diff options
| author | lloyd <[email protected]> | 2015-02-04 04:03:38 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2015-02-04 04:03:38 +0000 |
| commit | 0dd060fed07b0060f94e3bae62e125a85c1bb877 (patch) | |
| tree | ed4bc7a961e2b30f17ed5e80769c84b0c313c8b7 /src/lib | |
| parent | f9a7c85b74be0f4a7273e8e0591703af83036e81 (diff) | |
Remove algo factory, engines, global RNG, global state, etc.
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
Diffstat (limited to 'src/lib')
194 files changed, 1142 insertions, 3242 deletions
diff --git a/src/lib/algo_base/algo_registry.cpp b/src/lib/algo_base/algo_registry.cpp deleted file mode 100644 index c33b1b3c7..000000000 --- a/src/lib/algo_base/algo_registry.cpp +++ /dev/null @@ -1,20 +0,0 @@ -/* -* (C) 2014,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/transform.h> -#include <botan/algo_registry.h> - -namespace Botan { - -Transform* get_transform(const std::string& specstr, - const std::string& provider, - const std::string& dirstr) - { - Algo_Registry<Transform>::Spec spec(specstr, dirstr); - return Algo_Registry<Transform>::global_registry().make(spec, provider); - } - -} diff --git a/src/lib/algo_base/info.txt b/src/lib/algo_base/info.txt deleted file mode 100644 index dcc744d25..000000000 --- a/src/lib/algo_base/info.txt +++ /dev/null @@ -1,7 +0,0 @@ -define TRANSFORM 20131209 - -<requires> -alloc -hex -rng -</requires> diff --git a/src/lib/algo_factory/algo_cache.h b/src/lib/algo_factory/algo_cache.h deleted file mode 100644 index 66c62da67..000000000 --- a/src/lib/algo_factory/algo_cache.h +++ /dev/null @@ -1,239 +0,0 @@ -/* -* An algorithm cache (used by Algorithm_Factory) -* (C) 2008-2009,2011 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ALGORITHM_CACHE_TEMPLATE_H__ -#define BOTAN_ALGORITHM_CACHE_TEMPLATE_H__ - -#include <botan/types.h> -#include <botan/internal/stl_util.h> -#include <mutex> -#include <string> -#include <vector> -#include <map> - -namespace Botan { - -/** -* @param prov_name a provider name -* @return weight for this provider -*/ -size_t static_provider_weight(const std::string& prov_name); - -/** -* Algorithm_Cache (used by Algorithm_Factory) -*/ -template<typename T> -class Algorithm_Cache - { - public: - /** - * @param algo_spec names the requested algorithm - * @param pref_provider suggests a preferred provider - * @return prototype object, or NULL - */ - const T* get(const std::string& algo_spec, - const std::string& pref_provider); - - /** - * Add a new algorithm implementation to the cache - * @param algo the algorithm prototype object - * @param requested_name how this name will be requested - * @param provider_name is the name of the provider of this prototype - */ - void add(T* algo, - const std::string& requested_name, - const std::string& provider_name); - - /** - * Set the preferred provider - * @param algo_spec names the algorithm - * @param provider names the preferred provider - */ - void set_preferred_provider(const std::string& algo_spec, - const std::string& provider); - - /** - * Return the list of providers of this algorithm - * @param algo_name names the algorithm - * @return list of providers of this algorithm - */ - std::vector<std::string> providers_of(const std::string& algo_name); - - /** - * Clear the cache - */ - void clear_cache(); - - ~Algorithm_Cache() { clear_cache(); } - private: - typename std::map<std::string, std::map<std::string, T*> >::const_iterator - find_algorithm(const std::string& algo_spec); - - std::mutex mutex; - std::map<std::string, std::string> aliases; - std::map<std::string, std::string> pref_providers; - std::map<std::string, std::map<std::string, T*> > algorithms; - }; - -/* -* Look for an algorithm implementation in the cache, also checking aliases -* Assumes object lock is held -*/ -template<typename T> -typename std::map<std::string, std::map<std::string, T*> >::const_iterator -Algorithm_Cache<T>::find_algorithm(const std::string& algo_spec) - { - auto algo = algorithms.find(algo_spec); - - // Not found? Check if a known alias - if(algo == algorithms.end()) - { - auto alias = aliases.find(algo_spec); - - if(alias != aliases.end()) - algo = algorithms.find(alias->second); - } - - return algo; - } - -/* -* Look for an algorithm implementation by a particular provider -*/ -template<typename T> -const T* Algorithm_Cache<T>::get(const std::string& algo_spec, - const std::string& requested_provider) - { - std::lock_guard<std::mutex> lock(mutex); - - auto algo = find_algorithm(algo_spec); - if(algo == algorithms.end()) // algo not found at all (no providers) - return nullptr; - - // If a provider is requested specifically, return it or fail entirely - if(requested_provider != "") - { - auto prov = algo->second.find(requested_provider); - if(prov != algo->second.end()) - return prov->second; - return nullptr; - } - - const T* prototype = nullptr; - std::string prototype_provider; - size_t prototype_prov_weight = 0; - - const std::string pref_provider = search_map(pref_providers, algo_spec); - - for(auto i = algo->second.begin(); i != algo->second.end(); ++i) - { - // preferred prov exists, return immediately - if(i->first == pref_provider) - return i->second; - - const size_t prov_weight = static_provider_weight(i->first); - - if(prototype == nullptr || prov_weight > prototype_prov_weight) - { - prototype = i->second; - prototype_provider = i->first; - prototype_prov_weight = prov_weight; - } - } - - return prototype; - } - -/* -* Add an implementation to the cache -*/ -template<typename T> -void Algorithm_Cache<T>::add(T* algo, - const std::string& requested_name, - const std::string& provider) - { - if(!algo) - return; - - std::lock_guard<std::mutex> lock(mutex); - - if(algo->name() != requested_name && - aliases.find(requested_name) == aliases.end()) - { - aliases[requested_name] = algo->name(); - } - - if(!algorithms[algo->name()][provider]) - algorithms[algo->name()][provider] = algo; - else - delete algo; - } - -/* -* Find the providers of this algo (if any) -*/ -template<typename T> std::vector<std::string> -Algorithm_Cache<T>::providers_of(const std::string& algo_name) - { - std::lock_guard<std::mutex> lock(mutex); - - std::vector<std::string> providers; - - auto algo = find_algorithm(algo_name); - if(algo != algorithms.end()) - { - auto provider = algo->second.begin(); - - while(provider != algo->second.end()) - { - providers.push_back(provider->first); - ++provider; - } - } - - return providers; - } - -/* -* Set the preferred provider for an algorithm -*/ -template<typename T> -void Algorithm_Cache<T>::set_preferred_provider(const std::string& algo_spec, - const std::string& provider) - { - std::lock_guard<std::mutex> lock(mutex); - - pref_providers[algo_spec] = provider; - } - -/* -* Clear out the cache -*/ -template<typename T> -void Algorithm_Cache<T>::clear_cache() - { - auto algo = algorithms.begin(); - - while(algo != algorithms.end()) - { - auto provider = algo->second.begin(); - - while(provider != algo->second.end()) - { - delete provider->second; - ++provider; - } - - ++algo; - } - - algorithms.clear(); - } - -} - -#endif diff --git a/src/lib/algo_factory/algo_factory.cpp b/src/lib/algo_factory/algo_factory.cpp deleted file mode 100644 index 9c805f67a..000000000 --- a/src/lib/algo_factory/algo_factory.cpp +++ /dev/null @@ -1,291 +0,0 @@ -/* -* Algorithm Factory -* (C) 2008-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/algo_factory.h> -#include <botan/internal/algo_cache.h> -#include <botan/internal/stl_util.h> -#include <botan/engine.h> -#include <botan/exceptn.h> - -#include <botan/block_cipher.h> -#include <botan/stream_cipher.h> -#include <botan/hash.h> -#include <botan/mac.h> -#include <botan/pbkdf.h> - -#include <algorithm> - -namespace Botan { - -namespace { - -/* -* Template functions for the factory prototype/search algorithm -*/ -template<typename T> -T* engine_get_algo(Engine*, - const SCAN_Name&, - Algorithm_Factory&) - { return nullptr; } - -template<> -BlockCipher* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_block_cipher(request, af); } - -template<> -StreamCipher* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_stream_cipher(request, af); } - -template<> -HashFunction* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_hash(request, af); } - -template<> -MessageAuthenticationCode* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_mac(request, af); } - -template<> -PBKDF* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_pbkdf(request, af); } - -template<typename T> -const T* factory_prototype(const std::string& algo_spec, - const std::string& provider, - const std::vector<Engine*>& engines, - Algorithm_Factory& af, - Algorithm_Cache<T>& cache) - { - if(const T* cache_hit = cache.get(algo_spec, provider)) - return cache_hit; - - SCAN_Name scan_name(algo_spec); - - if(scan_name.cipher_mode() != "") - return nullptr; - - for(size_t i = 0; i != engines.size(); ++i) - { - if(provider == "" || engines[i]->provider_name() == provider) - { - if(T* impl = engine_get_algo<T>(engines[i], scan_name, af)) - cache.add(impl, algo_spec, engines[i]->provider_name()); - } - } - - return cache.get(algo_spec, provider); - } - -} - -/* -* Setup caches -*/ -Algorithm_Factory::Algorithm_Factory() - { - block_cipher_cache.reset(new Algorithm_Cache<BlockCipher>()); - stream_cipher_cache.reset(new Algorithm_Cache<StreamCipher>()); - hash_cache.reset(new Algorithm_Cache<HashFunction>()); - mac_cache.reset(new Algorithm_Cache<MessageAuthenticationCode>()); - pbkdf_cache.reset(new Algorithm_Cache<PBKDF>()); - } - -/* -* Delete all engines -*/ -Algorithm_Factory::~Algorithm_Factory() - { - for(auto i = engines.begin(); i != engines.end(); ++i) - delete *i; - } - -void Algorithm_Factory::clear_caches() - { - block_cipher_cache->clear_cache(); - stream_cipher_cache->clear_cache(); - hash_cache->clear_cache(); - mac_cache->clear_cache(); - pbkdf_cache->clear_cache(); - } - -void Algorithm_Factory::add_engine(Engine* engine) - { - clear_caches(); - engines.push_back(engine); - } - -/* -* Set the preferred provider for an algorithm -*/ -void Algorithm_Factory::set_preferred_provider(const std::string& algo_spec, - const std::string& provider) - { - if(prototype_block_cipher(algo_spec)) - block_cipher_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_stream_cipher(algo_spec)) - stream_cipher_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_hash_function(algo_spec)) - hash_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_mac(algo_spec)) - mac_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_pbkdf(algo_spec)) - pbkdf_cache->set_preferred_provider(algo_spec, provider); - } - -/* -* Return the possible providers of a request -* Note: assumes you don't have different types by the same name -*/ -std::vector<std::string> -Algorithm_Factory::providers_of(const std::string& algo_spec) - { - /* The checks with if(prototype_X(algo_spec)) have the effect of - forcing a full search, since otherwise there might not be any - providers at all in the cache. - */ - - if(prototype_block_cipher(algo_spec)) - return block_cipher_cache->providers_of(algo_spec); - else if(prototype_stream_cipher(algo_spec)) - return stream_cipher_cache->providers_of(algo_spec); - else if(prototype_hash_function(algo_spec)) - return hash_cache->providers_of(algo_spec); - else if(prototype_mac(algo_spec)) - return mac_cache->providers_of(algo_spec); - else if(prototype_pbkdf(algo_spec)) - return pbkdf_cache->providers_of(algo_spec); - else - return std::vector<std::string>(); - } - -/* -* Return the prototypical block cipher corresponding to this request -*/ -const BlockCipher* -Algorithm_Factory::prototype_block_cipher(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<BlockCipher>(algo_spec, provider, engines, - *this, *block_cipher_cache); - } - -/* -* Return the prototypical stream cipher corresponding to this request -*/ -const StreamCipher* -Algorithm_Factory::prototype_stream_cipher(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<StreamCipher>(algo_spec, provider, engines, - *this, *stream_cipher_cache); - } - -/* -* Return the prototypical object corresponding to this request (if found) -*/ -const HashFunction* -Algorithm_Factory::prototype_hash_function(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<HashFunction>(algo_spec, provider, engines, - *this, *hash_cache); - } - -/* -* Return the prototypical object corresponding to this request -*/ -const MessageAuthenticationCode* -Algorithm_Factory::prototype_mac(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<MessageAuthenticationCode>(algo_spec, provider, - engines, - *this, *mac_cache); - } - -/* -* Return the prototypical object corresponding to this request -*/ -const PBKDF* -Algorithm_Factory::prototype_pbkdf(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<PBKDF>(algo_spec, provider, - engines, - *this, *pbkdf_cache); - } - -/* -* Return a new block cipher corresponding to this request -*/ -BlockCipher* -Algorithm_Factory::make_block_cipher(const std::string& algo_spec, - const std::string& provider) - { - if(const BlockCipher* proto = prototype_block_cipher(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new stream cipher corresponding to this request -*/ -StreamCipher* -Algorithm_Factory::make_stream_cipher(const std::string& algo_spec, - const std::string& provider) - { - if(const StreamCipher* proto = prototype_stream_cipher(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -HashFunction* -Algorithm_Factory::make_hash_function(const std::string& algo_spec, - const std::string& provider) - { - if(const HashFunction* proto = prototype_hash_function(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -MessageAuthenticationCode* -Algorithm_Factory::make_mac(const std::string& algo_spec, - const std::string& provider) - { - if(const MessageAuthenticationCode* proto = prototype_mac(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -PBKDF* -Algorithm_Factory::make_pbkdf(const std::string& algo_spec, - const std::string& provider) - { - if(const PBKDF* proto = prototype_pbkdf(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -} diff --git a/src/lib/algo_factory/algo_factory.h b/src/lib/algo_factory/algo_factory.h deleted file mode 100644 index 6d4084f53..000000000 --- a/src/lib/algo_factory/algo_factory.h +++ /dev/null @@ -1,165 +0,0 @@ -/* -* Algorithm Factory -* (C) 2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ALGORITHM_FACTORY_H__ -#define BOTAN_ALGORITHM_FACTORY_H__ - -#include <botan/types.h> -#include <string> -#include <vector> - -namespace Botan { - -/** -* Forward declarations (don't need full definitions here) -*/ -class BlockCipher; -class StreamCipher; -class HashFunction; -class MessageAuthenticationCode; -class PBKDF; - -template<typename T> class Algorithm_Cache; - -class Engine; - -/** -* Algorithm Factory -*/ -class BOTAN_DLL Algorithm_Factory - { - public: - /** - * Constructor - */ - Algorithm_Factory(); - - /** - * Destructor - */ - ~Algorithm_Factory(); - - /** - * @param engine to add (Algorithm_Factory takes ownership) - */ - void add_engine(Engine* engine); - - /** - * Clear out any cached objects - */ - void clear_caches(); - - /** - * @param algo_spec the algorithm we are querying - * @returns list of providers of this algorithm - */ - std::vector<std::string> providers_of(const std::string& algo_spec); - - /** - * @param algo_spec the algorithm we are setting a provider for - * @param provider the provider we would like to use - */ - void set_preferred_provider(const std::string& algo_spec, - const std::string& provider); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const BlockCipher* - prototype_block_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - BlockCipher* make_block_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const StreamCipher* - prototype_stream_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - StreamCipher* make_stream_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const HashFunction* - prototype_hash_function(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - HashFunction* make_hash_function(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const MessageAuthenticationCode* - prototype_mac(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - MessageAuthenticationCode* make_mac(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const PBKDF* prototype_pbkdf(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - PBKDF* make_pbkdf(const std::string& algo_spec, - const std::string& provider = ""); - - private: - std::vector<Engine*> engines; - - std::unique_ptr<Algorithm_Cache<BlockCipher>> block_cipher_cache; - std::unique_ptr<Algorithm_Cache<StreamCipher>> stream_cipher_cache; - std::unique_ptr<Algorithm_Cache<HashFunction>> hash_cache; - std::unique_ptr<Algorithm_Cache<MessageAuthenticationCode>> mac_cache; - std::unique_ptr<Algorithm_Cache<PBKDF>> pbkdf_cache; - }; - -} - -#endif diff --git a/src/lib/algo_factory/info.txt b/src/lib/algo_factory/info.txt deleted file mode 100644 index 837ced1d0..000000000 --- a/src/lib/algo_factory/info.txt +++ /dev/null @@ -1,24 +0,0 @@ -load_on auto - -define ALGORITHM_FACTORY 20131128 - -<header:public> -algo_factory.h -</header:public> - -<header:internal> -algo_cache.h -</header:internal> - -<source> -algo_factory.cpp -prov_weight.cpp -</source> - -<requires> -block -engine -hash -mac -stream -</requires> diff --git a/src/lib/algo_factory/prov_weight.cpp b/src/lib/algo_factory/prov_weight.cpp deleted file mode 100644 index 3c793a299..000000000 --- a/src/lib/algo_factory/prov_weight.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* -* Default provider weights for Algorithm_Cache -* (C) 2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/algo_cache.h> - -namespace Botan { - -/** -* Return a static provider weighing -*/ -size_t static_provider_weight(const std::string& prov_name) - { - /* - * Prefer asm over C++, but prefer anything over OpenSSL or GNU MP; to use - * them, set the provider explicitly for the algorithms you want - */ - - if(prov_name == "aes_isa") return 9; - if(prov_name == "simd") return 8; - if(prov_name == "asm") return 7; - - if(prov_name == "core") return 5; - - if(prov_name == "openssl") return 2; - if(prov_name == "gmp") return 1; - - return 0; // other/unknown - } - -} diff --git a/src/lib/asn1/oid_lookup/default.cpp b/src/lib/asn1/oid_lookup/default.cpp index 161607ad2..de04f542a 100644 --- a/src/lib/asn1/oid_lookup/default.cpp +++ b/src/lib/asn1/oid_lookup/default.cpp @@ -11,243 +11,232 @@ namespace Botan { namespace OIDS { -/* -* Load all of the default OIDs -*/ -void set_defaults() +const char* default_oid_list() { - /* Public key types */ - OIDS::add_oidstr("1.2.840.113549.1.1.1", "RSA"); - OIDS::add_oidstr("2.5.8.1.1", "RSA"); // RSA alternate - OIDS::add_oidstr("1.2.840.10040.4.1", "DSA"); - OIDS::add_oidstr("1.2.840.10046.2.1", "DH"); - OIDS::add_oidstr("1.3.6.1.4.1.3029.1.2.1", "ElGamal"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.1", "RW"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.2", "NR"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.3", "McEliece"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.4", "Curve25519"); - - // X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5) - OIDS::add_oidstr("1.2.840.10045.2.1", "ECDSA"); - - /* - * This is an OID defined for ECDH keys though rarely used for such. - * In this configuration it is accepted on decoding, but not used for - * encoding. You can enable it for encoding by calling - * OIDS::add_str2oid("ECDH", "1.3.132.1.12") - * from your application code. - */ - OIDS::add_oid2str(OID("1.3.132.1.12"), "ECDH"); - - OIDS::add_oidstr("1.2.643.2.2.19", "GOST-34.10"); // RFC 4491 - - /* Ciphers */ - OIDS::add_oidstr("1.3.14.3.2.7", "DES/CBC"); - OIDS::add_oidstr("1.2.840.113549.3.7", "TripleDES/CBC"); - OIDS::add_oidstr("1.2.840.113549.3.2", "RC2/CBC"); - OIDS::add_oidstr("1.2.840.113533.7.66.10", "CAST-128/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.2", "AES-128/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.22", "AES-192/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.42", "AES-256/CBC"); - OIDS::add_oidstr("1.2.410.200004.1.4", "SEED/CBC"); // RFC 4010 - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.1", "Serpent/CBC"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2", "Threefish-512/CBC"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.3", "Twofish/CBC"); - - OIDS::add_oidstr("2.16.840.1.101.3.4.1.6", "AES-128/GCM"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.26", "AES-192/GCM"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.46", "AES-256/GCM"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.101", "Serpent/GCM"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.102", "Twofish/GCM"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.1", "AES-128/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.2", "AES-192/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.3", "AES-256/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.4", "Serpent/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.5", "Twofish/OCB"); - - /* Hash Functions */ - OIDS::add_oidstr("1.2.840.113549.2.5", "MD5"); - OIDS::add_oidstr("1.3.6.1.4.1.11591.12.2", "Tiger(24,3)"); - - OIDS::add_oidstr("1.3.14.3.2.26", "SHA-160"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.4", "SHA-224"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.1", "SHA-256"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.2", "SHA-384"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.3", "SHA-512"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.6", "SHA-512-256"); - - /* MACs */ - OIDS::add_oidstr("1.2.840.113549.2.7", "HMAC(SHA-160)"); - OIDS::add_oidstr("1.2.840.113549.2.8", "HMAC(SHA-224)"); - OIDS::add_oidstr("1.2.840.113549.2.9", "HMAC(SHA-256)"); - OIDS::add_oidstr("1.2.840.113549.2.10", "HMAC(SHA-384)"); - OIDS::add_oidstr("1.2.840.113549.2.11", "HMAC(SHA-512)"); - - /* Key Wrap */ - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2"); - OIDS::add_oidstr("1.2.840.113533.7.66.15", "KeyWrap.CAST-128"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256"); - - /* Compression */ - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.8", "Compression.Zlib"); - - /* Public key signature schemes */ - OIDS::add_oidstr("1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5"); - OIDS::add_oidstr("1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)"); - OIDS::add_oidstr("1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)"); - OIDS::add_oidstr("1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)"); - OIDS::add_oidstr("1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)"); - OIDS::add_oidstr("1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)"); - OIDS::add_oidstr("1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)"); - OIDS::add_oidstr("1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)"); - - OIDS::add_oidstr("1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)"); - OIDS::add_oidstr("2.16.840.1.101.3.4.3.1", "DSA/EMSA1(SHA-224)"); - OIDS::add_oidstr("2.16.840.1.101.3.4.3.2", "DSA/EMSA1(SHA-256)"); - - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.1", "ECDSA/EMSA1_BSI(SHA-160)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.2", "ECDSA/EMSA1_BSI(SHA-224)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.3", "ECDSA/EMSA1_BSI(SHA-256)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.4", "ECDSA/EMSA1_BSI(SHA-384)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.5", "ECDSA/EMSA1_BSI(SHA-512)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.6", "ECDSA/EMSA1_BSI(RIPEMD-160)"); - - OIDS::add_oidstr("1.2.840.10045.4.1", "ECDSA/EMSA1(SHA-160)"); - OIDS::add_oidstr("1.2.840.10045.4.3.1", "ECDSA/EMSA1(SHA-224)"); - OIDS::add_oidstr("1.2.840.10045.4.3.2", "ECDSA/EMSA1(SHA-256)"); - OIDS::add_oidstr("1.2.840.10045.4.3.3", "ECDSA/EMSA1(SHA-384)"); - OIDS::add_oidstr("1.2.840.10045.4.3.4", "ECDSA/EMSA1(SHA-512)"); - - OIDS::add_oidstr("1.2.643.2.2.3", "GOST-34.10/EMSA1(GOST-R-34.11-94)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.1", "RW/EMSA2(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.2", "RW/EMSA2(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.3", "RW/EMSA2(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.4", "RW/EMSA2(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.5", "RW/EMSA2(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.6", "RW/EMSA2(SHA-512)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.1", "RW/EMSA4(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.2", "RW/EMSA4(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.3", "RW/EMSA4(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.4", "RW/EMSA4(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.5", "RW/EMSA4(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.6", "RW/EMSA4(SHA-512)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.1", "NR/EMSA2(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.2", "NR/EMSA2(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.3", "NR/EMSA2(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.4", "NR/EMSA2(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.5", "NR/EMSA2(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.6", "NR/EMSA2(SHA-512)"); - - OIDS::add_oidstr("2.5.4.3", "X520.CommonName"); - OIDS::add_oidstr("2.5.4.4", "X520.Surname"); - OIDS::add_oidstr("2.5.4.5", "X520.SerialNumber"); - OIDS::add_oidstr("2.5.4.6", "X520.Country"); - OIDS::add_oidstr("2.5.4.7", "X520.Locality"); - OIDS::add_oidstr("2.5.4.8", "X520.State"); - OIDS::add_oidstr("2.5.4.10", "X520.Organization"); - OIDS::add_oidstr("2.5.4.11", "X520.OrganizationalUnit"); - OIDS::add_oidstr("2.5.4.12", "X520.Title"); - OIDS::add_oidstr("2.5.4.42", "X520.GivenName"); - OIDS::add_oidstr("2.5.4.43", "X520.Initials"); - OIDS::add_oidstr("2.5.4.44", "X520.GenerationalQualifier"); - OIDS::add_oidstr("2.5.4.46", "X520.DNQualifier"); - OIDS::add_oidstr("2.5.4.65", "X520.Pseudonym"); - - OIDS::add_oidstr("1.2.840.113549.1.5.12", "PKCS5.PBKDF2"); - OIDS::add_oidstr("1.2.840.113549.1.5.13", "PBE-PKCS5v20"); - - OIDS::add_oidstr("1.2.840.113549.1.9.1", "PKCS9.EmailAddress"); - OIDS::add_oidstr("1.2.840.113549.1.9.2", "PKCS9.UnstructuredName"); - OIDS::add_oidstr("1.2.840.113549.1.9.3", "PKCS9.ContentType"); - OIDS::add_oidstr("1.2.840.113549.1.9.4", "PKCS9.MessageDigest"); - OIDS::add_oidstr("1.2.840.113549.1.9.7", "PKCS9.ChallengePassword"); - OIDS::add_oidstr("1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest"); - - OIDS::add_oidstr("1.2.840.113549.1.7.1", "CMS.DataContent"); - OIDS::add_oidstr("1.2.840.113549.1.7.2", "CMS.SignedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.3", "CMS.EnvelopedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.5", "CMS.DigestedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.6", "CMS.EncryptedData"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.1.9", "CMS.CompressedData"); - - OIDS::add_oidstr("2.5.29.14", "X509v3.SubjectKeyIdentifier"); - OIDS::add_oidstr("2.5.29.15", "X509v3.KeyUsage"); - OIDS::add_oidstr("2.5.29.17", "X509v3.SubjectAlternativeName"); - OIDS::add_oidstr("2.5.29.18", "X509v3.IssuerAlternativeName"); - OIDS::add_oidstr("2.5.29.19", "X509v3.BasicConstraints"); - OIDS::add_oidstr("2.5.29.20", "X509v3.CRLNumber"); - OIDS::add_oidstr("2.5.29.21", "X509v3.ReasonCode"); - OIDS::add_oidstr("2.5.29.23", "X509v3.HoldInstructionCode"); - OIDS::add_oidstr("2.5.29.24", "X509v3.InvalidityDate"); - OIDS::add_oidstr("2.5.29.31", "X509v3.CRLDistributionPoints"); - OIDS::add_oidstr("2.5.29.32", "X509v3.CertificatePolicies"); - OIDS::add_oidstr("2.5.29.35", "X509v3.AuthorityKeyIdentifier"); - OIDS::add_oidstr("2.5.29.36", "X509v3.PolicyConstraints"); - OIDS::add_oidstr("2.5.29.37", "X509v3.ExtendedKeyUsage"); - OIDS::add_oidstr("1.3.6.1.5.5.7.1.1", "PKIX.AuthorityInformationAccess"); - - OIDS::add_oidstr("2.5.29.32.0", "X509v3.AnyPolicy"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.48.1", "PKIX.OCSP"); - OIDS::add_oidstr("1.3.6.1.5.5.7.48.1.1", "PKIX.OCSP.BasicResponse"); - - /* ECC domain parameters */ - OIDS::add_oidstr("1.3.132.0.6", "secp112r1"); - OIDS::add_oidstr("1.3.132.0.7", "secp112r2"); - OIDS::add_oidstr("1.3.132.0.8", "secp160r1"); - OIDS::add_oidstr("1.3.132.0.9", "secp160k1"); - OIDS::add_oidstr("1.3.132.0.10", "secp256k1"); - OIDS::add_oidstr("1.3.132.0.28", "secp128r1"); - OIDS::add_oidstr("1.3.132.0.29", "secp128r2"); - OIDS::add_oidstr("1.3.132.0.30", "secp160r2"); - OIDS::add_oidstr("1.3.132.0.31", "secp192k1"); - OIDS::add_oidstr("1.3.132.0.32", "secp224k1"); - OIDS::add_oidstr("1.3.132.0.33", "secp224r1"); - OIDS::add_oidstr("1.3.132.0.34", "secp384r1"); - OIDS::add_oidstr("1.3.132.0.35", "secp521r1"); - - OIDS::add_oidstr("1.2.840.10045.3.1.1", "secp192r1"); - OIDS::add_oidstr("1.2.840.10045.3.1.2", "x962_p192v2"); - OIDS::add_oidstr("1.2.840.10045.3.1.3", "x962_p192v3"); - OIDS::add_oidstr("1.2.840.10045.3.1.4", "x962_p239v1"); - OIDS::add_oidstr("1.2.840.10045.3.1.5", "x962_p239v2"); - OIDS::add_oidstr("1.2.840.10045.3.1.6", "x962_p239v3"); - OIDS::add_oidstr("1.2.840.10045.3.1.7", "secp256r1"); - - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.1", "brainpool160r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.3", "brainpool192r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.5", "brainpool224r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.7", "brainpool256r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.9", "brainpool320r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.11", "brainpool384r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.13", "brainpool512r1"); - - OIDS::add_oidstr("1.2.643.2.2.35.1", "gost_256A"); - OIDS::add_oidstr("1.2.643.2.2.36.0", "gost_256A"); - - /* CVC */ - OIDS::add_oidstr("0.4.0.127.0.7.3.1.2.1", "CertificateHolderAuthorizationTemplate"); + return + + // Public key types + "1.2.840.113549.1.1.1 = RSA" "\n" + "2.5.8.1.1 = RSA" "\n" + "1.2.840.10040.4.1 = DSA" "\n" + "1.2.840.10046.2.1 = DH" "\n" + "1.3.6.1.4.1.3029.1.2.1 = ElGamal" "\n" + "1.3.6.1.4.1.25258.1.1 = RW" "\n" + "1.3.6.1.4.1.25258.1.2 = NR" "\n" + "1.3.6.1.4.1.25258.1.3 = McEliece" "\n" + "1.3.6.1.4.1.25258.1.4 = Curve25519" "\n" + + // X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5) + "1.2.840.10045.2.1 = ECDSA" "\n" + //"1.3.132.1.12 = ECDH" "\n" + + "1.2.643.2.2.19 = GOST-34.10" "\n" + + // Block ciphers + "1.3.14.3.2.7 = DES/CBC" "\n" + "1.2.840.113549.3.7 = TripleDES/CBC" "\n" + "1.2.840.113549.3.2 = RC2/CBC" "\n" + "1.2.840.113533.7.66.10 = CAST-128/CBC" "\n" + "2.16.840.1.101.3.4.1.2 = AES-128/CBC" "\n" + "2.16.840.1.101.3.4.1.22 = AES-192/CBC" "\n" + "2.16.840.1.101.3.4.1.42 = AES-256/CBC" "\n" + "1.2.410.200004.1.4 = SEED/CBC" "\n" + "1.3.6.1.4.1.25258.3.1 = Serpent/CBC" "\n" + "1.3.6.1.4.1.25258.3.2 = Threefish-512/CBC" "\n" + "1.3.6.1.4.1.25258.3.3 = Twofish/CBC" "\n" + + "2.16.840.1.101.3.4.1.6 = AES-128/GCM" "\n" + "2.16.840.1.101.3.4.1.26 = AES-192/GCM" "\n" + "2.16.840.1.101.3.4.1.46 = AES-256/GCM" "\n" + + "1.3.6.1.4.1.25258.3.101 = Serpent/GCM" "\n" + "1.3.6.1.4.1.25258.3.102 = Twofish/GCM" "\n" + + "1.3.6.1.4.1.25258.3.2.1 = AES-128/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.2 = AES-192/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.3 = AES-256/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.4 = Serpent/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.5 = Twofish/OCB" "\n" + + // Hashes + "1.2.840.113549.2.5 = MD5" "\n" + "1.3.6.1.4.1.11591.12.2 = Tiger(24,3)" "\n" + + "1.3.14.3.2.26 = SHA-160" "\n" + "2.16.840.1.101.3.4.2.4 = SHA-224" "\n" + "2.16.840.1.101.3.4.2.1 = SHA-256" "\n" + "2.16.840.1.101.3.4.2.2 = SHA-384" "\n" + "2.16.840.1.101.3.4.2.3 = SHA-512" "\n" + "2.16.840.1.101.3.4.2.6 = SHA-512-256" "\n" + + // MACs + "1.2.840.113549.2.7 = HMAC(SHA-160)" "\n" + "1.2.840.113549.2.8 = HMAC(SHA-224)" "\n" + "1.2.840.113549.2.9 = HMAC(SHA-256)" "\n" + "1.2.840.113549.2.10 = HMAC(SHA-384)" "\n" + "1.2.840.113549.2.11 = HMAC(SHA-512)" "\n" + + // Keywrap + "1.2.840.113549.1.9.16.3.6 = KeyWrap.TripleDES" "\n" + "1.2.840.113549.1.9.16.3.7 = KeyWrap.RC2" "\n" + "1.2.840.113533.7.66.15 = KeyWrap.CAST-128" "\n" + "2.16.840.1.101.3.4.1.5 = KeyWrap.AES-128" "\n" + "2.16.840.1.101.3.4.1.25 = KeyWrap.AES-192" "\n" + "2.16.840.1.101.3.4.1.45 = KeyWrap.AES-256" "\n" + + "1.2.840.113549.1.9.16.3.8 = Compression.Zlib" "\n" + + "1.2.840.113549.1.1.1 = RSA/EME-PKCS1-v1_5" "\n" + "1.2.840.113549.1.1.2 = RSA/EMSA3(MD2)" "\n" + "1.2.840.113549.1.1.4 = RSA/EMSA3(MD5)" "\n" + "1.2.840.113549.1.1.5 = RSA/EMSA3(SHA-160)" "\n" + "1.2.840.113549.1.1.11 = RSA/EMSA3(SHA-256)" "\n" + "1.2.840.113549.1.1.12 = RSA/EMSA3(SHA-384)" "\n" + "1.2.840.113549.1.1.13 = RSA/EMSA3(SHA-512)" "\n" + "1.3.36.3.3.1.2 = RSA/EMSA3(RIPEMD-160)" "\n" + + "1.2.840.10040.4.3 = DSA/EMSA1(SHA-160)" "\n" + "2.16.840.1.101.3.4.3.1 = DSA/EMSA1(SHA-224)" "\n" + "2.16.840.1.101.3.4.3.2 = DSA/EMSA1(SHA-256)" "\n" + + "0.4.0.127.0.7.1.1.4.1.1 = ECDSA/EMSA1_BSI(SHA-160)" "\n" + "0.4.0.127.0.7.1.1.4.1.2 = ECDSA/EMSA1_BSI(SHA-224)" "\n" + "0.4.0.127.0.7.1.1.4.1.3 = ECDSA/EMSA1_BSI(SHA-256)" "\n" + "0.4.0.127.0.7.1.1.4.1.4 = ECDSA/EMSA1_BSI(SHA-384)" "\n" + "0.4.0.127.0.7.1.1.4.1.5 = ECDSA/EMSA1_BSI(SHA-512)" "\n" + "0.4.0.127.0.7.1.1.4.1.6 = ECDSA/EMSA1_BSI(RIPEMD-160)" "\n" + + "1.2.840.10045.4.1 = ECDSA/EMSA1(SHA-160)" "\n" + "1.2.840.10045.4.3.1 = ECDSA/EMSA1(SHA-224)" "\n" + "1.2.840.10045.4.3.2 = ECDSA/EMSA1(SHA-256)" "\n" + "1.2.840.10045.4.3.3 = ECDSA/EMSA1(SHA-384)" "\n" + "1.2.840.10045.4.3.4 = ECDSA/EMSA1(SHA-512)" "\n" + + "1.2.643.2.2.3 = GOST-34.10/EMSA1(GOST-R-34.11-94)" "\n" + + "1.3.6.1.4.1.25258.2.1.1.1 = RW/EMSA2(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.1.1.2 = RW/EMSA2(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.1.1.3 = RW/EMSA2(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.1.1.4 = RW/EMSA2(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.1.1.5 = RW/EMSA2(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.1.1.6 = RW/EMSA2(SHA-512)" "\n" + + "1.3.6.1.4.1.25258.2.1.2.1 = RW/EMSA4(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.1.2.2 = RW/EMSA4(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.1.2.3 = RW/EMSA4(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.1.2.4 = RW/EMSA4(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.1.2.5 = RW/EMSA4(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.1.2.6 = RW/EMSA4(SHA-512)" "\n" + + "1.3.6.1.4.1.25258.2.2.1.1 = NR/EMSA2(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.2.1.2 = NR/EMSA2(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.2.1.3 = NR/EMSA2(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.2.1.4 = NR/EMSA2(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.2.1.5 = NR/EMSA2(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.2.1.6 = NR/EMSA2(SHA-512)" "\n" + + "2.5.4.3 = X520.CommonName" "\n" + "2.5.4.4 = X520.Surname" "\n" + "2.5.4.5 = X520.SerialNumber" "\n" + "2.5.4.6 = X520.Country" "\n" + "2.5.4.7 = X520.Locality" "\n" + "2.5.4.8 = X520.State" "\n" + "2.5.4.10 = X520.Organization" "\n" + "2.5.4.11 = X520.OrganizationalUnit" "\n" + "2.5.4.12 = X520.Title" "\n" + "2.5.4.42 = X520.GivenName" "\n" + "2.5.4.43 = X520.Initials" "\n" + "2.5.4.44 = X520.GenerationalQualifier" "\n" + "2.5.4.46 = X520.DNQualifier" "\n" + "2.5.4.65 = X520.Pseudonym" "\n" + + "1.2.840.113549.1.5.12 = PKCS5.PBKDF2" "\n" + "1.2.840.113549.1.5.13 = PBE-PKCS5v20" "\n" + + "1.2.840.113549.1.9.1 = PKCS9.EmailAddress" "\n" + "1.2.840.113549.1.9.2 = PKCS9.UnstructuredName" "\n" + "1.2.840.113549.1.9.3 = PKCS9.ContentType" "\n" + "1.2.840.113549.1.9.4 = PKCS9.MessageDigest" "\n" + "1.2.840.113549.1.9.7 = PKCS9.ChallengePassword" "\n" + "1.2.840.113549.1.9.14 = PKCS9.ExtensionRequest" "\n" + + "1.2.840.113549.1.7.1 = CMS.DataContent" "\n" + "1.2.840.113549.1.7.2 = CMS.SignedData" "\n" + "1.2.840.113549.1.7.3 = CMS.EnvelopedData" "\n" + "1.2.840.113549.1.7.5 = CMS.DigestedData" "\n" + "1.2.840.113549.1.7.6 = CMS.EncryptedData" "\n" + "1.2.840.113549.1.9.16.1.2 = CMS.AuthenticatedData" "\n" + "1.2.840.113549.1.9.16.1.9 = CMS.CompressedData" "\n" + + "2.5.29.14 = X509v3.SubjectKeyIdentifier" "\n" + "2.5.29.15 = X509v3.KeyUsage" "\n" + "2.5.29.17 = X509v3.SubjectAlternativeName" "\n" + "2.5.29.18 = X509v3.IssuerAlternativeName" "\n" + "2.5.29.19 = X509v3.BasicConstraints" "\n" + "2.5.29.20 = X509v3.CRLNumber" "\n" + "2.5.29.21 = X509v3.ReasonCode" "\n" + "2.5.29.23 = X509v3.HoldInstructionCode" "\n" + "2.5.29.24 = X509v3.InvalidityDate" "\n" + "2.5.29.31 = X509v3.CRLDistributionPoints" "\n" + "2.5.29.32 = X509v3.CertificatePolicies" "\n" + "2.5.29.35 = X509v3.AuthorityKeyIdentifier" "\n" + "2.5.29.36 = X509v3.PolicyConstraints" "\n" + "2.5.29.37 = X509v3.ExtendedKeyUsage" "\n" + "1.3.6.1.5.5.7.1.1 = PKIX.AuthorityInformationAccess" "\n" + + "2.5.29.32.0 = X509v3.AnyPolicy" "\n" + + "1.3.6.1.5.5.7.3.1 = PKIX.ServerAuth" "\n" + "1.3.6.1.5.5.7.3.2 = PKIX.ClientAuth" "\n" + "1.3.6.1.5.5.7.3.3 = PKIX.CodeSigning" "\n" + "1.3.6.1.5.5.7.3.4 = PKIX.EmailProtection" "\n" + "1.3.6.1.5.5.7.3.5 = PKIX.IPsecEndSystem" "\n" + "1.3.6.1.5.5.7.3.6 = PKIX.IPsecTunnel" "\n" + "1.3.6.1.5.5.7.3.7 = PKIX.IPsecUser" "\n" + "1.3.6.1.5.5.7.3.8 = PKIX.TimeStamping" "\n" + "1.3.6.1.5.5.7.3.9 = PKIX.OCSPSigning" "\n" + + "1.3.6.1.5.5.7.8.5 = PKIX.XMPPAddr" "\n" + + "1.3.6.1.5.5.7.48.1 = PKIX.OCSP" "\n" + "1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse" "\n" + + // ECC param sets + "1.3.132.0.6 = secp112r1" "\n" + "1.3.132.0.7 = secp112r2" "\n" + "1.3.132.0.8 = secp160r1" "\n" + "1.3.132.0.9 = secp160k1" "\n" + "1.3.132.0.10 = secp256k1" "\n" + "1.3.132.0.28 = secp128r1" "\n" + "1.3.132.0.29 = secp128r2" "\n" + "1.3.132.0.30 = secp160r2" "\n" + "1.3.132.0.31 = secp192k1" "\n" + "1.3.132.0.32 = secp224k1" "\n" + "1.3.132.0.33 = secp224r1" "\n" + "1.3.132.0.34 = secp384r1" "\n" + "1.3.132.0.35 = secp521r1" "\n" + + "1.2.840.10045.3.1.1 = secp192r1" "\n" + "1.2.840.10045.3.1.2 = x962_p192v2" "\n" + "1.2.840.10045.3.1.3 = x962_p192v3" "\n" + "1.2.840.10045.3.1.4 = x962_p239v1" "\n" + "1.2.840.10045.3.1.5 = x962_p239v2" "\n" + "1.2.840.10045.3.1.6 = x962_p239v3" "\n" + "1.2.840.10045.3.1.7 = secp256r1" "\n" + + "1.3.36.3.3.2.8.1.1.1 = brainpool160r1" "\n" + "1.3.36.3.3.2.8.1.1.3 = brainpool192r1" "\n" + "1.3.36.3.3.2.8.1.1.5 = brainpool224r1" "\n" + "1.3.36.3.3.2.8.1.1.7 = brainpool256r1" "\n" + "1.3.36.3.3.2.8.1.1.9 = brainpool320r1" "\n" + "1.3.36.3.3.2.8.1.1.11 = brainpool384r1" "\n" + "1.3.36.3.3.2.8.1.1.13 = brainpool512r1" "\n" + + "1.2.643.2.2.35.1 = gost_256A" "\n" + "1.2.643.2.2.36.0 = gost_256A" "\n" + + "0.4.0.127.0.7.3.1.2.1 = CertificateHolderAuthorizationTemplate" "\n" + ; } } diff --git a/src/lib/asn1/oid_lookup/oids.cpp b/src/lib/asn1/oid_lookup/oids.cpp index 6584e8682..5859e118e 100644 --- a/src/lib/asn1/oid_lookup/oids.cpp +++ b/src/lib/asn1/oid_lookup/oids.cpp @@ -6,7 +6,9 @@ */ #include <botan/oids.h> +#include <botan/parsing.h> #include <mutex> +#include <sstream> namespace Botan { @@ -74,23 +76,65 @@ class OID_Map return m_str2oid.find(str) != m_str2oid.end(); } + static OID_Map& global_registry() + { + static OID_Map g_map; + return g_map; + } + + void read_cfg(std::istream& cfg, const std::string& source); + private: + + OID_Map() + { + std::istringstream cfg(default_oid_list()); + read_cfg(cfg, "builtin"); + } + std::mutex m_mutex; std::map<std::string, OID> m_str2oid; std::map<OID, std::string> m_oid2str; }; -OID_Map& global_oid_map() +void OID_Map::read_cfg(std::istream& cfg, const std::string& source) { - static OID_Map map; - return map; + std::lock_guard<std::mutex> lock(m_mutex); + + size_t line = 0; + + while(cfg.good()) + { + std::string s; + std::getline(cfg, s); + ++line; + + if(s == "" || s[0] == '#') + continue; + + s = clean_ws(s.substr(0, s.find('#'))); + + if(s == "") + continue; + + auto eq = s.find("="); + + if(eq == std::string::npos || eq == 0 || eq == s.size() - 1) + throw std::runtime_error("Bad config line '" + s + "' in " + source + " line " + std::to_string(line)); + + const std::string oid = clean_ws(s.substr(0, eq)); + const std::string name = clean_ws(s.substr(eq + 1, std::string::npos)); + + m_str2oid.insert(std::make_pair(name, oid)); + m_oid2str.insert(std::make_pair(oid, name)); + } } } void add_oid(const OID& oid, const std::string& name) { - global_oid_map().add_oid(oid, name); + OID_Map::global_registry().add_oid(oid, name); } void add_oidstr(const char* oidstr, const char* name) @@ -100,27 +144,27 @@ void add_oidstr(const char* oidstr, const char* name) void add_oid2str(const OID& oid, const std::string& name) { - global_oid_map().add_oid2str(oid, name); + OID_Map::global_registry().add_oid2str(oid, name); } void add_str2oid(const OID& oid, const std::string& name) { - global_oid_map().add_str2oid(oid, name); + OID_Map::global_registry().add_str2oid(oid, name); } std::string lookup(const OID& oid) { - return global_oid_map().lookup(oid); + return OID_Map::global_registry().lookup(oid); } OID lookup(const std::string& name) { - return global_oid_map().lookup(name); + return OID_Map::global_registry().lookup(name); } bool have_oid(const std::string& name) { - return global_oid_map().have_oid(name); + return OID_Map::global_registry().have_oid(name); } bool name_of(const OID& oid, const std::string& name) diff --git a/src/lib/asn1/oid_lookup/oids.h b/src/lib/asn1/oid_lookup/oids.h index 28f22447b..e3caff50e 100644 --- a/src/lib/asn1/oid_lookup/oids.h +++ b/src/lib/asn1/oid_lookup/oids.h @@ -56,7 +56,7 @@ BOTAN_DLL OID lookup(const std::string& name); */ BOTAN_DLL bool name_of(const OID& oid, const std::string& name); -BOTAN_DLL void set_defaults(); +BOTAN_DLL const char* default_oid_list(); } diff --git a/src/lib/algo_base/algo_registry.h b/src/lib/base/algo_registry.h index 5fa2eed71..9582180bd 100644 --- a/src/lib/algo_base/algo_registry.h +++ b/src/lib/base/algo_registry.h @@ -17,8 +17,6 @@ namespace Botan { -size_t static_provider_weight(const std::string& prov_name); - template<typename T> class Algo_Registry { @@ -33,26 +31,19 @@ class Algo_Registry return g_registry; } - void add(const std::string& name, const std::string& provider, maker_fn fn) + void add(const std::string& name, const std::string& provider, maker_fn fn, byte pref) { std::unique_lock<std::mutex> lock(m_mutex); - - if(!m_maker_fns[name][provider]) - m_maker_fns[name][provider] = fn; + m_algo_info[name].add_provider(provider, fn, pref); } - std::vector<std::string> providers(const std::string& basename) const + std::vector<std::string> providers_of(const Spec& spec) { std::unique_lock<std::mutex> lock(m_mutex); - - std::vector<std::string> v; - auto i = m_maker_fns.find(basename); - if(i != m_maker_fns.end()) - { - for(auto&& prov : i->second) - v.push_back(prov); - } - return v; + auto i = m_algo_info.find(spec.algo_name()); + if(i != m_algo_info.end()) + return i->second.providers(); + return std::vector<std::string>(); } T* make(const Spec& spec, const std::string& provider = "") @@ -65,7 +56,6 @@ class Algo_Registry } catch(std::exception& e) { - //return nullptr; // ?? throw std::runtime_error("Creating '" + spec.as_string() + "' failed: " + e.what()); } } @@ -73,15 +63,15 @@ class Algo_Registry class Add { public: - Add(const std::string& basename, maker_fn fn, const std::string& provider = "builtin") + Add(const std::string& basename, maker_fn fn, const std::string& provider = "builtin", byte pref = 128) { - Algo_Registry<T>::global_registry().add(basename, provider, fn); + Algo_Registry<T>::global_registry().add(basename, provider, fn, pref); } - Add(bool cond, const std::string& basename, maker_fn fn, const std::string& provider) + Add(bool cond, const std::string& basename, maker_fn fn, const std::string& provider, byte pref) { if(cond) - Algo_Registry<T>::global_registry().add(basename, provider, fn); + Algo_Registry<T>::global_registry().add(basename, provider, fn, pref); } }; @@ -90,43 +80,67 @@ class Algo_Registry maker_fn find_maker(const Spec& spec, const std::string& provider) { - const std::string basename = spec.algo_name(); - std::unique_lock<std::mutex> lock(m_mutex); - auto makers = m_maker_fns.find(basename); + return m_algo_info[spec.algo_name()].get_maker(provider); + } - if(makers != m_maker_fns.end() && !makers->second.empty()) - { - const auto& providers = makers->second; + struct Algo_Info + { + public: + void add_provider(const std::string& provider, maker_fn fn, byte pref = 128) + { + if(m_maker_fns.count(provider) > 0) + throw std::runtime_error("Duplicated registration of '" + provider + "'"); + + m_maker_fns[provider] = std::make_pair(pref, fn); + } + + std::vector<std::string> providers() const + { + std::vector<std::string> v; + for(auto&& k : m_maker_fns) + v.push_back(k.first); + return v; + } - if(provider != "") + void set_pref(const std::string& provider, byte val) { - // find one explicit provider requested by user, or fail - auto i = providers.find(provider); - if(i != providers.end()) - return i->second; + m_maker_fns[provider].first = val; } - else + + maker_fn get_maker(const std::string& req_provider) { - if(providers.size() == 1) + maker_fn null_result = [](const Spec&) { return nullptr; }; + + if(req_provider != "") { - return providers.begin()->second; + // find one explicit provider requested by user or fail + auto i = m_maker_fns.find(req_provider); + if(i != m_maker_fns.end()) + return i->second.second; + return null_result; } - else if(providers.size() > 1) + + size_t pref = 255; + maker_fn result = null_result; + + for(auto&& i : m_maker_fns) { - // TODO choose best of available options (how?) - //throw std::runtime_error("multiple choice not implemented"); - return providers.begin()->second; + if(i.second.first < pref) + { + pref = i.second.first; + result = i.second.second; + } } - } - } - // Default result is a function producing a null pointer - return [](const Spec&) { return nullptr; }; - } + return result; + } + private: + std::unordered_map<std::string, std::pair<byte, maker_fn>> m_maker_fns; // provider -> (pref, creator fn) + }; std::mutex m_mutex; - std::unordered_map<std::string, std::unordered_map<std::string, maker_fn>> m_maker_fns; + std::unordered_map<std::string, Algo_Info> m_algo_info; }; template<typename T> T* @@ -135,6 +149,11 @@ make_a(const typename T::Spec& spec, const std::string provider = "") return Algo_Registry<T>::global_registry().make(spec, provider); } +template<typename T> std::vector<std::string> providers_of(const typename T::Spec& spec) + { + return Algo_Registry<T>::global_registry().providers_of(spec); + } + template<typename T> T* make_new_T(const typename Algo_Registry<T>::Spec&) { return new T; } @@ -182,8 +201,8 @@ make_new_T_1X(const typename Algo_Registry<T>::Spec& spec) #define BOTAN_REGISTER_NAMED_T_NOARGS(T, type, name, provider) \ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T<type>, provider); } -#define BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, T, type, name, provider) \ - namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, make_new_T<type>, provider); } +#define BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, T, type, name, provider, pref) \ + namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, make_new_T<type>, provider, pref); } #define BOTAN_REGISTER_NAMED_T_2LEN(T, type, name, provider, len1, len2) \ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T_2len<type, len1, len2>, provider); } diff --git a/src/lib/libstate/botan.h b/src/lib/base/botan.h index d586f5a21..0d8749155 100644 --- a/src/lib/libstate/botan.h +++ b/src/lib/base/botan.h @@ -8,9 +8,7 @@ #ifndef BOTAN_BOTAN_H__ #define BOTAN_BOTAN_H__ -#include <botan/init.h> #include <botan/lookup.h> -#include <botan/libstate.h> #include <botan/version.h> #include <botan/parsing.h> diff --git a/src/lib/algo_base/buf_comp.h b/src/lib/base/buf_comp.h index 5d11fdb73..5d11fdb73 100644 --- a/src/lib/algo_base/buf_comp.h +++ b/src/lib/base/buf_comp.h diff --git a/src/lib/base/info.txt b/src/lib/base/info.txt new file mode 100644 index 000000000..581c40fe0 --- /dev/null +++ b/src/lib/base/info.txt @@ -0,0 +1,29 @@ +<header:public> +botan.h +buf_comp.h +init.h +key_spec.h +lookup.h +scan_name.h +sym_algo.h +symkey.h +transform.h +</header:public> + +<header:internal> +algo_registry.h +</header:internal> + +define TRANSFORM 20131209 + +<requires> +alloc +block +hash +hex +mac +modes +rng +stream +utils +</requires> diff --git a/src/lib/base/init.h b/src/lib/base/init.h new file mode 100644 index 000000000..96e676d63 --- /dev/null +++ b/src/lib/base/init.h @@ -0,0 +1,33 @@ +/* +* Library Initialization +* (C) 1999-2008,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_LIBRARY_INITIALIZER_H__ +#define BOTAN_LIBRARY_INITIALIZER_H__ + +#include <botan/types.h> +#include <string> + +namespace Botan { + +/* +* Previously botan had state whose lifetime had to be explicitly +* managed by the application. As of 1.11.14 this is no longer the +* case, and this class is no longer needed and kept only for backwards +* compatability. +*/ +class BOTAN_DLL LibraryInitializer + { + public: + LibraryInitializer(const std::string& = "") {} + ~LibraryInitializer() {} + static void initialize(const std::string& = "") {} + static void deinitialize() {} + }; + +} + +#endif diff --git a/src/lib/algo_base/key_spec.h b/src/lib/base/key_spec.h index 78b6b8a23..78b6b8a23 100644 --- a/src/lib/algo_base/key_spec.h +++ b/src/lib/base/key_spec.h diff --git a/src/lib/base/lookup.cpp b/src/lib/base/lookup.cpp new file mode 100644 index 000000000..e82866e37 --- /dev/null +++ b/src/lib/base/lookup.cpp @@ -0,0 +1,78 @@ +/* +* Algorithm Retrieval +* (C) 1999-2007,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/lookup.h> +#include <botan/internal/algo_registry.h> +#include <botan/cipher_mode.h> +#include <botan/transform_filter.h> +#include <botan/block_cipher.h> +#include <botan/stream_cipher.h> +#include <botan/hash.h> +#include <botan/mac.h> +#include <botan/pbkdf.h> + +namespace Botan { + +Transform* get_transform(const std::string& specstr, + const std::string& provider, + const std::string& dirstr) + { + Algo_Registry<Transform>::Spec spec(specstr, dirstr); + return Algo_Registry<Transform>::global_registry().make(spec, provider); + } + +BlockCipher* get_block_cipher(const std::string& algo_spec, const std::string& provider) + { + return make_a<BlockCipher>(algo_spec, provider); + } + +StreamCipher* get_stream_cipher(const std::string& algo_spec, const std::string& provider) + { + return make_a<StreamCipher>(algo_spec, provider); + } + +HashFunction* get_hash_function(const std::string& algo_spec, const std::string& provider) + { + return make_a<HashFunction>(algo_spec, provider); + } + +MessageAuthenticationCode* get_mac(const std::string& algo_spec, const std::string& provider) + { + return make_a<MessageAuthenticationCode>(algo_spec, provider); + } + +std::vector<std::string> get_block_cipher_providers(const std::string& algo_spec) + { + return providers_of<BlockCipher>(BlockCipher::Spec(algo_spec)); + } + +std::vector<std::string> get_stream_cipher_providers(const std::string& algo_spec) + { + return providers_of<StreamCipher>(StreamCipher::Spec(algo_spec)); + } + +std::vector<std::string> get_hash_function_providers(const std::string& algo_spec) + { + return providers_of<HashFunction>(HashFunction::Spec(algo_spec)); + } + +std::vector<std::string> get_mac_providers(const std::string& algo_spec) + { + return providers_of<MessageAuthenticationCode>(MessageAuthenticationCode::Spec(algo_spec)); + } + +/* +* Get a PBKDF algorithm by name +*/ +PBKDF* get_pbkdf(const std::string& algo_spec, const std::string& provider) + { + if(PBKDF* pbkdf = make_a<PBKDF>(algo_spec, provider)) + return pbkdf; + throw Algorithm_Not_Found(algo_spec); + } + +} diff --git a/src/lib/base/lookup.h b/src/lib/base/lookup.h new file mode 100644 index 000000000..c50186e35 --- /dev/null +++ b/src/lib/base/lookup.h @@ -0,0 +1,82 @@ +/* +* Algorithm Lookup +* (C) 1999-2007,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_LOOKUP_H__ +#define BOTAN_LOOKUP_H__ + +#include <botan/symkey.h> +#include <string> + +namespace Botan { + +class BlockCipher; +class StreamCipher; +class HashFunction; +class MessageAuthenticationCode; +class PBKDF; + +/* +* Get an algorithm object +* NOTE: these functions create and return new objects, letting the +* caller assume ownership of them +*/ + +/** +* Block cipher factory method. +* +* @param algo_spec the name of the desired block cipher +* @return pointer to the block cipher object +*/ +BOTAN_DLL BlockCipher* get_block_cipher(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_block_cipher_providers(const std::string& algo_spec); + +/** +* Stream cipher factory method. +* +* @param algo_spec the name of the desired stream cipher +* @return pointer to the stream cipher object +*/ +BOTAN_DLL StreamCipher* get_stream_cipher(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_stream_cipher_providers(const std::string& algo_spec); + +/** +* Hash function factory method. +* +* @param algo_spec the name of the desired hash function +* @return pointer to the hash function object +*/ +BOTAN_DLL HashFunction* get_hash_function(const std::string& algo_spec, const std::string& provider = ""); + +inline HashFunction* get_hash(const std::string& algo_spec, const std::string& provider = "") + { + return get_hash_function(algo_spec, provider); + } + +BOTAN_DLL std::vector<std::string> get_hash_function_providers(const std::string& algo_spec); + +/** +* MAC factory method. +* +* @param algo_spec the name of the desired MAC +* @return pointer to the MAC object +*/ +BOTAN_DLL MessageAuthenticationCode* get_mac(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_mac_providers(const std::string& algo_spec); + +/** +* Password based key derivation function factory method +* @param algo_spec the name of the desired PBKDF algorithm +* @return pointer to newly allocated object of that type +*/ +BOTAN_DLL PBKDF* get_pbkdf(const std::string& algo_spec, const std::string& provider = ""); + +} + +#endif diff --git a/src/lib/algo_base/scan_name.cpp b/src/lib/base/scan_name.cpp index f433a10aa..4b0c95004 100644 --- a/src/lib/algo_base/scan_name.cpp +++ b/src/lib/base/scan_name.cpp @@ -1,6 +1,6 @@ /* * SCAN Name Abstraction -* (C) 2008-2009 Jack Lloyd +* (C) 2008-2009,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -62,9 +62,6 @@ deref_aliases(const std::pair<size_t, std::string>& in) } -std::mutex SCAN_Name::s_alias_map_mutex; -std::map<std::string, std::string> SCAN_Name::s_alias_map; - SCAN_Name::SCAN_Name(std::string algo_spec, const std::string& extra) : SCAN_Name(algo_spec) { alg_name += extra; @@ -178,57 +175,47 @@ size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const return to_u32bit(args[i]); } +std::mutex SCAN_Name::g_alias_map_mutex; +std::map<std::string, std::string> SCAN_Name::g_alias_map = { + { "3DES", "TripleDES" }, + { "ARC4", "RC4" }, + { "CAST5", "CAST-128" }, + { "DES-EDE", "TripleDES" }, + { "EME-OAEP", "OAEP" }, + { "EME-PKCS1-v1_5", "PKCS1v15" }, + { "EME1", "OAEP" }, + { "EMSA-PKCS1-v1_5", "EMSA_PKCS1" }, + { "EMSA-PSS", "PSSR" }, + { "EMSA2", "EMSA_X931" }, + { "EMSA3", "EMSA_PKCS1" }, + { "EMSA4", "PSSR" }, + { "GOST-34.11", "GOST-R-34.11-94" }, + { "MARK-4", "RC4(256)" }, + { "OMAC", "CMAC" }, + { "PSS-MGF1", "PSSR" }, + { "SHA-1", "SHA-160" }, + { "SHA1", "SHA-160" }, + { "X9.31", "EMSA2" } +}; + void SCAN_Name::add_alias(const std::string& alias, const std::string& basename) { - std::lock_guard<std::mutex> lock(s_alias_map_mutex); + std::lock_guard<std::mutex> lock(g_alias_map_mutex); - if(s_alias_map.find(alias) == s_alias_map.end()) - s_alias_map[alias] = basename; + if(g_alias_map.find(alias) == g_alias_map.end()) + g_alias_map[alias] = basename; } std::string SCAN_Name::deref_alias(const std::string& alias) { - std::lock_guard<std::mutex> lock(s_alias_map_mutex); + std::lock_guard<std::mutex> lock(g_alias_map_mutex); std::string name = alias; - for(auto i = s_alias_map.find(name); i != s_alias_map.end(); i = s_alias_map.find(name)) + for(auto i = g_alias_map.find(name); i != g_alias_map.end(); i = g_alias_map.find(name)) name = i->second; return name; } -void SCAN_Name::set_default_aliases() - { - // common variations worth supporting - SCAN_Name::add_alias("EME-PKCS1-v1_5", "PKCS1v15"); - SCAN_Name::add_alias("3DES", "TripleDES"); - SCAN_Name::add_alias("DES-EDE", "TripleDES"); - SCAN_Name::add_alias("CAST5", "CAST-128"); - SCAN_Name::add_alias("SHA1", "SHA-160"); - SCAN_Name::add_alias("SHA-1", "SHA-160"); - SCAN_Name::add_alias("MARK-4", "RC4(256)"); - SCAN_Name::add_alias("ARC4", "RC4"); - SCAN_Name::add_alias("OMAC", "CMAC"); - - SCAN_Name::add_alias("EMSA-PSS", "PSSR"); - SCAN_Name::add_alias("PSS-MGF1", "PSSR"); - SCAN_Name::add_alias("EME-OAEP", "OAEP"); - - SCAN_Name::add_alias("EMSA2", "EMSA_X931"); - SCAN_Name::add_alias("EMSA3", "EMSA_PKCS1"); - SCAN_Name::add_alias("EMSA-PKCS1-v1_5", "EMSA_PKCS1"); - - // should be renamed in sources - SCAN_Name::add_alias("X9.31", "EMSA2"); - - // kept for compatability with old library versions - SCAN_Name::add_alias("EMSA4", "PSSR"); - SCAN_Name::add_alias("EME1", "OAEP"); - - // probably can be removed - SCAN_Name::add_alias("GOST", "GOST-28147-89"); - SCAN_Name::add_alias("GOST-34.11", "GOST-R-34.11-94"); - } - } diff --git a/src/lib/algo_base/scan_name.h b/src/lib/base/scan_name.h index f1a79816d..cc89bf998 100644 --- a/src/lib/algo_base/scan_name.h +++ b/src/lib/base/scan_name.h @@ -1,6 +1,6 @@ /* * SCAN Name Abstraction -* (C) 2008 Jack Lloyd +* (C) 2008,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -106,11 +106,9 @@ class BOTAN_DLL SCAN_Name static void add_alias(const std::string& alias, const std::string& basename); static std::string deref_alias(const std::string& alias); - - static void set_default_aliases(); private: - static std::mutex s_alias_map_mutex; - static std::map<std::string, std::string> s_alias_map; + static std::mutex g_alias_map_mutex; + static std::map<std::string, std::string> g_alias_map; std::string orig_algo_spec; std::string alg_name; diff --git a/src/lib/algo_base/sym_algo.h b/src/lib/base/sym_algo.h index 7c37b2a47..7c37b2a47 100644 --- a/src/lib/algo_base/sym_algo.h +++ b/src/lib/base/sym_algo.h diff --git a/src/lib/algo_base/symkey.cpp b/src/lib/base/symkey.cpp index 0cb0d9e35..0cb0d9e35 100644 --- a/src/lib/algo_base/symkey.cpp +++ b/src/lib/base/symkey.cpp diff --git a/src/lib/algo_base/symkey.h b/src/lib/base/symkey.h index f49bf226f..f49bf226f 100644 --- a/src/lib/algo_base/symkey.h +++ b/src/lib/base/symkey.h diff --git a/src/lib/algo_base/transform.h b/src/lib/base/transform.h index 75bd5004a..75bd5004a 100644 --- a/src/lib/algo_base/transform.h +++ b/src/lib/base/transform.h diff --git a/src/lib/benchmark/benchmark.cpp b/src/lib/benchmark/benchmark.cpp index 8e0c9fdf2..3e8a29349 100644 --- a/src/lib/benchmark/benchmark.cpp +++ b/src/lib/benchmark/benchmark.cpp @@ -6,10 +6,11 @@ */ #include <botan/benchmark.h> +#include <botan/internal/algo_registry.h> #include <botan/buf_comp.h> +#include <botan/cipher_mode.h> #include <botan/block_cipher.h> #include <botan/stream_cipher.h> -#include <botan/aead.h> #include <botan/hash.h> #include <botan/mac.h> #include <vector> @@ -17,6 +18,8 @@ namespace Botan { +namespace { + double time_op(std::chrono::nanoseconds runtime, std::function<void ()> op) { std::chrono::nanoseconds time_used(0); @@ -40,7 +43,6 @@ double time_op(std::chrono::nanoseconds runtime, std::function<void ()> op) std::map<std::string, double> time_algorithm_ops(const std::string& name, - Algorithm_Factory& af, const std::string& provider, RandomNumberGenerator& rng, std::chrono::nanoseconds runtime, @@ -53,9 +55,9 @@ time_algorithm_ops(const std::string& name, const double mb_mult = buffer.size() / static_cast<double>(Mebibyte); - if(const BlockCipher* proto = af.prototype_block_cipher(name, provider)) + if(BlockCipher* p = make_a<BlockCipher>(name, provider)) { - std::unique_ptr<BlockCipher> bc(proto->clone()); + std::unique_ptr<BlockCipher> bc(p); const SymmetricKey key(rng, bc->maximum_keylength()); @@ -65,9 +67,9 @@ time_algorithm_ops(const std::string& name, { "decrypt", mb_mult * time_op(runtime / 2, [&]() { bc->decrypt(buffer); }) }, }); } - else if(const StreamCipher* proto = af.prototype_stream_cipher(name, provider)) + else if(StreamCipher* p = make_a<StreamCipher>(name, provider)) { - std::unique_ptr<StreamCipher> sc(proto->clone()); + std::unique_ptr<StreamCipher> sc(p); const SymmetricKey key(rng, sc->maximum_keylength()); @@ -76,17 +78,17 @@ time_algorithm_ops(const std::string& name, { "", mb_mult * time_op(runtime, [&]() { sc->encipher(buffer); }) }, }); } - else if(const HashFunction* proto = af.prototype_hash_function(name, provider)) + else if(HashFunction* p = make_a<HashFunction>(name, provider)) { - std::unique_ptr<HashFunction> h(proto->clone()); + std::unique_ptr<HashFunction> h(p); return std::map<std::string, double>({ { "", mb_mult * time_op(runtime, [&]() { h->update(buffer); }) }, }); } - else if(const MessageAuthenticationCode* proto = af.prototype_mac(name, provider)) + else if(MessageAuthenticationCode* p = make_a<MessageAuthenticationCode>(name, provider)) { - std::unique_ptr<MessageAuthenticationCode> mac(proto->clone()); + std::unique_ptr<MessageAuthenticationCode> mac(p); const SymmetricKey key(rng, mac->maximum_keylength()); @@ -115,8 +117,6 @@ time_algorithm_ops(const std::string& name, return std::map<std::string, double>(); } -namespace { - double find_first_in(const std::map<std::string, double>& m, const std::vector<std::string>& keys) { @@ -127,19 +127,33 @@ double find_first_in(const std::map<std::string, double>& m, return i->second; } - throw std::runtime_error("algorithm_factory no usable keys found in result"); + throw std::runtime_error("In algo benchmark no usable keys found in result"); + } + +std::set<std::string> get_all_providers_of(const std::string& algo) + { + std::set<std::string> provs; + + auto add_to_set = [&provs](const std::vector<std::string>& str) { for(auto&& s : str) { provs.insert(s); } }; + + add_to_set(Algo_Registry<BlockCipher>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<StreamCipher>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<HashFunction>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<MessageAuthenticationCode>::global_registry().providers_of(algo)); + + return provs; } } std::map<std::string, double> algorithm_benchmark(const std::string& name, - Algorithm_Factory& af, RandomNumberGenerator& rng, std::chrono::milliseconds milliseconds, size_t buf_size) { - const std::vector<std::string> providers = af.providers_of(name); + //Algorithm_Factory& af = global_state().algorithm_factory(); + const auto providers = get_all_providers_of(name); std::map<std::string, double> all_results; // provider -> ops/sec @@ -149,7 +163,7 @@ algorithm_benchmark(const std::string& name, for(auto provider : providers) { - auto results = time_algorithm_ops(name, af, provider, rng, ns_per_provider, buf_size); + auto results = time_algorithm_ops(name, provider, rng, ns_per_provider, buf_size); all_results[provider] = find_first_in(results, { "", "update", "encrypt" }); } } diff --git a/src/lib/benchmark/benchmark.h b/src/lib/benchmark/benchmark.h index 8dda48497..3fa020e1b 100644 --- a/src/lib/benchmark/benchmark.h +++ b/src/lib/benchmark/benchmark.h @@ -8,7 +8,6 @@ #ifndef BOTAN_RUNTIME_BENCHMARK_H__ #define BOTAN_RUNTIME_BENCHMARK_H__ -#include <botan/algo_factory.h> #include <botan/rng.h> #include <map> #include <string> @@ -17,24 +16,6 @@ namespace Botan { /** -* Time aspects of an algorithm/provider -* @param name the name of the algorithm to test -* @param af the algorithm factory used to create objects -* @param provider the provider to use -* @param rng the rng to use to generate random inputs -* @param runtime total time for the benchmark to run -* @param buf_size size of buffer to benchmark against, in KiB -* @return results a map from op type to operations per second -*/ -std::map<std::string, double> -BOTAN_DLL time_algorithm_ops(const std::string& name, - Algorithm_Factory& af, - const std::string& provider, - RandomNumberGenerator& rng, - std::chrono::nanoseconds runtime, - size_t buf_size); - -/** * Algorithm benchmark * @param name the name of the algorithm to test (cipher, hash, or MAC) * @param af the algorithm factory used to create objects @@ -45,14 +26,10 @@ BOTAN_DLL time_algorithm_ops(const std::string& name, */ std::map<std::string, double> BOTAN_DLL algorithm_benchmark(const std::string& name, - Algorithm_Factory& af, RandomNumberGenerator& rng, std::chrono::milliseconds milliseconds, size_t buf_size); -double BOTAN_DLL -time_op(std::chrono::nanoseconds runtime, std::function<void ()> op); - } #endif diff --git a/src/lib/benchmark/info.txt b/src/lib/benchmark/info.txt index 264811d99..6a2aaf476 100644 --- a/src/lib/benchmark/info.txt +++ b/src/lib/benchmark/info.txt @@ -1,9 +1,7 @@ define RUNTIME_BENCHMARKING 20131128 <requires> -algo_factory block -algo_base hash mac rng diff --git a/src/lib/block/aes_ni/aes_ni.cpp b/src/lib/block/aes_ni/aes_ni.cpp index 256895148..96a629d06 100644 --- a/src/lib/block/aes_ni/aes_ni.cpp +++ b/src/lib/block/aes_ni/aes_ni.cpp @@ -12,9 +12,9 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_128_NI, "AES-128", "aes_ni"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_192_NI, "AES-192", "aes_ni"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_256_NI, "AES-256", "aes_ni"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_128_NI, "AES-128", "aes_ni", 16); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_192_NI, "AES-192", "aes_ni", 16); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_256_NI, "AES-256", "aes_ni", 16); namespace { diff --git a/src/lib/block/aes_ni/info.txt b/src/lib/block/aes_ni/info.txt index 270b00d9d..11bf90390 100644 --- a/src/lib/block/aes_ni/info.txt +++ b/src/lib/block/aes_ni/info.txt @@ -3,7 +3,3 @@ define AES_NI 20131128 load_on auto need_isa aesni - -<requires> -aes_isa_eng -</requires> diff --git a/src/lib/block/aes_ssse3/aes_ssse3.cpp b/src/lib/block/aes_ssse3/aes_ssse3.cpp index 6a8fb3ed8..b9731d010 100644 --- a/src/lib/block/aes_ssse3/aes_ssse3.cpp +++ b/src/lib/block/aes_ssse3/aes_ssse3.cpp @@ -17,9 +17,9 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_128_SSSE3, "AES-128", "ssse3"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_192_SSSE3, "AES-192", "ssse3"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_256_SSSE3, "AES-256", "ssse3"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_128_SSSE3, "AES-128", "ssse3", 64); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_192_SSSE3, "AES-192", "ssse3", 64); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_256_SSSE3, "AES-256", "ssse3", 64); namespace { diff --git a/src/lib/block/aes_ssse3/info.txt b/src/lib/block/aes_ssse3/info.txt index 4b1aec535..9e27801e6 100644 --- a/src/lib/block/aes_ssse3/info.txt +++ b/src/lib/block/aes_ssse3/info.txt @@ -4,10 +4,6 @@ load_on auto need_isa ssse3 -<requires> -simd_engine -</requires> - # Intel C++ can't deal with syntax for defining constants :( <cc> gcc diff --git a/src/lib/block/block_utils.h b/src/lib/block/block_utils.h index c1a1e34f8..ebf6354e0 100644 --- a/src/lib/block/block_utils.h +++ b/src/lib/block/block_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_BLOCK_CIPHER_UTIL_H__ -#define BOTAN_BLOCK_CIPHER_UTIL_H__ +#ifndef BOTAN_BLOCK_CIPHER_UTILS_H__ +#define BOTAN_BLOCK_CIPHER_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> #include <botan/internal/xor_buf.h> @@ -28,8 +28,8 @@ namespace Botan { #define BOTAN_REGISTER_BLOCK_CIPHER_NAMED_1STR(type, name, def) \ BOTAN_REGISTER_NAMED_T(BlockCipher, name, type, std::bind(make_new_T_1str<type>, std::placeholders::_1, def)); -#define BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, BlockCipher, type, name, provider) +#define BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(cond, type, name, provider, pref) \ + BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, BlockCipher, type, name, provider, pref) } diff --git a/src/lib/block/idea_sse2/idea_sse2.cpp b/src/lib/block/idea_sse2/idea_sse2.cpp index 3dfd26860..af7e2182d 100644 --- a/src/lib/block/idea_sse2/idea_sse2.cpp +++ b/src/lib/block/idea_sse2/idea_sse2.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_sse2(), IDEA_SSE2, "IDEA", "sse2"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_sse2(), IDEA_SSE2, "IDEA", "sse2", 64); namespace { diff --git a/src/lib/block/info.txt b/src/lib/block/info.txt index f10acaa86..e1aa52d85 100644 --- a/src/lib/block/info.txt +++ b/src/lib/block/info.txt @@ -1,9 +1,5 @@ define BLOCK_CIPHER 20131128 -<requires> -algo_base -</requires> - <header:public> block_cipher.h </header:public> diff --git a/src/lib/block/noekeon_simd/info.txt b/src/lib/block/noekeon_simd/info.txt index 78b9d5f12..3b92eb206 100644 --- a/src/lib/block/noekeon_simd/info.txt +++ b/src/lib/block/noekeon_simd/info.txt @@ -3,5 +3,4 @@ define NOEKEON_SIMD 20131128 <requires> noekeon simd -simd_engine </requires> diff --git a/src/lib/block/noekeon_simd/noekeon_simd.cpp b/src/lib/block/noekeon_simd/noekeon_simd.cpp index d5995ee1d..a5d757d3c 100644 --- a/src/lib/block/noekeon_simd/noekeon_simd.cpp +++ b/src/lib/block/noekeon_simd/noekeon_simd.cpp @@ -11,7 +11,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Noekeon_SIMD, "Noekeon", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Noekeon_SIMD, "Noekeon", "simd32", 64); /* * Noekeon's Theta Operation diff --git a/src/lib/block/serpent_simd/info.txt b/src/lib/block/serpent_simd/info.txt index f33548823..acb0b76d8 100644 --- a/src/lib/block/serpent_simd/info.txt +++ b/src/lib/block/serpent_simd/info.txt @@ -3,7 +3,6 @@ define SERPENT_SIMD 20131128 <requires> serpent simd -simd_engine </requires> <source> diff --git a/src/lib/block/serpent_simd/serp_simd.cpp b/src/lib/block/serpent_simd/serp_simd.cpp index fa7f419fe..7b957598f 100644 --- a/src/lib/block/serpent_simd/serp_simd.cpp +++ b/src/lib/block/serpent_simd/serp_simd.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Serpent_SIMD, "Serpent", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Serpent_SIMD, "Serpent", "simd32", 64); namespace { diff --git a/src/lib/block/threefish_avx2/threefish_avx2.cpp b/src/lib/block/threefish_avx2/threefish_avx2.cpp index 432059585..e17146162 100644 --- a/src/lib/block/threefish_avx2/threefish_avx2.cpp +++ b/src/lib/block/threefish_avx2/threefish_avx2.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_avx2(), Threefish_512_AVX2, "Threefish-512", "avx2"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_avx2(), Threefish_512_AVX2, "Threefish-512", "avx2", 64); namespace { diff --git a/src/lib/block/xtea_simd/info.txt b/src/lib/block/xtea_simd/info.txt index 7e7d001ac..01fb4110d 100644 --- a/src/lib/block/xtea_simd/info.txt +++ b/src/lib/block/xtea_simd/info.txt @@ -3,5 +3,4 @@ define XTEA_SIMD 20131128 <requires> xtea simd -simd_engine </requires> diff --git a/src/lib/block/xtea_simd/xtea_simd.cpp b/src/lib/block/xtea_simd/xtea_simd.cpp index 6fd2f94c7..ffd2eb560 100644 --- a/src/lib/block/xtea_simd/xtea_simd.cpp +++ b/src/lib/block/xtea_simd/xtea_simd.cpp @@ -11,7 +11,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), XTEA_SIMD, "XTEA", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), XTEA_SIMD, "XTEA", "simd32", 64); namespace { diff --git a/src/lib/cert/cvc/info.txt b/src/lib/cert/cvc/info.txt index 1d8e54dc4..e3da5435e 100644 --- a/src/lib/cert/cvc/info.txt +++ b/src/lib/cert/cvc/info.txt @@ -29,7 +29,6 @@ asn1 bigint ecdsa filters -libstate oid_lookup pem pubkey diff --git a/src/lib/cert/x509/info.txt b/src/lib/cert/x509/info.txt index a74fd6631..39e51a625 100644 --- a/src/lib/cert/x509/info.txt +++ b/src/lib/cert/x509/info.txt @@ -2,6 +2,7 @@ define X509_CERTIFICATES 20131128 define OCSP 20131128 <requires> +asn1 datastor http_util </requires> diff --git a/src/lib/cert/x509/x509_ca.cpp b/src/lib/cert/x509/x509_ca.cpp index 7703c49fd..e6f689016 100644 --- a/src/lib/cert/x509/x509_ca.cpp +++ b/src/lib/cert/x509/x509_ca.cpp @@ -13,6 +13,7 @@ #include <botan/parsing.h> #include <botan/lookup.h> #include <botan/oids.h> +#include <botan/hash.h> #include <botan/key_constraint.h> #include <algorithm> #include <typeinfo> @@ -218,17 +219,16 @@ PK_Signer* choose_sig_format(const Private_Key& key, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) { - std::string padding; - const std::string algo_name = key.algo_name(); - const HashFunction* proto_hash = retrieve_hash(hash_fn); - if(!proto_hash) + std::unique_ptr<HashFunction> hash(get_hash(hash_fn)); + if(!hash) throw Algorithm_Not_Found(hash_fn); - if(key.max_input_bits() < proto_hash->output_length()*8) + if(key.max_input_bits() < hash->output_length() * 8) throw Invalid_Argument("Key is too small for chosen hash function"); + std::string padding; if(algo_name == "RSA") padding = "EMSA3"; else if(algo_name == "DSA") @@ -238,10 +238,9 @@ PK_Signer* choose_sig_format(const Private_Key& key, else throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); - Signature_Format format = - (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; + const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; - padding = padding + '(' + proto_hash->name() + ')'; + padding = padding + '(' + hash->name() + ')'; sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); sig_algo.parameters = key.algorithm_identifier().parameters; diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp index 746fc7312..71449098e 100644 --- a/src/lib/cert/x509/x509_obj.cpp +++ b/src/lib/cert/x509/x509_obj.cpp @@ -175,6 +175,8 @@ std::string X509_Object::hash_used_for_signature() const */ bool X509_Object::check_signature(const Public_Key* pub_key) const { + if(!pub_key) + throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); } diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index f901001ac..b04e7c462 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -15,6 +15,7 @@ #include <botan/lookup.h> #include <botan/oids.h> #include <botan/pem.h> +#include <botan/hash.h> #include <botan/hex.h> #include <algorithm> #include <iterator> diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index 111c4c3b7..fa6d34a2d 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -124,11 +124,18 @@ check_chain(const std::vector<X509_Certificate>& cert_path, std::unique_ptr<Public_Key> issuer_key(issuer.subject_public_key()); - if(subject.check_signature(*issuer_key) == false) + if(!issuer_key) + { status.insert(Certificate_Status_Code::SIGNATURE_ERROR); + } + else + { + if(subject.check_signature(*issuer_key) == false) + status.insert(Certificate_Status_Code::SIGNATURE_ERROR); - if(issuer_key->estimated_strength() < restrictions.minimum_key_strength()) - status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); + if(issuer_key->estimated_strength() < restrictions.minimum_key_strength()) + status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); + } // Allow untrusted hashes on self-signed roots if(!trusted_hashes.empty() && !at_self_signed_root) diff --git a/src/lib/compression/bzip2/bzip2.cpp b/src/lib/compression/bzip2/bzip2.cpp index 2d1617bce..857af10b1 100644 --- a/src/lib/compression/bzip2/bzip2.cpp +++ b/src/lib/compression/bzip2/bzip2.cpp @@ -8,7 +8,7 @@ */ #include <botan/bzip2.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #define BZ_NO_STDIO #include <bzlib.h> diff --git a/src/lib/compression/comp_util.cpp b/src/lib/compression/comp_util.cpp deleted file mode 100644 index 05c9ddb3b..000000000 --- a/src/lib/compression/comp_util.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* -* Allocation Tracker -* (C) 2014 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/comp_util.h> -#include <botan/mem_ops.h> -#include <cstdlib> - -namespace Botan { - -void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) - { - const size_t total_sz = n * size; - - void* ptr = std::malloc(total_sz); - m_current_allocs[ptr] = total_sz; - return ptr; - } - -void Compression_Alloc_Info::do_free(void* ptr) - { - if(ptr) - { - auto i = m_current_allocs.find(ptr); - - if(i == m_current_allocs.end()) - throw std::runtime_error("Compression_Alloc_Info::free got pointer not allocated by us"); - - zero_mem(ptr, i->second); - std::free(ptr); - m_current_allocs.erase(i); - } - } - -} diff --git a/src/lib/compression/comp_util.h b/src/lib/compression/compress_utils.h index 963eae642..d06971751 100644 --- a/src/lib/compression/comp_util.h +++ b/src/lib/compression/compress_utils.h @@ -1,5 +1,5 @@ /* -* Shared code for compression libraries +* Compression utility header * (C) 2014 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) @@ -9,7 +9,7 @@ #define BOTAN_COMPRESSION_UTILS_H__ #include <botan/compression.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <memory> #include <unordered_map> diff --git a/src/lib/compression/compression.cpp b/src/lib/compression/compression.cpp index e5221aba6..600f2c3ae 100644 --- a/src/lib/compression/compression.cpp +++ b/src/lib/compression/compression.cpp @@ -6,10 +6,36 @@ */ #include <botan/compression.h> -#include <botan/algo_registry.h> +#include <botan/internal/compress_utils.h> +#include <botan/mem_ops.h> +#include <cstdlib> namespace Botan { +void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) + { + const size_t total_sz = n * size; + + void* ptr = std::malloc(total_sz); + m_current_allocs[ptr] = total_sz; + return ptr; + } + +void Compression_Alloc_Info::do_free(void* ptr) + { + if(ptr) + { + auto i = m_current_allocs.find(ptr); + + if(i == m_current_allocs.end()) + throw std::runtime_error("Compression_Alloc_Info::free got pointer not allocated by us"); + + zero_mem(ptr, i->second); + std::free(ptr); + m_current_allocs.erase(i); + } + } + Transform* make_compressor(const std::string& type, size_t level) { const std::string comp_suffix = "_Compression(" + std::to_string(level) + ")"; diff --git a/src/lib/compression/info.txt b/src/lib/compression/info.txt index f1a3fa696..bfbc806c8 100644 --- a/src/lib/compression/info.txt +++ b/src/lib/compression/info.txt @@ -1,7 +1,7 @@ define COMPRESSION 20141117 <header:internal> -comp_util.h +compress_utils.h </header:internal> <header:public> diff --git a/src/lib/compression/lzma/lzma.cpp b/src/lib/compression/lzma/lzma.cpp index 69d73a3a1..c7e6ab815 100644 --- a/src/lib/compression/lzma/lzma.cpp +++ b/src/lib/compression/lzma/lzma.cpp @@ -9,7 +9,7 @@ */ #include <botan/lzma.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #include <lzma.h> namespace Botan { diff --git a/src/lib/compression/zlib/zlib.cpp b/src/lib/compression/zlib/zlib.cpp index 24e8721e3..a709526ce 100644 --- a/src/lib/compression/zlib/zlib.cpp +++ b/src/lib/compression/zlib/zlib.cpp @@ -8,7 +8,7 @@ */ #include <botan/zlib.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #include <ctime> #include <zlib.h> diff --git a/src/lib/constructs/pbes2/info.txt b/src/lib/constructs/pbes2/info.txt index e1f260966..8a1ca491e 100644 --- a/src/lib/constructs/pbes2/info.txt +++ b/src/lib/constructs/pbes2/info.txt @@ -1,7 +1,6 @@ define PKCS5_PBES2 20141119 <requires> -algo_factory asn1 block cbc diff --git a/src/lib/constructs/pbes2/pbes2.cpp b/src/lib/constructs/pbes2/pbes2.cpp index 811806891..17f14170d 100644 --- a/src/lib/constructs/pbes2/pbes2.cpp +++ b/src/lib/constructs/pbes2/pbes2.cpp @@ -6,7 +6,7 @@ */ #include <botan/pbes2.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/cipher_mode.h> #include <botan/pbkdf2.h> #include <botan/der_enc.h> diff --git a/src/lib/constructs/pbes2/pbes2.h b/src/lib/constructs/pbes2/pbes2.h index 3aa7d1159..90aa4f84b 100644 --- a/src/lib/constructs/pbes2/pbes2.h +++ b/src/lib/constructs/pbes2/pbes2.h @@ -11,7 +11,6 @@ #include <botan/secmem.h> #include <botan/transform.h> #include <botan/alg_id.h> -#include <botan/algo_factory.h> #include <chrono> namespace Botan { diff --git a/src/lib/constructs/rfc3394/info.txt b/src/lib/constructs/rfc3394/info.txt index 4b62b16e3..8cd5989ca 100644 --- a/src/lib/constructs/rfc3394/info.txt +++ b/src/lib/constructs/rfc3394/info.txt @@ -1 +1,5 @@ define RFC3394_KEYWRAP 20131128 + +<requires> +aes +</requires> diff --git a/src/lib/constructs/rfc3394/rfc3394.cpp b/src/lib/constructs/rfc3394/rfc3394.cpp index 6c8b62219..422f2a2dd 100644 --- a/src/lib/constructs/rfc3394/rfc3394.cpp +++ b/src/lib/constructs/rfc3394/rfc3394.cpp @@ -6,7 +6,7 @@ */ #include <botan/rfc3394.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/block_cipher.h> #include <botan/loadstor.h> #include <botan/exceptn.h> diff --git a/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp b/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp deleted file mode 100644 index d581b65ad..000000000 --- a/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp +++ /dev/null @@ -1,23 +0,0 @@ -/* -* Engine for AES instructions -* (C) 2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/aes_isa_engine.h> -#include <botan/algo_registry.h> - -namespace Botan { - -BlockCipher* -AES_ISA_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(BlockCipher* c = Algo_Registry<BlockCipher>::global_registry().make(request, "aes_ni")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/aes_isa_eng/aes_isa_engine.h b/src/lib/engine/aes_isa_eng/aes_isa_engine.h deleted file mode 100644 index 298574543..000000000 --- a/src/lib/engine/aes_isa_eng/aes_isa_engine.h +++ /dev/null @@ -1,30 +0,0 @@ -/* -* Engine for AES instructions -* (C) 2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_AES_ISA_ENGINE_H__ -#define BOTAN_AES_ISA_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for implementations that hook into CPU-specific -* AES implementations (eg AES-NI, VIA C7, or AMD Geode) -*/ -class AES_ISA_Engine : public Engine - { - public: - std::string provider_name() const { return "aes_isa"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/engine/aes_isa_eng/info.txt b/src/lib/engine/aes_isa_eng/info.txt deleted file mode 100644 index 4284e75bd..000000000 --- a/src/lib/engine/aes_isa_eng/info.txt +++ /dev/null @@ -1,11 +0,0 @@ -define ENGINE_AES_ISA 20131128 - -load_on dep - -<source> -aes_isa_engine.cpp -</source> - -<header:internal> -aes_isa_engine.h -</header:internal> diff --git a/src/lib/engine/asm_engine/asm_engine.cpp b/src/lib/engine/asm_engine/asm_engine.cpp deleted file mode 100644 index d30bae035..000000000 --- a/src/lib/engine/asm_engine/asm_engine.cpp +++ /dev/null @@ -1,39 +0,0 @@ -/* -* Assembly Implementation Engine -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/asm_engine.h> -#include <botan/algo_registry.h> - -namespace Botan { - -BlockCipher* -Assembler_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& block_cipher = Algo_Registry<BlockCipher>::global_registry(); - - if(BlockCipher* c = block_cipher.make(request, "x86-32")) - return c; - - return nullptr; - } - -HashFunction* -Assembler_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& hash_fns = Algo_Registry<HashFunction>::global_registry(); - if(HashFunction* c = hash_fns.make(request, "x86-64")) - return c; - - if(HashFunction* c = hash_fns.make(request, "x86-32")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/asm_engine/asm_engine.h b/src/lib/engine/asm_engine/asm_engine.h deleted file mode 100644 index 02e629e98..000000000 --- a/src/lib/engine/asm_engine/asm_engine.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* Assembly Implementation Engine -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_X86_32_ASM_ENGINE_H__ -#define BOTAN_X86_32_ASM_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for x86-32 specific implementations -*/ -class Assembler_Engine : public Engine - { - public: - std::string provider_name() const { return "asm"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/engine/asm_engine/info.txt b/src/lib/engine/asm_engine/info.txt deleted file mode 100644 index 185656e3d..000000000 --- a/src/lib/engine/asm_engine/info.txt +++ /dev/null @@ -1,11 +0,0 @@ -define ENGINE_ASSEMBLER 20131128 - -load_on dep - -<source> -asm_engine.cpp -</source> - -<header:internal> -asm_engine.h -</header:internal> diff --git a/src/lib/engine/core_engine/core_engine.h b/src/lib/engine/core_engine/core_engine.h deleted file mode 100644 index c98ee031b..000000000 --- a/src/lib/engine/core_engine/core_engine.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Core Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_CORE_ENGINE_H__ -#define BOTAN_CORE_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Core Engine -*/ -class Core_Engine : public Engine - { - public: - std::string provider_name() const override { return "core"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - StreamCipher* find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const override; - - MessageAuthenticationCode* find_mac(const SCAN_Name& request, - Algorithm_Factory&) const override; - - PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override; - }; - -} - -#endif diff --git a/src/lib/engine/core_engine/info.txt b/src/lib/engine/core_engine/info.txt deleted file mode 100644 index c726464f4..000000000 --- a/src/lib/engine/core_engine/info.txt +++ /dev/null @@ -1,18 +0,0 @@ -define CORE_ENGINE 20131128 - -<header:internal> -core_engine.h -</header:internal> - -<source> -lookup_block.cpp -lookup_hash.cpp -lookup_mac.cpp -lookup_stream.cpp -lookup_pbkdf.cpp -</source> - -<requires> -algo_factory -libstate -</requires> diff --git a/src/lib/engine/core_engine/lookup_block.cpp b/src/lib/engine/core_engine/lookup_block.cpp deleted file mode 100644 index 98186403e..000000000 --- a/src/lib/engine/core_engine/lookup_block.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* -* Block Cipher Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -BlockCipher* Core_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(BlockCipher* c = Algo_Registry<BlockCipher>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_hash.cpp b/src/lib/engine/core_engine/lookup_hash.cpp deleted file mode 100644 index ed48c3549..000000000 --- a/src/lib/engine/core_engine/lookup_hash.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* -* Hash Algorithms Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -HashFunction* Core_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(HashFunction* c = Algo_Registry<HashFunction>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_mac.cpp b/src/lib/engine/core_engine/lookup_mac.cpp deleted file mode 100644 index 1336cee5f..000000000 --- a/src/lib/engine/core_engine/lookup_mac.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* -* MAC Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -MessageAuthenticationCode* -Core_Engine::find_mac(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(MessageAuthenticationCode* m = Algo_Registry<MessageAuthenticationCode>::global_registry().make(request, "builtin")) - return m; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_pbkdf.cpp b/src/lib/engine/core_engine/lookup_pbkdf.cpp deleted file mode 100644 index 1dc40322c..000000000 --- a/src/lib/engine/core_engine/lookup_pbkdf.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* -* PBKDF Lookup -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_factory.h> - -#if defined(BOTAN_HAS_PBKDF1) - #include <botan/pbkdf1.h> -#endif - -#if defined(BOTAN_HAS_PBKDF2) - #include <botan/pbkdf2.h> -#endif - -namespace Botan { - -PBKDF* Core_Engine::find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const - { -#if defined(BOTAN_HAS_PBKDF1) - if(algo_spec.algo_name() == "PBKDF1" && algo_spec.arg_count() == 1) - return new PKCS5_PBKDF1(af.make_hash_function(algo_spec.arg(0))); -#endif - -#if defined(BOTAN_HAS_PBKDF2) - if(algo_spec.algo_name() == "PBKDF2" && algo_spec.arg_count() == 1) - { - if(const MessageAuthenticationCode* mac_proto = af.prototype_mac(algo_spec.arg(0))) - return new PKCS5_PBKDF2(mac_proto->clone()); - - return new PKCS5_PBKDF2(af.make_mac("HMAC(" + algo_spec.arg(0) + ")")); - } -#endif - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_stream.cpp b/src/lib/engine/core_engine/lookup_stream.cpp deleted file mode 100644 index 068db7def..000000000 --- a/src/lib/engine/core_engine/lookup_stream.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* -* Stream Cipher Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -StreamCipher* -Core_Engine::find_stream_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(StreamCipher* c = Algo_Registry<StreamCipher>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/dyn_engine/dyn_engine.cpp b/src/lib/engine/dyn_engine/dyn_engine.cpp deleted file mode 100644 index ad74370a2..000000000 --- a/src/lib/engine/dyn_engine/dyn_engine.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/** -* Dynamically Loaded Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/dyn_engine.h> -#include <botan/internal/dyn_load.h> - -namespace Botan { - -namespace { - -extern "C" { - typedef Engine* (*creator_func)(void); - typedef u32bit (*module_version_func)(void); -} - -} - -Dynamically_Loaded_Engine::Dynamically_Loaded_Engine( - const std::string& library_path) : - engine(nullptr) - { - lib = new Dynamically_Loaded_Library(library_path); - - try - { - module_version_func get_version = - lib->resolve<module_version_func>("module_version"); - - const u32bit mod_version = get_version(); - - if(mod_version != 20101003) - throw std::runtime_error("Incompatible version in " + - library_path + " of " + - std::to_string(mod_version)); - - creator_func creator = - lib->resolve<creator_func>("create_engine"); - - engine = creator(); - - if(!engine) - throw std::runtime_error("Creator function in " + - library_path + " failed"); - } - catch(...) - { - delete lib; - lib = nullptr; - throw; - } - } - -Dynamically_Loaded_Engine::~Dynamically_Loaded_Engine() - { - delete engine; - delete lib; - } - -} diff --git a/src/lib/engine/dyn_engine/dyn_engine.h b/src/lib/engine/dyn_engine/dyn_engine.h deleted file mode 100644 index d40df5663..000000000 --- a/src/lib/engine/dyn_engine/dyn_engine.h +++ /dev/null @@ -1,72 +0,0 @@ -/** -* Dynamically Loaded Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_DYN_LOADED_ENGINE_H__ -#define BOTAN_DYN_LOADED_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Dynamically_Loaded_Engine just proxies the requests to the underlying -* Engine object, and handles load/unload details -*/ -class BOTAN_DLL Dynamically_Loaded_Engine : public Engine - { - public: - /** - * @param lib_path full pathname to DLL to load - */ - Dynamically_Loaded_Engine(const std::string& lib_path); - - Dynamically_Loaded_Engine(const Dynamically_Loaded_Engine&) = delete; - - Dynamically_Loaded_Engine& operator=(const Dynamically_Loaded_Engine&) = delete; - - ~Dynamically_Loaded_Engine(); - - std::string provider_name() const override { return engine->provider_name(); } - - BlockCipher* find_block_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_block_cipher(algo_spec, af); - } - - StreamCipher* find_stream_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_stream_cipher(algo_spec, af); - } - - HashFunction* find_hash(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_hash(algo_spec, af); - } - - MessageAuthenticationCode* find_mac(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_mac(algo_spec, af); - } - - PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_pbkdf(algo_spec, af); - } - - private: - class Dynamically_Loaded_Library* lib; - Engine* engine; - }; - -} - -#endif diff --git a/src/lib/engine/dyn_engine/info.txt b/src/lib/engine/dyn_engine/info.txt deleted file mode 100644 index 54379f501..000000000 --- a/src/lib/engine/dyn_engine/info.txt +++ /dev/null @@ -1,14 +0,0 @@ -define DYNAMICALLY_LOADED_ENGINE 20131128 - -<header:public> -dyn_engine.h -</header:public> - -<source> -dyn_engine.cpp -</source> - -<requires> -engine -dyn_load -</requires> diff --git a/src/lib/engine/engine.cpp b/src/lib/engine/engine.cpp deleted file mode 100644 index 7aab64cad..000000000 --- a/src/lib/engine/engine.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* -* Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/engine.h> - -namespace Botan { - -BlockCipher* -Engine::find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -StreamCipher* -Engine::find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -HashFunction* -Engine::find_hash(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -MessageAuthenticationCode* -Engine::find_mac(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -PBKDF* -Engine::find_pbkdf(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -} diff --git a/src/lib/engine/engine.h b/src/lib/engine/engine.h deleted file mode 100644 index 7fe11c12e..000000000 --- a/src/lib/engine/engine.h +++ /dev/null @@ -1,88 +0,0 @@ -/* -* Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ENGINE_H__ -#define BOTAN_ENGINE_H__ - -#include <botan/scan_name.h> -#include <botan/block_cipher.h> -#include <botan/stream_cipher.h> -#include <botan/hash.h> -#include <botan/mac.h> -#include <botan/pbkdf.h> -#include <botan/pow_mod.h> -#include <botan/pk_keys.h> - -namespace Botan { - -class Algorithm_Factory; -class RandomNumberGenerator; - -/** -* Base class for all engines. All non-pure virtual functions simply -* return NULL, indicating the algorithm in question is not -* supported. Subclasses can reimplement whichever function(s) -* they want to hook in a particular type. -*/ -class BOTAN_DLL Engine - { - public: - virtual ~Engine() {} - - /** - * @return name of this engine - */ - virtual std::string provider_name() const = 0; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual BlockCipher* - find_block_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual StreamCipher* - find_stream_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual HashFunction* - find_hash(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual MessageAuthenticationCode* - find_mac(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - }; - -} - -#endif diff --git a/src/lib/engine/info.txt b/src/lib/engine/info.txt deleted file mode 100644 index 800a007a1..000000000 --- a/src/lib/engine/info.txt +++ /dev/null @@ -1,20 +0,0 @@ -define ENGINES 20131128 - -<header:public> -engine.h -</header:public> - -<source> -engine.cpp -</source> - -<requires> -block -hash -libstate -mac -numbertheory -pbkdf -pubkey -stream -</requires> diff --git a/src/lib/engine/openssl/info.txt b/src/lib/engine/openssl/info.txt deleted file mode 100644 index c1be7bf9b..000000000 --- a/src/lib/engine/openssl/info.txt +++ /dev/null @@ -1,21 +0,0 @@ -define ENGINE_OPENSSL 20131128 - -load_on request - -<libs> -all -> crypto -</libs> - -<header:internal> -openssl_engine.h -</header:internal> - -<source> -ossl_arc4.cpp -ossl_bc.cpp -ossl_md.cpp -</source> - -<requires> -bigint -</requires> diff --git a/src/lib/engine/openssl/openssl_engine.h b/src/lib/engine/openssl/openssl_engine.h deleted file mode 100644 index 3e3940499..000000000 --- a/src/lib/engine/openssl/openssl_engine.h +++ /dev/null @@ -1,34 +0,0 @@ -/* -* OpenSSL Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ENGINE_OPENSSL_H__ -#define BOTAN_ENGINE_OPENSSL_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* OpenSSL Engine -*/ -class OpenSSL_Engine : public Engine - { - public: - std::string provider_name() const override { return "openssl"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - StreamCipher* find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - HashFunction* find_hash(const SCAN_Name&, Algorithm_Factory&) const override; - }; - -} - -#endif diff --git a/src/lib/engine/simd_engine/info.txt b/src/lib/engine/simd_engine/info.txt deleted file mode 100644 index 2063c9dfe..000000000 --- a/src/lib/engine/simd_engine/info.txt +++ /dev/null @@ -1,15 +0,0 @@ -define ENGINE_SIMD 20131128 - -load_on dep - -<source> -simd_engine.cpp -</source> - -<header:internal> -simd_engine.h -</header:internal> - -<requires> -simd -</requires> diff --git a/src/lib/engine/simd_engine/simd_engine.cpp b/src/lib/engine/simd_engine/simd_engine.cpp deleted file mode 100644 index f60c5beb2..000000000 --- a/src/lib/engine/simd_engine/simd_engine.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* -* SIMD Engine -* (C) 1999-2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/simd_engine.h> -#include <botan/algo_registry.h> -#include <botan/cpuid.h> - -namespace Botan { - -BlockCipher* -SIMD_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& block_cipher = Algo_Registry<BlockCipher>::global_registry(); - - if(BlockCipher* c = block_cipher.make(request, "avx2")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "ssse3")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "sse2")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "simd32")) - return c; - - return nullptr; - } - -HashFunction* -SIMD_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(HashFunction* c = Algo_Registry<HashFunction>::global_registry().make(request, "sse2")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/simd_engine/simd_engine.h b/src/lib/engine/simd_engine/simd_engine.h deleted file mode 100644 index 3429e0fbd..000000000 --- a/src/lib/engine/simd_engine/simd_engine.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* SIMD Assembly Engine -* (C) 1999-2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_SIMD_ENGINE_H__ -#define BOTAN_SIMD_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for implementations that use some kind of SIMD -*/ -class SIMD_Engine : public Engine - { - public: - std::string provider_name() const { return "simd"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp index 36ad70e3a..1595935d2 100644 --- a/src/lib/entropy/egd/es_egd.cpp +++ b/src/lib/entropy/egd/es_egd.cpp @@ -139,6 +139,8 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { const size_t READ_ATTEMPT = 32; + std::lock_guard<std::mutex> lock(m_mutex); + secure_vector<byte>& io_buffer = accum.get_io_buffer(READ_ATTEMPT); for(size_t i = 0; i != sockets.size(); ++i) diff --git a/src/lib/entropy/egd/es_egd.h b/src/lib/entropy/egd/es_egd.h index d6cce8b7c..5afdc5a41 100644 --- a/src/lib/entropy/egd/es_egd.h +++ b/src/lib/entropy/egd/es_egd.h @@ -41,6 +41,7 @@ class EGD_EntropySource : public EntropySource int m_fd; // cached fd }; + std::mutex m_mutex; std::vector<EGD_Socket> sockets; }; diff --git a/src/lib/entropy/egd/info.txt b/src/lib/entropy/egd/info.txt index b93c4526d..bdf6db71e 100644 --- a/src/lib/entropy/egd/info.txt +++ b/src/lib/entropy/egd/info.txt @@ -1,5 +1,7 @@ define ENTROPY_SRC_EGD 20131128 +load_on request + <source> es_egd.cpp </source> diff --git a/src/lib/entropy/entropy_src.h b/src/lib/entropy/entropy_src.h index 77f822bbf..2bd7d42e5 100644 --- a/src/lib/entropy/entropy_src.h +++ b/src/lib/entropy/entropy_src.h @@ -84,6 +84,8 @@ class BOTAN_DLL Entropy_Accumulator class BOTAN_DLL EntropySource { public: + static void poll_available_sources(class Entropy_Accumulator& accum); + /** * @return name identifying this entropy source */ diff --git a/src/lib/libstate/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp index de146d0ba..67bced409 100644 --- a/src/lib/libstate/entropy_srcs.cpp +++ b/src/lib/entropy/entropy_srcs.cpp @@ -1,11 +1,11 @@ /* -* Global PRNG -* (C) 2008-2010 Jack Lloyd +* Entropy Source Polling +* (C) 2008-2010,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ -#include <botan/libstate.h> +#include <botan/entropy_src.h> #if defined(BOTAN_HAS_ENTROPY_SRC_HIGH_RESOLUTION_TIMER) #include <botan/internal/hres_timer.h> @@ -45,7 +45,9 @@ namespace Botan { -std::vector<std::unique_ptr<EntropySource>> Library_State::entropy_sources() +namespace { + +std::vector<std::unique_ptr<EntropySource>> get_default_entropy_sources() { std::vector<std::unique_ptr<EntropySource>> sources; @@ -100,19 +102,22 @@ std::vector<std::unique_ptr<EntropySource>> Library_State::entropy_sources() return sources; } -void Library_State::poll_available_sources(class Entropy_Accumulator& accum) +} + +//static +void EntropySource::poll_available_sources(class Entropy_Accumulator& accum) { - std::lock_guard<std::mutex> lock(m_entropy_src_mutex); + static std::vector<std::unique_ptr<EntropySource>> g_sources(get_default_entropy_sources()); - if(m_sources.empty()) + if(g_sources.empty()) throw std::runtime_error("No entropy sources enabled at build time, poll failed"); size_t poll_attempt = 0; while(!accum.polling_goal_achieved() && poll_attempt < 16) { - const size_t src_idx = poll_attempt % m_sources.size(); - m_sources[src_idx]->poll(accum); + const size_t src_idx = poll_attempt % g_sources.size(); + g_sources[src_idx]->poll(accum); ++poll_attempt; } } diff --git a/src/lib/entropy/info.txt b/src/lib/entropy/info.txt index d991577f7..77c2669e9 100644 --- a/src/lib/entropy/info.txt +++ b/src/lib/entropy/info.txt @@ -1,3 +1 @@ -<requires> -algo_base -</requires> +define ENTROPY_SOURCE 20150201 diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp index 95dc4e8e3..616c76ea3 100644 --- a/src/lib/entropy/proc_walk/proc_walk.cpp +++ b/src/lib/entropy/proc_walk/proc_walk.cpp @@ -120,6 +120,8 @@ void ProcWalking_EntropySource::poll(Entropy_Accumulator& accum) const size_t MAX_FILES_READ_PER_POLL = 2048; const double ENTROPY_ESTIMATE = 1.0 / (8*1024); + std::lock_guard<std::mutex> lock(m_mutex); + if(!m_dir) m_dir.reset(new Directory_Walker(m_path)); diff --git a/src/lib/entropy/proc_walk/proc_walk.h b/src/lib/entropy/proc_walk/proc_walk.h index 047fb3bb9..218cd752a 100644 --- a/src/lib/entropy/proc_walk/proc_walk.h +++ b/src/lib/entropy/proc_walk/proc_walk.h @@ -34,6 +34,7 @@ class ProcWalking_EntropySource : public EntropySource private: const std::string m_path; + std::mutex m_mutex; std::unique_ptr<File_Descriptor_Source> m_dir; }; diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp index 3f4cd3567..f7583cf23 100644 --- a/src/lib/entropy/unix_procs/unix_procs.cpp +++ b/src/lib/entropy/unix_procs/unix_procs.cpp @@ -69,7 +69,7 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum) { static std::atomic<int> last_pid; - + int pid = ::getpid(); accum.add(pid, 0.0); @@ -186,11 +186,12 @@ const std::vector<std::string>& Unix_EntropySource::next_source() void Unix_EntropySource::poll(Entropy_Accumulator& accum) { - // refuse to run as root (maybe instead setuid to nobody before exec?) - // fixme: this should also check for setgid - if(::getuid() == 0 || ::geteuid() == 0) + // refuse to run setuid or setgid, or as root + if((getuid() != geteuid()) || (getgid() != getegid()) || (geteuid() == 0)) return; + std::lock_guard<std::mutex> lock(m_mutex); + if(m_sources.empty()) { auto sources = get_default_sources(); diff --git a/src/lib/entropy/unix_procs/unix_procs.h b/src/lib/entropy/unix_procs/unix_procs.h index 11dbead65..00ebe13ad 100644 --- a/src/lib/entropy/unix_procs/unix_procs.h +++ b/src/lib/entropy/unix_procs/unix_procs.h @@ -67,6 +67,7 @@ class Unix_EntropySource : public EntropySource const std::vector<std::string>& next_source(); + std::mutex m_mutex; const std::vector<std::string> m_trusted_paths; const size_t m_concurrent; diff --git a/src/lib/filters/aead_filt/aead_filt.h b/src/lib/filters/aead_filt.h index a97b580bd..a97b580bd 100644 --- a/src/lib/filters/aead_filt/aead_filt.h +++ b/src/lib/filters/aead_filt.h diff --git a/src/lib/filters/aead_filt/info.txt b/src/lib/filters/aead_filt/info.txt deleted file mode 100644 index 891f2c167..000000000 --- a/src/lib/filters/aead_filt/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define AEAD_FILTER 20131128 - -<requires> -aead -</requires> diff --git a/src/lib/filters/algo_filt.cpp b/src/lib/filters/algo_filt.cpp index 828f15155..c1f7b00e2 100644 --- a/src/lib/filters/algo_filt.cpp +++ b/src/lib/filters/algo_filt.cpp @@ -6,7 +6,7 @@ */ #include <botan/filters.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <algorithm> namespace Botan { diff --git a/src/lib/filters/info.txt b/src/lib/filters/info.txt index 7bb98a516..da6827833 100644 --- a/src/lib/filters/info.txt +++ b/src/lib/filters/info.txt @@ -8,6 +8,7 @@ comp_filter.cpp data_snk.cpp data_src.cpp filter.cpp +key_filt.cpp out_buf.cpp pipe.cpp pipe_io.cpp @@ -36,14 +37,6 @@ out_buf.h </header:internal> <requires> -alloc -asn1 -block compression -hash -libstate -mac -rng -stream -algo_base +modes </requires> diff --git a/src/lib/filters/key_filt.h b/src/lib/filters/key_filt.h index c2a1fd92b..96b472b7e 100644 --- a/src/lib/filters/key_filt.h +++ b/src/lib/filters/key_filt.h @@ -57,6 +57,52 @@ class BOTAN_DLL Keyed_Filter : public Filter { return (length == 0); } }; + + +/* +* Get a cipher object +*/ + +/** +* Factory method for general symmetric cipher filters. +* @param algo_spec the name of the desired cipher +* @param key the key to be used for encryption/decryption performed by +* the filter +* @param iv the initialization vector to be used +* @param direction determines whether the filter will be an encrypting +* or decrypting filter +* @return pointer to newly allocated encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + const SymmetricKey& key, + const InitializationVector& iv, + Cipher_Dir direction); + +/** +* Factory method for general symmetric cipher filters. +* @param algo_spec the name of the desired cipher +* @param key the key to be used for encryption/decryption performed by +* the filter +* @param direction determines whether the filter will be an encrypting +* or decrypting filter +* @return pointer to the encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + const SymmetricKey& key, + Cipher_Dir direction); + +/** +* Factory method for general symmetric cipher filters. No key will be +* set in the filter. +* +* @param algo_spec the name of the desired cipher +* @param direction determines whether the filter will be an encrypting or +* decrypting filter +* @return pointer to the encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + Cipher_Dir direction); + } #endif diff --git a/src/lib/hash/hash_utils.h b/src/lib/hash/hash_utils.h index 00eabe820..3286b0087 100644 --- a/src/lib/hash/hash_utils.h +++ b/src/lib/hash/hash_utils.h @@ -5,11 +5,11 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_HASH_UTIL_H__ -#define BOTAN_HASH_UTIL_H__ +#ifndef BOTAN_HASH_UTILS_H__ +#define BOTAN_HASH_UTILS_H__ #include <botan/hash.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> @@ -25,8 +25,8 @@ namespace Botan { #define BOTAN_REGISTER_HASH_NAMED_1LEN(type, name, def) \ BOTAN_REGISTER_NAMED_T(HashFunction, name, type, (make_new_T_1len<type,def>)) -#define BOTAN_REGISTER_HASH_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, HashFunction, type, name, provider) +#define BOTAN_REGISTER_HASH_NOARGS_IF(cond, type, name, provider, pref) \ + BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, HashFunction, type, name, provider, pref) } diff --git a/src/lib/hash/info.txt b/src/lib/hash/info.txt index 58ff1b99f..481b39b67 100644 --- a/src/lib/hash/info.txt +++ b/src/lib/hash/info.txt @@ -1,7 +1,3 @@ -<requires> -algo_base -</requires> - <header:internal> hash_utils.h </header:internal> diff --git a/src/lib/hash/par_hash/par_hash.cpp b/src/lib/hash/par_hash/par_hash.cpp index c58b01e72..d3c641a95 100644 --- a/src/lib/hash/par_hash/par_hash.cpp +++ b/src/lib/hash/par_hash/par_hash.cpp @@ -8,7 +8,7 @@ #include <botan/internal/hash_utils.h> #include <botan/par_hash.h> #include <botan/parsing.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/hash/sha1_sse2/info.txt b/src/lib/hash/sha1_sse2/info.txt index 8d4926e63..78f5540e7 100644 --- a/src/lib/hash/sha1_sse2/info.txt +++ b/src/lib/hash/sha1_sse2/info.txt @@ -4,5 +4,4 @@ need_isa sse2 <requires> sha1 -simd_engine </requires> diff --git a/src/lib/hash/sha1_sse2/sha1_sse2.cpp b/src/lib/hash/sha1_sse2/sha1_sse2.cpp index 13cd22eeb..1fc62d957 100644 --- a/src/lib/hash/sha1_sse2/sha1_sse2.cpp +++ b/src/lib/hash/sha1_sse2/sha1_sse2.cpp @@ -14,7 +14,7 @@ namespace Botan { -BOTAN_REGISTER_HASH_NOARGS_IF(CPUID::has_sse2(), SHA_160_SSE2, "SHA-160", "sse2"); +BOTAN_REGISTER_HASH_NOARGS_IF(CPUID::has_sse2(), SHA_160_SSE2, "SHA-160", "sse2", 64); namespace SHA1_SSE2_F { diff --git a/src/lib/hash/sha1_x86_64/info.txt b/src/lib/hash/sha1_x86_64/info.txt index 54d5eefff..db7cdcb92 100644 --- a/src/lib/hash/sha1_x86_64/info.txt +++ b/src/lib/hash/sha1_x86_64/info.txt @@ -7,7 +7,6 @@ x86_64 </arch> <requires> -asm_engine asm_x86_64 sha1 </requires> diff --git a/src/lib/kdf/info.txt b/src/lib/kdf/info.txt index 91489ca24..35032e159 100644 --- a/src/lib/kdf/info.txt +++ b/src/lib/kdf/info.txt @@ -1,8 +1,7 @@ define KDF_BASE 20131128 <requires> -alloc -libstate +base </requires> <header:public> diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index e18d9ce75..793cd3d62 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -6,7 +6,7 @@ */ #include <botan/kdf.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/exceptn.h> namespace Botan { diff --git a/src/lib/kdf/kdf_utils.h b/src/lib/kdf/kdf_utils.h index bf2bfb235..f67892437 100644 --- a/src/lib/kdf/kdf_utils.h +++ b/src/lib/kdf/kdf_utils.h @@ -5,11 +5,11 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_KDF_UTIL_H__ -#define BOTAN_KDF_UTIL_H__ +#ifndef BOTAN_KDF_UTILS_H__ +#define BOTAN_KDF_UTILS_H__ #include <botan/kdf.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/exceptn.h> #include <botan/internal/xor_buf.h> diff --git a/src/lib/libstate/global_state.cpp b/src/lib/libstate/global_state.cpp deleted file mode 100644 index b9b755d87..000000000 --- a/src/lib/libstate/global_state.cpp +++ /dev/null @@ -1,88 +0,0 @@ -/* -* Global State Management -* (C) 2010,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/global_state.h> -#include <botan/libstate.h> -#include <memory> -#include <mutex> - -namespace Botan { - -namespace Global_State_Management { - -namespace { - -std::mutex g_lib_state_mutex; -std::unique_ptr<Library_State> g_lib_state; - -} - -/* -* Access the global state object -*/ -Library_State& global_state() - { - // @todo use double checked locking? (Is this safe in C++11 mm?) - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - - /* Lazy initialization. Botan still needs to be deinitialized later - on or memory might leak. - */ - if(!g_lib_state) - { - g_lib_state.reset(new Library_State); - g_lib_state->initialize(); - } - - return (*g_lib_state); - } - -/* -* Set a new global state object -*/ -void set_global_state(Library_State* state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - g_lib_state.reset(state); - } - -/* -* Set a new global state object unless one already existed -*/ -bool set_global_state_unless_set(Library_State* state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - - if(g_lib_state) - return false; - - g_lib_state.reset(state); - return true; - } - -/* -* Swap two global state objects -*/ -Library_State* swap_global_state(Library_State* new_state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - Library_State* old_state = g_lib_state.release(); - g_lib_state.reset(new_state); - return old_state; - } - -/* -* Query if library is initialized -*/ -bool global_state_exists() - { - return (g_lib_state != nullptr); - } - -} - -} diff --git a/src/lib/libstate/global_state.h b/src/lib/libstate/global_state.h deleted file mode 100644 index 6597b6606..000000000 --- a/src/lib/libstate/global_state.h +++ /dev/null @@ -1,69 +0,0 @@ -/* -* Global State Management -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_GLOBAL_STATE_H__ -#define BOTAN_GLOBAL_STATE_H__ - -#include <botan/build.h> - -namespace Botan { - -/* -* Forward declare to avoid recursive dependency between this header -* and libstate.h -*/ -class Library_State; - -/** -* Namespace for management of the global state -*/ -namespace Global_State_Management { - -/** -* Access the global library state -* @return reference to the global library state -*/ -BOTAN_DLL Library_State& global_state(); - -/** -* Set the global state object -* @param state the new global state to use -*/ -BOTAN_DLL void set_global_state(Library_State* state); - -/** -* Set the global state object unless it is already set -* @param state the new global state to use -* @return true if the state parameter is now being used as the global -* state, or false if one was already set, in which case the -* parameter was deleted immediately -*/ -BOTAN_DLL bool set_global_state_unless_set(Library_State* state); - -/** -* Swap the current state for another -* @param new_state the new state object to use -* @return previous state (or NULL if none) -*/ -BOTAN_DLL Library_State* swap_global_state(Library_State* new_state); - -/** -* Query if the library is currently initialized -* @return true iff the library is initialized -*/ -BOTAN_DLL bool global_state_exists(); - -} - -/* -* Insert into Botan ns for convenience/backwards compatability -*/ -using Global_State_Management::global_state; - -} - -#endif diff --git a/src/lib/libstate/info.txt b/src/lib/libstate/info.txt deleted file mode 100644 index 49a6d38ee..000000000 --- a/src/lib/libstate/info.txt +++ /dev/null @@ -1,21 +0,0 @@ -load_on always - -<requires> -algo_factory -alloc -bigint -block -core_engine -engine -filters -hash -hmac -kdf -mac -mode_pad -pbkdf -pk_pad -pubkey -rng -stream -</requires> diff --git a/src/lib/libstate/init.cpp b/src/lib/libstate/init.cpp deleted file mode 100644 index 6155b3bd2..000000000 --- a/src/lib/libstate/init.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Library initialization -* (C) 1999-2009.2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/init.h> -#include <botan/libstate.h> -#include <botan/global_state.h> - -namespace Botan { - -LibraryInitializer::LibraryInitializer() - { - /* - This two stage initialization process is because Library_State's - constructor will implicitly refer to global state through the - allocators and so forth, so global_state() has to be a valid - reference before initialize() can be called. Yeah, gross. - */ - m_owned = Global_State_Management::set_global_state_unless_set(new Library_State); - - if(m_owned) - { - try - { - global_state().initialize(); - } - catch(...) - { - Global_State_Management::set_global_state(nullptr); - throw; - } - } - } - -LibraryInitializer::~LibraryInitializer() - { - if(m_owned) - Global_State_Management::set_global_state(nullptr); - } - -} diff --git a/src/lib/libstate/init.h b/src/lib/libstate/init.h deleted file mode 100644 index 46bcc66fa..000000000 --- a/src/lib/libstate/init.h +++ /dev/null @@ -1,31 +0,0 @@ -/* -* Library Initialization -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LIBRARY_INITIALIZER_H__ -#define BOTAN_LIBRARY_INITIALIZER_H__ - -#include <botan/build.h> -#include <string> - -namespace Botan { - -/** -* This class represents the Library Initialization/Shutdown Object. It -* has to exceed the lifetime of any Botan object used in an application. -*/ -class BOTAN_DLL LibraryInitializer - { - public: - LibraryInitializer(); - ~LibraryInitializer(); - private: - bool m_owned; - }; - -} - -#endif diff --git a/src/lib/libstate/libstate.cpp b/src/lib/libstate/libstate.cpp deleted file mode 100644 index a5010fc1a..000000000 --- a/src/lib/libstate/libstate.cpp +++ /dev/null @@ -1,87 +0,0 @@ -/* -* Library Internal/Global State -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/libstate.h> -#include <botan/charset.h> -#include <botan/engine.h> -#include <botan/oids.h> -#include <botan/internal/core_engine.h> -#include <botan/internal/stl_util.h> -#include <algorithm> - -#if defined(BOTAN_HAS_ENGINE_ASSEMBLER) - #include <botan/internal/asm_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_AES_ISA) - #include <botan/internal/aes_isa_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_SIMD) - #include <botan/internal/simd_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_GNU_MP) - #include <botan/internal/gnump_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_OPENSSL) - #include <botan/internal/openssl_engine.h> -#endif - -namespace Botan { - -/* -* Return a reference to the Algorithm_Factory -*/ -Algorithm_Factory& Library_State::algorithm_factory() const - { - if(!m_algorithm_factory) - throw Invalid_State("Uninitialized in Library_State::algorithm_factory"); - return *m_algorithm_factory; - } - -Library_State::~Library_State() - { - } - -void Library_State::initialize() - { - SCAN_Name::set_default_aliases(); - OIDS::set_defaults(); - - if(m_algorithm_factory.get()) - throw Invalid_State("Library_State has already been initialized"); - - m_algorithm_factory.reset(new Algorithm_Factory()); - -#if defined(BOTAN_HAS_ENGINE_GNU_MP) - algorithm_factory().add_engine(new GMP_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_OPENSSL) - algorithm_factory().add_engine(new OpenSSL_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_AES_ISA) - algorithm_factory().add_engine(new AES_ISA_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_SIMD) - algorithm_factory().add_engine(new SIMD_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_ASSEMBLER) - algorithm_factory().add_engine(new Assembler_Engine); -#endif - - algorithm_factory().add_engine(new Core_Engine); - - m_sources = entropy_sources(); - } - -} diff --git a/src/lib/libstate/libstate.h b/src/lib/libstate/libstate.h deleted file mode 100644 index 908f92f4d..000000000 --- a/src/lib/libstate/libstate.h +++ /dev/null @@ -1,54 +0,0 @@ -/* -* Library Internal/Global State -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LIB_STATE_H__ -#define BOTAN_LIB_STATE_H__ - -#include <botan/global_state.h> -#include <botan/algo_factory.h> -#include <botan/rng.h> -#include <mutex> -#include <string> -#include <vector> -#include <map> - -namespace Botan { - -/** -* Global Library State -*/ -class BOTAN_DLL Library_State - { - public: - Library_State() {} - - ~Library_State(); - - Library_State(const Library_State&) = delete; - Library_State& operator=(const Library_State&) = delete; - - void initialize(); - - /** - * @return global Algorithm_Factory - */ - Algorithm_Factory& algorithm_factory() const; - - void poll_available_sources(class Entropy_Accumulator& accum); - - private: - static std::vector<std::unique_ptr<EntropySource>> entropy_sources(); - - std::mutex m_entropy_src_mutex; - std::vector<std::unique_ptr<EntropySource>> m_sources; - - std::unique_ptr<Algorithm_Factory> m_algorithm_factory; - }; - -} - -#endif diff --git a/src/lib/libstate/lookup.cpp b/src/lib/libstate/lookup.cpp deleted file mode 100644 index 08f0ac866..000000000 --- a/src/lib/libstate/lookup.cpp +++ /dev/null @@ -1,166 +0,0 @@ -/* -* Algorithm Retrieval -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/lookup.h> -#include <botan/cipher_mode.h> -#include <botan/filters.h> -#include <botan/libstate.h> -#include <botan/parsing.h> -#include <botan/transform_filter.h> - -#if defined(BOTAN_HAS_OFB) - #include <botan/ofb.h> -#endif - -#if defined(BOTAN_HAS_CTR_BE) - #include <botan/ctr.h> -#endif - -namespace Botan { - -/* -* Get a PBKDF algorithm by name -*/ -PBKDF* get_pbkdf(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(PBKDF* pbkdf = af.make_pbkdf(algo_spec)) - return pbkdf; - - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Query if an algorithm exists -*/ -bool have_algorithm(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(af.prototype_block_cipher(name)) - return true; - if(af.prototype_stream_cipher(name)) - return true; - if(af.prototype_hash_function(name)) - return true; - if(af.prototype_mac(name)) - return true; - return false; - } - -/* -* Query the block size of a cipher or hash -*/ -size_t block_size_of(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(const BlockCipher* cipher = af.prototype_block_cipher(name)) - return cipher->block_size(); - - if(const HashFunction* hash = af.prototype_hash_function(name)) - return hash->hash_block_size(); - - throw Algorithm_Not_Found(name); - } - -/* -* Query the output_length() of a hash or MAC -*/ -size_t output_length_of(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(const HashFunction* hash = af.prototype_hash_function(name)) - return hash->output_length(); - - if(const MessageAuthenticationCode* mac = af.prototype_mac(name)) - return mac->output_length(); - - throw Algorithm_Not_Found(name); - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - Cipher_Dir direction) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - std::unique_ptr<Cipher_Mode> c(get_cipher_mode(algo_spec, direction)); - if(c) - return new Transform_Filter(c.release()); - - std::vector<std::string> algo_parts = split_on(algo_spec, '/'); - if(algo_parts.empty()) - throw Invalid_Algorithm_Name(algo_spec); - - const std::string cipher_name = algo_parts[0]; - - // check if it is a stream cipher first (easy case) - const StreamCipher* stream_cipher = af.prototype_stream_cipher(cipher_name); - if(stream_cipher) - return new StreamCipher_Filter(stream_cipher->clone()); - - const BlockCipher* block_cipher = af.prototype_block_cipher(cipher_name); - if(!block_cipher) - return nullptr; - - if(algo_parts.size() >= 4) - return nullptr; // 4 part mode, not something we know about - - if(algo_parts.size() < 2) - throw Lookup_Error("Cipher specification '" + algo_spec + - "' is missing mode identifier"); - - const std::string mode = algo_parts[1]; - - -#if defined(BOTAN_HAS_OFB) - if(mode == "OFB") - return new StreamCipher_Filter(new OFB(block_cipher->clone())); -#endif - -#if defined(BOTAN_HAS_CTR_BE) - if(mode == "CTR-BE") - return new StreamCipher_Filter(new CTR_BE(block_cipher->clone())); -#endif - - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - const InitializationVector& iv, - Cipher_Dir direction) - { - Keyed_Filter* cipher = get_cipher(algo_spec, direction); - cipher->set_key(key); - - if(iv.length()) - cipher->set_iv(iv); - - return cipher; - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - Cipher_Dir direction) - { - return get_cipher(algo_spec, - key, InitializationVector(), direction); - } - -} diff --git a/src/lib/libstate/lookup.h b/src/lib/libstate/lookup.h deleted file mode 100644 index 4350fbbd5..000000000 --- a/src/lib/libstate/lookup.h +++ /dev/null @@ -1,275 +0,0 @@ -/* -* Algorithm Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LOOKUP_H__ -#define BOTAN_LOOKUP_H__ - -#include <botan/libstate.h> -#include <botan/filters.h> -#include <botan/mode_pad.h> -#include <botan/kdf.h> -#include <botan/eme.h> -#include <botan/emsa.h> -#include <botan/pbkdf.h> - -namespace Botan { - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const BlockCipher* -retrieve_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_block_cipher(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const StreamCipher* -retrieve_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_stream_cipher(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const HashFunction* -retrieve_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_hash_function(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const MessageAuthenticationCode* -retrieve_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_mac(algo_spec); - } - -/* -* Get an algorithm object -* NOTE: these functions create and return new objects, letting the -* caller assume ownership of them -*/ - -/** -* Block cipher factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired block cipher -* @return pointer to the block cipher object -*/ -inline BlockCipher* get_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_block_cipher(algo_spec); - } - -/** -* Stream cipher factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired stream cipher -* @return pointer to the stream cipher object -*/ -inline StreamCipher* get_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_stream_cipher(algo_spec); - } - -/** -* Hash function factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired hash function -* @return pointer to the hash function object -*/ -inline HashFunction* get_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_hash_function(algo_spec); - } - -/** -* MAC factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired MAC -* @return pointer to the MAC object -*/ -inline MessageAuthenticationCode* get_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_mac(algo_spec); - } - -/** -* Password based key derivation function factory method -* @param algo_spec the name of the desired PBKDF algorithm -* @return pointer to newly allocated object of that type -*/ -BOTAN_DLL PBKDF* get_pbkdf(const std::string& algo_spec); - -/** -* @deprecated Use get_pbkdf -* @param algo_spec the name of the desired algorithm -* @return pointer to newly allocated object of that type -*/ -inline PBKDF* get_s2k(const std::string& algo_spec) - { - return get_pbkdf(algo_spec); - } - -/* -* Get a cipher object -*/ - -/** -* Factory method for general symmetric cipher filters. -* @param algo_spec the name of the desired cipher -* @param key the key to be used for encryption/decryption performed by -* the filter -* @param iv the initialization vector to be used -* @param direction determines whether the filter will be an encrypting -* or decrypting filter -* @return pointer to newly allocated encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - const InitializationVector& iv, - Cipher_Dir direction); - -/** -* Factory method for general symmetric cipher filters. -* @param algo_spec the name of the desired cipher -* @param key the key to be used for encryption/decryption performed by -* the filter -* @param direction determines whether the filter will be an encrypting -* or decrypting filter -* @return pointer to the encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - Cipher_Dir direction); - -/** -* Factory method for general symmetric cipher filters. No key will be -* set in the filter. -* -* @param algo_spec the name of the desired cipher -* @param direction determines whether the filter will be an encrypting or -* decrypting filter -* @return pointer to the encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - Cipher_Dir direction); - -/** -* Check if an algorithm exists. -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -BOTAN_DLL bool have_algorithm(const std::string& algo_spec); - -/** -* Check if a block cipher algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_block_cipher(algo_spec) != nullptr); - } - -/** -* Check if a stream cipher algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_stream_cipher(algo_spec) != nullptr); - } - -/** -* Check if a hash algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_hash_function(algo_spec) != nullptr); - } - -/** -* Check if a MAC algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_mac(algo_spec) != nullptr); - } - -/* -* Query information about an algorithm -*/ - -/** -* Find out the block size of a certain symmetric algorithm. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm -* @return block size of the specified algorithm -*/ -BOTAN_DLL size_t block_size_of(const std::string& algo_spec); - -/** -* Find out the output length of a certain symmetric algorithm. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm -* @return output length of the specified algorithm -*/ -BOTAN_DLL size_t output_length_of(const std::string& algo_spec); - -} - -#endif diff --git a/src/lib/mac/info.txt b/src/lib/mac/info.txt index 871e415ee..3931f22e2 100644 --- a/src/lib/mac/info.txt +++ b/src/lib/mac/info.txt @@ -1,7 +1,3 @@ -<requires> -algo_base -</requires> - <header:public> mac.h </header:public> diff --git a/src/lib/mac/mac_utils.h b/src/lib/mac/mac_utils.h index 84c954789..5b22da4a3 100644 --- a/src/lib/mac/mac_utils.h +++ b/src/lib/mac/mac_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_MAC_UTIL_H__ -#define BOTAN_MAC_UTIL_H__ +#ifndef BOTAN_MAC_UTILS_H__ +#define BOTAN_MAC_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/internal/xor_buf.h> #include <botan/loadstor.h> #include <botan/rotate.h> diff --git a/src/lib/mac/poly1305/poly1305_donna.h b/src/lib/mac/poly1305/poly1305_donna.h index 128d0359b..a5c9e1edf 100644 --- a/src/lib/mac/poly1305/poly1305_donna.h +++ b/src/lib/mac/poly1305/poly1305_donna.h @@ -107,7 +107,7 @@ void poly1305_finish(secure_vector<u64bit>& X, byte mac[16]) /* compute h + -p */ u64bit g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; u64bit g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; - u64bit g2 = h2 + c - ((u64bit)1 << 42); + u64bit g2 = h2 + c - (static_cast<u64bit>(1) << 42); /* select h if h < p, or h + -p if h >= p */ c = (g2 >> ((sizeof(u64bit) * 8) - 1)) - 1; diff --git a/src/lib/math/numbertheory/info.txt b/src/lib/math/numbertheory/info.txt index 62386c3bc..cf555b456 100644 --- a/src/lib/math/numbertheory/info.txt +++ b/src/lib/math/numbertheory/info.txt @@ -27,9 +27,7 @@ ressol.cpp </source> <requires> -algo_factory bigint hash -libstate rng </requires> diff --git a/src/lib/modes/cipher_mode.cpp b/src/lib/modes/cipher_mode.cpp index ded7b4c81..f568415f4 100644 --- a/src/lib/modes/cipher_mode.cpp +++ b/src/lib/modes/cipher_mode.cpp @@ -6,16 +6,17 @@ */ #include <botan/cipher_mode.h> +#include <botan/lookup.h> #include <sstream> namespace Botan { Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) { - const char* dir_string = (direction == ENCRYPTION) ? "_Encryption" : "_Decryption"; - const std::string provider = ""; + const char* dir_string = (direction == ENCRYPTION) ? "_Encryption" : "_Decryption"; + std::unique_ptr<Transform> t; t.reset(get_transform(algo_spec, provider, dir_string)); @@ -36,16 +37,19 @@ Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) if(mode_info.empty()) return nullptr; - std::ostringstream t_name; + std::ostringstream alg_args; - t_name << mode_info[0] << dir_string << '(' << cipher_name; + alg_args << '(' << cipher_name; for(size_t i = 1; i < mode_info.size(); ++i) - t_name << ',' << mode_info[i]; + alg_args << ',' << mode_info[i]; for(size_t i = 2; i < algo_parts.size(); ++i) - t_name << ',' << algo_parts[i]; - t_name << ')'; + alg_args << ',' << algo_parts[i]; + alg_args << ')'; - t.reset(get_transform(t_name.str(), provider)); + const std::string mode_name = mode_info[0] + alg_args.str(); + const std::string mode_name_directional = mode_info[0] + dir_string + alg_args.str(); + + t.reset(get_transform(mode_name_directional, provider)); if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get())) { @@ -53,6 +57,17 @@ Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) return cipher; } + t.reset(get_transform(mode_name, provider)); + + if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get())) + { + t.release(); + return cipher; + } + + if(StreamCipher* stream_cipher = get_stream_cipher(mode_name, provider)) + return new Stream_Cipher_Mode(stream_cipher); + return nullptr; } diff --git a/src/lib/modes/cipher_mode.h b/src/lib/modes/cipher_mode.h index 691852214..19c0af150 100644 --- a/src/lib/modes/cipher_mode.h +++ b/src/lib/modes/cipher_mode.h @@ -9,6 +9,7 @@ #define BOTAN_CIPHER_MODE_H__ #include <botan/transform.h> +#include <botan/stream_cipher.h> namespace Botan { @@ -25,6 +26,52 @@ class BOTAN_DLL Cipher_Mode : public Keyed_Transform virtual bool authenticated() const { return false; } }; +class BOTAN_DLL Stream_Cipher_Mode : public Cipher_Mode + { + public: + Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} + + void update(secure_vector<byte>& buf, size_t offset) override + { + if(offset < buf.size()) + m_cipher->cipher1(&buf[offset], buf.size() - offset); + } + + void finish(secure_vector<byte>& buf, size_t offset) override + { return update(buf, offset); } + + size_t output_length(size_t input_length) const override { return input_length; } + + size_t update_granularity() const override { return 64; /* arbitrary */ } + + size_t minimum_final_size() const override { return 0; } + + size_t default_nonce_length() const override { return 0; } + + bool valid_nonce_length(size_t nonce_len) const override + { return m_cipher->valid_iv_length(nonce_len); } + + Key_Length_Specification key_spec() const override { return m_cipher->key_spec(); } + + std::string name() const override { return m_cipher->name(); } + + void clear() override { return m_cipher->clear(); } + + private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override + { + m_cipher->set_iv(nonce, nonce_len); + return secure_vector<byte>(); + } + + void key_schedule(const byte key[], size_t length) + { + m_cipher->set_key(key, length); + } + + std::unique_ptr<StreamCipher> m_cipher; + }; + BOTAN_DLL Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction); } diff --git a/src/lib/modes/info.txt b/src/lib/modes/info.txt index b3d6d3b5f..6ed13e782 100644 --- a/src/lib/modes/info.txt +++ b/src/lib/modes/info.txt @@ -1,6 +1,7 @@ <requires> block +stream </requires> <header:public> diff --git a/src/lib/modes/mode_utils.h b/src/lib/modes/mode_utils.h index 70c996428..ef2840000 100644 --- a/src/lib/modes/mode_utils.h +++ b/src/lib/modes/mode_utils.h @@ -9,7 +9,7 @@ #define BOTAN_MODE_UTILS_H__ #include <botan/cipher_mode.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/block_cipher.h> #include <botan/loadstor.h> #include <botan/internal/xor_buf.h> @@ -52,17 +52,17 @@ T* make_block_cipher_mode_len2(const Transform::Spec& spec) return nullptr; } -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE(E, D) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode<E>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode<D>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE(E, D) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, make_block_cipher_mode<E>); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, make_block_cipher_mode<D>); -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN(E, D, LEN) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode_len<E, LEN>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode_len<D, LEN>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN(E, D, LEN) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, (make_block_cipher_mode_len<E, LEN>)); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, (make_block_cipher_mode_len<D, LEN>)); -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2(E, D, LEN1, LEN2) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode_len2<E, LEN1, LEN2>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode_len2<D, LEN1, LEN2>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2(E, D, LEN1, LEN2) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, (make_block_cipher_mode_len2<E, LEN1, LEN2>)); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, (make_block_cipher_mode_len2<D, LEN1, LEN2>)); } diff --git a/src/lib/engine/openssl/ossl_arc4.cpp b/src/lib/openssl/ossl_arc4.cpp index 4533c2688..4533c2688 100644 --- a/src/lib/engine/openssl/ossl_arc4.cpp +++ b/src/lib/openssl/ossl_arc4.cpp diff --git a/src/lib/engine/openssl/ossl_bc.cpp b/src/lib/openssl/ossl_bc.cpp index 8e8c6e5a8..8e8c6e5a8 100644 --- a/src/lib/engine/openssl/ossl_bc.cpp +++ b/src/lib/openssl/ossl_bc.cpp diff --git a/src/lib/engine/openssl/ossl_md.cpp b/src/lib/openssl/ossl_md.cpp index 063271151..063271151 100644 --- a/src/lib/engine/openssl/ossl_md.cpp +++ b/src/lib/openssl/ossl_md.cpp diff --git a/src/lib/passhash/bcrypt/info.txt b/src/lib/passhash/bcrypt/info.txt index 5cc246cab..4ea70d012 100644 --- a/src/lib/passhash/bcrypt/info.txt +++ b/src/lib/passhash/bcrypt/info.txt @@ -1,7 +1,6 @@ define BCRYPT 20131128 <requires> -libstate blowfish rng base64 diff --git a/src/lib/passhash/passhash9/info.txt b/src/lib/passhash/passhash9/info.txt index b02052eca..e47a27f67 100644 --- a/src/lib/passhash/passhash9/info.txt +++ b/src/lib/passhash/passhash9/info.txt @@ -1,7 +1,6 @@ define PASSHASH9 20131128 <requires> -libstate pbkdf2 rng base64 diff --git a/src/lib/pbkdf/info.txt b/src/lib/pbkdf/info.txt index d991577f7..32876bd44 100644 --- a/src/lib/pbkdf/info.txt +++ b/src/lib/pbkdf/info.txt @@ -1,3 +1,11 @@ <requires> -algo_base +base </requires> + +<header:public> +pbkdf.h +</header:public> + +<header:internal> +pbkdf_utils.h +</header:internal> diff --git a/src/lib/pbkdf/pbkdf.h b/src/lib/pbkdf/pbkdf.h index e86ad265d..ad5346e36 100644 --- a/src/lib/pbkdf/pbkdf.h +++ b/src/lib/pbkdf/pbkdf.h @@ -9,6 +9,7 @@ #define BOTAN_PBKDF_H__ #include <botan/symkey.h> +#include <botan/scan_name.h> #include <chrono> namespace Botan { @@ -24,6 +25,8 @@ class BOTAN_DLL PBKDF virtual ~PBKDF() {} + typedef SCAN_Name Spec; + /** * @return new instance of this same algorithm */ diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.cpp b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp index b21530f0c..e5dda579f 100644 --- a/src/lib/pbkdf/pbkdf1/pbkdf1.cpp +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp @@ -5,11 +5,14 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include <botan/internal/pbkdf_utils.h> #include <botan/pbkdf1.h> #include <botan/exceptn.h> namespace Botan { +BOTAN_REGISTER_PBKDF_1HASH(PKCS5_PBKDF1, "PBKDF1") + /* * Return a PKCS#5 PBKDF1 derived key */ diff --git a/src/lib/pbkdf/pbkdf2/info.txt b/src/lib/pbkdf/pbkdf2/info.txt index b13168c53..9863532b7 100644 --- a/src/lib/pbkdf/pbkdf2/info.txt +++ b/src/lib/pbkdf/pbkdf2/info.txt @@ -1,5 +1,5 @@ define PBKDF2 20131128 <requires> -mac +hmac </requires> diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp index 8ca0cbb0c..fedf036a3 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp @@ -5,13 +5,28 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include <botan/internal/pbkdf_utils.h> #include <botan/pbkdf2.h> #include <botan/get_byte.h> +#include <botan/hmac.h> #include <botan/internal/xor_buf.h> #include <botan/internal/rounding.h> namespace Botan { +BOTAN_REGISTER_NAMED_T(PBKDF, "PBKDF2", PKCS5_PBKDF2, PKCS5_PBKDF2::make); + +PKCS5_PBKDF2* PKCS5_PBKDF2::make(const Spec& spec) + { + if(auto mac = make_a<MessageAuthenticationCode>(spec.arg(0))) + return new PKCS5_PBKDF2(mac); + + if(auto hash = make_a<HashFunction>(spec.arg(0))) + return new PKCS5_PBKDF2(new HMAC(hash)); + + return nullptr; + } + /* * Return a PKCS #5 PBKDF2 derived key */ diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.h b/src/lib/pbkdf/pbkdf2/pbkdf2.h index d2ed6a08c..3d1a14fab 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.h +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.h @@ -10,6 +10,7 @@ #include <botan/pbkdf.h> #include <botan/mac.h> +#include <botan/hash.h> namespace Botan { @@ -41,6 +42,8 @@ class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF * @param mac_fn the MAC object to use as PRF */ PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : mac(mac_fn) {} + + static PKCS5_PBKDF2* make(const Spec& spec); private: std::unique_ptr<MessageAuthenticationCode> mac; }; diff --git a/src/lib/pbkdf/pbkdf_utils.h b/src/lib/pbkdf/pbkdf_utils.h new file mode 100644 index 000000000..480fc70eb --- /dev/null +++ b/src/lib/pbkdf/pbkdf_utils.h @@ -0,0 +1,23 @@ +/* +* PBKDF Utility Header +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PBKDF_UTILS_H__ +#define BOTAN_PBKDF_UTILS_H__ + +#include <botan/pbkdf.h> +#include <botan/internal/algo_registry.h> + +namespace Botan { + +#define BOTAN_REGISTER_PBKDF_1HASH(type, name) \ + BOTAN_REGISTER_NAMED_T(PBKDF, name, type, (make_new_T_1X<type, HashFunction>)) +#define BOTAN_REGISTER_PBKDF_1MAC(type, name) \ + BOTAN_REGISTER_NAMED_T(PBKDF, name, type, (make_new_T_1X<type, MessageAuthenticationCode>)) + +} + +#endif diff --git a/src/lib/pk_pad/get_pk_pad.cpp b/src/lib/pk_pad/get_pk_pad.cpp index e7f234f48..691de23e2 100644 --- a/src/lib/pk_pad/get_pk_pad.cpp +++ b/src/lib/pk_pad/get_pk_pad.cpp @@ -8,7 +8,7 @@ #include <botan/emsa.h> #include <botan/eme.h> #include <botan/scan_name.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/pk_pad/pad_utils.h b/src/lib/pk_pad/pad_utils.h index fecdea2de..2d261ffa6 100644 --- a/src/lib/pk_pad/pad_utils.h +++ b/src/lib/pk_pad/pad_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_PK_PAD_UTIL_H__ -#define BOTAN_PK_PAD_UTIL_H__ +#ifndef BOTAN_PK_PAD_UTILS_H__ +#define BOTAN_PK_PAD_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/hash_id.h> #include <botan/internal/xor_buf.h> #include <botan/loadstor.h> diff --git a/src/lib/prf/hkdf/info.txt b/src/lib/prf/hkdf/info.txt index 7389e5bb1..9c7e1fbfd 100644 --- a/src/lib/prf/hkdf/info.txt +++ b/src/lib/prf/hkdf/info.txt @@ -1 +1,6 @@ define HKDF 20131128 + +<requires> +mac +hash +</requires> diff --git a/src/lib/pubkey/blinding.cpp b/src/lib/pubkey/blinding.cpp index 61da26a04..cd2b3d118 100644 --- a/src/lib/pubkey/blinding.cpp +++ b/src/lib/pubkey/blinding.cpp @@ -8,42 +8,50 @@ #include <botan/blinding.h> #include <botan/numthry.h> +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include <botan/system_rng.h> +#else + #include <botan/auto_rng.h> +#endif + namespace Botan { -/* -* Blinder Constructor -*/ -Blinder::Blinder(const BigInt& e, const BigInt& d, const BigInt& n) +// TODO: use Montgomery + +Blinder::Blinder(const BigInt& modulus, + std::function<BigInt (const BigInt&)> fwd_func, + std::function<BigInt (const BigInt&)> inv_func) { - if(e < 1 || d < 1 || n < 1) - throw Invalid_Argument("Blinder: Arguments too small"); + m_reducer = Modular_Reducer(modulus); + +#if defined(BOTAN_HAS_SYSTEM_RNG) + auto& rng = system_rng(); +#else + AutoSeeded_RNG rng; +#endif + + const BigInt k(rng, modulus.bits() - 1); - reducer = Modular_Reducer(n); - this->e = e; - this->d = d; + m_e = fwd_func(k); + m_d = inv_func(k); } -/* -* Blind a number -*/ BigInt Blinder::blind(const BigInt& i) const { - if(!reducer.initialized()) - return i; + if(!m_reducer.initialized()) + throw std::runtime_error("Blinder not initialized, cannot blind"); - e = reducer.square(e); - d = reducer.square(d); - return reducer.multiply(i, e); + m_e = m_reducer.square(m_e); + m_d = m_reducer.square(m_d); + return m_reducer.multiply(i, m_e); } -/* -* Unblind a number -*/ BigInt Blinder::unblind(const BigInt& i) const { - if(!reducer.initialized()) - return i; - return reducer.multiply(i, d); + if(!m_reducer.initialized()) + throw std::runtime_error("Blinder not initialized, cannot unblind"); + + return m_reducer.multiply(i, m_d); } } diff --git a/src/lib/pubkey/blinding.h b/src/lib/pubkey/blinding.h index 1aa7687a9..e57c7888e 100644 --- a/src/lib/pubkey/blinding.h +++ b/src/lib/pubkey/blinding.h @@ -10,6 +10,7 @@ #include <botan/bigint.h> #include <botan/reducer.h> +#include <functional> namespace Botan { @@ -20,25 +21,20 @@ class BOTAN_DLL Blinder { public: BigInt blind(const BigInt& x) const; + BigInt unblind(const BigInt& x) const; - bool initialized() const { return reducer.initialized(); } + bool initialized() const { return m_reducer.initialized(); } Blinder() {} - /** - * Construct a blinder - * @param mask the forward (blinding) mask - * @param inverse_mask the inverse of mask (depends on algo) - * @param modulus of the group operations are performed in - */ - Blinder(const BigInt& mask, - const BigInt& inverse_mask, - const BigInt& modulus); + Blinder(const BigInt& modulus, + std::function<BigInt (const BigInt&)> fwd_func, + std::function<BigInt (const BigInt&)> inv_func); private: - Modular_Reducer reducer; - mutable BigInt e, d; + Modular_Reducer m_reducer; + mutable BigInt m_e, m_d; }; } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 8f44895ae..be411c5d8 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -11,12 +11,6 @@ #include <botan/pow_mod.h> #include <botan/blinding.h> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -96,34 +90,31 @@ class DH_KA_Operation : public PK_Ops::Key_Agreement secure_vector<byte> agree(const byte w[], size_t w_len); private: - const BigInt& p; + const BigInt& m_p; - Fixed_Exponent_Power_Mod powermod_x_p; - Blinder blinder; + Fixed_Exponent_Power_Mod m_powermod_x_p; + Blinder m_blinder; }; DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh, const std::string&) : - p(dh.group_p()), powermod_x_p(dh.get_x(), p) + m_p(dh.group_p()), + m_powermod_x_p(dh.get_x(), m_p), + m_blinder(m_p, + [](const BigInt& k) { return k; }, + [this](const BigInt& k) { return m_powermod_x_p(inverse_mod(k, m_p)); }) { -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, p.bits() - 1); - blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } secure_vector<byte> DH_KA_Operation::agree(const byte w[], size_t w_len) { BigInt input = BigInt::decode(w, w_len); - if(input <= 1 || input >= p - 1) + if(input <= 1 || input >= m_p - 1) throw Invalid_Argument("DH agreement - invalid key provided"); - BigInt r = blinder.unblind(powermod_x_p(blinder.blind(input))); + BigInt r = m_blinder.unblind(m_powermod_x_p(m_blinder.blind(input))); - return BigInt::encode_1363(r, p.bytes()); + return BigInt::encode_1363(r, m_p.bytes()); } } diff --git a/src/lib/pubkey/dh/info.txt b/src/lib/pubkey/dh/info.txt index bb2707951..13ee41d5b 100644 --- a/src/lib/pubkey/dh/info.txt +++ b/src/lib/pubkey/dh/info.txt @@ -11,6 +11,5 @@ dh.cpp <requires> dl_algo dl_group -libstate numbertheory </requires> diff --git a/src/lib/pubkey/dl_group/info.txt b/src/lib/pubkey/dl_group/info.txt index b094c03f5..66f142062 100644 --- a/src/lib/pubkey/dl_group/info.txt +++ b/src/lib/pubkey/dl_group/info.txt @@ -3,7 +3,6 @@ define DL_GROUP 20131128 <requires> asn1 bigint -libstate numbertheory pem </requires> diff --git a/src/lib/pubkey/dlies/info.txt b/src/lib/pubkey/dlies/info.txt index b159cc546..ec1bac803 100644 --- a/src/lib/pubkey/dlies/info.txt +++ b/src/lib/pubkey/dlies/info.txt @@ -2,6 +2,5 @@ define DLIES 20131128 <requires> kdf -libstate mac </requires> diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt index ad14494a2..6e0259ce2 100644 --- a/src/lib/pubkey/dsa/info.txt +++ b/src/lib/pubkey/dsa/info.txt @@ -4,7 +4,6 @@ define DSA 20131128 dl_algo dl_group keypair -libstate numbertheory rfc6979 </requires> diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index d024480bb..fc46675bd 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -10,7 +10,6 @@ #include <botan/ec_group.h> #include <botan/ber_dec.h> #include <botan/der_enc.h> -#include <botan/libstate.h> #include <botan/oids.h> #include <botan/pem.h> diff --git a/src/lib/pubkey/ec_group/info.txt b/src/lib/pubkey/ec_group/info.txt index 661f24473..c1cab112e 100644 --- a/src/lib/pubkey/ec_group/info.txt +++ b/src/lib/pubkey/ec_group/info.txt @@ -3,7 +3,6 @@ define ECC_GROUP 20131128 <requires> asn1 ec_gfp -libstate numbertheory oid_lookup pem diff --git a/src/lib/pubkey/ecdh/info.txt b/src/lib/pubkey/ecdh/info.txt index 9277aca9b..32d944728 100644 --- a/src/lib/pubkey/ecdh/info.txt +++ b/src/lib/pubkey/ecdh/info.txt @@ -5,6 +5,5 @@ alloc asn1 ec_group ecc_key -libstate numbertheory </requires> diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index d59fc1f6b..aacf8ec32 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -12,12 +12,6 @@ #include <botan/blinding.h> #include <botan/workfactor.h> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -155,13 +149,9 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, p.bits() - 1); - blinder = Blinder(k, powermod_x_p(k), p); + blinder = Blinder(p, + [](const BigInt& k) { return k; }, + [this](const BigInt& k) { return powermod_x_p(k); }); } secure_vector<byte> diff --git a/src/lib/pubkey/elgamal/info.txt b/src/lib/pubkey/elgamal/info.txt index 4fe20e828..068949c66 100644 --- a/src/lib/pubkey/elgamal/info.txt +++ b/src/lib/pubkey/elgamal/info.txt @@ -4,6 +4,5 @@ define ELGAMAL 20131128 dl_algo dl_group keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/gost_3410/info.txt b/src/lib/pubkey/gost_3410/info.txt index 63521d3dd..611449ebc 100644 --- a/src/lib/pubkey/gost_3410/info.txt +++ b/src/lib/pubkey/gost_3410/info.txt @@ -7,7 +7,6 @@ alloc asn1 ec_group ecc_key -libstate numbertheory rng </requires> diff --git a/src/lib/pubkey/if_algo/info.txt b/src/lib/pubkey/if_algo/info.txt index e4d2dbb5e..5ceec0a89 100644 --- a/src/lib/pubkey/if_algo/info.txt +++ b/src/lib/pubkey/if_algo/info.txt @@ -5,6 +5,5 @@ load_on dep <requires> asn1 bigint -libstate numbertheory </requires> diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index 4e95c3742..3ef346c30 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -29,14 +29,12 @@ pk_utils.h alloc asn1 bigint -engine filters kdf -libstate oid_lookup pbes2 pem pk_pad rng -algo_base +base </requires> diff --git a/src/lib/pubkey/keypair/info.txt b/src/lib/pubkey/keypair/info.txt index 10fb2013b..2bc9fce29 100644 --- a/src/lib/pubkey/keypair/info.txt +++ b/src/lib/pubkey/keypair/info.txt @@ -1,5 +1,4 @@ define KEYPAIR_TESTING 20131128 <requires> -libstate </requires> diff --git a/src/lib/pubkey/nr/info.txt b/src/lib/pubkey/nr/info.txt index 8c2816fe7..78ca6ef29 100644 --- a/src/lib/pubkey/nr/info.txt +++ b/src/lib/pubkey/nr/info.txt @@ -4,6 +4,5 @@ define NYBERG_RUEPPEL 20131128 dl_algo dl_group keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 61380e68d..75264d56f 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -107,7 +107,7 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, return new Curve25519_PublicKey(alg_id, key_bits); #endif - return nullptr; + throw Decoding_Error("Unhandled PK algorithm " + alg_name); } Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, @@ -168,7 +168,7 @@ Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, return new Curve25519_PrivateKey(alg_id, key_bits, rng); #endif - return nullptr; + throw Decoding_Error("Unhandled PK algorithm " + alg_name); } } diff --git a/src/lib/pubkey/pk_utils.h b/src/lib/pubkey/pk_utils.h new file mode 100644 index 000000000..2d643d862 --- /dev/null +++ b/src/lib/pubkey/pk_utils.h @@ -0,0 +1,36 @@ +/* +* Public Key Algos Utility Header +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PK_UTILS_H__ +#define BOTAN_PK_UTILS_H__ + +#include <botan/internal/algo_registry.h> +#include <botan/pk_ops.h> +#include <botan/numthry.h> +#include <algorithm> + +namespace Botan { + +template<typename OP, typename T> +OP* make_pk_op(const typename T::Spec& spec) + { + if(auto* key = dynamic_cast<const typename T::Key_Type*>(&spec.key())) + return new T(*key, spec.padding()); + return nullptr; + } + +#define BOTAN_REGISTER_PK_OP(T, NAME, TYPE) BOTAN_REGISTER_NAMED_T(T, NAME, TYPE, (make_pk_op<T, TYPE>)) + +#define BOTAN_REGISTER_PK_ENCRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Encryption, NAME, TYPE) +#define BOTAN_REGISTER_PK_DECRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Decryption, NAME, TYPE) +#define BOTAN_REGISTER_PK_SIGNATURE_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Signature, NAME, TYPE) +#define BOTAN_REGISTER_PK_VERIFY_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Verification, NAME, TYPE) +#define BOTAN_REGISTER_PK_KEY_AGREE_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Key_Agreement, NAME, TYPE) + +} + +#endif diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index a1731c8ef..7b7b54891 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -12,7 +12,6 @@ #include <botan/oids.h> #include <botan/pem.h> #include <botan/pbes2.h> -#include <botan/libstate.h> #include <botan/scan_name.h> #include <botan/internal/pk_algs.h> @@ -44,7 +43,7 @@ secure_vector<byte> PKCS8_extract(DataSource& source, */ secure_vector<byte> PKCS8_decode( DataSource& source, - std::function<std::pair<bool,std::string> ()> get_passphrase, + std::function<std::string ()> get_passphrase, AlgorithmIdentifier& pk_alg_id) { AlgorithmIdentifier pbe_alg_id; @@ -77,49 +76,29 @@ secure_vector<byte> PKCS8_decode( throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); } - if(!is_encrypted) - key = key_data; - - const size_t MAX_TRIES = 3; - - size_t tries = 0; - while(true) + try { - try { - if(MAX_TRIES && tries >= MAX_TRIES) - break; - - if(is_encrypted) - { - std::pair<bool, std::string> pass = get_passphrase(); - - if(pass.first == false) - break; - - if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") - throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); - - key = pbes2_decrypt(key_data, pass.second, pbe_alg_id.parameters); - } - - BER_Decoder(key) - .start_cons(SEQUENCE) - .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") - .decode(pk_alg_id) - .decode(key, OCTET_STRING) - .discard_remaining() - .end_cons(); - - break; - } - catch(Decoding_Error) + if(is_encrypted) { - ++tries; + if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") + throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); + key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.parameters); } - } + else + key = key_data; - if(key.empty()) - throw Decoding_Error("PKCS #8 private key decoding failed"); + BER_Decoder(key) + .start_cons(SEQUENCE) + .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") + .decode(pk_alg_id) + .decode(key, OCTET_STRING) + .discard_remaining() + .end_cons(); + } + catch(std::exception& e) + { + throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); + } return key; } @@ -215,7 +194,7 @@ std::string PEM_encode(const Private_Key& key, */ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_pass) + std::function<std::string ()> get_pass) { AlgorithmIdentifier alg_id; secure_vector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id); @@ -233,38 +212,12 @@ Private_Key* load_key(DataSource& source, */ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_pass) + std::function<std::string ()> get_pass) { DataSource_Stream source(fsname, true); return PKCS8::load_key(source, rng, get_pass); } -namespace { - -class Single_Shot_Passphrase - { - public: - Single_Shot_Passphrase(const std::string& pass) : - passphrase(pass), first(true) {} - - std::pair<bool, std::string> operator()() - { - if(first) - { - first = false; - return std::make_pair(true, passphrase); - } - else - return std::make_pair(false, ""); - } - - private: - std::string passphrase; - bool first; - }; - -} - /* * Extract a private key and return it */ @@ -272,7 +225,7 @@ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(source, rng, Single_Shot_Passphrase(pass)); + return PKCS8::load_key(source, rng, [pass]() { return pass; }); } /* @@ -282,7 +235,7 @@ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(fsname, rng, Single_Shot_Passphrase(pass)); + return PKCS8::load_key(fsname, rng, [pass]() { return pass; }); } /* diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h index 0840f4a46..ac037407e 100644 --- a/src/lib/pubkey/pkcs8.h +++ b/src/lib/pubkey/pkcs8.h @@ -89,7 +89,7 @@ PEM_encode(const Private_Key& key, BOTAN_DLL Private_Key* load_key( DataSource& source, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_passphrase); + std::function<std::string ()> get_passphrase); /** Load a key from a data source. * @param source the data source providing the encoded key @@ -112,7 +112,7 @@ BOTAN_DLL Private_Key* load_key(DataSource& source, BOTAN_DLL Private_Key* load_key( const std::string& filename, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_passphrase); + std::function<std::string ()> get_passphrase); /** Load a key from a file. * @param filename the path to the file containing the encoded key diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index 95d61ad4c..82797094a 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -10,7 +10,7 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/internal/bit_ops.h> #if defined(BOTAN_HAS_SYSTEM_RNG) diff --git a/src/lib/pubkey/rfc6979/rfc6979.cpp b/src/lib/pubkey/rfc6979/rfc6979.cpp index 5ba2f844a..9f9bbc9c0 100644 --- a/src/lib/pubkey/rfc6979/rfc6979.cpp +++ b/src/lib/pubkey/rfc6979/rfc6979.cpp @@ -8,7 +8,7 @@ #include <botan/rfc6979.h> #include <botan/hmac_drbg.h> #include <botan/scan_name.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt index 6171642bc..264ff7c62 100644 --- a/src/lib/pubkey/rsa/info.txt +++ b/src/lib/pubkey/rsa/info.txt @@ -3,6 +3,5 @@ define RSA 20131128 <requires> if_algo keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 9393cb954..c371e20e0 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -13,12 +13,6 @@ #include <botan/reducer.h> #include <future> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -84,15 +78,11 @@ class RSA_Private_Operation m_powermod_e_n(rsa.get_e(), rsa.get_n()), m_powermod_d1_p(rsa.get_d1(), rsa.get_p()), m_powermod_d2_q(rsa.get_d2(), rsa.get_q()), - m_mod_p(rsa.get_p()) + m_mod_p(rsa.get_p()), + m_blinder(n, + [this](const BigInt& k) { return m_powermod_e_n(k); }, + [this](const BigInt& k) { return inverse_mod(k, n); }) { -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, n.bits() - 1); - m_blinder = Blinder(m_powermod_e_n(k), inverse_mod(k, n), n); } BigInt blinded_private_op(const BigInt& m) const diff --git a/src/lib/pubkey/rw/info.txt b/src/lib/pubkey/rw/info.txt index 486ede47f..7cf1d1780 100644 --- a/src/lib/pubkey/rw/info.txt +++ b/src/lib/pubkey/rw/info.txt @@ -3,6 +3,5 @@ define RW 20131128 <requires> if_algo keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/rw/rw.cpp b/src/lib/pubkey/rw/rw.cpp index 3c7a6250b..32ba398b0 100644 --- a/src/lib/pubkey/rw/rw.cpp +++ b/src/lib/pubkey/rw/rw.cpp @@ -80,7 +80,10 @@ class RW_Signature_Operation : public PK_Ops::Signature c(rw.get_c()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), - mod_p(rw.get_p()) + mod_p(rw.get_p()), + blinder(n, + [this](const BigInt& k) { return power_mod(k, e, n); }, + [this](const BigInt& k) { return inverse_mod(k, n); }) { } @@ -101,16 +104,8 @@ class RW_Signature_Operation : public PK_Ops::Signature secure_vector<byte> RW_Signature_Operation::sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) + RandomNumberGenerator&) { - rng.add_entropy(msg, msg_len); - - if(!blinder.initialized()) - { - BigInt k(rng, std::min<size_t>(160, n.bits() - 1)); - blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); - } - BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) diff --git a/src/lib/pubkey/x509_key.cpp b/src/lib/pubkey/x509_key.cpp index cd3da7a53..ccb94cea7 100644 --- a/src/lib/pubkey/x509_key.cpp +++ b/src/lib/pubkey/x509_key.cpp @@ -72,9 +72,9 @@ Public_Key* load_key(DataSource& source) return make_public_key(alg_id, key_bits); } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error("X.509 public key decoding failed"); + throw Decoding_Error("X.509 public key decoding failed: " + std::string(e.what())); } } diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp index d9a5a8d16..3e8d63f8d 100644 --- a/src/lib/rng/hmac_rng/hmac_rng.cpp +++ b/src/lib/rng/hmac_rng/hmac_rng.cpp @@ -1,12 +1,11 @@ /* * HMAC_RNG -* (C) 2008-2009,2013 Jack Lloyd +* (C) 2008-2009,2013,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/hmac_rng.h> -#include <botan/libstate.h> #include <botan/get_byte.h> #include <botan/entropy_src.h> #include <botan/internal/xor_buf.h> @@ -138,7 +137,7 @@ void HMAC_RNG::reseed(size_t poll_bits) return (bits_collected >= poll_bits); }); - global_state().poll_available_sources(accum); + EntropySource::poll_available_sources(accum); /* * It is necessary to feed forward poll data. Otherwise, a good poll diff --git a/src/lib/rng/rng.cpp b/src/lib/rng/rng.cpp index 8989c5026..a5222c51d 100644 --- a/src/lib/rng/rng.cpp +++ b/src/lib/rng/rng.cpp @@ -7,7 +7,7 @@ #include <botan/rng.h> #include <botan/hmac_rng.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/stream/info.txt b/src/lib/stream/info.txt index 15f0e91e5..8dc30936d 100644 --- a/src/lib/stream/info.txt +++ b/src/lib/stream/info.txt @@ -1,9 +1,5 @@ define STREAM_CIPHER 20131128 -<requires> -algo_base -</requires> - <header:public> stream_cipher.h </header:public> diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp deleted file mode 100644 index 72eb63b7c..000000000 --- a/src/lib/stream/stream_cipher.cpp +++ /dev/null @@ -1,24 +0,0 @@ -/* -* Stream Cipher -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/stream_cipher.h> - -namespace Botan { - -void StreamCipher::set_iv(const byte[], size_t iv_len) - { - if(iv_len) - throw Invalid_Argument("The stream cipher " + name() + - " does not support resyncronization"); - } - -bool StreamCipher::valid_iv_length(size_t iv_len) const - { - return (iv_len == 0); - } - -} diff --git a/src/lib/stream/stream_cipher.h b/src/lib/stream/stream_cipher.h index 2ca92e467..9768aea70 100644 --- a/src/lib/stream/stream_cipher.h +++ b/src/lib/stream/stream_cipher.h @@ -8,6 +8,7 @@ #ifndef BOTAN_STREAM_CIPHER_H__ #define BOTAN_STREAM_CIPHER_H__ +#include <botan/transform.h> #include <botan/sym_algo.h> #include <botan/scan_name.h> @@ -52,13 +53,17 @@ class BOTAN_DLL StreamCipher : public SymmetricAlgorithm * @param iv the initialization vector * @param iv_len the length of the IV in bytes */ - virtual void set_iv(const byte iv[], size_t iv_len); + virtual void set_iv(const byte[], size_t iv_len) + { + if(iv_len) + throw Invalid_IV_Length(name(), iv_len); + } /** * @param iv_len the length of the IV in bytes * @return if the length is valid for this algorithm */ - virtual bool valid_iv_length(size_t iv_len) const; + virtual bool valid_iv_length(size_t iv_len) const { return (iv_len == 0); } /** * Get a new object representing the same algorithm as *this diff --git a/src/lib/stream/stream_utils.h b/src/lib/stream/stream_utils.h index 7503029f6..2e8f58562 100644 --- a/src/lib/stream/stream_utils.h +++ b/src/lib/stream/stream_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_STREAM_CIPHER_UTIL_H__ -#define BOTAN_STREAM_CIPHER_UTIL_H__ +#ifndef BOTAN_STREAM_CIPHER_UTILS_H__ +#define BOTAN_STREAM_CIPHER_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> #include <botan/internal/xor_buf.h> @@ -25,9 +25,6 @@ namespace Botan { #define BOTAN_REGISTER_STREAM_CIPHER_NAMED_1LEN(type, name, def) \ BOTAN_REGISTER_NAMED_T(StreamCipher, name, type, (make_new_T_1len<type,def>)) -#define BOTAN_REGISTER_STREAM_CIPHER_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, StreamCipher, type, name, provider) - } #endif diff --git a/src/lib/tls/msg_hello_verify.cpp b/src/lib/tls/msg_hello_verify.cpp index 8f209998f..a3c439750 100644 --- a/src/lib/tls/msg_hello_verify.cpp +++ b/src/lib/tls/msg_hello_verify.cpp @@ -6,6 +6,7 @@ */ #include <botan/internal/tls_messages.h> +#include <botan/mac.h> #include <botan/lookup.h> namespace Botan { diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index 665a2ded6..c67dc7997 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -7,6 +7,7 @@ #include <botan/tls_session_manager_sql.h> #include <botan/database.h> +#include <botan/pbkdf.h> #include <botan/lookup.h> #include <botan/hex.h> #include <botan/loadstor.h> diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index b2ff2476b..31c688c51 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -6,8 +6,12 @@ */ #include <botan/tls_ciphersuite.h> -#include <botan/libstate.h> #include <botan/parsing.h> +#include <botan/internal/algo_registry.h> +#include <botan/block_cipher.h> +#include <botan/stream_cipher.h> +#include <botan/hash.h> +#include <botan/mac.h> #include <sstream> #include <stdexcept> @@ -96,14 +100,32 @@ bool Ciphersuite::ecc_ciphersuite() const return (sig_algo() == "ECDSA" || kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK"); } +namespace { + +bool have_hash(const std::string& prf) + { + if(Algo_Registry<HashFunction>::global_registry().providers_of(prf).size() > 0) + return true; + return false; + } + +bool have_cipher(const std::string& cipher) + { + if(Algo_Registry<BlockCipher>::global_registry().providers_of(cipher).size() > 0) + return true; + if(Algo_Registry<StreamCipher>::global_registry().providers_of(cipher).size() > 0) + return true; + return false; + } + +} + bool Ciphersuite::valid() const { if(!m_cipher_keylen) // uninitialized object return false; - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(!af.prototype_hash_function(prf_algo())) + if(!have_hash(prf_algo())) return false; if(mac_algo() == "AEAD") @@ -118,7 +140,7 @@ bool Ciphersuite::valid() const { auto cipher_and_mode = split_on(cipher_algo(), '/'); BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo"); - if(!af.prototype_block_cipher(cipher_and_mode[0])) + if(!have_cipher(cipher_and_mode[0])) return false; const auto mode = cipher_and_mode[1]; @@ -141,11 +163,10 @@ bool Ciphersuite::valid() const } else { - if(!af.prototype_block_cipher(cipher_algo()) && - !af.prototype_stream_cipher(cipher_algo())) + // Old non-AEAD schemes + if(!have_cipher(cipher_algo())) return false; - - if(!af.prototype_hash_function(mac_algo())) + if(!have_hash(mac_algo())) // HMAC return false; } diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 75df6332a..bdc64283c 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -10,6 +10,7 @@ #include <botan/internal/tls_messages.h> #include <botan/internal/stl_util.h> #include <iterator> +#include <sstream> namespace Botan { @@ -227,11 +228,15 @@ void Client::process_handshake_msg(const Handshake_State* active_state, client_extn.begin(), server_extn.end(), std::back_inserter(diff)); - for(auto i : diff) + if(!diff.empty()) { - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server sent extension " + std::to_string(i) + - " but we did not request it"); + // Server sent us back an extension we did not send! + + std::ostringstream msg; + msg << "Server replied with " << diff.size() << " unsupported extensions:"; + for(auto&& d : diff) + msg << " " << static_cast<int>(d); + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, msg.str()); } if(u16bit srtp = state.server_hello()->srtp_profile()) diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index abbd725f6..76766c5fc 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -7,7 +7,7 @@ #include <botan/internal/tls_handshake_hash.h> #include <botan/tls_exceptn.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/hash.h> namespace Botan { diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 883527810..f0d80556d 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -265,13 +265,9 @@ KDF* Handshake_State::protocol_specific_prf() const return get_kdf("TLS-12-PRF(" + prf_algo + ")"); } - else - { - // TLS v1.0, v1.1 and DTLS v1.0 - return get_kdf("TLS-PRF"); - } - throw Internal_Error("Unknown version code " + version().to_string()); + // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0 + return get_kdf("TLS-PRF"); } namespace { diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 56648edb3..521e7e4c1 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -14,6 +14,7 @@ #include <botan/internal/rounding.h> #include <botan/internal/xor_buf.h> #include <botan/lookup.h> +#include <botan/rng.h> namespace Botan { diff --git a/src/lib/utils/asm_x86_32/info.txt b/src/lib/utils/asm_x86_32/info.txt index d29b25fa3..6da494629 100644 --- a/src/lib/utils/asm_x86_32/info.txt +++ b/src/lib/utils/asm_x86_32/info.txt @@ -23,7 +23,3 @@ gcc clang icc </cc> - -<requires> -asm_engine -</requires> diff --git a/src/lib/utils/asm_x86_64/info.txt b/src/lib/utils/asm_x86_64/info.txt index 3173f3b14..0db499d46 100644 --- a/src/lib/utils/asm_x86_64/info.txt +++ b/src/lib/utils/asm_x86_64/info.txt @@ -21,7 +21,3 @@ netbsd openbsd solaris </os> - -<requires> -asm_engine -</requires> diff --git a/src/lib/utils/dyn_load/info.txt b/src/lib/utils/dyn_load/info.txt index c8d91dd75..3dc3c5d03 100644 --- a/src/lib/utils/dyn_load/info.txt +++ b/src/lib/utils/dyn_load/info.txt @@ -1,5 +1,7 @@ define DYNAMIC_LOADER 20131128 +load_on dep + <os> freebsd linux diff --git a/src/lib/utils/parsing.h b/src/lib/utils/parsing.h index 24d0576fd..25416d43a 100644 --- a/src/lib/utils/parsing.h +++ b/src/lib/utils/parsing.h @@ -126,6 +126,8 @@ BOTAN_DLL std::string ipv4_to_string(u32bit ip_addr); std::map<std::string, std::string> BOTAN_DLL read_cfg(std::istream& is); +std::string BOTAN_DLL clean_ws(const std::string& s); + } diff --git a/src/lib/utils/read_cfg.cpp b/src/lib/utils/read_cfg.cpp index 02708c3d6..bc895e194 100644 --- a/src/lib/utils/read_cfg.cpp +++ b/src/lib/utils/read_cfg.cpp @@ -9,8 +9,6 @@ namespace Botan { -namespace { - std::string clean_ws(const std::string& s) { const char* ws = " \t\n"; @@ -26,8 +24,6 @@ std::string clean_ws(const std::string& s) return s.substr(start, start + end + 1); } -} - std::map<std::string, std::string> read_cfg(std::istream& is) { std::map<std::string, std::string> kv; diff --git a/src/lib/simd/info.txt b/src/lib/utils/simd/info.txt index 35620c940..35620c940 100644 --- a/src/lib/simd/info.txt +++ b/src/lib/utils/simd/info.txt diff --git a/src/lib/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index 265e347a9..265e347a9 100644 --- a/src/lib/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h diff --git a/src/lib/simd/simd_altivec/info.txt b/src/lib/utils/simd/simd_altivec/info.txt index 19168a928..19168a928 100644 --- a/src/lib/simd/simd_altivec/info.txt +++ b/src/lib/utils/simd/simd_altivec/info.txt diff --git a/src/lib/simd/simd_altivec/simd_altivec.h b/src/lib/utils/simd/simd_altivec/simd_altivec.h index 32533aafb..32533aafb 100644 --- a/src/lib/simd/simd_altivec/simd_altivec.h +++ b/src/lib/utils/simd/simd_altivec/simd_altivec.h diff --git a/src/lib/simd/simd_scalar/info.txt b/src/lib/utils/simd/simd_scalar/info.txt index 26a9fbfee..26a9fbfee 100644 --- a/src/lib/simd/simd_scalar/info.txt +++ b/src/lib/utils/simd/simd_scalar/info.txt diff --git a/src/lib/simd/simd_scalar/simd_scalar.h b/src/lib/utils/simd/simd_scalar/simd_scalar.h index 379e2d6a8..379e2d6a8 100644 --- a/src/lib/simd/simd_scalar/simd_scalar.h +++ b/src/lib/utils/simd/simd_scalar/simd_scalar.h diff --git a/src/lib/simd/simd_sse2/info.txt b/src/lib/utils/simd/simd_sse2/info.txt index bd9e430cb..bd9e430cb 100644 --- a/src/lib/simd/simd_sse2/info.txt +++ b/src/lib/utils/simd/simd_sse2/info.txt diff --git a/src/lib/simd/simd_sse2/simd_sse2.h b/src/lib/utils/simd/simd_sse2/simd_sse2.h index 61989eb8e..61989eb8e 100644 --- a/src/lib/simd/simd_sse2/simd_sse2.h +++ b/src/lib/utils/simd/simd_sse2/simd_sse2.h diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/utils/sqlite3/sqlite3.h index 6c78deb42..8495a1d1b 100644 --- a/src/lib/utils/sqlite3/sqlite3.h +++ b/src/lib/utils/sqlite3/sqlite3.h @@ -6,7 +6,7 @@ */ #ifndef BOTAN_UTILS_SQLITE3_H__ -#define BOTAN_UTILS_SQLIT3_H__ +#define BOTAN_UTILS_SQLITE3_H__ #include <botan/database.h> |