aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-09-14 16:33:37 -0400
committerJack Lloyd <[email protected]>2016-10-07 19:27:58 -0400
commit239bdf36a617df86dc97efb11ec96d7c6d357534 (patch)
tree1011ccccee0a4aad5e58943fa3a4af621c968b8a /src/lib/pubkey
parent25b6fb53eec30620d084411fb1dbc8913142fc6d (diff)
Revert PK_Verifier change (don't require RNG there).
Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r--src/lib/pubkey/curve25519/curve25519.cpp6
-rw-r--r--src/lib/pubkey/dh/dh.cpp6
-rw-r--r--src/lib/pubkey/dsa/dsa.cpp13
-rw-r--r--src/lib/pubkey/dsa/dsa.h5
-rw-r--r--src/lib/pubkey/ecdh/ecdh.cpp20
-rw-r--r--src/lib/pubkey/ecdsa/ecdsa.cpp44
-rw-r--r--src/lib/pubkey/ecdsa/ecdsa.h5
-rw-r--r--src/lib/pubkey/ecgdsa/ecgdsa.cpp13
-rw-r--r--src/lib/pubkey/ecgdsa/ecgdsa.h5
-rw-r--r--src/lib/pubkey/eckcdsa/eckcdsa.cpp17
-rw-r--r--src/lib/pubkey/eckcdsa/eckcdsa.h5
-rw-r--r--src/lib/pubkey/elgamal/elgamal.cpp12
-rw-r--r--src/lib/pubkey/gost_3410/gost_3410.cpp13
-rw-r--r--src/lib/pubkey/gost_3410/gost_3410.h5
-rw-r--r--src/lib/pubkey/keypair/keypair.cpp2
-rw-r--r--src/lib/pubkey/mce/mceliece_key.cpp12
-rw-r--r--src/lib/pubkey/pk_keys.cpp3
-rw-r--r--src/lib/pubkey/pk_keys.h7
-rw-r--r--src/lib/pubkey/pubkey.cpp3
-rw-r--r--src/lib/pubkey/pubkey.h17
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp76
-rw-r--r--src/lib/pubkey/rsa/rsa.h3
22 files changed, 173 insertions, 119 deletions
diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp
index b1dfc59a1..02ee516de 100644
--- a/src/lib/pubkey/curve25519/curve25519.cpp
+++ b/src/lib/pubkey/curve25519/curve25519.cpp
@@ -139,9 +139,11 @@ class Curve25519_KA_Operation : public PK_Ops::Key_Agreement_with_KDF
std::unique_ptr<PK_Ops::Key_Agreement>
Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp
index 3cd47c581..19ead1b11 100644
--- a/src/lib/pubkey/dh/dh.cpp
+++ b/src/lib/pubkey/dh/dh.cpp
@@ -129,9 +129,11 @@ secure_vector<byte> DH_KA_Operation::raw_agree(const byte w[], size_t w_len)
std::unique_ptr<PK_Ops::Key_Agreement>
DH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Key_Agreement>(new DH_KA_Operation(*this, params, rng));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Key_Agreement>(new DH_KA_Operation(*this, params, rng));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index 00d7b77d7..15dc45373 100644
--- a/src/lib/pubkey/dsa/dsa.cpp
+++ b/src/lib/pubkey/dsa/dsa.cpp
@@ -198,19 +198,22 @@ bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
}
std::unique_ptr<PK_Ops::Verification>
-DSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+DSA_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Verification>(new DSA_Verification_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new DSA_Verification_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
-DSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
+DSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/dsa/dsa.h b/src/lib/pubkey/dsa/dsa.h
index d8cd61df5..57c7b7c5c 100644
--- a/src/lib/pubkey/dsa/dsa.h
+++ b/src/lib/pubkey/dsa/dsa.h
@@ -34,8 +34,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey
DSA_PublicKey(const DL_Group& group, const BigInt& y);
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
DSA_PublicKey() {}
@@ -61,7 +60,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey,
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& provider) const;
+ const std::string& provider) const override;
};
}
diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index 79c63da8c..a4791e15e 100644
--- a/src/lib/pubkey/ecdh/ecdh.cpp
+++ b/src/lib/pubkey/ecdh/ecdh.cpp
@@ -39,6 +39,7 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF
secure_vector<byte> raw_agree(const byte w[], size_t w_len) override
{
PointGFp point = OS2ECP(w, w_len, m_curve);
+ // TODO: add blinding
PointGFp S = (m_cofactor * point) * m_l_times_priv;
BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve");
return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes());
@@ -57,15 +58,24 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
- std::unique_ptr<PK_Ops::Key_Agreement> res = make_openssl_ecdh_ka_op(*this, params);
- if(res)
- return res;
+ try
+ {
+ return make_openssl_ecdh_ka_op(*this, params);
+ }
+ catch(Exception& e)
+ {
+ if(provider == "openssl")
+ throw Exception("OpenSSL ECDH refused key or params", e.what());
+ }
}
#endif
- return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 6a81ababf..f93fcc7a5 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -159,36 +159,54 @@ bool ECDSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
}
std::unique_ptr<PK_Ops::Verification>
-ECDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ECDSA_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
- std::unique_ptr<PK_Ops::Verification> res = make_openssl_ecdsa_ver_op(*this, params);
- if(res)
- return res;
+ try
+ {
+ return make_openssl_ecdsa_ver_op(*this, params);
+ }
+ catch(Exception& e)
+ {
+ if(provider == "openssl")
+ throw Exception("OpenSSL provider refused ECDSA pubkey", e.what());
+ }
}
#endif
- return std::unique_ptr<PK_Ops::Verification>(new ECDSA_Verification_Operation(*this, params));
+
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new ECDSA_Verification_Operation(*this, params));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
-ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
+ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
- std::unique_ptr<PK_Ops::Signature> res = make_openssl_ecdsa_sig_op(*this, params);
- if(res)
- return res;
+ try
+ {
+ return make_openssl_ecdsa_sig_op(*this, params);
+ }
+ catch(Exception& e)
+ {
+ if(provider == "openssl")
+ throw Exception("OpenSSL provider refused ECDSA privkey", e.what());
+ }
}
#endif
- return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/ecdsa/ecdsa.h b/src/lib/pubkey/ecdsa/ecdsa.h
index 9a55fbe48..d9dcacd06 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.h
+++ b/src/lib/pubkey/ecdsa/ecdsa.h
@@ -54,8 +54,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey
{ return domain().get_order().bytes(); }
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
ECDSA_PublicKey() {}
@@ -94,7 +93,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey,
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& provider) const;
+ const std::string& provider) const override;
};
}
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index b112a4466..136f2159a 100644
--- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -141,19 +141,22 @@ bool ECGDSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
}
std::unique_ptr<PK_Ops::Verification>
-ECGDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ECGDSA_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Verification>(new ECGDSA_Verification_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new ECGDSA_Verification_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
-ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
+ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Signature>(new ECGDSA_Signature_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new ECGDSA_Signature_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.h b/src/lib/pubkey/ecgdsa/ecgdsa.h
index ec9180ee5..203e8d0a8 100644
--- a/src/lib/pubkey/ecgdsa/ecgdsa.h
+++ b/src/lib/pubkey/ecgdsa/ecgdsa.h
@@ -52,8 +52,7 @@ class BOTAN_DLL ECGDSA_PublicKey : public virtual EC_PublicKey
{ return domain().get_order().bytes(); }
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
ECGDSA_PublicKey() {}
@@ -92,7 +91,7 @@ class BOTAN_DLL ECGDSA_PrivateKey : public ECGDSA_PublicKey,
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& provider) const;
+ const std::string& provider) const override;
};
}
diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
index e61ceaa19..5375d047a 100644
--- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp
+++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
@@ -196,19 +196,22 @@ bool ECKCDSA_Verification_Operation::verify(const byte msg[], size_t,
}
std::unique_ptr<PK_Ops::Verification>
-ECKCDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ECKCDSA_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Verification>(new ECKCDSA_Verification_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new ECKCDSA_Verification_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
-ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
- const std::string& params,
- const std::string& provider) const
+ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
+ const std::string& params,
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Signature>(new ECKCDSA_Signature_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new ECKCDSA_Signature_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.h b/src/lib/pubkey/eckcdsa/eckcdsa.h
index f8514776b..09ee34ed5 100644
--- a/src/lib/pubkey/eckcdsa/eckcdsa.h
+++ b/src/lib/pubkey/eckcdsa/eckcdsa.h
@@ -52,8 +52,7 @@ class BOTAN_DLL ECKCDSA_PublicKey : public virtual EC_PublicKey
{ return domain().get_order().bytes(); }
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
ECKCDSA_PublicKey() {}
@@ -92,7 +91,7 @@ class BOTAN_DLL ECKCDSA_PrivateKey : public ECKCDSA_PublicKey,
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& provider) const;
+ const std::string& provider) const override;
};
}
diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
index fbbd09226..046c2c3f6 100644
--- a/src/lib/pubkey/elgamal/elgamal.cpp
+++ b/src/lib/pubkey/elgamal/elgamal.cpp
@@ -186,17 +186,21 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len)
std::unique_ptr<PK_Ops::Encryption>
ElGamal_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Encryption>(new ElGamal_Encryption_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Encryption>(new ElGamal_Encryption_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Decryption>
ElGamal_PrivateKey::create_decryption_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Decryption>(new ElGamal_Decryption_Operation(*this, params, rng));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Decryption>(new ElGamal_Decryption_Operation(*this, params, rng));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp
index c37c8c845..7fde29bc5 100644
--- a/src/lib/pubkey/gost_3410/gost_3410.cpp
+++ b/src/lib/pubkey/gost_3410/gost_3410.cpp
@@ -214,19 +214,22 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len,
}
std::unique_ptr<PK_Ops::Verification>
-GOST_3410_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+GOST_3410_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Verification>(new GOST_3410_Verification_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new GOST_3410_Verification_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
-GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
+GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::Signature>(new GOST_3410_Signature_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new GOST_3410_Signature_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h
index 9d79f48d7..cca811896 100644
--- a/src/lib/pubkey/gost_3410/gost_3410.h
+++ b/src/lib/pubkey/gost_3410/gost_3410.h
@@ -60,8 +60,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey
{ return domain().get_order().bytes(); }
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
@@ -97,7 +96,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey,
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& provider) const;
+ const std::string& provider) const override;
};
}
diff --git a/src/lib/pubkey/keypair/keypair.cpp b/src/lib/pubkey/keypair/keypair.cpp
index 6ea514d34..2efd40b6e 100644
--- a/src/lib/pubkey/keypair/keypair.cpp
+++ b/src/lib/pubkey/keypair/keypair.cpp
@@ -49,7 +49,7 @@ bool signature_consistency_check(RandomNumberGenerator& rng,
const std::string& padding)
{
PK_Signer signer(key, rng, padding);
- PK_Verifier verifier(key, rng, padding);
+ PK_Verifier verifier(key, padding);
std::vector<byte> message = unlock(rng.random_vec(16));
diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp
index b5eed5a38..c65322348 100644
--- a/src/lib/pubkey/mce/mceliece_key.cpp
+++ b/src/lib/pubkey/mce/mceliece_key.cpp
@@ -356,17 +356,21 @@ class MCE_KEM_Decryptor : public PK_Ops::KEM_Decryption_with_KDF
std::unique_ptr<PK_Ops::KEM_Encryption>
McEliece_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::KEM_Encryption>(new MCE_KEM_Encryptor(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::KEM_Encryption>(new MCE_KEM_Encryptor(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::KEM_Decryption>
McEliece_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::KEM_Decryption>(new MCE_KEM_Decryptor(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::KEM_Decryption>(new MCE_KEM_Decryptor(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp
index ff57d88cc..21b56ed81 100644
--- a/src/lib/pubkey/pk_keys.cpp
+++ b/src/lib/pubkey/pk_keys.cpp
@@ -96,8 +96,7 @@ Public_Key::create_kem_encryption_op(RandomNumberGenerator& /*rng*/,
}
std::unique_ptr<PK_Ops::Verification>
-Public_Key::create_verification_op(RandomNumberGenerator& /*rng*/,
- const std::string& /*params*/,
+Public_Key::create_verification_op(const std::string& /*params*/,
const std::string& /*provider*/) const
{
throw Lookup_Error(algo_name() + " does not support verification");
diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h
index 9de884103..13d94c085 100644
--- a/src/lib/pubkey/pk_keys.h
+++ b/src/lib/pubkey/pk_keys.h
@@ -122,14 +122,9 @@ class BOTAN_DLL Public_Key
/**
* Return a verification operation for this key/params or throw
- *
- * @param rng a random number generator. The PK_Op may maintain a
- * reference to the RNG and use it many times. The rng must outlive
- * any operations which reference it.
*/
virtual std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const;
virtual ~Public_Key() {}
diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp
index 51869326a..fa5777bde 100644
--- a/src/lib/pubkey/pubkey.cpp
+++ b/src/lib/pubkey/pubkey.cpp
@@ -252,12 +252,11 @@ std::vector<byte> PK_Signer::signature(RandomNumberGenerator& rng)
}
PK_Verifier::PK_Verifier(const Public_Key& key,
- RandomNumberGenerator& rng,
const std::string& emsa,
Signature_Format format,
const std::string& provider)
{
- m_op = key.create_verification_op(rng, emsa, provider);
+ m_op = key.create_verification_op(emsa, provider);
BOTAN_ASSERT_NONNULL(m_op);
m_sig_format = format;
}
diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h
index 18b5d0f9b..077796a5d 100644
--- a/src/lib/pubkey/pubkey.h
+++ b/src/lib/pubkey/pubkey.h
@@ -281,27 +281,10 @@ class BOTAN_DLL PK_Verifier
* @param format the signature format to use
*/
PK_Verifier(const Public_Key& pub_key,
- RandomNumberGenerator& rng,
const std::string& emsa,
Signature_Format format = IEEE_1363,
const std::string& provider = "");
-#if defined(BOTAN_PUBKEY_INCLUDE_DEPRECATED_CONSTRUCTORS)
- /**
- * Construct a PK Verifier.
- * @param pub_key the public key to verify against
- * @param emsa the EMSA to use (eg "EMSA3(SHA-1)")
- * @param format the signature format to use
- */
- BOTAN_DEPRECATED("Use constructor taking a RNG object")
- PK_Verifier(const Public_Key& pub_key,
- const std::string& emsa,
- Signature_Format format = IEEE_1363,
- const std::string& provider = "") :
- PK_Verifier(pub_key, system_rng(), emsa, format, provider)
- {}
-#endif
-
/**
* Verify a signature.
* @param msg the message that the signature belongs to, as a byte array
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index c8d1e7afc..b40f485e3 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -406,37 +406,51 @@ class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF,
}
std::unique_ptr<PK_Ops::Encryption>
-RSA_PublicKey::create_encryption_op(RandomNumberGenerator& rng,
+RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
- std::unique_ptr<PK_Ops::Encryption> res = make_openssl_rsa_enc_op(*this, params);
- if(res)
- return res;
+ try
+ {
+ return make_openssl_rsa_enc_op(*this, params);
+ }
+ catch(Exception& e)
+ {
+ /*
+ * If OpenSSL for some reason could not handle this (eg due to OAEP params),
+ * throw if openssl was specifically requested but otherwise just fall back
+ * to the normal version.
+ */
+ if(provider == "openssl")
+ throw Exception("OpenSSL RSA provider rejected key:", e.what());
+ }
}
#endif
- return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::KEM_Encryption>
-RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& rng,
+RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params));
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Verification>
-RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+RSA_PublicKey::create_verification_op(const std::string& params,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params);
if(res)
@@ -444,7 +458,10 @@ RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng,
}
#endif
- return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Decryption>
@@ -453,23 +470,35 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
- std::unique_ptr<PK_Ops::Decryption> res = make_openssl_rsa_dec_op(*this, params);
- if(res)
- return res;
+ try
+ {
+ return make_openssl_rsa_dec_op(*this, params);
+ }
+ catch(Exception& e)
+ {
+ if(provider == "openssl")
+ throw Exception("OpenSSL RSA provider rejected key:", e.what());
+ }
}
#endif
- return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::KEM_Decryption>
RSA_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& rng,
const std::string& params,
- const std::string& /*provider*/) const
+ const std::string& provider) const
{
- return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
std::unique_ptr<PK_Ops::Signature>
@@ -478,7 +507,7 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
const std::string& provider) const
{
#if defined(BOTAN_HAS_OPENSSL)
- if(provider == "openssl")
+ if(provider == "openssl" || provider.empty())
{
std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params);
if(res)
@@ -486,7 +515,10 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
}
#endif
- return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng));
+ if(provider == "base" || provider.empty())
+ return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng));
+
+ throw Provider_Not_Found(algo_name(), provider);
}
}
diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h
index 203a3a323..ddfd23b05 100644
--- a/src/lib/pubkey/rsa/rsa.h
+++ b/src/lib/pubkey/rsa/rsa.h
@@ -63,8 +63,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual Public_Key
const std::string& provider) const override;
std::unique_ptr<PK_Ops::Verification>
- create_verification_op(RandomNumberGenerator& rng,
- const std::string& params,
+ create_verification_op(const std::string& params,
const std::string& provider) const override;
protected:
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-20 07:35:46 +0000