diff options
| author | lloyd <[email protected]> | 2010-03-04 22:09:07 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-04 22:09:07 +0000 |
| commit | 664e00a6d51cf7d6f3fefbbb3500a113d21288ab (patch) | |
| tree | 32db25ebf468a2c75ec4578d83f8c41e0197bfaf /src/pubkey/pubkey.cpp | |
| parent | f5cfe2857acb30ece3f01fbc98a83e8b82e4907a (diff) | |
This checkin represents a pretty major change in how PK operations are
performed. Up until now, each key object (eg DSA_PublicKey or
ECDH_PrivateKey) had two jobs: contain the key material, and know how
to perform any operations on that key. However because of a desire to
support alternative implementations (GNU MP, hardware, whatever),
there was a notion of operations, with the key objects containing an
op that they got via engine rather than actually implementing the
underlying algorithms directly.
Now, represent the operation as an abstract interface (typically
mapping a byte string to a byte string), and pass a plain Public_Key&
or Private_Key& to the engine. The engine does any checks it wants (eg
based on name, typeid, key sizes, etc), and either returns nothing
(I'll pass) or a pointer to a new operation that represents signatures
or encryption or what-have-you using that key.
This means that plain key objects no longer contain operations. This
is a major break with the traditional interface. On the other hand,
using these 'bare' operations without padding, KDFs, etc is 99% of the
time a bad idea anyway (and if you really need them, there are options
so you get the bare op but via the pubkey.h interfaces).
Currently this change is only implemented for DH and ECDH (ie, key
agreement algorithms). Additionally the optional engines (gnump and
openssl) have not been updated. I'll probably wait to touch those
until after I can change them all in one go for all algos.
Diffstat (limited to 'src/pubkey/pubkey.cpp')
| -rw-r--r-- | src/pubkey/pubkey.cpp | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index feb33a361..6932caa34 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -1,6 +1,6 @@ /* * Public Key Base -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -10,6 +10,8 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> +#include <botan/libstate.h> +#include <botan/engine.h> #include <botan/internal/bit_ops.h> #include <memory> @@ -356,21 +358,34 @@ bool PK_Verifier_wo_MR::validate_signature(const MemoryRegion<byte>& msg, /* * PK_Key_Agreement Constructor */ -PK_Key_Agreement::PK_Key_Agreement(const PK_Key_Agreement_Key& k, +PK_Key_Agreement::PK_Key_Agreement(const PK_Key_Agreement_Key& key, KDF* kdf_obj) : - key(k), kdf(kdf_obj) + kdf(kdf_obj) { + Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory()); + + while(const Engine* engine = i.next()) + { + op = engine->get_key_agreement_op(key); + if(op) + break; + } + + if(op == 0) + throw Lookup_Error("PK_Key_Agreement: No working engine for " + + key.algo_name()); } SymmetricKey PK_Key_Agreement::derive_key(u32bit key_len, const byte in[], u32bit in_len, const byte params[], u32bit params_len) const { - OctetString z = key.derive_key(in, in_len); + SecureVector<byte> z = op->agree(in, in_len); + if(!kdf) return z; - return kdf->derive_key(key_len, z.bits_of(), params, params_len); + return kdf->derive_key(key_len, z, params, params_len); } } |