aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <lloyd@randombit.net>2008-09-30 06:20:10 +0000
committerlloyd <lloyd@randombit.net>2008-09-30 06:20:10 +0000
commit33bb3dca54ecef2599b756d27b66781e14d06ae3 (patch)
tree4c7b07a1b1b3f40e82202570c7aec298a672339c
parentc9749d5d4693b5d93171f6085b29fc72c1e12ba0 (diff)
Remove lookup from Randpool, HMAC, CMAC, CBC-MAC, TLS-PRF, and PBKDF2
-rw-r--r--checks/dolook2.cpp3
-rw-r--r--src/core/libstate/def_alg.cpp27
-rw-r--r--src/core/rng.cpp4
-rw-r--r--src/kdf/pbkdf2/pbkdf2.cpp35
-rw-r--r--src/kdf/pbkdf2/pbkdf2.h10
-rw-r--r--src/kdf/tlsv1/prf_tls.cpp40
-rw-r--r--src/kdf/tlsv1/prf_tls.h14
-rw-r--r--src/mac/cbc_mac/cbc_mac.cpp16
-rw-r--r--src/mac/cbc_mac/cbc_mac.h3
-rw-r--r--src/mac/cmac/cmac.cpp8
-rw-r--r--src/mac/cmac/cmac.h2
-rw-r--r--src/mac/hmac/hmac.cpp12
-rw-r--r--src/mac/hmac/hmac.h3
-rw-r--r--src/pk_pad/emsa1/emsa1.cpp1
-rw-r--r--src/rng/randpool/randpool.cpp17
-rw-r--r--src/rng/randpool/randpool.h7
16 files changed, 126 insertions, 76 deletions
diff --git a/checks/dolook2.cpp b/checks/dolook2.cpp
index ed579ad67..708d5d2ef 100644
--- a/checks/dolook2.cpp
+++ b/checks/dolook2.cpp
@@ -135,7 +135,8 @@ Filter* lookup_rng(const std::string& algname,
// defaults, so benchmark reflects real-world performance (maybe)
if(!prng && (algname == "Randpool" || algname == "X9.31-RNG"))
{
- Randpool* randpool = new Randpool("AES-256", "HMAC(SHA-256)");
+ Randpool* randpool = new Randpool(get_block_cipher("AES-256"),
+ get_mac("HMAC(SHA-256)"));
randpool->add_entropy(reinterpret_cast<const byte*>(key.c_str()),
key.length());
diff --git a/src/core/libstate/def_alg.cpp b/src/core/libstate/def_alg.cpp
index ade7e8d08..ea58bd06f 100644
--- a/src/core/libstate/def_alg.cpp
+++ b/src/core/libstate/def_alg.cpp
@@ -538,9 +538,12 @@ Default_Engine::find_mac(const std::string& algo_spec) const
return 0;
const std::string algo_name = global_state().deref_alias(name[0]);
-#if defined(BOTAN_HAS_CBC_MAC)
- HANDLE_TYPE_ONE_STRING("CBC-MAC", CBC_MAC);
-#endif
+ if(algo_name == "CBC-MAC")
+ {
+ if(name.size() == 2)
+ return new CBC_MAC(find_block_cipher(name[1]));
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
if(algo_name == "CMAC")
{
@@ -549,9 +552,12 @@ Default_Engine::find_mac(const std::string& algo_spec) const
throw Invalid_Algorithm_Name(algo_spec);
}
-#if defined(BOTAN_HAS_HMAC)
- HANDLE_TYPE_ONE_STRING("HMAC", HMAC);
-#endif
+ if(algo_name == "HMAC")
+ {
+ if(name.size() == 2)
+ return new HMAC(find_hash(name[1]));
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
#if defined(BOTAN_HAS_SSL3_MAC)
HANDLE_TYPE_ONE_STRING("SSL3-MAC", SSL3_MAC);
@@ -579,9 +585,12 @@ S2K* Default_Engine::find_s2k(const std::string& algo_spec) const
HANDLE_TYPE_ONE_STRING("PBKDF1", PKCS5_PBKDF1);
#endif
-#if defined(BOTAN_HAS_PBKDF2)
- HANDLE_TYPE_ONE_STRING("PBKDF2", PKCS5_PBKDF2);
-#endif
+ if(algo_spec == "PBKDF2")
+ {
+ if(name.size() == 2)
+ return new PKCS5_PBKDF2(find_mac("HMAC(" + name[1] + ")"));
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
#if defined(BOTAN_HAS_PGPS2K)
HANDLE_TYPE_ONE_STRING("OpenPGP-S2K", OpenPGP_S2K);
diff --git a/src/core/rng.cpp b/src/core/rng.cpp
index 9bed40dc1..37b03684c 100644
--- a/src/core/rng.cpp
+++ b/src/core/rng.cpp
@@ -4,6 +4,7 @@
*************************************************/
#include <botan/rng.h>
+#include <botan/lookup.h>
#include <botan/util.h>
#include <botan/parsing.h>
#include <botan/timers.h>
@@ -82,7 +83,8 @@ RandomNumberGenerator* RandomNumberGenerator::make_rng()
RandomNumberGenerator* rng = 0;
#if defined(BOTAN_HAS_RANDPOOL)
- rng = new Randpool("AES-256", "HMAC(SHA-256)");
+ rng = new Randpool(get_block_cipher("AES-256"),
+ get_mac("HMAC(SHA-256)"));
#if defined(BOTAN_HAS_X931_RNG)
rng = new ANSI_X931_RNG("AES-256", rng);
diff --git a/src/kdf/pbkdf2/pbkdf2.cpp b/src/kdf/pbkdf2/pbkdf2.cpp
index 09d51d2a6..baa227526 100644
--- a/src/kdf/pbkdf2/pbkdf2.cpp
+++ b/src/kdf/pbkdf2/pbkdf2.cpp
@@ -5,8 +5,6 @@
#include <botan/pbkdf2.h>
#include <botan/loadstor.h>
-#include <botan/hmac.h>
-#include <botan/lookup.h>
#include <botan/xor_buf.h>
namespace Botan {
@@ -25,9 +23,7 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len,
if(passphrase.length() == 0)
throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid");
- HMAC hmac(hash_name);
-
- hmac.set_key(reinterpret_cast<const byte*>(passphrase.data()),
+ mac->set_key(reinterpret_cast<const byte*>(passphrase.data()),
passphrase.length());
SecureVector<byte> key(key_len);
@@ -37,19 +33,19 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len,
u32bit counter = 1;
while(key_len)
{
- u32bit T_size = std::min(hmac.OUTPUT_LENGTH, key_len);
- SecureVector<byte> U(hmac.OUTPUT_LENGTH);
+ u32bit T_size = std::min(mac->OUTPUT_LENGTH, key_len);
+ SecureVector<byte> U(mac->OUTPUT_LENGTH);
- hmac.update(salt, salt_size);
+ mac->update(salt, salt_size);
for(u32bit j = 0; j != 4; ++j)
- hmac.update(get_byte(j, counter));
- hmac.final(U);
+ mac->update(get_byte(j, counter));
+ mac->final(U);
xor_buf(T, U, T_size);
for(u32bit j = 1; j != iterations; ++j)
{
- hmac.update(U);
- hmac.final(U);
+ mac->update(U);
+ mac->final(U);
xor_buf(T, U, T_size);
}
@@ -66,16 +62,19 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len,
*************************************************/
std::string PKCS5_PBKDF2::name() const
{
- return "PBKDF2(" + hash_name + ")";
+ return "PBKDF2(" + mac->name() + ")";
+ }
+
+S2K* PKCS5_PBKDF2::clone() const
+ {
+ return new PKCS5_PBKDF2(mac->clone());
}
/*************************************************
* PKCS5_PBKDF2 Constructor *
*************************************************/
-PKCS5_PBKDF2::PKCS5_PBKDF2(const std::string& h_name) : hash_name(h_name)
- {
- if(!have_hash(hash_name))
- throw Algorithm_Not_Found(hash_name);
- }
+PKCS5_PBKDF2::PKCS5_PBKDF2(MessageAuthenticationCode* m) : mac(m) {}
+
+PKCS5_PBKDF2::~PKCS5_PBKDF2() { delete mac; }
}
diff --git a/src/kdf/pbkdf2/pbkdf2.h b/src/kdf/pbkdf2/pbkdf2.h
index dc6e41b9e..c0f0229ff 100644
--- a/src/kdf/pbkdf2/pbkdf2.h
+++ b/src/kdf/pbkdf2/pbkdf2.h
@@ -7,6 +7,7 @@
#define BOTAN_PBKDF2_H__
#include <botan/s2k.h>
+#include <botan/base.h>
namespace Botan {
@@ -17,12 +18,15 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K
{
public:
std::string name() const;
- S2K* clone() const { return new PKCS5_PBKDF2(hash_name); }
- PKCS5_PBKDF2(const std::string&);
+ S2K* clone() const;
+
+ PKCS5_PBKDF2(MessageAuthenticationCode* m);
+ ~PKCS5_PBKDF2();
private:
OctetString derive(u32bit, const std::string&,
const byte[], u32bit, u32bit) const;
- const std::string hash_name;
+
+ MessageAuthenticationCode* mac;
};
}
diff --git a/src/kdf/tlsv1/prf_tls.cpp b/src/kdf/tlsv1/prf_tls.cpp
index e035ac85e..8f7063f9f 100644
--- a/src/kdf/tlsv1/prf_tls.cpp
+++ b/src/kdf/tlsv1/prf_tls.cpp
@@ -4,13 +4,29 @@
*************************************************/
#include <botan/prf_tls.h>
-#include <botan/lookup.h>
#include <botan/xor_buf.h>
#include <botan/hmac.h>
+#include <botan/md5.h>
+#include <botan/sha160.h>
namespace Botan {
/*************************************************
+* TLS PRF Constructor and Destructor *
+*************************************************/
+TLS_PRF::TLS_PRF()
+ {
+ hmac_md5 = new HMAC(new MD5);
+ hmac_sha1 = new HMAC(new SHA_160);
+ }
+
+TLS_PRF::~TLS_PRF()
+ {
+ delete hmac_md5;
+ delete hmac_sha1;
+ }
+
+/*************************************************
* TLS PRF *
*************************************************/
SecureVector<byte> TLS_PRF::derive(u32bit key_len,
@@ -23,8 +39,8 @@ SecureVector<byte> TLS_PRF::derive(u32bit key_len,
const byte* S2 = secret + (secret_len - S2_len);
SecureVector<byte> key1, key2;
- key1 = P_hash("MD5", key_len, S1, S1_len, seed, seed_len);
- key2 = P_hash("SHA-1", key_len, S2, S2_len, seed, seed_len);
+ key1 = P_hash(hmac_md5, key_len, S1, S1_len, seed, seed_len);
+ key2 = P_hash(hmac_sha1, key_len, S2, S2_len, seed, seed_len);
xor_buf(key1.begin(), key2.begin(), key2.size());
@@ -34,25 +50,25 @@ SecureVector<byte> TLS_PRF::derive(u32bit key_len,
/*************************************************
* TLS PRF P_hash function *
*************************************************/
-SecureVector<byte> TLS_PRF::P_hash(const std::string& hash, u32bit len,
+SecureVector<byte> TLS_PRF::P_hash(MessageAuthenticationCode* mac,
+ u32bit len,
const byte secret[], u32bit secret_len,
- const byte seed[], u32bit seed_len) const
+ const byte seed[], u32bit seed_len)
{
SecureVector<byte> out;
- HMAC hmac(hash);
- hmac.set_key(secret, secret_len);
+ mac->set_key(secret, secret_len);
SecureVector<byte> A(seed, seed_len);
while(len)
{
- const u32bit this_block_len = std::min(hmac.OUTPUT_LENGTH, len);
+ const u32bit this_block_len = std::min(mac->OUTPUT_LENGTH, len);
- A = hmac.process(A);
+ A = mac->process(A);
- hmac.update(A);
- hmac.update(seed, seed_len);
- SecureVector<byte> block = hmac.final();
+ mac->update(A);
+ mac->update(seed, seed_len);
+ SecureVector<byte> block = mac->final();
out.append(block, this_block_len);
len -= this_block_len;
diff --git a/src/kdf/tlsv1/prf_tls.h b/src/kdf/tlsv1/prf_tls.h
index 7d7134740..9bd221ca4 100644
--- a/src/kdf/tlsv1/prf_tls.h
+++ b/src/kdf/tlsv1/prf_tls.h
@@ -7,6 +7,7 @@
#define BOTAN_TLS_PRF__
#include <botan/kdf.h>
+#include <botan/base.h>
namespace Botan {
@@ -18,10 +19,17 @@ class BOTAN_DLL TLS_PRF : public KDF
public:
SecureVector<byte> derive(u32bit, const byte[], u32bit,
const byte[], u32bit) const;
+
+ TLS_PRF();
+ ~TLS_PRF();
private:
- SecureVector<byte> P_hash(const std::string&, u32bit,
- const byte[], u32bit,
- const byte[], u32bit) const;
+ static SecureVector<byte> P_hash(MessageAuthenticationCode*,
+ u32bit,
+ const byte[], u32bit,
+ const byte[], u32bit);
+
+ MessageAuthenticationCode* hmac_md5;
+ MessageAuthenticationCode* hmac_sha1;
};
}
diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp
index d5275b0ed..de9a3c17d 100644
--- a/src/mac/cbc_mac/cbc_mac.cpp
+++ b/src/mac/cbc_mac/cbc_mac.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/cbc_mac.h>
-#include <botan/lookup.h>
#include <botan/xor_buf.h>
#include <algorithm>
@@ -81,20 +80,19 @@ std::string CBC_MAC::name() const
*************************************************/
MessageAuthenticationCode* CBC_MAC::clone() const
{
- return new CBC_MAC(e->name());
+ return new CBC_MAC(e->clone());
}
/*************************************************
* CBC-MAC Constructor *
*************************************************/
-CBC_MAC::CBC_MAC(const std::string& cipher) :
- MessageAuthenticationCode(block_size_of(cipher),
- min_keylength_of(cipher),
- max_keylength_of(cipher),
- keylength_multiple_of(cipher)),
- state(block_size_of(cipher))
+CBC_MAC::CBC_MAC(BlockCipher* e_in) :
+ MessageAuthenticationCode(e_in->BLOCK_SIZE,
+ e_in->MINIMUM_KEYLENGTH,
+ e_in->MAXIMUM_KEYLENGTH,
+ e_in->KEYLENGTH_MULTIPLE),
+ e(e_in), state(e->BLOCK_SIZE)
{
- e = get_block_cipher(cipher);
position = 0;
}
diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h
index a5646d07a..9559751c8 100644
--- a/src/mac/cbc_mac/cbc_mac.h
+++ b/src/mac/cbc_mac/cbc_mac.h
@@ -19,7 +19,8 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode
void clear() throw();
std::string name() const;
MessageAuthenticationCode* clone() const;
- CBC_MAC(const std::string&);
+
+ CBC_MAC(BlockCipher* e);
~CBC_MAC();
private:
void add_data(const byte[], u32bit);
diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp
index d3110f9f2..937c15c63 100644
--- a/src/mac/cmac/cmac.cpp
+++ b/src/mac/cmac/cmac.cpp
@@ -149,4 +149,12 @@ CMAC::CMAC(BlockCipher* e_in) :
position = 0;
}
+/*************************************************
+* CMAC Destructor *
+*************************************************/
+CMAC::~CMAC()
+ {
+ delete e;
+ }
+
}
diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h
index 0fe5b75f8..b8af593e3 100644
--- a/src/mac/cmac/cmac.h
+++ b/src/mac/cmac/cmac.h
@@ -24,7 +24,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode
byte polynomial);
CMAC(BlockCipher* e);
- ~CMAC() { delete e; }
+ ~CMAC();
private:
void add_data(const byte[], u32bit);
void final_result(byte[]);
diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp
index b8c76e8f6..6401b0000 100644
--- a/src/mac/hmac/hmac.cpp
+++ b/src/mac/hmac/hmac.cpp
@@ -5,7 +5,6 @@
*************************************************/
#include <botan/hmac.h>
-#include <botan/lookup.h>
#include <botan/xor_buf.h>
namespace Botan {
@@ -77,19 +76,20 @@ std::string HMAC::name() const
*************************************************/
MessageAuthenticationCode* HMAC::clone() const
{
- return new HMAC(hash->name());
+ return new HMAC(hash->clone());
}
/*************************************************
* HMAC Constructor *
*************************************************/
-HMAC::HMAC(const std::string& hash_name) :
- MessageAuthenticationCode(output_length_of(hash_name),
- 1, 2*block_size_of(hash_name)),
- hash(get_hash(hash_name))
+HMAC::HMAC(HashFunction* hash_in) :
+ MessageAuthenticationCode(hash_in->OUTPUT_LENGTH,
+ 1, 2*hash_in->HASH_BLOCK_SIZE),
+ hash(hash_in)
{
if(hash->HASH_BLOCK_SIZE == 0)
throw Invalid_Argument("HMAC cannot be used with " + hash->name());
+
i_key.create(hash->HASH_BLOCK_SIZE);
o_key.create(hash->HASH_BLOCK_SIZE);
}
diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h
index 62529cf13..67ebc4190 100644
--- a/src/mac/hmac/hmac.h
+++ b/src/mac/hmac/hmac.h
@@ -19,7 +19,8 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode
void clear() throw();
std::string name() const;
MessageAuthenticationCode* clone() const;
- HMAC(const std::string&);
+
+ HMAC(HashFunction* hash);
~HMAC() { delete hash; }
private:
void add_data(const byte[], u32bit);
diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp
index b0c505939..12e9cca01 100644
--- a/src/pk_pad/emsa1/emsa1.cpp
+++ b/src/pk_pad/emsa1/emsa1.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/emsa1.h>
-#include <botan/lookup.h>
namespace Botan {
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index 69ef3b9e7..d7d1763ec 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/randpool.h>
-#include <botan/lookup.h>
#include <botan/loadstor.h>
#include <botan/xor_buf.h>
#include <botan/util.h>
@@ -180,13 +179,15 @@ std::string Randpool::name() const
/*************************************************
* Randpool Constructor *
*************************************************/
-Randpool::Randpool(const std::string& cipher_name,
- const std::string& mac_name) :
- ITERATIONS_BEFORE_RESEED(128), POOL_BLOCKS(32)
+Randpool::Randpool(BlockCipher* cipher_in,
+ MessageAuthenticationCode* mac_in,
+ u32bit pool_blocks,
+ u32bit iter_before_reseed) :
+ ITERATIONS_BEFORE_RESEED(iter_before_reseed),
+ POOL_BLOCKS(pool_blocks),
+ cipher(cipher_in),
+ mac(mac_in)
{
- cipher = get_block_cipher(cipher_name);
- mac = get_mac(mac_name);
-
const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE;
const u32bit OUTPUT_LENGTH = mac->OUTPUT_LENGTH;
@@ -197,7 +198,7 @@ Randpool::Randpool(const std::string& cipher_name,
delete cipher;
delete mac;
throw Internal_Error("Randpool: Invalid algorithm combination " +
- cipher_name + "/" + mac_name);
+ cipher->name() + "/" + mac->name());
}
buffer.create(BLOCK_SIZE);
diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h
index b68dec765..16ffcefd6 100644
--- a/src/rng/randpool/randpool.h
+++ b/src/rng/randpool/randpool.h
@@ -27,13 +27,16 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator
void add_entropy_source(EntropySource*);
void add_entropy(const byte[], u32bit);
- Randpool(const std::string&, const std::string&);
+ Randpool(BlockCipher*, MessageAuthenticationCode*,
+ u32bit pool_blocks = 32,
+ u32bit iterations_before_reseed = 128);
+
~Randpool();
private:
void update_buffer();
void mix_pool();
- const u32bit ITERATIONS_BEFORE_RESEED, POOL_BLOCKS;
+ u32bit ITERATIONS_BEFORE_RESEED, POOL_BLOCKS;
BlockCipher* cipher;
MessageAuthenticationCode* mac;