This checkin represents a pretty major change in how PK operations are

performed. Up until now, each key object (eg DSA_PublicKey or
ECDH_PrivateKey) had two jobs: contain the key material, and know how
to perform any operations on that key.  However because of a desire to
support alternative implementations (GNU MP, hardware, whatever),
there was a notion of operations, with the key objects containing an
op that they got via engine rather than actually implementing the
underlying algorithms directly.

Now, represent the operation as an abstract interface (typically
mapping a byte string to a byte string), and pass a plain Public_Key&
or Private_Key& to the engine. The engine does any checks it wants (eg
based on name, typeid, key sizes, etc), and either returns nothing
(I'll pass) or a pointer to a new operation that represents signatures
or encryption or what-have-you using that key.

This means that plain key objects no longer contain operations.  This
is a major break with the traditional interface. On the other hand,
using these 'bare' operations without padding, KDFs, etc is 99% of the
time a bad idea anyway (and if you really need them, there are options
so you get the bare op but via the pubkey.h interfaces).

Currently this change is only implemented for DH and ECDH (ie, key
agreement algorithms). Additionally the optional engines (gnump and
openssl) have not been updated. I'll probably wait to touch those
until after I can change them all in one go for all algos.

2 files changed, 30 insertions, 22 deletions

diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp
index 6ef3292e1..2253f84d5 100644
--- a/src/pubkey/dlies/dlies.cpp
+++ b/src/pubkey/dlies/dlies.cpp
@@ -14,16 +14,21 @@ namespace Botan {
 /*
 * DLIES_Encryptor Constructor
 */
-DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& k,
+DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key,
                                  KDF* kdf_obj,
                                  MessageAuthenticationCode* mac_obj,
                                  u32bit mac_kl) :
-   key(k), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl)
+   ka(get_pk_kas(key, "Raw")),
+   kdf(kdf_obj),
+   mac(mac_obj),
+   mac_keylen(mac_kl)
    {
+   my_key = key.public_value();
    }
 
 DLIES_Encryptor::~DLIES_Encryptor()
    {
+   delete ka;
    delete kdf;
    delete mac;
    }
@@ -39,19 +44,18 @@ SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length,
    if(other_key.empty())
       throw Invalid_State("DLIES: The other key was never set");
 
-   MemoryVector<byte> v = key.public_value();
+   SecureVector<byte> out(my_key.size() + length + mac->OUTPUT_LENGTH);
+   out.copy(my_key, my_key.size());
+   out.copy(my_key.size(), in, length);
 
-   SecureVector<byte> out(v.size() + length + mac->OUTPUT_LENGTH);
-   out.copy(v, v.size());
-   out.copy(v.size(), in, length);
-
-   SecureVector<byte> vz(v, key.derive_key(other_key, other_key.size()));
+   SecureVector<byte> vz(my_key, ka->derive_key(0, other_key).bits_of());
 
    const u32bit K_LENGTH = length + mac_keylen;
    OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size());
+
    if(K.length() != K_LENGTH)
       throw Encoding_Error("DLIES: KDF did not provide sufficient output");
-   byte* C = out + v.size();
+   byte* C = out + my_key.size();
 
    xor_buf(C, K.begin() + mac_keylen, length);
    mac->set_key(K.begin(), mac_keylen);
@@ -84,16 +88,21 @@ u32bit DLIES_Encryptor::maximum_input_size() const
 /*
 * DLIES_Decryptor Constructor
 */
-DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& k,
+DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key,
                                  KDF* kdf_obj,
                                  MessageAuthenticationCode* mac_obj,
                                  u32bit mac_kl) :
-   key(k), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl)
+   ka(get_pk_kas(key, "Raw")),
+   kdf(kdf_obj),
+   mac(mac_obj),
+   mac_keylen(mac_kl)
    {
+   my_key = key.public_value();
    }
 
 DLIES_Decryptor::~DLIES_Decryptor()
    {
+   delete ka;
    delete kdf;
    delete mac;
    }
@@ -103,18 +112,16 @@ DLIES_Decryptor::~DLIES_Decryptor()
 */
 SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const
    {
-   const u32bit public_len = key.public_value().size();
-
-   if(length < public_len + mac->OUTPUT_LENGTH)
+   if(length < my_key.size() + mac->OUTPUT_LENGTH)
       throw Decoding_Error("DLIES decryption: ciphertext is too short");
 
-   const u32bit CIPHER_LEN = length - public_len - mac->OUTPUT_LENGTH;
+   const u32bit CIPHER_LEN = length - my_key.size() - mac->OUTPUT_LENGTH;
 
-   SecureVector<byte> v(msg, public_len);
-   SecureVector<byte> C(msg + public_len, CIPHER_LEN);
-   SecureVector<byte> T(msg + public_len + CIPHER_LEN, mac->OUTPUT_LENGTH);
+   SecureVector<byte> v(msg, my_key.size());
+   SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN);
+   SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->OUTPUT_LENGTH);
 
-   SecureVector<byte> vz(v, key.derive_key(v, v.size()));
+   SecureVector<byte> vz(v, ka->derive_key(0, v).bits_of());
 
    const u32bit K_LENGTH = C.size() + mac_keylen;
    OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size());
diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h
index 88a22b9de..e8b87a091 100644
--- a/src/pubkey/dlies/dlies.h
+++ b/src/pubkey/dlies/dlies.h
@@ -33,9 +33,9 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor
                              RandomNumberGenerator&) const;
       u32bit maximum_input_size() const;
 
-      const PK_Key_Agreement_Key& key;
-      SecureVector<byte> other_key;
+      SecureVector<byte> other_key, my_key;
 
+      PK_Key_Agreement* ka;
       KDF* kdf;
       MessageAuthenticationCode* mac;
       u32bit mac_keylen;
@@ -57,8 +57,9 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor
    private:
       SecureVector<byte> dec(const byte[], u32bit) const;
 
-      const PK_Key_Agreement_Key& key;
+      SecureVector<byte> my_key;
 
+      PK_Key_Agreement* ka;
       KDF* kdf;
       MessageAuthenticationCode* mac;
       u32bit mac_keylen;