aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-07 22:58:45 +0000
committerlloyd <[email protected]>2010-09-07 22:58:45 +0000
commit23eb8c4250d9dc763978e5fbddc1c7e784839078 (patch)
tree707c83ac6e03fe8f35a2b2cbee944430166d280b
parent3c43fb5878bcf585dd32b1a74ae4dd733a89ac05 (diff)
Realization while thinking about the recently added truncate: in a STL
container like vector, truncate is simply resize, but what MemoryRegion called resize will zap the entire contents, and then what was resize was called grow_to. This is really problematic in terms of the goal of replacing MemoryRegion with a vector with a custom allocator. In this checkin: - Remove MemoryRegion::grow_to and MemoryRegion::truncate - Change the semantics of MemoryRegion::resize to change the size while keeping any current contents intact (up to the new size), zero initializing any new values. Unrelated, just noticed the lack while I was in there, add a version of CryptoBox::decrypt taking a std::string for the input.
-rw-r--r--doc/log.txt1
-rw-r--r--src/alloc/secmem.h50
-rw-r--r--src/codec/hex/hex.cpp2
-rw-r--r--src/constructs/cryptobox/cryptobox.cpp20
-rw-r--r--src/constructs/cryptobox/cryptobox.h8
-rw-r--r--src/math/bigint/bigint.cpp5
-rw-r--r--src/math/bigint/divide.cpp5
7 files changed, 39 insertions, 52 deletions
diff --git a/doc/log.txt b/doc/log.txt
index f35bd9b8f..756d81555 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -3,7 +3,6 @@
- Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
- Use smaller tables in the first round of AES
- Add hex encoding/decoding functions that can be used without a Pipe
- - Add new function MemoryRegion::truncate
- Allow using PBKDF2 with empty passphrases
- Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
- Support dynamic loading on Windows
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h
index f14e2a9db..aae1634d3 100644
--- a/src/alloc/secmem.h
+++ b/src/alloc/secmem.h
@@ -146,7 +146,7 @@ class MemoryRegion
* @param n the size of the array data
*/
void append(const T data[], u32bit n)
- { grow_to(size()+n); copy(size() - n, data, n); }
+ { resize(size()+n); copy(size() - n, data, n); }
/**
* Append a single element.
@@ -162,16 +162,6 @@ class MemoryRegion
{ append(other.begin(), other.size()); }
/**
- * Truncate the buffer to at most n elements
- * @param n the length of the resulting buffer
- */
- void truncate(u32bit n)
- {
- if(n < used)
- used = n;
- }
-
- /**
* Zeroise the bytes of this buffer. The length remains unchanged.
*/
void clear() { clear_mem(buf, allocated); }
@@ -182,22 +172,14 @@ class MemoryRegion
void destroy() { resize(0); }
/**
- * Reset this buffer to a buffer of specified length. The content will be
- * initialized to zero bytes.
- * @param n the new length of the buffer
+ * Inserts or erases elements at the end such that the size
+ * becomes n, leaving elements in the range 0...n unmodified if
+ * set or otherwise zero-initialized
+ * @param n length of the new buffer
*/
void resize(u32bit n);
/**
- * Change the size to n elements. If n is >= size(), preexisting
- * elements remain unchanged, with later elements
- * zero-initialized. If n < size(), then the last (size() - N)
- * elements are removed.
- * @param n the new size
- */
- void grow_to(u32bit n);
-
- /**
* Swap this buffer with another object.
*/
void swap(MemoryRegion<T>& other);
@@ -240,30 +222,18 @@ class MemoryRegion
};
/*
-* Create a new buffer
+* Change the size of the buffer
*/
template<typename T>
void MemoryRegion<T>::resize(u32bit n)
{
- if(n <= allocated) { clear(); used = n; return; }
- deallocate(buf, allocated);
- buf = allocate(n);
- allocated = used = n;
- }
-
-/*
-* Increase the size of the buffer
-*/
-template<typename T>
-void MemoryRegion<T>::grow_to(u32bit n)
- {
- if(n > used && n <= allocated)
+ if(n <= allocated)
{
- clear_mem(buf + used, n - used);
+ u32bit zap = std::min(used, n);
+ clear_mem(buf + zap, allocated - zap);
used = n;
- return;
}
- else if(n > allocated)
+ else
{
T* new_buf = allocate(n);
copy_mem(new_buf, buf, used);
diff --git a/src/codec/hex/hex.cpp b/src/codec/hex/hex.cpp
index 70e819906..6cef71fec 100644
--- a/src/codec/hex/hex.cpp
+++ b/src/codec/hex/hex.cpp
@@ -167,7 +167,7 @@ SecureVector<byte> hex_decode(const char input[],
input_length,
ignore_ws);
- bin.truncate(written);
+ bin.resize(written);
return bin;
}
diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp
index 6dcca0754..61fe51a88 100644
--- a/src/constructs/cryptobox/cryptobox.cpp
+++ b/src/constructs/cryptobox/cryptobox.cpp
@@ -73,16 +73,18 @@ std::string encrypt(const byte input[], u32bit input_len,
mac (20 bytes)
ciphertext
*/
- u32bit ciphertext_len = pipe.remaining(0);
+ const u32bit ciphertext_len = pipe.remaining(0);
- SecureVector<byte> out_buf;
+ SecureVector<byte> out_buf(VERSION_CODE_LEN +
+ PBKDF_SALT_LEN +
+ MAC_OUTPUT_LEN +
+ ciphertext_len);
for(u32bit i = 0; i != VERSION_CODE_LEN; ++i)
- out_buf.append(get_byte(i, CRYPTOBOX_VERSION_CODE));
+ out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE);
- out_buf.append(pbkdf_salt.begin(), pbkdf_salt.size());
+ out_buf.copy(VERSION_CODE_LEN, pbkdf_salt, PBKDF_SALT_LEN);
- out_buf.grow_to(out_buf.size() + MAC_OUTPUT_LEN + ciphertext_len);
pipe.read(out_buf + VERSION_CODE_LEN + PBKDF_SALT_LEN, MAC_OUTPUT_LEN, 1);
pipe.read(out_buf + VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN,
ciphertext_len, 0);
@@ -140,6 +142,14 @@ std::string decrypt(const byte input[], u32bit input_len,
return pipe.read_all_as_string(0);
}
+std::string decrypt(const std::string& input,
+ const std::string& passphrase)
+ {
+ return decrypt(reinterpret_cast<const byte*>(&input[0]),
+ input.size(),
+ passphrase);
+ }
+
}
}
diff --git a/src/constructs/cryptobox/cryptobox.h b/src/constructs/cryptobox/cryptobox.h
index 0380dcff9..12f054eff 100644
--- a/src/constructs/cryptobox/cryptobox.h
+++ b/src/constructs/cryptobox/cryptobox.h
@@ -38,6 +38,14 @@ BOTAN_DLL std::string encrypt(const byte input[], u32bit input_len,
BOTAN_DLL std::string decrypt(const byte input[], u32bit input_len,
const std::string& passphrase);
+/**
+* Decrypt a message encrypted with CryptoBox::encrypt
+* @param input the input data
+* @param passphrase the passphrase used to encrypt the message
+*/
+BOTAN_DLL std::string decrypt(const std::string& input,
+ const std::string& passphrase);
+
}
}
diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp
index 7feec4d59..1ae8be130 100644
--- a/src/math/bigint/bigint.cpp
+++ b/src/math/bigint/bigint.cpp
@@ -114,7 +114,7 @@ void BigInt::swap(BigInt& other)
*/
void BigInt::grow_reg(u32bit n)
{
- reg.grow_to(round_up<u32bit>(size() + n, 8));
+ reg.resize(round_up<u32bit>(size() + n, 8));
}
/*
@@ -123,7 +123,7 @@ void BigInt::grow_reg(u32bit n)
void BigInt::grow_to(u32bit n)
{
if(n > size())
- reg.grow_to(round_up<u32bit>(n, 8));
+ reg.resize(round_up<u32bit>(n, 8));
}
/*
@@ -348,6 +348,7 @@ void BigInt::binary_decode(const byte buf[], u32bit length)
{
const u32bit WORD_BYTES = sizeof(word);
+ reg.clear();
reg.resize(round_up<u32bit>((length / WORD_BYTES) + 1, 8));
for(u32bit j = 0; j != length / WORD_BYTES; ++j)
diff --git a/src/math/bigint/divide.cpp b/src/math/bigint/divide.cpp
index a5f2462d8..47df1273a 100644
--- a/src/math/bigint/divide.cpp
+++ b/src/math/bigint/divide.cpp
@@ -39,15 +39,14 @@ void divide(const BigInt& x, const BigInt& y_arg, BigInt& q, BigInt& r)
BigInt y = y_arg;
const u32bit y_words = y.sig_words();
r = x;
+ q = 0;
r.set_sign(BigInt::Positive);
y.set_sign(BigInt::Positive);
s32bit compare = r.cmp(y);
- if(compare < 0)
- q = 0;
- else if(compare == 0)
+ if(compare == 0)
{
q = 1;
r = 0;