6.90k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 6.66k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 6.66k| std::array t = value(); 327| 6.66k| const W carry = shift_left<1>(t); 328| | 329| 6.66k| std::array r; // NOLINT(*-member-init) 330| 6.66k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 6.66k| return Self(r); 332| 6.66k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 6.66k| constexpr const std::array& value() const { return m_val; } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 833| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp256k1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 12.8k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp256k1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp256k1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp256k1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 3.03k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.47k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.47k| const W mask = cond.into_bitmask(); 397| | 398| 7.35k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.88k, False: 1.47k] ------------------ 399| 5.88k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.88k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.88k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.88k| } 403| 1.47k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 176| for(;;) { 618| | // Conditional ok: this function is variable time 619| 176| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 175] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 175| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 175| std::array r; // NOLINT(*-member-init) 640| 175| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 175| if(carry == 0) { ------------------ | Branch (643:16): [True: 105, False: 70] ------------------ 644| | // b > a 645| 105| b.m_val = r; 646| 105| x = nx; 647| 105| Self::_invert_vartime_div2_helper(b, x); 648| 105| } else { 649| | // We know this can't underflow because a > b 650| 70| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 70| a.m_val = r; 652| 70| y = nx; 653| 70| Self::_invert_vartime_div2_helper(a, y); 654| 70| } 655| 175| } 656| 1| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 177| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 177| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 541| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 364, False: 177] ------------------ 552| 364| shift_right<1>(a.m_val); 553| | 554| 364| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 364| if(borrow) { ------------------ | Branch (557:16): [True: 186, False: 178] ------------------ 558| 186| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 186| } 560| 364| } 561| 177| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp256k1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.56k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 397| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256k1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS4_12Secp256k1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 794| constexpr static std::array from_rep(const std::array& z) { 138| 794| std::array ze = {}; 139| 794| copy_mem(std::span{ze}.template first(), z); 140| 794| return Self::redc(ze); 141| 794| } pcurves_secp256k1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS4_12Secp256k1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 179k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 179k| } else { 108| 179k| return monty_redc(z, P, P_dash); 109| 179k| } 110| 179k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 397| constexpr void serialize_to(std::span bytes) const { 740| 397| auto v = Rep::from_rep(m_val); 741| 397| std::reverse(v.begin(), v.end()); 742| | 743| 397| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 397| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 397| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 14.0k| static Self from_stash(const std::array& stash) { 775| 14.0k| static_assert(L >= N); 776| 14.0k| std::array val = {}; 777| 70.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 56.1k, False: 14.0k] ------------------ 778| 56.1k| val[i] = stash[i]; 779| 56.1k| } 780| 14.0k| return Self(val); 781| 14.0k| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 90.2k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.49k| std::array stash_value() const { 760| 5.49k| static_assert(L >= N); 761| 5.49k| std::array stash = {}; 762| 27.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 21.9k, False: 5.49k] ------------------ 763| 21.9k| stash[i] = m_val[i]; 764| 21.9k| } 765| 5.49k| return stash; 766| 5.49k| } pcurves_secp256k1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS4_12Secp256k1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 412| constexpr static std::array wide_to_rep(const std::array& x) { 128| 412| auto redc_x = Self::redc(x); 129| 412| std::array z; // NOLINT(*-member-init) 130| 412| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 412| return Self::redc(z); 132| 412| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 2.03k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 397| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 397| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 397] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 397| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 397| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 397] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 397| return Self::from_words(words); 807| 397| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 397| static constexpr Self from_words(std::array w) { 212| 397| if constexpr(L == N) { 213| 397| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 397| } pcurves_secp256k1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS4_12Secp256k1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 794| constexpr static std::array to_rep(const std::array& x) { 116| 794| std::array z; // NOLINT(*-member-init) 117| 794| comba_mul(z.data(), x.data(), R2.data()); 118| 794| return Self::redc(z); 119| 794| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 412| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 412| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 412] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 412| std::array padded_bytes = {}; 836| 412| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 412| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 412| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE3oneEv: 200| 206| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256k1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS4_12Secp256k1RepEE12ScalarParamsEE3oneEv: 99| 206| constexpr static std::array one() { return R1; } pcurves_secp256k1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEESD_: 265| 63.9k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 63.9k| std::array t; // NOLINT(*-member-init) 267| | 268| 63.9k| W carry = 0; 269| 319k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 255k, False: 63.9k] ------------------ 270| 255k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 255k| } 272| | 273| 63.9k| std::array r; // NOLINT(*-member-init) 274| 63.9k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 63.9k| return Self(r); 276| 63.9k| } pcurves_secp256k1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEESD_: 281| 206| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 206| std::array r; // NOLINT(*-member-init) 283| 206| W carry = 0; 284| 1.03k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 824, False: 206] ------------------ 285| 824| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 824| } 287| | 288| 206| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 206| carry = 0; 291| | 292| 1.03k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 824, False: 206] ------------------ 293| 824| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 824| } 295| | 296| 206| return Self(r); 297| 206| } pcurves_secp256k1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEESD_: 346| 6.03k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 6.03k| std::array z; // NOLINT(*-member-init) 348| 6.03k| comba_mul(z.data(), a.data(), b.data()); 349| 6.03k| return Self(Rep::redc(z)); 350| 6.03k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE4dataEv: 896| 418k| constexpr const W* data() const { return m_val.data(); } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE6squareEv: 426| 3.20k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 3.20k| std::array z; // NOLINT(*-member-init) 428| 3.20k| comba_sqr(z.data(), this->data()); 429| 3.20k| return Self(Rep::redc(z)); 430| 3.20k| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE8square_nEm: 439| 19.7k| constexpr void square_n(size_t n) { 440| 19.7k| std::array z; // NOLINT(*-member-init) 441| 168k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 148k, False: 19.7k] ------------------ 442| 148k| comba_sqr(z.data(), this->data()); 443| 148k| m_val = Rep::redc(z); 444| 148k| } 445| 19.7k| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEmLERKSB_: 355| 19.7k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 19.7k| std::array z; // NOLINT(*-member-init) 357| 19.7k| comba_mul(z.data(), data(), other.data()); 358| 19.7k| m_val = Rep::redc(z); 359| 19.7k| return (*this); 360| 19.7k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 397| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 397| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 397] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 397| auto x = Self(std::array{1}); // 1 in standard domain 605| 397| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 397| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 397| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 397| auto y = x; 613| | 614| | // First half of second loop iteration 615| 397| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 63.3k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 63.3k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 397, False: 62.9k] ------------------ 620| | // At this point it should be that a == b == 1 621| 397| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 397| r.m_val = Rep::to_rep(r.m_val); 625| 397| return r; 626| 397| } 627| | 628| 62.9k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 62.9k| std::array r; // NOLINT(*-member-init) 640| 62.9k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 62.9k| if(carry == 0) { ------------------ | Branch (643:16): [True: 21.3k, False: 41.6k] ------------------ 644| | // b > a 645| 21.3k| b.m_val = r; 646| 21.3k| x = nx; 647| 21.3k| Self::_invert_vartime_div2_helper(b, x); 648| 41.6k| } else { 649| | // We know this can't underflow because a > b 650| 41.6k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 41.6k| a.m_val = r; 652| 41.6k| y = nx; 653| 41.6k| Self::_invert_vartime_div2_helper(a, y); 654| 41.6k| } 655| 62.9k| } 656| 397| } pcurves_secp256k1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 63.7k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 63.7k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 211k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 148k, False: 63.7k] ------------------ 552| 148k| shift_right<1>(a.m_val); 553| | 554| 148k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 148k| if(borrow) { ------------------ | Branch (557:16): [True: 73.8k, False: 74.1k] ------------------ 558| 73.8k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 73.8k| } 560| 148k| } 561| 63.7k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEE6negateEv: 452| 1.00k| constexpr Self negate() const { 453| 1.00k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.00k| std::array r; // NOLINT(*-member-init) 456| 1.00k| W carry = 0; 457| 5.00k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.00k, False: 1.00k] ------------------ 458| 4.00k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.00k| } 460| | 461| 1.00k| return Self(r); 462| 1.00k| } pcurves_secp256k1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256k16ParamsENS5_12Secp256k1RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.42k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.42k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.42k| } pcurves_secp256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 46.3k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 4.51k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.56k| m_x(x), m_y(y), m_z(z) {} pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 833| constexpr Self dbl() const { 1122| 833| if constexpr(Self::A_is_minus_3) { 1123| 833| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 833| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 13.7k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 7.84k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.84k| std::array z; // NOLINT(*-member-init) 428| 7.84k| comba_sqr(z.data(), this->data()); 429| 7.84k| return Self(Rep::redc(z)); 430| 7.84k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 51.4k| constexpr const W* data() const { return m_val.data(); } pcurves_secp256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 346| 21.5k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 21.5k| std::array z; // NOLINT(*-member-init) 348| 21.5k| comba_mul(z.data(), a.data(), b.data()); 349| 21.5k| return Self(Rep::redc(z)); 350| 21.5k| } pcurves_secp256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 281| 7.74k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 7.74k| std::array r; // NOLINT(*-member-init) 283| 7.74k| W carry = 0; 284| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 30.9k, False: 7.74k] ------------------ 285| 30.9k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 30.9k| } 287| | 288| 7.74k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 7.74k| carry = 0; 291| | 292| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 30.9k, False: 7.74k] ------------------ 293| 30.9k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 30.9k| } 295| | 296| 7.74k| return Self(r); 297| 7.74k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 7.00k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 833| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 265| 2.57k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 2.57k| std::array t; // NOLINT(*-member-init) 267| | 268| 2.57k| W carry = 0; 269| 12.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 10.3k, False: 2.57k] ------------------ 270| 10.3k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 10.3k| } 272| | 273| 2.57k| std::array r; // NOLINT(*-member-init) 274| 2.57k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 2.57k| return Self(r); 276| 2.57k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 6.17k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 833| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 6.66k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 6.66k| std::array t = value(); 327| 6.66k| const W carry = shift_left<1>(t); 328| | 329| 6.66k| std::array r; // NOLINT(*-member-init) 330| 6.66k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 6.66k| return Self(r); 332| 6.66k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 6.66k| constexpr const std::array& value() const { return m_val; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 833| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 3.03k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.47k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.47k| const W mask = cond.into_bitmask(); 397| | 398| 7.35k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.88k, False: 1.47k] ------------------ 399| 5.88k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.88k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.88k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.88k| } 403| 1.47k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 176| for(;;) { 618| | // Conditional ok: this function is variable time 619| 176| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 175] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 175| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 175| std::array r; // NOLINT(*-member-init) 640| 175| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 175| if(carry == 0) { ------------------ | Branch (643:16): [True: 85, False: 90] ------------------ 644| | // b > a 645| 85| b.m_val = r; 646| 85| x = nx; 647| 85| Self::_invert_vartime_div2_helper(b, x); 648| 90| } else { 649| | // We know this can't underflow because a > b 650| 90| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 90| a.m_val = r; 652| 90| y = nx; 653| 90| Self::_invert_vartime_div2_helper(a, y); 654| 90| } 655| 175| } 656| 1| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 177| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 177| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 545| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 368, False: 177] ------------------ 552| 368| shift_right<1>(a.m_val); 553| | 554| 368| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 368| if(borrow) { ------------------ | Branch (557:16): [True: 129, False: 239] ------------------ 558| 129| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 129| } 560| 368| } 561| 177| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.56k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 419| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 838| constexpr static std::array from_rep(const std::array& z) { 138| 838| std::array ze = {}; 139| 838| copy_mem(std::span{ze}.template first(), z); 140| 838| return Self::redc(ze); 141| 838| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 190k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 190k| } else { 108| 190k| return monty_redc(z, P, P_dash); 109| 190k| } 110| 190k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 419| constexpr void serialize_to(std::span bytes) const { 740| 419| auto v = Rep::from_rep(m_val); 741| 419| std::reverse(v.begin(), v.end()); 742| | 743| 419| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 419| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 419| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 14.8k| static Self from_stash(const std::array& stash) { 775| 14.8k| static_assert(L >= N); 776| 14.8k| std::array val = {}; 777| 74.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 59.3k, False: 14.8k] ------------------ 778| 59.3k| val[i] = stash[i]; 779| 59.3k| } 780| 14.8k| return Self(val); 781| 14.8k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 97.7k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.81k| std::array stash_value() const { 760| 5.81k| static_assert(L >= N); 761| 5.81k| std::array stash = {}; 762| 29.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 23.2k, False: 5.81k] ------------------ 763| 23.2k| stash[i] = m_val[i]; 764| 23.2k| } 765| 5.81k| return stash; 766| 5.81k| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 436| constexpr static std::array wide_to_rep(const std::array& x) { 128| 436| auto redc_x = Self::redc(x); 129| 436| std::array z; // NOLINT(*-member-init) 130| 436| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 436| return Self::redc(z); 132| 436| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 2.14k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 419| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 419| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 419] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 419| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 419| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 419] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 419| return Self::from_words(words); 807| 419| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 419| static constexpr Self from_words(std::array w) { 212| 419| if constexpr(L == N) { 213| 419| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 419| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 838| constexpr static std::array to_rep(const std::array& x) { 116| 838| std::array z; // NOLINT(*-member-init) 117| 838| comba_mul(z.data(), x.data(), R2.data()); 118| 838| return Self::redc(z); 119| 838| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 436| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 436| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 436] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 436| std::array padded_bytes = {}; 836| 436| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 436| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 436| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE3oneEv: 200| 218| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE3oneEv: 99| 218| constexpr static std::array one() { return R1; } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEESD_: 265| 66.2k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 66.2k| std::array t; // NOLINT(*-member-init) 267| | 268| 66.2k| W carry = 0; 269| 331k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 264k, False: 66.2k] ------------------ 270| 264k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 264k| } 272| | 273| 66.2k| std::array r; // NOLINT(*-member-init) 274| 66.2k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 66.2k| return Self(r); 276| 66.2k| } pcurves_secp256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEESD_: 281| 218| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 218| std::array r; // NOLINT(*-member-init) 283| 218| W carry = 0; 284| 1.09k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 872, False: 218] ------------------ 285| 872| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 872| } 287| | 288| 218| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 218| carry = 0; 291| | 292| 1.09k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 872, False: 218] ------------------ 293| 872| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 872| } 295| | 296| 218| return Self(r); 297| 218| } pcurves_secp256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEESD_: 346| 11.4k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 11.4k| std::array z; // NOLINT(*-member-init) 348| 11.4k| comba_mul(z.data(), a.data(), b.data()); 349| 11.4k| return Self(Rep::redc(z)); 350| 11.4k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE4dataEv: 896| 443k| constexpr const W* data() const { return m_val.data(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE6squareEv: 426| 2.11k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 2.11k| std::array z; // NOLINT(*-member-init) 428| 2.11k| comba_sqr(z.data(), this->data()); 429| 2.11k| return Self(Rep::redc(z)); 430| 2.11k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEmLERKSB_: 355| 17.6k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 17.6k| std::array z; // NOLINT(*-member-init) 357| 17.6k| comba_mul(z.data(), data(), other.data()); 358| 17.6k| m_val = Rep::redc(z); 359| 17.6k| return (*this); 360| 17.6k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE8square_nEm: 439| 13.2k| constexpr void square_n(size_t n) { 440| 13.2k| std::array z; // NOLINT(*-member-init) 441| 169k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 156k, False: 13.2k] ------------------ 442| 156k| comba_sqr(z.data(), this->data()); 443| 156k| m_val = Rep::redc(z); 444| 156k| } 445| 13.2k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 419| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 419| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 419] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 419| auto x = Self(std::array{1}); // 1 in standard domain 605| 419| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 419| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 419| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 419| auto y = x; 613| | 614| | // First half of second loop iteration 615| 419| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 65.5k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 65.5k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 419, False: 65.1k] ------------------ 620| | // At this point it should be that a == b == 1 621| 419| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 419| r.m_val = Rep::to_rep(r.m_val); 625| 419| return r; 626| 419| } 627| | 628| 65.1k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 65.1k| std::array r; // NOLINT(*-member-init) 640| 65.1k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 65.1k| if(carry == 0) { ------------------ | Branch (643:16): [True: 20.2k, False: 44.9k] ------------------ 644| | // b > a 645| 20.2k| b.m_val = r; 646| 20.2k| x = nx; 647| 20.2k| Self::_invert_vartime_div2_helper(b, x); 648| 44.9k| } else { 649| | // We know this can't underflow because a > b 650| 44.9k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 44.9k| a.m_val = r; 652| 44.9k| y = nx; 653| 44.9k| Self::_invert_vartime_div2_helper(a, y); 654| 44.9k| } 655| 65.1k| } 656| 419| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 65.9k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 65.9k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 222k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 156k, False: 65.9k] ------------------ 552| 156k| shift_right<1>(a.m_val); 553| | 554| 156k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 156k| if(borrow) { ------------------ | Branch (557:16): [True: 77.7k, False: 78.9k] ------------------ 558| 77.7k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 77.7k| } 560| 156k| } 561| 65.9k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE6negateEv: 452| 1.05k| constexpr Self negate() const { 453| 1.05k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.05k| std::array r; // NOLINT(*-member-init) 456| 1.05k| W carry = 0; 457| 5.28k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.22k, False: 1.05k] ------------------ 458| 4.22k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.22k| } 460| | 461| 1.05k| return Self(r); 462| 1.05k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.55k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.55k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.55k| } pcurves_secp384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 69.0k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 7| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 6, False: 1] ------------------ 414| 6| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 6| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 6| x.m_val[i] = nx; 417| 6| y.m_val[i] = ny; 418| 6| } 419| 1| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 6.71k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 2.33k| m_x(x), m_y(y), m_z(z) {} pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 1.24k| constexpr Self dbl() const { 1122| 1.24k| if constexpr(Self::A_is_minus_3) { 1123| 1.24k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 1.24k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 20.4k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 11.6k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 11.6k| std::array z; // NOLINT(*-member-init) 428| 11.6k| comba_sqr(z.data(), this->data()); 429| 11.6k| return Self(Rep::redc(z)); 430| 11.6k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 76.6k| constexpr const W* data() const { return m_val.data(); } pcurves_secp384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 346| 32.1k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 32.1k| std::array z; // NOLINT(*-member-init) 348| 32.1k| comba_mul(z.data(), a.data(), b.data()); 349| 32.1k| return Self(Rep::redc(z)); 350| 32.1k| } pcurves_secp384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 281| 11.5k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 11.5k| std::array r; // NOLINT(*-member-init) 283| 11.5k| W carry = 0; 284| 80.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 69.2k, False: 11.5k] ------------------ 285| 69.2k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 69.2k| } 287| | 288| 11.5k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 11.5k| carry = 0; 291| | 292| 80.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 69.2k, False: 11.5k] ------------------ 293| 69.2k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 69.2k| } 295| | 296| 11.5k| return Self(r); 297| 11.5k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 10.4k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 1.24k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 265| 3.82k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 3.82k| std::array t; // NOLINT(*-member-init) 267| | 268| 3.82k| W carry = 0; 269| 26.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 22.9k, False: 3.82k] ------------------ 270| 22.9k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 22.9k| } 272| | 273| 3.82k| std::array r; // NOLINT(*-member-init) 274| 3.82k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 3.82k| return Self(r); 276| 3.82k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 9.19k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 1.24k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 9.92k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 9.92k| std::array t = value(); 327| 9.92k| const W carry = shift_left<1>(t); 328| | 329| 9.92k| std::array r; // NOLINT(*-member-init) 330| 9.92k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 9.92k| return Self(r); 332| 9.92k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 9.92k| constexpr const std::array& value() const { return m_val; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 1.24k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 4.52k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 2.19k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 2.19k| const W mask = cond.into_bitmask(); 397| | 398| 15.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 13.1k, False: 2.19k] ------------------ 399| 13.1k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 13.1k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 13.1k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 13.1k| } 403| 2.19k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 252| for(;;) { 618| | // Conditional ok: this function is variable time 619| 252| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 251] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 251| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 251| std::array r; // NOLINT(*-member-init) 640| 251| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 251| if(carry == 0) { ------------------ | Branch (643:16): [True: 118, False: 133] ------------------ 644| | // b > a 645| 118| b.m_val = r; 646| 118| x = nx; 647| 118| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 251| } 656| 1| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 253| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 253| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 809| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 556, False: 253] ------------------ 552| 556| shift_right<1>(a.m_val); 553| | 554| 556| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 556| if(borrow) { ------------------ | Branch (557:16): [True: 248, False: 308] ------------------ 558| 248| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 248| } 560| 556| } 561| 253| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 14| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 12, False: 2] ------------------ 458| 12| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 12| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 2.33k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 387| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 774| constexpr static std::array from_rep(const std::array& z) { 138| 774| std::array ze = {}; 139| 774| copy_mem(std::span{ze}.template first(), z); 140| 774| return Self::redc(ze); 141| 774| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 257k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 257k| } else { 108| 257k| return monty_redc(z, P, P_dash); 109| 257k| } 110| 257k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 387| constexpr void serialize_to(std::span bytes) const { 740| 387| auto v = Rep::from_rep(m_val); 741| 387| std::reverse(v.begin(), v.end()); 742| | 743| 387| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 387| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 387| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 13.7k| static Self from_stash(const std::array& stash) { 775| 13.7k| static_assert(L >= N); 776| 13.7k| std::array val = {}; 777| 96.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 82.6k, False: 13.7k] ------------------ 778| 82.6k| val[i] = stash[i]; 779| 82.6k| } 780| 13.7k| return Self(val); 781| 13.7k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 122k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.39k| std::array stash_value() const { 760| 5.39k| static_assert(L >= N); 761| 5.39k| std::array stash = {}; 762| 37.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 32.3k, False: 5.39k] ------------------ 763| 32.3k| stash[i] = m_val[i]; 764| 32.3k| } 765| 5.39k| return stash; 766| 5.39k| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm12EEE: 127| 406| constexpr static std::array wide_to_rep(const std::array& x) { 128| 406| auto redc_x = Self::redc(x); 129| 406| std::array z; // NOLINT(*-member-init) 130| 406| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 406| return Self::redc(z); 132| 406| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 1.99k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 387| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 387| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 387] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 387| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 387| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 387] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 387| return Self::from_words(words); 807| 387| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_wordsILm6EEESB_NSt3__15arrayImXT_EEE: 211| 387| static constexpr Self from_words(std::array w) { 212| 387| if constexpr(L == N) { 213| 387| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 387| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 774| constexpr static std::array to_rep(const std::array& x) { 116| 774| std::array z; // NOLINT(*-member-init) 117| 774| comba_mul(z.data(), x.data(), R2.data()); 118| 774| return Self::redc(z); 119| 774| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 406| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 406| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 406] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 406| std::array padded_bytes = {}; 836| 406| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 406| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 406| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE3oneEv: 200| 203| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE3oneEv: 99| 203| constexpr static std::array one() { return R1; } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEESD_: 265| 96.7k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 96.7k| std::array t; // NOLINT(*-member-init) 267| | 268| 96.7k| W carry = 0; 269| 677k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 580k, False: 96.7k] ------------------ 270| 580k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 580k| } 272| | 273| 96.7k| std::array r; // NOLINT(*-member-init) 274| 96.7k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 96.7k| return Self(r); 276| 96.7k| } pcurves_secp384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEESD_: 281| 203| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 203| std::array r; // NOLINT(*-member-init) 283| 203| W carry = 0; 284| 1.42k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 1.21k, False: 203] ------------------ 285| 1.21k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 1.21k| } 287| | 288| 203| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 203| carry = 0; 291| | 292| 1.42k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 1.21k, False: 203] ------------------ 293| 1.21k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 1.21k| } 295| | 296| 203| return Self(r); 297| 203| } pcurves_secp384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEESD_: 346| 5.31k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 5.31k| std::array z; // NOLINT(*-member-init) 348| 5.31k| comba_mul(z.data(), a.data(), b.data()); 349| 5.31k| return Self(Rep::redc(z)); 350| 5.31k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE4dataEv: 896| 603k| constexpr const W* data() const { return m_val.data(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE6squareEv: 426| 3.70k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 3.70k| std::array z; // NOLINT(*-member-init) 428| 3.70k| comba_sqr(z.data(), this->data()); 429| 3.70k| return Self(Rep::redc(z)); 430| 3.70k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEmLERKSB_: 355| 27.4k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 27.4k| std::array z; // NOLINT(*-member-init) 357| 27.4k| comba_mul(z.data(), data(), other.data()); 358| 27.4k| m_val = Rep::redc(z); 359| 27.4k| return (*this); 360| 27.4k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE8square_nEm: 439| 25.1k| constexpr void square_n(size_t n) { 440| 25.1k| std::array z; // NOLINT(*-member-init) 441| 244k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 219k, False: 25.1k] ------------------ 442| 219k| comba_sqr(z.data(), this->data()); 443| 219k| m_val = Rep::redc(z); 444| 219k| } 445| 25.1k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 387| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 387| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 387] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 387| auto x = Self(std::array{1}); // 1 in standard domain 605| 387| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 387| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 387| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 387| auto y = x; 613| | 614| | // First half of second loop iteration 615| 387| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 96.1k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 96.1k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 387, False: 95.7k] ------------------ 620| | // At this point it should be that a == b == 1 621| 387| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 387| r.m_val = Rep::to_rep(r.m_val); 625| 387| return r; 626| 387| } 627| | 628| 95.7k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 95.7k| std::array r; // NOLINT(*-member-init) 640| 95.7k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 95.7k| if(carry == 0) { ------------------ | Branch (643:16): [True: 36.9k, False: 58.8k] ------------------ 644| | // b > a 645| 36.9k| b.m_val = r; 646| 36.9k| x = nx; 647| 36.9k| Self::_invert_vartime_div2_helper(b, x); 648| 58.8k| } else { 649| | // We know this can't underflow because a > b 650| 58.8k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 58.8k| a.m_val = r; 652| 58.8k| y = nx; 653| 58.8k| Self::_invert_vartime_div2_helper(a, y); 654| 58.8k| } 655| 95.7k| } 656| 387| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 96.4k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 96.4k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 304k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 207k, False: 96.4k] ------------------ 552| 207k| shift_right<1>(a.m_val); 553| | 554| 207k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 207k| if(borrow) { ------------------ | Branch (557:16): [True: 104k, False: 103k] ------------------ 558| 104k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 104k| } 560| 207k| } 561| 96.4k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE6negateEv: 452| 977| constexpr Self negate() const { 453| 977| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 977| std::array r; // NOLINT(*-member-init) 456| 977| W carry = 0; 457| 6.83k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 5.86k, False: 977] ------------------ 458| 5.86k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 5.86k| } 460| | 461| 977| return Self(r); 462| 977| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.37k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.37k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.37k| } pcurves_secp521r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 91.8k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 9, False: 1] ------------------ 414| 9| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 9| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 9| x.m_val[i] = nx; 417| 9| y.m_val[i] = ny; 418| 9| } 419| 1| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 8.92k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 3.10k| m_x(x), m_y(y), m_z(z) {} pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 1.64k| constexpr Self dbl() const { 1122| 1.64k| if constexpr(Self::A_is_minus_3) { 1123| 1.64k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 1.64k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 27.1k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 15.5k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 15.5k| std::array z; // NOLINT(*-member-init) 428| 15.5k| comba_sqr(z.data(), this->data()); 429| 15.5k| return Self(Rep::redc(z)); 430| 15.5k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 101k| constexpr const W* data() const { return m_val.data(); } pcurves_secp521r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 42.6k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 42.6k| std::array z; // NOLINT(*-member-init) 348| 42.6k| comba_mul(z.data(), a.data(), b.data()); 349| 42.6k| return Self(Rep::redc(z)); 350| 42.6k| } pcurves_secp521r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 15.3k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 15.3k| std::array r; // NOLINT(*-member-init) 283| 15.3k| W carry = 0; 284| 153k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 137k, False: 15.3k] ------------------ 285| 137k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 137k| } 287| | 288| 15.3k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 15.3k| carry = 0; 291| | 292| 153k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 137k, False: 15.3k] ------------------ 293| 137k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 137k| } 295| | 296| 15.3k| return Self(r); 297| 15.3k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 13.8k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 1.64k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 5.10k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 5.10k| std::array t; // NOLINT(*-member-init) 267| | 268| 5.10k| W carry = 0; 269| 51.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 45.9k, False: 5.10k] ------------------ 270| 45.9k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 45.9k| } 272| | 273| 5.10k| std::array r; // NOLINT(*-member-init) 274| 5.10k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 5.10k| return Self(r); 276| 5.10k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 12.2k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 1.64k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 13.1k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 13.1k| std::array t = value(); 327| 13.1k| const W carry = shift_left<1>(t); 328| | 329| 13.1k| std::array r; // NOLINT(*-member-init) 330| 13.1k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 13.1k| return Self(r); 332| 13.1k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 13.1k| constexpr const std::array& value() const { return m_val; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 1.64k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 6.01k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 2.91k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 2.91k| const W mask = cond.into_bitmask(); 397| | 398| 29.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 26.1k, False: 2.91k] ------------------ 399| 26.1k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 26.1k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 26.1k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 26.1k| } 403| 2.91k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 350| for(;;) { 618| | // Conditional ok: this function is variable time 619| 350| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 349] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 349| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 349| std::array r; // NOLINT(*-member-init) 640| 349| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 349| if(carry == 0) { ------------------ | Branch (643:16): [True: 170, False: 179] ------------------ 644| | // b > a 645| 170| b.m_val = r; 646| 170| x = nx; 647| 170| Self::_invert_vartime_div2_helper(b, x); 648| 179| } else { 649| | // We know this can't underflow because a > b 650| 179| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 179| a.m_val = r; 652| 179| y = nx; 653| 179| Self::_invert_vartime_div2_helper(a, y); 654| 179| } 655| 349| } 656| 1| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 351| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 351| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.09k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 742, False: 351] ------------------ 552| 742| shift_right<1>(a.m_val); 553| | 554| 742| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 742| if(borrow) { ------------------ | Branch (557:16): [True: 109, False: 633] ------------------ 558| 109| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 109| } 560| 742| } 561| 351| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 20| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 18, False: 2] ------------------ 458| 18| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 18| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 3.10k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE8to_wordsEv: 734| 366| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm9EEE: 137| 732| constexpr static std::array from_rep(const std::array& z) { 138| 732| std::array ze = {}; 139| 732| copy_mem(std::span{ze}.template first(), z); 140| 732| return Self::redc(ze); 141| 732| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm18EEE: 104| 325k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 325k| } else { 108| 325k| return monty_redc(z, P, P_dash); 109| 325k| } 110| 325k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm66EEE: 739| 366| constexpr void serialize_to(std::span bytes) const { 740| 366| auto v = Rep::from_rep(m_val); 741| 366| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 366| } else { 746| | // Remove leading zero bytes 747| 366| const auto padded_bytes = store_be(v); 748| 366| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 366| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 366| } 751| 366| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 12.9k| static Self from_stash(const std::array& stash) { 775| 12.9k| static_assert(L >= N); 776| 12.9k| std::array val = {}; 777| 129k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 116k, False: 12.9k] ------------------ 778| 116k| val[i] = stash[i]; 779| 116k| } 780| 12.9k| return Self(val); 781| 12.9k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 155k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.08k| std::array stash_value() const { 760| 5.08k| static_assert(L >= N); 761| 5.08k| std::array stash = {}; 762| 50.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 45.7k, False: 5.08k] ------------------ 763| 45.7k| stash[i] = m_val[i]; 764| 45.7k| } 765| 5.08k| return stash; 766| 5.08k| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm18EEE: 127| 382| constexpr static std::array wide_to_rep(const std::array& x) { 128| 382| auto redc_x = Self::redc(x); 129| 382| std::array z; // NOLINT(*-member-init) 130| 382| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 382| return Self::redc(z); 132| 382| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE7is_zeroEv: 225| 1.87k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 366| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 366| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 366] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 366| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 366| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 366] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 366| return Self::from_words(words); 807| 366| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_wordsILm9EEESB_NSt3__15arrayImXT_EEE: 211| 366| static constexpr Self from_words(std::array w) { 212| 366| if constexpr(L == N) { 213| 366| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 366| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm9EEE: 115| 732| constexpr static std::array to_rep(const std::array& x) { 116| 732| std::array z; // NOLINT(*-member-init) 117| 732| comba_mul(z.data(), x.data(), R2.data()); 118| 732| return Self::redc(z); 119| 732| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 382| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 382| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 382] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 382| std::array padded_bytes = {}; 836| 382| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 382| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 382| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE3oneEv: 200| 191| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE3oneEv: 99| 191| constexpr static std::array one() { return R1; } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEESD_: 265| 125k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 125k| std::array t; // NOLINT(*-member-init) 267| | 268| 125k| W carry = 0; 269| 1.25M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.12M, False: 125k] ------------------ 270| 1.12M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.12M| } 272| | 273| 125k| std::array r; // NOLINT(*-member-init) 274| 125k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 125k| return Self(r); 276| 125k| } pcurves_secp521r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEESD_: 281| 191| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 191| std::array r; // NOLINT(*-member-init) 283| 191| W carry = 0; 284| 1.91k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 1.71k, False: 191] ------------------ 285| 1.71k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 1.71k| } 287| | 288| 191| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 191| carry = 0; 291| | 292| 1.91k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 1.71k, False: 191] ------------------ 293| 1.71k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 1.71k| } 295| | 296| 191| return Self(r); 297| 191| } pcurves_secp521r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEESD_: 346| 12.7k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 12.7k| std::array z; // NOLINT(*-member-init) 348| 12.7k| comba_mul(z.data(), a.data(), b.data()); 349| 12.7k| return Self(Rep::redc(z)); 350| 12.7k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE4dataEv: 896| 769k| constexpr const W* data() const { return m_val.data(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE6squareEv: 426| 1.29k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 1.29k| std::array z; // NOLINT(*-member-init) 428| 1.29k| comba_sqr(z.data(), this->data()); 429| 1.29k| return Self(Rep::redc(z)); 430| 1.29k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEmLERKSB_: 355| 25.9k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 25.9k| std::array z; // NOLINT(*-member-init) 357| 25.9k| comba_mul(z.data(), data(), other.data()); 358| 25.9k| m_val = Rep::redc(z); 359| 25.9k| return (*this); 360| 25.9k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE8square_nEm: 439| 24.2k| constexpr void square_n(size_t n) { 440| 24.2k| std::array z; // NOLINT(*-member-init) 441| 308k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 283k, False: 24.2k] ------------------ 442| 283k| comba_sqr(z.data(), this->data()); 443| 283k| m_val = Rep::redc(z); 444| 283k| } 445| 24.2k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 366| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 366| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 366] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 366| auto x = Self(std::array{1}); // 1 in standard domain 605| 366| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 366| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 366| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 366| auto y = x; 613| | 614| | // First half of second loop iteration 615| 366| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 124k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 124k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 366, False: 124k] ------------------ 620| | // At this point it should be that a == b == 1 621| 366| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 366| r.m_val = Rep::to_rep(r.m_val); 625| 366| return r; 626| 366| } 627| | 628| 124k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 124k| std::array r; // NOLINT(*-member-init) 640| 124k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 124k| if(carry == 0) { ------------------ | Branch (643:16): [True: 48.2k, False: 76.2k] ------------------ 644| | // b > a 645| 48.2k| b.m_val = r; 646| 48.2k| x = nx; 647| 48.2k| Self::_invert_vartime_div2_helper(b, x); 648| 76.2k| } else { 649| | // We know this can't underflow because a > b 650| 76.2k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 76.2k| a.m_val = r; 652| 76.2k| y = nx; 653| 76.2k| Self::_invert_vartime_div2_helper(a, y); 654| 76.2k| } 655| 124k| } 656| 366| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 125k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 125k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 389k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 264k, False: 125k] ------------------ 552| 264k| shift_right<1>(a.m_val); 553| | 554| 264k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 264k| if(borrow) { ------------------ | Branch (557:16): [True: 133k, False: 130k] ------------------ 558| 133k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 133k| } 560| 264k| } 561| 125k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE6negateEv: 452| 923| constexpr Self negate() const { 453| 923| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 923| std::array r; // NOLINT(*-member-init) 456| 923| W carry = 0; 457| 9.23k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8.30k, False: 923] ------------------ 458| 8.30k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8.30k| } 460| | 461| 923| return Self(r); 462| 923| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.23k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.23k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.23k| } pcurves_sm2p256v1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19sm2p256v15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_12Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_sm2p256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1| auto x = pt.x(); 1027| 1| auto y = pt.y(); 1028| 1| auto z = FieldElement::one(); 1029| | 1030| 1| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1| return ProjectiveCurvePoint(x, y, z); 1033| 1| } pcurves_sm2p256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2| constexpr const FieldElement& x() const { return m_x; } pcurves_sm2p256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 2| constexpr const FieldElement& y() const { return m_y; } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 1| static constexpr Self one() { return Self(Rep::one()); } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 46.3k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1| const W mask = cond.into_bitmask(); 412| | 413| 5| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4, False: 1] ------------------ 414| 4| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4| x.m_val[i] = nx; 417| 4| y.m_val[i] = ny; 418| 4| } 419| 1| } pcurves_sm2p256v1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 1| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 4.51k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_sm2p256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 1.56k| m_x(x), m_y(y), m_z(z) {} pcurves_sm2p256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 833| constexpr Self dbl() const { 1122| 833| if constexpr(Self::A_is_minus_3) { 1123| 833| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 833| } pcurves_sm2p256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 13.7k| constexpr const FieldElement& z() const { return m_z; } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 7.84k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 7.84k| std::array z; // NOLINT(*-member-init) 428| 7.84k| comba_sqr(z.data(), this->data()); 429| 7.84k| return Self(Rep::redc(z)); 430| 7.84k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 51.5k| constexpr const W* data() const { return m_val.data(); } pcurves_sm2p256v1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 21.5k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 21.5k| std::array z; // NOLINT(*-member-init) 348| 21.5k| comba_mul(z.data(), a.data(), b.data()); 349| 21.5k| return Self(Rep::redc(z)); 350| 21.5k| } pcurves_sm2p256v1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 7.74k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 7.74k| std::array r; // NOLINT(*-member-init) 283| 7.74k| W carry = 0; 284| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 30.9k, False: 7.74k] ------------------ 285| 30.9k| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 30.9k| } 287| | 288| 7.74k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 7.74k| carry = 0; 291| | 292| 38.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 30.9k, False: 7.74k] ------------------ 293| 30.9k| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 30.9k| } 295| | 296| 7.74k| return Self(r); 297| 7.74k| } pcurves_sm2p256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 7.00k| constexpr const FieldElement& x() const { return m_x; } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 833| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_sm2p256v1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 2.58k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 2.58k| std::array t; // NOLINT(*-member-init) 267| | 268| 2.58k| W carry = 0; 269| 12.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 10.3k, False: 2.58k] ------------------ 270| 10.3k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 10.3k| } 272| | 273| 2.58k| std::array r; // NOLINT(*-member-init) 274| 2.58k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 2.58k| return Self(r); 276| 2.58k| } pcurves_sm2p256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 6.17k| constexpr const FieldElement& y() const { return m_y; } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 833| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 6.66k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 6.66k| std::array t = value(); 327| 6.66k| const W carry = shift_left<1>(t); 328| | 329| 6.66k| std::array r; // NOLINT(*-member-init) 330| 6.66k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 6.66k| return Self(r); 332| 6.66k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 6.66k| constexpr const std::array& value() const { return m_val; } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 833| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_sm2p256v1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_sm2p256v1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_sm2p256v1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 3.03k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 1.47k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 1.47k| const W mask = cond.into_bitmask(); 397| | 398| 7.35k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 5.88k, False: 1.47k] ------------------ 399| 5.88k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 5.88k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 5.88k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 5.88k| } 403| 1.47k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 184| for(;;) { 618| | // Conditional ok: this function is variable time 619| 184| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 183] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 183| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 183| std::array r; // NOLINT(*-member-init) 640| 183| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 183| if(carry == 0) { ------------------ | Branch (643:16): [True: 87, False: 96] ------------------ 644| | // b > a 645| 87| b.m_val = r; 646| 87| x = nx; 647| 87| Self::_invert_vartime_div2_helper(b, x); 648| 96| } else { 649| | // We know this can't underflow because a > b 650| 96| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 96| a.m_val = r; 652| 96| y = nx; 653| 96| Self::_invert_vartime_div2_helper(a, y); 654| 96| } 655| 183| } 656| 1| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 185| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 185| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 545| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 360, False: 185] ------------------ 552| 360| shift_right<1>(a.m_val); 553| | 554| 360| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 360| if(borrow) { ------------------ | Branch (557:16): [True: 162, False: 198] ------------------ 558| 162| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 162| } 560| 360| } 561| 185| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 2| constexpr Self negate() const { 453| 2| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 2| std::array r; // NOLINT(*-member-init) 456| 2| W carry = 0; 457| 10| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 8, False: 2] ------------------ 458| 8| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 8| } 460| | 461| 2| return Self(r); 462| 2| } pcurves_sm2p256v1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 1.56k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 400| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_sm2p256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS4_12Sm2p256v1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 800| constexpr static std::array from_rep(const std::array& z) { 138| 800| std::array ze = {}; 139| 800| copy_mem(std::span{ze}.template first(), z); 140| 800| return Self::redc(ze); 141| 800| } pcurves_sm2p256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS4_12Sm2p256v1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 201k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 201k| } else { 108| 201k| return monty_redc(z, P, P_dash); 109| 201k| } 110| 201k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 400| constexpr void serialize_to(std::span bytes) const { 740| 400| auto v = Rep::from_rep(m_val); 741| 400| std::reverse(v.begin(), v.end()); 742| | 743| 400| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 400| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 400| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 14.2k| static Self from_stash(const std::array& stash) { 775| 14.2k| static_assert(L >= N); 776| 14.2k| std::array val = {}; 777| 71.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 56.8k, False: 14.2k] ------------------ 778| 56.8k| val[i] = stash[i]; 779| 56.8k| } 780| 14.2k| return Self(val); 781| 14.2k| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 92.6k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.56k| std::array stash_value() const { 760| 5.56k| static_assert(L >= N); 761| 5.56k| std::array stash = {}; 762| 27.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 22.2k, False: 5.56k] ------------------ 763| 22.2k| stash[i] = m_val[i]; 764| 22.2k| } 765| 5.56k| return stash; 766| 5.56k| } pcurves_sm2p256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS4_12Sm2p256v1RepEE12ScalarParamsEE11wide_to_repERKNSt3__15arrayImLm8EEE: 127| 418| constexpr static std::array wide_to_rep(const std::array& x) { 128| 418| auto redc_x = Self::redc(x); 129| 418| std::array z; // NOLINT(*-member-init) 130| 418| comba_mul(z.data(), redc_x.data(), R3.data()); 131| 418| return Self::redc(z); 132| 418| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 2.05k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 400| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 400| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 400] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 400| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 400| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 400] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 400| return Self::from_words(words); 807| 400| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 400| static constexpr Self from_words(std::array w) { 212| 400| if constexpr(L == N) { 213| 400| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 400| } pcurves_sm2p256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS4_12Sm2p256v1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 800| constexpr static std::array to_rep(const std::array& x) { 116| 800| std::array z; // NOLINT(*-member-init) 117| 800| comba_mul(z.data(), x.data(), R2.data()); 118| 800| return Self::redc(z); 119| 800| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE22from_wide_bytes_varlenENSt3__14spanIKhLm18446744073709551615EEE: 829| 418| static constexpr std::optional from_wide_bytes_varlen(std::span bytes) { 830| | // Conditional ok: input length is public 831| 418| if(bytes.size() > 2 * Self::BYTES) { ------------------ | Branch (831:13): [True: 0, False: 418] ------------------ 832| 0| return {}; 833| 0| } 834| | 835| 418| std::array padded_bytes = {}; 836| 418| copy_mem(std::span{padded_bytes}.last(bytes.size()), bytes); 837| 418| return Self(Rep::wide_to_rep(bytes_to_words(std::span{padded_bytes}))); 838| 418| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE3oneEv: 200| 812| static constexpr Self one() { return Self(Rep::one()); } pcurves_sm2p256v1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS4_12Sm2p256v1RepEE12ScalarParamsEE3oneEv: 99| 812| constexpr static std::array one() { return R1; } pcurves_sm2p256v1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEESD_: 265| 64.2k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 64.2k| std::array t; // NOLINT(*-member-init) 267| | 268| 64.2k| W carry = 0; 269| 321k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 257k, False: 64.2k] ------------------ 270| 257k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 257k| } 272| | 273| 64.2k| std::array r; // NOLINT(*-member-init) 274| 64.2k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 64.2k| return Self(r); 276| 64.2k| } pcurves_sm2p256v1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEESD_: 281| 209| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 209| std::array r; // NOLINT(*-member-init) 283| 209| W carry = 0; 284| 1.04k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 836, False: 209] ------------------ 285| 836| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 836| } 287| | 288| 209| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 209| carry = 0; 291| | 292| 1.04k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 836, False: 209] ------------------ 293| 836| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 836| } 295| | 296| 209| return Self(r); 297| 209| } pcurves_sm2p256v1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEESD_: 346| 6.08k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 6.08k| std::array z; // NOLINT(*-member-init) 348| 6.08k| comba_mul(z.data(), a.data(), b.data()); 349| 6.08k| return Self(Rep::redc(z)); 350| 6.08k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE4dataEv: 896| 459k| constexpr const W* data() const { return m_val.data(); } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE6squareEv: 426| 4.43k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 4.43k| std::array z; // NOLINT(*-member-init) 428| 4.43k| comba_sqr(z.data(), this->data()); 429| 4.43k| return Self(Rep::redc(z)); 430| 4.43k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE6invertEv: 538| 603| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE11pow_vartimeERKNSt3__15arrayImLm4EEE: 477| 603| constexpr Self pow_vartime(const std::array& exp) const { 478| 603| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 603| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 603| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 603| std::array tbl; 490| | 491| 603| tbl[0] = (*this); 492| | 493| 9.04k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 8.44k, False: 603] ------------------ 494| | // Conditional ok: table indexes are public here 495| 8.44k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 4.22k, False: 4.22k] ------------------ 496| 4.22k| tbl[i] = tbl[i / 2].square(); 497| 4.22k| } else { 498| 4.22k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 4.22k| } 500| 8.44k| } 501| | 502| 603| auto r = Self::one(); 503| | 504| 603| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 603| if(w0 > 0) { ------------------ | Branch (507:13): [True: 603, False: 0] ------------------ 508| 603| r = tbl[w0 - 1]; 509| 603| } 510| | 511| 38.5k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 37.9k, False: 603] ------------------ 512| 37.9k| r.square_n(WindowBits); 513| | 514| 37.9k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 37.9k| if(w > 0) { ------------------ | Branch (517:16): [True: 36.1k, False: 1.80k] ------------------ 518| 36.1k| r *= tbl[w - 1]; 519| 36.1k| } 520| 37.9k| } 521| | 522| 603| return r; 523| 603| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEC2Ev: 180| 9.04k| constexpr IntMod() : m_val({}) {} pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE8square_nEm: 439| 37.9k| constexpr void square_n(size_t n) { 440| 37.9k| std::array z; // NOLINT(*-member-init) 441| 189k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 151k, False: 37.9k] ------------------ 442| 151k| comba_sqr(z.data(), this->data()); 443| 151k| m_val = Rep::redc(z); 444| 151k| } 445| 37.9k| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEmLERKSB_: 355| 36.1k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 36.1k| std::array z; // NOLINT(*-member-init) 357| 36.1k| comba_mul(z.data(), data(), other.data()); 358| 36.1k| m_val = Rep::redc(z); 359| 36.1k| return (*this); 360| 36.1k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE14invert_vartimeEv: 598| 400| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 400| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 400] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 400| auto x = Self(std::array{1}); // 1 in standard domain 605| 400| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 400| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 400| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 400| auto y = x; 613| | 614| | // First half of second loop iteration 615| 400| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 63.6k| for(;;) { 618| | // Conditional ok: this function is variable time 619| 63.6k| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 400, False: 63.2k] ------------------ 620| | // At this point it should be that a == b == 1 621| 400| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 400| r.m_val = Rep::to_rep(r.m_val); 625| 400| return r; 626| 400| } 627| | 628| 63.2k| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 63.2k| std::array r; // NOLINT(*-member-init) 640| 63.2k| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 63.2k| if(carry == 0) { ------------------ | Branch (643:16): [True: 20.3k, False: 42.8k] ------------------ 644| | // b > a 645| 20.3k| b.m_val = r; 646| 20.3k| x = nx; 647| 20.3k| Self::_invert_vartime_div2_helper(b, x); 648| 42.8k| } else { 649| | // We know this can't underflow because a > b 650| 42.8k| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 42.8k| a.m_val = r; 652| 42.8k| y = nx; 653| 42.8k| Self::_invert_vartime_div2_helper(a, y); 654| 42.8k| } 655| 63.2k| } 656| 400| } pcurves_sm2p256v1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE27_invert_vartime_div2_helperERSB_SC_: 547| 64.0k| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 64.0k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 212k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 148k, False: 64.0k] ------------------ 552| 148k| shift_right<1>(a.m_val); 553| | 554| 148k| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 148k| if(borrow) { ------------------ | Branch (557:16): [True: 73.8k, False: 74.3k] ------------------ 558| 73.8k| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 73.8k| } 560| 148k| } 561| 64.0k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEE6negateEv: 452| 1.00k| constexpr Self negate() const { 453| 1.00k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 1.00k| std::array r; // NOLINT(*-member-init) 456| 1.00k| W carry = 0; 457| 5.04k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 4.03k, False: 1.00k] ------------------ 458| 4.03k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 4.03k| } 460| | 461| 1.00k| return Self(r); 462| 1.00k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19sm2p256v16ParamsENS5_12Sm2p256v1RepEE12ScalarParamsEEEEeqERKSB_: 722| 2.44k| constexpr CT::Choice operator==(const Self& other) const { 723| 2.44k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 2.44k| } pcurves_brainpool256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool512r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_frp256v1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_18frp256v15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_numsp512d1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_110numsp512d15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp192r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp192r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 38| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 37, False: 1] ------------------ 270| 37| table.push_back(accum); 271| | 272| 1.18k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.14k, False: 37] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.14k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 592, False: 555] ------------------ 275| 592| table.emplace_back(table[i + j / 2].dbl()); 276| 592| } else { 277| 555| table.emplace_back(table[i + j - 1] + table[i]); 278| 555| } 279| 1.14k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 37| accum = table[i + WindowElements - 1].dbl(); 284| 37| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp224r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp224r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 44| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 43, False: 1] ------------------ 270| 43| table.push_back(accum); 271| | 272| 1.37k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.33k, False: 43] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.33k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 688, False: 645] ------------------ 275| 688| table.emplace_back(table[i + j / 2].dbl()); 276| 688| } else { 277| 645| table.emplace_back(table[i + j - 1] + table[i]); 278| 645| } 279| 1.33k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 43| accum = table[i + WindowElements - 1].dbl(); 284| 43| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp256k1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp256k15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp521r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_sm2p256v1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19sm2p256v15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} _ZN5Botan20solinas_correct_redcILm3ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 22.1k|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 22.1k| W borrow = 0; 86| 88.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 66.5k, False: 22.1k] ------------------ 87| 66.5k| r[i] = word_sub(r[i], C[i], &borrow); 88| 66.5k| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 22.1k| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 22.1k| W carry = 0; 94| | 95| 88.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 66.5k, False: 22.1k] ------------------ 96| 66.5k| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 66.5k| } 98| 22.1k|} _ZN5Botan10get_uint32ITkNS_8WordTypeEmEEjPKT_m: 33| 2.35M|constexpr uint32_t get_uint32(const W xw[], size_t i) { 34| 2.35M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 35| | 36| | if constexpr(WordInfo::bits == 32) { 37| | return xw[i]; 38| 2.35M| } else { 39| 2.35M| return static_cast(xw[i / 2] >> ((i % 2) * 32)); 40| 2.35M| } 41| 2.35M|} _ZN5Botan12SolinasAccumImLm4EEC2ERNSt3__15arrayImLm4EEE: 50| 84.5k| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm4EE5accumEl: 52| 650k| constexpr void accum(int64_t v) { 53| 650k| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 650k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 650k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 650k] | | ------------------ ------------------ 54| | 55| 650k| m_S += v; 56| 650k| const uint32_t r = static_cast(m_S); 57| 650k| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 650k| } else { 62| 650k| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 650k| } 64| | 65| 650k| m_idx += 1; 66| 650k| } _ZN5Botan12SolinasAccumImLm4EE11final_carryEl: 68| 84.5k| constexpr W final_carry(int64_t C) { 69| 84.5k| m_S += C; 70| 84.5k| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 84.5k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 84.5k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 84.5k] | | ------------------ ------------------ 71| 84.5k| return static_cast(m_S); 72| 84.5k| } _ZN5Botan20solinas_correct_redcILm4ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 84.5k|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 84.5k| W borrow = 0; 86| 422k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 338k, False: 84.5k] ------------------ 87| 338k| r[i] = word_sub(r[i], C[i], &borrow); 88| 338k| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 84.5k| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 84.5k| W carry = 0; 94| | 95| 422k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 338k, False: 84.5k] ------------------ 96| 338k| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 338k| } 98| 84.5k|} _ZN5Botan12SolinasAccumImLm6EEC2ERNSt3__15arrayImLm6EEE: 50| 43.7k| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm6EE5accumEl: 52| 525k| constexpr void accum(int64_t v) { 53| 525k| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 525k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 525k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 525k] | | ------------------ ------------------ 54| | 55| 525k| m_S += v; 56| 525k| const uint32_t r = static_cast(m_S); 57| 525k| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 525k| } else { 62| 525k| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 525k| } 64| | 65| 525k| m_idx += 1; 66| 525k| } _ZN5Botan12SolinasAccumImLm6EE11final_carryEl: 68| 43.7k| constexpr W final_carry(int64_t C) { 69| 43.7k| m_S += C; 70| 43.7k| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 43.7k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 43.7k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 43.7k] | | ------------------ ------------------ 71| 43.7k| return static_cast(m_S); 72| 43.7k| } _ZN5Botan20solinas_correct_redcILm6ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 43.7k|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 43.7k| W borrow = 0; 86| 306k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 262k, False: 43.7k] ------------------ 87| 262k| r[i] = word_sub(r[i], C[i], &borrow); 88| 262k| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 43.7k| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 43.7k| W carry = 0; 94| | 95| 306k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 262k, False: 43.7k] ------------------ 96| 262k| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 262k| } 98| 43.7k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm4EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.23M| -> std::array { 111| 1.23M| static_assert(N >= 1); 112| | 113| 1.23M| std::array ws; // NOLINT(*-member-init) 114| 1.23M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.23M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.23M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| 1.23M| if constexpr(N == 4) { 120| 1.23M| bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| 1.23M| return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 1.23M| } 136| | 137| 0| word3 accum; 138| | 139| 1.23M| accum.add(z[0]); 140| | 141| 1.23M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 1.23M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 1.23M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 1.23M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 1.23M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 1.23M| accum.add(z[2 * N - 1]); 164| | 165| 1.23M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.23M| const W w1 = accum.extract(); 168| | 169| 1.23M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.23M| return r; 172| 1.23M|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm4ELm32EEEDaNSt3__14spanIKhXT1_EEE: 287| 2.00k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 2.00k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 2.00k| std::array r = {}; 291| | 292| 2.00k| constexpr size_t full_words = L / WordInfo::bytes; 293| 2.00k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 2.00k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 10.0k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 8.03k, False: 2.00k] ------------------ 298| 8.03k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 8.03k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 2.00k| return r; 312| 2.00k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm8ELm64EEEDaNSt3__14spanIKhXT1_EEE: 287| 2.84k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 2.84k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 2.84k| std::array r = {}; 291| | 292| 2.84k| constexpr size_t full_words = L / WordInfo::bytes; 293| 2.84k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 2.84k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 25.5k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 22.7k, False: 2.84k] ------------------ 298| 22.7k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 22.7k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 2.84k| return r; 312| 2.84k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm6EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 536k| -> std::array { 111| 536k| static_assert(N >= 1); 112| | 113| 536k| std::array ws; // NOLINT(*-member-init) 114| 536k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 536k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 536k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| 536k| } else if constexpr(N == 6) { 123| 536k| bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| 536k| return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 536k| } 136| | 137| 0| word3 accum; 138| | 139| 536k| accum.add(z[0]); 140| | 141| 536k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 536k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 536k] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 536k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 536k] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 536k| accum.add(z[2 * N - 1]); 164| | 165| 536k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 536k| const W w1 = accum.extract(); 168| | 169| 536k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 536k| return r; 172| 536k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm6ELm48EEEDaNSt3__14spanIKhXT1_EEE: 287| 1.33k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 1.33k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 1.33k| std::array r = {}; 291| | 292| 1.33k| constexpr size_t full_words = L / WordInfo::bytes; 293| 1.33k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 1.33k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 9.32k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 7.99k, False: 1.33k] ------------------ 298| 7.99k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 7.99k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 1.33k| return r; 312| 1.33k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm12ELm96EEEDaNSt3__14spanIKhXT1_EEE: 287| 734|inline constexpr auto bytes_to_words(std::span bytes) { 288| 734| static_assert(L <= WordInfo::bytes * N); 289| | 290| 734| std::array r = {}; 291| | 292| 734| constexpr size_t full_words = L / WordInfo::bytes; 293| 734| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 734| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 9.54k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 8.80k, False: 734] ------------------ 298| 8.80k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 8.80k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 734| return r; 312| 734|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm8EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 787k| -> std::array { 111| 787k| static_assert(N >= 1); 112| | 113| 787k| std::array ws; // NOLINT(*-member-init) 114| 787k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 787k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 787k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| 787k| } else if constexpr(N == 8) { 126| 787k| bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| 787k| return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 787k| } 136| | 137| 0| word3 accum; 138| | 139| 787k| accum.add(z[0]); 140| | 141| 787k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 787k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 787k] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 787k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 787k] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 787k| accum.add(z[2 * N - 1]); 164| | 165| 787k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 787k| const W w1 = accum.extract(); 168| | 169| 787k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 787k| return r; 172| 787k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm16ELm128EEEDaNSt3__14spanIKhXT1_EEE: 287| 772|inline constexpr auto bytes_to_words(std::span bytes) { 288| 772| static_assert(L <= WordInfo::bytes * N); 289| | 290| 772| std::array r = {}; 291| | 292| 772| constexpr size_t full_words = L / WordInfo::bytes; 293| 772| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 772| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 13.1k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 12.3k, False: 772] ------------------ 298| 12.3k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 12.3k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 772| return r; 312| 772|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm3EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 230k| -> std::array { 111| 230k| static_assert(N >= 1); 112| | 113| 230k| std::array ws; // NOLINT(*-member-init) 114| 230k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 230k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 230k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| 230k| } else if constexpr(N == 16) { 132| 230k| bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| 230k| return r; 134| 230k| } 135| 230k| } 136| | 137| 230k| word3 accum; 138| | 139| 230k| accum.add(z[0]); 140| | 141| 230k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 691k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 461k, False: 230k] ------------------ 144| 1.15M| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 691k, False: 461k] ------------------ 145| 691k| accum.mul(ws[j], p[i - j]); 146| 691k| } 147| | 148| 461k| accum.add(z[i]); 149| | 150| 461k| ws[i] = accum.monty_step(p[0], p_dash); 151| 461k| } 152| | 153| 691k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 461k, False: 230k] ------------------ 154| 1.15M| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 691k, False: 461k] ------------------ 155| 691k| accum.mul(ws[j], p[N + i - j]); 156| 691k| } 157| | 158| 461k| accum.add(z[N + i]); 159| | 160| 461k| ws[i] = accum.extract(); 161| 461k| } 162| | 163| 230k| accum.add(z[2 * N - 1]); 164| | 165| 230k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 230k| const W w1 = accum.extract(); 168| | 169| 230k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 230k| return r; 172| 230k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm3ELm24EEEDaNSt3__14spanIKhXT1_EEE: 287| 599|inline constexpr auto bytes_to_words(std::span bytes) { 288| 599| static_assert(L <= WordInfo::bytes * N); 289| | 290| 599| std::array r = {}; 291| | 292| 599| constexpr size_t full_words = L / WordInfo::bytes; 293| 599| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 599| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 2.39k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 1.79k, False: 599] ------------------ 298| 1.79k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 1.79k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 599| return r; 312| 599|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm4ELm28EEEDaNSt3__14spanIKhXT1_EEE: 287| 509|inline constexpr auto bytes_to_words(std::span bytes) { 288| 509| static_assert(L <= WordInfo::bytes * N); 289| | 290| 509| std::array r = {}; 291| | 292| 509| constexpr size_t full_words = L / WordInfo::bytes; 293| 509| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 509| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 2.03k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 1.52k, False: 509] ------------------ 298| 1.52k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 1.52k| } 300| | 301| 509| if constexpr(extra_bytes > 0) { 302| 509| constexpr size_t shift = extra_bytes * 8; 303| 509| shift_left(r); 304| | 305| 2.54k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (305:25): [True: 2.03k, False: 509] ------------------ 306| 2.03k| const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| 2.03k| r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| 2.03k| } 309| 509| } 310| | 311| 509| return r; 312| 509|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm8ELm56EEEDaNSt3__14spanIKhXT1_EEE: 287| 522|inline constexpr auto bytes_to_words(std::span bytes) { 288| 522| static_assert(L <= WordInfo::bytes * N); 289| | 290| 522| std::array r = {}; 291| | 292| 522| constexpr size_t full_words = L / WordInfo::bytes; 293| 522| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 522| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 4.17k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 3.65k, False: 522] ------------------ 298| 3.65k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 3.65k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 522| return r; 312| 522|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm9EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 325k| -> std::array { 111| 325k| static_assert(N >= 1); 112| | 113| 325k| std::array ws; // NOLINT(*-member-init) 114| 325k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 325k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 325k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| 325k| } else if constexpr(N == 16) { 132| 325k| bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| 325k| return r; 134| 325k| } 135| 325k| } 136| | 137| 325k| word3 accum; 138| | 139| 325k| accum.add(z[0]); 140| | 141| 325k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 2.93M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 2.60M, False: 325k] ------------------ 144| 14.3M| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 11.7M, False: 2.60M] ------------------ 145| 11.7M| accum.mul(ws[j], p[i - j]); 146| 11.7M| } 147| | 148| 2.60M| accum.add(z[i]); 149| | 150| 2.60M| ws[i] = accum.monty_step(p[0], p_dash); 151| 2.60M| } 152| | 153| 2.93M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 2.60M, False: 325k] ------------------ 154| 14.3M| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 11.7M, False: 2.60M] ------------------ 155| 11.7M| accum.mul(ws[j], p[N + i - j]); 156| 11.7M| } 157| | 158| 2.60M| accum.add(z[N + i]); 159| | 160| 2.60M| ws[i] = accum.extract(); 161| 2.60M| } 162| | 163| 325k| accum.add(z[2 * N - 1]); 164| | 165| 325k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 325k| const W w1 = accum.extract(); 168| | 169| 325k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 325k| return r; 172| 325k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm9ELm66EEEDaNSt3__14spanIKhXT1_EEE: 287| 366|inline constexpr auto bytes_to_words(std::span bytes) { 288| 366| static_assert(L <= WordInfo::bytes * N); 289| | 290| 366| std::array r = {}; 291| | 292| 366| constexpr size_t full_words = L / WordInfo::bytes; 293| 366| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 366| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 3.29k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 2.92k, False: 366] ------------------ 298| 2.92k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 2.92k| } 300| | 301| 366| if constexpr(extra_bytes > 0) { 302| 366| constexpr size_t shift = extra_bytes * 8; 303| 366| shift_left(r); 304| | 305| 1.09k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (305:25): [True: 732, False: 366] ------------------ 306| 732| const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| 732| r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| 732| } 309| 366| } 310| | 311| 366| return r; 312| 366|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm18ELm132EEEDaNSt3__14spanIKhXT1_EEE: 287| 382|inline constexpr auto bytes_to_words(std::span bytes) { 288| 382| static_assert(L <= WordInfo::bytes * N); 289| | 290| 382| std::array r = {}; 291| | 292| 382| constexpr size_t full_words = L / WordInfo::bytes; 293| 382| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 382| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 6.49k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 6.11k, False: 382] ------------------ 298| 6.11k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 6.11k| } 300| | 301| 382| if constexpr(extra_bytes > 0) { 302| 382| constexpr size_t shift = extra_bytes * 8; 303| 382| shift_left(r); 304| | 305| 1.91k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (305:25): [True: 1.52k, False: 382] ------------------ 306| 1.52k| const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| 1.52k| r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| 1.52k| } 309| 382| } 310| | 311| 382| return r; 312| 382|} pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE8instanceEv: 338| 17.4k| static std::shared_ptr instance() { 339| 17.4k| static auto g_curve = std::make_shared>(); 340| 17.4k| return g_curve; 341| 17.4k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 12.5k| static typename C::Scalar from_stash(const Scalar& s) { 349| 12.5k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 12.5k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 12.5k| return C::Scalar::from_stash(s._value()); 353| 12.5k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 4.90k| static Scalar stash(const typename C::Scalar& s) { 345| 4.90k| return Scalar::_create(instance(), s.template stash_value()); 346| 4.90k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 352| std::optional deserialize_scalar(std::span bytes) const override { 225| 352| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 352, False: 0] ------------------ 226| 352| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 352, False: 0] ------------------ 227| 352| return stash(*scalar); 228| 352| } 229| 352| } 230| | 231| 0| return {}; 232| 352| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 368| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 368| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 368, False: 0] ------------------ 236| 368| return stash(*s); 237| 368| } else { 238| 0| return {}; 239| 0| } 240| 368| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 352| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 352| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 352| do { \ | | 36| 352| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 352| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 352] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 352| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 352] | | ------------------ ------------------ 221| 352| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 352| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10scalar_oneEv: 332| 184| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 920| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 920| return stash(from_stash(a) + from_stash(b)); 298| 920| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 184| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 184| return stash(from_stash(a) - from_stash(b)); 302| 184| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.64k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.64k| return stash(from_stash(a) * from_stash(b)); 306| 1.64k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 184| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 532| Scalar scalar_invert(const Scalar& ss) const override { 311| 532| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 532| } else { 315| 532| return stash(s.invert()); 316| 532| } 317| 532| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 352| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 352| auto s = from_stash(ss); 321| 352| return stash(s.invert_vartime()); 322| 352| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 184| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.10k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.15k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.15k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.15k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE8instanceEv: 338| 15.5k| static std::shared_ptr instance() { 339| 15.5k| static auto g_curve = std::make_shared>(); 340| 15.5k| return g_curve; 341| 15.5k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 11.1k| static typename C::Scalar from_stash(const Scalar& s) { 349| 11.1k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 11.1k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 11.1k| return C::Scalar::from_stash(s._value()); 353| 11.1k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 4.36k| static Scalar stash(const typename C::Scalar& s) { 345| 4.36k| return Scalar::_create(instance(), s.template stash_value()); 346| 4.36k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 315| std::optional deserialize_scalar(std::span bytes) const override { 225| 315| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 315, False: 0] ------------------ 226| 315| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 315, False: 0] ------------------ 227| 315| return stash(*scalar); 228| 315| } 229| 315| } 230| | 231| 0| return {}; 232| 315| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 328| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 328| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 328, False: 0] ------------------ 236| 328| return stash(*s); 237| 328| } else { 238| 0| return {}; 239| 0| } 240| 328| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 315| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 315| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 315| do { \ | | 36| 315| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 315| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 315] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 315| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 315] | | ------------------ ------------------ 221| 315| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 315| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10scalar_oneEv: 332| 164| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 820| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 820| return stash(from_stash(a) + from_stash(b)); 298| 820| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 164| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 164| return stash(from_stash(a) - from_stash(b)); 302| 164| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.46k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.46k| return stash(from_stash(a) * from_stash(b)); 306| 1.46k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 164| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 472| Scalar scalar_invert(const Scalar& ss) const override { 311| 472| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 472| } else { 315| 472| return stash(s.invert()); 316| 472| } 317| 472| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 315| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 315| auto s = from_stash(ss); 321| 315| return stash(s.invert_vartime()); 322| 315| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 164| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 984| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 1.92k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 1.92k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 1.92k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE8instanceEv: 338| 19.7k| static std::shared_ptr instance() { 339| 19.7k| static auto g_curve = std::make_shared>(); 340| 19.7k| return g_curve; 341| 19.7k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 14.2k| static typename C::Scalar from_stash(const Scalar& s) { 349| 14.2k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 14.2k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 14.2k| return C::Scalar::from_stash(s._value()); 353| 14.2k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 5.56k| static Scalar stash(const typename C::Scalar& s) { 345| 5.56k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.56k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 404| std::optional deserialize_scalar(std::span bytes) const override { 225| 404| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 404, False: 0] ------------------ 226| 404| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 404, False: 0] ------------------ 227| 404| return stash(*scalar); 228| 404| } 229| 404| } 230| | 231| 0| return {}; 232| 404| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 416| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 416| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 416, False: 0] ------------------ 236| 416| return stash(*s); 237| 416| } else { 238| 0| return {}; 239| 0| } 240| 416| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 404| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 404| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 404| do { \ | | 36| 404| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 404| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 404] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 404| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 404] | | ------------------ ------------------ 221| 404| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 404| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10scalar_oneEv: 332| 208| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.04k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.04k| return stash(from_stash(a) + from_stash(b)); 298| 1.04k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 208| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 208| return stash(from_stash(a) - from_stash(b)); 302| 208| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.86k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.86k| return stash(from_stash(a) * from_stash(b)); 306| 1.86k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 208| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 607| Scalar scalar_invert(const Scalar& ss) const override { 311| 607| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 607| } else { 315| 607| return stash(s.invert()); 316| 607| } 317| 607| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 404| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 404| auto s = from_stash(ss); 321| 404| return stash(s.invert_vartime()); 322| 404| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 208| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.24k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.45k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.45k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.45k| } pcurves_frp256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE8instanceEv: 338| 21.7k| static std::shared_ptr instance() { 339| 21.7k| static auto g_curve = std::make_shared>(); 340| 21.7k| return g_curve; 341| 21.7k| } pcurves_frp256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_frp256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 15.5k| static typename C::Scalar from_stash(const Scalar& s) { 349| 15.5k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 15.5k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 15.5k| return C::Scalar::from_stash(s._value()); 353| 15.5k| } pcurves_frp256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 6.10k| static Scalar stash(const typename C::Scalar& s) { 345| 6.10k| return Scalar::_create(instance(), s.template stash_value()); 346| 6.10k| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 441| std::optional deserialize_scalar(std::span bytes) const override { 225| 441| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 441, False: 0] ------------------ 226| 441| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 441, False: 0] ------------------ 227| 441| return stash(*scalar); 228| 441| } 229| 441| } 230| | 231| 0| return {}; 232| 441| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 458| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 458| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 458, False: 0] ------------------ 236| 458| return stash(*s); 237| 458| } else { 238| 0| return {}; 239| 0| } 240| 458| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 441| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 441| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 441| do { \ | | 36| 441| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 441| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 441] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 441| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 441] | | ------------------ ------------------ 221| 441| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 441| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE10scalar_oneEv: 332| 229| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.14k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.14k| return stash(from_stash(a) + from_stash(b)); 298| 1.14k| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 229| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 229| return stash(from_stash(a) - from_stash(b)); 302| 229| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 2.04k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 2.04k| return stash(from_stash(a) * from_stash(b)); 306| 2.04k| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 229| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 664| Scalar scalar_invert(const Scalar& ss) const override { 311| 664| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 664| } else { 315| 664| return stash(s.invert()); 316| 664| } 317| 664| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 441| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 441| auto s = from_stash(ss); 321| 441| return stash(s.invert_vartime()); 322| 441| } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 229| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.37k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_frp256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_18frp256v15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.69k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.69k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.69k| } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE8instanceEv: 338| 16.8k| static std::shared_ptr instance() { 339| 16.8k| static auto g_curve = std::make_shared>(); 340| 16.8k| return g_curve; 341| 16.8k| } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_numsp512d1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 12.1k| static typename C::Scalar from_stash(const Scalar& s) { 349| 12.1k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 12.1k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 12.1k| return C::Scalar::from_stash(s._value()); 353| 12.1k| } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_13Numsp512d1RepEE12ScalarParamsEEEEE: 344| 4.75k| static Scalar stash(const typename C::Scalar& s) { 345| 4.75k| return Scalar::_create(instance(), s.template stash_value()); 346| 4.75k| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 344| std::optional deserialize_scalar(std::span bytes) const override { 225| 344| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 344, False: 0] ------------------ 226| 344| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 344, False: 0] ------------------ 227| 344| return stash(*scalar); 228| 344| } 229| 344| } 230| | 231| 0| return {}; 232| 344| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 356| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 356| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 356, False: 0] ------------------ 236| 356| return stash(*s); 237| 356| } else { 238| 0| return {}; 239| 0| } 240| 356| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 344| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 344| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 344| do { \ | | 36| 344| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 344| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 344] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 344| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 344] | | ------------------ ------------------ 221| 344| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 344| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE10scalar_oneEv: 332| 178| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 890| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 890| return stash(from_stash(a) + from_stash(b)); 298| 890| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 178| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 178| return stash(from_stash(a) - from_stash(b)); 302| 178| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.59k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.59k| return stash(from_stash(a) * from_stash(b)); 306| 1.59k| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 178| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 516| Scalar scalar_invert(const Scalar& ss) const override { 311| 516| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 516| } else { 315| 516| return stash(s.invert()); 316| 516| } 317| 516| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 344| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 344| auto s = from_stash(ss); 321| 344| return stash(s.invert_vartime()); 322| 344| } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 178| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.06k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_numsp512d1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_110numsp512d15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.09k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.09k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.09k| } pcurves_secp192r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE8instanceEv: 338| 29.7k| static std::shared_ptr instance() { 339| 29.7k| static auto g_curve = std::make_shared>(); 340| 29.7k| return g_curve; 341| 29.7k| } pcurves_secp192r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp192r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 21.3k| static typename C::Scalar from_stash(const Scalar& s) { 349| 21.3k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 21.3k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 21.3k| return C::Scalar::from_stash(s._value()); 353| 21.3k| } pcurves_secp192r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_12Secp192r1RepEE12ScalarParamsEEEEE: 344| 8.36k| static Scalar stash(const typename C::Scalar& s) { 345| 8.36k| return Scalar::_create(instance(), s.template stash_value()); 346| 8.36k| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 599| std::optional deserialize_scalar(std::span bytes) const override { 225| 599| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 599, False: 0] ------------------ 226| 599| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 599, False: 0] ------------------ 227| 599| return stash(*scalar); 228| 599| } 229| 599| } 230| | 231| 0| return {}; 232| 599| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 630| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 630| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 630, False: 0] ------------------ 236| 630| return stash(*s); 237| 630| } else { 238| 0| return {}; 239| 0| } 240| 630| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 599| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 599| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 599| do { \ | | 36| 599| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 599| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 599] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 599| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 599] | | ------------------ ------------------ 221| 599| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 599| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE10scalar_oneEv: 332| 315| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.57k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.57k| return stash(from_stash(a) + from_stash(b)); 298| 1.57k| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 315| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 315| return stash(from_stash(a) - from_stash(b)); 302| 315| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 2.80k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 2.80k| return stash(from_stash(a) * from_stash(b)); 306| 2.80k| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 315| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 899| Scalar scalar_invert(const Scalar& ss) const override { 311| 899| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 899| } else { 315| 899| return stash(s.invert()); 316| 899| } 317| 899| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 599| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 599| auto s = from_stash(ss); 321| 599| return stash(s.invert_vartime()); 322| 599| } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 315| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.89k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp192r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp192r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 3.67k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 3.67k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 3.67k| } pcurves_secp224r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE8instanceEv: 338| 24.8k| static std::shared_ptr instance() { 339| 24.8k| static auto g_curve = std::make_shared>(); 340| 24.8k| return g_curve; 341| 24.8k| } pcurves_secp224r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp224r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 17.8k| static typename C::Scalar from_stash(const Scalar& s) { 349| 17.8k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 17.8k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 17.8k| return C::Scalar::from_stash(s._value()); 353| 17.8k| } pcurves_secp224r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_12Secp224r1RepEE12ScalarParamsEEEEE: 344| 6.99k| static Scalar stash(const typename C::Scalar& s) { 345| 6.99k| return Scalar::_create(instance(), s.template stash_value()); 346| 6.99k| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 509| std::optional deserialize_scalar(std::span bytes) const override { 225| 509| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 509, False: 0] ------------------ 226| 509| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 509, False: 0] ------------------ 227| 509| return stash(*scalar); 228| 509| } 229| 509| } 230| | 231| 0| return {}; 232| 509| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 522| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 522| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 522, False: 0] ------------------ 236| 522| return stash(*s); 237| 522| } else { 238| 0| return {}; 239| 0| } 240| 522| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 509| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 509| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 509| do { \ | | 36| 509| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 509| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 509] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 509| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 509] | | ------------------ ------------------ 221| 509| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 509| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE10scalar_oneEv: 332| 261| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.30k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.30k| return stash(from_stash(a) + from_stash(b)); 298| 1.30k| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 261| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 261| return stash(from_stash(a) - from_stash(b)); 302| 261| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 2.33k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 2.33k| return stash(from_stash(a) * from_stash(b)); 306| 2.33k| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 261| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 765| Scalar scalar_invert(const Scalar& ss) const override { 311| 765| auto s = from_stash(ss); 312| 765| if constexpr(curve_supports_scalar_invert) { 313| 765| return stash(C::scalar_invert(s)); 314| | } else { 315| | return stash(s.invert()); 316| | } 317| 765| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 509| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 509| auto s = from_stash(ss); 321| 509| return stash(s.invert_vartime()); 322| 509| } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 261| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.56k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp224r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp224r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 3.08k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 3.08k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 3.08k| } pcurves_secp256k1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE8instanceEv: 338| 19.5k| static std::shared_ptr instance() { 339| 19.5k| static auto g_curve = std::make_shared>(); 340| 19.5k| return g_curve; 341| 19.5k| } pcurves_secp256k1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp256k1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 14.0k| static typename C::Scalar from_stash(const Scalar& s) { 349| 14.0k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 14.0k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 14.0k| return C::Scalar::from_stash(s._value()); 353| 14.0k| } pcurves_secp256k1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_12Secp256k1RepEE12ScalarParamsEEEEE: 344| 5.49k| static Scalar stash(const typename C::Scalar& s) { 345| 5.49k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.49k| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 397| std::optional deserialize_scalar(std::span bytes) const override { 225| 397| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 397, False: 0] ------------------ 226| 397| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 397, False: 0] ------------------ 227| 397| return stash(*scalar); 228| 397| } 229| 397| } 230| | 231| 0| return {}; 232| 397| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 412| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 412| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 412, False: 0] ------------------ 236| 412| return stash(*s); 237| 412| } else { 238| 0| return {}; 239| 0| } 240| 412| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 397| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 397| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 397| do { \ | | 36| 397| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 397| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 397] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 397| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 397] | | ------------------ ------------------ 221| 397| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 397| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE10scalar_oneEv: 332| 206| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.03k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.03k| return stash(from_stash(a) + from_stash(b)); 298| 1.03k| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 206| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 206| return stash(from_stash(a) - from_stash(b)); 302| 206| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.83k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.83k| return stash(from_stash(a) * from_stash(b)); 306| 1.83k| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 206| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 599| Scalar scalar_invert(const Scalar& ss) const override { 311| 599| auto s = from_stash(ss); 312| 599| if constexpr(curve_supports_scalar_invert) { 313| 599| return stash(C::scalar_invert(s)); 314| | } else { 315| | return stash(s.invert()); 316| | } 317| 599| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 397| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 397| auto s = from_stash(ss); 321| 397| return stash(s.invert_vartime()); 322| 397| } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 206| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.23k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp256k1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256k15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.42k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.42k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.42k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE8instanceEv: 338| 20.6k| static std::shared_ptr instance() { 339| 20.6k| static auto g_curve = std::make_shared>(); 340| 20.6k| return g_curve; 341| 20.6k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 14.8k| static typename C::Scalar from_stash(const Scalar& s) { 349| 14.8k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 14.8k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 14.8k| return C::Scalar::from_stash(s._value()); 353| 14.8k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEE: 344| 5.81k| static Scalar stash(const typename C::Scalar& s) { 345| 5.81k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.81k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 419| std::optional deserialize_scalar(std::span bytes) const override { 225| 419| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 419, False: 0] ------------------ 226| 419| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 419, False: 0] ------------------ 227| 419| return stash(*scalar); 228| 419| } 229| 419| } 230| | 231| 0| return {}; 232| 419| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 436| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 436| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 436, False: 0] ------------------ 236| 436| return stash(*s); 237| 436| } else { 238| 0| return {}; 239| 0| } 240| 436| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 419| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 419| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 419| do { \ | | 36| 419| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 419| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 419] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 419| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 419] | | ------------------ ------------------ 221| 419| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 419| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10scalar_oneEv: 332| 218| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.09k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.09k| return stash(from_stash(a) + from_stash(b)); 298| 1.09k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 218| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 218| return stash(from_stash(a) - from_stash(b)); 302| 218| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.94k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.94k| return stash(from_stash(a) * from_stash(b)); 306| 1.94k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 218| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 631| Scalar scalar_invert(const Scalar& ss) const override { 311| 631| auto s = from_stash(ss); 312| 631| if constexpr(curve_supports_scalar_invert) { 313| 631| return stash(C::scalar_invert(s)); 314| | } else { 315| | return stash(s.invert()); 316| | } 317| 631| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 419| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 419| auto s = from_stash(ss); 321| 419| return stash(s.invert_vartime()); 322| 419| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 218| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.30k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.55k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.55k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.55k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE8instanceEv: 338| 19.1k| static std::shared_ptr instance() { 339| 19.1k| static auto g_curve = std::make_shared>(); 340| 19.1k| return g_curve; 341| 19.1k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 13.7k| static typename C::Scalar from_stash(const Scalar& s) { 349| 13.7k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 13.7k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 13.7k| return C::Scalar::from_stash(s._value()); 353| 13.7k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEE: 344| 5.39k| static Scalar stash(const typename C::Scalar& s) { 345| 5.39k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.39k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 387| std::optional deserialize_scalar(std::span bytes) const override { 225| 387| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 387, False: 0] ------------------ 226| 387| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 387, False: 0] ------------------ 227| 387| return stash(*scalar); 228| 387| } 229| 387| } 230| | 231| 0| return {}; 232| 387| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 406| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 406| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 406, False: 0] ------------------ 236| 406| return stash(*s); 237| 406| } else { 238| 0| return {}; 239| 0| } 240| 406| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 387| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 387| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 387| do { \ | | 36| 387| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 387| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 387] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 387| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 387] | | ------------------ ------------------ 221| 387| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 387| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10scalar_oneEv: 332| 203| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.01k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.01k| return stash(from_stash(a) + from_stash(b)); 298| 1.01k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 203| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 203| return stash(from_stash(a) - from_stash(b)); 302| 203| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.80k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.80k| return stash(from_stash(a) * from_stash(b)); 306| 1.80k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 203| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 584| Scalar scalar_invert(const Scalar& ss) const override { 311| 584| auto s = from_stash(ss); 312| 584| if constexpr(curve_supports_scalar_invert) { 313| 584| return stash(C::scalar_invert(s)); 314| | } else { 315| | return stash(s.invert()); 316| | } 317| 584| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 387| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 387| auto s = from_stash(ss); 321| 387| return stash(s.invert_vartime()); 322| 387| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 203| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.21k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.37k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.37k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.37k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE8instanceEv: 338| 18.0k| static std::shared_ptr instance() { 339| 18.0k| static auto g_curve = std::make_shared>(); 340| 18.0k| return g_curve; 341| 18.0k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 12.9k| static typename C::Scalar from_stash(const Scalar& s) { 349| 12.9k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 12.9k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 12.9k| return C::Scalar::from_stash(s._value()); 353| 12.9k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEE: 344| 5.08k| static Scalar stash(const typename C::Scalar& s) { 345| 5.08k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.08k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 366| std::optional deserialize_scalar(std::span bytes) const override { 225| 366| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 366, False: 0] ------------------ 226| 366| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 366, False: 0] ------------------ 227| 366| return stash(*scalar); 228| 366| } 229| 366| } 230| | 231| 0| return {}; 232| 366| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 382| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 382| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 382, False: 0] ------------------ 236| 382| return stash(*s); 237| 382| } else { 238| 0| return {}; 239| 0| } 240| 382| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 366| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 366| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 366| do { \ | | 36| 366| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 366| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 366] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 366| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 366] | | ------------------ ------------------ 221| 366| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 366| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10scalar_oneEv: 332| 191| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 955| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 955| return stash(from_stash(a) + from_stash(b)); 298| 955| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 191| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 191| return stash(from_stash(a) - from_stash(b)); 302| 191| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.70k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.70k| return stash(from_stash(a) * from_stash(b)); 306| 1.70k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 191| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 552| Scalar scalar_invert(const Scalar& ss) const override { 311| 552| auto s = from_stash(ss); 312| 552| if constexpr(curve_supports_scalar_invert) { 313| 552| return stash(C::scalar_invert(s)); 314| | } else { 315| | return stash(s.invert()); 316| | } 317| 552| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 366| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 366| auto s = from_stash(ss); 321| 366| return stash(s.invert_vartime()); 322| 366| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 191| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.14k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.23k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.23k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.23k| } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE8instanceEv: 338| 19.7k| static std::shared_ptr instance() { 339| 19.7k| static auto g_curve = std::make_shared>(); 340| 19.7k| return g_curve; 341| 19.7k| } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 14.2k| static typename C::Scalar from_stash(const Scalar& s) { 349| 14.2k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 14.2k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 14.2k| return C::Scalar::from_stash(s._value()); 353| 14.2k| } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_12Sm2p256v1RepEE12ScalarParamsEEEEE: 344| 5.56k| static Scalar stash(const typename C::Scalar& s) { 345| 5.56k| return Scalar::_create(instance(), s.template stash_value()); 346| 5.56k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 400| std::optional deserialize_scalar(std::span bytes) const override { 225| 400| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 400, False: 0] ------------------ 226| 400| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 400, False: 0] ------------------ 227| 400| return stash(*scalar); 228| 400| } 229| 400| } 230| | 231| 0| return {}; 232| 400| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE22scalar_from_wide_bytesENSt3__14spanIKhLm18446744073709551615EEE: 234| 418| std::optional scalar_from_wide_bytes(std::span bytes) const override { 235| 418| if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) { ------------------ | Branch (235:18): [True: 418, False: 0] ------------------ 236| 418| return stash(*s); 237| 418| } else { 238| 0| return {}; 239| 0| } 240| 418| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 400| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 400| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 400| do { \ | | 36| 400| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 400| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 400] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 400| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 400] | | ------------------ ------------------ 221| 400| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 400| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE10scalar_oneEv: 332| 209| Scalar scalar_one() const override { return stash(C::Scalar::one()); } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE10scalar_addERKNS0_15PrimeOrderCurve6ScalarES9_: 296| 1.04k| Scalar scalar_add(const Scalar& a, const Scalar& b) const override { 297| 1.04k| return stash(from_stash(a) + from_stash(b)); 298| 1.04k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE10scalar_subERKNS0_15PrimeOrderCurve6ScalarES9_: 300| 209| Scalar scalar_sub(const Scalar& a, const Scalar& b) const override { 301| 209| return stash(from_stash(a) - from_stash(b)); 302| 209| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE10scalar_mulERKNS0_15PrimeOrderCurve6ScalarES9_: 304| 1.86k| Scalar scalar_mul(const Scalar& a, const Scalar& b) const override { 305| 1.86k| return stash(from_stash(a) * from_stash(b)); 306| 1.86k| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE13scalar_squareERKNS0_15PrimeOrderCurve6ScalarE: 308| 209| Scalar scalar_square(const Scalar& s) const override { return stash(from_stash(s).square()); } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE13scalar_invertERKNS0_15PrimeOrderCurve6ScalarE: 310| 603| Scalar scalar_invert(const Scalar& ss) const override { 311| 603| auto s = from_stash(ss); 312| | if constexpr(curve_supports_scalar_invert) { 313| | return stash(C::scalar_invert(s)); 314| 603| } else { 315| 603| return stash(s.invert()); 316| 603| } 317| 603| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE21scalar_invert_vartimeERKNS0_15PrimeOrderCurve6ScalarE: 319| 400| Scalar scalar_invert_vartime(const Scalar& ss) const override { 320| 400| auto s = from_stash(ss); 321| 400| return stash(s.invert_vartime()); 322| 400| } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE13scalar_negateERKNS0_15PrimeOrderCurve6ScalarE: 324| 209| Scalar scalar_negate(const Scalar& s) const override { return stash(from_stash(s).negate()); } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 1.25k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_sm2p256v1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19sm2p256v15CurveEE12scalar_equalERKNS0_15PrimeOrderCurve6ScalarES9_: 328| 2.44k| bool scalar_equal(const Scalar& a, const Scalar& b) const override { 329| 2.44k| return (from_stash(a) == from_stash(b)).as_bool(); 330| 2.44k| } _ZN5Botan8round_upEmm: 26| 72|constexpr inline size_t round_up(size_t n, size_t align_to) { 27| | // Arguably returning n in this case would also be sensible 28| 72| BOTAN_ARG_CHECK(align_to != 0, "align_to must not be 0"); ------------------ | | 35| 72| do { \ | | 36| 72| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 72| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 72] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 72| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 72] | | ------------------ ------------------ 29| | 30| 72| if(n % align_to > 0) { ------------------ | Branch (30:7): [True: 62, False: 10] ------------------ 31| 62| const size_t adj = align_to - (n % align_to); 32| 62| BOTAN_ARG_CHECK(n + adj >= n, "Integer overflow during rounding"); ------------------ | | 35| 62| do { \ | | 36| 62| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 62| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 62] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 62| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 62] | | ------------------ ------------------ 33| 62| n += adj; 34| 62| } 35| 72| return n; 36| 72|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEmQntsr3stdE7same_asIbT_EEES3_S3_: 43| 23.9M|constexpr inline T value_barrier(T x) { 44| 23.9M| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 23.9M] ------------------ 45| 0| return x; 46| 23.9M| } else { 47| 23.9M|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 23.9M| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 23.9M| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 23.9M| } 64| 23.9M|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEjQntsr3stdE7same_asIbT_EEES3_S3_: 43| 75|constexpr inline T value_barrier(T x) { 44| 75| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 75] ------------------ 45| 0| return x; 46| 75| } else { 47| 75|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 75| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 75| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 75| } 64| 75|} _ZN5Botan21Allocator_InitializerC2Ev: 50| 1| Allocator_Initializer() { initialize_allocator(); } _ZNK5Botan3OID5emptyEv: 265| 36| bool empty() const { return m_id.empty(); } _ZNK5Botan3OID9has_valueEv: 271| 24| bool has_value() const { return !empty(); } _ZNK5Botan3OIDeqERKS0_: 301| 240| bool operator==(const OID& other) const { return m_id == other.m_id; } _ZN5BotanneERKNS_3OIDES2_: 342| 12|inline bool operator!=(const OID& a, const OID& b) { 343| 12| return !(a == b); 344| 12|} _ZNKSt3__14hashIN5Botan3OIDEEclERKS2_: 441| 4| size_t operator()(const Botan::OID& oid) const noexcept { return static_cast(oid.hash_code()); } _ZN5Botan11ASN1_ObjectC2Ev: 117| 196| ASN1_Object() = default; _ZN5Botan11ASN1_ObjectD2Ev: 122| 288| virtual ~ASN1_Object() = default; _ZN5Botan11ASN1_ObjectC2ERKS0_: 118| 46| ASN1_Object(const ASN1_Object&) = default; _ZN5Botan11ASN1_ObjectC2EOS0_: 120| 46| ASN1_Object(ASN1_Object&&) = default; _ZN5Botan13ignore_paramsIJPKmmEEEvDpRKT_: 142| 133k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan6BigInt4zeroEv: 50| 36| static BigInt zero() { return BigInt(); } _ZN5Botan6BigIntC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 98| 72| explicit BigInt(std::string_view str) { *this = BigInt::from_string(str); } _ZN5Botan6BigIntC2EOS0_: 183| 60| BigInt(BigInt&& other) noexcept { this->swap(other); } _ZN5Botan6BigIntD2Ev: 185| 924| ~BigInt() { _const_time_unpoison(); } _ZN5Botan6BigIntaSEOS0_: 190| 132| BigInt& operator=(BigInt&& other) noexcept { 191| 132| if(this != &other) { ------------------ | Branch (191:13): [True: 132, False: 0] ------------------ 192| 132| this->swap(other); 193| 132| } 194| | 195| 132| return (*this); 196| 132| } _ZN5Botan6BigInt4swapERS0_: 207| 228| void swap(BigInt& other) noexcept { 208| 228| m_data.swap(other.m_data); 209| 228| std::swap(m_signedness, other.m_signedness); 210| 228| } _ZN5Botan6BigInt3subEPKmmNS0_4SignE: 332| 169| BigInt& sub(const word y[], size_t y_words, Sign sign) { 333| 169| return add(y, y_words, sign == Positive ? Negative : Positive); ------------------ | Branch (333:33): [True: 169, False: 0] ------------------ 334| 169| } _ZN5Botan6BigInt5clearEv: 415| 72| void clear() { 416| 72| m_data.set_to_zero(); 417| 72| m_signedness = Positive; 418| 72| } _ZNK5Botan6BigInt7is_evenEv: 455| 12| bool is_even() const { return !get_bit(0); } _ZNK5Botan6BigInt6signumEv: 467| 673| int signum() const { 468| 673| if(sig_words() == 0) { ------------------ | Branch (468:13): [True: 1, False: 672] ------------------ 469| 1| return 0; 470| 1| } 471| 672| return (sign() == Negative) ? -1 : 1; ------------------ | Branch (471:17): [True: 0, False: 672] ------------------ 472| 673| } _ZNK5Botan6BigInt7is_zeroEv: 484| 48| bool is_zero() const { return sig_words() == 0; } _ZN5Botan6BigInt7set_bitEm: 490| 48| void set_bit(size_t n) { conditionally_set_bit(n, true); } _ZN5Botan6BigInt21conditionally_set_bitEmb: 500| 48| void conditionally_set_bit(size_t n, bool set_it) { 501| 48| const size_t which = n / (sizeof(word) * 8); 502| 48| const word mask = static_cast(set_it) << (n % (sizeof(word) * 8)); 503| 48| m_data.set_word_at(which, word_at(which) | mask); 504| 48| } _ZNK5Botan6BigInt7get_bitEm: 523| 12| bool get_bit(size_t n) const { return ((word_at(n / (sizeof(word) * 8)) >> (n % (sizeof(word) * 8))) & 1) == 1; } _ZNK5Botan6BigInt7word_atEm: 574| 924| word word_at(size_t n) const { return m_data.get_word_at(n); } _ZNK5Botan6BigInt4signEv: 604| 1.32k| Sign sign() const { return (m_signedness); } _ZN5Botan6BigInt8set_signENS0_4SignE: 625| 276| void set_sign(Sign sign) { 626| 276| if(sign == Negative && is_zero()) { ------------------ | Branch (626:13): [True: 0, False: 276] | Branch (626:33): [True: 0, False: 0] ------------------ 627| 0| sign = Positive; 628| 0| } 629| | 630| 276| m_signedness = sign; 631| 276| } _ZNK5Botan6BigInt4sizeEv: 642| 972| size_t size() const { return m_data.size(); } _ZNK5Botan6BigInt9sig_wordsEv: 648| 2.21k| size_t sig_words() const { return m_data.sig_words(); } _ZN5Botan6BigInt12mutable_dataEv: 673| 505| BOTAN_DEPRECATED("Deprecated no replacement") word* mutable_data() { return m_data.mutable_data(); } _ZNK5Botan6BigInt4dataEv: 679| 24| BOTAN_DEPRECATED("Deprecated no replacement") const word* data() const { return m_data.const_data(); } _ZNK5Botan6BigInt7grow_toEm: 699| 539| BOTAN_DEPRECATED("Deprecated no replacement") void grow_to(size_t n) const { m_data.grow_to(n); } _ZN5Botan6BigInt10power_of_2Em: 856| 12| static BigInt power_of_2(size_t n) { 857| 12| BigInt b; 858| 12| b.set_bit(n); 859| 12| return b; 860| 12| } _ZNK5Botan6BigInt8_as_spanEv: 962| 24| std::span _as_span() const { return m_data.const_span(); } _ZNK5Botan6BigInt5_dataEv: 972| 1.61k| const word* _data() const { return m_data.const_data(); } _ZN5Botan6BigInt11_from_wordsERNSt3__16vectorImNS_16secure_allocatorImEEEE: 991| 96| static BigInt _from_words(secure_vector& words) { 992| 96| BigInt bn; 993| 96| bn.m_data.swap(words); 994| 96| return bn; 995| 96| } _ZN5Botan6BigInt4Data12mutable_dataEv: 1022| 739| word* mutable_data() { 1023| 739| invalidate_sig_words(); 1024| 739| return m_reg.data(); 1025| 739| } _ZNK5Botan6BigInt4Data10const_dataEv: 1027| 2.55k| const word* const_data() const { return m_reg.data(); } _ZNK5Botan6BigInt4Data10const_spanEv: 1029| 24| std::span const_span() const { return std::span{m_reg}; } _ZNK5Botan6BigInt4Data11get_word_atEm: 1038| 924| word get_word_at(size_t n) const { 1039| 924| if(n < m_reg.size()) { ------------------ | Branch (1039:19): [True: 876, False: 48] ------------------ 1040| 876| return m_reg[n]; 1041| 876| } 1042| 48| return 0; 1043| 924| } _ZN5Botan6BigInt4Data11set_word_atEmm: 1045| 60| void set_word_at(size_t i, word w) { 1046| 60| invalidate_sig_words(); 1047| 60| if(i >= m_reg.size()) { ------------------ | Branch (1047:19): [True: 60, False: 0] ------------------ 1048| 60| if(w == 0) { ------------------ | Branch (1048:22): [True: 0, False: 60] ------------------ 1049| 0| return; 1050| 0| } 1051| 60| grow_to(i + 1); 1052| 60| } 1053| 60| m_reg[i] = w; 1054| 60| } _ZNK5Botan6BigInt4Data7grow_toEm: 1065| 605| void grow_to(size_t n) const { 1066| 605| if(n > size()) { ------------------ | Branch (1066:19): [True: 400, False: 205] ------------------ 1067| 400| if(n <= m_reg.capacity()) { ------------------ | Branch (1067:22): [True: 0, False: 400] ------------------ 1068| 0| m_reg.resize(n); 1069| 400| } else { 1070| 400| m_reg.resize(n + (8 - (n % 8))); 1071| 400| } 1072| 400| } 1073| 605| } _ZNK5Botan6BigInt4Data4sizeEv: 1075| 2.72k| size_t size() const { return m_reg.size(); } _ZN5Botan6BigInt4Data4swapERS1_: 1090| 228| void swap(Data& other) noexcept { 1091| 228| m_reg.swap(other.m_reg); 1092| 228| std::swap(m_sig_words, other.m_sig_words); 1093| 228| } _ZN5Botan6BigInt4Data4swapERNSt3__16vectorImNS_16secure_allocatorImEEEE: 1095| 168| void swap(secure_vector& reg) noexcept { 1096| 168| m_reg.swap(reg); 1097| 168| invalidate_sig_words(); 1098| 168| } _ZNK5Botan6BigInt4Data20invalidate_sig_wordsEv: 1100| 967| void invalidate_sig_words() const noexcept { m_sig_words = sig_words_npos; } _ZNK5Botan6BigInt4Data9sig_wordsEv: 1102| 2.21k| size_t sig_words() const { 1103| 2.21k| if(m_sig_words == sig_words_npos) { ------------------ | Branch (1103:19): [True: 835, False: 1.38k] ------------------ 1104| 835| m_sig_words = calc_sig_words(); 1105| 835| } 1106| 2.21k| return m_sig_words; 1107| 2.21k| } _ZN5BotanplERKNS_6BigIntES2_: 1125| 24|inline BigInt operator+(const BigInt& x, const BigInt& y) { 1126| 24| return BigInt::add2(x, y._data(), y.sig_words(), y.sign()); 1127| 24|} _ZN5BotanmiERKNS_6BigIntEm: 1141| 12|inline BigInt operator-(const BigInt& x, word y) { 1142| 12| return BigInt::add2(x, &y, 1, BigInt::Negative); 1143| 12|} _ZN5BotanmlEmRKNS_6BigIntE: 1148| 132|inline BigInt operator*(word x, const BigInt& y) { 1149| 132| return y * x; 1150| 132|} _ZN5BotaneqERKNS_6BigIntES2_: 1162| 12|inline bool operator==(const BigInt& a, const BigInt& b) { 1163| 12| return a.is_equal(b); 1164| 12|} _ZN5BotanneERKNS_6BigIntES2_: 1166| 12|inline bool operator!=(const BigInt& a, const BigInt& b) { 1167| 12| return !a.is_equal(b); 1168| 12|} _ZN5BotangeERKNS_6BigIntES2_: 1174| 24|inline bool operator>=(const BigInt& a, const BigInt& b) { 1175| 24| return (a.cmp(b) >= 0); 1176| 24|} _ZN5BotanltERKNS_6BigIntES2_: 1178| 12|inline bool operator<(const BigInt& a, const BigInt& b) { 1179| 12| return a.is_less_than(b); 1180| 12|} _ZN5BotanneERKNS_6BigIntEm: 1190| 12|inline bool operator!=(const BigInt& a, word b) { 1191| 12| return (a.cmp_word(b) != 0); 1192| 12|} _ZN5BotanltERKNS_6BigIntEm: 1202| 36|inline bool operator<(const BigInt& a, word b) { 1203| 36| return (a.cmp_word(b) < 0); 1204| 36|} _ZN5Botan6BigIntC2Ev: 45| 588| BigInt() = default; _ZN5Botan6BigIntC2ERKS0_: 88| 192| BigInt(const BigInt& other) = default; _ZN5Botan6BigIntaSERKS0_: 201| 12| BigInt& operator=(const BigInt&) = default; _ZN5Botan8CurveGFp4swapERS0_: 69| 12| void swap(CurveGFp& other) noexcept { std::swap(m_group, other.m_group); } _ZN5Botan8CurveGFpC2Ev: 62| 24| CurveGFp() = default; _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassENSt3__14spanIKhLm18446744073709551615EEE: 185| 12| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, std::span rep) { 186| 12| return add_object(type_tag, class_tag, rep.data(), rep.size()); 187| 12| } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 189| 12| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, const std::vector& rep) { 190| 12| return add_object(type_tag, class_tag, std::span{rep}); 191| 12| } _ZNK5Botan8EC_Group5_dataEv: 458| 12.6k| const std::shared_ptr& _data() const { return m_data; } _ZN5Botan8EC_PointaSEOS0_: 72| 12| EC_Point& operator=(EC_Point&& other) noexcept { 73| 12| if(this != &other) { ------------------ | Branch (73:13): [True: 12, False: 0] ------------------ 74| 12| this->swap(other); 75| 12| } 76| 12| return (*this); 77| 12| } _ZN5Botan8EC_PointD2Ev: 79| 24| ~EC_Point() = default; _ZN5Botan8EC_PointC2Ev: 46| 12| EC_Point() = default; _ZN5BotanmiERKNS_9EC_ScalarES2_: 230| 2.56k| friend EC_Scalar operator-(const EC_Scalar& x, const EC_Scalar& y) { return x.sub(y); } _ZN5BotanplERKNS_9EC_ScalarES2_: 228| 12.8k| friend EC_Scalar operator+(const EC_Scalar& x, const EC_Scalar& y) { return x.add(y); } _ZN5BotaneqERKNS_9EC_ScalarES2_: 234| 30.1k| friend bool operator==(const EC_Scalar& x, const EC_Scalar& y) { return x.is_eq(y); } _ZN5BotanmlERKNS_9EC_ScalarES2_: 232| 22.8k| friend EC_Scalar operator*(const EC_Scalar& x, const EC_Scalar& y) { return x.mul(y); } _ZNK5Botan9EC_Scalar5innerEv: 253| 174k| const EC_Scalar_Data& inner() const { return *m_scalar; } _ZN5Botan11clear_bytesEPvm: 101| 379|inline constexpr void clear_bytes(void* ptr, size_t bytes) { 102| 379| if(bytes > 0) { ------------------ | Branch (102:7): [True: 307, False: 72] ------------------ 103| 307| std::memset(ptr, 0, bytes); 104| 307| } 105| 379|} _ZN5Botan9clear_memImEEvPT_m: 118| 204|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 204| clear_bytes(ptr, sizeof(T) * n); 120| 204|} _ZN5Botan9clear_memIhEEvPT_m: 118| 79|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 79| clear_bytes(ptr, sizeof(T) * n); 120| 79|} _ZN5Botan8copy_memImQsr3stdE12is_trivial_vIu7__decayIT_EEEEvPS1_PKS1_m: 144| 120|inline constexpr void copy_mem(T* out, const T* in, size_t n) { 145| 120| BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null"); ------------------ | | 103| 120| do { \ | | 104| 120| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 240| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 120, False: 0] | | | Branch (105:23): [True: 120, False: 0] | | | Branch (105:23): [True: 120, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 120| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 120] | | ------------------ ------------------ 146| | 147| 120| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (147:7): [True: 120, False: 0] | Branch (147:24): [True: 120, False: 0] | Branch (147:42): [True: 120, False: 0] ------------------ 148| 120| std::memmove(out, in, sizeof(T) * n); 149| 120| } 150| 120|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEEmQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 25.3k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 25.3k| typecast_copy(out, std::span(&in, 1)); 201| 25.3k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEETkNS1_16contiguous_rangeENS3_IKmLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 25.3k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 25.3k| ranges::assert_equal_byte_lengths(out, in); 178| 25.3k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 25.3k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 76.2k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 76.2k| ToT dst; // NOLINT(*-member-init) 212| 76.2k| typecast_copy(dst, src); 213| 76.2k| return dst; 214| 76.2k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 76.2k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 76.2k| typecast_copy(std::span(&out, 1), in); 190| 76.2k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IKhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 76.2k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 76.2k| ranges::assert_equal_byte_lengths(out, in); 178| 76.2k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 76.2k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 5.14k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 5.14k| ranges::assert_equal_byte_lengths(out, in); 162| 5.14k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 5.14k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 5.14k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 5.14k, False: 0] ------------------ 165| 5.14k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 5.14k| } 167| 5.14k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS5_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEEES5_RKSA_: 210| 16|inline constexpr ToT typecast_copy(const FromR& src) { 211| 16| ToT dst; // NOLINT(*-member-init) 212| 16| typecast_copy(dst, src); 213| 16| return dst; 214| 16|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISC_EESD_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISJ_EEEvRSJ_RKS9_: 188| 16|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 16| typecast_copy(std::span(&out, 1), in); 190| 16|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS6_IXsr21__is_primary_templateINS7_Iu14__remove_cvrefIDTclL_ZNS9_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSF_ISN_EESO_E4type10value_typeEEEEvOSK_RKSA_: 176| 16|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 16| ranges::assert_equal_byte_lengths(out, in); 178| 16| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 16|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm18446744073709551615EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS5_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEE: 132| 96|{ 133| 96| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 96|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm4EEETkNS1_16contiguous_rangeENS2_5arrayImLm4EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 5.03k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 5.03k| ranges::assert_equal_byte_lengths(out, in); 162| 5.03k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 5.03k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 5.03k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 5.03k, False: 0] ------------------ 165| 5.03k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 5.03k| } 167| 5.03k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm6EEETkNS1_16contiguous_rangeENS2_5arrayImLm6EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 1.40k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1.40k| ranges::assert_equal_byte_lengths(out, in); 162| 1.40k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1.40k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1.40k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1.40k, False: 0] ------------------ 165| 1.40k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1.40k| } 167| 1.40k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm8EEETkNS1_16contiguous_rangeENS2_5arrayImLm8EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 1.49k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1.49k| ranges::assert_equal_byte_lengths(out, in); 162| 1.49k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1.49k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1.49k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1.49k, False: 0] ------------------ 165| 1.49k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1.49k| } 167| 1.49k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm9EEETkNS1_16contiguous_rangeENS2_5arrayImLm9EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 732|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 732| ranges::assert_equal_byte_lengths(out, in); 162| 732| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 732] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 732| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 732, False: 0] ------------------ 165| 732| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 732| } 167| 732|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm3EEETkNS1_16contiguous_rangeENS2_5arrayImLm3EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 1.19k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1.19k| ranges::assert_equal_byte_lengths(out, in); 162| 1.19k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1.19k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1.19k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1.19k, False: 0] ------------------ 165| 1.19k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1.19k| } 167| 1.19k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm28EEETkNS1_16contiguous_rangeENS3_IKhLm28EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 509|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 509| ranges::assert_equal_byte_lengths(out, in); 162| 509| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 509] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 509| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 509, False: 0] ------------------ 165| 509| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 509| } 167| 509|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm66EEETkNS1_16contiguous_rangeENS3_IKhLm66EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 366|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 366| ranges::assert_equal_byte_lengths(out, in); 162| 366| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 366] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 366| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 366, False: 0] ------------------ 165| 366| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 366| } 167| 366|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5.14k|{ 101| 5.14k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 5.14k| } else { 107| 5.14k| const size_t expected_size = s0.size_bytes(); 108| 5.14k| const bool correct_size = 109| 5.14k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 5.14k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 5.14k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 5.14k| } 115| 5.14k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEEEEmRKT_: 59| 10.2k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 10.2k| return std::span{r}.size_bytes(); 61| 10.2k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__15arrayImLm4EEEEEvRKT0_: 77| 7.55k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 7.55k| const std::span s{r}; 79| 7.55k| if constexpr(statically_spanable_range) { 80| 7.55k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 7.55k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm32EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2.00k|{ 101| 2.00k| const std::span s0{r0}; 102| | 103| 2.00k| if constexpr(statically_spanable_range) { 104| 2.00k| constexpr size_t expected_size = s0.size_bytes(); 105| 2.00k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 2.00k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEvRKT0_: 77| 50.7k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 50.7k| const std::span s{r}; 79| 50.7k| if constexpr(statically_spanable_range) { 80| 50.7k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 50.7k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm8EEETpTkNS0_14spanable_rangeEJNS3_IKmLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 25.3k|{ 101| 25.3k| const std::span s0{r0}; 102| | 103| 25.3k| if constexpr(statically_spanable_range) { 104| 25.3k| constexpr size_t expected_size = s0.size_bytes(); 105| 25.3k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 25.3k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKmLm1EEEEEvRKT0_: 77| 25.3k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 25.3k| const std::span s{r}; 79| 25.3k| if constexpr(statically_spanable_range) { 80| 25.3k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 25.3k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEmRKT_: 59| 25.3k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 25.3k| return std::span{r}.size_bytes(); 61| 25.3k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKhLm8EEEEEvRKT0_: 77| 152k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 152k| const std::span s{r}; 79| 152k| if constexpr(statically_spanable_range) { 80| 152k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 152k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 76.2k|{ 101| 76.2k| const std::span s0{r0}; 102| | 103| 76.2k| if constexpr(statically_spanable_range) { 104| 76.2k| constexpr size_t expected_size = s0.size_bytes(); 105| 76.2k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 76.2k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm1EEEEEmRKT_: 59| 76.2k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 76.2k| return std::span{r}.size_bytes(); 61| 76.2k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__15arrayIhLm8EEEEEvRKT0_: 77| 16|inline constexpr void assert_exact_byte_length(const R& r) { 78| 16| const std::span s{r}; 79| 16| if constexpr(statically_spanable_range) { 80| 16| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 16|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 16|{ 101| 16| const std::span s0{r0}; 102| | 103| 16| if constexpr(statically_spanable_range) { 104| 16| constexpr size_t expected_size = s0.size_bytes(); 105| 16| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 16|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm18446744073709551615EEEEEmRKT_: 59| 96|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 96| return std::span{r}.size_bytes(); 61| 96|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm4EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5.03k|{ 101| 5.03k| const std::span s0{r0}; 102| | 103| 5.03k| if constexpr(statically_spanable_range) { 104| 5.03k| constexpr size_t expected_size = s0.size_bytes(); 105| 5.03k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 5.03k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm4EEEEEmRKT_: 59| 10.0k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 10.0k| return std::span{r}.size_bytes(); 61| 10.0k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm6EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.40k|{ 101| 1.40k| const std::span s0{r0}; 102| | 103| 1.40k| if constexpr(statically_spanable_range) { 104| 1.40k| constexpr size_t expected_size = s0.size_bytes(); 105| 1.40k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1.40k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm48ETkNS0_14spanable_rangeENSt3__15arrayImLm6EEEEEvRKT0_: 77| 2.10k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 2.10k| const std::span s{r}; 79| 2.10k| if constexpr(statically_spanable_range) { 80| 2.10k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 2.10k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm6EEEEEmRKT_: 59| 2.81k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2.81k| return std::span{r}.size_bytes(); 61| 2.81k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm48EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 702|{ 101| 702| const std::span s0{r0}; 102| | 103| 702| if constexpr(statically_spanable_range) { 104| 702| constexpr size_t expected_size = s0.size_bytes(); 105| 702| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 702|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm8EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.49k|{ 101| 1.49k| const std::span s0{r0}; 102| | 103| 1.49k| if constexpr(statically_spanable_range) { 104| 1.49k| constexpr size_t expected_size = s0.size_bytes(); 105| 1.49k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1.49k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm64ETkNS0_14spanable_rangeENSt3__15arrayImLm8EEEEEvRKT0_: 77| 2.24k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 2.24k| const std::span s{r}; 79| 2.24k| if constexpr(statically_spanable_range) { 80| 2.24k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 2.24k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm8EEEEEmRKT_: 59| 2.99k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2.99k| return std::span{r}.size_bytes(); 61| 2.99k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm64EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 748|{ 101| 748| const std::span s0{r0}; 102| | 103| 748| if constexpr(statically_spanable_range) { 104| 748| constexpr size_t expected_size = s0.size_bytes(); 105| 748| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 748|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm9EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 732|{ 101| 732| const std::span s0{r0}; 102| | 103| 732| if constexpr(statically_spanable_range) { 104| 732| constexpr size_t expected_size = s0.size_bytes(); 105| 732| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 732|} _ZN5Botan6ranges24assert_exact_byte_lengthILm72ETkNS0_14spanable_rangeENSt3__15arrayImLm9EEEEEvRKT0_: 77| 1.09k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.09k| const std::span s{r}; 79| 1.09k| if constexpr(statically_spanable_range) { 80| 1.09k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.09k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm9EEEEEmRKT_: 59| 1.46k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 1.46k| return std::span{r}.size_bytes(); 61| 1.46k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm72EEETpTkNS0_14spanable_rangeEJNS3_ImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 366|{ 101| 366| const std::span s0{r0}; 102| | 103| 366| if constexpr(statically_spanable_range) { 104| 366| constexpr size_t expected_size = s0.size_bytes(); 105| 366| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 366|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm3EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm3EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.19k|{ 101| 1.19k| const std::span s0{r0}; 102| | 103| 1.19k| if constexpr(statically_spanable_range) { 104| 1.19k| constexpr size_t expected_size = s0.size_bytes(); 105| 1.19k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1.19k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm24ETkNS0_14spanable_rangeENSt3__15arrayImLm3EEEEEvRKT0_: 77| 1.79k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.79k| const std::span s{r}; 79| 1.79k| if constexpr(statically_spanable_range) { 80| 1.79k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.79k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm3EEEEEmRKT_: 59| 2.39k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2.39k| return std::span{r}.size_bytes(); 61| 2.39k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm24EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm3EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 599|{ 101| 599| const std::span s0{r0}; 102| | 103| 599| if constexpr(statically_spanable_range) { 104| 599| constexpr size_t expected_size = s0.size_bytes(); 105| 599| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 599|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm32EEETpTkNS0_14spanable_rangeEJNS3_ImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 509|{ 101| 509| const std::span s0{r0}; 102| | 103| 509| if constexpr(statically_spanable_range) { 104| 509| constexpr size_t expected_size = s0.size_bytes(); 105| 509| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 509|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm28EEETpTkNS0_14spanable_rangeEJNS3_IKhLm28EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 509|{ 101| 509| const std::span s0{r0}; 102| | 103| 509| if constexpr(statically_spanable_range) { 104| 509| constexpr size_t expected_size = s0.size_bytes(); 105| 509| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 509|} _ZN5Botan6ranges24assert_exact_byte_lengthILm28ETkNS0_14spanable_rangeENSt3__14spanIKhLm28EEEEEvRKT0_: 77| 509|inline constexpr void assert_exact_byte_length(const R& r) { 78| 509| const std::span s{r}; 79| 509| if constexpr(statically_spanable_range) { 80| 509| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 509|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm28EEEEEmRKT_: 59| 1.01k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 1.01k| return std::span{r}.size_bytes(); 61| 1.01k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm66EEETpTkNS0_14spanable_rangeEJNS3_IKhLm66EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 366|{ 101| 366| const std::span s0{r0}; 102| | 103| 366| if constexpr(statically_spanable_range) { 104| 366| constexpr size_t expected_size = s0.size_bytes(); 105| 366| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 366|} _ZN5Botan6ranges24assert_exact_byte_lengthILm66ETkNS0_14spanable_rangeENSt3__14spanIKhLm66EEEEEvRKT0_: 77| 366|inline constexpr void assert_exact_byte_length(const R& r) { 78| 366| const std::span s{r}; 79| 366| if constexpr(statically_spanable_range) { 80| 366| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 366|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm66EEEEEmRKT_: 59| 732|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 732| return std::span{r}.size_bytes(); 61| 732|} _ZN5Botan16secure_allocatorIhE10deallocateEPhm: 54| 86| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorIhE8allocateEm: 52| 86| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan16secure_allocatorImE10deallocateEPmm: 54| 1.10k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorImE8allocateEm: 52| 1.10k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5BotanneIhhEEbRKNS_16secure_allocatorIT_EERKNS1_IT0_EE: 63| 72|inline bool operator!=(const secure_allocator& /*a*/, const secure_allocator& /*b*/) { 64| 72| return false; 65| 72|} _ZN5BotanpLIhNS_16secure_allocatorIhEES2_EERNSt3__16vectorIT_T0_EES8_RKNS4_IS5_T1_EE: 92| 7|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 7| out.insert(out.end(), in.begin(), in.end()); 94| 7| return out; 95| 7|} _ZN5Botan18unwrap_strong_typeIRmEEDcOT_: 243| 25.3k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 25.3k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 25.3k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 25.3k|} _ZN5Botan16wrap_strong_typeImRmQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 76.2k|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 76.2k| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 76.2k| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 76.2k|} _Z4fuzzNSt3__14spanIKhLm18446744073709551615EEE: 96| 2.62k|void fuzz(std::span in) { 97| | // First byte selects the curve 98| 2.62k| if(in.empty()) { ------------------ | Branch (98:7): [True: 0, False: 2.62k] ------------------ 99| 0| return; 100| 0| } 101| | 102| 2.62k| const uint8_t curve_id = in[0]; 103| 2.62k| const auto data = in.subspan(1); 104| | 105| 2.62k| static const Botan::EC_Group p192 = Botan::EC_Group::from_name("secp192r1"); 106| 2.62k| static const Botan::EC_Group p224 = Botan::EC_Group::from_name("secp224r1"); 107| 2.62k| static const Botan::EC_Group p256 = Botan::EC_Group::from_name("secp256r1"); 108| 2.62k| static const Botan::EC_Group p384 = Botan::EC_Group::from_name("secp384r1"); 109| 2.62k| static const Botan::EC_Group p521 = Botan::EC_Group::from_name("secp521r1"); 110| 2.62k| static const Botan::EC_Group bp256 = Botan::EC_Group::from_name("brainpool256r1"); 111| 2.62k| static const Botan::EC_Group bp384 = Botan::EC_Group::from_name("brainpool384r1"); 112| 2.62k| static const Botan::EC_Group bp512 = Botan::EC_Group::from_name("brainpool512r1"); 113| 2.62k| static const Botan::EC_Group k256 = Botan::EC_Group::from_name("secp256k1"); 114| 2.62k| static const Botan::EC_Group frp256 = Botan::EC_Group::from_name("frp256v1"); 115| 2.62k| static const Botan::EC_Group sm2 = Botan::EC_Group::from_name("sm2p256v1"); 116| 2.62k| static const Botan::EC_Group numsp512 = Botan::EC_Group::from_name("numsp512d1"); 117| | 118| 2.62k| constexpr size_t total_curves = 12; 119| | 120| | // NOLINTNEXTLINE(*-avoid-c-arrays) 121| 2.62k| std::array curves{ 122| 2.62k| &p192, 123| 2.62k| &p224, 124| 2.62k| &p256, 125| 2.62k| &p384, 126| 2.62k| &p521, 127| 2.62k| &bp256, 128| 2.62k| &bp384, 129| 2.62k| &bp512, 130| 2.62k| &k256, 131| 2.62k| &frp256, 132| 2.62k| &sm2, 133| 2.62k| &numsp512, 134| 2.62k| }; 135| | 136| 2.62k| const auto& group = *curves[curve_id % total_curves]; 137| 2.62k| check_scalar_arith(group, data); 138| 2.62k|} ec_scalar.cpp:_ZN12_GLOBAL__N_118check_scalar_arithERKN5Botan8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 14| 2.62k|void check_scalar_arith(const Botan::EC_Group& group, std::span in) { 15| | // Need at least 2 scalars worth of input 16| 2.62k| const size_t scalar_bytes = group.get_order_bytes(); 17| | 18| 2.62k| if(in.size() < 2 * scalar_bytes || in.size() > 2 * 2 * scalar_bytes) { ------------------ | Branch (18:7): [True: 11, False: 2.61k] | Branch (18:39): [True: 45, False: 2.56k] ------------------ 19| 56| return; 20| 56| } 21| | 22| 2.56k| const auto a = Botan::EC_Scalar::from_bytes_mod_order(group, in.first(in.size() / 2)); 23| 2.56k| const auto b = Botan::EC_Scalar::from_bytes_mod_order(group, in.last(in.size() / 2)); 24| | 25| 2.56k| const auto one = Botan::EC_Scalar::one(group); 26| | 27| | // a - a == 0 28| 2.56k| FUZZER_ASSERT_TRUE((a - a).is_zero()); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 29| | 30| | // a + (-a) == 0 31| 2.56k| FUZZER_ASSERT_TRUE((a + a.negate()).is_zero()); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 32| | 33| | // a * 1 == a 34| 2.56k| FUZZER_ASSERT_TRUE((a * one) == a); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 35| | 36| | // a + b == b + a (commutativity) 37| 2.56k| FUZZER_ASSERT_TRUE((a + b) == (b + a)); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 38| | 39| | // a * b == b * a (commutativity) 40| 2.56k| FUZZER_ASSERT_TRUE((a * b) == (b * a)); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 41| | 42| 2.56k| if(!a.is_zero()) { ------------------ | Branch (42:7): [True: 2.49k, False: 75] ------------------ 43| 2.49k| const auto a_inv = a.invert(); 44| 2.49k| const auto a_inv_vt = a.invert_vartime(); 45| | 46| | // invert and invert_vartime agree 47| 2.49k| FUZZER_ASSERT_TRUE(a_inv == a_inv_vt); ------------------ | | 89| 2.49k| do { \ | | 90| 2.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.49k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.49k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.49k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.49k] | | ------------------ ------------------ 48| | 49| | // a * a^-1 == 1 50| 2.49k| FUZZER_ASSERT_TRUE((a * a_inv) == one); ------------------ | | 89| 2.49k| do { \ | | 90| 2.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.49k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.49k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.49k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.49k] | | ------------------ ------------------ 51| | 52| | // (a^-1)^-1 == a 53| 2.49k| FUZZER_ASSERT_TRUE(a_inv.invert() == a); ------------------ | | 89| 2.49k| do { \ | | 90| 2.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.49k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.49k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.49k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.49k] | | ------------------ ------------------ 54| 2.49k| } 55| | 56| 2.56k| if(!b.is_zero()) { ------------------ | Branch (56:7): [True: 2.44k, False: 124] ------------------ 57| 2.44k| const auto b_inv = b.invert(); 58| 2.44k| const auto b_inv_vt = b.invert_vartime(); 59| | 60| 2.44k| FUZZER_ASSERT_TRUE(b_inv == b_inv_vt); ------------------ | | 89| 2.44k| do { \ | | 90| 2.44k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.44k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.44k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.44k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.44k] | | ------------------ ------------------ 61| 2.44k| FUZZER_ASSERT_TRUE((b * b_inv) == one); ------------------ | | 89| 2.44k| do { \ | | 90| 2.44k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.44k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.44k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.44k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.44k] | | ------------------ ------------------ 62| 2.44k| } 63| | 64| | // (a + b) * c == a*c + b*c for c = a (distributivity, reusing a as c) 65| 2.56k| FUZZER_ASSERT_TRUE((a + b) * a == (a * a + b * a)); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 66| | 67| | // square_self: a^2 == a * a 68| 2.56k| auto a_sq = Botan::EC_Scalar(a); 69| 2.56k| a_sq.square_self(); 70| 2.56k| FUZZER_ASSERT_TRUE(a_sq == (a * a)); ------------------ | | 89| 2.56k| do { \ | | 90| 2.56k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.56k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.56k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.56k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.56k] | | ------------------ ------------------ 71| | 72| | /* 73| | Serialization round-trip tests 74| | 75| | The value of zero can be serialized but *not* deserialized 76| | */ 77| 2.56k| if(!a.is_zero()) { ------------------ | Branch (77:7): [True: 2.49k, False: 75] ------------------ 78| 2.49k| std::vector a_bytes(scalar_bytes); 79| 2.49k| a.serialize_to(a_bytes); 80| 2.49k| const auto a_rt = Botan::EC_Scalar::deserialize(group, a_bytes); 81| 2.49k| FUZZER_ASSERT_TRUE(a_rt.has_value()); ------------------ | | 89| 2.49k| do { \ | | 90| 2.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.49k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.49k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.49k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.49k] | | ------------------ ------------------ 82| 2.49k| FUZZER_ASSERT_TRUE(a_rt.value() == a); ------------------ | | 89| 2.49k| do { \ | | 90| 2.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.49k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.49k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.49k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.49k] | | ------------------ ------------------ 83| 2.49k| } 84| | 85| 2.56k| if(!b.is_zero()) { ------------------ | Branch (85:7): [True: 2.44k, False: 124] ------------------ 86| 2.44k| std::vector b_bytes(scalar_bytes); 87| 2.44k| b.serialize_to(b_bytes); 88| 2.44k| const auto b_rt = Botan::EC_Scalar::deserialize(group, b_bytes); 89| 2.44k| FUZZER_ASSERT_TRUE(b_rt.has_value()); ------------------ | | 89| 2.44k| do { \ | | 90| 2.44k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.44k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.44k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.44k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.44k] | | ------------------ ------------------ 90| 2.44k| FUZZER_ASSERT_TRUE(b_rt.value() == b); ------------------ | | 89| 2.44k| do { \ | | 90| 2.44k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 91| 2.44k| if(!(e)) { \ | | ------------------ | | | Branch (91:10): [True: 0, False: 2.44k] | | ------------------ | | 92| 0| FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \ | | ------------------ | | | | 70| 0| do { \ | | | | 71| 0| std::cerr << expr << " @ Line " << __LINE__ << " in " << __FILE__ << "\n"; /* NOLINT(*-macro-paren*) */ \ | | | | 72| 0| abort(); \ | | | | 73| 0| } while(0) | | | | ------------------ | | | | | Branch (73:12): [Folded, False: 0] | | | | ------------------ | | ------------------ | | 93| 0| } \ | | 94| 2.44k| } while(0) | | ------------------ | | | Branch (94:12): [Folded, False: 2.44k] | | ------------------ ------------------ 91| 2.44k| } 92| 2.56k|} LLVMFuzzerInitialize: 28| 2|extern "C" int LLVMFuzzerInitialize(int* /*argc*/, char*** /*argv*/) { 29| | /* 30| | * This disables the mlock pool, as overwrites within the pool are 31| | * opaque to ASan or other instrumentation. 32| | */ 33| 2| ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1); 34| 2| return 0; 35| 2|} LLVMFuzzerTestOneInput: 39| 2.63k|extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len) { 40| 2.63k| if(len <= max_fuzzer_input_size) { ------------------ | Branch (40:7): [True: 2.62k, False: 8] ------------------ 41| 2.62k| try { 42| 2.62k| fuzz(std::span(in, len)); 43| 2.62k| } catch(const std::exception& e) { 44| 0| std::cerr << "Uncaught exception from fuzzer driver " << e.what() << "\n"; 45| 0| abort(); 46| 0| } catch(...) { 47| 0| std::cerr << "Uncaught exception from fuzzer driver (unknown type)\n"; 48| 0| abort(); 49| 0| } 50| 2.62k| } 51| 2.63k| return 0; 52| 2.63k|} _ZN5Botan3OID9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 72| 12|std::optional OID::from_name(std::string_view name) { 73| 12| if(name.empty()) { ------------------ | Branch (73:7): [True: 0, False: 12] ------------------ 74| 0| throw Invalid_Argument("OID::from_name argument must be non-empty"); 75| 0| } 76| | 77| 12| OID o = OID_Map::global_registry().str2oid(name); 78| 12| if(o.has_value()) { ------------------ | Branch (78:7): [True: 12, False: 0] ------------------ 79| 12| return std::optional(o); 80| 12| } 81| | 82| 0| return std::nullopt; 83| 12|} _ZN5Botan3OIDC2ESt16initializer_listIjE: 104| 196|OID::OID(std::initializer_list init) : m_id(init) { 105| 196| oid_valid_check(m_id); 106| 196|} _ZNK5Botan3OID19human_name_or_emptyEv: 147| 12|std::string OID::human_name_or_empty() const { 148| 12| return OID_Map::global_registry().oid2str(*this); 149| 12|} _ZNK5Botan3OID7matchesESt16initializer_listIjE: 155| 12|bool OID::matches(std::initializer_list other) const { 156| | // TODO: once all target compilers support it, use std::ranges::equal 157| 12| return std::equal(m_id.begin(), m_id.end(), other.begin(), other.end()); 158| 12|} _ZNK5Botan3OID9hash_codeEv: 160| 16|uint64_t OID::hash_code() const { 161| | // If this is changed also update gen_oids.py to match 162| 16| uint64_t hash = 0x621F302327D9A49A; 163| 119| for(auto id : m_id) { ------------------ | Branch (163:16): [True: 119, False: 16] ------------------ 164| 119| hash *= 193; 165| 119| hash += id; 166| 119| } 167| 16| return hash; 168| 16|} _ZNK5Botan3OID11encode_intoERNS_11DER_EncoderE: 183| 12|void OID::encode_into(DER_Encoder& der) const { 184| 12| if(m_id.size() < 2) { ------------------ | Branch (184:7): [True: 0, False: 12] ------------------ 185| 0| throw Invalid_Argument("OID::encode_into: OID is invalid"); 186| 0| } 187| | 188| 12| auto append = [](std::vector& encoding, uint32_t z) { 189| 12| if(z <= 0x7F) { 190| 12| encoding.push_back(static_cast(z)); 191| 12| } else { 192| 12| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 12| for(size_t j = 0; j != z7; ++j) { 195| 12| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 12| if(j != z7 - 1) { 198| 12| zp |= 0x80; 199| 12| } 200| | 201| 12| encoding.push_back(zp); 202| 12| } 203| 12| } 204| 12| }; 205| | 206| 12| std::vector encoding; 207| | 208| | // We know 40 * root can't overflow because root is between 0 and 2 209| 12| auto first = checked_add(40 * m_id[0], m_id[1]); 210| 12| BOTAN_ASSERT_NOMSG(first.has_value()); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 211| | 212| 12| append(encoding, *first); 213| | 214| 75| for(size_t i = 2; i != m_id.size(); ++i) { ------------------ | Branch (214:22): [True: 63, False: 12] ------------------ 215| 63| append(encoding, m_id[i]); 216| 63| } 217| 12| der.add_object(ASN1_Type::ObjectId, ASN1_Class::Universal, encoding); 218| 12|} asn1_oid.cpp:_ZN5Botan12_GLOBAL__N_115oid_valid_checkENSt3__14spanIKjLm18446744073709551615EEE: 26| 196|void oid_valid_check(std::span oid) { 27| 196| BOTAN_ARG_CHECK(oid.size() >= 2, "OID too short to be valid"); ------------------ | | 35| 196| do { \ | | 36| 196| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 196| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 196] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 196| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 196] | | ------------------ ------------------ 28| 196| BOTAN_ARG_CHECK(oid[0] <= 2, "OID root out of range"); ------------------ | | 35| 196| do { \ | | 36| 196| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 196| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 196] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 196| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 196] | | ------------------ ------------------ 29| 196| BOTAN_ARG_CHECK(oid[1] <= 39 || oid[0] == 2, "OID second arc too large"); ------------------ | | 35| 196| do { \ | | 36| 196| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 196| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 196, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 196| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 196] | | ------------------ ------------------ 30| | // This last is a limitation of using 32 bit integers when decoding 31| | // not a limitation of ASN.1 object identifiers in general 32| 196| BOTAN_ARG_CHECK(oid[1] <= 0xFFFFFFAF, "OID second arc too large"); ------------------ | | 35| 196| do { \ | | 36| 196| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 196| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 196] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 196| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 196] | | ------------------ ------------------ 33| 196|} asn1_oid.cpp:_ZZNK5Botan3OID11encode_intoERNS_11DER_EncoderEENK3$_0clERNSt3__16vectorIhNS4_9allocatorIhEEEEj: 188| 75| auto append = [](std::vector& encoding, uint32_t z) { 189| 75| if(z <= 0x7F) { ------------------ | Branch (189:10): [True: 60, False: 15] ------------------ 190| 60| encoding.push_back(static_cast(z)); 191| 60| } else { 192| 15| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 46| for(size_t j = 0; j != z7; ++j) { ------------------ | Branch (194:28): [True: 31, False: 15] ------------------ 195| 31| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 31| if(j != z7 - 1) { ------------------ | Branch (197:16): [True: 16, False: 15] ------------------ 198| 16| zp |= 0x80; 199| 16| } 200| | 201| 31| encoding.push_back(zp); 202| 31| } 203| 15| } 204| 75| }; _ZN5Botan11DER_EncoderC2ERNSt3__16vectorIhNS1_9allocatorIhEEEE: 72| 12|DER_Encoder::DER_Encoder(std::vector& vec) { 73| 12| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; 74| 12|} _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassEPKhm: 244| 12|DER_Encoder& DER_Encoder::add_object(ASN1_Type type_tag, ASN1_Class class_tag, const uint8_t rep[], size_t length) { 245| 12| std::vector hdr; 246| 12| encode_tag(hdr, type_tag, class_tag); 247| 12| encode_length(hdr, length); 248| | 249| 12| if(!m_subsequences.empty()) { ------------------ | Branch (249:7): [True: 0, False: 12] ------------------ 250| 0| m_subsequences[m_subsequences.size() - 1].add_bytes(hdr.data(), hdr.size(), rep, length); 251| 12| } else if(m_append_output) { ------------------ | Branch (251:14): [True: 12, False: 0] ------------------ 252| 12| m_append_output(hdr.data(), hdr.size()); 253| 12| m_append_output(rep, length); 254| 12| } else { 255| 0| m_default_outbuf += hdr; 256| 0| m_default_outbuf += std::make_pair(rep, length); 257| 0| } 258| | 259| 12| return (*this); 260| 12|} _ZN5Botan11DER_Encoder6encodeERKNS_11ASN1_ObjectE: 365| 12|DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) { 366| 12| obj.encode_into(*this); 367| 12| return (*this); 368| 12|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_110encode_tagERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeENS_10ASN1_ClassE: 25| 12|void encode_tag(std::vector& encoded_tag, ASN1_Type type_tag_e, ASN1_Class class_tag_e) { 26| 12| const uint32_t type_tag = static_cast(type_tag_e); 27| 12| const uint32_t class_tag = static_cast(class_tag_e); 28| | 29| 12| if((class_tag | 0xE0) != 0xE0) { ------------------ | Branch (29:7): [True: 0, False: 12] ------------------ 30| 0| throw Encoding_Error(fmt("DER_Encoder: Invalid class tag {}", std::to_string(class_tag))); 31| 0| } 32| | 33| 12| if(type_tag <= 30) { ------------------ | Branch (33:7): [True: 12, False: 0] ------------------ 34| 12| encoded_tag.push_back(static_cast(type_tag | class_tag)); 35| 12| } else { 36| 0| size_t blocks = high_bit(static_cast(type_tag)) + 6; 37| 0| blocks = (blocks - (blocks % 7)) / 7; 38| | 39| 0| BOTAN_ASSERT_NOMSG(blocks > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 40| | 41| 0| encoded_tag.push_back(static_cast(class_tag | 0x1F)); 42| 0| for(size_t i = 0; i != blocks - 1; ++i) { ------------------ | Branch (42:25): [True: 0, False: 0] ------------------ 43| 0| encoded_tag.push_back(0x80 | ((type_tag >> 7 * (blocks - i - 1)) & 0x7F)); 44| 0| } 45| 0| encoded_tag.push_back(type_tag & 0x7F); 46| 0| } 47| 12|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_113encode_lengthERNSt3__16vectorIhNS1_9allocatorIhEEEEm: 52| 12|void encode_length(std::vector& encoded_length, size_t length) { 53| 12| if(length <= 127) { ------------------ | Branch (53:7): [True: 12, False: 0] ------------------ 54| 12| encoded_length.push_back(static_cast(length)); 55| 12| } else { 56| 0| const size_t bytes_needed = significant_bytes(length); 57| | 58| 0| encoded_length.push_back(static_cast(0x80 | bytes_needed)); 59| | 60| 0| for(size_t i = sizeof(length) - bytes_needed; i < sizeof(length); ++i) { ------------------ | Branch (60:53): [True: 0, False: 0] ------------------ 61| 0| encoded_length.push_back(get_byte_var(i, length)); 62| 0| } 63| 0| } 64| 12|} der_enc.cpp:_ZZN5Botan11DER_EncoderC1ERNSt3__16vectorIhNS1_9allocatorIhEEEEENK3$_0clEPKhm: 73| 24| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; _ZN5Botan7OID_MapC2Ev: 11| 1|OID_Map::OID_Map() { 12| 1| m_str2oid = OID_Map::load_str2oid_map(); 13| 1| m_oid2str = OID_Map::load_oid2str_map(); 14| 1|} _ZN5Botan7OID_Map15global_registryEv: 16| 24|OID_Map& OID_Map::global_registry() { 17| 24| static OID_Map g_map; 18| 24| return g_map; 19| 24|} _ZN5Botan7OID_Map7oid2strERKNS_3OIDE: 69| 12|std::string OID_Map::oid2str(const OID& oid) { 70| 12| if(auto name = lookup_static_oid(oid)) { ------------------ | Branch (70:12): [True: 12, False: 0] ------------------ 71| 12| return std::string(*name); 72| 12| } 73| | 74| 0| const lock_guard_type lock(m_mutex); 75| | 76| 0| auto i = m_oid2str.find(oid); 77| 0| if(i != m_oid2str.end()) { ------------------ | Branch (77:7): [True: 0, False: 0] ------------------ 78| 0| return i->second; 79| 0| } 80| | 81| 0| return ""; 82| 0|} _ZN5Botan7OID_Map7str2oidENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 84| 12|OID OID_Map::str2oid(std::string_view str) { 85| 12| if(auto oid = lookup_static_oid_name(str)) { ------------------ | Branch (85:12): [True: 12, False: 0] ------------------ 86| 12| return std::move(*oid); 87| 12| } 88| | 89| 0| const lock_guard_type lock(m_mutex); 90| 0| auto i = m_str2oid.find(std::string(str)); 91| 0| if(i != m_str2oid.end()) { ------------------ | Branch (91:7): [True: 0, False: 0] ------------------ 92| 0| return i->second; 93| 0| } 94| | 95| 0| return OID(); 96| 0|} _ZN5Botan7OID_Map17lookup_static_oidERKNS_3OIDE: 48| 12|std::optional OID_Map::lookup_static_oid(const OID& oid) { 49| 12| const uint32_t hc = static_cast(oid.hash_code() % 858701); 50| | 51| 12| switch(hc) { 52| 0| case 0x01506: ------------------ | Branch (52:7): [True: 0, False: 12] ------------------ 53| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 1}, "ECDSA/SHA-224"); 54| 0| case 0x01507: ------------------ | Branch (54:7): [True: 0, False: 12] ------------------ 55| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 2}, "ECDSA/SHA-256"); 56| 0| case 0x01508: ------------------ | Branch (56:7): [True: 0, False: 12] ------------------ 57| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 3}, "ECDSA/SHA-384"); 58| 0| case 0x01509: ------------------ | Branch (58:7): [True: 0, False: 12] ------------------ 59| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 4}, "ECDSA/SHA-512"); 60| 0| case 0x04C1E: ------------------ | Branch (60:7): [True: 0, False: 12] ------------------ 61| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}, "ElGamal"); 62| 0| case 0x04E61: ------------------ | Branch (62:7): [True: 0, False: 12] ------------------ 63| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}, "OpenPGP.Curve25519"); 64| 0| case 0x0779B: ------------------ | Branch (64:7): [True: 0, False: 12] ------------------ 65| 0| return if_match(oid, {1, 2, 840, 113549, 2, 5}, "MD5"); 66| 0| case 0x0779D: ------------------ | Branch (66:7): [True: 0, False: 12] ------------------ 67| 0| return if_match(oid, {1, 2, 840, 113549, 2, 7}, "HMAC(SHA-1)"); 68| 0| case 0x0779E: ------------------ | Branch (68:7): [True: 0, False: 12] ------------------ 69| 0| return if_match(oid, {1, 2, 840, 113549, 2, 8}, "HMAC(SHA-224)"); 70| 0| case 0x0779F: ------------------ | Branch (70:7): [True: 0, False: 12] ------------------ 71| 0| return if_match(oid, {1, 2, 840, 113549, 2, 9}, "HMAC(SHA-256)"); 72| 0| case 0x077A0: ------------------ | Branch (72:7): [True: 0, False: 12] ------------------ 73| 0| return if_match(oid, {1, 2, 840, 113549, 2, 10}, "HMAC(SHA-384)"); 74| 0| case 0x077A1: ------------------ | Branch (74:7): [True: 0, False: 12] ------------------ 75| 0| return if_match(oid, {1, 2, 840, 113549, 2, 11}, "HMAC(SHA-512)"); 76| 0| case 0x077A3: ------------------ | Branch (76:7): [True: 0, False: 12] ------------------ 77| 0| return if_match(oid, {1, 2, 840, 113549, 2, 13}, "HMAC(SHA-512-256)"); 78| 0| case 0x0785E: ------------------ | Branch (78:7): [True: 0, False: 12] ------------------ 79| 0| return if_match(oid, {1, 2, 840, 113549, 3, 7}, "TripleDES/CBC"); 80| 0| case 0x0C904: ------------------ | Branch (80:7): [True: 0, False: 12] ------------------ 81| 0| return if_match(oid, {1, 0, 14888, 3, 0, 5}, "ECKCDSA"); 82| 0| case 0x11547: ------------------ | Branch (82:7): [True: 0, False: 12] ------------------ 83| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}, "SphincsPlus-shake-128s-r3.1"); 84| 0| case 0x11548: ------------------ | Branch (84:7): [True: 0, False: 12] ------------------ 85| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}, "SphincsPlus-shake-128f-r3.1"); 86| 0| case 0x11549: ------------------ | Branch (86:7): [True: 0, False: 12] ------------------ 87| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}, "SphincsPlus-shake-192s-r3.1"); 88| 0| case 0x1154A: ------------------ | Branch (88:7): [True: 0, False: 12] ------------------ 89| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}, "SphincsPlus-shake-192f-r3.1"); 90| 0| case 0x1154B: ------------------ | Branch (90:7): [True: 0, False: 12] ------------------ 91| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}, "SphincsPlus-shake-256s-r3.1"); 92| 0| case 0x1154C: ------------------ | Branch (92:7): [True: 0, False: 12] ------------------ 93| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}, "SphincsPlus-shake-256f-r3.1"); 94| 0| case 0x11608: ------------------ | Branch (94:7): [True: 0, False: 12] ------------------ 95| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}, "SphincsPlus-sha2-128s-r3.1"); 96| 0| case 0x11609: ------------------ | Branch (96:7): [True: 0, False: 12] ------------------ 97| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}, "SphincsPlus-sha2-128f-r3.1"); 98| 0| case 0x1160A: ------------------ | Branch (98:7): [True: 0, False: 12] ------------------ 99| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}, "SphincsPlus-sha2-192s-r3.1"); 100| 0| case 0x1160B: ------------------ | Branch (100:7): [True: 0, False: 12] ------------------ 101| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}, "SphincsPlus-sha2-192f-r3.1"); 102| 0| case 0x1160C: ------------------ | Branch (102:7): [True: 0, False: 12] ------------------ 103| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}, "SphincsPlus-sha2-256s-r3.1"); 104| 0| case 0x1160D: ------------------ | Branch (104:7): [True: 0, False: 12] ------------------ 105| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}, "SphincsPlus-sha2-256f-r3.1"); 106| 0| case 0x116C9: ------------------ | Branch (106:7): [True: 0, False: 12] ------------------ 107| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}, "SphincsPlus-haraka-128s-r3.1"); 108| 0| case 0x116CA: ------------------ | Branch (108:7): [True: 0, False: 12] ------------------ 109| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}, "SphincsPlus-haraka-128f-r3.1"); 110| 0| case 0x116CB: ------------------ | Branch (110:7): [True: 0, False: 12] ------------------ 111| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}, "SphincsPlus-haraka-192s-r3.1"); 112| 0| case 0x116CC: ------------------ | Branch (112:7): [True: 0, False: 12] ------------------ 113| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}, "SphincsPlus-haraka-192f-r3.1"); 114| 0| case 0x116CD: ------------------ | Branch (114:7): [True: 0, False: 12] ------------------ 115| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}, "SphincsPlus-haraka-256s-r3.1"); 116| 0| case 0x116CE: ------------------ | Branch (116:7): [True: 0, False: 12] ------------------ 117| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}, "SphincsPlus-haraka-256f-r3.1"); 118| 0| case 0x1533B: ------------------ | Branch (118:7): [True: 0, False: 12] ------------------ 119| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 2}, "SM4/CBC"); 120| 0| case 0x15341: ------------------ | Branch (120:7): [True: 0, False: 12] ------------------ 121| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 8}, "SM4/GCM"); 122| 0| case 0x1539D: ------------------ | Branch (122:7): [True: 0, False: 12] ------------------ 123| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 100}, "SM4/OCB"); 124| 0| case 0x187D7: ------------------ | Branch (124:7): [True: 0, False: 12] ------------------ 125| 0| return if_match(oid, {1, 3, 14, 3, 2, 7}, "DES/CBC"); 126| 0| case 0x187EA: ------------------ | Branch (126:7): [True: 0, False: 12] ------------------ 127| 0| return if_match(oid, {1, 3, 14, 3, 2, 26}, "SHA-1"); 128| 0| case 0x19933: ------------------ | Branch (128:7): [True: 0, False: 12] ------------------ 129| 0| return if_match(oid, {1, 3, 132, 0, 8}, "secp160r1"); 130| 0| case 0x19934: ------------------ | Branch (130:7): [True: 0, False: 12] ------------------ 131| 0| return if_match(oid, {1, 3, 132, 0, 9}, "secp160k1"); 132| 1| case 0x19935: ------------------ | Branch (132:7): [True: 1, False: 11] ------------------ 133| 1| return if_match(oid, {1, 3, 132, 0, 10}, "secp256k1"); 134| 0| case 0x19949: ------------------ | Branch (134:7): [True: 0, False: 12] ------------------ 135| 0| return if_match(oid, {1, 3, 132, 0, 30}, "secp160r2"); 136| 0| case 0x1994A: ------------------ | Branch (136:7): [True: 0, False: 12] ------------------ 137| 0| return if_match(oid, {1, 3, 132, 0, 31}, "secp192k1"); 138| 0| case 0x1994B: ------------------ | Branch (138:7): [True: 0, False: 12] ------------------ 139| 0| return if_match(oid, {1, 3, 132, 0, 32}, "secp224k1"); 140| 1| case 0x1994C: ------------------ | Branch (140:7): [True: 1, False: 11] ------------------ 141| 1| return if_match(oid, {1, 3, 132, 0, 33}, "secp224r1"); 142| 1| case 0x1994D: ------------------ | Branch (142:7): [True: 1, False: 11] ------------------ 143| 1| return if_match(oid, {1, 3, 132, 0, 34}, "secp384r1"); 144| 1| case 0x1994E: ------------------ | Branch (144:7): [True: 1, False: 11] ------------------ 145| 1| return if_match(oid, {1, 3, 132, 0, 35}, "secp521r1"); 146| 0| case 0x199F8: ------------------ | Branch (146:7): [True: 0, False: 12] ------------------ 147| 0| return if_match(oid, {1, 3, 132, 1, 12}, "ECDH"); 148| 0| case 0x1E7BF: ------------------ | Branch (148:7): [True: 0, False: 12] ------------------ 149| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 1}, "SM2"); 150| 0| case 0x1E7C0: ------------------ | Branch (150:7): [True: 0, False: 12] ------------------ 151| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 2}, "SM2_Kex"); 152| 0| case 0x1E7C1: ------------------ | Branch (152:7): [True: 0, False: 12] ------------------ 153| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 3}, "SM2_Enc"); 154| 0| case 0x21960: ------------------ | Branch (154:7): [True: 0, False: 12] ------------------ 155| 0| return if_match(oid, {1, 3, 36, 3, 3, 1, 2}, "RSA/PKCS1v15(RIPEMD-160)"); 156| 0| case 0x2198A: ------------------ | Branch (156:7): [True: 0, False: 12] ------------------ 157| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 10}, "CAST-128/CBC"); 158| 0| case 0x2198F: ------------------ | Branch (158:7): [True: 0, False: 12] ------------------ 159| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 15}, "KeyWrap.CAST-128"); 160| 0| case 0x227C0: ------------------ | Branch (160:7): [True: 0, False: 12] ------------------ 161| 0| return if_match(oid, {1, 3, 101, 110}, "X25519"); 162| 0| case 0x227C1: ------------------ | Branch (162:7): [True: 0, False: 12] ------------------ 163| 0| return if_match(oid, {1, 3, 101, 111}, "X448"); 164| 0| case 0x227C2: ------------------ | Branch (164:7): [True: 0, False: 12] ------------------ 165| 0| return if_match(oid, {1, 3, 101, 112}, "Ed25519"); 166| 0| case 0x227C3: ------------------ | Branch (166:7): [True: 0, False: 12] ------------------ 167| 0| return if_match(oid, {1, 3, 101, 113}, "Ed448"); 168| 0| case 0x27565: ------------------ | Branch (168:7): [True: 0, False: 12] ------------------ 169| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}, "PKIX.OCSP.BasicResponse"); 170| 0| case 0x27569: ------------------ | Branch (170:7): [True: 0, False: 12] ------------------ 171| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}, "PKIX.OCSP.NoCheck"); 172| 0| case 0x29F7C: ------------------ | Branch (172:7): [True: 0, False: 12] ------------------ 173| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 3}, "ECKCDSA/SHA-1"); 174| 0| case 0x29F7D: ------------------ | Branch (174:7): [True: 0, False: 12] ------------------ 175| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 4}, "ECKCDSA/SHA-224"); 176| 0| case 0x29F7E: ------------------ | Branch (176:7): [True: 0, False: 12] ------------------ 177| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 5}, "ECKCDSA/SHA-256"); 178| 0| case 0x2AC3B: ------------------ | Branch (178:7): [True: 0, False: 12] ------------------ 179| 0| return if_match(oid, {2, 5, 29, 32, 0}, "X509v3.AnyPolicy"); 180| 0| case 0x2B000: ------------------ | Branch (180:7): [True: 0, False: 12] ------------------ 181| 0| return if_match(oid, {2, 5, 29, 37, 0}, "X509v3.AnyExtendedKeyUsage"); 182| 0| case 0x2B5C9: ------------------ | Branch (182:7): [True: 0, False: 12] ------------------ 183| 0| return if_match(oid, {1, 2, 840, 10045, 2, 1}, "ECDSA"); 184| 0| case 0x2B74B: ------------------ | Branch (184:7): [True: 0, False: 12] ------------------ 185| 0| return if_match(oid, {1, 2, 840, 10045, 4, 1}, "ECDSA/SHA-1"); 186| 0| case 0x3474A: ------------------ | Branch (186:7): [True: 0, False: 12] ------------------ 187| 0| return if_match(oid, {1, 2, 840, 10046, 2, 1}, "DH"); 188| 0| case 0x38D6D: ------------------ | Branch (188:7): [True: 0, False: 12] ------------------ 189| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 1}, "gost_256A"); 190| 0| case 0x38D6E: ------------------ | Branch (190:7): [True: 0, False: 12] ------------------ 191| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 2}, "gost_256B"); 192| 0| case 0x38E2E: ------------------ | Branch (192:7): [True: 0, False: 12] ------------------ 193| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 1}, "gost_512A"); 194| 0| case 0x38E2F: ------------------ | Branch (194:7): [True: 0, False: 12] ------------------ 195| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 2}, "gost_512B"); 196| 0| case 0x38F2C: ------------------ | Branch (196:7): [True: 0, False: 12] ------------------ 197| 0| return if_match(oid, {1, 2, 643, 2, 2, 3}, "GOST-34.10/GOST-R-34.11-94"); 198| 0| case 0x38F3C: ------------------ | Branch (198:7): [True: 0, False: 12] ------------------ 199| 0| return if_match(oid, {1, 2, 643, 2, 2, 19}, "GOST-34.10"); 200| 0| case 0x3D7B8: ------------------ | Branch (200:7): [True: 0, False: 12] ------------------ 201| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 6}, "Camellia-128/GCM"); 202| 0| case 0x3D7CC: ------------------ | Branch (202:7): [True: 0, False: 12] ------------------ 203| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 26}, "Camellia-192/GCM"); 204| 0| case 0x3D7E0: ------------------ | Branch (204:7): [True: 0, False: 12] ------------------ 205| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 46}, "Camellia-256/GCM"); 206| 0| case 0x3F20F: ------------------ | Branch (206:7): [True: 0, False: 12] ------------------ 207| 0| return if_match(oid, {1, 3, 36, 3, 2, 1}, "RIPEMD-160"); 208| 0| case 0x4266E: ------------------ | Branch (208:7): [True: 0, False: 12] ------------------ 209| 0| return if_match(oid, {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}, "XMSS"); 210| 0| case 0x478C4: ------------------ | Branch (210:7): [True: 0, False: 12] ------------------ 211| 0| return if_match(oid, {1, 2, 410, 200004, 1, 4}, "SEED/CBC"); 212| 1| case 0x47D98: ------------------ | Branch (212:7): [True: 1, False: 11] ------------------ 213| 1| return if_match(oid, {1, 2, 156, 10197, 1, 301}, "sm2p256v1"); 214| 0| case 0x47DFC: ------------------ | Branch (214:7): [True: 0, False: 12] ------------------ 215| 0| return if_match(oid, {1, 2, 156, 10197, 1, 401}, "SM3"); 216| 0| case 0x47E60: ------------------ | Branch (216:7): [True: 0, False: 12] ------------------ 217| 0| return if_match(oid, {1, 2, 156, 10197, 1, 501}, "SM2_Sig/SM3"); 218| 0| case 0x47E63: ------------------ | Branch (218:7): [True: 0, False: 12] ------------------ 219| 0| return if_match(oid, {1, 2, 156, 10197, 1, 504}, "RSA/PKCS1v15(SM3)"); 220| 0| case 0x52B13: ------------------ | Branch (220:7): [True: 0, False: 12] ------------------ 221| 0| return if_match(oid, {1, 2, 643, 3, 131, 1, 1}, "GOST.INN"); 222| 1| case 0x635AE: ------------------ | Branch (222:7): [True: 1, False: 11] ------------------ 223| 1| return if_match(oid, {1, 2, 250, 1, 223, 101, 256, 1}, "frp256v1"); 224| 0| case 0x6A784: ------------------ | Branch (224:7): [True: 0, False: 12] ------------------ 225| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 1}, "PKCS12.KeyBag"); 226| 0| case 0x6A785: ------------------ | Branch (226:7): [True: 0, False: 12] ------------------ 227| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 2}, "PKCS12.PKCS8ShroudedKeyBag"); 228| 0| case 0x6A786: ------------------ | Branch (228:7): [True: 0, False: 12] ------------------ 229| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 3}, "PKCS12.CertBag"); 230| 0| case 0x6A787: ------------------ | Branch (230:7): [True: 0, False: 12] ------------------ 231| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 4}, "PKCS12.CRLBag"); 232| 0| case 0x6A788: ------------------ | Branch (232:7): [True: 0, False: 12] ------------------ 233| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 5}, "PKCS12.SecretBag"); 234| 0| case 0x6A789: ------------------ | Branch (234:7): [True: 0, False: 12] ------------------ 235| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 6}, "PKCS12.SafeContentsBag"); 236| 0| case 0x6EB86: ------------------ | Branch (236:7): [True: 0, False: 12] ------------------ 237| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}, "GOST-34.10-2012-256/SHA-256"); 238| 0| case 0x6EC47: ------------------ | Branch (238:7): [True: 0, False: 12] ------------------ 239| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}, "Kyber-512-r3"); 240| 0| case 0x6EC48: ------------------ | Branch (240:7): [True: 0, False: 12] ------------------ 241| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}, "Kyber-768-r3"); 242| 0| case 0x6EC49: ------------------ | Branch (242:7): [True: 0, False: 12] ------------------ 243| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}, "Kyber-1024-r3"); 244| 0| case 0x6EDC9: ------------------ | Branch (244:7): [True: 0, False: 12] ------------------ 245| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}, "Dilithium-4x4-r3"); 246| 0| case 0x6EDCA: ------------------ | Branch (246:7): [True: 0, False: 12] ------------------ 247| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}, "Dilithium-6x5-r3"); 248| 0| case 0x6EDCB: ------------------ | Branch (248:7): [True: 0, False: 12] ------------------ 249| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}, "Dilithium-8x7-r3"); 250| 0| case 0x6EE8A: ------------------ | Branch (250:7): [True: 0, False: 12] ------------------ 251| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}, "Dilithium-4x4-AES-r3"); 252| 0| case 0x6EE8B: ------------------ | Branch (252:7): [True: 0, False: 12] ------------------ 253| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}, "Dilithium-6x5-AES-r3"); 254| 0| case 0x6EE8C: ------------------ | Branch (254:7): [True: 0, False: 12] ------------------ 255| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}, "Dilithium-8x7-AES-r3"); 256| 0| case 0x6EF4B: ------------------ | Branch (256:7): [True: 0, False: 12] ------------------ 257| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}, "Kyber-512-90s-r3"); 258| 0| case 0x6EF4C: ------------------ | Branch (258:7): [True: 0, False: 12] ------------------ 259| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}, "Kyber-768-90s-r3"); 260| 0| case 0x6EF4D: ------------------ | Branch (260:7): [True: 0, False: 12] ------------------ 261| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}, "Kyber-1024-90s-r3"); 262| 0| case 0x6F18E: ------------------ | Branch (262:7): [True: 0, False: 12] ------------------ 263| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}, "FrodoKEM-640-SHAKE"); 264| 0| case 0x6F18F: ------------------ | Branch (264:7): [True: 0, False: 12] ------------------ 265| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}, "FrodoKEM-976-SHAKE"); 266| 0| case 0x6F190: ------------------ | Branch (266:7): [True: 0, False: 12] ------------------ 267| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}, "FrodoKEM-1344-SHAKE"); 268| 0| case 0x6F24F: ------------------ | Branch (268:7): [True: 0, False: 12] ------------------ 269| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}, "FrodoKEM-640-AES"); 270| 0| case 0x6F250: ------------------ | Branch (270:7): [True: 0, False: 12] ------------------ 271| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}, "FrodoKEM-976-AES"); 272| 0| case 0x6F251: ------------------ | Branch (272:7): [True: 0, False: 12] ------------------ 273| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}, "FrodoKEM-1344-AES"); 274| 0| case 0x6F310: ------------------ | Branch (274:7): [True: 0, False: 12] ------------------ 275| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}, "eFrodoKEM-640-SHAKE"); 276| 0| case 0x6F311: ------------------ | Branch (276:7): [True: 0, False: 12] ------------------ 277| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}, "eFrodoKEM-976-SHAKE"); 278| 0| case 0x6F312: ------------------ | Branch (278:7): [True: 0, False: 12] ------------------ 279| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}, "eFrodoKEM-1344-SHAKE"); 280| 0| case 0x6F3D1: ------------------ | Branch (280:7): [True: 0, False: 12] ------------------ 281| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}, "eFrodoKEM-640-AES"); 282| 0| case 0x6F3D2: ------------------ | Branch (282:7): [True: 0, False: 12] ------------------ 283| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}, "eFrodoKEM-976-AES"); 284| 0| case 0x6F3D3: ------------------ | Branch (284:7): [True: 0, False: 12] ------------------ 285| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}, "eFrodoKEM-1344-AES"); 286| 0| case 0x6F492: ------------------ | Branch (286:7): [True: 0, False: 12] ------------------ 287| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}, "ClassicMcEliece_6688128pc"); 288| 0| case 0x6F493: ------------------ | Branch (288:7): [True: 0, False: 12] ------------------ 289| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}, "ClassicMcEliece_6688128pcf"); 290| 0| case 0x6F494: ------------------ | Branch (290:7): [True: 0, False: 12] ------------------ 291| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}, "ClassicMcEliece_6960119pc"); 292| 0| case 0x6F495: ------------------ | Branch (292:7): [True: 0, False: 12] ------------------ 293| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}, "ClassicMcEliece_6960119pcf"); 294| 0| case 0x6F496: ------------------ | Branch (294:7): [True: 0, False: 12] ------------------ 295| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}, "ClassicMcEliece_8192128pc"); 296| 0| case 0x6F497: ------------------ | Branch (296:7): [True: 0, False: 12] ------------------ 297| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}, "ClassicMcEliece_8192128pcf"); 298| 0| case 0x6F79D: ------------------ | Branch (298:7): [True: 0, False: 12] ------------------ 299| 0| return if_match(oid, {2, 16, 840, 1, 113730, 1, 13}, "Certificate Comment"); 300| 0| case 0x701A0: ------------------ | Branch (300:7): [True: 0, False: 12] ------------------ 301| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 2, 1}, "ECGDSA"); 302| 0| case 0x70322: ------------------ | Branch (302:7): [True: 0, False: 12] ------------------ 303| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 1}, "ECGDSA/RIPEMD-160"); 304| 0| case 0x70323: ------------------ | Branch (304:7): [True: 0, False: 12] ------------------ 305| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 2}, "ECGDSA/SHA-1"); 306| 0| case 0x70324: ------------------ | Branch (306:7): [True: 0, False: 12] ------------------ 307| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 3}, "ECGDSA/SHA-224"); 308| 0| case 0x70325: ------------------ | Branch (308:7): [True: 0, False: 12] ------------------ 309| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 4}, "ECGDSA/SHA-256"); 310| 0| case 0x70326: ------------------ | Branch (310:7): [True: 0, False: 12] ------------------ 311| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 5}, "ECGDSA/SHA-384"); 312| 0| case 0x70327: ------------------ | Branch (312:7): [True: 0, False: 12] ------------------ 313| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 6}, "ECGDSA/SHA-512"); 314| 0| case 0x72B21: ------------------ | Branch (314:7): [True: 0, False: 12] ------------------ 315| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 1}, "GOST-34.10-2012-256"); 316| 0| case 0x72B22: ------------------ | Branch (316:7): [True: 0, False: 12] ------------------ 317| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 2}, "GOST-34.10-2012-512"); 318| 0| case 0x72BE3: ------------------ | Branch (318:7): [True: 0, False: 12] ------------------ 319| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 2}, "Streebog-256"); 320| 0| case 0x72BE4: ------------------ | Branch (320:7): [True: 0, False: 12] ------------------ 321| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 3}, "Streebog-512"); 322| 0| case 0x72CA4: ------------------ | Branch (322:7): [True: 0, False: 12] ------------------ 323| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 2}, "GOST-34.10-2012-256/Streebog-256"); 324| 0| case 0x72CA5: ------------------ | Branch (324:7): [True: 0, False: 12] ------------------ 325| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 3}, "GOST-34.10-2012-512/Streebog-512"); 326| 0| case 0x7C7C7: ------------------ | Branch (326:7): [True: 0, False: 12] ------------------ 327| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 1}, "PKCS9.X509Certificate"); 328| 0| case 0x7C7C8: ------------------ | Branch (328:7): [True: 0, False: 12] ------------------ 329| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 2}, "PKCS9.SDSICertificate"); 330| 0| case 0x7C888: ------------------ | Branch (330:7): [True: 0, False: 12] ------------------ 331| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 23, 1}, "PKCS9.X509CRL"); 332| 0| case 0x7E10F: ------------------ | Branch (332:7): [True: 0, False: 12] ------------------ 333| 0| return if_match(oid, {2, 5, 4, 3}, "X520.CommonName"); 334| 0| case 0x7E110: ------------------ | Branch (334:7): [True: 0, False: 12] ------------------ 335| 0| return if_match(oid, {2, 5, 4, 4}, "X520.Surname"); 336| 0| case 0x7E111: ------------------ | Branch (336:7): [True: 0, False: 12] ------------------ 337| 0| return if_match(oid, {2, 5, 4, 5}, "X520.SerialNumber"); 338| 0| case 0x7E112: ------------------ | Branch (338:7): [True: 0, False: 12] ------------------ 339| 0| return if_match(oid, {2, 5, 4, 6}, "X520.Country"); 340| 0| case 0x7E113: ------------------ | Branch (340:7): [True: 0, False: 12] ------------------ 341| 0| return if_match(oid, {2, 5, 4, 7}, "X520.Locality"); 342| 0| case 0x7E114: ------------------ | Branch (342:7): [True: 0, False: 12] ------------------ 343| 0| return if_match(oid, {2, 5, 4, 8}, "X520.State"); 344| 0| case 0x7E115: ------------------ | Branch (344:7): [True: 0, False: 12] ------------------ 345| 0| return if_match(oid, {2, 5, 4, 9}, "X520.StreetAddress"); 346| 0| case 0x7E116: ------------------ | Branch (346:7): [True: 0, False: 12] ------------------ 347| 0| return if_match(oid, {2, 5, 4, 10}, "X520.Organization"); 348| 0| case 0x7E117: ------------------ | Branch (348:7): [True: 0, False: 12] ------------------ 349| 0| return if_match(oid, {2, 5, 4, 11}, "X520.OrganizationalUnit"); 350| 0| case 0x7E118: ------------------ | Branch (350:7): [True: 0, False: 12] ------------------ 351| 0| return if_match(oid, {2, 5, 4, 12}, "X520.Title"); 352| 0| case 0x7E136: ------------------ | Branch (352:7): [True: 0, False: 12] ------------------ 353| 0| return if_match(oid, {2, 5, 4, 42}, "X520.GivenName"); 354| 0| case 0x7E137: ------------------ | Branch (354:7): [True: 0, False: 12] ------------------ 355| 0| return if_match(oid, {2, 5, 4, 43}, "X520.Initials"); 356| 0| case 0x7E138: ------------------ | Branch (356:7): [True: 0, False: 12] ------------------ 357| 0| return if_match(oid, {2, 5, 4, 44}, "X520.GenerationalQualifier"); 358| 0| case 0x7E13A: ------------------ | Branch (358:7): [True: 0, False: 12] ------------------ 359| 0| return if_match(oid, {2, 5, 4, 46}, "X520.DNQualifier"); 360| 0| case 0x7E14D: ------------------ | Branch (360:7): [True: 0, False: 12] ------------------ 361| 0| return if_match(oid, {2, 5, 4, 65}, "X520.Pseudonym"); 362| 0| case 0x7F3F3: ------------------ | Branch (362:7): [True: 0, False: 12] ------------------ 363| 0| return if_match(oid, {2, 5, 29, 14}, "X509v3.SubjectKeyIdentifier"); 364| 0| case 0x7F3F4: ------------------ | Branch (364:7): [True: 0, False: 12] ------------------ 365| 0| return if_match(oid, {2, 5, 29, 15}, "X509v3.KeyUsage"); 366| 0| case 0x7F3F5: ------------------ | Branch (366:7): [True: 0, False: 12] ------------------ 367| 0| return if_match(oid, {2, 5, 29, 16}, "X509v3.PrivateKeyUsagePeriod"); 368| 0| case 0x7F3F6: ------------------ | Branch (368:7): [True: 0, False: 12] ------------------ 369| 0| return if_match(oid, {2, 5, 29, 17}, "X509v3.SubjectAlternativeName"); 370| 0| case 0x7F3F7: ------------------ | Branch (370:7): [True: 0, False: 12] ------------------ 371| 0| return if_match(oid, {2, 5, 29, 18}, "X509v3.IssuerAlternativeName"); 372| 0| case 0x7F3F8: ------------------ | Branch (372:7): [True: 0, False: 12] ------------------ 373| 0| return if_match(oid, {2, 5, 29, 19}, "X509v3.BasicConstraints"); 374| 0| case 0x7F3F9: ------------------ | Branch (374:7): [True: 0, False: 12] ------------------ 375| 0| return if_match(oid, {2, 5, 29, 20}, "X509v3.CRLNumber"); 376| 0| case 0x7F3FA: ------------------ | Branch (376:7): [True: 0, False: 12] ------------------ 377| 0| return if_match(oid, {2, 5, 29, 21}, "X509v3.ReasonCode"); 378| 0| case 0x7F3FC: ------------------ | Branch (378:7): [True: 0, False: 12] ------------------ 379| 0| return if_match(oid, {2, 5, 29, 23}, "X509v3.HoldInstructionCode"); 380| 0| case 0x7F3FD: ------------------ | Branch (380:7): [True: 0, False: 12] ------------------ 381| 0| return if_match(oid, {2, 5, 29, 24}, "X509v3.InvalidityDate"); 382| 0| case 0x7F401: ------------------ | Branch (382:7): [True: 0, False: 12] ------------------ 383| 0| return if_match(oid, {2, 5, 29, 28}, "X509v3.CRLIssuingDistributionPoint"); 384| 0| case 0x7F403: ------------------ | Branch (384:7): [True: 0, False: 12] ------------------ 385| 0| return if_match(oid, {2, 5, 29, 30}, "X509v3.NameConstraints"); 386| 0| case 0x7F404: ------------------ | Branch (386:7): [True: 0, False: 12] ------------------ 387| 0| return if_match(oid, {2, 5, 29, 31}, "X509v3.CRLDistributionPoints"); 388| 0| case 0x7F405: ------------------ | Branch (388:7): [True: 0, False: 12] ------------------ 389| 0| return if_match(oid, {2, 5, 29, 32}, "X509v3.CertificatePolicies"); 390| 0| case 0x7F408: ------------------ | Branch (390:7): [True: 0, False: 12] ------------------ 391| 0| return if_match(oid, {2, 5, 29, 35}, "X509v3.AuthorityKeyIdentifier"); 392| 0| case 0x7F409: ------------------ | Branch (392:7): [True: 0, False: 12] ------------------ 393| 0| return if_match(oid, {2, 5, 29, 36}, "X509v3.PolicyConstraints"); 394| 0| case 0x7F40A: ------------------ | Branch (394:7): [True: 0, False: 12] ------------------ 395| 0| return if_match(oid, {2, 5, 29, 37}, "X509v3.ExtendedKeyUsage"); 396| 0| case 0x7F41D: ------------------ | Branch (396:7): [True: 0, False: 12] ------------------ 397| 0| return if_match(oid, {2, 5, 29, 56}, "X509v3.NoRevocationAvailable"); 398| 0| case 0x80B84: ------------------ | Branch (398:7): [True: 0, False: 12] ------------------ 399| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}, "AES-128/OCB"); 400| 0| case 0x80B85: ------------------ | Branch (400:7): [True: 0, False: 12] ------------------ 401| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}, "AES-192/OCB"); 402| 0| case 0x80B86: ------------------ | Branch (402:7): [True: 0, False: 12] ------------------ 403| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}, "AES-256/OCB"); 404| 0| case 0x80B87: ------------------ | Branch (404:7): [True: 0, False: 12] ------------------ 405| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}, "Serpent/OCB"); 406| 0| case 0x80B88: ------------------ | Branch (406:7): [True: 0, False: 12] ------------------ 407| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}, "Twofish/OCB"); 408| 0| case 0x80B89: ------------------ | Branch (408:7): [True: 0, False: 12] ------------------ 409| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}, "Camellia-128/OCB"); 410| 0| case 0x80B8A: ------------------ | Branch (410:7): [True: 0, False: 12] ------------------ 411| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}, "Camellia-192/OCB"); 412| 0| case 0x80B8B: ------------------ | Branch (412:7): [True: 0, False: 12] ------------------ 413| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}, "Camellia-256/OCB"); 414| 0| case 0x80D06: ------------------ | Branch (414:7): [True: 0, False: 12] ------------------ 415| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}, "AES-128/SIV"); 416| 0| case 0x80D07: ------------------ | Branch (416:7): [True: 0, False: 12] ------------------ 417| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}, "AES-192/SIV"); 418| 0| case 0x80D08: ------------------ | Branch (418:7): [True: 0, False: 12] ------------------ 419| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}, "AES-256/SIV"); 420| 0| case 0x80D09: ------------------ | Branch (420:7): [True: 0, False: 12] ------------------ 421| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}, "Serpent/SIV"); 422| 0| case 0x80D0A: ------------------ | Branch (422:7): [True: 0, False: 12] ------------------ 423| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}, "Twofish/SIV"); 424| 0| case 0x80D0B: ------------------ | Branch (424:7): [True: 0, False: 12] ------------------ 425| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}, "Camellia-128/SIV"); 426| 0| case 0x80D0C: ------------------ | Branch (426:7): [True: 0, False: 12] ------------------ 427| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}, "Camellia-192/SIV"); 428| 0| case 0x80D0D: ------------------ | Branch (428:7): [True: 0, False: 12] ------------------ 429| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}, "Camellia-256/SIV"); 430| 0| case 0x80D0E: ------------------ | Branch (430:7): [True: 0, False: 12] ------------------ 431| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}, "SM4/SIV"); 432| 0| case 0x84C6A: ------------------ | Branch (432:7): [True: 0, False: 12] ------------------ 433| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 2}, "Camellia-128/CBC"); 434| 0| case 0x84C6B: ------------------ | Branch (434:7): [True: 0, False: 12] ------------------ 435| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 3}, "Camellia-192/CBC"); 436| 0| case 0x84C6C: ------------------ | Branch (436:7): [True: 0, False: 12] ------------------ 437| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 4}, "Camellia-256/CBC"); 438| 0| case 0x88CD3: ------------------ | Branch (438:7): [True: 0, False: 12] ------------------ 439| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 6}, "KeyWrap.TripleDES"); 440| 0| case 0x88CD5: ------------------ | Branch (440:7): [True: 0, False: 12] ------------------ 441| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 8}, "Compression.Zlib"); 442| 0| case 0x88CDE: ------------------ | Branch (442:7): [True: 0, False: 12] ------------------ 443| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 17}, "HSS-LMS"); 444| 0| case 0x88CDF: ------------------ | Branch (444:7): [True: 0, False: 12] ------------------ 445| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 18}, "ChaCha20Poly1305"); 446| 0| case 0x92296: ------------------ | Branch (446:7): [True: 0, False: 12] ------------------ 447| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 2}, "AES-128/CBC"); 448| 0| case 0x92299: ------------------ | Branch (448:7): [True: 0, False: 12] ------------------ 449| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 5}, "KeyWrap.AES-128"); 450| 0| case 0x9229A: ------------------ | Branch (450:7): [True: 0, False: 12] ------------------ 451| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 6}, "AES-128/GCM"); 452| 0| case 0x9229B: ------------------ | Branch (452:7): [True: 0, False: 12] ------------------ 453| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 7}, "AES-128/CCM"); 454| 0| case 0x922AA: ------------------ | Branch (454:7): [True: 0, False: 12] ------------------ 455| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 22}, "AES-192/CBC"); 456| 0| case 0x922AD: ------------------ | Branch (456:7): [True: 0, False: 12] ------------------ 457| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 25}, "KeyWrap.AES-192"); 458| 0| case 0x922AE: ------------------ | Branch (458:7): [True: 0, False: 12] ------------------ 459| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 26}, "AES-192/GCM"); 460| 0| case 0x922AF: ------------------ | Branch (460:7): [True: 0, False: 12] ------------------ 461| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 27}, "AES-192/CCM"); 462| 0| case 0x922BE: ------------------ | Branch (462:7): [True: 0, False: 12] ------------------ 463| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 42}, "AES-256/CBC"); 464| 0| case 0x922C1: ------------------ | Branch (464:7): [True: 0, False: 12] ------------------ 465| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 45}, "KeyWrap.AES-256"); 466| 0| case 0x922C2: ------------------ | Branch (466:7): [True: 0, False: 12] ------------------ 467| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 46}, "AES-256/GCM"); 468| 0| case 0x922C3: ------------------ | Branch (468:7): [True: 0, False: 12] ------------------ 469| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 47}, "AES-256/CCM"); 470| 0| case 0x92356: ------------------ | Branch (470:7): [True: 0, False: 12] ------------------ 471| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 1}, "SHA-256"); 472| 0| case 0x92357: ------------------ | Branch (472:7): [True: 0, False: 12] ------------------ 473| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 2}, "SHA-384"); 474| 0| case 0x92358: ------------------ | Branch (474:7): [True: 0, False: 12] ------------------ 475| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 3}, "SHA-512"); 476| 0| case 0x92359: ------------------ | Branch (476:7): [True: 0, False: 12] ------------------ 477| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 4}, "SHA-224"); 478| 0| case 0x9235B: ------------------ | Branch (478:7): [True: 0, False: 12] ------------------ 479| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 6}, "SHA-512-256"); 480| 0| case 0x9235C: ------------------ | Branch (480:7): [True: 0, False: 12] ------------------ 481| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 7}, "SHA-3(224)"); 482| 0| case 0x9235D: ------------------ | Branch (482:7): [True: 0, False: 12] ------------------ 483| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 8}, "SHA-3(256)"); 484| 0| case 0x9235E: ------------------ | Branch (484:7): [True: 0, False: 12] ------------------ 485| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 9}, "SHA-3(384)"); 486| 0| case 0x9235F: ------------------ | Branch (486:7): [True: 0, False: 12] ------------------ 487| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 10}, "SHA-3(512)"); 488| 0| case 0x92360: ------------------ | Branch (488:7): [True: 0, False: 12] ------------------ 489| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 11}, "SHAKE-128"); 490| 0| case 0x92361: ------------------ | Branch (490:7): [True: 0, False: 12] ------------------ 491| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 12}, "SHAKE-256"); 492| 0| case 0x92417: ------------------ | Branch (492:7): [True: 0, False: 12] ------------------ 493| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 1}, "DSA/SHA-224"); 494| 0| case 0x92418: ------------------ | Branch (494:7): [True: 0, False: 12] ------------------ 495| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 2}, "DSA/SHA-256"); 496| 0| case 0x92419: ------------------ | Branch (496:7): [True: 0, False: 12] ------------------ 497| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 3}, "DSA/SHA-384"); 498| 0| case 0x9241A: ------------------ | Branch (498:7): [True: 0, False: 12] ------------------ 499| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 4}, "DSA/SHA-512"); 500| 0| case 0x9241B: ------------------ | Branch (500:7): [True: 0, False: 12] ------------------ 501| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 5}, "DSA/SHA-3(224)"); 502| 0| case 0x9241C: ------------------ | Branch (502:7): [True: 0, False: 12] ------------------ 503| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 6}, "DSA/SHA-3(256)"); 504| 0| case 0x9241D: ------------------ | Branch (504:7): [True: 0, False: 12] ------------------ 505| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 7}, "DSA/SHA-3(384)"); 506| 0| case 0x9241E: ------------------ | Branch (506:7): [True: 0, False: 12] ------------------ 507| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 8}, "DSA/SHA-3(512)"); 508| 0| case 0x9241F: ------------------ | Branch (508:7): [True: 0, False: 12] ------------------ 509| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 9}, "ECDSA/SHA-3(224)"); 510| 0| case 0x92420: ------------------ | Branch (510:7): [True: 0, False: 12] ------------------ 511| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 10}, "ECDSA/SHA-3(256)"); 512| 0| case 0x92421: ------------------ | Branch (512:7): [True: 0, False: 12] ------------------ 513| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 11}, "ECDSA/SHA-3(384)"); 514| 0| case 0x92422: ------------------ | Branch (514:7): [True: 0, False: 12] ------------------ 515| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 12}, "ECDSA/SHA-3(512)"); 516| 0| case 0x92423: ------------------ | Branch (516:7): [True: 0, False: 12] ------------------ 517| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 13}, "RSA/PKCS1v15(SHA-3(224))"); 518| 0| case 0x92424: ------------------ | Branch (518:7): [True: 0, False: 12] ------------------ 519| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 14}, "RSA/PKCS1v15(SHA-3(256))"); 520| 0| case 0x92425: ------------------ | Branch (520:7): [True: 0, False: 12] ------------------ 521| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 15}, "RSA/PKCS1v15(SHA-3(384))"); 522| 0| case 0x92426: ------------------ | Branch (522:7): [True: 0, False: 12] ------------------ 523| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 16}, "RSA/PKCS1v15(SHA-3(512))"); 524| 0| case 0x92427: ------------------ | Branch (524:7): [True: 0, False: 12] ------------------ 525| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 17}, "ML-DSA-4x4"); 526| 0| case 0x92428: ------------------ | Branch (526:7): [True: 0, False: 12] ------------------ 527| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 18}, "ML-DSA-6x5"); 528| 0| case 0x92429: ------------------ | Branch (528:7): [True: 0, False: 12] ------------------ 529| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 19}, "ML-DSA-8x7"); 530| 0| case 0x9242A: ------------------ | Branch (530:7): [True: 0, False: 12] ------------------ 531| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 20}, "SLH-DSA-SHA2-128s"); 532| 0| case 0x9242B: ------------------ | Branch (532:7): [True: 0, False: 12] ------------------ 533| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 21}, "SLH-DSA-SHA2-128f"); 534| 0| case 0x9242C: ------------------ | Branch (534:7): [True: 0, False: 12] ------------------ 535| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 22}, "SLH-DSA-SHA2-192s"); 536| 0| case 0x9242D: ------------------ | Branch (536:7): [True: 0, False: 12] ------------------ 537| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 23}, "SLH-DSA-SHA2-192f"); 538| 0| case 0x9242E: ------------------ | Branch (538:7): [True: 0, False: 12] ------------------ 539| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 24}, "SLH-DSA-SHA2-256s"); 540| 0| case 0x9242F: ------------------ | Branch (540:7): [True: 0, False: 12] ------------------ 541| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 25}, "SLH-DSA-SHA2-256f"); 542| 0| case 0x92430: ------------------ | Branch (542:7): [True: 0, False: 12] ------------------ 543| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 26}, "SLH-DSA-SHAKE-128s"); 544| 0| case 0x92431: ------------------ | Branch (544:7): [True: 0, False: 12] ------------------ 545| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 27}, "SLH-DSA-SHAKE-128f"); 546| 0| case 0x92432: ------------------ | Branch (546:7): [True: 0, False: 12] ------------------ 547| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 28}, "SLH-DSA-SHAKE-192s"); 548| 0| case 0x92433: ------------------ | Branch (548:7): [True: 0, False: 12] ------------------ 549| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 29}, "SLH-DSA-SHAKE-192f"); 550| 0| case 0x92434: ------------------ | Branch (550:7): [True: 0, False: 12] ------------------ 551| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 30}, "SLH-DSA-SHAKE-256s"); 552| 0| case 0x92435: ------------------ | Branch (552:7): [True: 0, False: 12] ------------------ 553| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 31}, "SLH-DSA-SHAKE-256f"); 554| 0| case 0x924D8: ------------------ | Branch (554:7): [True: 0, False: 12] ------------------ 555| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 1}, "ML-KEM-512"); 556| 0| case 0x924D9: ------------------ | Branch (556:7): [True: 0, False: 12] ------------------ 557| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 2}, "ML-KEM-768"); 558| 0| case 0x924DA: ------------------ | Branch (558:7): [True: 0, False: 12] ------------------ 559| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 3}, "ML-KEM-1024"); 560| 0| case 0x9479F: ------------------ | Branch (560:7): [True: 0, False: 12] ------------------ 561| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 1}, "PKIX.AuthorityInformationAccess"); 562| 0| case 0x947A5: ------------------ | Branch (562:7): [True: 0, False: 12] ------------------ 563| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 7}, "PKIX.IpAddrBlocks"); 564| 0| case 0x947A6: ------------------ | Branch (564:7): [True: 0, False: 12] ------------------ 565| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 8}, "PKIX.AutonomousSysIds"); 566| 0| case 0x947B8: ------------------ | Branch (566:7): [True: 0, False: 12] ------------------ 567| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 26}, "PKIX.TNAuthList"); 568| 0| case 0x94921: ------------------ | Branch (568:7): [True: 0, False: 12] ------------------ 569| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 1}, "PKIX.ServerAuth"); 570| 0| case 0x94922: ------------------ | Branch (570:7): [True: 0, False: 12] ------------------ 571| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 2}, "PKIX.ClientAuth"); 572| 0| case 0x94923: ------------------ | Branch (572:7): [True: 0, False: 12] ------------------ 573| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 3}, "PKIX.CodeSigning"); 574| 0| case 0x94924: ------------------ | Branch (574:7): [True: 0, False: 12] ------------------ 575| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 4}, "PKIX.EmailProtection"); 576| 0| case 0x94925: ------------------ | Branch (576:7): [True: 0, False: 12] ------------------ 577| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 5}, "PKIX.IPsecEndSystem"); 578| 0| case 0x94926: ------------------ | Branch (578:7): [True: 0, False: 12] ------------------ 579| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 6}, "PKIX.IPsecTunnel"); 580| 0| case 0x94927: ------------------ | Branch (580:7): [True: 0, False: 12] ------------------ 581| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 7}, "PKIX.IPsecUser"); 582| 0| case 0x94928: ------------------ | Branch (582:7): [True: 0, False: 12] ------------------ 583| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 8}, "PKIX.TimeStamping"); 584| 0| case 0x94929: ------------------ | Branch (584:7): [True: 0, False: 12] ------------------ 585| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 9}, "PKIX.OCSPSigning"); 586| 0| case 0x94CEA: ------------------ | Branch (586:7): [True: 0, False: 12] ------------------ 587| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 8, 5}, "PKIX.XMPPAddr"); 588| 0| case 0x954DB: ------------------ | Branch (588:7): [True: 0, False: 12] ------------------ 589| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}, "Microsoft SmartcardLogon"); 590| 0| case 0x954DC: ------------------ | Branch (590:7): [True: 0, False: 12] ------------------ 591| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}, "Microsoft UPN"); 592| 0| case 0x96B0E: ------------------ | Branch (592:7): [True: 0, False: 12] ------------------ 593| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1}, "PKIX.OCSP"); 594| 0| case 0x96B0F: ------------------ | Branch (594:7): [True: 0, False: 12] ------------------ 595| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 2}, "PKIX.CertificateAuthorityIssuers"); 596| 0| case 0x96C77: ------------------ | Branch (596:7): [True: 0, False: 12] ------------------ 597| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 3}, "PBE-SHA1-3DES"); 598| 0| case 0x96C78: ------------------ | Branch (598:7): [True: 0, False: 12] ------------------ 599| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 4}, "PBE-SHA1-2DES"); 600| 0| case 0x9A008: ------------------ | Branch (600:7): [True: 0, False: 12] ------------------ 601| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}, "brainpool160r1"); 602| 0| case 0x9A00A: ------------------ | Branch (602:7): [True: 0, False: 12] ------------------ 603| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}, "brainpool192r1"); 604| 0| case 0x9A00C: ------------------ | Branch (604:7): [True: 0, False: 12] ------------------ 605| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}, "brainpool224r1"); 606| 1| case 0x9A00E: ------------------ | Branch (606:7): [True: 1, False: 11] ------------------ 607| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}, "brainpool256r1"); 608| 0| case 0x9A010: ------------------ | Branch (608:7): [True: 0, False: 12] ------------------ 609| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}, "brainpool320r1"); 610| 1| case 0x9A012: ------------------ | Branch (610:7): [True: 1, False: 11] ------------------ 611| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}, "brainpool384r1"); 612| 1| case 0x9A014: ------------------ | Branch (612:7): [True: 1, False: 11] ------------------ 613| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}, "brainpool512r1"); 614| 0| case 0xA0D61: ------------------ | Branch (614:7): [True: 0, False: 12] ------------------ 615| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 3}, "McEliece"); 616| 0| case 0xA0D63: ------------------ | Branch (616:7): [True: 0, False: 12] ------------------ 617| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 5}, "XMSS-draft6"); 618| 0| case 0xA0D66: ------------------ | Branch (618:7): [True: 0, False: 12] ------------------ 619| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 8}, "XMSS-draft12"); 620| 0| case 0xA0D6B: ------------------ | Branch (620:7): [True: 0, False: 12] ------------------ 621| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 13}, "HSS-LMS-Private-Key"); 622| 0| case 0xA0EE1: ------------------ | Branch (622:7): [True: 0, False: 12] ------------------ 623| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 1}, "Serpent/CBC"); 624| 0| case 0xA0EE2: ------------------ | Branch (624:7): [True: 0, False: 12] ------------------ 625| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2}, "Threefish-512/CBC"); 626| 0| case 0xA0EE3: ------------------ | Branch (626:7): [True: 0, False: 12] ------------------ 627| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 3}, "Twofish/CBC"); 628| 0| case 0xA0F45: ------------------ | Branch (628:7): [True: 0, False: 12] ------------------ 629| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 101}, "Serpent/GCM"); 630| 0| case 0xA0F46: ------------------ | Branch (630:7): [True: 0, False: 12] ------------------ 631| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 102}, "Twofish/GCM"); 632| 0| case 0xA0FA2: ------------------ | Branch (632:7): [True: 0, False: 12] ------------------ 633| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 1}, "numsp256d1"); 634| 0| case 0xA0FA3: ------------------ | Branch (634:7): [True: 0, False: 12] ------------------ 635| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 2}, "numsp384d1"); 636| 1| case 0xA0FA4: ------------------ | Branch (636:7): [True: 1, False: 11] ------------------ 637| 1| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 3}, "numsp512d1"); 638| 0| case 0xA244B: ------------------ | Branch (638:7): [True: 0, False: 12] ------------------ 639| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}, "ClassicMcEliece_348864"); 640| 0| case 0xA244C: ------------------ | Branch (640:7): [True: 0, False: 12] ------------------ 641| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}, "ClassicMcEliece_348864f"); 642| 0| case 0xA244D: ------------------ | Branch (642:7): [True: 0, False: 12] ------------------ 643| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}, "ClassicMcEliece_460896"); 644| 0| case 0xA244E: ------------------ | Branch (644:7): [True: 0, False: 12] ------------------ 645| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}, "ClassicMcEliece_460896f"); 646| 0| case 0xA244F: ------------------ | Branch (646:7): [True: 0, False: 12] ------------------ 647| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}, "ClassicMcEliece_6688128"); 648| 0| case 0xA2450: ------------------ | Branch (648:7): [True: 0, False: 12] ------------------ 649| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}, "ClassicMcEliece_6688128f"); 650| 0| case 0xA2451: ------------------ | Branch (650:7): [True: 0, False: 12] ------------------ 651| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}, "ClassicMcEliece_6960119"); 652| 0| case 0xA2452: ------------------ | Branch (652:7): [True: 0, False: 12] ------------------ 653| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}, "ClassicMcEliece_6960119f"); 654| 0| case 0xA2453: ------------------ | Branch (654:7): [True: 0, False: 12] ------------------ 655| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}, "ClassicMcEliece_8192128"); 656| 0| case 0xA2454: ------------------ | Branch (656:7): [True: 0, False: 12] ------------------ 657| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}, "ClassicMcEliece_8192128f"); 658| 0| case 0xAF989: ------------------ | Branch (658:7): [True: 0, False: 12] ------------------ 659| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 1}, "RSA"); 660| 0| case 0xAF98A: ------------------ | Branch (660:7): [True: 0, False: 12] ------------------ 661| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 2}, "RSA/PKCS1v15(MD2)"); 662| 0| case 0xAF98C: ------------------ | Branch (662:7): [True: 0, False: 12] ------------------ 663| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 4}, "RSA/PKCS1v15(MD5)"); 664| 0| case 0xAF98D: ------------------ | Branch (664:7): [True: 0, False: 12] ------------------ 665| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 5}, "RSA/PKCS1v15(SHA-1)"); 666| 0| case 0xAF98F: ------------------ | Branch (666:7): [True: 0, False: 12] ------------------ 667| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 7}, "RSA/OAEP"); 668| 0| case 0xAF990: ------------------ | Branch (668:7): [True: 0, False: 12] ------------------ 669| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 8}, "MGF1"); 670| 0| case 0xAF992: ------------------ | Branch (670:7): [True: 0, False: 12] ------------------ 671| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 10}, "RSA/PSS"); 672| 0| case 0xAF993: ------------------ | Branch (672:7): [True: 0, False: 12] ------------------ 673| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 11}, "RSA/PKCS1v15(SHA-256)"); 674| 0| case 0xAF994: ------------------ | Branch (674:7): [True: 0, False: 12] ------------------ 675| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 12}, "RSA/PKCS1v15(SHA-384)"); 676| 0| case 0xAF995: ------------------ | Branch (676:7): [True: 0, False: 12] ------------------ 677| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 13}, "RSA/PKCS1v15(SHA-512)"); 678| 0| case 0xAF996: ------------------ | Branch (678:7): [True: 0, False: 12] ------------------ 679| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 14}, "RSA/PKCS1v15(SHA-224)"); 680| 0| case 0xAF998: ------------------ | Branch (680:7): [True: 0, False: 12] ------------------ 681| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 16}, "RSA/PKCS1v15(SHA-512-256)"); 682| 0| case 0xAFC98: ------------------ | Branch (682:7): [True: 0, False: 12] ------------------ 683| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 12}, "PKCS5.PBKDF2"); 684| 0| case 0xAFC99: ------------------ | Branch (684:7): [True: 0, False: 12] ------------------ 685| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 13}, "PBE-PKCS5v20"); 686| 0| case 0xAFE0F: ------------------ | Branch (686:7): [True: 0, False: 12] ------------------ 687| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 1}, "PKCS7.Data"); 688| 0| case 0xAFE14: ------------------ | Branch (688:7): [True: 0, False: 12] ------------------ 689| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 6}, "PKCS7.EncryptedData"); 690| 0| case 0xAFF91: ------------------ | Branch (690:7): [True: 0, False: 12] ------------------ 691| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 1}, "PKCS9.EmailAddress"); 692| 0| case 0xAFF92: ------------------ | Branch (692:7): [True: 0, False: 12] ------------------ 693| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 2}, "PKCS9.UnstructuredName"); 694| 0| case 0xAFF93: ------------------ | Branch (694:7): [True: 0, False: 12] ------------------ 695| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 3}, "PKCS9.ContentType"); 696| 0| case 0xAFF94: ------------------ | Branch (696:7): [True: 0, False: 12] ------------------ 697| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 4}, "PKCS9.MessageDigest"); 698| 0| case 0xAFF97: ------------------ | Branch (698:7): [True: 0, False: 12] ------------------ 699| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 7}, "PKCS9.ChallengePassword"); 700| 0| case 0xAFF9E: ------------------ | Branch (700:7): [True: 0, False: 12] ------------------ 701| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 14}, "PKCS9.ExtensionRequest"); 702| 0| case 0xAFFA4: ------------------ | Branch (702:7): [True: 0, False: 12] ------------------ 703| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 20}, "PKCS9.FriendlyName"); 704| 0| case 0xAFFA5: ------------------ | Branch (704:7): [True: 0, False: 12] ------------------ 705| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 21}, "PKCS9.LocalKeyId"); 706| 0| case 0xC0226: ------------------ | Branch (706:7): [True: 0, False: 12] ------------------ 707| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 4, 11}, "Scrypt"); 708| 0| case 0xC0A67: ------------------ | Branch (708:7): [True: 0, False: 12] ------------------ 709| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 15, 1}, "OpenPGP.Ed25519"); 710| 0| case 0xC4CE5: ------------------ | Branch (710:7): [True: 0, False: 12] ------------------ 711| 0| return if_match(oid, {1, 2, 643, 100, 1}, "GOST.OGRN"); 712| 0| case 0xC4D53: ------------------ | Branch (712:7): [True: 0, False: 12] ------------------ 713| 0| return if_match(oid, {1, 2, 643, 100, 111}, "GOST.SubjectSigningTool"); 714| 0| case 0xC4D54: ------------------ | Branch (714:7): [True: 0, False: 12] ------------------ 715| 0| return if_match(oid, {1, 2, 643, 100, 112}, "GOST.IssuerSigningTool"); 716| 1| case 0xC9C50: ------------------ | Branch (716:7): [True: 1, False: 11] ------------------ 717| 1| return if_match(oid, {1, 2, 840, 10045, 3, 1, 1}, "secp192r1"); 718| 0| case 0xC9C51: ------------------ | Branch (718:7): [True: 0, False: 12] ------------------ 719| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 2}, "x962_p192v2"); 720| 0| case 0xC9C52: ------------------ | Branch (720:7): [True: 0, False: 12] ------------------ 721| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 3}, "x962_p192v3"); 722| 0| case 0xC9C53: ------------------ | Branch (722:7): [True: 0, False: 12] ------------------ 723| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 4}, "x962_p239v1"); 724| 0| case 0xC9C54: ------------------ | Branch (724:7): [True: 0, False: 12] ------------------ 725| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 5}, "x962_p239v2"); 726| 0| case 0xC9C55: ------------------ | Branch (726:7): [True: 0, False: 12] ------------------ 727| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 6}, "x962_p239v3"); 728| 1| case 0xC9C56: ------------------ | Branch (728:7): [True: 1, False: 11] ------------------ 729| 1| return if_match(oid, {1, 2, 840, 10045, 3, 1, 7}, "secp256r1"); 730| 0| case 0xCFA13: ------------------ | Branch (730:7): [True: 0, False: 12] ------------------ 731| 0| return if_match(oid, {1, 2, 840, 10040, 4, 1}, "DSA"); 732| 0| case 0xCFA15: ------------------ | Branch (732:7): [True: 0, False: 12] ------------------ 733| 0| return if_match(oid, {1, 2, 840, 10040, 4, 3}, "DSA/SHA-1"); 734| 0| default: ------------------ | Branch (734:7): [True: 0, False: 12] ------------------ 735| 0| return {}; 736| 12| } 737| 12|} _ZN5Botan7OID_Map22lookup_static_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 740| 12|std::optional OID_Map::lookup_static_oid_name(std::string_view req) { 741| 12| const uint32_t hc = hash_oid_name(req); 742| | 743| 12| switch(hc) { 744| 0| case 0x00545: ------------------ | Branch (744:7): [True: 0, False: 12] ------------------ 745| 0| return if_match(req, "Twofish/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 102}); 746| 0| case 0x00CF3: ------------------ | Branch (746:7): [True: 0, False: 12] ------------------ 747| 0| return if_match(req, "SphincsPlus-sha2-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}); 748| 0| case 0x015FE: ------------------ | Branch (748:7): [True: 0, False: 12] ------------------ 749| 0| return if_match(req, "FrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}); 750| 0| case 0x01F9E: ------------------ | Branch (750:7): [True: 0, False: 12] ------------------ 751| 0| return if_match(req, "MD5", {1, 2, 840, 113549, 2, 5}); 752| 0| case 0x02293: ------------------ | Branch (752:7): [True: 0, False: 12] ------------------ 753| 0| return if_match(req, "SphincsPlus-shake-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}); 754| 0| case 0x02B93: ------------------ | Branch (754:7): [True: 0, False: 12] ------------------ 755| 0| return if_match(req, "Microsoft SmartcardLogon", {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}); 756| 0| case 0x041D5: ------------------ | Branch (756:7): [True: 0, False: 12] ------------------ 757| 0| return if_match(req, "secp160k1", {1, 3, 132, 0, 9}); 758| 0| case 0x044B3: ------------------ | Branch (758:7): [True: 0, False: 12] ------------------ 759| 0| return if_match(req, "Camellia-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}); 760| 0| case 0x048B2: ------------------ | Branch (760:7): [True: 0, False: 12] ------------------ 761| 0| return if_match(req, "secp160r1", {1, 3, 132, 0, 8}); 762| 0| case 0x048B3: ------------------ | Branch (762:7): [True: 0, False: 12] ------------------ 763| 0| return if_match(req, "secp160r2", {1, 3, 132, 0, 30}); 764| 0| case 0x05CDA: ------------------ | Branch (764:7): [True: 0, False: 12] ------------------ 765| 0| return if_match(req, "X520.Country", {2, 5, 4, 6}); 766| 0| case 0x07783: ------------------ | Branch (766:7): [True: 0, False: 12] ------------------ 767| 0| return if_match(req, "PKIX.ServerAuth", {1, 3, 6, 1, 5, 5, 7, 3, 1}); 768| 0| case 0x086C7: ------------------ | Branch (768:7): [True: 0, False: 12] ------------------ 769| 0| return if_match(req, "numsp384d1", {1, 3, 6, 1, 4, 1, 25258, 4, 2}); 770| 0| case 0x08A92: ------------------ | Branch (770:7): [True: 0, False: 12] ------------------ 771| 0| return if_match(req, "RSA/PKCS1v15(SHA-1)", {1, 2, 840, 113549, 1, 1, 5}); 772| 0| case 0x09EA0: ------------------ | Branch (772:7): [True: 0, False: 12] ------------------ 773| 0| return if_match(req, "DES/CBC", {1, 3, 14, 3, 2, 7}); 774| 0| case 0x0B2D6: ------------------ | Branch (774:7): [True: 0, False: 12] ------------------ 775| 0| return if_match(req, "ECDSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 12}); 776| 0| case 0x0BA72: ------------------ | Branch (776:7): [True: 0, False: 12] ------------------ 777| 0| return if_match(req, "SphincsPlus-sha2-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}); 778| 0| case 0x0BE23: ------------------ | Branch (778:7): [True: 0, False: 12] ------------------ 779| 0| return if_match(req, "ECGDSA", {1, 3, 36, 3, 3, 2, 5, 2, 1}); 780| 0| case 0x0C109: ------------------ | Branch (780:7): [True: 0, False: 12] ------------------ 781| 0| return if_match(req, "PKCS9.FriendlyName", {1, 2, 840, 113549, 1, 9, 20}); 782| 0| case 0x0D012: ------------------ | Branch (782:7): [True: 0, False: 12] ------------------ 783| 0| return if_match(req, "SphincsPlus-shake-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}); 784| 0| case 0x0DCE9: ------------------ | Branch (784:7): [True: 0, False: 12] ------------------ 785| 0| return if_match(req, "ClassicMcEliece_8192128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}); 786| 1| case 0x0E52A: ------------------ | Branch (786:7): [True: 1, False: 11] ------------------ 787| 1| return if_match(req, "numsp512d1", {1, 3, 6, 1, 4, 1, 25258, 4, 3}); 788| 0| case 0x0F9CC: ------------------ | Branch (788:7): [True: 0, False: 12] ------------------ 789| 0| return if_match(req, "PKCS9.UnstructuredName", {1, 2, 840, 113549, 1, 9, 2}); 790| 0| case 0x0FF45: ------------------ | Branch (790:7): [True: 0, False: 12] ------------------ 791| 0| return if_match(req, "Camellia-256/GCM", {0, 3, 4401, 5, 3, 1, 9, 46}); 792| 0| case 0x1033D: ------------------ | Branch (792:7): [True: 0, False: 12] ------------------ 793| 0| return if_match(req, "DSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 7}); 794| 0| case 0x1139D: ------------------ | Branch (794:7): [True: 0, False: 12] ------------------ 795| 0| return if_match(req, "secp192k1", {1, 3, 132, 0, 31}); 796| 0| case 0x113D6: ------------------ | Branch (796:7): [True: 0, False: 12] ------------------ 797| 0| return if_match(req, "X520.DNQualifier", {2, 5, 4, 46}); 798| 1| case 0x11A7A: ------------------ | Branch (798:7): [True: 1, False: 11] ------------------ 799| 1| return if_match(req, "secp192r1", {1, 2, 840, 10045, 3, 1, 1}); 800| 0| case 0x12096: ------------------ | Branch (800:7): [True: 0, False: 12] ------------------ 801| 0| return if_match(req, "SM2_Kex", {1, 2, 156, 10197, 1, 301, 2}); 802| 0| case 0x13FC1: ------------------ | Branch (802:7): [True: 0, False: 12] ------------------ 803| 0| return if_match(req, "X520.GenerationalQualifier", {2, 5, 4, 44}); 804| 0| case 0x1445B: ------------------ | Branch (804:7): [True: 0, False: 12] ------------------ 805| 0| return if_match(req, "PKCS5.PBKDF2", {1, 2, 840, 113549, 1, 5, 12}); 806| 0| case 0x1495D: ------------------ | Branch (806:7): [True: 0, False: 12] ------------------ 807| 0| return if_match(req, "eFrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}); 808| 0| case 0x14E30: ------------------ | Branch (808:7): [True: 0, False: 12] ------------------ 809| 0| return if_match(req, "ClassicMcEliece_460896", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}); 810| 0| case 0x14FB1: ------------------ | Branch (810:7): [True: 0, False: 12] ------------------ 811| 0| return if_match(req, "XMSS-draft12", {1, 3, 6, 1, 4, 1, 25258, 1, 8}); 812| 0| case 0x156E3: ------------------ | Branch (812:7): [True: 0, False: 12] ------------------ 813| 0| return if_match(req, "Compression.Zlib", {1, 2, 840, 113549, 1, 9, 16, 3, 8}); 814| 0| case 0x1579E: ------------------ | Branch (814:7): [True: 0, False: 12] ------------------ 815| 0| return if_match(req, "Streebog-512", {1, 2, 643, 7, 1, 1, 2, 3}); 816| 0| case 0x1701A: ------------------ | Branch (816:7): [True: 0, False: 12] ------------------ 817| 0| return if_match(req, "X509v3.AnyExtendedKeyUsage", {2, 5, 29, 37, 0}); 818| 0| case 0x175EF: ------------------ | Branch (818:7): [True: 0, False: 12] ------------------ 819| 0| return if_match(req, "Kyber-1024-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}); 820| 0| case 0x17709: ------------------ | Branch (820:7): [True: 0, False: 12] ------------------ 821| 0| return if_match(req, "X520.GivenName", {2, 5, 4, 42}); 822| 0| case 0x17AD9: ------------------ | Branch (822:7): [True: 0, False: 12] ------------------ 823| 0| return if_match(req, "RSA/PKCS1v15(SM3)", {1, 2, 156, 10197, 1, 504}); 824| 0| case 0x17CE2: ------------------ | Branch (824:7): [True: 0, False: 12] ------------------ 825| 0| return if_match(req, "SLH-DSA-SHA2-256f", {2, 16, 840, 1, 101, 3, 4, 3, 25}); 826| 0| case 0x17CEF: ------------------ | Branch (826:7): [True: 0, False: 12] ------------------ 827| 0| return if_match(req, "SLH-DSA-SHA2-256s", {2, 16, 840, 1, 101, 3, 4, 3, 24}); 828| 0| case 0x18618: ------------------ | Branch (828:7): [True: 0, False: 12] ------------------ 829| 0| return if_match(req, "FrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}); 830| 0| case 0x19480: ------------------ | Branch (830:7): [True: 0, False: 12] ------------------ 831| 0| return if_match(req, "eFrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}); 832| 0| case 0x1958A: ------------------ | Branch (832:7): [True: 0, False: 12] ------------------ 833| 0| return if_match(req, "X509v3.InvalidityDate", {2, 5, 29, 24}); 834| 0| case 0x19851: ------------------ | Branch (834:7): [True: 0, False: 12] ------------------ 835| 0| return if_match(req, "DSA/SHA-1", {1, 2, 840, 10040, 4, 3}); 836| 0| case 0x1B2E7: ------------------ | Branch (836:7): [True: 0, False: 12] ------------------ 837| 0| return if_match(req, "KeyWrap.AES-128", {2, 16, 840, 1, 101, 3, 4, 1, 5}); 838| 0| case 0x1B9BE: ------------------ | Branch (838:7): [True: 0, False: 12] ------------------ 839| 0| return if_match(req, "KeyWrap.AES-192", {2, 16, 840, 1, 101, 3, 4, 1, 25}); 840| 0| case 0x1D439: ------------------ | Branch (840:7): [True: 0, False: 12] ------------------ 841| 0| return if_match(req, "SphincsPlus-haraka-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}); 842| 0| case 0x2065B: ------------------ | Branch (842:7): [True: 0, False: 12] ------------------ 843| 0| return if_match(req, "KeyWrap.CAST-128", {1, 2, 840, 113533, 7, 66, 15}); 844| 0| case 0x216A0: ------------------ | Branch (844:7): [True: 0, False: 12] ------------------ 845| 0| return if_match(req, "ML-KEM-512", {2, 16, 840, 1, 101, 3, 4, 4, 1}); 846| 0| case 0x2216B: ------------------ | Branch (846:7): [True: 0, False: 12] ------------------ 847| 0| return if_match(req, "GOST-34.10-2012-512", {1, 2, 643, 7, 1, 1, 1, 2}); 848| 0| case 0x22C2C: ------------------ | Branch (848:7): [True: 0, False: 12] ------------------ 849| 0| return if_match(req, "ElGamal", {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}); 850| 0| case 0x2559A: ------------------ | Branch (850:7): [True: 0, False: 12] ------------------ 851| 0| return if_match(req, "X520.Initials", {2, 5, 4, 43}); 852| 0| case 0x271AC: ------------------ | Branch (852:7): [True: 0, False: 12] ------------------ 853| 0| return if_match(req, "PKIX.AutonomousSysIds", {1, 3, 6, 1, 5, 5, 7, 1, 8}); 854| 0| case 0x2808B: ------------------ | Branch (854:7): [True: 0, False: 12] ------------------ 855| 0| return if_match(req, "PKCS7.Data", {1, 2, 840, 113549, 1, 7, 1}); 856| 0| case 0x281B8: ------------------ | Branch (856:7): [True: 0, False: 12] ------------------ 857| 0| return if_match(req, "SphincsPlus-haraka-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}); 858| 0| case 0x29999: ------------------ | Branch (858:7): [True: 0, False: 12] ------------------ 859| 0| return if_match(req, "DSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 6}); 860| 0| case 0x2A83D: ------------------ | Branch (860:7): [True: 0, False: 12] ------------------ 861| 0| return if_match(req, "SHA-224", {2, 16, 840, 1, 101, 3, 4, 2, 4}); 862| 0| case 0x2AB30: ------------------ | Branch (862:7): [True: 0, False: 12] ------------------ 863| 0| return if_match(req, "SHA-256", {2, 16, 840, 1, 101, 3, 4, 2, 1}); 864| 0| case 0x2ABEF: ------------------ | Branch (864:7): [True: 0, False: 12] ------------------ 865| 0| return if_match(req, "KeyWrap.AES-256", {2, 16, 840, 1, 101, 3, 4, 1, 45}); 866| 0| case 0x2BAEF: ------------------ | Branch (866:7): [True: 0, False: 12] ------------------ 867| 0| return if_match(req, "SM2_Sig/SM3", {1, 2, 156, 10197, 1, 501}); 868| 0| case 0x2C39A: ------------------ | Branch (868:7): [True: 0, False: 12] ------------------ 869| 0| return if_match(req, "ECGDSA/RIPEMD-160", {1, 3, 36, 3, 3, 2, 5, 4, 1}); 870| 0| case 0x2C54F: ------------------ | Branch (870:7): [True: 0, False: 12] ------------------ 871| 0| return if_match(req, "ECDSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 9}); 872| 0| case 0x2EEA6: ------------------ | Branch (872:7): [True: 0, False: 12] ------------------ 873| 0| return if_match(req, "RSA/PKCS1v15(RIPEMD-160)", {1, 3, 36, 3, 3, 1, 2}); 874| 0| case 0x2EFBA: ------------------ | Branch (874:7): [True: 0, False: 12] ------------------ 875| 0| return if_match(req, "Kyber-512-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}); 876| 0| case 0x2F0AD: ------------------ | Branch (876:7): [True: 0, False: 12] ------------------ 877| 0| return if_match(req, "PKCS7.EncryptedData", {1, 2, 840, 113549, 1, 7, 6}); 878| 0| case 0x2F219: ------------------ | Branch (878:7): [True: 0, False: 12] ------------------ 879| 0| return if_match(req, "PBE-SHA1-2DES", {1, 2, 840, 113549, 1, 12, 1, 4}); 880| 0| case 0x3133E: ------------------ | Branch (880:7): [True: 0, False: 12] ------------------ 881| 0| return if_match(req, "SLH-DSA-SHA2-128f", {2, 16, 840, 1, 101, 3, 4, 3, 21}); 882| 0| case 0x3134B: ------------------ | Branch (882:7): [True: 0, False: 12] ------------------ 883| 0| return if_match(req, "SLH-DSA-SHA2-128s", {2, 16, 840, 1, 101, 3, 4, 3, 20}); 884| 0| case 0x3160D: ------------------ | Branch (884:7): [True: 0, False: 12] ------------------ 885| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(224))", {2, 16, 840, 1, 101, 3, 4, 3, 13}); 886| 0| case 0x319E0: ------------------ | Branch (886:7): [True: 0, False: 12] ------------------ 887| 0| return if_match(req, "GOST-34.10-2012-256/Streebog-256", {1, 2, 643, 7, 1, 1, 3, 2}); 888| 0| case 0x31B3D: ------------------ | Branch (888:7): [True: 0, False: 12] ------------------ 889| 0| return if_match(req, "HMAC(SHA-512)", {1, 2, 840, 113549, 2, 11}); 890| 1| case 0x31C6D: ------------------ | Branch (890:7): [True: 1, False: 11] ------------------ 891| 1| return if_match(req, "secp384r1", {1, 3, 132, 0, 34}); 892| 0| case 0x32899: ------------------ | Branch (892:7): [True: 0, False: 12] ------------------ 893| 0| return if_match(req, "TripleDES/CBC", {1, 2, 840, 113549, 3, 7}); 894| 0| case 0x33D04: ------------------ | Branch (894:7): [True: 0, False: 12] ------------------ 895| 0| return if_match(req, "PKCS12.SecretBag", {1, 2, 840, 113549, 1, 12, 10, 1, 5}); 896| 0| case 0x3615D: ------------------ | Branch (896:7): [True: 0, False: 12] ------------------ 897| 0| return if_match(req, "FrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}); 898| 0| case 0x361B8: ------------------ | Branch (898:7): [True: 0, False: 12] ------------------ 899| 0| return if_match(req, "Ed25519", {1, 3, 101, 112}); 900| 0| case 0x3649D: ------------------ | Branch (900:7): [True: 0, False: 12] ------------------ 901| 0| return if_match(req, "SHAKE-128", {2, 16, 840, 1, 101, 3, 4, 2, 11}); 902| 0| case 0x36693: ------------------ | Branch (902:7): [True: 0, False: 12] ------------------ 903| 0| return if_match(req, "ClassicMcEliece_348864", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}); 904| 0| case 0x373C7: ------------------ | Branch (904:7): [True: 0, False: 12] ------------------ 905| 0| return if_match(req, "ML-DSA-4x4", {2, 16, 840, 1, 101, 3, 4, 3, 17}); 906| 0| case 0x3750B: ------------------ | Branch (906:7): [True: 0, False: 12] ------------------ 907| 0| return if_match(req, "ClassicMcEliece_8192128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}); 908| 0| case 0x39890: ------------------ | Branch (908:7): [True: 0, False: 12] ------------------ 909| 0| return if_match(req, "Ed448", {1, 3, 101, 113}); 910| 0| case 0x3A438: ------------------ | Branch (910:7): [True: 0, False: 12] ------------------ 911| 0| return if_match(req, "SHA-384", {2, 16, 840, 1, 101, 3, 4, 2, 2}); 912| 0| case 0x3A963: ------------------ | Branch (912:7): [True: 0, False: 12] ------------------ 913| 0| return if_match(req, "DH", {1, 2, 840, 10046, 2, 1}); 914| 0| case 0x3AC83: ------------------ | Branch (914:7): [True: 0, False: 12] ------------------ 915| 0| return if_match(req, "MGF1", {1, 2, 840, 113549, 1, 1, 8}); 916| 0| case 0x3ACBA: ------------------ | Branch (916:7): [True: 0, False: 12] ------------------ 917| 0| return if_match(req, "X509v3.IssuerAlternativeName", {2, 5, 29, 18}); 918| 0| case 0x3B273: ------------------ | Branch (918:7): [True: 0, False: 12] ------------------ 919| 0| return if_match(req, "KeyWrap.TripleDES", {1, 2, 840, 113549, 1, 9, 16, 3, 6}); 920| 0| case 0x3B91E: ------------------ | Branch (920:7): [True: 0, False: 12] ------------------ 921| 0| return if_match(req, "X509v3.PrivateKeyUsagePeriod", {2, 5, 29, 16}); 922| 0| case 0x3BC8A: ------------------ | Branch (922:7): [True: 0, False: 12] ------------------ 923| 0| return if_match(req, "SLH-DSA-SHAKE-192f", {2, 16, 840, 1, 101, 3, 4, 3, 29}); 924| 0| case 0x3BC97: ------------------ | Branch (924:7): [True: 0, False: 12] ------------------ 925| 0| return if_match(req, "SLH-DSA-SHAKE-192s", {2, 16, 840, 1, 101, 3, 4, 3, 28}); 926| 0| case 0x3D127: ------------------ | Branch (926:7): [True: 0, False: 12] ------------------ 927| 0| return if_match(req, "DSA", {1, 2, 840, 10040, 4, 1}); 928| 0| case 0x3E249: ------------------ | Branch (928:7): [True: 0, False: 12] ------------------ 929| 0| return if_match(req, "HSS-LMS", {1, 2, 840, 113549, 1, 9, 16, 3, 17}); 930| 0| case 0x3E7D5: ------------------ | Branch (930:7): [True: 0, False: 12] ------------------ 931| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(256))", {2, 16, 840, 1, 101, 3, 4, 3, 14}); 932| 0| case 0x3F748: ------------------ | Branch (932:7): [True: 0, False: 12] ------------------ 933| 0| return if_match(req, "GOST.OGRN", {1, 2, 643, 100, 1}); 934| 0| case 0x3F99F: ------------------ | Branch (934:7): [True: 0, False: 12] ------------------ 935| 0| return if_match(req, "X509v3.BasicConstraints", {2, 5, 29, 19}); 936| 0| case 0x40726: ------------------ | Branch (936:7): [True: 0, False: 12] ------------------ 937| 0| return if_match(req, "SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 2, 10}); 938| 0| case 0x407BF: ------------------ | Branch (938:7): [True: 0, False: 12] ------------------ 939| 0| return if_match(req, "ML-KEM-768", {2, 16, 840, 1, 101, 3, 4, 4, 2}); 940| 0| case 0x41334: ------------------ | Branch (940:7): [True: 0, False: 12] ------------------ 941| 0| return if_match(req, "ECDSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 11}); 942| 0| case 0x42DF3: ------------------ | Branch (942:7): [True: 0, False: 12] ------------------ 943| 0| return if_match(req, "X509v3.CRLDistributionPoints", {2, 5, 29, 31}); 944| 0| case 0x437FB: ------------------ | Branch (944:7): [True: 0, False: 12] ------------------ 945| 0| return if_match(req, "brainpool160r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}); 946| 0| case 0x441F5: ------------------ | Branch (946:7): [True: 0, False: 12] ------------------ 947| 0| return if_match(req, "gost_256A", {1, 2, 643, 7, 1, 2, 1, 1, 1}); 948| 0| case 0x441F6: ------------------ | Branch (948:7): [True: 0, False: 12] ------------------ 949| 0| return if_match(req, "gost_256B", {1, 2, 643, 7, 1, 2, 1, 1, 2}); 950| 0| case 0x44221: ------------------ | Branch (950:7): [True: 0, False: 12] ------------------ 951| 0| return if_match(req, "GOST-34.10-2012-512/Streebog-512", {1, 2, 643, 7, 1, 1, 3, 3}); 952| 0| case 0x44322: ------------------ | Branch (952:7): [True: 0, False: 12] ------------------ 953| 0| return if_match(req, "ClassicMcEliece_6960119pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}); 954| 0| case 0x44973: ------------------ | Branch (954:7): [True: 0, False: 12] ------------------ 955| 0| return if_match(req, "Kyber-512-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}); 956| 0| case 0x45C27: ------------------ | Branch (956:7): [True: 0, False: 12] ------------------ 957| 0| return if_match(req, "RSA/PKCS1v15(SHA-512-256)", {1, 2, 840, 113549, 1, 1, 16}); 958| 0| case 0x45C85: ------------------ | Branch (958:7): [True: 0, False: 12] ------------------ 959| 0| return if_match(req, "X509v3.ReasonCode", {2, 5, 29, 21}); 960| 0| case 0x45DA5: ------------------ | Branch (960:7): [True: 0, False: 12] ------------------ 961| 0| return if_match(req, "SHAKE-256", {2, 16, 840, 1, 101, 3, 4, 2, 12}); 962| 0| case 0x4663C: ------------------ | Branch (962:7): [True: 0, False: 12] ------------------ 963| 0| return if_match(req, "X509v3.PolicyConstraints", {2, 5, 29, 36}); 964| 0| case 0x480F7: ------------------ | Branch (964:7): [True: 0, False: 12] ------------------ 965| 0| return if_match(req, "Serpent/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}); 966| 0| case 0x48627: ------------------ | Branch (966:7): [True: 0, False: 12] ------------------ 967| 0| return if_match(req, "Dilithium-4x4-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}); 968| 0| case 0x48861: ------------------ | Branch (968:7): [True: 0, False: 12] ------------------ 969| 0| return if_match(req, "ChaCha20Poly1305", {1, 2, 840, 113549, 1, 9, 16, 3, 18}); 970| 1| case 0x4A292: ------------------ | Branch (970:7): [True: 1, False: 11] ------------------ 971| 1| return if_match(req, "frp256v1", {1, 2, 250, 1, 223, 101, 256, 1}); 972| 0| case 0x4A9EE: ------------------ | Branch (972:7): [True: 0, False: 12] ------------------ 973| 0| return if_match(req, "ClassicMcEliece_6960119f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}); 974| 0| case 0x4BF87: ------------------ | Branch (974:7): [True: 0, False: 12] ------------------ 975| 0| return if_match(req, "PKIX.TNAuthList", {1, 3, 6, 1, 5, 5, 7, 1, 26}); 976| 0| case 0x4C088: ------------------ | Branch (976:7): [True: 0, False: 12] ------------------ 977| 0| return if_match(req, "eFrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}); 978| 0| case 0x4C513: ------------------ | Branch (978:7): [True: 0, False: 12] ------------------ 979| 0| return if_match(req, "DSA/SHA-224", {2, 16, 840, 1, 101, 3, 4, 3, 1}); 980| 0| case 0x4C806: ------------------ | Branch (980:7): [True: 0, False: 12] ------------------ 981| 0| return if_match(req, "DSA/SHA-256", {2, 16, 840, 1, 101, 3, 4, 3, 2}); 982| 0| case 0x4D740: ------------------ | Branch (982:7): [True: 0, False: 12] ------------------ 983| 0| return if_match(req, "X509v3.AnyPolicy", {2, 5, 29, 32, 0}); 984| 0| case 0x4DE49: ------------------ | Branch (984:7): [True: 0, False: 12] ------------------ 985| 0| return if_match(req, "RSA/PKCS1v15(SHA-512)", {1, 2, 840, 113549, 1, 1, 13}); 986| 0| case 0x4ED5D: ------------------ | Branch (986:7): [True: 0, False: 12] ------------------ 987| 0| return if_match(req, "CAST-128/CBC", {1, 2, 840, 113533, 7, 66, 10}); 988| 0| case 0x4FCDC: ------------------ | Branch (988:7): [True: 0, False: 12] ------------------ 989| 0| return if_match(req, "RSA", {1, 2, 840, 113549, 1, 1, 1}); 990| 0| case 0x501CB: ------------------ | Branch (990:7): [True: 0, False: 12] ------------------ 991| 0| return if_match(req, "ECDSA/SHA-224", {1, 2, 840, 10045, 4, 3, 1}); 992| 0| case 0x50395: ------------------ | Branch (992:7): [True: 0, False: 12] ------------------ 993| 0| return if_match(req, "GOST-34.10/GOST-R-34.11-94", {1, 2, 643, 2, 2, 3}); 994| 0| case 0x504BE: ------------------ | Branch (994:7): [True: 0, False: 12] ------------------ 995| 0| return if_match(req, "ECDSA/SHA-256", {1, 2, 840, 10045, 4, 3, 2}); 996| 0| case 0x509C3: ------------------ | Branch (996:7): [True: 0, False: 12] ------------------ 997| 0| return if_match(req, "brainpool192r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}); 998| 0| case 0x509F9: ------------------ | Branch (998:7): [True: 0, False: 12] ------------------ 999| 0| return if_match(req, "PKCS9.ContentType", {1, 2, 840, 113549, 1, 9, 3}); 1000| 0| case 0x50B26: ------------------ | Branch (1000:7): [True: 0, False: 12] ------------------ 1001| 0| return if_match(req, "FrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}); 1002| 0| case 0x50D78: ------------------ | Branch (1002:7): [True: 0, False: 12] ------------------ 1003| 0| return if_match(req, "x962_p192v2", {1, 2, 840, 10045, 3, 1, 2}); 1004| 0| case 0x50D79: ------------------ | Branch (1004:7): [True: 0, False: 12] ------------------ 1005| 0| return if_match(req, "x962_p192v3", {1, 2, 840, 10045, 3, 1, 3}); 1006| 0| case 0x51DC6: ------------------ | Branch (1006:7): [True: 0, False: 12] ------------------ 1007| 0| return if_match(req, "AES-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}); 1008| 0| case 0x52DB6: ------------------ | Branch (1008:7): [True: 0, False: 12] ------------------ 1009| 0| return if_match(req, "HMAC(SHA-224)", {1, 2, 840, 113549, 2, 8}); 1010| 0| case 0x53E11: ------------------ | Branch (1010:7): [True: 0, False: 12] ------------------ 1011| 0| return if_match(req, "FrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}); 1012| 0| case 0x54012: ------------------ | Branch (1012:7): [True: 0, False: 12] ------------------ 1013| 0| return if_match(req, "PKIX.TimeStamping", {1, 3, 6, 1, 5, 5, 7, 3, 8}); 1014| 0| case 0x5407A: ------------------ | Branch (1014:7): [True: 0, False: 12] ------------------ 1015| 0| return if_match(req, "Serpent/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 1}); 1016| 0| case 0x5576D: ------------------ | Branch (1016:7): [True: 0, False: 12] ------------------ 1017| 0| return if_match(req, "SphincsPlus-sha2-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}); 1018| 0| case 0x55EF6: ------------------ | Branch (1018:7): [True: 0, False: 12] ------------------ 1019| 0| return if_match(req, "AES-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}); 1020| 0| case 0x55FFA: ------------------ | Branch (1020:7): [True: 0, False: 12] ------------------ 1021| 0| return if_match(req, "ML-DSA-6x5", {2, 16, 840, 1, 101, 3, 4, 3, 18}); 1022| 0| case 0x56826: ------------------ | Branch (1022:7): [True: 0, False: 12] ------------------ 1023| 0| return if_match(req, "brainpool320r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}); 1024| 0| case 0x56D0D: ------------------ | Branch (1024:7): [True: 0, False: 12] ------------------ 1025| 0| return if_match(req, "SphincsPlus-shake-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}); 1026| 0| case 0x57077: ------------------ | Branch (1026:7): [True: 0, False: 12] ------------------ 1027| 0| return if_match(req, "XMSS-draft6", {1, 3, 6, 1, 4, 1, 25258, 1, 5}); 1028| 0| case 0x5818B: ------------------ | Branch (1028:7): [True: 0, False: 12] ------------------ 1029| 0| return if_match(req, "ECGDSA/SHA-224", {1, 3, 36, 3, 3, 2, 5, 4, 3}); 1030| 0| case 0x5847E: ------------------ | Branch (1030:7): [True: 0, False: 12] ------------------ 1031| 0| return if_match(req, "ECGDSA/SHA-256", {1, 3, 36, 3, 3, 2, 5, 4, 4}); 1032| 0| case 0x5898B: ------------------ | Branch (1032:7): [True: 0, False: 12] ------------------ 1033| 0| return if_match(req, "SHA-512", {2, 16, 840, 1, 101, 3, 4, 2, 3}); 1034| 0| case 0x58991: ------------------ | Branch (1034:7): [True: 0, False: 12] ------------------ 1035| 0| return if_match(req, "PKIX.OCSP.NoCheck", {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}); 1036| 0| case 0x59717: ------------------ | Branch (1036:7): [True: 0, False: 12] ------------------ 1037| 0| return if_match(req, "X509v3.SubjectKeyIdentifier", {2, 5, 29, 14}); 1038| 0| case 0x5A1E1: ------------------ | Branch (1038:7): [True: 0, False: 12] ------------------ 1039| 0| return if_match(req, "PKCS12.KeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 1}); 1040| 0| case 0x5A570: ------------------ | Branch (1040:7): [True: 0, False: 12] ------------------ 1041| 0| return if_match(req, "X520.CommonName", {2, 5, 4, 3}); 1042| 0| case 0x5A990: ------------------ | Branch (1042:7): [True: 0, False: 12] ------------------ 1043| 0| return if_match(req, "ECDSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 10}); 1044| 0| case 0x5AB0E: ------------------ | Branch (1044:7): [True: 0, False: 12] ------------------ 1045| 0| return if_match(req, "SphincsPlus-sha2-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}); 1046| 0| case 0x5AC4A: ------------------ | Branch (1046:7): [True: 0, False: 12] ------------------ 1047| 0| return if_match(req, "X520.Surname", {2, 5, 4, 4}); 1048| 0| case 0x5AF2C: ------------------ | Branch (1048:7): [True: 0, False: 12] ------------------ 1049| 0| return if_match(req, "ClassicMcEliece_8192128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}); 1050| 0| case 0x5BC39: ------------------ | Branch (1050:7): [True: 0, False: 12] ------------------ 1051| 0| return if_match(req, "X509v3.KeyUsage", {2, 5, 29, 15}); 1052| 0| case 0x5BDDB: ------------------ | Branch (1052:7): [True: 0, False: 12] ------------------ 1053| 0| return if_match(req, "numsp256d1", {1, 3, 6, 1, 4, 1, 25258, 4, 1}); 1054| 0| case 0x5C0AE: ------------------ | Branch (1054:7): [True: 0, False: 12] ------------------ 1055| 0| return if_match(req, "SphincsPlus-shake-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}); 1056| 0| case 0x5C10E: ------------------ | Branch (1056:7): [True: 0, False: 12] ------------------ 1057| 0| return if_match(req, "DSA/SHA-384", {2, 16, 840, 1, 101, 3, 4, 3, 3}); 1058| 0| case 0x5CFE5: ------------------ | Branch (1058:7): [True: 0, False: 12] ------------------ 1059| 0| return if_match(req, "PKCS9.X509Certificate", {1, 2, 840, 113549, 1, 9, 22, 1}); 1060| 0| case 0x5D1CF: ------------------ | Branch (1060:7): [True: 0, False: 12] ------------------ 1061| 0| return if_match(req, "X520.SerialNumber", {2, 5, 4, 5}); 1062| 0| case 0x5D375: ------------------ | Branch (1062:7): [True: 0, False: 12] ------------------ 1063| 0| return if_match(req, "SM4/OCB", {1, 2, 156, 10197, 1, 104, 100}); 1064| 0| case 0x5DD49: ------------------ | Branch (1064:7): [True: 0, False: 12] ------------------ 1065| 0| return if_match(req, "AES-128/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 2}); 1066| 0| case 0x5DE4E: ------------------ | Branch (1066:7): [True: 0, False: 12] ------------------ 1067| 0| return if_match(req, "AES-128/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 7}); 1068| 0| case 0x5DF23: ------------------ | Branch (1068:7): [True: 0, False: 12] ------------------ 1069| 0| return if_match(req, "HMAC(SHA-512-256)", {1, 2, 840, 113549, 2, 13}); 1070| 0| case 0x5ED04: ------------------ | Branch (1070:7): [True: 0, False: 12] ------------------ 1071| 0| return if_match(req, "SM2", {1, 2, 156, 10197, 1, 301, 1}); 1072| 0| case 0x5ED05: ------------------ | Branch (1072:7): [True: 0, False: 12] ------------------ 1073| 0| return if_match(req, "SM3", {1, 2, 156, 10197, 1, 401}); 1074| 0| case 0x5FDC6: ------------------ | Branch (1074:7): [True: 0, False: 12] ------------------ 1075| 0| return if_match(req, "ECDSA/SHA-384", {1, 2, 840, 10045, 4, 3, 3}); 1076| 0| case 0x6199F: ------------------ | Branch (1076:7): [True: 0, False: 12] ------------------ 1077| 0| return if_match(req, "SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 2, 7}); 1078| 0| case 0x61E79: ------------------ | Branch (1078:7): [True: 0, False: 12] ------------------ 1079| 0| return if_match(req, "AES-192/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 22}); 1080| 0| case 0x61F7E: ------------------ | Branch (1080:7): [True: 0, False: 12] ------------------ 1081| 0| return if_match(req, "AES-192/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 27}); 1082| 0| case 0x64947: ------------------ | Branch (1082:7): [True: 0, False: 12] ------------------ 1083| 0| return if_match(req, "OpenPGP.Ed25519", {1, 3, 6, 1, 4, 1, 11591, 15, 1}); 1084| 1| case 0x652E7: ------------------ | Branch (1084:7): [True: 1, False: 11] ------------------ 1085| 1| return if_match(req, "sm2p256v1", {1, 2, 156, 10197, 1, 301}); 1086| 0| case 0x6697B: ------------------ | Branch (1086:7): [True: 0, False: 12] ------------------ 1087| 0| return if_match(req, "FrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}); 1088| 0| case 0x67B2C: ------------------ | Branch (1088:7): [True: 0, False: 12] ------------------ 1089| 0| return if_match(req, "X520.State", {2, 5, 4, 8}); 1090| 0| case 0x67B9B: ------------------ | Branch (1090:7): [True: 0, False: 12] ------------------ 1091| 0| return if_match(req, "HMAC(SHA-384)", {1, 2, 840, 113549, 2, 10}); 1092| 0| case 0x67D86: ------------------ | Branch (1092:7): [True: 0, False: 12] ------------------ 1093| 0| return if_match(req, "ECGDSA/SHA-384", {1, 3, 36, 3, 3, 2, 5, 4, 5}); 1094| 0| case 0x68A0B: ------------------ | Branch (1094:7): [True: 0, False: 12] ------------------ 1095| 0| return if_match(req, "Camellia-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}); 1096| 0| case 0x68E33: ------------------ | Branch (1096:7): [True: 0, False: 12] ------------------ 1097| 0| return if_match(req, "PKCS9.ExtensionRequest", {1, 2, 840, 113549, 1, 9, 14}); 1098| 0| case 0x69126: ------------------ | Branch (1098:7): [True: 0, False: 12] ------------------ 1099| 0| return if_match(req, "X509v3.SubjectAlternativeName", {2, 5, 29, 17}); 1100| 0| case 0x692F8: ------------------ | Branch (1100:7): [True: 0, False: 12] ------------------ 1101| 0| return if_match(req, "SM4/CBC", {1, 2, 156, 10197, 1, 104, 2}); 1102| 0| case 0x695E1: ------------------ | Branch (1102:7): [True: 0, False: 12] ------------------ 1103| 0| return if_match(req, "Dilithium-4x4-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}); 1104| 0| case 0x696DC: ------------------ | Branch (1104:7): [True: 0, False: 12] ------------------ 1105| 0| return if_match(req, "PKIX.IpAddrBlocks", {1, 3, 6, 1, 5, 5, 7, 1, 7}); 1106| 0| case 0x6A7CA: ------------------ | Branch (1106:7): [True: 0, False: 12] ------------------ 1107| 0| return if_match(req, "ECDSA", {1, 2, 840, 10045, 2, 1}); 1108| 0| case 0x6BD26: ------------------ | Branch (1108:7): [True: 0, False: 12] ------------------ 1109| 0| return if_match(req, "GOST.INN", {1, 2, 643, 3, 131, 1, 1}); 1110| 0| case 0x6CB3B: ------------------ | Branch (1110:7): [True: 0, False: 12] ------------------ 1111| 0| return if_match(req, "Camellia-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}); 1112| 0| case 0x6E602: ------------------ | Branch (1112:7): [True: 0, False: 12] ------------------ 1113| 0| return if_match(req, "Dilithium-8x7-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}); 1114| 0| case 0x6F0C2: ------------------ | Branch (1114:7): [True: 0, False: 12] ------------------ 1115| 0| return if_match(req, "RSA/PKCS1v15(SHA-224)", {1, 2, 840, 113549, 1, 1, 14}); 1116| 0| case 0x6F9F8: ------------------ | Branch (1116:7): [True: 0, False: 12] ------------------ 1117| 0| return if_match(req, "PKCS12.SafeContentsBag", {1, 2, 840, 113549, 1, 12, 10, 1, 6}); 1118| 0| case 0x6FB26: ------------------ | Branch (1118:7): [True: 0, False: 12] ------------------ 1119| 0| return if_match(req, "PKIX.AuthorityInformationAccess", {1, 3, 6, 1, 5, 5, 7, 1, 1}); 1120| 1| case 0x70BB6: ------------------ | Branch (1120:7): [True: 1, False: 11] ------------------ 1121| 1| return if_match(req, "brainpool384r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}); 1122| 0| case 0x70EA6: ------------------ | Branch (1122:7): [True: 0, False: 12] ------------------ 1123| 0| return if_match(req, "PKCS12.PKCS8ShroudedKeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 2}); 1124| 0| case 0x71EB3: ------------------ | Branch (1124:7): [True: 0, False: 12] ------------------ 1125| 0| return if_match(req, "SphincsPlus-haraka-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}); 1126| 0| case 0x7382C: ------------------ | Branch (1126:7): [True: 0, False: 12] ------------------ 1127| 0| return if_match(req, "ML-KEM-1024", {2, 16, 840, 1, 101, 3, 4, 4, 3}); 1128| 0| case 0x743BD: ------------------ | Branch (1128:7): [True: 0, False: 12] ------------------ 1129| 0| return if_match(req, "AES-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}); 1130| 0| case 0x7498E: ------------------ | Branch (1130:7): [True: 0, False: 12] ------------------ 1131| 0| return if_match(req, "Camellia-128/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 2}); 1132| 0| case 0x74C2E: ------------------ | Branch (1132:7): [True: 0, False: 12] ------------------ 1133| 0| return if_match(req, "ML-DSA-8x7", {2, 16, 840, 1, 101, 3, 4, 3, 19}); 1134| 0| case 0x7505F: ------------------ | Branch (1134:7): [True: 0, False: 12] ------------------ 1135| 0| return if_match(req, "PKIX.XMPPAddr", {1, 3, 6, 1, 5, 5, 7, 8, 5}); 1136| 0| case 0x7517A: ------------------ | Branch (1136:7): [True: 0, False: 12] ------------------ 1137| 0| return if_match(req, "RSA/PKCS1v15(MD2)", {1, 2, 840, 113549, 1, 1, 2}); 1138| 0| case 0x7546B: ------------------ | Branch (1138:7): [True: 0, False: 12] ------------------ 1139| 0| return if_match(req, "RSA/PKCS1v15(MD5)", {1, 2, 840, 113549, 1, 1, 4}); 1140| 0| case 0x75921: ------------------ | Branch (1140:7): [True: 0, False: 12] ------------------ 1141| 0| return if_match(req, "ClassicMcEliece_348864f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}); 1142| 0| case 0x76784: ------------------ | Branch (1142:7): [True: 0, False: 12] ------------------ 1143| 0| return if_match(req, "SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 2, 9}); 1144| 0| case 0x768FD: ------------------ | Branch (1144:7): [True: 0, False: 12] ------------------ 1145| 0| return if_match(req, "PKCS9.LocalKeyId", {1, 2, 840, 113549, 1, 9, 21}); 1146| 1| case 0x76A19: ------------------ | Branch (1146:7): [True: 1, False: 11] ------------------ 1147| 1| return if_match(req, "brainpool512r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}); 1148| 0| case 0x77254: ------------------ | Branch (1148:7): [True: 0, False: 12] ------------------ 1149| 0| return if_match(req, "SphincsPlus-haraka-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}); 1150| 0| case 0x77ADC: ------------------ | Branch (1150:7): [True: 0, False: 12] ------------------ 1151| 0| return if_match(req, "secp224k1", {1, 3, 132, 0, 32}); 1152| 1| case 0x781B9: ------------------ | Branch (1152:7): [True: 1, False: 11] ------------------ 1153| 1| return if_match(req, "secp224r1", {1, 3, 132, 0, 33}); 1154| 0| case 0x78ABE: ------------------ | Branch (1154:7): [True: 0, False: 12] ------------------ 1155| 0| return if_match(req, "Camellia-192/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 3}); 1156| 0| case 0x792F2: ------------------ | Branch (1156:7): [True: 0, False: 12] ------------------ 1157| 0| return if_match(req, "ClassicMcEliece_6688128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}); 1158| 0| case 0x7A661: ------------------ | Branch (1158:7): [True: 0, False: 12] ------------------ 1159| 0| return if_match(req, "DSA/SHA-512", {2, 16, 840, 1, 101, 3, 4, 3, 4}); 1160| 0| case 0x7A977: ------------------ | Branch (1160:7): [True: 0, False: 12] ------------------ 1161| 0| return if_match(req, "X509v3.ExtendedKeyUsage", {2, 5, 29, 37}); 1162| 0| case 0x7AE67: ------------------ | Branch (1162:7): [True: 0, False: 12] ------------------ 1163| 0| return if_match(req, "SM2_Enc", {1, 2, 156, 10197, 1, 301, 3}); 1164| 0| case 0x7B602: ------------------ | Branch (1164:7): [True: 0, False: 12] ------------------ 1165| 0| return if_match(req, "Twofish/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}); 1166| 0| case 0x7B9A1: ------------------ | Branch (1166:7): [True: 0, False: 12] ------------------ 1167| 0| return if_match(req, "SphincsPlus-sha2-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}); 1168| 0| case 0x7BB0A: ------------------ | Branch (1168:7): [True: 0, False: 12] ------------------ 1169| 0| return if_match(req, "SLH-DSA-SHAKE-256f", {2, 16, 840, 1, 101, 3, 4, 3, 31}); 1170| 0| case 0x7BB17: ------------------ | Branch (1170:7): [True: 0, False: 12] ------------------ 1171| 0| return if_match(req, "SLH-DSA-SHAKE-256s", {2, 16, 840, 1, 101, 3, 4, 3, 30}); 1172| 0| case 0x7BCF3: ------------------ | Branch (1172:7): [True: 0, False: 12] ------------------ 1173| 0| return if_match(req, "PKIX.EmailProtection", {1, 3, 6, 1, 5, 5, 7, 3, 4}); 1174| 0| case 0x7CC2C: ------------------ | Branch (1174:7): [True: 0, False: 12] ------------------ 1175| 0| return if_match(req, "SHA-512-256", {2, 16, 840, 1, 101, 3, 4, 2, 6}); 1176| 0| case 0x7CF41: ------------------ | Branch (1176:7): [True: 0, False: 12] ------------------ 1177| 0| return if_match(req, "SphincsPlus-shake-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}); 1178| 0| case 0x7DB91: ------------------ | Branch (1178:7): [True: 0, False: 12] ------------------ 1179| 0| return if_match(req, "GOST-34.10", {1, 2, 643, 2, 2, 19}); 1180| 0| case 0x7E319: ------------------ | Branch (1180:7): [True: 0, False: 12] ------------------ 1181| 0| return if_match(req, "ECDSA/SHA-512", {1, 2, 840, 10045, 4, 3, 4}); 1182| 0| case 0x7E874: ------------------ | Branch (1182:7): [True: 0, False: 12] ------------------ 1183| 0| return if_match(req, "ClassicMcEliece_6688128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}); 1184| 0| case 0x7EAAF: ------------------ | Branch (1184:7): [True: 0, False: 12] ------------------ 1185| 0| return if_match(req, "eFrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}); 1186| 0| case 0x7F51F: ------------------ | Branch (1186:7): [True: 0, False: 12] ------------------ 1187| 0| return if_match(req, "PKIX.IPsecTunnel", {1, 3, 6, 1, 5, 5, 7, 3, 6}); 1188| 0| case 0x80272: ------------------ | Branch (1188:7): [True: 0, False: 12] ------------------ 1189| 0| return if_match(req, "X520.Organization", {2, 5, 4, 10}); 1190| 0| case 0x80340: ------------------ | Branch (1190:7): [True: 0, False: 12] ------------------ 1191| 0| return if_match(req, "AES-256/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 42}); 1192| 0| case 0x80445: ------------------ | Branch (1192:7): [True: 0, False: 12] ------------------ 1193| 0| return if_match(req, "AES-256/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 47}); 1194| 0| case 0x811F7: ------------------ | Branch (1194:7): [True: 0, False: 12] ------------------ 1195| 0| return if_match(req, "HMAC(SHA-256)", {1, 2, 840, 113549, 2, 9}); 1196| 0| case 0x82434: ------------------ | Branch (1196:7): [True: 0, False: 12] ------------------ 1197| 0| return if_match(req, "PKCS9.X509CRL", {1, 2, 840, 113549, 1, 9, 23, 1}); 1198| 0| case 0x82B47: ------------------ | Branch (1198:7): [True: 0, False: 12] ------------------ 1199| 0| return if_match(req, "Threefish-512/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 2}); 1200| 0| case 0x83EA7: ------------------ | Branch (1200:7): [True: 0, False: 12] ------------------ 1201| 0| return if_match(req, "RSA/PKCS1v15(SHA-384)", {1, 2, 840, 113549, 1, 1, 12}); 1202| 0| case 0x84596: ------------------ | Branch (1202:7): [True: 0, False: 12] ------------------ 1203| 0| return if_match(req, "eFrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}); 1204| 0| case 0x8469F: ------------------ | Branch (1204:7): [True: 0, False: 12] ------------------ 1205| 0| return if_match(req, "ClassicMcEliece_6960119pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}); 1206| 1| case 0x84CA4: ------------------ | Branch (1206:7): [True: 1, False: 11] ------------------ 1207| 1| return if_match(req, "secp256k1", {1, 3, 132, 0, 10}); 1208| 1| case 0x85381: ------------------ | Branch (1208:7): [True: 1, False: 11] ------------------ 1209| 1| return if_match(req, "secp256r1", {1, 2, 840, 10045, 3, 1, 7}); 1210| 0| case 0x854FC: ------------------ | Branch (1210:7): [True: 0, False: 12] ------------------ 1211| 0| return if_match(req, "PKIX.IPsecUser", {1, 3, 6, 1, 5, 5, 7, 3, 7}); 1212| 0| case 0x85F51: ------------------ | Branch (1212:7): [True: 0, False: 12] ------------------ 1213| 0| return if_match(req, "Serpent/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}); 1214| 0| case 0x862D9: ------------------ | Branch (1214:7): [True: 0, False: 12] ------------------ 1215| 0| return if_match(req, "ECGDSA/SHA-512", {1, 3, 36, 3, 3, 2, 5, 4, 6}); 1216| 0| case 0x87585: ------------------ | Branch (1216:7): [True: 0, False: 12] ------------------ 1217| 0| return if_match(req, "Twofish/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 3}); 1218| 0| case 0x877D1: ------------------ | Branch (1218:7): [True: 0, False: 12] ------------------ 1219| 0| return if_match(req, "PKCS9.EmailAddress", {1, 2, 840, 113549, 1, 9, 1}); 1220| 0| case 0x87D27: ------------------ | Branch (1220:7): [True: 0, False: 12] ------------------ 1221| 0| return if_match(req, "PKIX.CertificateAuthorityIssuers", {1, 3, 6, 1, 5, 5, 7, 48, 2}); 1222| 0| case 0x87E42: ------------------ | Branch (1222:7): [True: 0, False: 12] ------------------ 1223| 0| return if_match(req, "X509v3.AuthorityKeyIdentifier", {2, 5, 29, 35}); 1224| 0| case 0x889B1: ------------------ | Branch (1224:7): [True: 0, False: 12] ------------------ 1225| 0| return if_match(req, "ECDSA/SHA-1", {1, 2, 840, 10045, 4, 1}); 1226| 0| case 0x89658: ------------------ | Branch (1226:7): [True: 0, False: 12] ------------------ 1227| 0| return if_match(req, "PBE-PKCS5v20", {1, 2, 840, 113549, 1, 5, 13}); 1228| 0| case 0x8976D: ------------------ | Branch (1228:7): [True: 0, False: 12] ------------------ 1229| 0| return if_match(req, "PKCS9.MessageDigest", {1, 2, 840, 113549, 1, 9, 4}); 1230| 0| case 0x8B002: ------------------ | Branch (1230:7): [True: 0, False: 12] ------------------ 1231| 0| return if_match(req, "Camellia-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}); 1232| 0| case 0x8B935: ------------------ | Branch (1232:7): [True: 0, False: 12] ------------------ 1233| 0| return if_match(req, "ClassicMcEliece_6688128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}); 1234| 0| case 0x8BB11: ------------------ | Branch (1234:7): [True: 0, False: 12] ------------------ 1235| 0| return if_match(req, "X509v3.NoRevocationAvailable", {2, 5, 29, 56}); 1236| 0| case 0x8CE3D: ------------------ | Branch (1236:7): [True: 0, False: 12] ------------------ 1237| 0| return if_match(req, "PKCS9.ChallengePassword", {1, 2, 840, 113549, 1, 9, 7}); 1238| 0| case 0x8D45C: ------------------ | Branch (1238:7): [True: 0, False: 12] ------------------ 1239| 0| return if_match(req, "ECKCDSA", {1, 0, 14888, 3, 0, 5}); 1240| 0| case 0x8E0C1: ------------------ | Branch (1240:7): [True: 0, False: 12] ------------------ 1241| 0| return if_match(req, "X509v3.CertificatePolicies", {2, 5, 29, 32}); 1242| 0| case 0x8E39A: ------------------ | Branch (1242:7): [True: 0, False: 12] ------------------ 1243| 0| return if_match(req, "HSS-LMS-Private-Key", {1, 3, 6, 1, 4, 1, 25258, 1, 13}); 1244| 0| case 0x8EC51: ------------------ | Branch (1244:7): [True: 0, False: 12] ------------------ 1245| 0| return if_match(req, "Kyber-768-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}); 1246| 0| case 0x8F94A: ------------------ | Branch (1246:7): [True: 0, False: 12] ------------------ 1247| 0| return if_match(req, "Dilithium-6x5-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}); 1248| 0| case 0x8FC20: ------------------ | Branch (1248:7): [True: 0, False: 12] ------------------ 1249| 0| return if_match(req, "AES-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}); 1250| 0| case 0x8FDE0: ------------------ | Branch (1250:7): [True: 0, False: 12] ------------------ 1251| 0| return if_match(req, "SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 2, 8}); 1252| 0| case 0x919E3: ------------------ | Branch (1252:7): [True: 0, False: 12] ------------------ 1253| 0| return if_match(req, "Serpent/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 101}); 1254| 0| case 0x91C1A: ------------------ | Branch (1254:7): [True: 0, False: 12] ------------------ 1255| 0| return if_match(req, "X25519", {1, 3, 101, 110}); 1256| 0| case 0x91DC4: ------------------ | Branch (1256:7): [True: 0, False: 12] ------------------ 1257| 0| return if_match(req, "McEliece", {1, 3, 6, 1, 4, 1, 25258, 1, 3}); 1258| 0| case 0x93467: ------------------ | Branch (1258:7): [True: 0, False: 12] ------------------ 1259| 0| return if_match(req, "Dilithium-6x5-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}); 1260| 0| case 0x93D50: ------------------ | Branch (1260:7): [True: 0, False: 12] ------------------ 1261| 0| return if_match(req, "AES-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}); 1262| 0| case 0x95166: ------------------ | Branch (1262:7): [True: 0, False: 12] ------------------ 1263| 0| return if_match(req, "SLH-DSA-SHAKE-128f", {2, 16, 840, 1, 101, 3, 4, 3, 27}); 1264| 0| case 0x95173: ------------------ | Branch (1264:7): [True: 0, False: 12] ------------------ 1265| 0| return if_match(req, "SLH-DSA-SHAKE-128s", {2, 16, 840, 1, 101, 3, 4, 3, 26}); 1266| 0| case 0x952D6: ------------------ | Branch (1266:7): [True: 0, False: 12] ------------------ 1267| 0| return if_match(req, "PKIX.OCSP", {1, 3, 6, 1, 5, 5, 7, 48, 1}); 1268| 0| case 0x959B9: ------------------ | Branch (1268:7): [True: 0, False: 12] ------------------ 1269| 0| return if_match(req, "PKIX.IPsecEndSystem", {1, 3, 6, 1, 5, 5, 7, 3, 5}); 1270| 0| case 0x96F85: ------------------ | Branch (1270:7): [True: 0, False: 12] ------------------ 1271| 0| return if_match(req, "Camellia-256/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 4}); 1272| 0| case 0x97D5E: ------------------ | Branch (1272:7): [True: 0, False: 12] ------------------ 1273| 0| return if_match(req, "HMAC(SHA-1)", {1, 2, 840, 113549, 2, 7}); 1274| 0| case 0x9805C: ------------------ | Branch (1274:7): [True: 0, False: 12] ------------------ 1275| 0| return if_match(req, "SEED/CBC", {1, 2, 410, 200004, 1, 4}); 1276| 0| case 0x980E7: ------------------ | Branch (1276:7): [True: 0, False: 12] ------------------ 1277| 0| return if_match(req, "SphincsPlus-haraka-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}); 1278| 0| case 0x980F5: ------------------ | Branch (1278:7): [True: 0, False: 12] ------------------ 1279| 0| return if_match(req, "GOST.SubjectSigningTool", {1, 2, 643, 100, 111}); 1280| 0| case 0x98B03: ------------------ | Branch (1280:7): [True: 0, False: 12] ------------------ 1281| 0| return if_match(req, "XMSS", {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}); 1282| 0| case 0x9A6B2: ------------------ | Branch (1282:7): [True: 0, False: 12] ------------------ 1283| 0| return if_match(req, "ECKCDSA/SHA-1", {1, 2, 410, 200004, 1, 100, 4, 3}); 1284| 0| case 0x9B1CF: ------------------ | Branch (1284:7): [True: 0, False: 12] ------------------ 1285| 0| return if_match(req, "SM4/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}); 1286| 0| case 0x9B6B2: ------------------ | Branch (1286:7): [True: 0, False: 12] ------------------ 1287| 0| return if_match(req, "AES-128/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 6}); 1288| 0| case 0x9B6BB: ------------------ | Branch (1288:7): [True: 0, False: 12] ------------------ 1289| 0| return if_match(req, "X520.OrganizationalUnit", {2, 5, 4, 11}); 1290| 0| case 0x9B851: ------------------ | Branch (1290:7): [True: 0, False: 12] ------------------ 1291| 0| return if_match(req, "OpenPGP.Curve25519", {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}); 1292| 0| case 0x9C80B: ------------------ | Branch (1292:7): [True: 0, False: 12] ------------------ 1293| 0| return if_match(req, "SLH-DSA-SHA2-192f", {2, 16, 840, 1, 101, 3, 4, 3, 23}); 1294| 0| case 0x9C818: ------------------ | Branch (1294:7): [True: 0, False: 12] ------------------ 1295| 0| return if_match(req, "SLH-DSA-SHA2-192s", {2, 16, 840, 1, 101, 3, 4, 3, 22}); 1296| 0| case 0x9CD2B: ------------------ | Branch (1296:7): [True: 0, False: 12] ------------------ 1297| 0| return if_match(req, "Scrypt", {1, 3, 6, 1, 4, 1, 11591, 4, 11}); 1298| 0| case 0x9CDE1: ------------------ | Branch (1298:7): [True: 0, False: 12] ------------------ 1299| 0| return if_match(req, "GOST-34.10-2012-256/SHA-256", {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}); 1300| 0| case 0x9CF73: ------------------ | Branch (1300:7): [True: 0, False: 12] ------------------ 1301| 0| return if_match(req, "ClassicMcEliece_460896f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}); 1302| 0| case 0x9D354: ------------------ | Branch (1302:7): [True: 0, False: 12] ------------------ 1303| 0| return if_match(req, "RIPEMD-160", {1, 3, 36, 3, 2, 1}); 1304| 0| case 0x9D503: ------------------ | Branch (1304:7): [True: 0, False: 12] ------------------ 1305| 0| return if_match(req, "RSA/PKCS1v15(SHA-256)", {1, 2, 840, 113549, 1, 1, 11}); 1306| 0| case 0x9EC88: ------------------ | Branch (1306:7): [True: 0, False: 12] ------------------ 1307| 0| return if_match(req, "DSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 8}); 1308| 0| case 0x9EF36: ------------------ | Branch (1308:7): [True: 0, False: 12] ------------------ 1309| 0| return if_match(req, "ClassicMcEliece_6960119", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}); 1310| 0| case 0x9F764: ------------------ | Branch (1310:7): [True: 0, False: 12] ------------------ 1311| 0| return if_match(req, "X448", {1, 3, 101, 111}); 1312| 0| case 0x9F7E2: ------------------ | Branch (1312:7): [True: 0, False: 12] ------------------ 1313| 0| return if_match(req, "AES-192/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 26}); 1314| 0| case 0x9F9C5: ------------------ | Branch (1314:7): [True: 0, False: 12] ------------------ 1315| 0| return if_match(req, "ClassicMcEliece_6688128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}); 1316| 0| case 0xA0805: ------------------ | Branch (1316:7): [True: 0, False: 12] ------------------ 1317| 0| return if_match(req, "PKCS9.SDSICertificate", {1, 2, 840, 113549, 1, 9, 22, 2}); 1318| 0| case 0xA2B5B: ------------------ | Branch (1318:7): [True: 0, False: 12] ------------------ 1319| 0| return if_match(req, "X509v3.CRLNumber", {2, 5, 29, 20}); 1320| 0| case 0xA3005: ------------------ | Branch (1320:7): [True: 0, False: 12] ------------------ 1321| 0| return if_match(req, "X520.Title", {2, 5, 4, 12}); 1322| 0| case 0xA323F: ------------------ | Branch (1322:7): [True: 0, False: 12] ------------------ 1323| 0| return if_match(req, "X509v3.NameConstraints", {2, 5, 29, 30}); 1324| 0| case 0xA3C55: ------------------ | Branch (1324:7): [True: 0, False: 12] ------------------ 1325| 0| return if_match(req, "X520.Pseudonym", {2, 5, 4, 65}); 1326| 0| case 0xA4809: ------------------ | Branch (1326:7): [True: 0, False: 12] ------------------ 1327| 0| return if_match(req, "SphincsPlus-sha2-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}); 1328| 1| case 0xA57AF: ------------------ | Branch (1328:7): [True: 1, False: 11] ------------------ 1329| 1| return if_match(req, "secp521r1", {1, 3, 132, 0, 35}); 1330| 0| case 0xA5DA9: ------------------ | Branch (1330:7): [True: 0, False: 12] ------------------ 1331| 0| return if_match(req, "SphincsPlus-shake-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}); 1332| 0| case 0xA6865: ------------------ | Branch (1332:7): [True: 0, False: 12] ------------------ 1333| 0| return if_match(req, "Camellia-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}); 1334| 0| case 0xA6C61: ------------------ | Branch (1334:7): [True: 0, False: 12] ------------------ 1335| 0| return if_match(req, "SM4/GCM", {1, 2, 156, 10197, 1, 104, 8}); 1336| 0| case 0xA8439: ------------------ | Branch (1336:7): [True: 0, False: 12] ------------------ 1337| 0| return if_match(req, "PKCS12.CertBag", {1, 2, 840, 113549, 1, 12, 10, 1, 3}); 1338| 0| case 0xA9061: ------------------ | Branch (1338:7): [True: 0, False: 12] ------------------ 1339| 0| return if_match(req, "Kyber-768-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}); 1340| 0| case 0xAA995: ------------------ | Branch (1340:7): [True: 0, False: 12] ------------------ 1341| 0| return if_match(req, "Camellia-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}); 1342| 0| case 0xAAE2B: ------------------ | Branch (1342:7): [True: 0, False: 12] ------------------ 1343| 0| return if_match(req, "Dilithium-8x7-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}); 1344| 0| case 0xABCED: ------------------ | Branch (1344:7): [True: 0, False: 12] ------------------ 1345| 0| return if_match(req, "GOST.IssuerSigningTool", {1, 2, 643, 100, 112}); 1346| 0| case 0xABD24: ------------------ | Branch (1346:7): [True: 0, False: 12] ------------------ 1347| 0| return if_match(req, "RSA/OAEP", {1, 2, 840, 113549, 1, 1, 7}); 1348| 0| case 0xAC2EC: ------------------ | Branch (1348:7): [True: 0, False: 12] ------------------ 1349| 0| return if_match(req, "Streebog-256", {1, 2, 643, 7, 1, 1, 2, 2}); 1350| 0| case 0xAC3DD: ------------------ | Branch (1350:7): [True: 0, False: 12] ------------------ 1351| 0| return if_match(req, "Certificate Comment", {2, 16, 840, 1, 113730, 1, 13}); 1352| 0| case 0xAC511: ------------------ | Branch (1352:7): [True: 0, False: 12] ------------------ 1353| 0| return if_match(req, "PBE-SHA1-3DES", {1, 2, 840, 113549, 1, 12, 1, 3}); 1354| 0| case 0xAE6FE: ------------------ | Branch (1354:7): [True: 0, False: 12] ------------------ 1355| 0| return if_match(req, "PKIX.ClientAuth", {1, 3, 6, 1, 5, 5, 7, 3, 2}); 1356| 0| case 0xAE8D3: ------------------ | Branch (1356:7): [True: 0, False: 12] ------------------ 1357| 0| return if_match(req, "ClassicMcEliece_8192128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}); 1358| 0| case 0xAF476: ------------------ | Branch (1358:7): [True: 0, False: 12] ------------------ 1359| 0| return if_match(req, "ECDH", {1, 3, 132, 1, 12}); 1360| 0| case 0xAFA6A: ------------------ | Branch (1360:7): [True: 0, False: 12] ------------------ 1361| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(384))", {2, 16, 840, 1, 101, 3, 4, 3, 15}); 1362| 0| case 0xB2217: ------------------ | Branch (1362:7): [True: 0, False: 12] ------------------ 1363| 0| return if_match(req, "AES-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}); 1364| 0| case 0xB22F7: ------------------ | Branch (1364:7): [True: 0, False: 12] ------------------ 1365| 0| return if_match(req, "Camellia-128/GCM", {0, 3, 4401, 5, 3, 1, 9, 6}); 1366| 0| case 0xB23DE: ------------------ | Branch (1366:7): [True: 0, False: 12] ------------------ 1367| 0| return if_match(req, "X520.Locality", {2, 5, 4, 7}); 1368| 0| case 0xB2FBD: ------------------ | Branch (1368:7): [True: 0, False: 12] ------------------ 1369| 0| return if_match(req, "ECKCDSA/SHA-224", {1, 2, 410, 200004, 1, 100, 4, 4}); 1370| 0| case 0xB32B0: ------------------ | Branch (1370:7): [True: 0, False: 12] ------------------ 1371| 0| return if_match(req, "ECKCDSA/SHA-256", {1, 2, 410, 200004, 1, 100, 4, 5}); 1372| 0| case 0xB360E: ------------------ | Branch (1372:7): [True: 0, False: 12] ------------------ 1373| 0| return if_match(req, "eFrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}); 1374| 0| case 0xB4368: ------------------ | Branch (1374:7): [True: 0, False: 12] ------------------ 1375| 0| return if_match(req, "ECGDSA/SHA-1", {1, 3, 36, 3, 3, 2, 5, 4, 2}); 1376| 0| case 0xB58CD: ------------------ | Branch (1376:7): [True: 0, False: 12] ------------------ 1377| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(512))", {2, 16, 840, 1, 101, 3, 4, 3, 16}); 1378| 0| case 0xB6427: ------------------ | Branch (1378:7): [True: 0, False: 12] ------------------ 1379| 0| return if_match(req, "Camellia-192/GCM", {0, 3, 4401, 5, 3, 1, 9, 26}); 1380| 0| case 0xB7102: ------------------ | Branch (1380:7): [True: 0, False: 12] ------------------ 1381| 0| return if_match(req, "brainpool224r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}); 1382| 0| case 0xB710D: ------------------ | Branch (1382:7): [True: 0, False: 12] ------------------ 1383| 0| return if_match(req, "X509v3.CRLIssuingDistributionPoint", {2, 5, 29, 28}); 1384| 0| case 0xB72D4: ------------------ | Branch (1384:7): [True: 0, False: 12] ------------------ 1385| 0| return if_match(req, "Microsoft UPN", {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}); 1386| 0| case 0xB73A5: ------------------ | Branch (1386:7): [True: 0, False: 12] ------------------ 1387| 0| return if_match(req, "RSA/PSS", {1, 2, 840, 113549, 1, 1, 10}); 1388| 0| case 0xB84B3: ------------------ | Branch (1388:7): [True: 0, False: 12] ------------------ 1389| 0| return if_match(req, "PKIX.CodeSigning", {1, 3, 6, 1, 5, 5, 7, 3, 3}); 1390| 0| case 0xB8CB9: ------------------ | Branch (1390:7): [True: 0, False: 12] ------------------ 1391| 0| return if_match(req, "GOST-34.10-2012-256", {1, 2, 643, 7, 1, 1, 1, 1}); 1392| 0| case 0xB945C: ------------------ | Branch (1392:7): [True: 0, False: 12] ------------------ 1393| 0| return if_match(req, "Twofish/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}); 1394| 0| case 0xB94E4: ------------------ | Branch (1394:7): [True: 0, False: 12] ------------------ 1395| 0| return if_match(req, "gost_512A", {1, 2, 643, 7, 1, 2, 1, 2, 1}); 1396| 0| case 0xB94E5: ------------------ | Branch (1396:7): [True: 0, False: 12] ------------------ 1397| 0| return if_match(req, "gost_512B", {1, 2, 643, 7, 1, 2, 1, 2, 2}); 1398| 0| case 0xBA1D8: ------------------ | Branch (1398:7): [True: 0, False: 12] ------------------ 1399| 0| return if_match(req, "X520.StreetAddress", {2, 5, 4, 9}); 1400| 0| case 0xBCB45: ------------------ | Branch (1400:7): [True: 0, False: 12] ------------------ 1401| 0| return if_match(req, "PKCS12.CRLBag", {1, 2, 840, 113549, 1, 12, 10, 1, 4}); 1402| 0| case 0xBCC82: ------------------ | Branch (1402:7): [True: 0, False: 12] ------------------ 1403| 0| return if_match(req, "x962_p239v1", {1, 2, 840, 10045, 3, 1, 4}); 1404| 0| case 0xBCC83: ------------------ | Branch (1404:7): [True: 0, False: 12] ------------------ 1405| 0| return if_match(req, "x962_p239v2", {1, 2, 840, 10045, 3, 1, 5}); 1406| 0| case 0xBCC84: ------------------ | Branch (1406:7): [True: 0, False: 12] ------------------ 1407| 0| return if_match(req, "x962_p239v3", {1, 2, 840, 10045, 3, 1, 6}); 1408| 0| case 0xBD92B: ------------------ | Branch (1408:7): [True: 0, False: 12] ------------------ 1409| 0| return if_match(req, "X509v3.HoldInstructionCode", {2, 5, 29, 23}); 1410| 0| case 0xBDCA9: ------------------ | Branch (1410:7): [True: 0, False: 12] ------------------ 1411| 0| return if_match(req, "AES-256/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 46}); 1412| 0| case 0xBE48D: ------------------ | Branch (1412:7): [True: 0, False: 12] ------------------ 1413| 0| return if_match(req, "PKIX.OCSP.BasicResponse", {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); 1414| 0| case 0xBF71E: ------------------ | Branch (1414:7): [True: 0, False: 12] ------------------ 1415| 0| return if_match(req, "Kyber-1024-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}); 1416| 0| case 0xBFF01: ------------------ | Branch (1416:7): [True: 0, False: 12] ------------------ 1417| 0| return if_match(req, "DSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 5}); 1418| 0| case 0xC0F4F: ------------------ | Branch (1418:7): [True: 0, False: 12] ------------------ 1419| 0| return if_match(req, "SphincsPlus-haraka-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}); 1420| 0| case 0xC1875: ------------------ | Branch (1420:7): [True: 0, False: 12] ------------------ 1421| 0| return if_match(req, "SHA-1", {1, 3, 14, 3, 2, 26}); 1422| 0| case 0xC28D1: ------------------ | Branch (1422:7): [True: 0, False: 12] ------------------ 1423| 0| return if_match(req, "PKIX.OCSPSigning", {1, 3, 6, 1, 5, 5, 7, 3, 9}); 1424| 1| case 0xC42CA: ------------------ | Branch (1424:7): [True: 1, False: 11] ------------------ 1425| 1| return if_match(req, "brainpool256r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}); 1426| 0| default: ------------------ | Branch (1426:7): [True: 0, False: 12] ------------------ 1427| 0| return {}; 1428| 12| } 1429| 12|} _ZN5Botan7OID_Map16load_oid2str_mapEv: 1431| 1|std::unordered_map OID_Map::load_oid2str_map() { 1432| 1| return { 1433| 1| {OID{2, 5, 8, 1, 1}, "RSA"}, 1434| 1| {OID{1, 3, 6, 1, 4, 1, 8301, 3, 1, 2, 9, 0, 38}, "secp521r1"}, 1435| 1| {OID{1, 2, 643, 2, 2, 35, 1}, "gost_256A"}, 1436| 1| {OID{1, 2, 643, 2, 2, 36, 0}, "gost_256A"}, 1437| 1| }; 1438| 1|} _ZN5Botan7OID_Map16load_str2oid_mapEv: 1440| 1|std::unordered_map OID_Map::load_str2oid_map() { 1441| 1| return { 1442| 1| {"Curve25519", OID{1, 3, 101, 110}}, 1443| 1| {"SM2_Sig", OID{1, 2, 156, 10197, 1, 301, 1}}, 1444| 1| {"RSA/EMSA3(MD2)", OID{1, 2, 840, 113549, 1, 1, 2}}, 1445| 1| {"RSA/EMSA3(MD5)", OID{1, 2, 840, 113549, 1, 1, 4}}, 1446| 1| {"RSA/EMSA3(SHA-1)", OID{1, 2, 840, 113549, 1, 1, 5}}, 1447| 1| {"RSA/EMSA3(SHA-256)", OID{1, 2, 840, 113549, 1, 1, 11}}, 1448| 1| {"RSA/EMSA3(SHA-384)", OID{1, 2, 840, 113549, 1, 1, 12}}, 1449| 1| {"RSA/EMSA3(SHA-512)", OID{1, 2, 840, 113549, 1, 1, 13}}, 1450| 1| {"RSA/EMSA3(SHA-224)", OID{1, 2, 840, 113549, 1, 1, 14}}, 1451| 1| {"RSA/EMSA3(SHA-512-256)", OID{1, 2, 840, 113549, 1, 1, 16}}, 1452| 1| {"RSA/EMSA3(SHA-3(224))", OID{2, 16, 840, 1, 101, 3, 4, 3, 13}}, 1453| 1| {"RSA/EMSA3(SHA-3(256))", OID{2, 16, 840, 1, 101, 3, 4, 3, 14}}, 1454| 1| {"RSA/EMSA3(SHA-3(384))", OID{2, 16, 840, 1, 101, 3, 4, 3, 15}}, 1455| 1| {"RSA/EMSA3(SHA-3(512))", OID{2, 16, 840, 1, 101, 3, 4, 3, 16}}, 1456| 1| {"RSA/EMSA3(SM3)", OID{1, 2, 156, 10197, 1, 504}}, 1457| 1| {"RSA/EMSA3(RIPEMD-160)", OID{1, 3, 36, 3, 3, 1, 2}}, 1458| 1| {"RSA/EMSA4", OID{1, 2, 840, 113549, 1, 1, 10}}, 1459| 1| {"PBES2", OID{1, 2, 840, 113549, 1, 5, 13}}, 1460| 1| }; 1461| 1|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchERKNS_3OIDESt16initializer_listIjENSt3__117basic_string_viewIcNS6_11char_traitsIcEEEE: 18| 12|std::optional if_match(const OID& oid, std::initializer_list val, std::string_view name) { 19| 12| if(oid.matches(val)) { ------------------ | Branch (19:7): [True: 12, False: 0] ------------------ 20| 12| return name; 21| 12| } else { 22| 0| return {}; 23| 0| } 24| 12|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_113hash_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 34| 12|uint32_t hash_oid_name(std::string_view s) { 35| 12| uint64_t hash = 0x8188B31879A4879A; 36| | 37| 123| for(const char c : s) { ------------------ | Branch (37:21): [True: 123, False: 12] ------------------ 38| 123| hash *= 251; 39| 123| hash += c; 40| 123| } 41| | 42| 12| return static_cast(hash % 805289); 43| 12|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_St16initializer_listIjE: 26| 12|std::optional if_match(std::string_view req, std::string_view actual, std::initializer_list oid) { 27| 12| if(req == actual) { ------------------ | Branch (27:7): [True: 12, False: 0] ------------------ 28| 12| return OID(oid); 29| 12| } else { 30| 0| return {}; 31| 0| } 32| 12|} _ZN5Botan10hex_decodeEPhPKcmRmb: 72| 79|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) { 73| 79| uint8_t* out_ptr = output; 74| 79| bool top_nibble = true; 75| | 76| 79| clear_mem(output, input_length / 2); 77| | 78| 5.72k| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (78:22): [True: 5.64k, False: 79] ------------------ 79| 5.64k| const uint8_t bin = hex_char_to_bin(input[i]); 80| | 81| 5.64k| if(bin >= 0x10) { ------------------ | Branch (81:10): [True: 0, False: 5.64k] ------------------ 82| 0| if(bin == 0x80 && ignore_ws) { ------------------ | Branch (82:13): [True: 0, False: 0] | Branch (82:28): [True: 0, False: 0] ------------------ 83| 0| continue; 84| 0| } 85| | 86| 0| throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i]))); 87| 0| } 88| | 89| 5.64k| if(top_nibble) { ------------------ | Branch (89:10): [True: 2.82k, False: 2.82k] ------------------ 90| 2.82k| *out_ptr |= bin << 4; 91| 2.82k| } else { 92| 2.82k| *out_ptr |= bin; 93| 2.82k| } 94| | 95| 5.64k| top_nibble = !top_nibble; 96| 5.64k| if(top_nibble) { ------------------ | Branch (96:10): [True: 2.82k, False: 2.82k] ------------------ 97| 2.82k| ++out_ptr; 98| 2.82k| } 99| 5.64k| } 100| | 101| 79| input_consumed = input_length; 102| 79| const size_t written = (out_ptr - output); 103| | 104| | /* 105| | * We only got half of a uint8_t at the end; zap the half-written 106| | * output and mark it as unread 107| | */ 108| 79| if(!top_nibble) { ------------------ | Branch (108:7): [True: 0, False: 79] ------------------ 109| 0| *out_ptr = 0; 110| 0| input_consumed -= 1; 111| 0| } 112| | 113| 79| return written; 114| 79|} _ZN5Botan10hex_decodeEPhPKcmb: 116| 79|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) { 117| 79| size_t consumed = 0; 118| 79| const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws); 119| | 120| 79| if(consumed != input_length) { ------------------ | Branch (120:7): [True: 0, False: 79] ------------------ 121| 0| throw Invalid_Argument("hex_decode: input did not have full bytes"); 122| 0| } 123| | 124| 79| return written; 125| 79|} _ZN5Botan17hex_decode_lockedEPKcmb: 135| 79|secure_vector hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) { 136| 79| secure_vector bin(1 + input_length / 2); 137| | 138| 79| const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws); 139| | 140| 79| bin.resize(written); 141| 79| return bin; 142| 79|} _ZN5Botan17hex_decode_lockedENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEEb: 144| 62|secure_vector hex_decode_locked(std::string_view input, bool ignore_ws) { 145| 62| return hex_decode_locked(input.data(), input.size(), ignore_ws); 146| 62|} hex.cpp:_ZN5Botan12_GLOBAL__N_115hex_char_to_binEc: 54| 5.64k|uint8_t hex_char_to_bin(char input) { 55| | // Starts of valid value ranges (v_lo) and their lengths (v_range) 56| 5.64k| constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r'); 57| 5.64k| constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1); 58| | 59| 5.64k| const uint8_t x = static_cast(input); 60| 5.64k| const uint64_t x8 = x * 0x0101010101010101; 61| | 62| 5.64k| const uint64_t v_mask = swar_in_range(x8, v_lo, v_range) ^ 0x8000000000000000; 63| | 64| | // This is the offset added to x to get the value we need 65| 5.64k| const uint64_t val_v = 0xd0a9c960767773 ^ static_cast(0xFF - x) << 56; 66| | 67| 5.64k| return x + static_cast(val_v >> (8 * index_of_first_set_byte(v_mask))); 68| 5.64k|} _ZN5Botan6BigInt17from_radix_digitsENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEm: 125| 72|BigInt BigInt::from_radix_digits(std::string_view digits, size_t radix) { 126| 72| if(radix == 16) { ------------------ | Branch (126:7): [True: 72, False: 0] ------------------ 127| 72| secure_vector binary; 128| | 129| 72| if(digits.size() % 2 == 1) { ------------------ | Branch (129:10): [True: 10, False: 62] ------------------ 130| | // Handle lack of leading 0 131| 10| const char buf0_with_leading_0[2] = {'0', digits[0]}; 132| | 133| 10| binary = hex_decode_locked(buf0_with_leading_0, 2); 134| | 135| 10| if(digits.size() > 1) { ------------------ | Branch (135:13): [True: 7, False: 3] ------------------ 136| 7| binary += hex_decode_locked(&digits[1], digits.size() - 1, false); 137| 7| } 138| 62| } else { 139| 62| binary = hex_decode_locked(digits, false); 140| 62| } 141| | 142| 72| return BigInt::from_bytes(binary); 143| 72| } else if(radix == 10) { ------------------ | Branch (143:14): [True: 0, False: 0] ------------------ 144| | // Use the largest power of 10 that fits in a word, accumulating 145| | // groups of digits into word-sized chunks to minimize the number 146| | // of multiprecision multiplications. 147| 0| constexpr word conversion_radix = decimal_conversion_radix(); 148| 0| constexpr size_t radix_digits = decimal_conversion_radix_digits(); 149| | 150| 0| BigInt r; 151| | 152| | // Handle the initial partial block (if digit count is not a multiple of radix_digits) 153| 0| const size_t partial_block = digits.size() % radix_digits; 154| | 155| 0| if(partial_block > 0) { ------------------ | Branch (155:10): [True: 0, False: 0] ------------------ 156| 0| word acc = 0; 157| 0| for(size_t i = 0; i < partial_block; ++i) { ------------------ | Branch (157:28): [True: 0, False: 0] ------------------ 158| 0| const char c = digits[i]; 159| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 160| 0| acc = acc * 10 + static_cast(c - '0'); 161| 0| } 162| 0| r += acc; 163| 0| } 164| | 165| | // Process full blocks of radix_digits 166| 0| for(size_t i = partial_block; i != digits.size(); i += radix_digits) { ------------------ | Branch (166:37): [True: 0, False: 0] ------------------ 167| 0| word acc = 0; 168| 0| for(size_t j = 0; j < radix_digits; ++j) { ------------------ | Branch (168:28): [True: 0, False: 0] ------------------ 169| 0| const char c = digits[i + j]; 170| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 171| 0| acc = acc * 10 + static_cast(c - '0'); 172| 0| } 173| 0| r *= conversion_radix; 174| 0| r += acc; 175| 0| } 176| | 177| 0| return r; 178| 0| } else { 179| 0| throw Invalid_Argument("BigInt::from_radix_digits unknown radix"); 180| 0| } 181| 72|} _ZN5Botan6BigIntmIERKS0_: 23| 169|BigInt& BigInt::operator-=(const BigInt& y) { 24| 169| if(&y == this) { ------------------ | Branch (24:7): [True: 0, False: 169] ------------------ 25| 0| this->clear(); 26| 0| this->set_sign(Positive); 27| 0| return *this; 28| 0| } 29| 169| return sub(y._data(), y.sig_words(), y.sign()); 30| 169|} _ZN5Botan6BigInt3addEPKmmNS0_4SignE: 32| 169|BigInt& BigInt::add(const word y[], size_t y_words, Sign y_sign) { 33| 169| const size_t x_sw = sig_words(); 34| | 35| 169| grow_to(std::max(x_sw, y_words) + 1); 36| | 37| 169| if(sign() == y_sign) { ------------------ | Branch (37:7): [True: 0, False: 169] ------------------ 38| 0| const word carry = bigint_add2(mutable_data(), size() - 1, y, y_words); 39| 0| mutable_data()[size() - 1] += carry; 40| 169| } else { 41| 169| const int32_t relative_size = bigint_cmp(_data(), x_sw, y, y_words); 42| | 43| 169| if(relative_size >= 0) { ------------------ | Branch (43:10): [True: 169, False: 0] ------------------ 44| | // *this >= y 45| 169| bigint_sub2(mutable_data(), x_sw, y, y_words); 46| 169| } else { 47| | // *this < y: compute *this = y - *this 48| 0| bigint_sub2_rev(mutable_data(), y, y_words); 49| 0| } 50| | 51| 169| if(relative_size < 0) { ------------------ | Branch (51:10): [True: 0, False: 169] ------------------ 52| 0| set_sign(y_sign); 53| 169| } else if(relative_size == 0) { ------------------ | Branch (53:17): [True: 0, False: 169] ------------------ 54| 0| set_sign(Positive); 55| 0| } 56| 169| } 57| | 58| 169| return (*this); 59| 169|} _ZN5Botan6BigIntlSEm: 269| 6|BigInt& BigInt::operator<<=(size_t shift) { 270| 6| if(shift >= 65536) { ------------------ | Branch (270:7): [True: 0, False: 6] ------------------ 271| 0| throw Invalid_Argument("BigInt left shift count too large"); 272| 0| } 273| | 274| 6| const size_t sw = sig_words(); 275| 6| const size_t new_size = sw + (shift + WordInfo::bits - 1) / WordInfo::bits; 276| | 277| 6| m_data.grow_to(new_size); 278| | 279| 6| bigint_shl1(m_data.mutable_data(), new_size, sw, shift); 280| | 281| 6| return (*this); 282| 6|} _ZN5Botan6BigIntrSEm: 287| 228|BigInt& BigInt::operator>>=(size_t shift) { 288| 228| bigint_shr1(m_data.mutable_data(), m_data.size(), shift); 289| | 290| 228| if(sig_words() == 0 && m_signedness == Negative) { ------------------ | Branch (290:7): [True: 0, False: 228] | Branch (290:27): [True: 0, False: 0] ------------------ 291| 0| m_signedness = Positive; 292| 0| } 293| | 294| 228| return (*this); 295| 228|} _ZN5Botan6BigInt4add2ERKS0_PKmmNS0_4SignE: 20| 36|BigInt BigInt::add2(const BigInt& x, const word y[], size_t y_size, BigInt::Sign y_sign) { 21| 36| const size_t x_sw = x.sig_words(); 22| | 23| 36| BigInt z = BigInt::with_capacity(std::max(x_sw, y_size) + 1); 24| | 25| 36| if(x.sign() == y_sign) { ------------------ | Branch (25:7): [True: 24, False: 12] ------------------ 26| 24| const word carry = bigint_add3(z.mutable_data(), x._data(), x_sw, y, y_size); 27| 24| z.mutable_data()[std::max(x_sw, y_size)] += carry; 28| 24| z.set_sign(x.sign()); 29| 24| } else { 30| 12| const int32_t relative_size = bigint_cmp(x.data(), x_sw, y, y_size); 31| | 32| 12| if(relative_size < 0) { ------------------ | Branch (32:10): [True: 0, False: 12] ------------------ 33| | // x < y so z = abs(y - x) 34| | // NOLINTNEXTLINE(*-suspicious-call-argument) intentionally swapping x and y here 35| 0| bigint_sub3(z.mutable_data(), y, y_size, x.data(), x_sw); 36| 0| z.set_sign(y_sign); 37| 12| } else if(relative_size == 0) { ------------------ | Branch (37:17): [True: 0, False: 12] ------------------ 38| | // Positive zero (nothing to do in this case) 39| 12| } else { 40| | /* 41| | * We know at this point that x >= y so if y_size is larger than 42| | * x_sw, we are guaranteed they are just leading zeros which can 43| | * be ignored 44| | */ 45| 12| y_size = std::min(x_sw, y_size); 46| 12| bigint_sub3(z.mutable_data(), x.data(), x_sw, y, y_size); 47| 12| z.set_sign(x.sign()); 48| 12| } 49| 12| } 50| | 51| 36| return z; 52| 36|} _ZN5BotanmlERKNS_6BigIntEm: 90| 132|BigInt operator*(const BigInt& x, word y) { 91| 132| const size_t x_sw = x.sig_words(); 92| | 93| 132| BigInt z = BigInt::with_capacity(x_sw + 1); 94| | 95| 132| if(x_sw > 0 && y > 0) { ------------------ | Branch (95:7): [True: 132, False: 0] | Branch (95:19): [True: 132, False: 0] ------------------ 96| 132| bigint_linmul3(z.mutable_data(), x._data(), x_sw, y); 97| 132| z.set_sign(x.sign()); 98| 132| } 99| | 100| 132| return z; 101| 132|} _ZN5BotanlsERKNS_6BigIntEm: 188| 36|BigInt operator<<(const BigInt& x, size_t shift) { 189| 36| if(shift >= 65536) { ------------------ | Branch (189:7): [True: 0, False: 36] ------------------ 190| 0| throw Invalid_Argument("BigInt left shift count too large"); 191| 0| } 192| | 193| 36| if(x.is_zero()) { ------------------ | Branch (193:7): [True: 0, False: 36] ------------------ 194| 0| return BigInt::zero(); 195| 0| } 196| | 197| 36| const size_t x_sw = x.sig_words(); 198| | 199| 36| const size_t new_size = x_sw + shift / WordInfo::bits + 1; 200| 36| BigInt y = BigInt::with_capacity(new_size); 201| 36| bigint_shl2(y.mutable_data(), new_size, x._data(), x_sw, shift); 202| 36| y.set_sign(x.sign()); 203| 36| return y; 204| 36|} _ZN5Botan6BigIntC2Em: 20| 12|BigInt::BigInt(uint64_t n) { 21| 12| if constexpr(sizeof(word) == 8) { 22| 12| m_data.set_word_at(0, static_cast(n)); 23| | } else { 24| | m_data.set_word_at(1, static_cast(n >> 32)); 25| | m_data.set_word_at(0, static_cast(n)); 26| | } 27| 12|} _ZN5Botan6BigInt13with_capacityEm: 51| 228|BigInt BigInt::with_capacity(size_t size) { 52| 228| BigInt bn; 53| 228| bn.grow_to(size); 54| 228| return bn; 55| 228|} _ZN5Botan6BigInt11from_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 57| 72|BigInt BigInt::from_string(std::string_view str) { 58| 72| size_t prefix_bytes = 0; 59| 72| bool negative = false; 60| 72| size_t radix = 10; 61| | 62| 72| if(!str.empty() && str[0] == '-') { ------------------ | Branch (62:7): [True: 72, False: 0] | Branch (62:23): [True: 0, False: 72] ------------------ 63| 0| prefix_bytes += 1; 64| 0| negative = true; 65| 0| } 66| | 67| 72| if(str.length() > prefix_bytes + 2 && str[prefix_bytes] == '0' && str[prefix_bytes + 1] == 'x') { ------------------ | Branch (67:7): [True: 72, False: 0] | Branch (67:42): [True: 72, False: 0] | Branch (67:70): [True: 72, False: 0] ------------------ 68| 72| prefix_bytes += 2; 69| 72| radix = 16; 70| 72| } 71| | 72| 72| BigInt r = BigInt::from_radix_digits(str.substr(prefix_bytes), radix); 73| | 74| 72| if(negative) { ------------------ | Branch (74:7): [True: 0, False: 72] ------------------ 75| 0| r.set_sign(Negative); 76| 72| } else { 77| 72| r.set_sign(Positive); 78| 72| } 79| | 80| 72| return r; 81| 72|} _ZN5Botan6BigInt10from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 83| 72|BigInt BigInt::from_bytes(std::span input) { 84| 72| BigInt r; 85| 72| r.assign_from_bytes(input); 86| 72| return r; 87| 72|} _ZNK5Botan6BigInt8cmp_wordEm: 122| 48|int32_t BigInt::cmp_word(word other) const { 123| 48| if(signum() < 0) { ------------------ | Branch (123:7): [True: 0, False: 48] ------------------ 124| 0| return -1; // other is positive ... 125| 0| } 126| | 127| 48| const size_t sw = this->sig_words(); 128| 48| if(sw > 1) { ------------------ | Branch (128:7): [True: 35, False: 13] ------------------ 129| 35| return 1; // must be larger since other is just one word ... 130| 35| } 131| | 132| 13| return bigint_cmp(this->_data(), sw, &other, 1); 133| 48|} _ZNK5Botan6BigInt3cmpERKS0_b: 138| 24|int32_t BigInt::cmp(const BigInt& other, bool check_signs) const { 139| 24| if(check_signs) { ------------------ | Branch (139:7): [True: 24, False: 0] ------------------ 140| 24| if(other.signum() >= 0 && this->signum() < 0) { ------------------ | Branch (140:10): [True: 24, False: 0] | Branch (140:33): [True: 0, False: 24] ------------------ 141| 0| return -1; 142| 0| } 143| | 144| 24| if(other.signum() < 0 && this->signum() >= 0) { ------------------ | Branch (144:10): [True: 0, False: 24] | Branch (144:32): [True: 0, False: 0] ------------------ 145| 0| return 1; 146| 0| } 147| | 148| 24| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (148:10): [True: 0, False: 24] | Branch (148:32): [True: 0, False: 0] ------------------ 149| 0| return (-bigint_cmp(this->_data(), this->size(), other._data(), other.size())); 150| 0| } 151| 24| } 152| | 153| 24| return bigint_cmp(this->_data(), this->size(), other._data(), other.size()); 154| 24|} _ZNK5Botan6BigInt8is_equalERKS0_: 156| 24|bool BigInt::is_equal(const BigInt& other) const { 157| 24| if(this->sign() != other.sign()) { ------------------ | Branch (157:7): [True: 0, False: 24] ------------------ 158| 0| return false; 159| 0| } 160| | 161| 24| return bigint_ct_is_eq(this->_data(), this->size(), other._data(), other.size()).as_bool(); 162| 24|} _ZNK5Botan6BigInt12is_less_thanERKS0_: 164| 12|bool BigInt::is_less_than(const BigInt& other) const { 165| 12| if(this->signum() < 0 && other.signum() >= 0) { ------------------ | Branch (165:7): [True: 0, False: 12] | Branch (165:29): [True: 0, False: 0] ------------------ 166| 0| return true; 167| 0| } 168| | 169| 12| if(this->signum() >= 0 && other.signum() < 0) { ------------------ | Branch (169:7): [True: 12, False: 0] | Branch (169:30): [True: 0, False: 12] ------------------ 170| 0| return false; 171| 0| } 172| | 173| 12| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (173:7): [True: 0, False: 12] | Branch (173:29): [True: 0, False: 0] ------------------ 174| 0| return bigint_ct_is_lt(other._data(), other.size(), this->_data(), this->size()).as_bool(); 175| 0| } 176| | 177| 12| return bigint_ct_is_lt(this->_data(), this->size(), other._data(), other.size()).as_bool(); 178| 12|} _ZN5Botan6BigInt4Data11set_to_zeroEv: 191| 72|void BigInt::Data::set_to_zero() { 192| 72| m_reg.resize(m_reg.capacity()); 193| 72| clear_mem(m_reg.data(), m_reg.size()); 194| 72| m_sig_words = 0; 195| 72|} _ZNK5Botan6BigInt4Data14calc_sig_wordsEv: 215| 835|size_t BigInt::Data::calc_sig_words() const { 216| 835| const size_t sz = m_reg.size(); 217| 835| size_t sig = sz; 218| | 219| 835| word sub = 1; 220| | 221| 13.7k| for(size_t i = 0; i != sz; ++i) { ------------------ | Branch (221:22): [True: 12.9k, False: 835] ------------------ 222| 12.9k| const word w = m_reg[sz - i - 1]; 223| 12.9k| sub &= ct_is_zero(w); 224| 12.9k| sig -= sub; 225| 12.9k| } 226| | 227| | /* 228| | * This depends on the data so is poisoned, but unpoison it here as 229| | * later conditionals are made on the size. 230| | */ 231| 835| CT::unpoison(sig); 232| | 233| 835| return sig; 234| 835|} _ZNK5Botan6BigInt13top_bits_freeEv: 298| 96|size_t BigInt::top_bits_free() const { 299| 96| const size_t words = sig_words(); 300| | 301| 96| const word top_word = word_at(words - 1); 302| 96| const size_t bits_used = high_bit(CT::value_barrier(top_word)); 303| 96| CT::unpoison(bits_used); 304| 96| return WordInfo::bits - bits_used; 305| 96|} _ZNK5Botan6BigInt4bitsEv: 307| 60|size_t BigInt::bits() const { 308| 60| const size_t words = sig_words(); 309| | 310| 60| if(words == 0) { ------------------ | Branch (310:7): [True: 0, False: 60] ------------------ 311| 0| return 0; 312| 0| } 313| | 314| 60| const size_t full_words = (words - 1) * WordInfo::bits; 315| 60| const size_t top_bits = WordInfo::bits - top_bits_free(); 316| | 317| 60| return full_words + top_bits; 318| 60|} _ZN5Botan6BigInt12reduce_belowERKS0_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 329| 36|size_t BigInt::reduce_below(const BigInt& p, secure_vector& ws) { 330| 36| if(p.signum() < 0 || this->signum() < 0) { ------------------ | Branch (330:7): [True: 0, False: 36] | Branch (330:25): [True: 0, False: 36] ------------------ 331| 0| throw Invalid_Argument("BigInt::reduce_below both values must be positive"); 332| 0| } 333| | 334| 36| const size_t p_words = p.sig_words(); 335| | 336| 36| if(size() < p_words + 1) { ------------------ | Branch (336:7): [True: 0, False: 36] ------------------ 337| 0| grow_to(p_words + 1); 338| 0| } 339| | 340| 36| if(ws.size() < p_words + 1) { ------------------ | Branch (340:7): [True: 36, False: 0] ------------------ 341| 36| ws.resize(p_words + 1); 342| 36| } 343| | 344| 36| clear_mem(ws.data(), ws.size()); 345| | 346| 36| size_t reductions = 0; 347| | 348| 36| for(;;) { 349| 36| const word borrow = bigint_sub3(ws.data(), _data(), p_words + 1, p._data(), p_words); 350| 36| if(borrow > 0) { ------------------ | Branch (350:10): [True: 36, False: 0] ------------------ 351| 36| break; 352| 36| } 353| | 354| 0| ++reductions; 355| 0| swap_reg(ws); 356| 0| } 357| | 358| 36| return reductions; 359| 36|} _ZN5Botan6BigInt17assign_from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 425| 72|void BigInt::assign_from_bytes(std::span bytes) { 426| 72| clear(); 427| | 428| 72| const size_t length = bytes.size(); 429| 72| const size_t full_words = length / sizeof(word); 430| 72| const size_t extra_bytes = length % sizeof(word); 431| | 432| 72| secure_vector reg((round_up(full_words + (extra_bytes > 0 ? 1 : 0), 8))); ------------------ | Branch (432:52): [True: 16, False: 56] ------------------ 433| | 434| 420| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (434:22): [True: 348, False: 72] ------------------ 435| 348| reg[i] = load_be(bytes.last()); 436| 348| bytes = bytes.first(bytes.size() - sizeof(word)); 437| 348| } 438| | 439| 72| if(!bytes.empty()) { ------------------ | Branch (439:7): [True: 16, False: 56] ------------------ 440| 16| BOTAN_ASSERT_NOMSG(extra_bytes == bytes.size()); ------------------ | | 77| 16| do { \ | | 78| 16| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 16| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 16] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 16| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 16] | | ------------------ ------------------ 441| 16| std::array last_partial_word = {0}; 442| 16| copy_mem(std::span{last_partial_word}.last(extra_bytes), bytes); 443| 16| reg[full_words] = load_be(last_partial_word); 444| 16| } 445| | 446| 72| m_data.swap(reg); 447| 72|} _ZNK5Botan6BigInt20_const_time_unpoisonEv: 559| 924|void BigInt::_const_time_unpoison() const { 560| 924| CT::unpoison(m_data.const_data(), m_data.size()); 561| 924|} _ZN5Botan20vartime_divide_pow2kEmRKNS_6BigIntE: 232| 36|BigInt vartime_divide_pow2k(size_t k, const BigInt& y_arg) { 233| 36| constexpr size_t WB = WordInfo::bits; 234| | 235| 36| BOTAN_ARG_CHECK(y_arg.signum() != 0, "Cannot divide by zero"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 236| 36| BOTAN_ARG_CHECK(y_arg.signum() >= 0, "Negative divisor not supported"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 237| 36| BOTAN_ARG_CHECK(k > 1, "Invalid k"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 238| | 239| 36| BigInt y = y_arg; 240| | 241| 36| const size_t y_words = y.sig_words(); 242| | 243| 36| BOTAN_ASSERT_NOMSG(y_words > 0); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 244| | 245| | // Calculate shifts needed to normalize y with high bit set 246| 36| const size_t shifts = y.top_bits_free(); 247| | 248| 36| if(shifts > 0) { ------------------ | Branch (248:7): [True: 6, False: 30] ------------------ 249| 6| y <<= shifts; 250| 6| } 251| | 252| 36| BigInt r; 253| 36| r.set_bit(k + shifts); // (2^k) << shifts 254| | 255| | // we know y has not changed size, since we only shifted up to set high bit 256| 36| const size_t t = y_words - 1; 257| 36| const size_t n = std::max(y_words, r.sig_words()) - 1; 258| | 259| 36| BOTAN_ASSERT_NOMSG(n >= t); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 260| | 261| 36| BigInt q = BigInt::zero(); 262| 36| q.grow_to(n - t + 1); 263| | 264| 36| word* q_words = q.mutable_data(); 265| | 266| 36| BigInt shifted_y = y << (WB * (n - t)); 267| | 268| | // Set q_{n-t} to number of times r > shifted_y 269| 36| secure_vector ws; 270| 36| q_words[n - t] = r.reduce_below(shifted_y, ws); 271| | 272| 36| const word y_t0 = y.word_at(t); 273| 36| const word y_t1 = y.word_at(t - 1); 274| 36| BOTAN_DEBUG_ASSERT((y_t0 >> (WB - 1)) == 1); ------------------ | | 130| 36| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 36| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 36] | | ------------------ ------------------ 275| | 276| 36| const divide_precomp div_y_t0(y_t0); 277| | 278| 264| for(size_t i = n; i != t; --i) { ------------------ | Branch (278:22): [True: 228, False: 36] ------------------ 279| 228| const word x_i0 = r.word_at(i); 280| 228| const word x_i1 = r.word_at(i - 1); 281| 228| const word x_i2 = r.word_at(i - 2); 282| | 283| 228| word qit = (x_i0 == y_t0) ? WordInfo::max : div_y_t0.vartime_div_2to1(x_i0, x_i1); ------------------ | Branch (283:18): [True: 2, False: 226] ------------------ 284| | 285| | // Per HAC 14.23, this operation is required at most twice 286| 249| for(size_t j = 0; j != 2; ++j) { ------------------ | Branch (286:25): [True: 249, False: 0] ------------------ 287| 249| if(division_check_vartime(qit, y_t0, y_t1, x_i0, x_i1, x_i2)) { ------------------ | Branch (287:13): [True: 21, False: 228] ------------------ 288| 21| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 21| do { \ | | 78| 21| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 21| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 21] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 21| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 21] | | ------------------ ------------------ 289| 21| qit--; 290| 228| } else { 291| 228| break; 292| 228| } 293| 249| } 294| | 295| 228| shifted_y >>= WB; 296| | // Now shifted_y == y << (WB * (i-t-1)) 297| | 298| | /* 299| | * Special case qit == 0 and qit == 1 which occurs relatively often here due to a 300| | * combination of the fixed 2^k and in many cases the typical structure of 301| | * public moduli (as this function is called by Barrett_Reduction::for_public_modulus). 302| | * 303| | * Over the test suite, about 5% of loop iterations have qit == 1 and 10% have qit == 0 304| | */ 305| | 306| 228| if(qit != 0) { ------------------ | Branch (306:10): [True: 169, False: 59] ------------------ 307| 169| if(qit == 1) { ------------------ | Branch (307:13): [True: 37, False: 132] ------------------ 308| 37| r -= shifted_y; 309| 132| } else { 310| 132| r -= qit * shifted_y; 311| 132| } 312| | 313| 169| if(r.signum() < 0) { ------------------ | Branch (313:13): [True: 0, False: 169] ------------------ 314| 0| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 315| 0| qit--; 316| 0| r += shifted_y; 317| 0| BOTAN_ASSERT_NOMSG(r.signum() >= 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 318| 0| } 319| 169| } 320| | 321| 228| q_words[i - t - 1] = qit; 322| 228| } 323| | 324| 36| return q; 325| 36|} divide.cpp:_ZN5Botan12_GLOBAL__N_122division_check_vartimeEmmmmmm: 34| 249|inline bool division_check_vartime(word q, word y2, word y1, word x3, word x2, word x1) { 35| | /* 36| | Compute (y3,y2,y1) = (y2,y1) * q 37| | and return true if (y3,y2,y1) > (x3,x2,x1) 38| | */ 39| | 40| 249| word y3 = 0; 41| 249| y1 = word_madd2(q, y1, &y3); 42| 249| y2 = word_madd2(q, y2, &y3); 43| | 44| 249| if(x3 != y3) { ------------------ | Branch (44:7): [True: 120, False: 129] ------------------ 45| 120| return (y3 > x3); 46| 120| } 47| 129| if(x2 != y2) { ------------------ | Branch (47:7): [True: 86, False: 43] ------------------ 48| 86| return (y2 > x2); 49| 86| } 50| 43| return (y1 > x1); 51| 129|} _ZN5Botan17bigint_comba_sqr4EPmPKm: 17| 994k|void bigint_comba_sqr4(word z[8], const word x[4]) { 18| 994k| word3 accum; 19| | 20| 994k| accum.mul(x[0], x[0]); 21| 994k| z[0] = accum.extract(); 22| 994k| accum.mul_x2(x[0], x[1]); 23| 994k| z[1] = accum.extract(); 24| 994k| accum.mul_x2(x[0], x[2]); 25| 994k| accum.mul(x[1], x[1]); 26| 994k| z[2] = accum.extract(); 27| 994k| accum.mul_x2(x[0], x[3]); 28| 994k| accum.mul_x2(x[1], x[2]); 29| 994k| z[3] = accum.extract(); 30| 994k| accum.mul_x2(x[1], x[3]); 31| 994k| accum.mul(x[2], x[2]); 32| 994k| z[4] = accum.extract(); 33| 994k| accum.mul_x2(x[2], x[3]); 34| 994k| z[5] = accum.extract(); 35| 994k| accum.mul(x[3], x[3]); 36| 994k| z[6] = accum.extract(); 37| 994k| z[7] = accum.extract(); 38| 994k|} _ZN5Botan17bigint_comba_mul4EPmPKmS2_: 43| 342k|void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) { 44| 342k| word3 accum; 45| | 46| 342k| accum.mul(x[0], y[0]); 47| 342k| z[0] = accum.extract(); 48| 342k| accum.mul(x[0], y[1]); 49| 342k| accum.mul(x[1], y[0]); 50| 342k| z[1] = accum.extract(); 51| 342k| accum.mul(x[0], y[2]); 52| 342k| accum.mul(x[1], y[1]); 53| 342k| accum.mul(x[2], y[0]); 54| 342k| z[2] = accum.extract(); 55| 342k| accum.mul(x[0], y[3]); 56| 342k| accum.mul(x[1], y[2]); 57| 342k| accum.mul(x[2], y[1]); 58| 342k| accum.mul(x[3], y[0]); 59| 342k| z[3] = accum.extract(); 60| 342k| accum.mul(x[1], y[3]); 61| 342k| accum.mul(x[2], y[2]); 62| 342k| accum.mul(x[3], y[1]); 63| 342k| z[4] = accum.extract(); 64| 342k| accum.mul(x[2], y[3]); 65| 342k| accum.mul(x[3], y[2]); 66| 342k| z[5] = accum.extract(); 67| 342k| accum.mul(x[3], y[3]); 68| 342k| z[6] = accum.extract(); 69| 342k| z[7] = accum.extract(); 70| 342k|} _ZN5Botan17bigint_comba_sqr6EPmPKm: 75| 435k|void bigint_comba_sqr6(word z[12], const word x[6]) { 76| 435k| word3 accum; 77| | 78| 435k| accum.mul(x[0], x[0]); 79| 435k| z[0] = accum.extract(); 80| 435k| accum.mul_x2(x[0], x[1]); 81| 435k| z[1] = accum.extract(); 82| 435k| accum.mul_x2(x[0], x[2]); 83| 435k| accum.mul(x[1], x[1]); 84| 435k| z[2] = accum.extract(); 85| 435k| accum.mul_x2(x[0], x[3]); 86| 435k| accum.mul_x2(x[1], x[2]); 87| 435k| z[3] = accum.extract(); 88| 435k| accum.mul_x2(x[0], x[4]); 89| 435k| accum.mul_x2(x[1], x[3]); 90| 435k| accum.mul(x[2], x[2]); 91| 435k| z[4] = accum.extract(); 92| 435k| accum.mul_x2(x[0], x[5]); 93| 435k| accum.mul_x2(x[1], x[4]); 94| 435k| accum.mul_x2(x[2], x[3]); 95| 435k| z[5] = accum.extract(); 96| 435k| accum.mul_x2(x[1], x[5]); 97| 435k| accum.mul_x2(x[2], x[4]); 98| 435k| accum.mul(x[3], x[3]); 99| 435k| z[6] = accum.extract(); 100| 435k| accum.mul_x2(x[2], x[5]); 101| 435k| accum.mul_x2(x[3], x[4]); 102| 435k| z[7] = accum.extract(); 103| 435k| accum.mul_x2(x[3], x[5]); 104| 435k| accum.mul(x[4], x[4]); 105| 435k| z[8] = accum.extract(); 106| 435k| accum.mul_x2(x[4], x[5]); 107| 435k| z[9] = accum.extract(); 108| 435k| accum.mul(x[5], x[5]); 109| 435k| z[10] = accum.extract(); 110| 435k| z[11] = accum.extract(); 111| 435k|} _ZN5Botan17bigint_comba_mul6EPmPKmS2_: 116| 142k|void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) { 117| 142k| word3 accum; 118| | 119| 142k| accum.mul(x[0], y[0]); 120| 142k| z[0] = accum.extract(); 121| 142k| accum.mul(x[0], y[1]); 122| 142k| accum.mul(x[1], y[0]); 123| 142k| z[1] = accum.extract(); 124| 142k| accum.mul(x[0], y[2]); 125| 142k| accum.mul(x[1], y[1]); 126| 142k| accum.mul(x[2], y[0]); 127| 142k| z[2] = accum.extract(); 128| 142k| accum.mul(x[0], y[3]); 129| 142k| accum.mul(x[1], y[2]); 130| 142k| accum.mul(x[2], y[1]); 131| 142k| accum.mul(x[3], y[0]); 132| 142k| z[3] = accum.extract(); 133| 142k| accum.mul(x[0], y[4]); 134| 142k| accum.mul(x[1], y[3]); 135| 142k| accum.mul(x[2], y[2]); 136| 142k| accum.mul(x[3], y[1]); 137| 142k| accum.mul(x[4], y[0]); 138| 142k| z[4] = accum.extract(); 139| 142k| accum.mul(x[0], y[5]); 140| 142k| accum.mul(x[1], y[4]); 141| 142k| accum.mul(x[2], y[3]); 142| 142k| accum.mul(x[3], y[2]); 143| 142k| accum.mul(x[4], y[1]); 144| 142k| accum.mul(x[5], y[0]); 145| 142k| z[5] = accum.extract(); 146| 142k| accum.mul(x[1], y[5]); 147| 142k| accum.mul(x[2], y[4]); 148| 142k| accum.mul(x[3], y[3]); 149| 142k| accum.mul(x[4], y[2]); 150| 142k| accum.mul(x[5], y[1]); 151| 142k| z[6] = accum.extract(); 152| 142k| accum.mul(x[2], y[5]); 153| 142k| accum.mul(x[3], y[4]); 154| 142k| accum.mul(x[4], y[3]); 155| 142k| accum.mul(x[5], y[2]); 156| 142k| z[7] = accum.extract(); 157| 142k| accum.mul(x[3], y[5]); 158| 142k| accum.mul(x[4], y[4]); 159| 142k| accum.mul(x[5], y[3]); 160| 142k| z[8] = accum.extract(); 161| 142k| accum.mul(x[4], y[5]); 162| 142k| accum.mul(x[5], y[4]); 163| 142k| z[9] = accum.extract(); 164| 142k| accum.mul(x[5], y[5]); 165| 142k| z[10] = accum.extract(); 166| 142k| z[11] = accum.extract(); 167| 142k|} _ZN5Botan17bigint_comba_sqr8EPmPKm: 293| 624k|void bigint_comba_sqr8(word z[16], const word x[8]) { 294| 624k| word3 accum; 295| | 296| 624k| accum.mul(x[0], x[0]); 297| 624k| z[0] = accum.extract(); 298| 624k| accum.mul_x2(x[0], x[1]); 299| 624k| z[1] = accum.extract(); 300| 624k| accum.mul_x2(x[0], x[2]); 301| 624k| accum.mul(x[1], x[1]); 302| 624k| z[2] = accum.extract(); 303| 624k| accum.mul_x2(x[0], x[3]); 304| 624k| accum.mul_x2(x[1], x[2]); 305| 624k| z[3] = accum.extract(); 306| 624k| accum.mul_x2(x[0], x[4]); 307| 624k| accum.mul_x2(x[1], x[3]); 308| 624k| accum.mul(x[2], x[2]); 309| 624k| z[4] = accum.extract(); 310| 624k| accum.mul_x2(x[0], x[5]); 311| 624k| accum.mul_x2(x[1], x[4]); 312| 624k| accum.mul_x2(x[2], x[3]); 313| 624k| z[5] = accum.extract(); 314| 624k| accum.mul_x2(x[0], x[6]); 315| 624k| accum.mul_x2(x[1], x[5]); 316| 624k| accum.mul_x2(x[2], x[4]); 317| 624k| accum.mul(x[3], x[3]); 318| 624k| z[6] = accum.extract(); 319| 624k| accum.mul_x2(x[0], x[7]); 320| 624k| accum.mul_x2(x[1], x[6]); 321| 624k| accum.mul_x2(x[2], x[5]); 322| 624k| accum.mul_x2(x[3], x[4]); 323| 624k| z[7] = accum.extract(); 324| 624k| accum.mul_x2(x[1], x[7]); 325| 624k| accum.mul_x2(x[2], x[6]); 326| 624k| accum.mul_x2(x[3], x[5]); 327| 624k| accum.mul(x[4], x[4]); 328| 624k| z[8] = accum.extract(); 329| 624k| accum.mul_x2(x[2], x[7]); 330| 624k| accum.mul_x2(x[3], x[6]); 331| 624k| accum.mul_x2(x[4], x[5]); 332| 624k| z[9] = accum.extract(); 333| 624k| accum.mul_x2(x[3], x[7]); 334| 624k| accum.mul_x2(x[4], x[6]); 335| 624k| accum.mul(x[5], x[5]); 336| 624k| z[10] = accum.extract(); 337| 624k| accum.mul_x2(x[4], x[7]); 338| 624k| accum.mul_x2(x[5], x[6]); 339| 624k| z[11] = accum.extract(); 340| 624k| accum.mul_x2(x[5], x[7]); 341| 624k| accum.mul(x[6], x[6]); 342| 624k| z[12] = accum.extract(); 343| 624k| accum.mul_x2(x[6], x[7]); 344| 624k| z[13] = accum.extract(); 345| 624k| accum.mul(x[7], x[7]); 346| 624k| z[14] = accum.extract(); 347| 624k| z[15] = accum.extract(); 348| 624k|} _ZN5Botan17bigint_comba_mul8EPmPKmS2_: 353| 219k|void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) { 354| 219k| word3 accum; 355| | 356| 219k| accum.mul(x[0], y[0]); 357| 219k| z[0] = accum.extract(); 358| 219k| accum.mul(x[0], y[1]); 359| 219k| accum.mul(x[1], y[0]); 360| 219k| z[1] = accum.extract(); 361| 219k| accum.mul(x[0], y[2]); 362| 219k| accum.mul(x[1], y[1]); 363| 219k| accum.mul(x[2], y[0]); 364| 219k| z[2] = accum.extract(); 365| 219k| accum.mul(x[0], y[3]); 366| 219k| accum.mul(x[1], y[2]); 367| 219k| accum.mul(x[2], y[1]); 368| 219k| accum.mul(x[3], y[0]); 369| 219k| z[3] = accum.extract(); 370| 219k| accum.mul(x[0], y[4]); 371| 219k| accum.mul(x[1], y[3]); 372| 219k| accum.mul(x[2], y[2]); 373| 219k| accum.mul(x[3], y[1]); 374| 219k| accum.mul(x[4], y[0]); 375| 219k| z[4] = accum.extract(); 376| 219k| accum.mul(x[0], y[5]); 377| 219k| accum.mul(x[1], y[4]); 378| 219k| accum.mul(x[2], y[3]); 379| 219k| accum.mul(x[3], y[2]); 380| 219k| accum.mul(x[4], y[1]); 381| 219k| accum.mul(x[5], y[0]); 382| 219k| z[5] = accum.extract(); 383| 219k| accum.mul(x[0], y[6]); 384| 219k| accum.mul(x[1], y[5]); 385| 219k| accum.mul(x[2], y[4]); 386| 219k| accum.mul(x[3], y[3]); 387| 219k| accum.mul(x[4], y[2]); 388| 219k| accum.mul(x[5], y[1]); 389| 219k| accum.mul(x[6], y[0]); 390| 219k| z[6] = accum.extract(); 391| 219k| accum.mul(x[0], y[7]); 392| 219k| accum.mul(x[1], y[6]); 393| 219k| accum.mul(x[2], y[5]); 394| 219k| accum.mul(x[3], y[4]); 395| 219k| accum.mul(x[4], y[3]); 396| 219k| accum.mul(x[5], y[2]); 397| 219k| accum.mul(x[6], y[1]); 398| 219k| accum.mul(x[7], y[0]); 399| 219k| z[7] = accum.extract(); 400| 219k| accum.mul(x[1], y[7]); 401| 219k| accum.mul(x[2], y[6]); 402| 219k| accum.mul(x[3], y[5]); 403| 219k| accum.mul(x[4], y[4]); 404| 219k| accum.mul(x[5], y[3]); 405| 219k| accum.mul(x[6], y[2]); 406| 219k| accum.mul(x[7], y[1]); 407| 219k| z[8] = accum.extract(); 408| 219k| accum.mul(x[2], y[7]); 409| 219k| accum.mul(x[3], y[6]); 410| 219k| accum.mul(x[4], y[5]); 411| 219k| accum.mul(x[5], y[4]); 412| 219k| accum.mul(x[6], y[3]); 413| 219k| accum.mul(x[7], y[2]); 414| 219k| z[9] = accum.extract(); 415| 219k| accum.mul(x[3], y[7]); 416| 219k| accum.mul(x[4], y[6]); 417| 219k| accum.mul(x[5], y[5]); 418| 219k| accum.mul(x[6], y[4]); 419| 219k| accum.mul(x[7], y[3]); 420| 219k| z[10] = accum.extract(); 421| 219k| accum.mul(x[4], y[7]); 422| 219k| accum.mul(x[5], y[6]); 423| 219k| accum.mul(x[6], y[5]); 424| 219k| accum.mul(x[7], y[4]); 425| 219k| z[11] = accum.extract(); 426| 219k| accum.mul(x[5], y[7]); 427| 219k| accum.mul(x[6], y[6]); 428| 219k| accum.mul(x[7], y[5]); 429| 219k| z[12] = accum.extract(); 430| 219k| accum.mul(x[6], y[7]); 431| 219k| accum.mul(x[7], y[6]); 432| 219k| z[13] = accum.extract(); 433| 219k| accum.mul(x[7], y[7]); 434| 219k| z[14] = accum.extract(); 435| 219k| z[15] = accum.extract(); 436| 219k|} _ZN5Botan17bigint_comba_sqr9EPmPKm: 441| 300k|void bigint_comba_sqr9(word z[18], const word x[9]) { 442| 300k| word3 accum; 443| | 444| 300k| accum.mul(x[0], x[0]); 445| 300k| z[0] = accum.extract(); 446| 300k| accum.mul_x2(x[0], x[1]); 447| 300k| z[1] = accum.extract(); 448| 300k| accum.mul_x2(x[0], x[2]); 449| 300k| accum.mul(x[1], x[1]); 450| 300k| z[2] = accum.extract(); 451| 300k| accum.mul_x2(x[0], x[3]); 452| 300k| accum.mul_x2(x[1], x[2]); 453| 300k| z[3] = accum.extract(); 454| 300k| accum.mul_x2(x[0], x[4]); 455| 300k| accum.mul_x2(x[1], x[3]); 456| 300k| accum.mul(x[2], x[2]); 457| 300k| z[4] = accum.extract(); 458| 300k| accum.mul_x2(x[0], x[5]); 459| 300k| accum.mul_x2(x[1], x[4]); 460| 300k| accum.mul_x2(x[2], x[3]); 461| 300k| z[5] = accum.extract(); 462| 300k| accum.mul_x2(x[0], x[6]); 463| 300k| accum.mul_x2(x[1], x[5]); 464| 300k| accum.mul_x2(x[2], x[4]); 465| 300k| accum.mul(x[3], x[3]); 466| 300k| z[6] = accum.extract(); 467| 300k| accum.mul_x2(x[0], x[7]); 468| 300k| accum.mul_x2(x[1], x[6]); 469| 300k| accum.mul_x2(x[2], x[5]); 470| 300k| accum.mul_x2(x[3], x[4]); 471| 300k| z[7] = accum.extract(); 472| 300k| accum.mul_x2(x[0], x[8]); 473| 300k| accum.mul_x2(x[1], x[7]); 474| 300k| accum.mul_x2(x[2], x[6]); 475| 300k| accum.mul_x2(x[3], x[5]); 476| 300k| accum.mul(x[4], x[4]); 477| 300k| z[8] = accum.extract(); 478| 300k| accum.mul_x2(x[1], x[8]); 479| 300k| accum.mul_x2(x[2], x[7]); 480| 300k| accum.mul_x2(x[3], x[6]); 481| 300k| accum.mul_x2(x[4], x[5]); 482| 300k| z[9] = accum.extract(); 483| 300k| accum.mul_x2(x[2], x[8]); 484| 300k| accum.mul_x2(x[3], x[7]); 485| 300k| accum.mul_x2(x[4], x[6]); 486| 300k| accum.mul(x[5], x[5]); 487| 300k| z[10] = accum.extract(); 488| 300k| accum.mul_x2(x[3], x[8]); 489| 300k| accum.mul_x2(x[4], x[7]); 490| 300k| accum.mul_x2(x[5], x[6]); 491| 300k| z[11] = accum.extract(); 492| 300k| accum.mul_x2(x[4], x[8]); 493| 300k| accum.mul_x2(x[5], x[7]); 494| 300k| accum.mul(x[6], x[6]); 495| 300k| z[12] = accum.extract(); 496| 300k| accum.mul_x2(x[5], x[8]); 497| 300k| accum.mul_x2(x[6], x[7]); 498| 300k| z[13] = accum.extract(); 499| 300k| accum.mul_x2(x[6], x[8]); 500| 300k| accum.mul(x[7], x[7]); 501| 300k| z[14] = accum.extract(); 502| 300k| accum.mul_x2(x[7], x[8]); 503| 300k| z[15] = accum.extract(); 504| 300k| accum.mul(x[8], x[8]); 505| 300k| z[16] = accum.extract(); 506| 300k| z[17] = accum.extract(); 507| 300k|} _ZN5Botan17bigint_comba_mul9EPmPKmS2_: 512| 82.5k|void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) { 513| 82.5k| word3 accum; 514| | 515| 82.5k| accum.mul(x[0], y[0]); 516| 82.5k| z[0] = accum.extract(); 517| 82.5k| accum.mul(x[0], y[1]); 518| 82.5k| accum.mul(x[1], y[0]); 519| 82.5k| z[1] = accum.extract(); 520| 82.5k| accum.mul(x[0], y[2]); 521| 82.5k| accum.mul(x[1], y[1]); 522| 82.5k| accum.mul(x[2], y[0]); 523| 82.5k| z[2] = accum.extract(); 524| 82.5k| accum.mul(x[0], y[3]); 525| 82.5k| accum.mul(x[1], y[2]); 526| 82.5k| accum.mul(x[2], y[1]); 527| 82.5k| accum.mul(x[3], y[0]); 528| 82.5k| z[3] = accum.extract(); 529| 82.5k| accum.mul(x[0], y[4]); 530| 82.5k| accum.mul(x[1], y[3]); 531| 82.5k| accum.mul(x[2], y[2]); 532| 82.5k| accum.mul(x[3], y[1]); 533| 82.5k| accum.mul(x[4], y[0]); 534| 82.5k| z[4] = accum.extract(); 535| 82.5k| accum.mul(x[0], y[5]); 536| 82.5k| accum.mul(x[1], y[4]); 537| 82.5k| accum.mul(x[2], y[3]); 538| 82.5k| accum.mul(x[3], y[2]); 539| 82.5k| accum.mul(x[4], y[1]); 540| 82.5k| accum.mul(x[5], y[0]); 541| 82.5k| z[5] = accum.extract(); 542| 82.5k| accum.mul(x[0], y[6]); 543| 82.5k| accum.mul(x[1], y[5]); 544| 82.5k| accum.mul(x[2], y[4]); 545| 82.5k| accum.mul(x[3], y[3]); 546| 82.5k| accum.mul(x[4], y[2]); 547| 82.5k| accum.mul(x[5], y[1]); 548| 82.5k| accum.mul(x[6], y[0]); 549| 82.5k| z[6] = accum.extract(); 550| 82.5k| accum.mul(x[0], y[7]); 551| 82.5k| accum.mul(x[1], y[6]); 552| 82.5k| accum.mul(x[2], y[5]); 553| 82.5k| accum.mul(x[3], y[4]); 554| 82.5k| accum.mul(x[4], y[3]); 555| 82.5k| accum.mul(x[5], y[2]); 556| 82.5k| accum.mul(x[6], y[1]); 557| 82.5k| accum.mul(x[7], y[0]); 558| 82.5k| z[7] = accum.extract(); 559| 82.5k| accum.mul(x[0], y[8]); 560| 82.5k| accum.mul(x[1], y[7]); 561| 82.5k| accum.mul(x[2], y[6]); 562| 82.5k| accum.mul(x[3], y[5]); 563| 82.5k| accum.mul(x[4], y[4]); 564| 82.5k| accum.mul(x[5], y[3]); 565| 82.5k| accum.mul(x[6], y[2]); 566| 82.5k| accum.mul(x[7], y[1]); 567| 82.5k| accum.mul(x[8], y[0]); 568| 82.5k| z[8] = accum.extract(); 569| 82.5k| accum.mul(x[1], y[8]); 570| 82.5k| accum.mul(x[2], y[7]); 571| 82.5k| accum.mul(x[3], y[6]); 572| 82.5k| accum.mul(x[4], y[5]); 573| 82.5k| accum.mul(x[5], y[4]); 574| 82.5k| accum.mul(x[6], y[3]); 575| 82.5k| accum.mul(x[7], y[2]); 576| 82.5k| accum.mul(x[8], y[1]); 577| 82.5k| z[9] = accum.extract(); 578| 82.5k| accum.mul(x[2], y[8]); 579| 82.5k| accum.mul(x[3], y[7]); 580| 82.5k| accum.mul(x[4], y[6]); 581| 82.5k| accum.mul(x[5], y[5]); 582| 82.5k| accum.mul(x[6], y[4]); 583| 82.5k| accum.mul(x[7], y[3]); 584| 82.5k| accum.mul(x[8], y[2]); 585| 82.5k| z[10] = accum.extract(); 586| 82.5k| accum.mul(x[3], y[8]); 587| 82.5k| accum.mul(x[4], y[7]); 588| 82.5k| accum.mul(x[5], y[6]); 589| 82.5k| accum.mul(x[6], y[5]); 590| 82.5k| accum.mul(x[7], y[4]); 591| 82.5k| accum.mul(x[8], y[3]); 592| 82.5k| z[11] = accum.extract(); 593| 82.5k| accum.mul(x[4], y[8]); 594| 82.5k| accum.mul(x[5], y[7]); 595| 82.5k| accum.mul(x[6], y[6]); 596| 82.5k| accum.mul(x[7], y[5]); 597| 82.5k| accum.mul(x[8], y[4]); 598| 82.5k| z[12] = accum.extract(); 599| 82.5k| accum.mul(x[5], y[8]); 600| 82.5k| accum.mul(x[6], y[7]); 601| 82.5k| accum.mul(x[7], y[6]); 602| 82.5k| accum.mul(x[8], y[5]); 603| 82.5k| z[13] = accum.extract(); 604| 82.5k| accum.mul(x[6], y[8]); 605| 82.5k| accum.mul(x[7], y[7]); 606| 82.5k| accum.mul(x[8], y[6]); 607| 82.5k| z[14] = accum.extract(); 608| 82.5k| accum.mul(x[7], y[8]); 609| 82.5k| accum.mul(x[8], y[7]); 610| 82.5k| z[15] = accum.extract(); 611| 82.5k| accum.mul(x[8], y[8]); 612| 82.5k| z[16] = accum.extract(); 613| 82.5k| z[17] = accum.extract(); 614| 82.5k|} _ZN5Botan12basecase_mulEPmmPKmmS2_m: 20| 21|void basecase_mul(word z[], size_t z_size, const word x[], size_t x_size, const word y[], size_t y_size) { 21| 21| if(z_size < x_size + y_size) { ------------------ | Branch (21:7): [True: 0, False: 21] ------------------ 22| 0| throw Invalid_Argument("basecase_mul z_size too small"); 23| 0| } 24| | 25| 21| const size_t x_size_8 = x_size - (x_size % 8); 26| | 27| 21| zeroize_buffer(z, z_size); 28| | 29| 188| for(size_t i = 0; i != y_size; ++i) { ------------------ | Branch (29:22): [True: 167, False: 21] ------------------ 30| 167| const word y_i = y[i]; 31| | 32| 167| word carry = 0; 33| | 34| 319| for(size_t j = 0; j != x_size_8; j += 8) { ------------------ | Branch (34:25): [True: 152, False: 167] ------------------ 35| 152| carry = word8_madd3(z + i + j, x + j, y_i, carry); 36| 152| } 37| | 38| 516| for(size_t j = x_size_8; j != x_size; ++j) { ------------------ | Branch (38:32): [True: 349, False: 167] ------------------ 39| 349| z[i + j] = word_madd3(x[j], y_i, z[i + j], &carry); 40| 349| } 41| | 42| 167| z[x_size + i] = carry; 43| 167| } 44| 21|} _ZN5Botan12basecase_sqrEPmmPKmm: 46| 3|void basecase_sqr(word z[], size_t z_size, const word x[], size_t x_size) { 47| 3| if(z_size < 2 * x_size) { ------------------ | Branch (47:7): [True: 0, False: 3] ------------------ 48| 0| throw Invalid_Argument("basecase_sqr z_size too small"); 49| 0| } 50| | 51| 3| const size_t x_size_8 = x_size - (x_size % 8); 52| | 53| 3| zeroize_buffer(z, z_size); 54| | 55| 12| for(size_t i = 0; i != x_size; ++i) { ------------------ | Branch (55:22): [True: 9, False: 3] ------------------ 56| 9| const word x_i = x[i]; 57| | 58| 9| word carry = 0; 59| | 60| 9| for(size_t j = 0; j != x_size_8; j += 8) { ------------------ | Branch (60:25): [True: 0, False: 9] ------------------ 61| 0| carry = word8_madd3(z + i + j, x + j, x_i, carry); 62| 0| } 63| | 64| 36| for(size_t j = x_size_8; j != x_size; ++j) { ------------------ | Branch (64:32): [True: 27, False: 9] ------------------ 65| 27| z[i + j] = word_madd3(x[j], x_i, z[i + j], &carry); 66| 27| } 67| | 68| 9| z[x_size + i] = carry; 69| 9| } 70| 3|} _ZN5Botan10bigint_mulEPmmPKmmmS2_mmS0_m: 292| 276| size_t ws_size) { 293| 276| zeroize_buffer(z, z_size); 294| | 295| 276| if(x_sw == 1) { ------------------ | Branch (295:7): [True: 0, False: 276] ------------------ 296| 0| bigint_linmul3(z, y, y_sw, x[0]); 297| 276| } else if(y_sw == 1) { ------------------ | Branch (297:14): [True: 0, False: 276] ------------------ 298| 0| bigint_linmul3(z, x, x_sw, y[0]); 299| 276| } else if(sized_for_comba_mul<4>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (299:14): [True: 60, False: 216] ------------------ 300| 60| bigint_comba_mul4(z, x, y); 301| 216| } else if(sized_for_comba_mul<6>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (301:14): [True: 110, False: 106] ------------------ 302| 110| bigint_comba_mul6(z, x, y); 303| 110| } else if(sized_for_comba_mul<8>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (303:14): [True: 46, False: 60] ------------------ 304| 46| bigint_comba_mul8(z, x, y); 305| 60| } else if(sized_for_comba_mul<9>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (305:14): [True: 39, False: 21] ------------------ 306| 39| bigint_comba_mul9(z, x, y); 307| 39| } else if(sized_for_comba_mul<16>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (307:14): [True: 0, False: 21] ------------------ 308| 0| bigint_comba_mul16(z, x, y); 309| 21| } else if(sized_for_comba_mul<24>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (309:14): [True: 0, False: 21] ------------------ 310| 0| bigint_comba_mul24(z, x, y); 311| 21| } else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD || y_sw < KARATSUBA_MULTIPLY_THRESHOLD || workspace == nullptr) { ------------------ | Branch (311:14): [True: 21, False: 0] | Branch (311:53): [True: 0, False: 0] | Branch (311:92): [True: 0, False: 0] ------------------ 312| 21| basecase_mul(z, z_size, x, x_sw, y, y_sw); 313| 21| } else { 314| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw); 315| | 316| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (316:10): [True: 0, False: 0] | Branch (316:19): [True: 0, False: 0] | Branch (316:38): [True: 0, False: 0] ------------------ 317| 0| karatsuba_mul(z, x, y, N, workspace); 318| 0| } else { 319| 0| basecase_mul(z, z_size, x, x_sw, y, y_sw); 320| 0| } 321| 0| } 322| 276|} _ZN5Botan10bigint_sqrEPmmPKmmmS0_m: 327| 36|void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size) { 328| 36| zeroize_buffer(z, z_size); 329| | 330| 36| BOTAN_ASSERT(z_size / 2 >= x_sw, "Output size is sufficient"); ------------------ | | 64| 36| do { \ | | 65| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 36| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 36] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 36| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 36] | | ------------------ ------------------ 331| | 332| 36| if(x_sw == 1) { ------------------ | Branch (332:7): [True: 0, False: 36] ------------------ 333| 0| bigint_linmul3(z, x, x_sw, x[0]); 334| 36| } else if(sized_for_comba_sqr<4>(x_sw, x_size, z_size)) { ------------------ | Branch (334:14): [True: 18, False: 18] ------------------ 335| 18| bigint_comba_sqr4(z, x); 336| 18| } else if(sized_for_comba_sqr<6>(x_sw, x_size, z_size)) { ------------------ | Branch (336:14): [True: 6, False: 12] ------------------ 337| 6| bigint_comba_sqr6(z, x); 338| 12| } else if(sized_for_comba_sqr<8>(x_sw, x_size, z_size)) { ------------------ | Branch (338:14): [True: 6, False: 6] ------------------ 339| 6| bigint_comba_sqr8(z, x); 340| 6| } else if(sized_for_comba_sqr<9>(x_sw, x_size, z_size)) { ------------------ | Branch (340:14): [True: 3, False: 3] ------------------ 341| 3| bigint_comba_sqr9(z, x); 342| 3| } else if(sized_for_comba_sqr<16>(x_sw, x_size, z_size)) { ------------------ | Branch (342:14): [True: 0, False: 3] ------------------ 343| 0| bigint_comba_sqr16(z, x); 344| 3| } else if(sized_for_comba_sqr<24>(x_sw, x_size, z_size)) { ------------------ | Branch (344:14): [True: 0, False: 3] ------------------ 345| 0| bigint_comba_sqr24(z, x); 346| 3| } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || workspace == nullptr) { ------------------ | Branch (346:14): [True: 3, False: 0] | Branch (346:53): [True: 0, False: 0] ------------------ 347| 3| basecase_sqr(z, z_size, x, x_sw); 348| 3| } else { 349| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw); 350| | 351| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (351:10): [True: 0, False: 0] | Branch (351:19): [True: 0, False: 0] | Branch (351:38): [True: 0, False: 0] ------------------ 352| 0| karatsuba_sqr(z, x, N, workspace); 353| 0| } else { 354| 0| basecase_sqr(z, z_size, x, x_sw); 355| 0| } 356| 0| } 357| 36|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm4EEEbmmmmm: 272| 276|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 276| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 65, False: 211] | Branch (273:26): [True: 65, False: 0] | Branch (273:42): [True: 65, False: 0] | Branch (273:56): [True: 65, False: 0] | Branch (273:72): [True: 60, False: 5] ------------------ 274| 276|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm6EEEbmmmmm: 272| 216|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 216| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 115, False: 101] | Branch (273:26): [True: 115, False: 0] | Branch (273:42): [True: 115, False: 0] | Branch (273:56): [True: 115, False: 0] | Branch (273:72): [True: 110, False: 5] ------------------ 274| 216|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm8EEEbmmmmm: 272| 106|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 106| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 51, False: 55] | Branch (273:26): [True: 51, False: 0] | Branch (273:42): [True: 51, False: 0] | Branch (273:56): [True: 51, False: 0] | Branch (273:72): [True: 46, False: 5] ------------------ 274| 106|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm9EEEbmmmmm: 272| 60|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 60| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 44, False: 16] | Branch (273:26): [True: 40, False: 4] | Branch (273:42): [True: 40, False: 0] | Branch (273:56): [True: 40, False: 0] | Branch (273:72): [True: 39, False: 1] ------------------ 274| 60|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm16EEEbmmmmm: 272| 21|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 21| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 21, False: 0] | Branch (273:26): [True: 8, False: 13] | Branch (273:42): [True: 8, False: 0] | Branch (273:56): [True: 8, False: 0] | Branch (273:72): [True: 0, False: 8] ------------------ 274| 21|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm24EEEbmmmmm: 272| 21|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 21| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 21, False: 0] | Branch (273:26): [True: 0, False: 21] | Branch (273:42): [True: 0, False: 0] | Branch (273:56): [True: 0, False: 0] | Branch (273:72): [True: 0, False: 0] ------------------ 274| 21|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm4EEEbmmm: 277| 36|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 36| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 21, False: 15] | Branch (278:26): [True: 21, False: 0] | Branch (278:42): [True: 18, False: 3] ------------------ 279| 36|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm6EEEbmmm: 277| 18|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 18| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 9, False: 9] | Branch (278:26): [True: 9, False: 0] | Branch (278:42): [True: 6, False: 3] ------------------ 279| 18|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm8EEEbmmm: 277| 12|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 12| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 9, False: 3] | Branch (278:26): [True: 9, False: 0] | Branch (278:42): [True: 6, False: 3] ------------------ 279| 12|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm9EEEbmmm: 277| 6|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 6| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 6, False: 0] | Branch (278:26): [True: 4, False: 2] | Branch (278:42): [True: 3, False: 1] ------------------ 279| 6|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm16EEEbmmm: 277| 3|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 3| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 0] | Branch (278:26): [True: 0, False: 3] | Branch (278:42): [True: 0, False: 0] ------------------ 279| 3|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm24EEEbmmm: 277| 3|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 3| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 0] | Branch (278:26): [True: 0, False: 3] | Branch (278:42): [True: 0, False: 0] ------------------ 279| 3|} _ZN5Botan25bigint_monty_redc_genericEPmPKmmS2_mmS0_: 91| 8| word r[], const word z[], size_t z_size, const word p[], size_t p_size, word p_dash, word ws[]) { 92| 8| BOTAN_ARG_CHECK(z_size >= 2 * p_size && p_size > 0, "Invalid sizes for bigint_monty_redc_generic"); ------------------ | | 35| 8| do { \ | | 36| 8| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 16| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 8, False: 0] | | | Branch (37:12): [True: 8, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 8| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 8] | | ------------------ ------------------ 93| | 94| 8| word3 accum; 95| | 96| 8| accum.add(z[0]); 97| | 98| 8| ws[0] = accum.monty_step(p[0], p_dash); 99| | 100| 48| for(size_t i = 1; i != p_size; ++i) { ------------------ | Branch (100:22): [True: 40, False: 8] ------------------ 101| 40| mul_rev_range(accum, ws, p, i); 102| 40| accum.add(z[i]); 103| 40| ws[i] = accum.monty_step(p[0], p_dash); 104| 40| } 105| | 106| 48| for(size_t i = 0; i != p_size - 1; ++i) { ------------------ | Branch (106:22): [True: 40, False: 8] ------------------ 107| 40| mul_rev_range(accum, &ws[i + 1], &p[i], p_size - (i + 1)); 108| 40| accum.add(z[p_size + i]); 109| 40| ws[i] = accum.extract(); 110| 40| } 111| | 112| 8| accum.add(z[2 * p_size - 1]); 113| | 114| 8| ws[p_size - 1] = accum.extract(); 115| | // w1 is the final part, which is not stored in the workspace 116| 8| const word w1 = accum.extract(); 117| | 118| | /* 119| | * The result might need to be reduced mod p. To avoid a timing 120| | * channel, always perform the subtraction. If in the computation 121| | * of x - p a borrow is required then x was already < p. 122| | * 123| | * x starts at ws[0] and is p_size bytes long plus a possible high 124| | * digit left over in w1. 125| | * 126| | * x - p starts at z[0] and is also p_size bytes long 127| | * 128| | * If borrow was set after the subtraction, then x was already less 129| | * than p and the subtraction was not needed. In that case overwrite 130| | * z[0:p_size] with the original x in ws[0:p_size]. 131| | * 132| | * We only copy out p_size in the final step because we know 133| | * the Montgomery result is < P 134| | */ 135| | 136| 8| bigint_monty_maybe_sub(p_size, r, w1, ws, p); 137| 8|} mp_monty.cpp:_ZN5Botan12_GLOBAL__N_113mul_rev_rangeERNS_5word3ImEEPKmS5_m: 18| 80|BOTAN_FORCE_INLINE void mul_rev_range(word3& accum, const word ws[], const word p[], size_t bound) { 19| | /* 20| | Unrolled version of: 21| | 22| | for(size_t i = 0; i < bound; ++i) { 23| | accum.mul(ws[i], p[bound - i]); 24| | } 25| | */ 26| | 27| 80| size_t lower = 0; 28| 200| while(lower < bound) { ------------------ | Branch (28:10): [True: 120, False: 80] ------------------ 29| 120| const size_t upper = bound - lower; 30| | 31| 120| if(upper >= 16) { ------------------ | Branch (31:10): [True: 0, False: 120] ------------------ 32| 0| accum.mul(ws[lower], p[upper]); 33| 0| accum.mul(ws[lower + 1], p[upper - 1]); 34| 0| accum.mul(ws[lower + 2], p[upper - 2]); 35| 0| accum.mul(ws[lower + 3], p[upper - 3]); 36| 0| accum.mul(ws[lower + 4], p[upper - 4]); 37| 0| accum.mul(ws[lower + 5], p[upper - 5]); 38| 0| accum.mul(ws[lower + 6], p[upper - 6]); 39| 0| accum.mul(ws[lower + 7], p[upper - 7]); 40| 0| accum.mul(ws[lower + 8], p[upper - 8]); 41| 0| accum.mul(ws[lower + 9], p[upper - 9]); 42| 0| accum.mul(ws[lower + 10], p[upper - 10]); 43| 0| accum.mul(ws[lower + 11], p[upper - 11]); 44| 0| accum.mul(ws[lower + 12], p[upper - 12]); 45| 0| accum.mul(ws[lower + 13], p[upper - 13]); 46| 0| accum.mul(ws[lower + 14], p[upper - 14]); 47| 0| accum.mul(ws[lower + 15], p[upper - 15]); 48| 0| lower += 16; 49| 120| } else if(upper >= 8) { ------------------ | Branch (49:17): [True: 8, False: 112] ------------------ 50| 8| accum.mul(ws[lower], p[upper]); 51| 8| accum.mul(ws[lower + 1], p[upper - 1]); 52| 8| accum.mul(ws[lower + 2], p[upper - 2]); 53| 8| accum.mul(ws[lower + 3], p[upper - 3]); 54| 8| accum.mul(ws[lower + 4], p[upper - 4]); 55| 8| accum.mul(ws[lower + 5], p[upper - 5]); 56| 8| accum.mul(ws[lower + 6], p[upper - 6]); 57| 8| accum.mul(ws[lower + 7], p[upper - 7]); 58| 8| lower += 8; 59| 112| } else if(upper >= 4) { ------------------ | Branch (59:17): [True: 32, False: 80] ------------------ 60| 32| accum.mul(ws[lower], p[upper]); 61| 32| accum.mul(ws[lower + 1], p[upper - 1]); 62| 32| accum.mul(ws[lower + 2], p[upper - 2]); 63| 32| accum.mul(ws[lower + 3], p[upper - 3]); 64| 32| lower += 4; 65| 80| } else if(upper >= 2) { ------------------ | Branch (65:17): [True: 40, False: 40] ------------------ 66| 40| accum.mul(ws[lower], p[upper]); 67| 40| accum.mul(ws[lower + 1], p[upper - 1]); 68| 40| lower += 2; 69| 40| } else { 70| 40| accum.mul(ws[lower], p[upper]); 71| 40| lower += 1; 72| 40| } 73| 120| } 74| 80|} _ZN5Botan19bigint_monty_redc_4EPmPKmS2_mS0_: 12| 1.23M|void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) { 13| 1.23M| word3 accum; 14| 1.23M| accum.add(z[0]); 15| 1.23M| ws[0] = accum.monty_step(p[0], p_dash); 16| 1.23M| accum.mul(ws[0], p[1]); 17| 1.23M| accum.add(z[1]); 18| 1.23M| ws[1] = accum.monty_step(p[0], p_dash); 19| 1.23M| accum.mul(ws[0], p[2]); 20| 1.23M| accum.mul(ws[1], p[1]); 21| 1.23M| accum.add(z[2]); 22| 1.23M| ws[2] = accum.monty_step(p[0], p_dash); 23| 1.23M| accum.mul(ws[0], p[3]); 24| 1.23M| accum.mul(ws[1], p[2]); 25| 1.23M| accum.mul(ws[2], p[1]); 26| 1.23M| accum.add(z[3]); 27| 1.23M| ws[3] = accum.monty_step(p[0], p_dash); 28| 1.23M| accum.mul(ws[1], p[3]); 29| 1.23M| accum.mul(ws[2], p[2]); 30| 1.23M| accum.mul(ws[3], p[1]); 31| 1.23M| accum.add(z[4]); 32| 1.23M| ws[0] = accum.extract(); 33| 1.23M| accum.mul(ws[2], p[3]); 34| 1.23M| accum.mul(ws[3], p[2]); 35| 1.23M| accum.add(z[5]); 36| 1.23M| ws[1] = accum.extract(); 37| 1.23M| accum.mul(ws[3], p[3]); 38| 1.23M| accum.add(z[6]); 39| 1.23M| ws[2] = accum.extract(); 40| 1.23M| accum.add(z[7]); 41| 1.23M| ws[3] = accum.extract(); 42| 1.23M| const word w1 = accum.extract(); 43| 1.23M| bigint_monty_maybe_sub<4>(r, w1, ws, p); 44| 1.23M|} _ZN5Botan19bigint_monty_redc_6EPmPKmS2_mS0_: 46| 536k|void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) { 47| 536k| word3 accum; 48| 536k| accum.add(z[0]); 49| 536k| ws[0] = accum.monty_step(p[0], p_dash); 50| 536k| accum.mul(ws[0], p[1]); 51| 536k| accum.add(z[1]); 52| 536k| ws[1] = accum.monty_step(p[0], p_dash); 53| 536k| accum.mul(ws[0], p[2]); 54| 536k| accum.mul(ws[1], p[1]); 55| 536k| accum.add(z[2]); 56| 536k| ws[2] = accum.monty_step(p[0], p_dash); 57| 536k| accum.mul(ws[0], p[3]); 58| 536k| accum.mul(ws[1], p[2]); 59| 536k| accum.mul(ws[2], p[1]); 60| 536k| accum.add(z[3]); 61| 536k| ws[3] = accum.monty_step(p[0], p_dash); 62| 536k| accum.mul(ws[0], p[4]); 63| 536k| accum.mul(ws[1], p[3]); 64| 536k| accum.mul(ws[2], p[2]); 65| 536k| accum.mul(ws[3], p[1]); 66| 536k| accum.add(z[4]); 67| 536k| ws[4] = accum.monty_step(p[0], p_dash); 68| 536k| accum.mul(ws[0], p[5]); 69| 536k| accum.mul(ws[1], p[4]); 70| 536k| accum.mul(ws[2], p[3]); 71| 536k| accum.mul(ws[3], p[2]); 72| 536k| accum.mul(ws[4], p[1]); 73| 536k| accum.add(z[5]); 74| 536k| ws[5] = accum.monty_step(p[0], p_dash); 75| 536k| accum.mul(ws[1], p[5]); 76| 536k| accum.mul(ws[2], p[4]); 77| 536k| accum.mul(ws[3], p[3]); 78| 536k| accum.mul(ws[4], p[2]); 79| 536k| accum.mul(ws[5], p[1]); 80| 536k| accum.add(z[6]); 81| 536k| ws[0] = accum.extract(); 82| 536k| accum.mul(ws[2], p[5]); 83| 536k| accum.mul(ws[3], p[4]); 84| 536k| accum.mul(ws[4], p[3]); 85| 536k| accum.mul(ws[5], p[2]); 86| 536k| accum.add(z[7]); 87| 536k| ws[1] = accum.extract(); 88| 536k| accum.mul(ws[3], p[5]); 89| 536k| accum.mul(ws[4], p[4]); 90| 536k| accum.mul(ws[5], p[3]); 91| 536k| accum.add(z[8]); 92| 536k| ws[2] = accum.extract(); 93| 536k| accum.mul(ws[4], p[5]); 94| 536k| accum.mul(ws[5], p[4]); 95| 536k| accum.add(z[9]); 96| 536k| ws[3] = accum.extract(); 97| 536k| accum.mul(ws[5], p[5]); 98| 536k| accum.add(z[10]); 99| 536k| ws[4] = accum.extract(); 100| 536k| accum.add(z[11]); 101| 536k| ws[5] = accum.extract(); 102| 536k| const word w1 = accum.extract(); 103| 536k| bigint_monty_maybe_sub<6>(r, w1, ws, p); 104| 536k|} _ZN5Botan19bigint_monty_redc_8EPmPKmS2_mS0_: 106| 787k|void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) { 107| 787k| word3 accum; 108| 787k| accum.add(z[0]); 109| 787k| ws[0] = accum.monty_step(p[0], p_dash); 110| 787k| accum.mul(ws[0], p[1]); 111| 787k| accum.add(z[1]); 112| 787k| ws[1] = accum.monty_step(p[0], p_dash); 113| 787k| accum.mul(ws[0], p[2]); 114| 787k| accum.mul(ws[1], p[1]); 115| 787k| accum.add(z[2]); 116| 787k| ws[2] = accum.monty_step(p[0], p_dash); 117| 787k| accum.mul(ws[0], p[3]); 118| 787k| accum.mul(ws[1], p[2]); 119| 787k| accum.mul(ws[2], p[1]); 120| 787k| accum.add(z[3]); 121| 787k| ws[3] = accum.monty_step(p[0], p_dash); 122| 787k| accum.mul(ws[0], p[4]); 123| 787k| accum.mul(ws[1], p[3]); 124| 787k| accum.mul(ws[2], p[2]); 125| 787k| accum.mul(ws[3], p[1]); 126| 787k| accum.add(z[4]); 127| 787k| ws[4] = accum.monty_step(p[0], p_dash); 128| 787k| accum.mul(ws[0], p[5]); 129| 787k| accum.mul(ws[1], p[4]); 130| 787k| accum.mul(ws[2], p[3]); 131| 787k| accum.mul(ws[3], p[2]); 132| 787k| accum.mul(ws[4], p[1]); 133| 787k| accum.add(z[5]); 134| 787k| ws[5] = accum.monty_step(p[0], p_dash); 135| 787k| accum.mul(ws[0], p[6]); 136| 787k| accum.mul(ws[1], p[5]); 137| 787k| accum.mul(ws[2], p[4]); 138| 787k| accum.mul(ws[3], p[3]); 139| 787k| accum.mul(ws[4], p[2]); 140| 787k| accum.mul(ws[5], p[1]); 141| 787k| accum.add(z[6]); 142| 787k| ws[6] = accum.monty_step(p[0], p_dash); 143| 787k| accum.mul(ws[0], p[7]); 144| 787k| accum.mul(ws[1], p[6]); 145| 787k| accum.mul(ws[2], p[5]); 146| 787k| accum.mul(ws[3], p[4]); 147| 787k| accum.mul(ws[4], p[3]); 148| 787k| accum.mul(ws[5], p[2]); 149| 787k| accum.mul(ws[6], p[1]); 150| 787k| accum.add(z[7]); 151| 787k| ws[7] = accum.monty_step(p[0], p_dash); 152| 787k| accum.mul(ws[1], p[7]); 153| 787k| accum.mul(ws[2], p[6]); 154| 787k| accum.mul(ws[3], p[5]); 155| 787k| accum.mul(ws[4], p[4]); 156| 787k| accum.mul(ws[5], p[3]); 157| 787k| accum.mul(ws[6], p[2]); 158| 787k| accum.mul(ws[7], p[1]); 159| 787k| accum.add(z[8]); 160| 787k| ws[0] = accum.extract(); 161| 787k| accum.mul(ws[2], p[7]); 162| 787k| accum.mul(ws[3], p[6]); 163| 787k| accum.mul(ws[4], p[5]); 164| 787k| accum.mul(ws[5], p[4]); 165| 787k| accum.mul(ws[6], p[3]); 166| 787k| accum.mul(ws[7], p[2]); 167| 787k| accum.add(z[9]); 168| 787k| ws[1] = accum.extract(); 169| 787k| accum.mul(ws[3], p[7]); 170| 787k| accum.mul(ws[4], p[6]); 171| 787k| accum.mul(ws[5], p[5]); 172| 787k| accum.mul(ws[6], p[4]); 173| 787k| accum.mul(ws[7], p[3]); 174| 787k| accum.add(z[10]); 175| 787k| ws[2] = accum.extract(); 176| 787k| accum.mul(ws[4], p[7]); 177| 787k| accum.mul(ws[5], p[6]); 178| 787k| accum.mul(ws[6], p[5]); 179| 787k| accum.mul(ws[7], p[4]); 180| 787k| accum.add(z[11]); 181| 787k| ws[3] = accum.extract(); 182| 787k| accum.mul(ws[5], p[7]); 183| 787k| accum.mul(ws[6], p[6]); 184| 787k| accum.mul(ws[7], p[5]); 185| 787k| accum.add(z[12]); 186| 787k| ws[4] = accum.extract(); 187| 787k| accum.mul(ws[6], p[7]); 188| 787k| accum.mul(ws[7], p[6]); 189| 787k| accum.add(z[13]); 190| 787k| ws[5] = accum.extract(); 191| 787k| accum.mul(ws[7], p[7]); 192| 787k| accum.add(z[14]); 193| 787k| ws[6] = accum.extract(); 194| 787k| accum.add(z[15]); 195| 787k| ws[7] = accum.extract(); 196| 787k| const word w1 = accum.extract(); 197| 787k| bigint_monty_maybe_sub<8>(r, w1, ws, p); 198| 787k|} _ZN5Botan17Barrett_ReductionC2ERKNS_6BigIntES1_m: 17| 36| m_modulus(m), m_mu(std::move(mu)), m_mod_words(mw), m_modulus_bits(m.bits()) { 18| | // Give some extra space for Karatsuba 19| 36| m_modulus.grow_to(m_mod_words + 8); 20| 36| m_mu.grow_to(m_mod_words + 8); 21| 36|} _ZN5Botan17Barrett_Reduction18for_public_modulusERKNS_6BigIntE: 33| 36|Barrett_Reduction Barrett_Reduction::for_public_modulus(const BigInt& mod) { 34| 36| BOTAN_ARG_CHECK(mod.signum() > 0, "Modulus must be positive"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 35| | 36| 36| const size_t mod_words = mod.sig_words(); 37| | 38| | // Compute mu = floor(2^{2k} / m) 39| 36| const size_t mu_bits = 2 * WordInfo::bits * mod_words; 40| 36| return Barrett_Reduction(mod, vartime_divide_pow2k(mu_bits, mod), mod_words); 41| 36|} _ZNK5Botan17Barrett_Reduction8multiplyERKNS_6BigIntES3_: 159| 36|BigInt Barrett_Reduction::multiply(const BigInt& x, const BigInt& y) const { 160| 36| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett multiply"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 161| 36| BOTAN_ARG_CHECK(acceptable_barrett_input(y, m_modulus).as_bool(), "Invalid y param for Barrett multiply"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 162| | 163| 36| secure_vector ws(2 * (m_mod_words + 2)); 164| 36| secure_vector xy(2 * m_mod_words); 165| | 166| 36| bigint_mul(xy.data(), 167| 36| xy.size(), 168| 36| x._data(), 169| 36| x.size(), 170| 36| std::min(x.size(), m_mod_words), 171| 36| y._data(), 172| 36| y.size(), 173| 36| std::min(y.size(), m_mod_words), 174| 36| ws.data(), 175| 36| ws.size()); 176| | 177| 36| return barrett_reduce(m_mod_words, m_modulus, m_mu, xy, ws); 178| 36|} _ZNK5Botan17Barrett_Reduction6squareERKNS_6BigIntE: 180| 36|BigInt Barrett_Reduction::square(const BigInt& x) const { 181| 36| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett square"); ------------------ | | 35| 36| do { \ | | 36| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 36| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 36] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 36| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 36] | | ------------------ ------------------ 182| | 183| 36| secure_vector ws(2 * (m_mod_words + 2)); 184| 36| secure_vector x2(2 * m_mod_words); 185| | 186| 36| bigint_sqr(x2.data(), x2.size(), x._data(), x.size(), std::min(x.size(), m_mod_words), ws.data(), ws.size()); 187| | 188| 36| return barrett_reduce(m_mod_words, m_modulus, m_mu, x2, ws); 189| 36|} _ZNK5Botan17Barrett_Reduction6reduceERKNS_6BigIntE: 191| 24|BigInt Barrett_Reduction::reduce(const BigInt& x) const { 192| 24| BOTAN_ARG_CHECK(x.signum() >= 0, "Argument must be non-negative"); ------------------ | | 35| 24| do { \ | | 36| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 24] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 24| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 24] | | ------------------ ------------------ 193| | 194| 24| const size_t x_sw = x.sig_words(); 195| 24| BOTAN_ARG_CHECK(x_sw <= 2 * m_mod_words, "Argument is too large for Barrett reduction"); ------------------ | | 35| 24| do { \ | | 36| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 24] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 24| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 24] | | ------------------ ------------------ 196| | 197| 24| x.grow_to(2 * m_mod_words); 198| | 199| 24| secure_vector ws; 200| 24| return barrett_reduce(m_mod_words, m_modulus, m_mu, x._as_span(), ws); 201| 24|} barrett.cpp:_ZN5Botan12_GLOBAL__N_124acceptable_barrett_inputERKNS_6BigIntES3_: 151| 108|CT::Choice acceptable_barrett_input(const BigInt& x, const BigInt& modulus) { 152| 108| auto x_is_positive = CT::Choice::from_int(static_cast(x.signum() >= 0)); 153| 108| auto x_lt_mod = bigint_ct_is_lt(x._data(), x.size(), modulus._data(), modulus.sig_words()).as_choice(); 154| 108| return x_is_positive && x_lt_mod; 155| 108|} barrett.cpp:_ZN5Botan12_GLOBAL__N_114barrett_reduceEmRKNS_6BigIntES3_NSt3__14spanIKmLm18446744073709551615EEERNS4_6vectorImNS_16secure_allocatorImEEEE: 54| 96| size_t mod_words, const BigInt& modulus, const BigInt& mu, std::span x_words, secure_vector& ws) { 55| 96| BOTAN_ASSERT_NOMSG(modulus.sig_words() == mod_words); ------------------ | | 77| 96| do { \ | | 78| 96| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 96| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 96] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 96| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 96] | | ------------------ ------------------ 56| | 57| | // Caller must expand input to be at least this size 58| 96| BOTAN_ASSERT_NOMSG(x_words.size() >= 2 * mod_words); ------------------ | | 77| 96| do { \ | | 78| 96| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 96| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 96] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 96| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 96] | | ------------------ ------------------ 59| | 60| | // Normally mod_words + 1 but can be + 2 if the modulus is a power of 2 61| 96| const size_t mu_words = mu.sig_words(); 62| 96| BOTAN_ASSERT_NOMSG(mu_words <= mod_words + 2); ------------------ | | 77| 96| do { \ | | 78| 96| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 96| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 96] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 96| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 96] | | ------------------ ------------------ 63| | 64| 96| if(ws.size() < 2 * (mod_words + 2)) { ------------------ | Branch (64:7): [True: 24, False: 72] ------------------ 65| 24| ws.resize(2 * (mod_words + 2)); 66| 24| } 67| | 68| 96| CT::poison(x_words); 69| | 70| | /* 71| | * Following the notation of Handbook of Applied Cryptography 72| | * Algorithm 14.42 "Barrett modular reduction", page 604 73| | * 74| | * 75| | * Using `mu` for μ in the code 76| | */ 77| | 78| | // Compute q1 = floor(x / 2^(k - 1)) which is equivalent to ignoring the low (k-1) words 79| | 80| | // 2 * mod_words + 1 is sufficient, extra is to enable Karatsuba 81| 96| secure_vector r(2 * mu_words + 2); 82| | 83| 96| copy_mem(r.data(), x_words.data() + (mod_words - 1), mod_words + 1); 84| | 85| | // Now compute q2 = q1 * μ 86| | 87| | // We allocate more size than required since this allows Karatsuba more often; 88| | // just `mu_words + (mod_words + 1)` is sufficient 89| 96| const size_t q2_size = 2 * mu_words + 2; 90| | 91| 96| secure_vector q2(q2_size); 92| | 93| 96| bigint_mul( 94| 96| q2.data(), q2.size(), r.data(), r.size(), mod_words + 1, mu._data(), mu.size(), mu_words, ws.data(), ws.size()); 95| | 96| | // Compute r2 = (floor(q2 / b^(k+1)) * m) mod 2^(k+1) 97| | // The division/floor is again effected by just ignoring the low k + 1 words 98| 96| bigint_mul(r.data(), 99| 96| r.size(), 100| 96| &q2[mod_words + 1], // ignoring the low mod_words + 1 words of the first product 101| 96| q2.size() - (mod_words + 1), 102| 96| mod_words + 1, 103| 96| modulus._data(), 104| 96| modulus.size(), 105| 96| mod_words, 106| 96| ws.data(), 107| 96| ws.size()); 108| | 109| | // Clear the high words of the product, equivalent to computing mod 2^(k+1) 110| | // TODO add masked mul to avoid computing high bits at all 111| 96| clear_mem(std::span{r}.subspan(mod_words + 1)); 112| | 113| | // Compute r = r1 - r2 114| | 115| | // The return value of bigint_sub_abs isn't quite right for what we need here so first compare 116| 96| const int32_t relative_size = bigint_cmp(r.data(), mod_words + 1, x_words.data(), mod_words + 1); 117| | 118| 96| bigint_sub_abs(r.data(), r.data(), x_words.data(), mod_words + 1, ws.data()); 119| | 120| | /* 121| | If r is negative then we have to set r to r + 2^(k+1) 122| | 123| | However for r negative computing this sum is equivalent to computing 2^(k+1) - abs(r) 124| | */ 125| 96| clear_mem(ws.data(), mod_words + 2); 126| 96| ws[mod_words + 1] = 1; 127| 96| bigint_sub2(ws.data(), mod_words + 2, r.data(), mod_words + 2); 128| | 129| | // If relative_size > 0 then assign r to 2^(k+1) - r 130| 96| CT::Mask::is_equal(static_cast(relative_size), 1).select_n(r.data(), ws.data(), r.data(), mod_words + 2); 131| | 132| | /* 133| | * Per HAC Note 14.44 (ii) "step 4 is repeated at most twice since 0 ≤ r < 3m" 134| | */ 135| 96| const size_t bound = 2; 136| | 137| 96| BOTAN_ASSERT_NOMSG(r.size() >= mod_words + 1); ------------------ | | 77| 96| do { \ | | 78| 96| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 96| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 96] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 96| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 96] | | ------------------ ------------------ 138| 288| for(size_t i = 0; i != bound; ++i) { ------------------ | Branch (138:22): [True: 192, False: 96] ------------------ 139| 192| const word borrow = bigint_sub3(ws.data(), r.data(), mod_words + 1, modulus._data(), mod_words); 140| 192| CT::Mask::is_zero(borrow).select_n(r.data(), ws.data(), r.data(), mod_words + 1); 141| 192| } 142| | 143| 96| CT::unpoison(q2); 144| 96| CT::unpoison(r); 145| 96| CT::unpoison(ws); 146| 96| CT::unpoison(x_words); 147| | 148| 96| return BigInt::_from_words(r); 149| 96|} _ZN5Botan17Montgomery_Params4DataC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 40| 12|Montgomery_Params::Data::Data(const BigInt& p, const Barrett_Reduction& mod_p) { 41| 12| if(p.is_even() || p < 3) { ------------------ | Branch (41:7): [True: 0, False: 12] | Branch (41:22): [True: 0, False: 12] ------------------ 42| 0| throw Invalid_Argument("Montgomery_Params invalid modulus"); 43| 0| } 44| | 45| 12| m_p = p; 46| 12| m_p_words = m_p.sig_words(); 47| 12| m_p_dash = monty_inverse(m_p.word_at(0)); 48| | 49| 12| const BigInt r = BigInt::power_of_2(m_p_words * WordInfo::bits); 50| | 51| 12| m_r1 = mod_p.reduce(r); 52| 12| m_r2 = mod_p.square(m_r1); 53| 12| m_r3 = mod_p.multiply(m_r1, m_r2); 54| | 55| | // Barrett should be at least zero prefixing up to modulus size 56| 12| BOTAN_ASSERT_NOMSG(m_r1.size() >= m_p_words); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 57| 12| BOTAN_ASSERT_NOMSG(m_r2.size() >= m_p_words); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 58| 12| BOTAN_ASSERT_NOMSG(m_r3.size() >= m_p_words); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 59| 12|} _ZN5Botan17Montgomery_ParamsC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 62| 12| m_data(std::make_shared(p, mod_p)) {} _ZNK5Botan17Montgomery_Params3mulERKNS_6BigIntES3_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 90| 24|BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y, secure_vector& ws) const { 91| 24| const size_t p_size = this->p_words(); 92| 24| BigInt z = BigInt::with_capacity(2 * p_size); 93| 24| this->mul(z, x, y, ws); 94| 24| return z; 95| 24|} _ZNK5Botan17Montgomery_Params3mulERNS_6BigIntERKS1_S4_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 97| 24|void Montgomery_Params::mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { 98| 24| BOTAN_ARG_CHECK(&z != &x && &z != &y, "Montgomery_Params::mul output must not alias inputs"); ------------------ | | 35| 24| do { \ | | 36| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 48| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 24, False: 0] | | | Branch (37:12): [True: 24, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 24| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 24] | | ------------------ ------------------ 99| | 100| 24| const size_t p_size = this->p_words(); 101| | 102| 24| if(ws.size() < 2 * p_size) { ------------------ | Branch (102:7): [True: 12, False: 12] ------------------ 103| 12| ws.resize(2 * p_size); 104| 12| } 105| | 106| 24| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 24| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 24| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 24] | | ------------------ ------------------ 107| 24| BOTAN_DEBUG_ASSERT(y.sig_words() <= p_size); ------------------ | | 130| 24| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 24| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 24] | | ------------------ ------------------ 108| | 109| 24| if(z.size() < 2 * p_size) { ------------------ | Branch (109:7): [True: 0, False: 24] ------------------ 110| 0| z.grow_to(2 * p_size); 111| 0| } 112| | 113| 24| bigint_mul(z.mutable_data(), 114| 24| z.size(), 115| 24| x._data(), 116| 24| x.size(), 117| 24| std::min(p_size, x.size()), 118| 24| y._data(), 119| 24| y.size(), 120| 24| std::min(p_size, y.size()), 121| 24| ws.data(), 122| 24| ws.size()); 123| | 124| 24| bigint_monty_redc_inplace(z.mutable_data(), this->p()._data(), p_size, this->p_dash(), ws.data(), ws.size()); 125| 24|} _ZNK5Botan17Montgomery_Params6mul_byERNS_6BigIntERKS1_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 157| 24|void Montgomery_Params::mul_by(BigInt& x, const BigInt& y, secure_vector& ws) const { 158| 24| const size_t p_size = this->p_words(); 159| | 160| 24| if(ws.size() < 4 * p_size) { ------------------ | Branch (160:7): [True: 12, False: 12] ------------------ 161| 12| ws.resize(4 * p_size); 162| 12| } 163| | 164| 24| word* z_data = ws.data(); 165| 24| word* ws_data = &ws[2 * p_size]; 166| | 167| 24| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 24| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 24| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 24] | | ------------------ ------------------ 168| | 169| 24| bigint_mul(z_data, 170| 24| 2 * p_size, 171| 24| x._data(), 172| 24| x.size(), 173| 24| std::min(p_size, x.size()), 174| 24| y._data(), 175| 24| y.size(), 176| 24| std::min(p_size, y.size()), 177| 24| ws_data, 178| 24| 2 * p_size); 179| | 180| 24| bigint_monty_redc_inplace(z_data, this->p()._data(), p_size, this->p_dash(), ws_data, 2 * p_size); 181| | 182| 24| if(x.size() < 2 * p_size) { ------------------ | Branch (182:7): [True: 10, False: 14] ------------------ 183| 10| x.grow_to(2 * p_size); 184| 10| } 185| 24| copy_mem(x.mutable_data(), z_data, 2 * p_size); 186| 24|} _ZN5Botan6PCurve15PrimeOrderCurve15for_named_curveENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 32| 12|std::shared_ptr PrimeOrderCurve::for_named_curve(std::string_view name) { 33| 12|#if defined(BOTAN_HAS_PCURVES_SECP256R1) 34| 12| if(name == "secp256r1") { ------------------ | Branch (34:7): [True: 1, False: 11] ------------------ 35| 1| return PCurveInstance::secp256r1(); 36| 1| } 37| 11|#endif 38| | 39| 11|#if defined(BOTAN_HAS_PCURVES_SECP384R1) 40| 11| if(name == "secp384r1") { ------------------ | Branch (40:7): [True: 1, False: 10] ------------------ 41| 1| return PCurveInstance::secp384r1(); 42| 1| } 43| 10|#endif 44| | 45| 10|#if defined(BOTAN_HAS_PCURVES_SECP521R1) 46| 10| if(name == "secp521r1") { ------------------ | Branch (46:7): [True: 1, False: 9] ------------------ 47| 1| return PCurveInstance::secp521r1(); 48| 1| } 49| 9|#endif 50| | 51| 9|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) 52| 9| if(name == "brainpool256r1") { ------------------ | Branch (52:7): [True: 1, False: 8] ------------------ 53| 1| return PCurveInstance::brainpool256r1(); 54| 1| } 55| 8|#endif 56| | 57| 8|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) 58| 8| if(name == "brainpool384r1") { ------------------ | Branch (58:7): [True: 1, False: 7] ------------------ 59| 1| return PCurveInstance::brainpool384r1(); 60| 1| } 61| 7|#endif 62| | 63| 7|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) 64| 7| if(name == "brainpool512r1") { ------------------ | Branch (64:7): [True: 1, False: 6] ------------------ 65| 1| return PCurveInstance::brainpool512r1(); 66| 1| } 67| 6|#endif 68| | 69| 6|#if defined(BOTAN_HAS_PCURVES_FRP256V1) 70| 6| if(name == "frp256v1") { ------------------ | Branch (70:7): [True: 1, False: 5] ------------------ 71| 1| return PCurveInstance::frp256v1(); 72| 1| } 73| 5|#endif 74| | 75| 5|#if defined(BOTAN_HAS_PCURVES_SECP192R1) 76| 5| if(name == "secp192r1") { ------------------ | Branch (76:7): [True: 1, False: 4] ------------------ 77| 1| return PCurveInstance::secp192r1(); 78| 1| } 79| 4|#endif 80| | 81| 4|#if defined(BOTAN_HAS_PCURVES_SECP224R1) 82| 4| if(name == "secp224r1") { ------------------ | Branch (82:7): [True: 1, False: 3] ------------------ 83| 1| return PCurveInstance::secp224r1(); 84| 1| } 85| 3|#endif 86| | 87| 3|#if defined(BOTAN_HAS_PCURVES_SECP256K1) 88| 3| if(name == "secp256k1") { ------------------ | Branch (88:7): [True: 1, False: 2] ------------------ 89| 1| return PCurveInstance::secp256k1(); 90| 1| } 91| 2|#endif 92| | 93| 2|#if defined(BOTAN_HAS_PCURVES_SM2P256V1) 94| 2| if(name == "sm2p256v1") { ------------------ | Branch (94:7): [True: 1, False: 1] ------------------ 95| 1| return PCurveInstance::sm2p256v1(); 96| 1| } 97| 1|#endif 98| | 99| 1|#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) 100| 1| if(name == "numsp512d1") { ------------------ | Branch (100:7): [True: 1, False: 0] ------------------ 101| 1| return PCurveInstance::numsp512d1(); 102| 1| } 103| 0|#endif 104| | 105| 0| BOTAN_UNUSED(name); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 106| 0| return {}; 107| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool256r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool256r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool384r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool384r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool512r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool512r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance8frp256v1Ev: 36| 1|std::shared_ptr PCurveInstance::frp256v1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance10numsp512d1Ev: 145| 1|std::shared_ptr PCurveInstance::numsp512d1() { 146| 1| return PrimeOrderCurveImpl::instance(); 147| 1|} pcurves_numsp512d1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 26| 1| constexpr static std::array one() { return std::array{1}; } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm16EEE: 28| 58.1k| constexpr static std::array redc(const std::array& z) { 29| 58.1k| return redc_crandall(std::span{z}); 30| 58.1k| } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm8EEE: 36| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_numsp512d1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_110numsp512d113Numsp512d1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm8EEE: 32| 1| constexpr static std::array to_rep(const std::array& x) { return x; } _ZN5Botan6PCurve14PCurveInstance9secp192r1Ev: 180| 1|std::shared_ptr PCurveInstance::secp192r1() { 181| 1| return PrimeOrderCurveImpl::instance(); 182| 1|} pcurves_secp192r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 93| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp192r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm6EEE: 25| 22.1k| constexpr static std::array redc(const std::array& z) { 26| 22.1k| if constexpr(std::same_as && WordInfo::dword_is_native) { 27| 22.1k| using dword = typename WordInfo::dword; 28| | 29| 22.1k| const dword S01 = dword(z[0]) + z[3] + z[5]; 30| 22.1k| const dword S23 = dword(z[1]) + z[3] + z[4] + z[5]; 31| 22.1k| const dword S45 = dword(z[2]) + z[4] + z[5]; 32| | 33| 22.1k| std::array r = {}; 34| | 35| 22.1k| dword S = S01; 36| 22.1k| r[0] = static_cast(S); 37| 22.1k| S >>= 64; 38| | 39| 22.1k| S += S23; 40| 22.1k| r[1] = static_cast(S); 41| 22.1k| S >>= 64; 42| | 43| 22.1k| S += S45; 44| 22.1k| r[2] = static_cast(S); 45| 22.1k| S >>= 64; 46| | 47| 22.1k| BOTAN_DEBUG_ASSERT(S <= 3); ------------------ | | 130| 22.1k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 22.1k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 22.1k] | | ------------------ ------------------ 48| | 49| 22.1k| solinas_correct_redc(r, P, p192_mul_mod_192(static_cast(S))); 50| | 51| 22.1k| return r; 52| 22.1k| } 53| | 54| 0| const int64_t X00 = get_uint32(z.data(), 0); 55| 22.1k| const int64_t X01 = get_uint32(z.data(), 1); 56| 22.1k| const int64_t X02 = get_uint32(z.data(), 2); 57| 22.1k| const int64_t X03 = get_uint32(z.data(), 3); 58| 22.1k| const int64_t X04 = get_uint32(z.data(), 4); 59| 22.1k| const int64_t X05 = get_uint32(z.data(), 5); 60| 22.1k| const int64_t X06 = get_uint32(z.data(), 6); 61| 22.1k| const int64_t X07 = get_uint32(z.data(), 7); 62| 22.1k| const int64_t X08 = get_uint32(z.data(), 8); 63| 22.1k| const int64_t X09 = get_uint32(z.data(), 9); 64| 22.1k| const int64_t X10 = get_uint32(z.data(), 10); 65| 22.1k| const int64_t X11 = get_uint32(z.data(), 11); 66| | 67| 22.1k| const int64_t S0 = X00 + X06 + X10; 68| 22.1k| const int64_t S1 = X01 + X07 + X11; 69| 22.1k| const int64_t S2 = X02 + X06 + X08 + X10; 70| 22.1k| const int64_t S3 = X03 + X07 + X09 + X11; 71| 22.1k| const int64_t S4 = X04 + X08 + X10; 72| 22.1k| const int64_t S5 = X05 + X09 + X11; 73| | 74| 22.1k| std::array r = {}; 75| | 76| 22.1k| SolinasAccum sum(r); 77| | 78| 22.1k| sum.accum(S0); 79| 22.1k| sum.accum(S1); 80| 22.1k| sum.accum(S2); 81| 22.1k| sum.accum(S3); 82| 22.1k| sum.accum(S4); 83| 22.1k| sum.accum(S5); 84| 22.1k| const auto S = sum.final_carry(0); 85| | 86| 22.1k| BOTAN_DEBUG_ASSERT(S <= 3); ------------------ | | 130| 22.1k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 22.1k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 22.1k] | | ------------------ ------------------ 87| | 88| 22.1k| solinas_correct_redc(r, P, p192_mul_mod_192(S)); 89| | 90| 22.1k| return r; 91| 22.1k| } pcurves_secp192r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE16p192_mul_mod_192Em: 105| 22.1k| constexpr static std::array p192_mul_mod_192(W i) { 106| 22.1k| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 107| | 108| | // For small i, multiples of P-192 have a simple structure so it's faster to 109| | // compute the value directly vs a (constant time) table lookup 110| | 111| 22.1k| auto r = P; 112| | 113| | if constexpr(WordInfo::bits == 32) { 114| | r[2] -= i; 115| | r[0] -= i; 116| 22.1k| } else { 117| 22.1k| r[1] -= i; 118| 22.1k| r[0] -= i; 119| 22.1k| } 120| 22.1k| return r; 121| 22.1k| } pcurves_secp192r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm3EEE: 99| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp192r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp192r112Secp192r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm3EEE: 95| 1| constexpr static std::array to_rep(const std::array& x) { return x; } _ZN5Botan6PCurve14PCurveInstance9secp224r1Ev: 223| 1|std::shared_ptr PCurveInstance::secp224r1() { 224| 1| return PrimeOrderCurveImpl::instance(); 225| 1|} pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 69| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 25| 25.7k| constexpr static std::array redc(const std::array& z) { 26| 25.7k| const int64_t X00 = get_uint32(z.data(), 0); 27| 25.7k| const int64_t X01 = get_uint32(z.data(), 1); 28| 25.7k| const int64_t X02 = get_uint32(z.data(), 2); 29| 25.7k| const int64_t X03 = get_uint32(z.data(), 3); 30| 25.7k| const int64_t X04 = get_uint32(z.data(), 4); 31| 25.7k| const int64_t X05 = get_uint32(z.data(), 5); 32| 25.7k| const int64_t X06 = get_uint32(z.data(), 6); 33| 25.7k| const int64_t X07 = get_uint32(z.data(), 7); 34| 25.7k| const int64_t X08 = get_uint32(z.data(), 8); 35| 25.7k| const int64_t X09 = get_uint32(z.data(), 9); 36| 25.7k| const int64_t X10 = get_uint32(z.data(), 10); 37| 25.7k| const int64_t X11 = get_uint32(z.data(), 11); 38| 25.7k| const int64_t X12 = get_uint32(z.data(), 12); 39| 25.7k| const int64_t X13 = get_uint32(z.data(), 13); 40| | 41| 25.7k| const int64_t S0 = 0x00000001 + X00 - X07 - X11; 42| 25.7k| const int64_t S1 = 0x00000000 + X01 - X08 - X12; 43| 25.7k| const int64_t S2 = 0x00000000 + X02 - X09 - X13; 44| 25.7k| const int64_t S3 = 0xFFFFFFFF + X03 + X07 + X11 - X10; 45| 25.7k| const int64_t S4 = 0xFFFFFFFF + X04 + X08 + X12 - X11; 46| 25.7k| const int64_t S5 = 0xFFFFFFFF + X05 + X09 + X13 - X12; 47| 25.7k| const int64_t S6 = 0xFFFFFFFF + X06 + X10 - X13; 48| | 49| 25.7k| std::array r = {}; 50| | 51| 25.7k| SolinasAccum sum(r); 52| | 53| 25.7k| sum.accum(S0); 54| 25.7k| sum.accum(S1); 55| 25.7k| sum.accum(S2); 56| 25.7k| sum.accum(S3); 57| 25.7k| sum.accum(S4); 58| 25.7k| sum.accum(S5); 59| 25.7k| sum.accum(S6); 60| 25.7k| const auto S = sum.final_carry(0); 61| | 62| 25.7k| BOTAN_DEBUG_ASSERT(S <= 2); ------------------ | | 130| 25.7k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 25.7k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 25.7k] | | ------------------ ------------------ 63| | 64| 25.7k| solinas_correct_redc(r, P, p224_mul_mod_224(S)); 65| | 66| 25.7k| return r; 67| 25.7k| } pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE16p224_mul_mod_224Em: 81| 25.7k| constexpr static std::array p224_mul_mod_224(W i) { 82| 25.7k| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 83| | 84| | // For small i, multiples of P-224 have a simple structure so it's faster to 85| | // compute the value directly vs a (constant time) table lookup 86| | 87| 25.7k| auto r = P; 88| | 89| | if constexpr(WordInfo::bits == 32) { 90| | r[3] -= i; 91| | r[0] += i; 92| 25.7k| } else { 93| 25.7k| const W i32 = i << 32; 94| 25.7k| r[1] -= i32; 95| 25.7k| r[0] += i; 96| 25.7k| } 97| 25.7k| return r; 98| 25.7k| } pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 75| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r112Secp224r1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 71| 1| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp224r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp224r15Curve13scalar_invertERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS2_6ParamsENS2_12Secp224r1RepEE12ScalarParamsEEEEE: 151| 765| static constexpr Scalar scalar_invert(const Scalar& x) { 152| | // Generated using https://github.com/mmcloughlin/addchain 153| 765| auto t6 = x.square(); 154| 765| auto z = t6.square(); 155| 765| auto t3 = x * z; 156| 765| auto t2 = t3 * t6; 157| 765| auto t8 = t2 * z; 158| 765| auto t7 = t8 * z; 159| 765| auto t5 = t7 * z; 160| 765| auto t0 = t5 * t6; 161| 765| auto t1 = t0 * t6; 162| 765| auto t4 = t1 * z; 163| 765| z = t4 * t6; 164| 765| t6 *= z; 165| 765| auto t10 = t6.square(); 166| 765| auto t9 = t10 * x; 167| 765| t10.square_n(5); 168| 765| t9 *= t10; 169| 765| t10.square_n(5); 170| 765| t9 *= t10; 171| 765| t10 = t9; 172| 765| t10.square_n(16); 173| 765| t10 *= t9; 174| 765| auto t11 = t10; 175| 765| t11.square_n(32); 176| 765| t11 *= t10; 177| 765| t11.square_n(32); 178| 765| t10 *= t11; 179| 765| t10.square_n(16); 180| 765| t9 *= t10; 181| 765| t9.square_n(7); 182| 765| t8 *= t9; 183| 765| t8.square_n(4); 184| 765| t8 *= t3; 185| 765| t8.square_n(8); 186| 765| t8 *= t1; 187| 765| t8.square_n(10); 188| 765| t8 *= t1; 189| 765| t8.square_n(7); 190| 765| t7 *= t8; 191| 765| t7.square_n(11); 192| 765| t6 *= t7; 193| 765| t6.square_n(9); 194| 765| t5 *= t6; 195| 765| t5.square_n(5); 196| 765| t4 *= t5; 197| 765| t4.square_n(3); 198| 765| t4 *= t3; 199| 765| t4.square_n(5); 200| 765| t4 *= t3; 201| 765| t4.square_n(5); 202| 765| t3 *= t4; 203| 765| t3.square_n(8); 204| 765| t3 *= t0; 205| 765| t3.square_n(4); 206| 765| t2 *= t3; 207| 765| t2.square_n(8); 208| 765| t1 *= t2; 209| 765| t1.square_n(9); 210| 765| t0 *= t1; 211| 765| t0.square_n(8); 212| 765| z *= t0; 213| 765| z = z.square(); 214| 765| z *= x; 215| 765| return z; 216| 765| } _ZN5Botan6PCurve14PCurveInstance9secp256k1Ev: 233| 1|std::shared_ptr PCurveInstance::secp256k1() { 234| 1| return PrimeOrderCurveImpl::instance(); 235| 1|} pcurves_secp256k1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 28| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp256k1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 30| 28.5k| constexpr static std::array redc(const std::array& z) { 31| 28.5k| return redc_crandall(std::span{z}); 32| 28.5k| } pcurves_secp256k1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 38| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp256k1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256k112Secp256k1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 34| 1| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp256k1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256k15Curve13scalar_invertERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS2_6ParamsENS2_12Secp256k1RepEE12ScalarParamsEEEEE: 140| 599| static constexpr Scalar scalar_invert(const Scalar& x) { 141| 599| auto z = x.square(); 142| 599| auto t2 = x * z; 143| 599| auto t6 = t2 * z; 144| 599| auto t5 = t6 * z; 145| 599| auto t0 = t5 * z; 146| 599| auto t3 = t0 * z; 147| 599| auto t1 = t3 * z; 148| 599| z = t1; 149| 599| z.square_n(2); 150| 599| z *= t3; 151| 599| auto t4 = z.square(); 152| 599| auto t7 = t4 * x; 153| 599| t4 = t7.square(); 154| 599| t4 *= x; 155| 599| auto t9 = t4; 156| 599| t9.square_n(3); 157| 599| auto t10 = t9; 158| 599| t10.square_n(2); 159| 599| auto t11 = t10.square(); 160| 599| auto t8 = t11.square(); 161| 599| auto t12 = t8; 162| 599| t12.square_n(7); 163| 599| t11 *= t12; 164| 599| t11.square_n(9); 165| 599| t8 *= t11; 166| 599| t11 = t8; 167| 599| t11.square_n(6); 168| 599| t10 *= t11; 169| 599| t10.square_n(26); 170| 599| t8 *= t10; 171| 599| t10 = t8; 172| 599| t10.square_n(4); 173| 599| t9 *= t10; 174| 599| t9.square_n(60); 175| 599| t8 *= t9; 176| 599| t7 *= t8; 177| 599| t7.square_n(5); 178| 599| t7 *= t3; 179| 599| t7.square_n(3); 180| 599| t7 *= t6; 181| 599| t7.square_n(4); 182| 599| t7 *= t6; 183| 599| t7.square_n(4); 184| 599| t7 *= t5; 185| 599| t7.square_n(5); 186| 599| t7 *= t1; 187| 599| t7.square_n(2); 188| 599| t7 *= t2; 189| 599| t7.square_n(5); 190| 599| t7 *= t5; 191| 599| t7.square_n(6); 192| 599| t7 *= t1; 193| 599| t7.square_n(5); 194| 599| t7 *= t3; 195| 599| t7.square_n(4); 196| 599| t7 *= t1; 197| 599| t7.square_n(3); 198| 599| t7 *= x; 199| 599| t7.square_n(6); 200| 599| t6 *= t7; 201| 599| t6.square_n(10); 202| 599| t6 *= t5; 203| 599| t6.square_n(4); 204| 599| t5 *= t6; 205| 599| t5.square_n(9); 206| 599| t4 *= t5; 207| 599| t4.square_n(5); 208| 599| t4 *= t0; 209| 599| t4.square_n(6); 210| 599| t3 *= t4; 211| 599| t3.square_n(4); 212| 599| t3 *= t1; 213| 599| t3.square_n(5); 214| 599| t2 *= t3; 215| 599| t2.square_n(6); 216| 599| t2 *= t1; 217| 599| t2.square_n(10); 218| 599| t1 *= t2; 219| 599| t1.square_n(4); 220| 599| t0 *= t1; 221| 599| t0.square_n(6); 222| 599| t0 *= x; 223| 599| t0.square_n(8); 224| 599| z *= t0; 225| 599| return z; 226| 599| } _ZN5Botan6PCurve14PCurveInstance9secp256r1Ev: 268| 1|std::shared_ptr PCurveInstance::secp256r1() { 269| 1| return PrimeOrderCurveImpl::instance(); 270| 1|} pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE3oneEv: 77| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 27| 29.3k| constexpr static std::array redc(const std::array& z) { 28| 29.3k| const int64_t X00 = get_uint32(z.data(), 0); 29| 29.3k| const int64_t X01 = get_uint32(z.data(), 1); 30| 29.3k| const int64_t X02 = get_uint32(z.data(), 2); 31| 29.3k| const int64_t X03 = get_uint32(z.data(), 3); 32| 29.3k| const int64_t X04 = get_uint32(z.data(), 4); 33| 29.3k| const int64_t X05 = get_uint32(z.data(), 5); 34| 29.3k| const int64_t X06 = get_uint32(z.data(), 6); 35| 29.3k| const int64_t X07 = get_uint32(z.data(), 7); 36| 29.3k| const int64_t X08 = get_uint32(z.data(), 8); 37| 29.3k| const int64_t X09 = get_uint32(z.data(), 9); 38| 29.3k| const int64_t X10 = get_uint32(z.data(), 10); 39| 29.3k| const int64_t X11 = get_uint32(z.data(), 11); 40| 29.3k| const int64_t X12 = get_uint32(z.data(), 12); 41| 29.3k| const int64_t X13 = get_uint32(z.data(), 13); 42| 29.3k| const int64_t X14 = get_uint32(z.data(), 14); 43| 29.3k| const int64_t X15 = get_uint32(z.data(), 15); 44| | 45| | // See SP 800-186 section G.1.2 46| 29.3k| const int64_t S0 = P256_4[0] + X00 + X08 + X09 - (X11 + X12 + X13 + X14); 47| 29.3k| const int64_t S1 = P256_4[1] + X01 + X09 + X10 - (X12 + X13 + X14 + X15); 48| 29.3k| const int64_t S2 = P256_4[2] + X02 + X10 + X11 - (X13 + X14 + X15); 49| 29.3k| const int64_t S3 = P256_4[3] + X03 + 2 * (X11 + X12) + X13 - (X15 + X08 + X09); 50| 29.3k| const int64_t S4 = P256_4[4] + X04 + 2 * (X12 + X13) + X14 - (X09 + X10); 51| 29.3k| const int64_t S5 = P256_4[5] + X05 + 2 * (X13 + X14) + X15 - (X10 + X11); 52| 29.3k| const int64_t S6 = P256_4[6] + X06 + X13 + X14 * 3 + X15 * 2 - (X08 + X09); 53| 29.3k| const int64_t S7 = P256_4[7] + X07 + X15 * 3 + X08 - (X10 + X11 + X12 + X13); 54| 29.3k| const int64_t S8 = P256_4[8]; 55| | 56| 29.3k| std::array r = {}; 57| | 58| 29.3k| SolinasAccum sum(r); 59| | 60| 29.3k| sum.accum(S0); 61| 29.3k| sum.accum(S1); 62| 29.3k| sum.accum(S2); 63| 29.3k| sum.accum(S3); 64| 29.3k| sum.accum(S4); 65| 29.3k| sum.accum(S5); 66| 29.3k| sum.accum(S6); 67| 29.3k| sum.accum(S7); 68| 29.3k| const auto S = sum.final_carry(S8); 69| | 70| 29.3k| BOTAN_DEBUG_ASSERT(S <= 8); ------------------ | | 130| 29.3k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 29.3k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 29.3k] | | ------------------ ------------------ 71| | 72| 29.3k| solinas_correct_redc(r, P, p256_mul_mod_256(S)); 73| | 74| 29.3k| return r; 75| 29.3k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE16p256_mul_mod_256Em: 89| 29.3k| constexpr static std::array p256_mul_mod_256(W i) { 90| 29.3k| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 91| | 92| | // For small i, multiples of P-256 have a simple structure so it's faster to 93| | // compute the value directly vs a (constant time) table lookup 94| | 95| 29.3k| auto r = P; 96| | if constexpr(WordInfo::bits == 32) { 97| | r[7] -= i; 98| | r[6] += i; 99| | r[3] += i; 100| | r[0] -= i; 101| 29.3k| } else { 102| 29.3k| const uint64_t i32 = static_cast(i) << 32; 103| 29.3k| r[3] -= i32; 104| 29.3k| r[3] += i; 105| 29.3k| r[1] += i32; 106| 29.3k| r[0] -= i; 107| 29.3k| } 108| 29.3k| return r; 109| 29.3k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 83| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 79| 1| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256r15Curve13scalar_invertERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS2_6ParamsENS1_12Secp256r1RepEE12ScalarParamsEEEEE: 189| 631| static constexpr Scalar scalar_invert(const Scalar& x) { 190| 631| auto t1 = x.square(); 191| 631| auto t5 = t1.square(); 192| 631| auto t2 = t5 * x; 193| 631| auto t10 = t2 * x; 194| 631| auto t3 = t2 * t5; 195| 631| auto z = t10 * t3; 196| 631| auto t9 = t3.square(); 197| 631| auto t4 = t10 * z; 198| 631| auto t0 = t10 * t9; 199| 631| auto t13 = t0 * t1; 200| 631| auto t8 = t13 * t4; 201| 631| t4 = t3 * t8; 202| 631| auto t7 = t2 * t4; 203| 631| t2 = t1 * t7; 204| 631| auto t6 = t7 * t9; 205| 631| t3 = t6 * t9; 206| 631| t1 *= t3; 207| 631| auto t12 = t3 * t9; 208| 631| t5 *= t12; 209| 631| auto t11 = t10 * t5; 210| 631| t0 *= t11; 211| 631| t9 *= t0; 212| 631| t10 *= t9; 213| 631| t4 *= t10; 214| 631| t13 *= t4; 215| 631| auto t14 = t13; 216| 631| t14.square_n(8); 217| 631| t13 *= t14; 218| 631| t14 = t13; 219| 631| t14.square_n(16); 220| 631| t14 *= t13; 221| 631| t14.square_n(48); 222| 631| t14 *= t13; 223| 631| t14.square_n(16); 224| 631| t14 *= t13; 225| 631| t14.square_n(16); 226| 631| t14 *= t13; 227| 631| t14.square_n(16); 228| 631| t13 *= t14; 229| 631| t13.square_n(6); 230| 631| t13 *= t8; 231| 631| t13.square_n(9); 232| 631| t12 *= t13; 233| 631| t12.square_n(8); 234| 631| t11 *= t12; 235| 631| t11.square_n(9); 236| 631| t10 *= t11; 237| 631| t10.square_n(8); 238| 631| t9 *= t10; 239| 631| t9.square_n(9); 240| 631| t8 *= t9; 241| 631| t8.square_n(8); 242| 631| t7 *= t8; 243| 631| t7.square_n(11); 244| 631| t6 *= t7; 245| 631| t6.square_n(9); 246| 631| t5 *= t6; 247| 631| t5.square_n(10); 248| 631| t4 *= t5; 249| 631| t4.square_n(8); 250| 631| t3 *= t4; 251| 631| t3.square_n(7); 252| 631| t2 *= t3; 253| 631| t2.square_n(10); 254| 631| t1 *= t2; 255| 631| t1.square_n(10); 256| 631| t0 *= t1; 257| 631| t0.square_n(6); 258| 631| z *= t0; 259| | 260| 631| return z; 261| 631| } _ZN5Botan6PCurve14PCurveInstance9secp384r1Ev: 343| 1|std::shared_ptr PCurveInstance::secp384r1() { 344| 1| return PrimeOrderCurveImpl::instance(); 345| 1|} pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE3oneEv: 88| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 23| 43.7k| constexpr static std::array redc(const std::array& z) { 24| 43.7k| const int64_t X00 = get_uint32(z.data(), 0); 25| 43.7k| const int64_t X01 = get_uint32(z.data(), 1); 26| 43.7k| const int64_t X02 = get_uint32(z.data(), 2); 27| 43.7k| const int64_t X03 = get_uint32(z.data(), 3); 28| 43.7k| const int64_t X04 = get_uint32(z.data(), 4); 29| 43.7k| const int64_t X05 = get_uint32(z.data(), 5); 30| 43.7k| const int64_t X06 = get_uint32(z.data(), 6); 31| 43.7k| const int64_t X07 = get_uint32(z.data(), 7); 32| 43.7k| const int64_t X08 = get_uint32(z.data(), 8); 33| 43.7k| const int64_t X09 = get_uint32(z.data(), 9); 34| 43.7k| const int64_t X10 = get_uint32(z.data(), 10); 35| 43.7k| const int64_t X11 = get_uint32(z.data(), 11); 36| 43.7k| const int64_t X12 = get_uint32(z.data(), 12); 37| 43.7k| const int64_t X13 = get_uint32(z.data(), 13); 38| 43.7k| const int64_t X14 = get_uint32(z.data(), 14); 39| 43.7k| const int64_t X15 = get_uint32(z.data(), 15); 40| 43.7k| const int64_t X16 = get_uint32(z.data(), 16); 41| 43.7k| const int64_t X17 = get_uint32(z.data(), 17); 42| 43.7k| const int64_t X18 = get_uint32(z.data(), 18); 43| 43.7k| const int64_t X19 = get_uint32(z.data(), 19); 44| 43.7k| const int64_t X20 = get_uint32(z.data(), 20); 45| 43.7k| const int64_t X21 = get_uint32(z.data(), 21); 46| 43.7k| const int64_t X22 = get_uint32(z.data(), 22); 47| 43.7k| const int64_t X23 = get_uint32(z.data(), 23); 48| | 49| | // One copy of P-384 is added to prevent underflow 50| 43.7k| const int64_t S0 = 0xFFFFFFFF + X00 + X12 + X20 + X21 - X23; 51| 43.7k| const int64_t S1 = 0x00000000 + X01 + X13 + X22 + X23 - X12 - X20; 52| 43.7k| const int64_t S2 = 0x00000000 + X02 + X14 + X23 - X13 - X21; 53| 43.7k| const int64_t S3 = 0xFFFFFFFF + X03 + X12 + X15 + X20 + X21 - X14 - X22 - X23; 54| 43.7k| const int64_t S4 = 0xFFFFFFFE + X04 + X12 + X13 + X16 + X20 + X21 * 2 + X22 - X15 - X23 * 2; 55| 43.7k| const int64_t S5 = 0xFFFFFFFF + X05 + X13 + X14 + X17 + X21 + X22 * 2 + X23 - X16; 56| 43.7k| const int64_t S6 = 0xFFFFFFFF + X06 + X14 + X15 + X18 + X22 + X23 * 2 - X17; 57| 43.7k| const int64_t S7 = 0xFFFFFFFF + X07 + X15 + X16 + X19 + X23 - X18; 58| 43.7k| const int64_t S8 = 0xFFFFFFFF + X08 + X16 + X17 + X20 - X19; 59| 43.7k| const int64_t S9 = 0xFFFFFFFF + X09 + X17 + X18 + X21 - X20; 60| 43.7k| const int64_t SA = 0xFFFFFFFF + X10 + X18 + X19 + X22 - X21; 61| 43.7k| const int64_t SB = 0xFFFFFFFF + X11 + X19 + X20 + X23 - X22; 62| | 63| 43.7k| std::array r = {}; 64| | 65| 43.7k| SolinasAccum sum(r); 66| | 67| 43.7k| sum.accum(S0); 68| 43.7k| sum.accum(S1); 69| 43.7k| sum.accum(S2); 70| 43.7k| sum.accum(S3); 71| 43.7k| sum.accum(S4); 72| 43.7k| sum.accum(S5); 73| 43.7k| sum.accum(S6); 74| 43.7k| sum.accum(S7); 75| 43.7k| sum.accum(S8); 76| 43.7k| sum.accum(S9); 77| 43.7k| sum.accum(SA); 78| 43.7k| sum.accum(SB); 79| 43.7k| const auto S = sum.final_carry(0); 80| | 81| 43.7k| BOTAN_DEBUG_ASSERT(S <= 4); ------------------ | | 130| 43.7k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 43.7k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 43.7k] | | ------------------ ------------------ 82| | 83| 43.7k| solinas_correct_redc(r, P, p384_mul_mod_384(S)); 84| | 85| 43.7k| return r; 86| 43.7k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE16p384_mul_mod_384Em: 100| 43.7k| constexpr static std::array p384_mul_mod_384(W i) { 101| 43.7k| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 102| | 103| | // For small i, multiples of P-384 have a simple structure so it's faster to 104| | // compute the value directly vs a (constant time) table lookup 105| | 106| 43.7k| auto r = P; 107| | if constexpr(WordInfo::bits == 32) { 108| | r[4] -= i; 109| | r[3] -= i; 110| | r[1] += i; 111| | r[0] -= i; 112| 43.7k| } else { 113| 43.7k| const uint64_t i32 = static_cast(i) << 32; 114| 43.7k| r[2] -= i; 115| 43.7k| r[1] -= i32; 116| 43.7k| r[0] += i32; 117| 43.7k| r[0] -= i; 118| 43.7k| } 119| 43.7k| return r; 120| 43.7k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 94| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 90| 1| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp384r15Curve13scalar_invertERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS2_6ParamsENS1_12Secp384r1RepEE12ScalarParamsEEEEE: 223| 584| static constexpr Scalar scalar_invert(const Scalar& x) { 224| | // Generated using https://github.com/mmcloughlin/addchain 225| | 226| 584| auto t3 = x.square(); 227| 584| auto t1 = x * t3; 228| 584| auto t0 = t3 * t1; 229| 584| auto t2 = t3 * t0; 230| 584| auto t4 = t3 * t2; 231| 584| auto z = t3 * t4; 232| 584| auto t5 = t3 * z; 233| 584| t3 *= t5; 234| 584| auto t6 = t3.square(); 235| 584| t6 *= x; 236| 584| auto t8 = t6; 237| 584| t8.square_n(2); 238| 584| auto t9 = t8.square(); 239| 584| auto t7 = t9.square(); 240| 584| auto t10 = t7; 241| 584| t10.square_n(5); 242| 584| t7 *= t10; 243| 584| t10 = t7; 244| 584| t10.square_n(10); 245| 584| t7 *= t10; 246| 584| t10 = t7; 247| 584| t10.square_n(4); 248| 584| t9 *= t10; 249| 584| t9.square_n(21); 250| 584| t7 *= t9; 251| 584| t9 = t7; 252| 584| t9.square_n(3); 253| 584| t8 *= t9; 254| 584| t8.square_n(47); 255| 584| t7 *= t8; 256| 584| t8 = t7; 257| 584| t8.square_n(95); 258| 584| t7 *= t8; 259| 584| t7 *= t3; 260| 584| t7.square_n(6); 261| 584| t7 *= t2; 262| 584| t7.square_n(3); 263| 584| t7 *= t1; 264| 584| t7.square_n(7); 265| 584| t7 *= t5; 266| 584| t7.square_n(6); 267| 584| t7 *= t5; 268| 584| t7 = t7.square(); 269| 584| t7 *= x; 270| 584| t7.square_n(11); 271| 584| t7 *= t6; 272| 584| t7.square_n(2); 273| 584| t7 *= x; 274| 584| t7.square_n(8); 275| 584| t7 *= t5; 276| 584| t7.square_n(2); 277| 584| t7 *= t1; 278| 584| t7.square_n(6); 279| 584| t7 *= z; 280| 584| t7.square_n(4); 281| 584| t7 *= t2; 282| 584| t7.square_n(6); 283| 584| t6 *= t7; 284| 584| t6.square_n(5); 285| 584| t6 *= z; 286| 584| t6.square_n(10); 287| 584| t6 *= t5; 288| 584| t6.square_n(9); 289| 584| t5 *= t6; 290| 584| t5.square_n(4); 291| 584| t5 *= z; 292| 584| t5.square_n(6); 293| 584| t4 *= t5; 294| 584| t4.square_n(3); 295| 584| t4 *= x; 296| 584| t4.square_n(7); 297| 584| t4 *= z; 298| 584| t4.square_n(7); 299| 584| t4 *= t0; 300| 584| t4.square_n(5); 301| 584| t4 *= t2; 302| 584| t4.square_n(5); 303| 584| t3 *= t4; 304| 584| t3.square_n(5); 305| 584| t3 *= z; 306| 584| t3.square_n(4); 307| 584| t3 *= z; 308| 584| t3.square_n(5); 309| 584| t2 *= t3; 310| 584| t2.square_n(3); 311| 584| t2 *= t1; 312| 584| t2.square_n(7); 313| 584| t2 *= t1; 314| 584| t2.square_n(6); 315| 584| t2 *= z; 316| 584| t2.square_n(4); 317| 584| t2 *= t0; 318| 584| t2.square_n(3); 319| 584| t2 *= t1; 320| 584| t2.square_n(4); 321| 584| t2 *= t1; 322| 584| t2.square_n(4); 323| 584| t1 *= t2; 324| 584| t1.square_n(6); 325| 584| t1 *= t0; 326| 584| t1.square_n(5); 327| 584| t0 *= t1; 328| 584| t0.square_n(6); 329| 584| z *= t0; 330| 584| z = z.square(); 331| 584| z *= x; 332| 584| z.square_n(4); 333| 584| z *= x; 334| | 335| 584| return z; 336| 584| } _ZN5Botan6PCurve14PCurveInstance9secp521r1Ev: 291| 1|std::shared_ptr PCurveInstance::secp521r1() { 292| 1| return PrimeOrderCurveImpl::instance(); 293| 1|} pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 24| 1| constexpr static std::array one() { return std::array{1}; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEE: 26| 58.1k| constexpr static std::array redc(const std::array& z) { 27| | // Regardless of word size (32 or 64) the top word is 9 bits long 28| 58.1k| constexpr W TOP_BITS = static_cast(0x1FF); 29| | // The 23 or 55 bits that should be cleared in the top word 30| 58.1k| constexpr W CLEARED_TOP_BITS = WordInfo::max ^ TOP_BITS; 31| | 32| | /* 33| | * Extract the high part of z (z >> 521) 34| | */ 35| 58.1k| std::array t; // NOLINT(*-member-init) 36| | 37| 581k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (37:28): [True: 523k, False: 58.1k] ------------------ 38| 523k| t[i] = z[(N - 1) + i] >> 9; 39| 523k| } 40| | 41| 523k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (41:28): [True: 465k, False: 58.1k] ------------------ 42| 465k| t[i] |= z[(N - 1) + i + 1] << (WordInfo::bits - 9); 43| 465k| } 44| | 45| | // Now t += z & (2**521-1) 46| 58.1k| W carry = 0; 47| 523k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (47:28): [True: 465k, False: 58.1k] ------------------ 48| 465k| t[i] = word_add(t[i], z[i], &carry); 49| 465k| } 50| | 51| | // Now add the (partial) top words; this can't carry out 52| | // since both inputs are at most 2**9-1 53| 58.1k| t[N - 1] += (z[N - 1] & TOP_BITS) + carry; 54| | 55| | /* 56| | Since the modulus P is exactly 2**521 - 1 the only way the computed 57| | result can be larger than P is if the top word is larger than TOP_BITS 58| | 59| | Since TOP_BITS has the low 9 bits set, we can check if t[N - 1] > TOP_BITS 60| | by checking if t[N - 1] >> 9 has any bits set. Doing it this way is 61| | faster than a standard comparison since CT::Mask::is_gt requires 62| | several bit operations. 63| | */ 64| | 65| 58.1k| const W is_over_p521 = ~CT::Mask::is_zero(t[N - 1] >> 9).value(); 66| | 67| | /* 68| | * Also must detect/handle x == P 69| | */ 70| 58.1k| const W is_eq_p521 = [&]() { 71| 58.1k| W sum = WordInfo::max; 72| 58.1k| for(size_t i = 0; i != N - 1; ++i) { 73| 58.1k| sum &= t[i]; 74| 58.1k| } 75| 58.1k| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 58.1k| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 58.1k| }(); 79| | 80| 58.1k| const W need_sub = is_over_p521 | is_eq_p521; 81| | 82| 58.1k| W borrow = 0; 83| 523k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (83:28): [True: 465k, False: 58.1k] ------------------ 84| 465k| t[i] = word_sub(t[i], need_sub & WordInfo::max, &borrow); 85| 465k| } 86| 58.1k| t[N - 1] = word_sub(t[N - 1], need_sub & TOP_BITS, &borrow); 87| | 88| 58.1k| return t; 89| 58.1k| } pcurves_secp521r1.cpp:_ZZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEEENKUlvE_clEv: 70| 58.1k| const W is_eq_p521 = [&]() { 71| 58.1k| W sum = WordInfo::max; 72| 523k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (72:31): [True: 465k, False: 58.1k] ------------------ 73| 465k| sum &= t[i]; 74| 465k| } 75| 58.1k| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 58.1k| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 58.1k| }(); pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm9EEE: 95| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm9EEE: 91| 1| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r15Curve13scalar_invertERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS2_6ParamsENS2_7P521RepEE12ScalarParamsEEEEE: 161| 552| static constexpr Scalar scalar_invert(const Scalar& x) { 162| | // Generated using https://github.com/mmcloughlin/addchain 163| | 164| 552| auto t2 = x.square(); 165| 552| auto t13 = t2 * x; 166| 552| auto t4 = t13 * x; 167| 552| auto z = t13 * t4; 168| 552| auto t5 = x * z; 169| 552| auto t16 = t13 * t5; 170| 552| auto t10 = t16 * t2; 171| 552| auto t18 = t10 * t2; 172| 552| auto t1 = t18 * t2; 173| 552| auto t12 = t1 * t2; 174| 552| auto t15 = t12 * t4; 175| 552| auto t0 = t15 * t2; 176| 552| auto t3 = t0 * t2; 177| 552| auto t6 = t2 * t3; 178| 552| auto t11 = t5 * t6; 179| 552| auto t14 = t11 * t4; 180| 552| auto t9 = t14 * t4; 181| 552| auto t17 = t2 * t9; 182| 552| auto t7 = t17 * t4; 183| 552| t4 *= t7; 184| 552| auto t8 = t2 * t4; 185| 552| t5 = t2 * t8; 186| 552| t2 *= t5; 187| 552| auto t19 = t2; 188| 552| t19.square_n(3); 189| 552| t15 *= t19; 190| 552| t19 = t15.square(); 191| 552| auto t20 = t19; 192| 552| t20.square_n(8); 193| 552| t20 *= t15; 194| 552| t20.square_n(10); 195| 552| t19 *= t20; 196| 552| t20 = t19; 197| 552| t20.square_n(8); 198| 552| t20 *= t15; 199| 552| t20.square_n(28); 200| 552| t19 *= t20; 201| 552| t20 = t19; 202| 552| t20.square_n(63); 203| 552| t19 *= t20; 204| 552| t20 = t19; 205| 552| t20.square_n(8); 206| 552| t20 *= t15; 207| 552| t20.square_n(127); 208| 552| t19 *= t20; 209| 552| t19 *= x; 210| 552| t19.square_n(7); 211| 552| t19 *= t11; 212| 552| t19.square_n(5); 213| 552| t19 *= t13; 214| 552| t19.square_n(8); 215| 552| t19 *= t10; 216| 552| t19.square_n(8); 217| 552| t19 *= t18; 218| 552| t19.square_n(11); 219| 552| t19 *= t5; 220| 552| t19.square_n(4); 221| 552| t18 *= t19; 222| 552| t18.square_n(8); 223| 552| t17 *= t18; 224| 552| t17.square_n(6); 225| 552| t17 *= t11; 226| 552| t17.square_n(5); 227| 552| t17 *= t12; 228| 552| t17.square_n(5); 229| 552| t16 *= t17; 230| 552| t16.square_n(10); 231| 552| t15 *= t16; 232| 552| t15.square_n(4); 233| 552| t15 *= t13; 234| 552| t15.square_n(15); 235| 552| t14 *= t15; 236| 552| t14.square_n(9); 237| 552| t14 *= t2; 238| 552| t14.square_n(2); 239| 552| t13 *= t14; 240| 552| t13.square_n(9); 241| 552| t12 *= t13; 242| 552| t12.square_n(7); 243| 552| t11 *= t12; 244| 552| t11.square_n(4); 245| 552| t10 *= t11; 246| 552| t10.square_n(12); 247| 552| t10 *= t5; 248| 552| t10.square_n(6); 249| 552| t9 *= t10; 250| 552| t9.square_n(7); 251| 552| t8 *= t9; 252| 552| t8.square_n(8); 253| 552| t8 *= t4; 254| 552| t8.square_n(8); 255| 552| t8 *= t1; 256| 552| t8.square_n(8); 257| 552| t7 *= t8; 258| 552| t7.square_n(5); 259| 552| t7 *= t1; 260| 552| t7.square_n(9); 261| 552| t7 *= t2; 262| 552| t7.square_n(6); 263| 552| t6 *= t7; 264| 552| t6.square_n(7); 265| 552| t5 *= t6; 266| 552| t5.square_n(7); 267| 552| t4 *= t5; 268| 552| t4.square_n(5); 269| 552| t3 *= t4; 270| 552| t3.square_n(4); 271| 552| t3 *= z; 272| 552| t3.square_n(9); 273| 552| t2 *= t3; 274| 552| t2.square_n(7); 275| 552| t1 *= t2; 276| 552| t1.square_n(5); 277| 552| t1 *= z; 278| 552| t1.square_n(9); 279| 552| t0 *= t1; 280| 552| t0.square_n(10); 281| 552| z *= t0; 282| | 283| 552| return z; 284| 552| } _ZN5Botan6PCurve14PCurveInstance9sm2p256v1Ev: 199| 1|std::shared_ptr PCurveInstance::sm2p256v1() { 200| 1| return PrimeOrderCurveImpl::instance(); 201| 1|} pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 71| 1| constexpr static std::array one() { return std::array{1}; } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 25| 29.3k| constexpr static std::array redc(const std::array& z) { 26| 29.3k| const int64_t X00 = get_uint32(z.data(), 0); 27| 29.3k| const int64_t X01 = get_uint32(z.data(), 1); 28| 29.3k| const int64_t X02 = get_uint32(z.data(), 2); 29| 29.3k| const int64_t X03 = get_uint32(z.data(), 3); 30| 29.3k| const int64_t X04 = get_uint32(z.data(), 4); 31| 29.3k| const int64_t X05 = get_uint32(z.data(), 5); 32| 29.3k| const int64_t X06 = get_uint32(z.data(), 6); 33| 29.3k| const int64_t X07 = get_uint32(z.data(), 7); 34| 29.3k| const int64_t X08 = get_uint32(z.data(), 8); 35| 29.3k| const int64_t X09 = get_uint32(z.data(), 9); 36| 29.3k| const int64_t X10 = get_uint32(z.data(), 10); 37| 29.3k| const int64_t X11 = get_uint32(z.data(), 11); 38| 29.3k| const int64_t X12 = get_uint32(z.data(), 12); 39| 29.3k| const int64_t X13 = get_uint32(z.data(), 13); 40| 29.3k| const int64_t X14 = get_uint32(z.data(), 14); 41| 29.3k| const int64_t X15 = get_uint32(z.data(), 15); 42| | 43| 29.3k| const int64_t S0 = X00 + X08 + X09 + X10 + X11 + X12 + 2 * (X13 + X14 + X15); 44| 29.3k| const int64_t S1 = X01 + X09 + X10 + X11 + X12 + X13 + 2 * (X14 + X15); 45| 29.3k| const int64_t S2 = X02 - (X08 + X09 + X13 + X14); 46| 29.3k| const int64_t S3 = X03 + X08 + X11 + X12 + 2 * X13 + X14 + X15; 47| 29.3k| const int64_t S4 = X04 + X09 + X12 + X13 + 2 * X14 + X15; 48| 29.3k| const int64_t S5 = X05 + X10 + X13 + X14 + 2 * X15; 49| 29.3k| const int64_t S6 = X06 + X11 + X14 + X15; 50| 29.3k| const int64_t S7 = X07 + X08 + X09 + X10 + X11 + 2 * (X12 + X13 + X14 + X15) + X15; 51| | 52| 29.3k| std::array r = {}; 53| | 54| 29.3k| SolinasAccum sum(r); 55| | 56| 29.3k| sum.accum(S0); 57| 29.3k| sum.accum(S1); 58| 29.3k| sum.accum(S2); 59| 29.3k| sum.accum(S3); 60| 29.3k| sum.accum(S4); 61| 29.3k| sum.accum(S5); 62| 29.3k| sum.accum(S6); 63| 29.3k| sum.accum(S7); 64| 29.3k| const auto S = sum.final_carry(0); 65| | 66| 29.3k| solinas_correct_redc(r, P, sm2_mul_mod_256(S)); 67| | 68| 29.3k| return r; 69| 29.3k| } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE15sm2_mul_mod_256Em: 83| 29.3k| constexpr static std::array sm2_mul_mod_256(W i) { 84| 29.3k| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 85| | 86| | // For small i, multiples of P have a simple structure so it's faster to 87| | // compute the value directly vs a (constant time) table lookup 88| | 89| 29.3k| auto r = P; 90| | if constexpr(WordInfo::bits == 32) { 91| | r[7] -= i; 92| | r[3] -= i; 93| | r[2] += i; 94| | r[0] -= i; 95| 29.3k| } else { 96| 29.3k| const uint64_t i32 = static_cast(i) << 32; 97| 29.3k| r[3] -= i32; 98| 29.3k| r[1] -= i32; 99| 29.3k| r[1] += i; 100| 29.3k| r[0] -= i; 101| 29.3k| } 102| 29.3k| return r; 103| 29.3k| } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 77| 1| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_sm2p256v1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19sm2p256v112Sm2p256v1RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 73| 1| constexpr static std::array to_rep(const std::array& x) { return x; } _ZN5Botan8EC_Group13ec_group_dataEv: 231| 12|EC_Group_Data_Map& EC_Group::ec_group_data() { 232| | /* 233| | * This exists purely to ensure the allocator is constructed before g_ec_data, 234| | * which ensures that its destructor runs after ~g_ec_data is complete. 235| | */ 236| | 237| 12| static const Allocator_Initializer g_init_allocator; 238| 12| static EC_Group_Data_Map g_ec_data; 239| 12| return g_ec_data; 240| 12|} _ZN5Botan8EC_Group18load_EC_group_infoEPKcS2_S2_S2_S2_S2_RKNS_3OIDE: 254| 12| const OID& oid) { 255| 12| BOTAN_ARG_CHECK(oid.has_value(), "EC_Group::load_EC_group_info OID must be set"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 256| | 257| 12| const BigInt p(p_str); 258| 12| const BigInt a(a_str); 259| 12| const BigInt b(b_str); 260| 12| const BigInt g_x(g_x_str); 261| 12| const BigInt g_y(g_y_str); 262| 12| const BigInt order(order_str); 263| 12| const BigInt cofactor(1); // implicit 264| | 265| 12| return EC_Group_Data::create(p, a, b, g_x, g_y, order, cofactor, oid, EC_Group_Source::Builtin); 266| 12|} _ZN5Botan8EC_GroupD2Ev: 412| 12|EC_Group::~EC_Group() = default; _ZN5Botan8EC_GroupC2EONSt3__110shared_ptrINS_13EC_Group_DataEEE: 419| 12|EC_Group::EC_Group(std::shared_ptr&& data) : m_data(std::move(data)) {} _ZN5Botan8EC_Group9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 478| 12|EC_Group EC_Group::from_name(std::string_view name) { 479| 12| std::shared_ptr data; 480| | 481| 12| if(auto oid = OID::from_name(name)) { ------------------ | Branch (481:12): [True: 12, False: 0] ------------------ 482| 12| data = ec_group_data().lookup(oid.value()); 483| 12| } 484| | 485| 12| if(!data) { ------------------ | Branch (485:7): [True: 0, False: 12] ------------------ 486| 0| throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name)); 487| 0| } 488| | 489| 12| return EC_Group(std::move(data)); 490| 12|} _ZNK5Botan8EC_Group4dataEv: 647| 2.62k|const EC_Group_Data& EC_Group::data() const { 648| 2.62k| if(m_data == nullptr) { ------------------ | Branch (648:7): [True: 0, False: 2.62k] ------------------ 649| 0| throw Invalid_State("EC_Group uninitialized"); 650| 0| } 651| 2.62k| return *m_data; 652| 2.62k|} _ZNK5Botan8EC_Group15get_order_bytesEv: 666| 2.62k|size_t EC_Group::get_order_bytes() const { 667| 2.62k| return data().order_bytes(); 668| 2.62k|} _ZN5Botan17EC_Group_Data_Map6lookupERKNS_3OIDE: 54| 12| std::shared_ptr lookup(const OID& oid) { 55| 12| const lock_guard_type lock(m_mutex); 56| | 57| 66| for(auto i : m_registered_curves) { ------------------ | Branch (57:21): [True: 66, False: 12] ------------------ 58| 66| if(i->oid() == oid) { ------------------ | Branch (58:16): [True: 0, False: 66] ------------------ 59| 0| return i; 60| 0| } 61| 66| } 62| | 63| | // Not found, check hardcoded data 64| 12| std::shared_ptr data = EC_Group::EC_group_info(oid); 65| | 66| 12| if(data) { ------------------ | Branch (66:13): [True: 12, False: 0] ------------------ 67| | // The requested OID may be an alias for a curve whose canonical OID differs 68| | // TODO(Botan4) remove this once we require exactly one canonical OID per curve 69| 12| if(data->oid() != oid) { ------------------ | Branch (69:16): [True: 0, False: 12] ------------------ 70| 0| for(const auto& i : m_registered_curves) { ------------------ | Branch (70:34): [True: 0, False: 0] ------------------ 71| 0| if(i->oid() == data->oid()) { ------------------ | Branch (71:22): [True: 0, False: 0] ------------------ 72| 0| return i; 73| 0| } 74| 0| } 75| 0| } 76| | 77| 12| m_registered_curves.push_back(data); 78| 12| return data; 79| 12| } 80| | 81| | // Nope, unknown curve 82| 0| return std::shared_ptr(); 83| 12| } _ZN5Botan13EC_Group_DataD2Ev: 27| 12|EC_Group_Data::~EC_Group_Data() = default; _ZN5Botan13EC_Group_DataC2ERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 39| 12| m_p(p), 40| 12| m_a(a), 41| 12| m_b(b), 42| 12| m_g_x(g_x), 43| 12| m_g_y(g_y), 44| 12| m_order(order), 45| 12| m_cofactor(cofactor), 46| |#if defined(BOTAN_HAS_LEGACY_EC_POINT) 47| 12| m_mod_field(Barrett_Reduction::for_public_modulus(p)), 48| 12| m_mod_order(Barrett_Reduction::for_public_modulus(order)), 49| 12| m_monty(m_p, m_mod_field), 50| |#endif 51| 12| m_oid(oid), 52| 12| m_p_words(p.sig_words()), 53| 12| m_p_bits(p.bits()), 54| 12| m_order_bits(order.bits()), 55| 12| m_order_bytes((m_order_bits + 7) / 8), 56| 12| m_a_is_minus_3(a == p - 3), 57| 12| m_a_is_zero(a.is_zero()), 58| 12| m_has_cofactor(m_cofactor != 1), 59| 12| m_order_is_less_than_p(m_order < p), 60| 12| m_source(source) { 61| | // Verify the generator (x, y) satisfies y^2 = x^3 + a*x + b (mod p) 62| 12| auto mod_p = Barrett_Reduction::for_public_modulus(p); 63| 12| const BigInt y2 = mod_p.square(g_y); 64| 12| const BigInt x3_ax_b = mod_p.reduce(mod_p.cube(g_x) + mod_p.multiply(a, g_x) + b); 65| 12| if(y2 != x3_ax_b) { ------------------ | Branch (65:7): [True: 0, False: 12] ------------------ 66| 0| throw Invalid_Argument("EC_Group generator is not on the curve"); 67| 0| } 68| | 69| | // TODO(Botan4) we can assume/assert the OID is set 70| 12| if(!m_oid.empty()) { ------------------ | Branch (70:7): [True: 12, False: 0] ------------------ 71| 12| DER_Encoder der(m_der_named_curve); 72| 12| der.encode(m_oid); 73| | 74| 12| const std::string name = m_oid.human_name_or_empty(); 75| 12| if(!name.empty()) { ------------------ | Branch (75:10): [True: 12, False: 0] ------------------ 76| | // returns nullptr if unknown or not supported 77| 12| m_pcurve = PCurve::PrimeOrderCurve::for_named_curve(name); 78| 12| } 79| 12| if(m_pcurve) { ------------------ | Branch (79:10): [True: 12, False: 0] ------------------ 80| 12| m_engine = EC_Group_Engine::Optimized; 81| 12| } 82| 12| } 83| | 84| | // Try a generic pcurves instance 85| 12| if(!m_pcurve && !m_has_cofactor) { ------------------ | Branch (85:7): [True: 0, False: 12] | Branch (85:20): [True: 0, False: 0] ------------------ 86| 0| m_pcurve = PCurve::PrimeOrderCurve::from_params(p, a, b, g_x, g_y, order); 87| 0| if(m_pcurve) { ------------------ | Branch (87:10): [True: 0, False: 0] ------------------ 88| 0| m_engine = EC_Group_Engine::Generic; 89| 0| } 90| | // possibly still null here, if parameters unsuitable or if the 91| | // pcurves_generic module wasn't included in the build 92| 0| } 93| | 94| 12|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 95| 12| secure_vector ws; 96| 12| m_a_r = m_monty.mul(a, m_monty.R2(), ws); 97| 12| m_b_r = m_monty.mul(b, m_monty.R2(), ws); 98| 12| if(!m_pcurve) { ------------------ | Branch (98:7): [True: 0, False: 12] ------------------ 99| 0| m_engine = EC_Group_Engine::Legacy; 100| 0| } 101| |#else 102| | if(!m_pcurve) { 103| | if(m_oid.empty()) { 104| | throw Not_Implemented("EC_Group this group is not supported in this build configuration"); 105| | } else { 106| | throw Not_Implemented( 107| | fmt("EC_Group the group {} is not supported in this build configuration", oid.to_string())); 108| | } 109| | } 110| |#endif 111| 12|} _ZN5Botan13EC_Group_Data6createERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 121| 12| EC_Group_Source source) { 122| 12| auto group = std::make_shared(p, a, b, g_x, g_y, order, cofactor, oid, source); 123| | 124| 12|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 125| 12| group->m_curve = CurveGFp(group.get()); 126| 12| group->m_base_point = EC_Point(group->m_curve, g_x, g_y); 127| 12| if(!group->m_pcurve) { ------------------ | Branch (127:7): [True: 0, False: 12] ------------------ 128| 0| group->m_base_mult = std::make_unique(group->m_base_point, group->m_mod_order); 129| 0| } 130| 12|#endif 131| | 132| 12| return group; 133| 12|} _ZNK5Botan13EC_Group_Data27scalar_from_bytes_mod_orderENSt3__14spanIKhLm18446744073709551615EEE: 273| 5.13k|std::unique_ptr EC_Group_Data::scalar_from_bytes_mod_order(std::span bytes) const { 274| 5.13k| if(bytes.size() > 2 * order_bytes()) { ------------------ | Branch (274:7): [True: 0, False: 5.13k] ------------------ 275| 0| return {}; 276| 0| } 277| | 278| 5.13k| if(m_pcurve) { ------------------ | Branch (278:7): [True: 5.13k, False: 0] ------------------ 279| 5.13k| if(auto s = m_pcurve->scalar_from_wide_bytes(bytes)) { ------------------ | Branch (279:15): [True: 5.13k, False: 0] ------------------ 280| 5.13k| return std::make_unique(shared_from_this(), std::move(*s)); 281| 5.13k| } else { 282| 0| return {}; 283| 0| } 284| 5.13k| } else { 285| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 286| 0| return std::make_unique(shared_from_this(), m_mod_order.reduce(BigInt(bytes))); 287| |#else 288| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 289| |#endif 290| 0| } 291| 5.13k|} _ZNK5Botan13EC_Group_Data10scalar_oneEv: 306| 2.56k|std::unique_ptr EC_Group_Data::scalar_one() const { 307| 2.56k| if(m_pcurve) { ------------------ | Branch (307:7): [True: 2.56k, False: 0] ------------------ 308| 2.56k| return std::make_unique(shared_from_this(), m_pcurve->scalar_one()); 309| 2.56k| } else { 310| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 311| 0| return std::make_unique(shared_from_this(), BigInt::one()); 312| |#else 313| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 314| |#endif 315| 0| } 316| 2.56k|} _ZNK5Botan13EC_Group_Data18scalar_deserializeENSt3__14spanIKhLm18446744073709551615EEE: 358| 4.93k|std::unique_ptr EC_Group_Data::scalar_deserialize(std::span bytes) const { 359| 4.93k| if(bytes.size() != m_order_bytes) { ------------------ | Branch (359:7): [True: 0, False: 4.93k] ------------------ 360| 0| return nullptr; 361| 0| } 362| | 363| 4.93k| if(m_pcurve) { ------------------ | Branch (363:7): [True: 4.93k, False: 0] ------------------ 364| 4.93k| if(auto s = m_pcurve->deserialize_scalar(bytes)) { ------------------ | Branch (364:15): [True: 4.93k, False: 0] ------------------ 365| 4.93k| return std::make_unique(shared_from_this(), *s); 366| 4.93k| } else { 367| 0| return nullptr; 368| 0| } 369| 4.93k| } else { 370| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 371| 0| BigInt r(bytes); 372| | 373| 0| if(r.is_zero() || r >= m_order) { ------------------ | Branch (373:10): [True: 0, False: 0] | Branch (373:25): [True: 0, False: 0] ------------------ 374| 0| return nullptr; 375| 0| } 376| | 377| 0| return std::make_unique(shared_from_this(), std::move(r)); 378| |#else 379| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 380| |#endif 381| 0| } 382| 4.93k|} _ZN5Botan17EC_Scalar_Data_PC11checked_refERKNS_14EC_Scalar_DataE: 14| 68.4k|const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) { 15| 68.4k| const auto* p = dynamic_cast(&data); 16| 68.4k| if(p == nullptr) { ------------------ | Branch (16:7): [True: 0, False: 68.4k] ------------------ 17| 0| throw Invalid_State("Failed conversion to EC_Scalar_Data_PC"); 18| 0| } 19| 68.4k| return *p; 20| 68.4k|} _ZNK5Botan17EC_Scalar_Data_PC5groupEv: 22| 86.3k|const std::shared_ptr& EC_Scalar_Data_PC::group() const { 23| 86.3k| return m_group; 24| 86.3k|} _ZNK5Botan17EC_Scalar_Data_PC5cloneEv: 30| 2.56k|std::unique_ptr EC_Scalar_Data_PC::clone() const { 31| 2.56k| return std::make_unique(this->group(), this->value()); 32| 2.56k|} _ZNK5Botan17EC_Scalar_Data_PC7is_zeroEv: 34| 15.3k|bool EC_Scalar_Data_PC::is_zero() const { 35| 15.3k| const auto& pcurve = this->group()->pcurve(); 36| 15.3k| return pcurve.scalar_is_zero(m_v); 37| 15.3k|} _ZNK5Botan17EC_Scalar_Data_PC5is_eqERKNS_14EC_Scalar_DataE: 39| 30.1k|bool EC_Scalar_Data_PC::is_eq(const EC_Scalar_Data& other) const { 40| 30.1k| const auto& pcurve = group()->pcurve(); 41| 30.1k| return pcurve.scalar_equal(m_v, checked_ref(other).m_v); 42| 30.1k|} _ZN5Botan17EC_Scalar_Data_PC11square_selfEv: 52| 2.56k|void EC_Scalar_Data_PC::square_self() { 53| | // TODO square in place 54| 2.56k| m_v = m_group->pcurve().scalar_square(m_v); 55| 2.56k|} _ZNK5Botan17EC_Scalar_Data_PC6negateEv: 57| 2.56k|std::unique_ptr EC_Scalar_Data_PC::negate() const { 58| 2.56k| return std::make_unique(m_group, m_group->pcurve().scalar_negate(m_v)); 59| 2.56k|} _ZNK5Botan17EC_Scalar_Data_PC6invertEv: 61| 7.42k|std::unique_ptr EC_Scalar_Data_PC::invert() const { 62| 7.42k| return std::make_unique(m_group, m_group->pcurve().scalar_invert(m_v)); 63| 7.42k|} _ZNK5Botan17EC_Scalar_Data_PC14invert_vartimeEv: 65| 4.93k|std::unique_ptr EC_Scalar_Data_PC::invert_vartime() const { 66| 4.93k| return std::make_unique(m_group, m_group->pcurve().scalar_invert_vartime(m_v)); 67| 4.93k|} _ZNK5Botan17EC_Scalar_Data_PC3addERKNS_14EC_Scalar_DataE: 69| 12.8k|std::unique_ptr EC_Scalar_Data_PC::add(const EC_Scalar_Data& other) const { 70| 12.8k| return std::make_unique(m_group, group()->pcurve().scalar_add(m_v, checked_ref(other).m_v)); 71| 12.8k|} _ZNK5Botan17EC_Scalar_Data_PC3subERKNS_14EC_Scalar_DataE: 73| 2.56k|std::unique_ptr EC_Scalar_Data_PC::sub(const EC_Scalar_Data& other) const { 74| 2.56k| return std::make_unique(m_group, group()->pcurve().scalar_sub(m_v, checked_ref(other).m_v)); 75| 2.56k|} _ZNK5Botan17EC_Scalar_Data_PC3mulERKNS_14EC_Scalar_DataE: 77| 22.8k|std::unique_ptr EC_Scalar_Data_PC::mul(const EC_Scalar_Data& other) const { 78| 22.8k| return std::make_unique(m_group, group()->pcurve().scalar_mul(m_v, checked_ref(other).m_v)); 79| 22.8k|} _ZNK5Botan17EC_Scalar_Data_PC12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 81| 4.93k|void EC_Scalar_Data_PC::serialize_to(std::span bytes) const { 82| 4.93k| BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length"); ------------------ | | 35| 4.93k| do { \ | | 36| 4.93k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 4.93k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 4.93k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 4.93k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 4.93k] | | ------------------ ------------------ 83| 4.93k| m_group->pcurve().serialize_scalar(bytes, m_v); 84| 4.93k|} _ZN5Botan8EC_Group13EC_group_infoERKNS_3OIDE: 16| 12|std::shared_ptr EC_Group::EC_group_info(const OID& oid) { 17| | // secp256r1 18| 12| if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) { ------------------ | Branch (18:7): [True: 1, False: 11] ------------------ 19| 1| return load_EC_group_info( 20| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 21| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 22| 1| "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 23| 1| "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 24| 1| "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 25| 1| "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 26| 1| oid); 27| 1| } 28| | 29| | // secp384r1 30| 11| if(oid == OID{1, 3, 132, 0, 34}) { ------------------ | Branch (30:7): [True: 1, False: 10] ------------------ 31| 1| return load_EC_group_info( 32| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", 33| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", 34| 1| "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", 35| 1| "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", 36| 1| "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", 37| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", 38| 1| oid); 39| 1| } 40| | 41| | // secp521r1 42| 10| if(oid == OID{1, 3, 132, 0, 35}) { ------------------ | Branch (42:7): [True: 1, False: 9] ------------------ 43| 1| return load_EC_group_info( 44| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 45| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 46| 1| "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 47| 1| "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", 48| 1| "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", 49| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 50| 1| oid); 51| 1| } 52| | 53| | // brainpool160r1 54| 9| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) { ------------------ | Branch (54:7): [True: 0, False: 9] ------------------ 55| 0| return load_EC_group_info( 56| 0| "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F", 57| 0| "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 58| 0| "0x1E589A8595423412134FAA2DBDEC95C8D8675E58", 59| 0| "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", 60| 0| "0x1667CB477A1A8EC338F94741669C976316DA6321", 61| 0| "0xE95E4A5F737059DC60DF5991D45029409E60FC09", 62| 0| oid); 63| 0| } 64| | 65| | // brainpool192r1 66| 9| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) { ------------------ | Branch (66:7): [True: 0, False: 9] ------------------ 67| 0| return load_EC_group_info( 68| 0| "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 69| 0| "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 70| 0| "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 71| 0| "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", 72| 0| "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", 73| 0| "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 74| 0| oid); 75| 0| } 76| | 77| | // brainpool224r1 78| 9| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) { ------------------ | Branch (78:7): [True: 0, False: 9] ------------------ 79| 0| return load_EC_group_info( 80| 0| "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 81| 0| "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 82| 0| "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 83| 0| "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", 84| 0| "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", 85| 0| "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 86| 0| oid); 87| 0| } 88| | 89| | // brainpool256r1 90| 9| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) { ------------------ | Branch (90:7): [True: 1, False: 8] ------------------ 91| 1| return load_EC_group_info( 92| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 93| 1| "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 94| 1| "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 95| 1| "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 96| 1| "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 97| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 98| 1| oid); 99| 1| } 100| | 101| | // brainpool320r1 102| 8| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) { ------------------ | Branch (102:7): [True: 0, False: 8] ------------------ 103| 0| return load_EC_group_info( 104| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 105| 0| "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 106| 0| "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 107| 0| "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", 108| 0| "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", 109| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 110| 0| oid); 111| 0| } 112| | 113| | // brainpool384r1 114| 8| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) { ------------------ | Branch (114:7): [True: 1, False: 7] ------------------ 115| 1| return load_EC_group_info( 116| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 117| 1| "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 118| 1| "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 119| 1| "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 120| 1| "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 121| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 122| 1| oid); 123| 1| } 124| | 125| | // brainpool512r1 126| 7| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) { ------------------ | Branch (126:7): [True: 1, False: 6] ------------------ 127| 1| return load_EC_group_info( 128| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 129| 1| "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 130| 1| "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 131| 1| "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 132| 1| "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 133| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 134| 1| oid); 135| 1| } 136| | 137| | // frp256v1 138| 6| if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) { ------------------ | Branch (138:7): [True: 1, False: 5] ------------------ 139| 1| return load_EC_group_info( 140| 1| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03", 141| 1| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00", 142| 1| "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F", 143| 1| "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF", 144| 1| "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB", 145| 1| "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1", 146| 1| oid); 147| 1| } 148| | 149| | // gost_256A 150| 5| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) { ------------------ | Branch (150:7): [True: 0, False: 5] | Branch (150:7): [True: 0, False: 5] | Branch (150:50): [True: 0, False: 5] | Branch (150:88): [True: 0, False: 5] ------------------ 151| 0| return load_EC_group_info( 152| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", 153| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", 154| 0| "0xA6", 155| 0| "0x1", 156| 0| "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", 157| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", 158| 0| OID{1, 2, 643, 7, 1, 2, 1, 1, 1}); 159| 0| } 160| | 161| | // gost_512A 162| 5| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) { ------------------ | Branch (162:7): [True: 0, False: 5] ------------------ 163| 0| return load_EC_group_info( 164| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 165| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 166| 0| "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760", 167| 0| "0x3", 168| 0| "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4", 169| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275", 170| 0| oid); 171| 0| } 172| | 173| | // secp160k1 174| 5| if(oid == OID{1, 3, 132, 0, 9}) { ------------------ | Branch (174:7): [True: 0, False: 5] ------------------ 175| 0| return load_EC_group_info( 176| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 177| 0| "0x0", 178| 0| "0x7", 179| 0| "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 180| 0| "0x938CF935318FDCED6BC28286531733C3F03C4FEE", 181| 0| "0x100000000000000000001B8FA16DFAB9ACA16B6B3", 182| 0| oid); 183| 0| } 184| | 185| | // secp160r1 186| 5| if(oid == OID{1, 3, 132, 0, 8}) { ------------------ | Branch (186:7): [True: 0, False: 5] ------------------ 187| 0| return load_EC_group_info( 188| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", 189| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", 190| 0| "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", 191| 0| "0x4A96B5688EF573284664698968C38BB913CBFC82", 192| 0| "0x23A628553168947D59DCC912042351377AC5FB32", 193| 0| "0x100000000000000000001F4C8F927AED3CA752257", 194| 0| oid); 195| 0| } 196| | 197| | // secp160r2 198| 5| if(oid == OID{1, 3, 132, 0, 30}) { ------------------ | Branch (198:7): [True: 0, False: 5] ------------------ 199| 0| return load_EC_group_info( 200| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 201| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", 202| 0| "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA", 203| 0| "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D", 204| 0| "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 205| 0| "0x100000000000000000000351EE786A818F3A1A16B", 206| 0| oid); 207| 0| } 208| | 209| | // secp192k1 210| 5| if(oid == OID{1, 3, 132, 0, 31}) { ------------------ | Branch (210:7): [True: 0, False: 5] ------------------ 211| 0| return load_EC_group_info( 212| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 213| 0| "0x0", 214| 0| "0x3", 215| 0| "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 216| 0| "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 217| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 218| 0| oid); 219| 0| } 220| | 221| | // secp192r1 222| 5| if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) { ------------------ | Branch (222:7): [True: 1, False: 4] ------------------ 223| 1| return load_EC_group_info( 224| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 225| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 226| 1| "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 227| 1| "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 228| 1| "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 229| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 230| 1| oid); 231| 1| } 232| | 233| | // secp224k1 234| 4| if(oid == OID{1, 3, 132, 0, 32}) { ------------------ | Branch (234:7): [True: 0, False: 4] ------------------ 235| 0| return load_EC_group_info( 236| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 237| 0| "0x0", 238| 0| "0x5", 239| 0| "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 240| 0| "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 241| 0| "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 242| 0| oid); 243| 0| } 244| | 245| | // secp224r1 246| 4| if(oid == OID{1, 3, 132, 0, 33}) { ------------------ | Branch (246:7): [True: 1, False: 3] ------------------ 247| 1| return load_EC_group_info( 248| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", 249| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", 250| 1| "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", 251| 1| "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", 252| 1| "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", 253| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 254| 1| oid); 255| 1| } 256| | 257| | // secp256k1 258| 3| if(oid == OID{1, 3, 132, 0, 10}) { ------------------ | Branch (258:7): [True: 1, False: 2] ------------------ 259| 1| return load_EC_group_info( 260| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 261| 1| "0x0", 262| 1| "0x7", 263| 1| "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 264| 1| "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 265| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 266| 1| oid); 267| 1| } 268| | 269| | // sm2p256v1 270| 2| if(oid == OID{1, 2, 156, 10197, 1, 301}) { ------------------ | Branch (270:7): [True: 1, False: 1] ------------------ 271| 1| return load_EC_group_info( 272| 1| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 273| 1| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 274| 1| "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 275| 1| "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", 276| 1| "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", 277| 1| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 278| 1| oid); 279| 1| } 280| | 281| | // x962_p192v2 282| 1| if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) { ------------------ | Branch (282:7): [True: 0, False: 1] ------------------ 283| 0| return load_EC_group_info( 284| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 285| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 286| 0| "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", 287| 0| "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", 288| 0| "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", 289| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 290| 0| oid); 291| 0| } 292| | 293| | // x962_p192v3 294| 1| if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) { ------------------ | Branch (294:7): [True: 0, False: 1] ------------------ 295| 0| return load_EC_group_info( 296| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 297| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 298| 0| "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", 299| 0| "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", 300| 0| "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", 301| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 302| 0| oid); 303| 0| } 304| | 305| | // x962_p239v1 306| 1| if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) { ------------------ | Branch (306:7): [True: 0, False: 1] ------------------ 307| 0| return load_EC_group_info( 308| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 309| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 310| 0| "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", 311| 0| "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", 312| 0| "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", 313| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 314| 0| oid); 315| 0| } 316| | 317| | // x962_p239v2 318| 1| if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) { ------------------ | Branch (318:7): [True: 0, False: 1] ------------------ 319| 0| return load_EC_group_info( 320| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 321| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 322| 0| "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", 323| 0| "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", 324| 0| "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", 325| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 326| 0| oid); 327| 0| } 328| | 329| | // x962_p239v3 330| 1| if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) { ------------------ | Branch (330:7): [True: 0, False: 1] ------------------ 331| 0| return load_EC_group_info( 332| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 333| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 334| 0| "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", 335| 0| "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", 336| 0| "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", 337| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 338| 0| oid); 339| 0| } 340| | 341| | // numsp512d1 342| 1| if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) { ------------------ | Branch (342:7): [True: 1, False: 0] ------------------ 343| 1| return load_EC_group_info( 344| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 345| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 346| 1| "0x1D99B", 347| 1| "0x2", 348| 1| "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28", 349| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D", 350| 1| oid); 351| 1| } 352| | 353| 0| return std::shared_ptr(); 354| 1|} _ZN5Botan9EC_ScalarC2ENSt3__110unique_ptrINS_14EC_Scalar_DataENS1_14default_deleteIS3_EEEE: 22| 65.8k|EC_Scalar::EC_Scalar(std::unique_ptr scalar) : m_scalar(std::move(scalar)) { 23| 65.8k| BOTAN_ASSERT_NONNULL(m_scalar); ------------------ | | 116| 65.8k| do { \ | | 117| 65.8k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 65.8k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 65.8k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 65.8k] | | ------------------ ------------------ 24| 65.8k|} _ZN5Botan9EC_ScalarC2ERKS0_: 26| 2.56k|EC_Scalar::EC_Scalar(const EC_Scalar& other) : m_scalar(other.inner().clone()) {} _ZN5Botan9EC_ScalarC2EOS0_: 28| 4.93k|EC_Scalar::EC_Scalar(EC_Scalar&& other) noexcept : m_scalar(std::move(other.m_scalar)) {} _ZN5Botan9EC_ScalarD2Ev: 43| 73.3k|EC_Scalar::~EC_Scalar() = default; _ZN5Botan9EC_Scalar20from_bytes_mod_orderERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 53| 5.13k|EC_Scalar EC_Scalar::from_bytes_mod_order(const EC_Group& group, std::span bytes) { 54| 5.13k| if(auto s = group._data()->scalar_from_bytes_mod_order(bytes)) { ------------------ | Branch (54:12): [True: 5.13k, False: 0] ------------------ 55| 5.13k| return EC_Scalar(std::move(s)); 56| 5.13k| } else { 57| 0| throw Decoding_Error("EC_Scalar::from_bytes_mod_order input invalid"); 58| 0| } 59| 5.13k|} _ZN5Botan9EC_Scalar3oneERKNS_8EC_GroupE: 65| 2.56k|EC_Scalar EC_Scalar::one(const EC_Group& group) { 66| 2.56k| return EC_Scalar(group._data()->scalar_one()); 67| 2.56k|} _ZNK5Botan9EC_Scalar12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 88| 4.93k|void EC_Scalar::serialize_to(std::span bytes) const { 89| 4.93k| inner().serialize_to(bytes); 90| 4.93k|} _ZN5Botan9EC_Scalar11deserializeERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 118| 4.93k|std::optional EC_Scalar::deserialize(const EC_Group& group, std::span bytes) { 119| 4.93k| if(auto v = group._data()->scalar_deserialize(bytes)) { ------------------ | Branch (119:12): [True: 4.93k, False: 0] ------------------ 120| 4.93k| return EC_Scalar(std::move(v)); 121| 4.93k| } else { 122| 0| return {}; 123| 0| } 124| 4.93k|} _ZNK5Botan9EC_Scalar7is_zeroEv: 133| 15.3k|bool EC_Scalar::is_zero() const { 134| 15.3k| return inner().is_zero(); 135| 15.3k|} _ZNK5Botan9EC_Scalar6invertEv: 137| 7.42k|EC_Scalar EC_Scalar::invert() const { 138| 7.42k| return EC_Scalar(inner().invert()); 139| 7.42k|} _ZNK5Botan9EC_Scalar14invert_vartimeEv: 141| 4.93k|EC_Scalar EC_Scalar::invert_vartime() const { 142| 4.93k| return EC_Scalar(inner().invert_vartime()); 143| 4.93k|} _ZNK5Botan9EC_Scalar6negateEv: 145| 2.56k|EC_Scalar EC_Scalar::negate() const { 146| 2.56k| return EC_Scalar(inner().negate()); 147| 2.56k|} _ZN5Botan9EC_Scalar11square_selfEv: 149| 2.56k|void EC_Scalar::square_self() { 150| 2.56k| m_scalar->square_self(); 151| 2.56k|} _ZNK5Botan9EC_Scalar3addERKS0_: 153| 12.8k|EC_Scalar EC_Scalar::add(const EC_Scalar& x) const { 154| 12.8k| return EC_Scalar(inner().add(x.inner())); 155| 12.8k|} _ZNK5Botan9EC_Scalar3subERKS0_: 157| 2.56k|EC_Scalar EC_Scalar::sub(const EC_Scalar& x) const { 158| 2.56k| return EC_Scalar(inner().sub(x.inner())); 159| 2.56k|} _ZNK5Botan9EC_Scalar3mulERKS0_: 161| 22.8k|EC_Scalar EC_Scalar::mul(const EC_Scalar& x) const { 162| 22.8k| return EC_Scalar(inner().mul(x.inner())); 163| 22.8k|} _ZNK5Botan9EC_Scalar5is_eqERKS0_: 173| 30.1k|bool EC_Scalar::is_eq(const EC_Scalar& x) const { 174| 30.1k| return inner().is_eq(x.inner()); 175| 30.1k|} _ZN5Botan8CurveGFpC2EPKNS_13EC_Group_DataE: 28| 12|CurveGFp::CurveGFp(const EC_Group_Data* group) : m_group(group) { 29| 12| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 12| do { \ | | 117| 12| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 12] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 12| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 12] | | ------------------ ------------------ 30| 12|} _ZNK5Botan8CurveGFp5groupEv: 32| 24|const EC_Group_Data& CurveGFp::group() const { 33| 24| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 24| do { \ | | 117| 24| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 24] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 24| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 24] | | ------------------ ------------------ 34| 24| return *m_group; 35| 24|} _ZN5Botan8EC_PointC2ERKNS_8CurveGFpENS_6BigIntES4_: 115| 12| m_curve(curve), m_x(std::move(x)), m_y(std::move(y)), m_z(m_curve.group().monty().R1()) { 116| 12| const auto& group = m_curve.group(); 117| | 118| 12| if(m_x < 0 || m_x >= group.p()) { ------------------ | Branch (118:7): [True: 0, False: 12] | Branch (118:18): [True: 0, False: 12] ------------------ 119| 0| throw Invalid_Argument("Invalid EC_Point affine x"); 120| 0| } 121| 12| if(m_y < 0 || m_y >= group.p()) { ------------------ | Branch (121:7): [True: 0, False: 12] | Branch (121:18): [True: 0, False: 12] ------------------ 122| 0| throw Invalid_Argument("Invalid EC_Point affine y"); 123| 0| } 124| | 125| 12| secure_vector monty_ws(monty_ws_size(group)); 126| | 127| 12| to_rep(group, m_x, monty_ws); 128| 12| to_rep(group, m_y, monty_ws); 129| 12|} _ZN5Botan8EC_Point4swapERS0_: 792| 12|void EC_Point::swap(EC_Point& other) noexcept { 793| 12| m_curve.swap(other.m_curve); 794| 12| m_x.swap(other.m_x); 795| 12| m_y.swap(other.m_y); 796| 12| m_z.swap(other.m_z); 797| 12|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_113monty_ws_sizeERKNS_13EC_Group_DataE: 102| 12|size_t monty_ws_size(const EC_Group_Data& group) { 103| 12| return 2 * group.p_words(); 104| 12|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_16to_repERKNS_13EC_Group_DataERNS_6BigIntERNSt3__16vectorImNS_16secure_allocatorImEEEE: 55| 24|void to_rep(const EC_Group_Data& group, BigInt& x, secure_vector& ws) { 56| 24| group.monty().mul_by(x, group.monty().R2(), ws); 57| 24|} _ZN5Botan15allocate_memoryEmm: 21| 1.19k|BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size) { 22| 1.19k| if(elems == 0 || elem_size == 0) { ------------------ | Branch (22:7): [True: 0, False: 1.19k] | Branch (22:21): [True: 0, False: 1.19k] ------------------ 23| 0| return nullptr; 24| 0| } 25| | 26| | // Some calloc implementations do not check for overflow (?!?) 27| 1.19k| if(!checked_mul(elems, elem_size).has_value()) { ------------------ | Branch (27:7): [True: 0, False: 1.19k] ------------------ 28| 0| throw std::bad_alloc(); 29| 0| } 30| | 31| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 32| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 33| | if(void* p = mlock_allocator::instance().allocate(elems, elem_size)) { 34| | return p; 35| | } 36| |#endif 37| | 38| |#if defined(BOTAN_TARGET_OS_HAS_ALLOC_CONCEAL) 39| | void* ptr = ::calloc_conceal(elems, elem_size); 40| |#else 41| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 42| 1.19k| void* ptr = std::calloc(elems, elem_size); // NOLINT(*-no-malloc,*-owning-memory) 43| 1.19k|#endif 44| 1.19k| if(ptr == nullptr) { ------------------ | Branch (44:7): [True: 0, False: 1.19k] ------------------ 45| 0| [[unlikely]] throw std::bad_alloc(); 46| 0| } 47| 1.19k| return ptr; 48| 1.19k|} _ZN5Botan17deallocate_memoryEPvmm: 50| 1.19k|void deallocate_memory(void* p, size_t elems, size_t elem_size) { 51| 1.19k| if(p == nullptr) { ------------------ | Branch (51:7): [True: 0, False: 1.19k] ------------------ 52| 0| [[unlikely]] return; 53| 0| } 54| | 55| 1.19k| secure_scrub_memory(p, elems * elem_size); 56| | 57| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 58| | if(mlock_allocator::instance().deallocate(p, elems, elem_size)) { 59| | return; 60| | } 61| |#endif 62| | 63| 1.19k| std::free(p); // NOLINT(*-no-malloc,*-owning-memory) 64| 1.19k|} _ZN5Botan20initialize_allocatorEv: 66| 1|void initialize_allocator() { 67| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 68| | mlock_allocator::instance(); 69| |#endif 70| 1|} _ZN5Botan19secure_scrub_memoryEPvm: 25| 1.19k|void secure_scrub_memory(void* ptr, size_t n) { 26| 1.19k| return secure_zeroize_buffer(ptr, n); 27| 1.19k|} _ZN5Botan21secure_zeroize_bufferEPvm: 29| 1.19k|void secure_zeroize_buffer(void* ptr, size_t n) { 30| 1.19k| if(n == 0) { ------------------ | Branch (30:7): [True: 0, False: 1.19k] ------------------ 31| 0| return; 32| 0| } 33| | 34| |#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) 35| | ::RtlSecureZeroMemory(ptr, n); 36| | 37| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) 38| 1.19k| ::explicit_bzero(ptr, n); 39| | 40| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) 41| | (void)::explicit_memset(ptr, 0, n); 42| | 43| |#else 44| | /* 45| | * Call memset through a static volatile pointer, which the compiler should 46| | * not elide. This construct should be safe in conforming compilers, but who 47| | * knows. This has been checked to generate the expected code, which saves the 48| | * memset address in the data segment and unconditionally loads and jumps to 49| | * that address, with the following targets: 50| | * 51| | * x86-64: Clang 19, GCC 6, 11, 13, 14 52| | * riscv64: GCC 14 53| | * aarch64: GCC 14 54| | * armv7: GCC 14 55| | * 56| | * Actually all of them generated the expected jump even without marking the 57| | * function pointer as volatile. However this seems worth including as an 58| | * additional precaution. 59| | */ 60| | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; 61| | (memset_ptr)(ptr, 0, n); 62| |#endif 63| 1.19k|}