aboutsummaryrefslogtreecommitdiffstats
path: root/src/constructs
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-05-18 20:32:36 +0000
committerlloyd <[email protected]>2012-05-18 20:32:36 +0000
commitc691561f3198f481c13457433efbccc1c9fcd898 (patch)
treea45ea2c5a30e0cb009fbcb68a61ef39332ff790c /src/constructs
parentd76700f01c7ecac5633edf75f8d7408b46c5dbac (diff)
Fairly huge update that replaces the old secmem types with std::vector
using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
Diffstat (limited to 'src/constructs')
-rw-r--r--src/constructs/aont/package.cpp16
-rw-r--r--src/constructs/cryptobox/cryptobox.cpp12
-rw-r--r--src/constructs/fpe_fe1/fpe_fe1.cpp18
-rw-r--r--src/constructs/fpe_fe1/fpe_fe1.h4
-rw-r--r--src/constructs/rfc3394/rfc3394.cpp20
-rw-r--r--src/constructs/rfc3394/rfc3394.h4
-rw-r--r--src/constructs/srp6/srp6.cpp10
-rw-r--r--src/constructs/srp6/srp6.h4
-rw-r--r--src/constructs/srp6/srp6_files.cpp4
-rw-r--r--src/constructs/srp6/srp6_files.h6
-rw-r--r--src/constructs/tss/tss.cpp10
-rw-r--r--src/constructs/tss/tss.h4
12 files changed, 56 insertions, 56 deletions
diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp
index 4d46f6b61..1adee90e8 100644
--- a/src/constructs/aont/package.cpp
+++ b/src/constructs/aont/package.cpp
@@ -37,7 +37,7 @@ void aont_package(RandomNumberGenerator& rng,
// Set K0 (the all zero key)
cipher->set_key(SymmetricKey(all_zeros));
- SecureVector<byte> buf(BLOCK_SIZE);
+ secure_vector<byte> buf(BLOCK_SIZE);
const size_t blocks =
(input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
@@ -57,13 +57,13 @@ void aont_package(RandomNumberGenerator& rng,
for(size_t j = 0; j != sizeof(i); ++j)
buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
- cipher->encrypt(buf);
+ cipher->encrypt(&buf[0]);
- xor_buf(final_block, buf, BLOCK_SIZE);
+ xor_buf(&final_block[0], &buf[0], BLOCK_SIZE);
}
// XOR the random package key into the final block
- xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
+ xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE);
}
void aont_unpackage(BlockCipher* cipher,
@@ -83,8 +83,8 @@ void aont_unpackage(BlockCipher* cipher,
cipher->set_key(SymmetricKey(all_zeros));
- SecureVector<byte> package_key(BLOCK_SIZE);
- SecureVector<byte> buf(BLOCK_SIZE);
+ secure_vector<byte> package_key(BLOCK_SIZE);
+ secure_vector<byte> buf(BLOCK_SIZE);
// Copy the package key (masked with the block hashes)
copy_mem(&package_key[0],
@@ -105,9 +105,9 @@ void aont_unpackage(BlockCipher* cipher,
for(size_t j = 0; j != sizeof(i); ++j)
buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
- cipher->encrypt(buf);
+ cipher->encrypt(&buf[0]);
- xor_buf(&package_key[0], buf, BLOCK_SIZE);
+ xor_buf(&package_key[0], &buf[0], BLOCK_SIZE);
}
Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp
index ab263c3e9..bb7bf353c 100644
--- a/src/constructs/cryptobox/cryptobox.cpp
+++ b/src/constructs/cryptobox/cryptobox.cpp
@@ -44,7 +44,7 @@ std::string encrypt(const byte input[], size_t input_len,
const std::string& passphrase,
RandomNumberGenerator& rng)
{
- SecureVector<byte> pbkdf_salt(PBKDF_SALT_LEN);
+ secure_vector<byte> pbkdf_salt(PBKDF_SALT_LEN);
rng.randomize(&pbkdf_salt[0], pbkdf_salt.size());
PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512));
@@ -79,10 +79,10 @@ std::string encrypt(const byte input[], size_t input_len,
*/
const size_t ciphertext_len = pipe.remaining(0);
- SecureVector<byte> out_buf(VERSION_CODE_LEN +
- PBKDF_SALT_LEN +
- MAC_OUTPUT_LEN +
- ciphertext_len);
+ std::vector<byte> out_buf(VERSION_CODE_LEN +
+ PBKDF_SALT_LEN +
+ MAC_OUTPUT_LEN +
+ ciphertext_len);
for(size_t i = 0; i != VERSION_CODE_LEN; ++i)
out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE);
@@ -100,7 +100,7 @@ std::string decrypt(const byte input[], size_t input_len,
const std::string& passphrase)
{
DataSource_Memory input_src(input, input_len);
- SecureVector<byte> ciphertext =
+ secure_vector<byte> ciphertext =
PEM_Code::decode_check_label(input_src,
"BOTAN CRYPTOBOX MESSAGE");
diff --git a/src/constructs/fpe_fe1/fpe_fe1.cpp b/src/constructs/fpe_fe1/fpe_fe1.cpp
index 91d328c17..b22d3a8df 100644
--- a/src/constructs/fpe_fe1/fpe_fe1.cpp
+++ b/src/constructs/fpe_fe1/fpe_fe1.cpp
@@ -84,7 +84,7 @@ class FPE_Encryptor
public:
FPE_Encryptor(const SymmetricKey& key,
const BigInt& n,
- const MemoryRegion<byte>& tweak);
+ const std::vector<byte>& tweak);
~FPE_Encryptor() { delete mac; }
@@ -92,17 +92,17 @@ class FPE_Encryptor
private:
MessageAuthenticationCode* mac;
- SecureVector<byte> mac_n_t;
+ std::vector<byte> mac_n_t;
};
FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key,
const BigInt& n,
- const MemoryRegion<byte>& tweak)
+ const std::vector<byte>& tweak)
{
mac = new HMAC(new SHA_256);
mac->set_key(key);
- SecureVector<byte> n_bin = BigInt::encode(n);
+ std::vector<byte> n_bin = BigInt::encode(n);
if(n_bin.size() > MAX_N_BYTES)
throw std::runtime_error("N is too large for FPE encryption");
@@ -113,12 +113,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key,
mac->update_be(static_cast<u32bit>(tweak.size()));
mac->update(&tweak[0], tweak.size());
- mac_n_t = mac->final();
+ mac_n_t = unlock(mac->final());
}
BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R)
{
- SecureVector<byte> r_bin = BigInt::encode(R);
+ secure_vector<byte> r_bin = BigInt::encode_locked(R);
mac->update(mac_n_t);
mac->update_be(static_cast<u32bit>(round_no));
@@ -126,7 +126,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R)
mac->update_be(static_cast<u32bit>(r_bin.size()));
mac->update(&r_bin[0], r_bin.size());
- SecureVector<byte> X = mac->final();
+ secure_vector<byte> X = mac->final();
return BigInt(&X[0], X.size());
}
@@ -137,7 +137,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R)
*/
BigInt fe1_encrypt(const BigInt& n, const BigInt& X0,
const SymmetricKey& key,
- const MemoryRegion<byte>& tweak)
+ const std::vector<byte>& tweak)
{
FPE_Encryptor F(key, n, tweak);
@@ -165,7 +165,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0,
*/
BigInt fe1_decrypt(const BigInt& n, const BigInt& X0,
const SymmetricKey& key,
- const MemoryRegion<byte>& tweak)
+ const std::vector<byte>& tweak)
{
FPE_Encryptor F(key, n, tweak);
diff --git a/src/constructs/fpe_fe1/fpe_fe1.h b/src/constructs/fpe_fe1/fpe_fe1.h
index da9a6bcb6..66e7f1cfa 100644
--- a/src/constructs/fpe_fe1/fpe_fe1.h
+++ b/src/constructs/fpe_fe1/fpe_fe1.h
@@ -24,7 +24,7 @@ namespace FPE {
*/
BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X,
const SymmetricKey& key,
- const MemoryRegion<byte>& tweak);
+ const std::vector<byte>& tweak);
/**
* Decrypt X from and onto the group Z_n using key and tweak
@@ -35,7 +35,7 @@ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X,
*/
BigInt BOTAN_DLL fe1_decrypt(const BigInt& n, const BigInt& X,
const SymmetricKey& key,
- const MemoryRegion<byte>& tweak);
+ const std::vector<byte>& tweak);
}
diff --git a/src/constructs/rfc3394/rfc3394.cpp b/src/constructs/rfc3394/rfc3394.cpp
index db6420ff3..cfe95f40b 100644
--- a/src/constructs/rfc3394/rfc3394.cpp
+++ b/src/constructs/rfc3394/rfc3394.cpp
@@ -32,9 +32,9 @@ BlockCipher* make_aes(size_t keylength,
}
-SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key,
- const SymmetricKey& kek,
- Algorithm_Factory& af)
+secure_vector<byte> rfc3394_keywrap(const secure_vector<byte>& key,
+ const SymmetricKey& kek,
+ Algorithm_Factory& af)
{
if(key.size() % 8 != 0)
throw std::invalid_argument("Bad input key size for NIST key wrap");
@@ -44,13 +44,13 @@ SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key,
const size_t n = key.size() / 8;
- SecureVector<byte> R((n + 1) * 8);
- SecureVector<byte> A(16);
+ secure_vector<byte> R((n + 1) * 8);
+ secure_vector<byte> A(16);
for(size_t i = 0; i != 8; ++i)
A[i] = 0xA6;
- copy_mem(&R[8], key.begin(), key.size());
+ copy_mem(&R[8], &key[0], key.size());
for(size_t j = 0; j <= 5; ++j)
{
@@ -74,7 +74,7 @@ SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key,
return R;
}
-SecureVector<byte> rfc3394_keyunwrap(const MemoryRegion<byte>& key,
+secure_vector<byte> rfc3394_keyunwrap(const secure_vector<byte>& key,
const SymmetricKey& kek,
Algorithm_Factory& af)
{
@@ -86,13 +86,13 @@ SecureVector<byte> rfc3394_keyunwrap(const MemoryRegion<byte>& key,
const size_t n = (key.size() - 8) / 8;
- SecureVector<byte> R(n * 8);
- SecureVector<byte> A(16);
+ secure_vector<byte> R(n * 8);
+ secure_vector<byte> A(16);
for(size_t i = 0; i != 8; ++i)
A[i] = key[i];
- copy_mem(&R[0], key.begin() + 8, key.size() - 8);
+ copy_mem(&R[0], &key[8], key.size() - 8);
for(size_t j = 0; j <= 5; ++j)
{
diff --git a/src/constructs/rfc3394/rfc3394.h b/src/constructs/rfc3394/rfc3394.h
index 645586ee2..febd5207e 100644
--- a/src/constructs/rfc3394/rfc3394.h
+++ b/src/constructs/rfc3394/rfc3394.h
@@ -23,7 +23,7 @@ class Algorithm_Factory;
* @param af an algorithm factory
* @return key encrypted under kek
*/
-SecureVector<byte> BOTAN_DLL rfc3394_keywrap(const MemoryRegion<byte>& key,
+secure_vector<byte> BOTAN_DLL rfc3394_keywrap(const secure_vector<byte>& key,
const SymmetricKey& kek,
Algorithm_Factory& af);
@@ -36,7 +36,7 @@ SecureVector<byte> BOTAN_DLL rfc3394_keywrap(const MemoryRegion<byte>& key,
* @param af an algorithm factory
* @return key decrypted under kek
*/
-SecureVector<byte> BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion<byte>& key,
+secure_vector<byte> BOTAN_DLL rfc3394_keyunwrap(const secure_vector<byte>& key,
const SymmetricKey& kek,
Algorithm_Factory& af);
diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp
index 0eccdc154..569454350 100644
--- a/src/constructs/srp6/srp6.cpp
+++ b/src/constructs/srp6/srp6.cpp
@@ -48,7 +48,7 @@ BigInt hash_seq(const std::string& hash_id,
BigInt compute_x(const std::string& hash_id,
const std::string& identifier,
const std::string& password,
- const MemoryRegion<byte>& salt)
+ const std::vector<byte>& salt)
{
std::unique_ptr<HashFunction> hash_fn(
global_state().algorithm_factory().make_hash_function(hash_id));
@@ -57,12 +57,12 @@ BigInt compute_x(const std::string& hash_id,
hash_fn->update(":");
hash_fn->update(password);
- SecureVector<byte> inner_h = hash_fn->final();
+ secure_vector<byte> inner_h = hash_fn->final();
hash_fn->update(salt);
hash_fn->update(inner_h);
- SecureVector<byte> outer_h = hash_fn->final();
+ secure_vector<byte> outer_h = hash_fn->final();
return BigInt::decode(outer_h);
}
@@ -97,7 +97,7 @@ srp6_client_agree(const std::string& identifier,
const std::string& password,
const std::string& group_id,
const std::string& hash_id,
- const MemoryRegion<byte>& salt,
+ const std::vector<byte>& salt,
const BigInt& B,
RandomNumberGenerator& rng)
{
@@ -129,7 +129,7 @@ srp6_client_agree(const std::string& identifier,
BigInt generate_srp6_verifier(const std::string& identifier,
const std::string& password,
- const MemoryRegion<byte>& salt,
+ const std::vector<byte>& salt,
const std::string& group_id,
const std::string& hash_id)
{
diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h
index 4fd127c70..b34253d7a 100644
--- a/src/constructs/srp6/srp6.h
+++ b/src/constructs/srp6/srp6.h
@@ -33,7 +33,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username,
const std::string& password,
const std::string& group_id,
const std::string& hash_id,
- const MemoryRegion<byte>& salt,
+ const std::vector<byte>& salt,
const BigInt& B,
RandomNumberGenerator& rng);
@@ -45,7 +45,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username,
*/
BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier,
const std::string& password,
- const MemoryRegion<byte>& salt,
+ const std::vector<byte>& salt,
const std::string& group_id,
const std::string& hash_id);
diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp
index bc321745f..4df2986f3 100644
--- a/src/constructs/srp6/srp6_files.cpp
+++ b/src/constructs/srp6/srp6_files.cpp
@@ -31,7 +31,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename)
std::string username = parts[0];
BigInt v = BigInt::decode(base64_decode(parts[1]));
- MemoryVector<byte> salt = base64_decode(parts[2]);
+ std::vector<byte> salt = unlock(base64_decode(parts[2]));
BigInt group_id_idx = BigInt::decode(base64_decode(parts[3]));
std::string group_id;
@@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename)
bool SRP6_Authenticator_File::lookup_user(const std::string& username,
BigInt& v,
- MemoryRegion<byte>& salt,
+ std::vector<byte>& salt,
std::string& group_id) const
{
std::map<std::string, SRP6_Data>::const_iterator i = entries.find(username);
diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h
index 4e3293423..4e0d3ff02 100644
--- a/src/constructs/srp6/srp6_files.h
+++ b/src/constructs/srp6/srp6_files.h
@@ -28,7 +28,7 @@ class BOTAN_DLL SRP6_Authenticator_File
bool lookup_user(const std::string& username,
BigInt& v,
- MemoryRegion<byte>& salt,
+ std::vector<byte>& salt,
std::string& group_id) const;
private:
struct SRP6_Data
@@ -36,12 +36,12 @@ class BOTAN_DLL SRP6_Authenticator_File
SRP6_Data() {}
SRP6_Data(const BigInt& v,
- const MemoryRegion<byte>& salt,
+ const std::vector<byte>& salt,
const std::string& group_id) :
v(v), salt(salt), group_id(group_id) {}
BigInt v;
- MemoryVector<byte> salt;
+ std::vector<byte> salt;
std::string group_id;
};
diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp
index cc34216f3..e002084a1 100644
--- a/src/constructs/tss/tss.cpp
+++ b/src/constructs/tss/tss.cpp
@@ -150,7 +150,7 @@ RTSS_Share::split(byte M, byte N,
shares[i].contents.push_back(i+1);
// secret = S || H(S)
- SecureVector<byte> secret(S, S_len);
+ secure_vector<byte> secret(S, S + S_len);
secret += hash.process(S, S_len);
for(size_t i = 0; i != secret.size(); ++i)
@@ -178,7 +178,7 @@ RTSS_Share::split(byte M, byte N,
return shares;
}
-SecureVector<byte>
+secure_vector<byte>
RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares)
{
const size_t RTSS_HEADER_SIZE = 20;
@@ -211,7 +211,7 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares)
throw Decoding_Error("Bad RTSS length field in header");
std::vector<byte> V(shares.size());
- SecureVector<byte> secret;
+ secure_vector<byte> secret;
for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i)
{
@@ -250,13 +250,13 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares)
throw Decoding_Error("Bad length in RTSS output");
hash->update(&secret[0], secret_len);
- SecureVector<byte> hash_check = hash->final();
+ secure_vector<byte> hash_check = hash->final();
if(!same_mem(&hash_check[0],
&secret[secret_len], hash->output_length()))
throw Decoding_Error("RTSS hash check failed");
- return SecureVector<byte>(&secret[0], secret_len);
+ return secure_vector<byte>(&secret[0], &secret[secret_len]);
}
}
diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h
index 297c65971..4664af317 100644
--- a/src/constructs/tss/tss.h
+++ b/src/constructs/tss/tss.h
@@ -38,7 +38,7 @@ class BOTAN_DLL RTSS_Share
/**
* @param shares the list of shares
*/
- static SecureVector<byte>
+ static secure_vector<byte>
reconstruct(const std::vector<RTSS_Share>& shares);
RTSS_Share() {}
@@ -68,7 +68,7 @@ class BOTAN_DLL RTSS_Share
*/
bool initialized() const { return (contents.size() > 0); }
private:
- SecureVector<byte> contents;
+ secure_vector<byte> contents;
};
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 07:22:02 +0000