For block and stream ciphers, don't set the size of the key vectors

until we are actually setting a key. This avoids the problem of prototype objects consuming not just memory but the precious few bytes of mlock'able memory that we're given by Linux. Use clear_mem instead of a loop in BigInt::mask_bits If OS2ECP encounters an invalid format type, include what type it was in the exception message.
author: lloyd <[email protected]> 2012-05-25 02:11:10 +0000
committer: lloyd <[email protected]> 2012-05-25 02:11:10 +0000
commit: 113f4035f41cf3152832e1753d28b79a7ea811a4 (patch)
tree: 1e2071c1f7786972d268b727f52ee33225ad68d4 /src/block/cast
parent: ee42784fee56c48f72ecf03d7b93765dac35edf5 (diff)
4 files changed, 48 insertions, 43 deletions
diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp
index 8fae4040d..d64523c8b 100644
--- a/src/block/cast/cast128.cpp
+++ b/src/block/cast/cast128.cpp
@@ -16,7 +16,7 @@ namespace {
 /*
 * CAST-128 Round Type 1
 */
-inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+inline void R1(u32bit& L, u32bit R, u32bit MK, byte RK)
    {
    u32bit T = rotate_left(MK + R, RK);
    L ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) -
@@ -26,7 +26,7 @@ inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK)
 /*
 * CAST-128 Round Type 2
 */
-inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+inline void R2(u32bit& L, u32bit R, u32bit MK, byte RK)
    {
    u32bit T = rotate_left(MK ^ R, RK);
    L ^= (CAST_SBOX1[get_byte(0, T)]  - CAST_SBOX2[get_byte(1, T)] +
@@ -36,7 +36,7 @@ inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK)
 /*
 * CAST-128 Round Type 3
 */
-inline void R3(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+inline void R3(u32bit& L, u32bit R, u32bit MK, byte RK)
    {
    u32bit T = rotate_left(MK - R, RK);
    L ^= ((CAST_SBOX1[get_byte(0, T)]  + CAST_SBOX2[get_byte(1, T)]) ^
@@ -118,16 +118,20 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const
 */
 void CAST_128::key_schedule(const byte key[], size_t length)
    {
-   clear();
+   MK.resize(48);
+   RK.resize(48);
+
    secure_vector<u32bit> X(4);
-   for(size_t j = 0; j != length; ++j)
-      X[j/4] = (X[j/4] << 8) + key[j];
+   for(size_t i = 0; i != length; ++i)
+      X[i/4] = (X[i/4] << 8) + key[i];
 
    cast_ks(MK, X);
-   cast_ks(RK, X);
 
-   for(size_t j = 0; j != 16; ++j)
-      RK[j] %= 32;
+   secure_vector<u32bit> RK32(48);
+   cast_ks(RK32, X);
+
+   for(size_t i = 0; i != 16; ++i)
+      RK[i] = RK32[i] % 32;
    }
 
 /*
diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h
index 15efc8132..f3f23b14a 100644
--- a/src/block/cast/cast128.h
+++ b/src/block/cast/cast128.h
@@ -21,11 +21,10 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16>
       void encrypt_n(const byte in[], byte out[], size_t blocks) const;
       void decrypt_n(const byte in[], byte out[], size_t blocks) const;
 
-      void clear() { zeroise(MK); zeroise(RK); }
+      void clear() { MK.clear(); RK.clear(); }
       std::string name() const { return "CAST-128"; }
       BlockCipher* clone() const { return new CAST_128; }
 
-      CAST_128() : MK(16), RK(16) {}
    private:
       void key_schedule(const byte[], size_t);
 
@@ -37,7 +36,8 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16>
       static const u32bit S7[256];
       static const u32bit S8[256];
 
-      secure_vector<u32bit> MK, RK;
+      secure_vector<u32bit> MK;
+      secure_vector<byte> RK;
    };
 
 extern const u32bit CAST_SBOX1[256];
diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp
index 00e0fbd30..9476d3faf 100644
--- a/src/block/cast/cast256.cpp
+++ b/src/block/cast/cast256.cpp
@@ -138,40 +138,43 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const
 */
 void CAST_256::key_schedule(const byte key[], size_t length)
    {
+   MK.resize(48);
+   RK.resize(48);
+
    secure_vector<u32bit> K(8);
-   for(size_t j = 0; j != length; ++j)
-      K[j/4] = (K[j/4] << 8) + key[j];
+   for(size_t i = 0; i != length; ++i)
+      K[i/4] = (K[i/4] << 8) + key[i];
 
    u32bit A = K[0], B = K[1], C = K[2], D = K[3],
           E = K[4], F = K[5], G = K[6], H = K[7];
 
-   for(size_t j = 0; j != 48; j += 4)
+   for(size_t i = 0; i != 48; i += 4)
       {
-      round1(G, H, KEY_MASK[4*j+ 0], KEY_ROT[(4*j+ 0) % 32]);
-      round2(F, G, KEY_MASK[4*j+ 1], KEY_ROT[(4*j+ 1) % 32]);
-      round3(E, F, KEY_MASK[4*j+ 2], KEY_ROT[(4*j+ 2) % 32]);
-      round1(D, E, KEY_MASK[4*j+ 3], KEY_ROT[(4*j+ 3) % 32]);
-      round2(C, D, KEY_MASK[4*j+ 4], KEY_ROT[(4*j+ 4) % 32]);
-      round3(B, C, KEY_MASK[4*j+ 5], KEY_ROT[(4*j+ 5) % 32]);
-      round1(A, B, KEY_MASK[4*j+ 6], KEY_ROT[(4*j+ 6) % 32]);
-      round2(H, A, KEY_MASK[4*j+ 7], KEY_ROT[(4*j+ 7) % 32]);
-      round1(G, H, KEY_MASK[4*j+ 8], KEY_ROT[(4*j+ 8) % 32]);
-      round2(F, G, KEY_MASK[4*j+ 9], KEY_ROT[(4*j+ 9) % 32]);
-      round3(E, F, KEY_MASK[4*j+10], KEY_ROT[(4*j+10) % 32]);
-      round1(D, E, KEY_MASK[4*j+11], KEY_ROT[(4*j+11) % 32]);
-      round2(C, D, KEY_MASK[4*j+12], KEY_ROT[(4*j+12) % 32]);
-      round3(B, C, KEY_MASK[4*j+13], KEY_ROT[(4*j+13) % 32]);
-      round1(A, B, KEY_MASK[4*j+14], KEY_ROT[(4*j+14) % 32]);
-      round2(H, A, KEY_MASK[4*j+15], KEY_ROT[(4*j+15) % 32]);
-
-      RK[j  ] = (A % 32);
-      RK[j+1] = (C % 32);
-      RK[j+2] = (E % 32);
-      RK[j+3] = (G % 32);
-      MK[j  ] = H;
-      MK[j+1] = F;
-      MK[j+2] = D;
-      MK[j+3] = B;
+      round1(G, H, KEY_MASK[4*i+ 0], KEY_ROT[(4*i+ 0) % 32]);
+      round2(F, G, KEY_MASK[4*i+ 1], KEY_ROT[(4*i+ 1) % 32]);
+      round3(E, F, KEY_MASK[4*i+ 2], KEY_ROT[(4*i+ 2) % 32]);
+      round1(D, E, KEY_MASK[4*i+ 3], KEY_ROT[(4*i+ 3) % 32]);
+      round2(C, D, KEY_MASK[4*i+ 4], KEY_ROT[(4*i+ 4) % 32]);
+      round3(B, C, KEY_MASK[4*i+ 5], KEY_ROT[(4*i+ 5) % 32]);
+      round1(A, B, KEY_MASK[4*i+ 6], KEY_ROT[(4*i+ 6) % 32]);
+      round2(H, A, KEY_MASK[4*i+ 7], KEY_ROT[(4*i+ 7) % 32]);
+      round1(G, H, KEY_MASK[4*i+ 8], KEY_ROT[(4*i+ 8) % 32]);
+      round2(F, G, KEY_MASK[4*i+ 9], KEY_ROT[(4*i+ 9) % 32]);
+      round3(E, F, KEY_MASK[4*i+10], KEY_ROT[(4*i+10) % 32]);
+      round1(D, E, KEY_MASK[4*i+11], KEY_ROT[(4*i+11) % 32]);
+      round2(C, D, KEY_MASK[4*i+12], KEY_ROT[(4*i+12) % 32]);
+      round3(B, C, KEY_MASK[4*i+13], KEY_ROT[(4*i+13) % 32]);
+      round1(A, B, KEY_MASK[4*i+14], KEY_ROT[(4*i+14) % 32]);
+      round2(H, A, KEY_MASK[4*i+15], KEY_ROT[(4*i+15) % 32]);
+
+      RK[i  ] = (A % 32);
+      RK[i+1] = (C % 32);
+      RK[i+2] = (E % 32);
+      RK[i+3] = (G % 32);
+      MK[i  ] = H;
+      MK[i+1] = F;
+      MK[i+2] = D;
+      MK[i+3] = B;
       }
    }
 
diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h
index 11c5117a3..4f31f187d 100644
--- a/src/block/cast/cast256.h
+++ b/src/block/cast/cast256.h
@@ -21,11 +21,9 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4>
       void encrypt_n(const byte in[], byte out[], size_t blocks) const;
       void decrypt_n(const byte in[], byte out[], size_t blocks) const;
 
-      void clear() { zeroise(MK); zeroise(RK); }
+      void clear() { MK.clear(); RK.clear(); }
       std::string name() const { return "CAST-256"; }
       BlockCipher* clone() const { return new CAST_256; }
-
-      CAST_256() : MK(48), RK(48) {}
    private:
       void key_schedule(const byte[], size_t);
author	lloyd <[email protected]>	2012-05-25 02:11:10 +0000
committer	lloyd <[email protected]>	2012-05-25 02:11:10 +0000
commit	113f4035f41cf3152832e1753d28b79a7ea811a4 (patch)
tree	1e2071c1f7786972d268b727f52ee33225ad68d4 /src/block/cast
parent	ee42784fee56c48f72ecf03d7b93765dac35edf5 (diff)