diff options
author | lloyd <[email protected]> | 2010-09-07 22:58:45 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-07 22:58:45 +0000 |
commit | 23eb8c4250d9dc763978e5fbddc1c7e784839078 (patch) | |
tree | 707c83ac6e03fe8f35a2b2cbee944430166d280b | |
parent | 3c43fb5878bcf585dd32b1a74ae4dd733a89ac05 (diff) |
Realization while thinking about the recently added truncate: in a STL
container like vector, truncate is simply resize, but what
MemoryRegion called resize will zap the entire contents, and then what
was resize was called grow_to. This is really problematic in terms of
the goal of replacing MemoryRegion with a vector with a custom
allocator.
In this checkin:
- Remove MemoryRegion::grow_to and MemoryRegion::truncate
- Change the semantics of MemoryRegion::resize to change the size
while keeping any current contents intact (up to the new size),
zero initializing any new values.
Unrelated, just noticed the lack while I was in there, add a version
of CryptoBox::decrypt taking a std::string for the input.
-rw-r--r-- | doc/log.txt | 1 | ||||
-rw-r--r-- | src/alloc/secmem.h | 50 | ||||
-rw-r--r-- | src/codec/hex/hex.cpp | 2 | ||||
-rw-r--r-- | src/constructs/cryptobox/cryptobox.cpp | 20 | ||||
-rw-r--r-- | src/constructs/cryptobox/cryptobox.h | 8 | ||||
-rw-r--r-- | src/math/bigint/bigint.cpp | 5 | ||||
-rw-r--r-- | src/math/bigint/divide.cpp | 5 |
7 files changed, 39 insertions, 52 deletions
diff --git a/doc/log.txt b/doc/log.txt index f35bd9b8f..756d81555 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -3,7 +3,6 @@ - Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 - Use smaller tables in the first round of AES - Add hex encoding/decoding functions that can be used without a Pipe - - Add new function MemoryRegion::truncate - Allow using PBKDF2 with empty passphrases - Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 - Support dynamic loading on Windows diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index f14e2a9db..aae1634d3 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -146,7 +146,7 @@ class MemoryRegion * @param n the size of the array data */ void append(const T data[], u32bit n) - { grow_to(size()+n); copy(size() - n, data, n); } + { resize(size()+n); copy(size() - n, data, n); } /** * Append a single element. @@ -162,16 +162,6 @@ class MemoryRegion { append(other.begin(), other.size()); } /** - * Truncate the buffer to at most n elements - * @param n the length of the resulting buffer - */ - void truncate(u32bit n) - { - if(n < used) - used = n; - } - - /** * Zeroise the bytes of this buffer. The length remains unchanged. */ void clear() { clear_mem(buf, allocated); } @@ -182,22 +172,14 @@ class MemoryRegion void destroy() { resize(0); } /** - * Reset this buffer to a buffer of specified length. The content will be - * initialized to zero bytes. - * @param n the new length of the buffer + * Inserts or erases elements at the end such that the size + * becomes n, leaving elements in the range 0...n unmodified if + * set or otherwise zero-initialized + * @param n length of the new buffer */ void resize(u32bit n); /** - * Change the size to n elements. If n is >= size(), preexisting - * elements remain unchanged, with later elements - * zero-initialized. If n < size(), then the last (size() - N) - * elements are removed. - * @param n the new size - */ - void grow_to(u32bit n); - - /** * Swap this buffer with another object. */ void swap(MemoryRegion<T>& other); @@ -240,30 +222,18 @@ class MemoryRegion }; /* -* Create a new buffer +* Change the size of the buffer */ template<typename T> void MemoryRegion<T>::resize(u32bit n) { - if(n <= allocated) { clear(); used = n; return; } - deallocate(buf, allocated); - buf = allocate(n); - allocated = used = n; - } - -/* -* Increase the size of the buffer -*/ -template<typename T> -void MemoryRegion<T>::grow_to(u32bit n) - { - if(n > used && n <= allocated) + if(n <= allocated) { - clear_mem(buf + used, n - used); + u32bit zap = std::min(used, n); + clear_mem(buf + zap, allocated - zap); used = n; - return; } - else if(n > allocated) + else { T* new_buf = allocate(n); copy_mem(new_buf, buf, used); diff --git a/src/codec/hex/hex.cpp b/src/codec/hex/hex.cpp index 70e819906..6cef71fec 100644 --- a/src/codec/hex/hex.cpp +++ b/src/codec/hex/hex.cpp @@ -167,7 +167,7 @@ SecureVector<byte> hex_decode(const char input[], input_length, ignore_ws); - bin.truncate(written); + bin.resize(written); return bin; } diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index 6dcca0754..61fe51a88 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -73,16 +73,18 @@ std::string encrypt(const byte input[], u32bit input_len, mac (20 bytes) ciphertext */ - u32bit ciphertext_len = pipe.remaining(0); + const u32bit ciphertext_len = pipe.remaining(0); - SecureVector<byte> out_buf; + SecureVector<byte> out_buf(VERSION_CODE_LEN + + PBKDF_SALT_LEN + + MAC_OUTPUT_LEN + + ciphertext_len); for(u32bit i = 0; i != VERSION_CODE_LEN; ++i) - out_buf.append(get_byte(i, CRYPTOBOX_VERSION_CODE)); + out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); - out_buf.append(pbkdf_salt.begin(), pbkdf_salt.size()); + out_buf.copy(VERSION_CODE_LEN, pbkdf_salt, PBKDF_SALT_LEN); - out_buf.grow_to(out_buf.size() + MAC_OUTPUT_LEN + ciphertext_len); pipe.read(out_buf + VERSION_CODE_LEN + PBKDF_SALT_LEN, MAC_OUTPUT_LEN, 1); pipe.read(out_buf + VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN, ciphertext_len, 0); @@ -140,6 +142,14 @@ std::string decrypt(const byte input[], u32bit input_len, return pipe.read_all_as_string(0); } +std::string decrypt(const std::string& input, + const std::string& passphrase) + { + return decrypt(reinterpret_cast<const byte*>(&input[0]), + input.size(), + passphrase); + } + } } diff --git a/src/constructs/cryptobox/cryptobox.h b/src/constructs/cryptobox/cryptobox.h index 0380dcff9..12f054eff 100644 --- a/src/constructs/cryptobox/cryptobox.h +++ b/src/constructs/cryptobox/cryptobox.h @@ -38,6 +38,14 @@ BOTAN_DLL std::string encrypt(const byte input[], u32bit input_len, BOTAN_DLL std::string decrypt(const byte input[], u32bit input_len, const std::string& passphrase); +/** +* Decrypt a message encrypted with CryptoBox::encrypt +* @param input the input data +* @param passphrase the passphrase used to encrypt the message +*/ +BOTAN_DLL std::string decrypt(const std::string& input, + const std::string& passphrase); + } } diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index 7feec4d59..1ae8be130 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -114,7 +114,7 @@ void BigInt::swap(BigInt& other) */ void BigInt::grow_reg(u32bit n) { - reg.grow_to(round_up<u32bit>(size() + n, 8)); + reg.resize(round_up<u32bit>(size() + n, 8)); } /* @@ -123,7 +123,7 @@ void BigInt::grow_reg(u32bit n) void BigInt::grow_to(u32bit n) { if(n > size()) - reg.grow_to(round_up<u32bit>(n, 8)); + reg.resize(round_up<u32bit>(n, 8)); } /* @@ -348,6 +348,7 @@ void BigInt::binary_decode(const byte buf[], u32bit length) { const u32bit WORD_BYTES = sizeof(word); + reg.clear(); reg.resize(round_up<u32bit>((length / WORD_BYTES) + 1, 8)); for(u32bit j = 0; j != length / WORD_BYTES; ++j) diff --git a/src/math/bigint/divide.cpp b/src/math/bigint/divide.cpp index a5f2462d8..47df1273a 100644 --- a/src/math/bigint/divide.cpp +++ b/src/math/bigint/divide.cpp @@ -39,15 +39,14 @@ void divide(const BigInt& x, const BigInt& y_arg, BigInt& q, BigInt& r) BigInt y = y_arg; const u32bit y_words = y.sig_words(); r = x; + q = 0; r.set_sign(BigInt::Positive); y.set_sign(BigInt::Positive); s32bit compare = r.cmp(y); - if(compare < 0) - q = 0; - else if(compare == 0) + if(compare == 0) { q = 1; r = 0; |