diff options
| author | lloyd <[email protected]> | 2012-04-05 01:18:10 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-04-05 01:18:10 +0000 |
| commit | f4ae793a4af5d0c9883a2a1555a539c925982239 (patch) | |
| tree | e694abb6a5140cebdf2f16a3b493805744aee8cd | |
| parent | fedd69e75ffe23c6249d49e4d23cc1b4ae2823aa (diff) | |
| parent | cdde9a171e3fcb164e7946c198ba4d8f9ef486fb (diff) | |
propagate from branch 'net.randombit.botan' (head 91305e3daaae9ea8a1786daf058d961991c68251)
to branch 'net.randombit.botan.tls-state-machine' (head 474a00b316f5b21a4e56033d4d990d87d9d3eed6)
| -rw-r--r-- | checks/check.cpp | 2 | ||||
| -rwxr-xr-x | configure.py | 54 | ||||
| -rw-r--r-- | doc/examples/bench.cpp | 4 | ||||
| -rw-r--r-- | doc/examples/benchmark.cpp | 2 | ||||
| -rw-r--r-- | doc/examples/hash_quickly.cpp | 2 | ||||
| -rw-r--r-- | doc/log.txt | 4 | ||||
| -rw-r--r-- | src/block/camellia/camellia.cpp | 267 | ||||
| -rw-r--r-- | src/block/camellia/camellia.h | 4 | ||||
| -rw-r--r-- | src/constructs/srp6/srp6.cpp | 47 | ||||
| -rw-r--r-- | src/constructs/srp6/srp6.h | 68 | ||||
| -rw-r--r-- | src/entropy/cryptoapi_rng/es_capi.cpp | 2 | ||||
| -rw-r--r-- | src/entropy/dev_random/dev_random.cpp | 9 | ||||
| -rw-r--r-- | src/entropy/egd/es_egd.cpp | 2 | ||||
| -rw-r--r-- | src/entropy/proc_walk/es_ftw.cpp | 83 | ||||
| -rw-r--r-- | src/libstate/global_rng.cpp | 2 | ||||
| -rw-r--r-- | src/libstate/policy.cpp | 98 | ||||
| -rw-r--r-- | src/math/numbertheory/numthry.cpp | 2 | ||||
| -rw-r--r-- | src/pubkey/ec_group/ec_group.h | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.h | 1 | ||||
| -rw-r--r-- | src/pubkey/pk_algs.cpp | 14 | ||||
| -rw-r--r-- | src/pubkey/workfactor.cpp | 55 | ||||
| -rw-r--r-- | src/pubkey/workfactor.h | 2 | ||||
| -rw-r--r-- | src/rng/hmac_rng/hmac_rng.cpp | 20 | ||||
| -rw-r--r-- | src/selftest/selftest.cpp | 4 | ||||
| -rw-r--r-- | src/tls/info.txt | 2 | ||||
| -rw-r--r-- | src/wrap/python/filter.cpp | 5 |
26 files changed, 444 insertions, 315 deletions
diff --git a/checks/check.cpp b/checks/check.cpp index 4fa1160ae..e47cc543b 100644 --- a/checks/check.cpp +++ b/checks/check.cpp @@ -178,7 +178,7 @@ int main(int argc, char* argv[]) if(opts.is_set("buf-size")) { buf_size = std::atoi(opts.value("buf-size").c_str()); - if(buf_size == 0 || buf_size > 64*1024) + if(buf_size == 0 || buf_size > 1024) { std::cout << "Invalid argument to --buf-size\n"; return 2; diff --git a/configure.py b/configure.py index 3c7457113..affa56333 100755 --- a/configure.py +++ b/configure.py @@ -45,20 +45,27 @@ def get_vc_revision(): try: mtn = subprocess.Popen(['mtn', 'automate', 'heads'], stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + stderr=subprocess.PIPE, + universal_newlines=True) (stdout, stderr) = mtn.communicate() - if(stderr != ''): - logging.debug('Error getting rev from monotone - %s' % (stderr)) + if mtn.returncode != 0: + logging.debug('Error getting rev from monotone - %d (%s)' + % (mtn.returncode, stderr)) return 'unknown' - logging.debug('Monotone reported revision ' + stdout.strip()) + rev = str(stdout).strip() + logging.debug('Monotone reported revision %s' % (rev)) - return 'mtn:' + stdout.strip() + return 'mtn:' + rev except OSError as e: logging.debug('Error getting rev from monotone - %s' % (e[1])) return 'unknown' + except Exception as e: + logging.debug('Error getting rev from monotone - %s' % (e)) + return 'unknown' + class BuildConfigurationInformation(object): @@ -531,6 +538,7 @@ def force_to_dict(l): Represents the information about a particular module """ class ModuleInfo(object): + def __init__(self, infofile): lex_me_harder(infofile, self, @@ -544,21 +552,22 @@ class ModuleInfo(object): 'need_isa': None, 'mp_bits': 0 }) - if self.source == [] and \ - self.header_internal == [] and \ - self.header_public == []: - - for (dirpath, dirnames, filenames) in os.walk(self.lives_in): - if dirpath == self.lives_in: + def extract_files_matching(basedir, suffixes): + for (dirpath, dirnames, filenames) in os.walk(basedir): + if dirpath == basedir: for filename in filenames: if filename.startswith('.'): continue - if filename.endswith('.cpp') or \ - filename.endswith('.S'): - self.source.append(filename) - elif filename.endswith('.h'): - self.header_public.append(filename) + for suffix in suffixes: + if filename.endswith(suffix): + yield filename + + if self.source == []: + self.source = list(extract_files_matching(self.lives_in, ['.cpp', '.S'])) + + if self.header_internal == [] and self.header_public == []: + self.header_public = list(extract_files_matching(self.lives_in, ['.h'])) # Coerce to more useful types def convert_lib_list(l): @@ -1761,12 +1770,19 @@ def main(argv = None): def get_gcc_version(gcc_bin): try: - subproc_result = subprocess.Popen( + gcc_proc = subprocess.Popen( gcc_bin.split(' ') + ['-dumpversion'], stdout=subprocess.PIPE, - stderr=subprocess.PIPE).communicate() + stderr=subprocess.PIPE, + universal_newlines=True) + + (stdout, stderr) = gcc_proc.communicate() + + if gcc_proc.returncode != 0: + logging.warning("GCC returned non-zero result %s" % (stderr)) + return None - gcc_version = ''.join(map(str, subproc_result)).strip() + gcc_version = stdout.strip() logging.info('Detected gcc version %s' % (gcc_version)) return gcc_version diff --git a/doc/examples/bench.cpp b/doc/examples/bench.cpp index 20e6ec40b..6cfd9205f 100644 --- a/doc/examples/bench.cpp +++ b/doc/examples/bench.cpp @@ -70,11 +70,11 @@ const std::string algos[] = { void benchmark_algo(const std::string& algo, RandomNumberGenerator& rng) { - u32bit milliseconds = 3000; + u32bit milliseconds = 1000; Algorithm_Factory& af = global_state().algorithm_factory(); std::map<std::string, double> speeds = - algorithm_benchmark(algo, af, rng, milliseconds, 16*1024); + algorithm_benchmark(algo, af, rng, milliseconds, 16); std::cout << algo << ":"; diff --git a/doc/examples/benchmark.cpp b/doc/examples/benchmark.cpp index 7ad1775e2..b5adb3d4f 100644 --- a/doc/examples/benchmark.cpp +++ b/doc/examples/benchmark.cpp @@ -33,7 +33,7 @@ int main(int argc, char* argv[]) std::string algo = argv[i]; std::map<std::string, double> results = - algorithm_benchmark(algo, af, rng, ms, 16*1024); + algorithm_benchmark(algo, af, rng, ms, 16); std::cout << algo << ":\n"; for(std::map<std::string, double>::iterator r = results.begin(); diff --git a/doc/examples/hash_quickly.cpp b/doc/examples/hash_quickly.cpp index 005a6d719..a18ab4fa6 100644 --- a/doc/examples/hash_quickly.cpp +++ b/doc/examples/hash_quickly.cpp @@ -34,7 +34,7 @@ void set_fastest_implementation(const std::string& algo, Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); std::map<std::string, double> results = - Botan::algorithm_benchmark(algo, af, rng, ms, 16*1024); + Botan::algorithm_benchmark(algo, af, rng, ms, 16); std::string fastest_provider = ""; double best_res = 0; diff --git a/doc/log.txt b/doc/log.txt index 38944227b..478b27a94 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -10,6 +10,10 @@ Series 1.10 Version 1.10.2, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* The SSL/TLS code is disabled by default in this release. A new + version is being developed and the current iteration should not be + used unless needed for existing code. + * Add the Camellia block cipher * An implementation of SRP-6a compatible with the specification in diff --git a/src/block/camellia/camellia.cpp b/src/block/camellia/camellia.cpp index 30e638451..054558c35 100644 --- a/src/block/camellia/camellia.cpp +++ b/src/block/camellia/camellia.cpp @@ -115,52 +115,30 @@ void Camellia::encrypt_n(const byte in[], byte out[], size_t blocks) const u64bit D1 = load_be<u64bit>(in, 0); u64bit D2 = load_be<u64bit>(in, 1); - D1 ^= K[0]; - D2 ^= K[1]; - D2 ^= F(D1, K[2]); - D1 ^= F(D2, K[3]); - D2 ^= F(D1, K[4]); - D1 ^= F(D2, K[5]); - D2 ^= F(D1, K[6]); - D1 ^= F(D2, K[7]); - D1 = FL (D1, K[8]); - D2 = FLINV(D2, K[9]); - - D2 ^= F(D1, K[10]); - D1 ^= F(D2, K[11]); - D2 ^= F(D1, K[12]); - D1 ^= F(D2, K[13]); - D2 ^= F(D1, K[14]); - D1 ^= F(D2, K[15]); - D1 = FL (D1, K[16]); - D2 = FLINV(D2, K[17]); - - D2 ^= F(D1, K[18]); - D1 ^= F(D2, K[19]); - D2 ^= F(D1, K[20]); - D1 ^= F(D2, K[21]); - D2 ^= F(D1, K[22]); - D1 ^= F(D2, K[23]); - - if(K.size() == 34) - { - D1 = FL (D1, K[24]); - D2 = FLINV(D2, K[25]); - D2 ^= F(D1, K[26]); - D1 ^= F(D2, K[27]); - D2 ^= F(D1, K[28]); - D1 ^= F(D2, K[29]); - D2 ^= F(D1, K[30]); - D1 ^= F(D2, K[31]); - D2 ^= K[32]; - D1 ^= K[33]; - } - else + const u64bit* K = &SK[0]; + + D1 ^= *K++; + D2 ^= *K++; + + while(true) { - D2 ^= K[24]; - D1 ^= K[25]; + D2 ^= F(D1, *K++); + D1 ^= F(D2, *K++); + D2 ^= F(D1, *K++); + D1 ^= F(D2, *K++); + D2 ^= F(D1, *K++); + D1 ^= F(D2, *K++); + + if(K == &SK[SK.size()-2]) + break; + + D1 = FL (D1, *K++); + D2 = FLINV(D2, *K++); } + D2 ^= *K++; + D1 ^= *K++; + store_be(out, D2, D1); in += BLOCK_SIZE; @@ -180,52 +158,29 @@ void Camellia::decrypt_n(const byte in[], byte out[], size_t blocks) const u64bit D1 = load_be<u64bit>(in, 0); u64bit D2 = load_be<u64bit>(in, 1); - if(K.size() == 34) - { - D1 ^= K[32]; - D2 ^= K[33]; - - D2 ^= F(D1, K[31]); - D1 ^= F(D2, K[30]); - D2 ^= F(D1, K[29]); - D1 ^= F(D2, K[28]); - D2 ^= F(D1, K[27]); - D1 ^= F(D2, K[26]); - D1 = FL (D1, K[25]); - D2 = FLINV(D2, K[24]); - } - else + const u64bit* K = &SK[SK.size()-1]; + + D2 ^= *K--; + D1 ^= *K--; + + while(true) { - D1 ^= K[24]; - D2 ^= K[25]; + D2 ^= F(D1, *K--); + D1 ^= F(D2, *K--); + D2 ^= F(D1, *K--); + D1 ^= F(D2, *K--); + D2 ^= F(D1, *K--); + D1 ^= F(D2, *K--); + + if(K == &SK[1]) + break; + + D1 = FL (D1, *K--); + D2 = FLINV(D2, *K--); } - D2 ^= F(D1, K[23]); - D1 ^= F(D2, K[22]); - D2 ^= F(D1, K[21]); - D1 ^= F(D2, K[20]); - D2 ^= F(D1, K[19]); - D1 ^= F(D2, K[18]); - D1 = FL (D1, K[17]); - D2 = FLINV(D2, K[16]); - - D2 ^= F(D1, K[15]); - D1 ^= F(D2, K[14]); - D2 ^= F(D1, K[13]); - D1 ^= F(D2, K[12]); - D2 ^= F(D1, K[11]); - D1 ^= F(D2, K[10]); - D1 = FL (D1, K[ 9]); - D2 = FLINV(D2, K[ 8]); - - D2 ^= F(D1, K[ 7]); - D1 ^= F(D2, K[ 6]); - D2 ^= F(D1, K[ 5]); - D1 ^= F(D2, K[ 4]); - D2 ^= F(D1, K[ 3]); - D1 ^= F(D2, K[ 2]); - D2 ^= K[0]; - D1 ^= K[1]; + D1 ^= *K--; + D2 ^= *K; store_be(out, D2, D1); @@ -277,79 +232,79 @@ void Camellia::key_schedule(const byte key[], size_t length) if(length == 16) { - K.resize(26); - - K[ 0] = KL_H; - K[ 1] = KL_L; - K[ 2] = KA_H; - K[ 3] = KA_L; - K[ 4] = left_rot_hi(KL_H, KL_L, 15); - K[ 5] = left_rot_lo(KL_H, KL_L, 15); - K[ 6] = left_rot_hi(KA_H, KA_L, 15); - K[ 7] = left_rot_lo(KA_H, KA_L, 15); - K[ 8] = left_rot_hi(KA_H, KA_L, 30); - K[ 9] = left_rot_lo(KA_H, KA_L, 30); - K[10] = left_rot_hi(KL_H, KL_L, 45); - K[11] = left_rot_lo(KL_H, KL_L, 45); - K[12] = left_rot_hi(KA_H, KA_L, 45); - K[13] = left_rot_lo(KL_H, KL_L, 60); - K[14] = left_rot_hi(KA_H, KA_L, 60); - K[15] = left_rot_lo(KA_H, KA_L, 60); - K[16] = left_rot_lo(KL_H, KL_L, 77-64); - K[17] = left_rot_hi(KL_H, KL_L, 77-64); - K[18] = left_rot_lo(KL_H, KL_L, 94-64); - K[19] = left_rot_hi(KL_H, KL_L, 94-64); - K[20] = left_rot_lo(KA_H, KA_L, 94-64); - K[21] = left_rot_hi(KA_H, KA_L, 94-64); - K[22] = left_rot_lo(KL_H, KL_L, 111-64); - K[23] = left_rot_hi(KL_H, KL_L, 111-64); - K[24] = left_rot_lo(KA_H, KA_L, 111-64); - K[25] = left_rot_hi(KA_H, KA_L, 111-64); + SK.resize(26); + + SK[ 0] = KL_H; + SK[ 1] = KL_L; + SK[ 2] = KA_H; + SK[ 3] = KA_L; + SK[ 4] = left_rot_hi(KL_H, KL_L, 15); + SK[ 5] = left_rot_lo(KL_H, KL_L, 15); + SK[ 6] = left_rot_hi(KA_H, KA_L, 15); + SK[ 7] = left_rot_lo(KA_H, KA_L, 15); + SK[ 8] = left_rot_hi(KA_H, KA_L, 30); + SK[ 9] = left_rot_lo(KA_H, KA_L, 30); + SK[10] = left_rot_hi(KL_H, KL_L, 45); + SK[11] = left_rot_lo(KL_H, KL_L, 45); + SK[12] = left_rot_hi(KA_H, KA_L, 45); + SK[13] = left_rot_lo(KL_H, KL_L, 60); + SK[14] = left_rot_hi(KA_H, KA_L, 60); + SK[15] = left_rot_lo(KA_H, KA_L, 60); + SK[16] = left_rot_lo(KL_H, KL_L, 77-64); + SK[17] = left_rot_hi(KL_H, KL_L, 77-64); + SK[18] = left_rot_lo(KL_H, KL_L, 94-64); + SK[19] = left_rot_hi(KL_H, KL_L, 94-64); + SK[20] = left_rot_lo(KA_H, KA_L, 94-64); + SK[21] = left_rot_hi(KA_H, KA_L, 94-64); + SK[22] = left_rot_lo(KL_H, KL_L, 111-64); + SK[23] = left_rot_hi(KL_H, KL_L, 111-64); + SK[24] = left_rot_lo(KA_H, KA_L, 111-64); + SK[25] = left_rot_hi(KA_H, KA_L, 111-64); } else { - K.resize(34); - - K[ 0] = KL_H; - K[ 1] = KL_L; - K[ 2] = KB_H; - K[ 3] = KB_L; - - K[ 4] = left_rot_hi(KR_H, KR_L, 15); - K[ 5] = left_rot_lo(KR_H, KR_L, 15); - K[ 6] = left_rot_hi(KA_H, KA_L, 15); - K[ 7] = left_rot_lo(KA_H, KA_L, 15); - - K[ 8] = left_rot_hi(KR_H, KR_L, 30); - K[ 9] = left_rot_lo(KR_H, KR_L, 30); - K[10] = left_rot_hi(KB_H, KB_L, 30); - K[11] = left_rot_lo(KB_H, KB_L, 30); - - K[12] = left_rot_hi(KL_H, KL_L, 45); - K[13] = left_rot_lo(KL_H, KL_L, 45); - K[14] = left_rot_hi(KA_H, KA_L, 45); - K[15] = left_rot_lo(KA_H, KA_L, 45); - - K[16] = left_rot_hi(KL_H, KL_L, 60); - K[17] = left_rot_lo(KL_H, KL_L, 60); - K[18] = left_rot_hi(KR_H, KR_L, 60); - K[19] = left_rot_lo(KR_H, KR_L, 60); - K[20] = left_rot_hi(KB_H, KB_L, 60); - K[21] = left_rot_lo(KB_H, KB_L, 60); - - K[22] = left_rot_lo(KL_H, KL_L, 77-64); - K[23] = left_rot_hi(KL_H, KL_L, 77-64); - K[24] = left_rot_lo(KA_H, KA_L, 77-64); - K[25] = left_rot_hi(KA_H, KA_L, 77-64); - - K[26] = left_rot_lo(KR_H, KR_L, 94-64); - K[27] = left_rot_hi(KR_H, KR_L, 94-64); - K[28] = left_rot_lo(KA_H, KA_L, 94-64); - K[29] = left_rot_hi(KA_H, KA_L, 94-64); - K[30] = left_rot_lo(KL_H, KL_L, 111-64); - K[31] = left_rot_hi(KL_H, KL_L, 111-64); - K[32] = left_rot_lo(KB_H, KB_L, 111-64); - K[33] = left_rot_hi(KB_H, KB_L, 111-64); + SK.resize(34); + + SK[ 0] = KL_H; + SK[ 1] = KL_L; + SK[ 2] = KB_H; + SK[ 3] = KB_L; + + SK[ 4] = left_rot_hi(KR_H, KR_L, 15); + SK[ 5] = left_rot_lo(KR_H, KR_L, 15); + SK[ 6] = left_rot_hi(KA_H, KA_L, 15); + SK[ 7] = left_rot_lo(KA_H, KA_L, 15); + + SK[ 8] = left_rot_hi(KR_H, KR_L, 30); + SK[ 9] = left_rot_lo(KR_H, KR_L, 30); + SK[10] = left_rot_hi(KB_H, KB_L, 30); + SK[11] = left_rot_lo(KB_H, KB_L, 30); + + SK[12] = left_rot_hi(KL_H, KL_L, 45); + SK[13] = left_rot_lo(KL_H, KL_L, 45); + SK[14] = left_rot_hi(KA_H, KA_L, 45); + SK[15] = left_rot_lo(KA_H, KA_L, 45); + + SK[16] = left_rot_hi(KL_H, KL_L, 60); + SK[17] = left_rot_lo(KL_H, KL_L, 60); + SK[18] = left_rot_hi(KR_H, KR_L, 60); + SK[19] = left_rot_lo(KR_H, KR_L, 60); + SK[20] = left_rot_hi(KB_H, KB_L, 60); + SK[21] = left_rot_lo(KB_H, KB_L, 60); + + SK[22] = left_rot_lo(KL_H, KL_L, 77-64); + SK[23] = left_rot_hi(KL_H, KL_L, 77-64); + SK[24] = left_rot_lo(KA_H, KA_L, 77-64); + SK[25] = left_rot_hi(KA_H, KA_L, 77-64); + + SK[26] = left_rot_lo(KR_H, KR_L, 94-64); + SK[27] = left_rot_hi(KR_H, KR_L, 94-64); + SK[28] = left_rot_lo(KA_H, KA_L, 94-64); + SK[29] = left_rot_hi(KA_H, KA_L, 94-64); + SK[30] = left_rot_lo(KL_H, KL_L, 111-64); + SK[31] = left_rot_hi(KL_H, KL_L, 111-64); + SK[32] = left_rot_lo(KB_H, KB_L, 111-64); + SK[33] = left_rot_hi(KB_H, KB_L, 111-64); } } diff --git a/src/block/camellia/camellia.h b/src/block/camellia/camellia.h index 7795f1fcf..aaf3ad9e3 100644 --- a/src/block/camellia/camellia.h +++ b/src/block/camellia/camellia.h @@ -21,13 +21,13 @@ class BOTAN_DLL Camellia : public Block_Cipher_Fixed_Params<16, 16, 32, 8> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { K.clear(); } + void clear() { SK.clear(); } std::string name() const { return "Camellia"; } BlockCipher* clone() const { return new Camellia; } private: void key_schedule(const byte key[], size_t length); - SecureVector<u64bit> K; + SecureVector<u64bit> SK; }; } diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 287f0bdfb..cb9bf27bc 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -69,14 +69,37 @@ BigInt compute_x(const std::string& hash_id, } +std::string srp6_group_identifier(const BigInt& N, const BigInt& g) + { + /* + This function assumes that only one 'standard' SRP parameter set has + been defined for a particular bitsize. As of this writing that is the case. + */ + try + { + const std::string group_name = "modp/srp/" + to_string(N.bits()); + + DL_Group group(group_name); + + if(group.get_p() == N && group.get_g() == g) + return group_name; + + throw std::runtime_error("Unknown SRP params"); + } + catch(...) + { + throw Invalid_Argument("Bad SRP group parameters"); + } + } + std::pair<BigInt, SymmetricKey> -SRP6_Client_Session:: step1(const std::string& identifier, - const std::string& password, - const std::string& group_id, - const std::string& hash_id, - const MemoryRegion<byte>& salt, - const BigInt& B, - RandomNumberGenerator& rng) +srp6_client_agree(const std::string& identifier, + const std::string& password, + const std::string& group_id, + const std::string& hash_id, + const MemoryRegion<byte>& salt, + const BigInt& B, + RandomNumberGenerator& rng) { DL_Group group(group_id); const BigInt& g = group.get_g(); @@ -104,11 +127,11 @@ SRP6_Client_Session:: step1(const std::string& identifier, return std::make_pair(A, Sk); } -BigInt SRP6_Client_Session::generate_verifier(const std::string& identifier, - const std::string& password, - const MemoryRegion<byte>& salt, - const std::string& group_id, - const std::string& hash_id) +BigInt generate_srp6_verifier(const std::string& identifier, + const std::string& password, + const MemoryRegion<byte>& salt, + const std::string& group_id, + const std::string& hash_id) { const BigInt x = compute_x(hash_id, identifier, password, salt); diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h index 01bd2a4c7..bf5cb4863 100644 --- a/src/constructs/srp6/srp6.h +++ b/src/constructs/srp6/srp6.h @@ -17,44 +17,42 @@ namespace Botan { /** -* Represents a SRP-6a client session +* SRP6a Client side +* @param username the username we are attempting login for +* @param password the password we are attempting to use +* @param group_id specifies the shared SRP group +* @param hash_id specifies a secure hash function +* @param salt is the salt value sent by the server +* @param B is the server's public value +* @param rng is a random number generator +* +* @return (A,K) the client public key and the shared secret key */ -class BOTAN_DLL SRP6_Client_Session - { - public: +std::pair<BigInt,SymmetricKey> srp6_client_agree(const std::string& username, + const std::string& password, + const std::string& group_id, + const std::string& hash_id, + const MemoryRegion<byte>& salt, + const BigInt& B, + RandomNumberGenerator& rng); - /** - * Client side step 1 - * @param username the username we are attempting login for - * @param password the password we are attempting to use - * @param group_id specifies the shared SRP group - * @param hash_id specifies a secure hash function - * @param salt is the salt value sent by the server - * @param B is the server's public value - * @param rng is a random number generator - * - * @return (A,K) the client public key and the shared secret key - */ - std::pair<BigInt,SymmetricKey> step1(const std::string& username, - const std::string& password, - const std::string& group_id, - const std::string& hash_id, - const MemoryRegion<byte>& salt, - const BigInt& B, - RandomNumberGenerator& rng); +/** +* Generate a new SRP-6 verifier +* @param identifier a username or other client identifier +* @param password the secret used to authenticate user +* @param salt a randomly chosen value, at least 128 bits long +*/ +BigInt generate_srp6_verifier(const std::string& identifier, + const std::string& password, + const MemoryRegion<byte>& salt, + const std::string& group_id, + const std::string& hash_id); - /** - * Generate a new SRP-6 verifier - * @param identifier a username or other client identifier - * @param password the secret used to authenticate user - * @param salt a randomly chosen value, at least 128 bits long - */ - static BigInt generate_verifier(const std::string& identifier, - const std::string& password, - const MemoryRegion<byte>& salt, - const std::string& group_id, - const std::string& hash_id); - }; +/** +* Return the group id for this SRP param set, or else thrown an +* exception +*/ +std::string srp6_group_identifier(const BigInt& N, const BigInt& g); /** * Represents a SRP-6a server session diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp index d3d076641..c9069ce65 100644 --- a/src/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/entropy/cryptoapi_rng/es_capi.cpp @@ -65,7 +65,7 @@ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) if(got) { - accum.add(&io_buffer[0], io_buffer.size(), 8); + accum.add(&io_buffer[0], io_buffer.size(), 6); break; } } diff --git a/src/entropy/dev_random/dev_random.cpp b/src/entropy/dev_random/dev_random.cpp index d14ae43ae..9e4f0b373 100644 --- a/src/entropy/dev_random/dev_random.cpp +++ b/src/entropy/dev_random/dev_random.cpp @@ -105,9 +105,12 @@ Device_EntropySource::~Device_EntropySource() */ void Device_EntropySource::poll(Entropy_Accumulator& accum) { - size_t go_get = std::min<size_t>(accum.desired_remaining_bits() / 8, 48); + const size_t ENTROPY_BITS_PER_BYTE = 7; - size_t read_wait_ms = std::max<size_t>(go_get, 1000); + const size_t go_get = std::min<size_t>( + accum.desired_remaining_bits() / ENTROPY_BITS_PER_BYTE, 32); + + const size_t read_wait_ms = std::max<size_t>(go_get, 100); MemoryRegion<byte>& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != devices.size(); ++i) @@ -117,7 +120,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) if(got) { - accum.add(&io_buffer[0], got, 8); + accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE); break; } } diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp index b2b629930..e0ebf9509 100644 --- a/src/entropy/egd/es_egd.cpp +++ b/src/entropy/egd/es_egd.cpp @@ -147,7 +147,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) if(got) { - accum.add(&io_buffer[0], got, 8); + accum.add(&io_buffer[0], got, 6); break; } } diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp index 5d58f9869..8b4408aee 100644 --- a/src/entropy/proc_walk/es_ftw.cpp +++ b/src/entropy/proc_walk/es_ftw.cpp @@ -1,6 +1,6 @@ /* * FTW EntropySource -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2008,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -41,60 +41,81 @@ namespace { class Directory_Walker : public File_Descriptor_Source { public: - Directory_Walker(const std::string& root) { add_directory(root); } - ~Directory_Walker(); + Directory_Walker(const std::string& root) : + m_cur_dir(std::make_pair<DIR*, std::string>(0, "")) + { + if(DIR* root_dir = ::opendir(root.c_str())) + m_cur_dir = std::make_pair(root_dir, root); + } + + ~Directory_Walker() + { + if(m_cur_dir.first) + ::closedir(m_cur_dir.first); + } int next_fd(); private: - void add_directory(const std::string&); + void add_directory(const std::string& dirname) + { + m_dirlist.push_back(dirname); + } - std::deque<std::pair<DIR*, std::string> > dirs; - }; + std::pair<struct dirent*, std::string> get_next_dirent(); -void Directory_Walker::add_directory(const std::string& dirname) - { - DIR* dir = ::opendir(dirname.c_str()); - if(dir) - dirs.push_back(std::make_pair(dir, dirname)); - } + std::pair<DIR*, std::string> m_cur_dir; + std::deque<std::string> m_dirlist; + }; -Directory_Walker::~Directory_Walker() +std::pair<struct dirent*, std::string> Directory_Walker::get_next_dirent() { - while(dirs.size()) + while(m_cur_dir.first) { - ::closedir(dirs[0].first); - dirs.pop_front(); + struct dirent* dir = ::readdir(m_cur_dir.first); + + if(dir) + return std::make_pair<struct dirent*, std::string>(dir, m_cur_dir.second); + + ::closedir(m_cur_dir.first); + m_cur_dir = std::make_pair<DIR*, std::string>(0, ""); + + while(!m_dirlist.empty() && m_cur_dir.first == 0) + { + const std::string next_dir_name = m_dirlist[0]; + m_dirlist.pop_front(); + + if(DIR* next_dir = ::opendir(next_dir_name.c_str())) + m_cur_dir = std::make_pair(next_dir, next_dir_name); + } } + + return std::make_pair<struct dirent*, std::string>(0, ""); // nothing left } int Directory_Walker::next_fd() { - while(dirs.size()) + while(true) { - std::pair<DIR*, std::string> dirinfo = dirs[0]; + std::pair<struct dirent*, std::string> entry = get_next_dirent(); - struct dirent* entry = ::readdir(dirinfo.first); + if(!entry.first) + break; // no more dirs - if(!entry) - { - ::closedir(dirinfo.first); - dirs.pop_front(); - continue; - } - - const std::string filename = entry->d_name; + const std::string filename = entry.first->d_name; if(filename == "." || filename == "..") continue; - const std::string full_path = dirinfo.second + '/' + filename; + const std::string full_path = entry.second + '/' + filename; struct stat stat_buf; if(::lstat(full_path.c_str(), &stat_buf) == -1) continue; if(S_ISDIR(stat_buf.st_mode)) + { add_directory(full_path); + } else if(S_ISREG(stat_buf.st_mode) && (stat_buf.st_mode & S_IROTH)) { int fd = ::open(full_path.c_str(), O_RDONLY | O_NOCTTY); @@ -127,12 +148,12 @@ FTW_EntropySource::~FTW_EntropySource() void FTW_EntropySource::poll(Entropy_Accumulator& accum) { - const size_t MAX_FILES_READ_PER_POLL = 1024; + const size_t MAX_FILES_READ_PER_POLL = 2048; if(!dir) dir = new Directory_Walker(path); - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(128); + MemoryRegion<byte>& io_buffer = accum.get_io_buffer(4096); for(size_t i = 0; i != MAX_FILES_READ_PER_POLL; ++i) { @@ -150,7 +171,7 @@ void FTW_EntropySource::poll(Entropy_Accumulator& accum) ::close(fd); if(got > 0) - accum.add(&io_buffer[0], got, .01); + accum.add(&io_buffer[0], got, .001); if(accum.polling_goal_achieved()) break; diff --git a/src/libstate/global_rng.cpp b/src/libstate/global_rng.cpp index a73924213..e9ea530ac 100644 --- a/src/libstate/global_rng.cpp +++ b/src/libstate/global_rng.cpp @@ -68,7 +68,7 @@ void add_entropy_sources(RandomNumberGenerator* rng) #if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM) rng->add_entropy_source( new Device_EntropySource( - split_on("/dev/urandom:/dev/random:/dev/srandom", ':') + split_on("/dev/random:/dev/srandom:/dev/urandom", ':') ) ); #endif diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index f91eed1d8..b1da22ce8 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -37,7 +37,19 @@ void set_default_oids(Library_State& config) add_oid(config, "1.3.6.1.4.1.3029.1.2.1", "ElGamal"); add_oid(config, "1.3.6.1.4.1.25258.1.1", "RW"); add_oid(config, "1.3.6.1.4.1.25258.1.2", "NR"); - add_oid(config, "1.2.840.10045.2.1", "ECDSA"); // X9.62 + + // X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5) + add_oid(config, "1.2.840.10045.2.1", "ECDSA"); + + /* + * This is an OID defined for ECDH keys though rarely used for such. + * In this configuration it is accepted on decoding, but not used for + * encoding. You can enable it for encoding by calling + * global_state().set("str2oid", "ECDH", "1.3.132.1.12") + * from your application code. + */ + config.set("oid2str", "1.3.132.1.12", "ECDH"); + add_oid(config, "1.2.643.2.2.19", "GOST-34.10"); // RFC 4491 /* Ciphers */ @@ -325,6 +337,15 @@ void set_default_dl_groups(Library_State& config) "NgRlEbmT//////////8=" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/1536", + "-----BEGIN DH PARAMETERS-----" + "MIHHAoHBAJ3vPK+5OSd6sfEqhheke7vbpR30maxMgL7uqWFLGcxNX09fVW4ny95R" + "xqlL5GB6KRVYkDug0PhDgLZVu5oi6NzfAop87Gfw0IE0sci5eYkUm2CeC+O6tj1H" + "VIOB28Wx/HZOP0tT3Z2hFYv9PiucjPVu3wGVOTSWJ9sv1T0kt8SGZXcuQ31sf4zk" + "QnNK98y3roN8Jkrjqb64f4ov6bi1KS5aAh//XpFHnoznoowkQsbzFRgPk0maI03P" + "duP+0TX5uwIBAg==" + "-----END DH PARAMETERS-----"); + config.set("dl", "modp/ietf/2048", "-----BEGIN X942 DH PARAMETERS-----" "MIICDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" @@ -376,6 +397,19 @@ void set_default_dl_groups(Library_State& config) "JcFokFSdaWV//////////w==" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/3072", + "-----BEGIN DH PARAMETERS-----" + "MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" + "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" + "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" + "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS" + "yv//////////AgEF" + "-----END DH PARAMETERS-----"); + config.set("dl", "modp/ietf/4096", "-----BEGIN X942 DH PARAMETERS-----" "MIIEDAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" @@ -402,6 +436,21 @@ void set_default_dl_groups(Library_State& config) "ydp1TEbH7uDDf9vuSFNgR6b6GuSaAxjM//////////8=" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/4096", + "-----BEGIN DH PARAMETERS-----" + "MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" + "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" + "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" + "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" + "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" + "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" + "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU=" + "-----END DH PARAMETERS-----"); + config.set("dl", "modp/ietf/6144", "-----BEGIN X942 DH PARAMETERS-----" "MIIGDAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" @@ -439,6 +488,27 @@ void set_default_dl_groups(Library_State& config) "jzbmIBJ//////////wIBAg==" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/6144", + "-----BEGIN DH PARAMETERS-----" + "MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" + "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" + "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" + "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" + "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" + "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" + "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" + "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" + "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" + "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" + "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" + "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA" + "JP//////////AgEF" + "-----END DH PARAMETERS-----"); + config.set("dl", "modp/ietf/8192", "-----BEGIN X942 DH PARAMETERS-----" "MIIIDAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" @@ -486,6 +556,32 @@ void set_default_dl_groups(Library_State& config) "034BNyPKrHIjqzv01U8YKHE7K0pv5A+rdEBctziwZMBuzHbp7///////////AgEC" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/8192", + "-----BEGIN DH PARAMETERS-----" + "MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" + "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" + "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" + "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" + "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" + "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" + "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" + "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" + "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" + "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" + "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" + "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R" + "WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk" + "ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw" + "xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4" + "Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i" + "aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU" + "38gfVuiAuW5xYMmA3Zjt09///////////wIBEw==" + "-----END DH PARAMETERS-----"); + config.set("dl", "dsa/jce/512", "-----BEGIN DSA PARAMETERS-----" "MIGdAkEA/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQT" diff --git a/src/math/numbertheory/numthry.cpp b/src/math/numbertheory/numthry.cpp index 16fa8ca0c..c7896c17a 100644 --- a/src/math/numbertheory/numthry.cpp +++ b/src/math/numbertheory/numthry.cpp @@ -10,8 +10,6 @@ #include <botan/internal/bit_ops.h> #include <algorithm> -#include <stdio.h> - namespace Botan { namespace { diff --git a/src/pubkey/ec_group/ec_group.h b/src/pubkey/ec_group/ec_group.h index dadc9fba3..59a1918c0 100644 --- a/src/pubkey/ec_group/ec_group.h +++ b/src/pubkey/ec_group/ec_group.h @@ -63,8 +63,8 @@ class BOTAN_DLL EC_Group EC_Group(const OID& oid); /** - * Create an EC domain from PEM encoding (as from PEM_encode), or - * from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7") + * Create an EC domain from PEM encoding (as from PEM_encode), + * or from an OID name (eg "secp160r1", or "1.3.132.0.8") * @param pem_or_oid PEM-encoded data, or an OID */ EC_Group(const std::string& pem_or_oid = ""); diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index 2edbfe86d..6fe0697bf 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -22,7 +22,6 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey { public: - ECDH_PublicKey(const AlgorithmIdentifier& alg_id, const MemoryRegion<byte>& key_bits) : EC_PublicKey(alg_id, key_bits) {} diff --git a/src/pubkey/pk_algs.cpp b/src/pubkey/pk_algs.cpp index e500cfc2e..9b3218ac4 100644 --- a/src/pubkey/pk_algs.cpp +++ b/src/pubkey/pk_algs.cpp @@ -40,6 +40,10 @@ #include <botan/elgamal.h> #endif +#if defined(BOTAN_HAS_ECDH) + #include <botan/ecdh.h> +#endif + namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, @@ -89,6 +93,11 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, return new GOST_3410_PublicKey(alg_id, key_bits); #endif +#if defined(BOTAN_HAS_ECDH) + if(alg_name == "ECDH") + return new ECDH_PublicKey(alg_id, key_bits); +#endif + return 0; } @@ -140,6 +149,11 @@ Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, return new GOST_3410_PrivateKey(alg_id, key_bits); #endif +#if defined(BOTAN_HAS_ECDH) + if(alg_name == "ECDH") + return new ECDH_PrivateKey(alg_id, key_bits); +#endif + return 0; } diff --git a/src/pubkey/workfactor.cpp b/src/pubkey/workfactor.cpp index f3d5d164a..72ba75cf9 100644 --- a/src/pubkey/workfactor.cpp +++ b/src/pubkey/workfactor.cpp @@ -1,6 +1,6 @@ /* * Public Key Work Factor Functions -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -11,39 +11,40 @@ namespace Botan { -/* -* Choose the exponent size for a DL group -*/ size_t dl_work_factor(size_t bits) { -#if 0 /* - These values were taken from RFC 3526 + Based on GNFS work factors. Constant is 1.43 times the asymptotic + value; I'm not sure but I believe that came from a paper on 'real + world' runtimes, but I don't remember where now. + + Sample return values: + |512| -> 64 + |1024| -> 86 + |1536| -> 102 + |2048| -> 116 + |3072| -> 138 + |4096| -> 155 + |8192| -> 206 + + For DL algos, we use an exponent of twice the size of the result; + the assumption is that an arbitrary discrete log on a group of size + bits would take about 2^n effort, and thus using an exponent of + size 2^(2*n) implies that all available attacks are about as easy + (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) + operations) while minimizing the exponent size for performance + reasons. */ - if(bits <= 1536) - return 90; - else if(bits <= 2048) - return 110; - else if(bits <= 3072) - return 130; - else if(bits <= 4096) - return 150; - else if(bits <= 6144) - return 170; - else if(bits <= 8192) - return 190; - return 256; -#else - const double MIN_ESTIMATE = 64; - - const double log_x = bits / 1.44; + + const size_t MIN_WORKFACTOR = 64; + + // approximates natural logarithm of p + const double log_p = bits / 1.4426; const double strength = - 2.76 * std::pow(log_x, 1.0/3.0) * std::pow(std::log(log_x), 2.0/3.0); + 2.76 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0); - return static_cast<size_t>(std::max(strength, MIN_ESTIMATE)); -#endif + return std::max(static_cast<size_t>(strength), MIN_WORKFACTOR); } - } diff --git a/src/pubkey/workfactor.h b/src/pubkey/workfactor.h index bd1a43298..179b580e7 100644 --- a/src/pubkey/workfactor.h +++ b/src/pubkey/workfactor.h @@ -13,7 +13,7 @@ namespace Botan { /** -* Estimate work factor +* Estimate work factor for discrete logarithm * @param prime_group_size size of the group in bits * @return estimated security level for this group */ diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 7912e58af..74ba522a4 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -75,7 +75,8 @@ void HMAC_RNG::reseed(size_t poll_bits) while(!accum.polling_goal_achieved() && poll_attempt < poll_bits) { - entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum); + const size_t src_idx = poll_attempt % entropy_sources.size(); + entropy_sources[src_idx]->poll(accum); ++poll_attempt; } } @@ -110,7 +111,11 @@ void HMAC_RNG::reseed(size_t poll_bits) counter = 0; user_input_len = 0; - if(accum.bits_collected() >= 128) + /* + Consider ourselves seeded once we've collected an estimated 128 bits of + entropy in a single poll. + */ + if(seeded == false && accum.bits_collected() >= 128) seeded = true; } @@ -119,15 +124,18 @@ void HMAC_RNG::reseed(size_t poll_bits) */ void HMAC_RNG::add_entropy(const byte input[], size_t length) { + const size_t USER_ENTROPY_WATERSHED = 20; + extractor->update(input, length); user_input_len += length; /* - * After we've accumulated >= 1024 bytes of user input, reseed. - * This input will automatically have been included if reseed was - * called already, as it's just included in the extractor input. + * After we've accumulated at least USER_ENTROPY_WATERSHED bytes of + * user input, reseed. This input will automatically have been + * included if reseed was called already, as it's just included in + * the extractor input. */ - if(user_input_len >= 1024) + if(user_input_len >= USER_ENTROPY_WATERSHED) reseed(128); } diff --git a/src/selftest/selftest.cpp b/src/selftest/selftest.cpp index 7b87bcb61..0dac31cef 100644 --- a/src/selftest/selftest.cpp +++ b/src/selftest/selftest.cpp @@ -10,8 +10,6 @@ #include <botan/internal/core_engine.h> #include <botan/internal/stl_util.h> -#include <stdio.h> - namespace Botan { namespace { @@ -28,8 +26,6 @@ bool test_filter_kat(Filter* filter, const std::string output = pipe.read_all_as_string(); - //printf("%s %s\n", output.c_str(), expected_output.c_str()); - return (output == expected_output); } diff --git a/src/tls/info.txt b/src/tls/info.txt index 21d3d54c1..ab329c342 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -1,5 +1,7 @@ define TLS +load_on request + <comment> The TLS code is complex, new, and not yet reviewed, there may be serious bugs or security issues. diff --git a/src/wrap/python/filter.cpp b/src/wrap/python/filter.cpp index 437c5239f..e329ed708 100644 --- a/src/wrap/python/filter.cpp +++ b/src/wrap/python/filter.cpp @@ -26,7 +26,6 @@ class Py_Filter : public Filter void send_str(const std::string& str) { - printf("Py_Filter::send_str\n"); send((const byte*)str.data(), str.length()); } }; @@ -36,14 +35,12 @@ class FilterWrapper : public Py_Filter, public wrapper<Py_Filter> public: void start_msg() { - printf("wrapper start_msg\n"); if(override start_msg = this->get_override("start_msg")) start_msg(); } void end_msg() { - printf("wrapper end_msg\n"); if(override end_msg = this->get_override("end_msg")) end_msg(); } @@ -53,7 +50,6 @@ class FilterWrapper : public Py_Filter, public wrapper<Py_Filter> virtual void write_str(const std::string& str) { - printf("wrapper write\n"); this->get_override("write")(str); } }; @@ -125,7 +121,6 @@ void prepend_filter(Pipe& pipe, std::auto_ptr<Filter> filter) void do_send(std::auto_ptr<FilterWrapper> filter, const std::string& data) { - printf("Sending %s to %p\n", data.c_str(), filter.get()); filter->send_str(data); } |