Merge GH #507 Add PKCS #11 support. Previous merge 360a3a5 missed later commits

10 files changed, 38 insertions, 67 deletions

diff --git a/configure.py b/configure.py
index 1d2e7f21b..094768b0b 100755
--- a/configure.py
+++ b/configure.py
@@ -1179,31 +1179,17 @@ def gen_makefile_lists(var, build_config, options, modules, cc, arch, osinfo):
     Form snippets of makefile for building each source file
     """
     def build_commands(sources, obj_dir, flags):
-        if options.with_external_includedir:
-            for (obj_file,src) in zip(objectfile_list(sources, obj_dir), sources):
-                yield '%s: %s\n\t$(CXX)%s $(%s_FLAGS) %s%s %s%s %s %s %s$@\n' % (
-                    obj_file, src,
-                    isa_specific_flags(cc, src),
-                    flags,
-                    cc.add_include_dir_option,
-                    build_config.include_dir,
-                    cc.add_include_dir_option,
-                    options.with_external_includedir,
-                    cc.compile_flags,
-                    src,
-                    cc.output_to_option)
-        else:
-            for (obj_file,src) in zip(objectfile_list(sources, obj_dir), sources):
-                yield '%s: %s\n\t$(CXX)%s $(%s_FLAGS) %s%s %s %s %s$@\n' % (
-                    obj_file, src,
-                    isa_specific_flags(cc, src),
-                    flags,
-                    cc.add_include_dir_option,
-                    build_config.include_dir,
-                    cc.compile_flags,
-                    src,
-                    cc.output_to_option)
-
+        includes = cc.add_include_dir_option + build_config.include_dir
+        includes+= ' ' + cc.add_include_dir_option + options.with_external_includedir if options.with_external_includedir else ''
+        for (obj_file,src) in zip(objectfile_list(sources, obj_dir), sources):
+            yield '%s: %s\n\t$(CXX)%s $(%s_FLAGS) %s %s %s %s$@\n' % (
+                obj_file, src,
+                isa_specific_flags(cc, src),
+                flags,
+                includes,
+                cc.compile_flags,
+                src,
+                cc.output_to_option)
 
     for t in ['lib', 'cli', 'test']:
         obj_key = '%s_objs' % (t)
diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp
index 4382b8c2b..0c3e879d9 100644
--- a/src/lib/prov/pkcs11/p11_ecc_key.cpp
+++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp
@@ -40,7 +40,7 @@ EC_PublicKeyImportProperties::EC_PublicKeyImportProperties(const std::vector<byt
    }
 
 PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, ObjectHandle handle)
-   : EC_PublicKey(), Object(session, handle)
+   : Object(session, handle)
    {
    secure_vector<byte> ec_parameters = get_attribute_value(AttributeType::EcParams);
    m_domain_params = EC_Group(unlock(ec_parameters));
diff --git a/src/lib/prov/pkcs11/p11_ecdh.cpp b/src/lib/prov/pkcs11/p11_ecdh.cpp
index 82c1716af..de24d6da4 100644
--- a/src/lib/prov/pkcs11/p11_ecdh.cpp
+++ b/src/lib/prov/pkcs11/p11_ecdh.cpp
@@ -15,12 +15,7 @@
 #include <botan/der_enc.h>
 #include <botan/internal/algo_registry.h>
 #include <botan/internal/pk_utils.h>
-
-#if defined(BOTAN_HAS_SYSTEM_RNG)
-   #include <botan/system_rng.h>
-#else
-   #include <botan/auto_rng.h>
-#endif
+#include <botan/rng.h>
 
 namespace Botan {
 
@@ -33,14 +28,9 @@ ECDH_PublicKey PKCS11_ECDH_PublicKey::export_key() const
 
 ECDH_PrivateKey PKCS11_ECDH_PrivateKey::export_key() const
    {
-
-#if defined(BOTAN_HAS_SYSTEM_RNG)
-   System_RNG rng;
-#else
-   AutoSeeded_RNG rng;
-#endif
    auto priv_key = get_attribute_value(AttributeType::Value);
 
+   Null_RNG rng;
    return ECDH_PrivateKey(rng, domain(), BigInt::decode(priv_key));
    }
 
diff --git a/src/lib/prov/pkcs11/p11_ecdh.h b/src/lib/prov/pkcs11/p11_ecdh.h
index 9a73be1c5..749a00d52 100644
--- a/src/lib/prov/pkcs11/p11_ecdh.h
+++ b/src/lib/prov/pkcs11/p11_ecdh.h
@@ -33,7 +33,7 @@ class BOTAN_DLL PKCS11_ECDH_PublicKey final : public PKCS11_EC_PublicKey
       * @param handle the handle of the ECDH public key
       */
       PKCS11_ECDH_PublicKey(Session& session, ObjectHandle handle)
-         : PKCS11_EC_PublicKey(session, handle)
+         : EC_PublicKey(), PKCS11_EC_PublicKey(session, handle)
          {}
 
       /**
@@ -42,7 +42,7 @@ class BOTAN_DLL PKCS11_ECDH_PublicKey final : public PKCS11_EC_PublicKey
       * @param props the attributes of the public key
       */
       PKCS11_ECDH_PublicKey(Session& session, const EC_PublicKeyImportProperties& props)
-         : PKCS11_EC_PublicKey(session, props)
+         : EC_PublicKey(), PKCS11_EC_PublicKey(session, props)
          {}
 
       inline std::string algo_name() const override
diff --git a/src/lib/prov/pkcs11/p11_ecdsa.cpp b/src/lib/prov/pkcs11/p11_ecdsa.cpp
index 4aeacda72..078bc429d 100644
--- a/src/lib/prov/pkcs11/p11_ecdsa.cpp
+++ b/src/lib/prov/pkcs11/p11_ecdsa.cpp
@@ -14,12 +14,7 @@
 #include <botan/internal/algo_registry.h>
 #include <botan/internal/pk_utils.h>
 #include <botan/keypair.h>
-
-#if defined(BOTAN_HAS_SYSTEM_RNG)
-   #include <botan/system_rng.h>
-#else
-   #include <botan/auto_rng.h>
-#endif
+#include <botan/rng.h>
 
 namespace Botan {
 namespace PKCS11 {
@@ -47,14 +42,9 @@ bool PKCS11_ECDSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong)
 
 ECDSA_PrivateKey PKCS11_ECDSA_PrivateKey::export_key() const
    {
-
-#if defined(BOTAN_HAS_SYSTEM_RNG)
-   System_RNG rng;
-#else
-   AutoSeeded_RNG rng;
-#endif
    auto priv_key = get_attribute_value(AttributeType::Value);
 
+   Null_RNG rng;
    return ECDSA_PrivateKey(rng, domain(), BigInt::decode(priv_key));
    }
 
diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h
index 2ac59e028..d3d07a780 100644
--- a/src/lib/prov/pkcs11/p11_ecdsa.h
+++ b/src/lib/prov/pkcs11/p11_ecdsa.h
@@ -31,7 +31,7 @@ class BOTAN_DLL PKCS11_ECDSA_PublicKey final : public PKCS11_EC_PublicKey, publi
       * @param handle the handle of the ECDSA public key
       */
       PKCS11_ECDSA_PublicKey(Session& session, ObjectHandle handle)
-         : PKCS11_EC_PublicKey(session, handle)
+         : EC_PublicKey(), PKCS11_EC_PublicKey(session, handle)
          {}
 
       /**
@@ -40,7 +40,7 @@ class BOTAN_DLL PKCS11_ECDSA_PublicKey final : public PKCS11_EC_PublicKey, publi
       * @param props the attributes of the public key
       */
       PKCS11_ECDSA_PublicKey(Session& session, const EC_PublicKeyImportProperties& props)
-         : PKCS11_EC_PublicKey(session, props)
+         : EC_PublicKey(), PKCS11_EC_PublicKey(session, props)
          {}
 
       inline std::string algo_name() const override
diff --git a/src/lib/prov/pkcs11/p11_mechanism.cpp b/src/lib/prov/pkcs11/p11_mechanism.cpp
index b3cc1c83b..07ac00770 100644
--- a/src/lib/prov/pkcs11/p11_mechanism.cpp
+++ b/src/lib/prov/pkcs11/p11_mechanism.cpp
@@ -7,8 +7,8 @@
 */
 
 #include <botan/internal/p11_mechanism.h>
-#include <botan/rfc6979.h>
 #include <botan/scan_name.h>
+#include <botan/emsa.h>
 
 #include <tuple>
 
@@ -208,7 +208,7 @@ MechanismWrapper MechanismWrapper::create_ecdsa_mechanism(const std::string& has
 
    if(hash_name != "Raw")
       {
-      hash_name = hash_for_deterministic_signature(hash);
+      hash_name = hash_for_emsa(hash);
       }
 
    auto mechanism_type = EcdsaHash.find(hash_name);
diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp
index 331e1d0a7..9e5675301 100644
--- a/src/lib/prov/pkcs11/p11_rsa.cpp
+++ b/src/lib/prov/pkcs11/p11_rsa.cpp
@@ -163,12 +163,7 @@ class PKCS11_RSA_Decryption_Operation : public PK_Ops::Decryption
          // Unblind for RSA/RAW decryption
          if(!m_mechanism.padding_size())
             {
-            secure_vector<byte> unblinded_data = BigInt::encode_locked(m_blinder.unblind(BigInt::decode(decrypted_data)));
-
-            // pad possible leading zeros that were stripped off during conversion to BigInt
-            secure_vector<byte> padded_result(m_key.get_n().bits() / 8 - unblinded_data.size());
-            padded_result.insert(padded_result.end(), unblinded_data.begin(), unblinded_data.end());
-            decrypted_data = padded_result;
+            decrypted_data = BigInt::encode_1363(m_blinder.unblind(BigInt::decode(decrypted_data)), m_key.get_n().bits() / 8 );
             }
 
          valid_mask = 0xFF;
diff --git a/src/tests/test_pkcs11.cpp b/src/tests/test_pkcs11.cpp
index 676e3f21a..85110cabf 100644
--- a/src/tests/test_pkcs11.cpp
+++ b/src/tests/test_pkcs11.cpp
@@ -7,6 +7,9 @@
 #include "test_pkcs11.h"
 
 namespace Botan_Tests {
+	
+#if defined(BOTAN_HAS_PKCS11)
+
 using namespace Botan;
 using namespace PKCS11;
 
@@ -39,4 +42,6 @@ std::vector<Test::Result> PKCS11_Test::run_pkcs11_tests(const std::string& name,
    return results;
    }
 
+#endif
+
 }
diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp
index f68203496..3be2b7268 100644
--- a/src/tests/test_pkcs11_high_level.cpp
+++ b/src/tests/test_pkcs11_high_level.cpp
@@ -26,15 +26,20 @@
    #include <botan/p11_randomgenerator.h>
 #endif
 
-#include <botan/der_enc.h>
-#include <botan/pubkey.h>
+#if defined(BOTAN_HAS_ASN1)
+   #include <botan/der_enc.h>
+#endif
 
-#if defined(BOTAN_HAS_RSA)
+#if defined (BOTAN_HAS_PUBLIC_KEY_CRYPTO)
+   #include <botan/pubkey.h>
+#endif
+
+#if defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_PKCS11) 
    #include <botan/rsa.h>
    #include <botan/p11_rsa.h>
 #endif
 
-#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO)
+#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) && defined(BOTAN_HAS_PKCS11)
    #include <botan/ecc_key.h>
    #include <botan/ecdsa.h>
    #include <botan/ecdh.h>
@@ -43,7 +48,7 @@
    #include <botan/p11_ecdsa.h>
 #endif
 
-#if defined(BOTAN_HAS_X509_CERTIFICATES)
+#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_PKCS11)
    #include <botan/p11_x509.h>
 #endif