diff options
| author | lloyd <[email protected]> | 2012-05-18 20:32:36 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-05-18 20:32:36 +0000 |
| commit | c691561f3198f481c13457433efbccc1c9fcd898 (patch) | |
| tree | a45ea2c5a30e0cb009fbcb68a61ef39332ff790c /src | |
| parent | d76700f01c7ecac5633edf75f8d7408b46c5dbac (diff) | |
Fairly huge update that replaces the old secmem types with std::vector
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
Diffstat (limited to 'src')
379 files changed, 2047 insertions, 2834 deletions
diff --git a/src/algo_base/buf_comp.h b/src/algo_base/buf_comp.h index 7838571e9..87b57d252 100644 --- a/src/algo_base/buf_comp.h +++ b/src/algo_base/buf_comp.h @@ -34,9 +34,18 @@ class BOTAN_DLL Buffered_Computation /** * Add new input to process. - * @param in the input to process as a MemoryRegion + * @param in the input to process as a secure_vector */ - void update(const MemoryRegion<byte>& in) + void update(const secure_vector<byte>& in) + { + add_data(&in[0], in.size()); + } + + /** + * Add new input to process. + * @param in the input to process as a std::vector + */ + void update(const std::vector<byte>& in) { add_data(&in[0], in.size()); } @@ -82,11 +91,11 @@ class BOTAN_DLL Buffered_Computation /** * Complete the computation and retrieve the * final result. - * @return SecureVector holding the result + * @return secure_vector holding the result */ - SecureVector<byte> final() + secure_vector<byte> final() { - SecureVector<byte> output(output_length()); + secure_vector<byte> output(output_length()); final_result(&output[0]); return output; } @@ -98,7 +107,7 @@ class BOTAN_DLL Buffered_Computation * @param length the length of the byte array * @result the result of the call to final() */ - SecureVector<byte> process(const byte in[], size_t length) + secure_vector<byte> process(const byte in[], size_t length) { add_data(in, length); return final(); @@ -110,7 +119,13 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process * @result the result of the call to final() */ - SecureVector<byte> process(const MemoryRegion<byte>& in) + secure_vector<byte> process(const secure_vector<byte>& in) + { + add_data(&in[0], in.size()); + return final(); + } + + secure_vector<byte> process(const std::vector<byte>& in) { add_data(&in[0], in.size()); return final(); @@ -122,7 +137,7 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process as a string * @result the result of the call to final() */ - SecureVector<byte> process(const std::string& in) + secure_vector<byte> process(const std::string& in) { update(in); return final(); diff --git a/src/algo_base/symkey.cpp b/src/algo_base/symkey.cpp index 5509b83bc..52b216361 100644 --- a/src/algo_base/symkey.cpp +++ b/src/algo_base/symkey.cpp @@ -40,10 +40,6 @@ OctetString::OctetString(const byte in[], size_t n) bits.assign(in, in + n); } -OctetString::OctetString(const MemoryRegion<byte>& b) : bits(b) - { - } - /* * Set the parity of each key byte to odd */ @@ -116,7 +112,7 @@ bool operator!=(const OctetString& s1, const OctetString& s2) */ OctetString operator+(const OctetString& k1, const OctetString& k2) { - SecureVector<byte> out; + secure_vector<byte> out; out += k1.bits_of(); out += k2.bits_of(); return OctetString(out); @@ -127,9 +123,10 @@ OctetString operator+(const OctetString& k1, const OctetString& k2) */ OctetString operator^(const OctetString& k1, const OctetString& k2) { - SecureVector<byte> ret(std::max(k1.length(), k2.length())); + secure_vector<byte> ret(std::max(k1.length(), k2.length())); + copy_mem(&ret[0], k1.begin(), k1.length()); - xor_buf(ret, k2.begin(), k2.length()); + xor_buf(&ret[0], k2.begin(), k2.length()); return OctetString(ret); } diff --git a/src/algo_base/symkey.h b/src/algo_base/symkey.h index 2ccc0b883..b47da8a69 100644 --- a/src/algo_base/symkey.h +++ b/src/algo_base/symkey.h @@ -25,9 +25,9 @@ class BOTAN_DLL OctetString size_t length() const { return bits.size(); } /** - * @return this object as a SecureVector<byte> + * @return this object as a secure_vector<byte> */ - SecureVector<byte> bits_of() const { return bits; } + secure_vector<byte> bits_of() const { return bits; } /** * @return start of this string @@ -80,9 +80,15 @@ class BOTAN_DLL OctetString * Create a new OctetString * @param in a bytestring */ - OctetString(const MemoryRegion<byte>& in); + OctetString(const secure_vector<byte>& in) : bits(in) {} + + /** + * Create a new OctetString + * @param in a bytestring + */ + OctetString(const std::vector<byte>& in) : bits(&in[0], &in[in.size()]) {} private: - SecureVector<byte> bits; + secure_vector<byte> bits; }; /** diff --git a/src/alloc/alloc_mmap/info.txt b/src/alloc/alloc_mmap/info.txt deleted file mode 100644 index 562277a37..000000000 --- a/src/alloc/alloc_mmap/info.txt +++ /dev/null @@ -1,28 +0,0 @@ -define ALLOC_MMAP - -<source> -mmap_mem.cpp -</source> - -<header:internal> -mmap_mem.h -</header:internal> - -<os> -linux -freebsd -dragonfly -openbsd -netbsd -solaris -qnx -darwin -tru64 - -# Only without -ansi, otherwise can't get mkstemp -#cygwin -</os> - -<requires> -mem_pool -</requires> diff --git a/src/alloc/alloc_mmap/mmap_mem.cpp b/src/alloc/alloc_mmap/mmap_mem.cpp deleted file mode 100644 index b90b6d5f7..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.cpp +++ /dev/null @@ -1,145 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/mmap_mem.h> -#include <vector> -#include <cstring> - -#include <sys/types.h> -#include <sys/mman.h> -#include <sys/stat.h> -#include <unistd.h> -#include <stdlib.h> -#include <fcntl.h> -#include <errno.h> - -#ifndef MAP_FAILED - #define MAP_FAILED -1 -#endif - -namespace Botan { - -namespace { - -/* -* MemoryMapping_Allocator Exception -*/ -class BOTAN_DLL MemoryMapping_Failed : public Exception - { - public: - MemoryMapping_Failed(const std::string& msg) : - Exception("MemoryMapping_Allocator: " + msg) {} - }; - -} - -/* -* Memory Map a File into Memory -*/ -void* MemoryMapping_Allocator::alloc_block(size_t n) - { - class TemporaryFile - { - public: - int get_fd() const { return fd; } - - TemporaryFile(const std::string& base) - { - const std::string mkstemp_template = base + "XXXXXX"; - - std::vector<char> filepath(mkstemp_template.begin(), - mkstemp_template.end()); - filepath.push_back(0); // add terminating NULL - - mode_t old_umask = ::umask(077); - fd = ::mkstemp(&filepath[0]); - ::umask(old_umask); - - if(fd == -1) - throw MemoryMapping_Failed("Temporary file allocation failed"); - - if(::unlink(&filepath[0]) != 0) - throw MemoryMapping_Failed("Could not unlink temporary file"); - } - - ~TemporaryFile() - { - /* - * We can safely close here, because post-mmap the file - * will continue to exist until the mmap is unmapped from - * our address space upon deallocation (or process exit). - */ - if(fd != -1 && ::close(fd) == -1) - throw MemoryMapping_Failed("Could not close file"); - } - private: - int fd; - }; - - TemporaryFile file("/tmp/botan_"); - - if(file.get_fd() == -1) - throw MemoryMapping_Failed("Could not create file"); - - std::vector<byte> zeros(4096); - - size_t remaining = n; - - while(remaining) - { - const size_t write_try = std::min(zeros.size(), remaining); - - ssize_t wrote_got = ::write(file.get_fd(), - &zeros[0], - write_try); - - if(wrote_got == -1 && errno != EINTR) - throw MemoryMapping_Failed("Could not write to file"); - - remaining -= wrote_got; - } - -#ifndef MAP_NOSYNC - #define MAP_NOSYNC 0 -#endif - - void* ptr = ::mmap(0, n, - PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_NOSYNC, - file.get_fd(), 0); - - if(ptr == static_cast<void*>(MAP_FAILED)) - throw MemoryMapping_Failed("Could not map file"); - - return ptr; - } - -/* -* Remove a Memory Mapping -*/ -void MemoryMapping_Allocator::dealloc_block(void* ptr, size_t n) - { - if(ptr == nullptr) - return; - - const byte PATTERNS[] = { 0x00, 0xF5, 0x5A, 0xAF, 0x00 }; - - // The char* casts are for Solaris, args are void* on most other systems - - for(size_t i = 0; i != sizeof(PATTERNS); ++i) - { - std::memset(ptr, PATTERNS[i], n); - - if(::msync(static_cast<char*>(ptr), n, MS_SYNC)) - throw MemoryMapping_Failed("Sync operation failed"); - } - - if(::munmap(static_cast<char*>(ptr), n)) - throw MemoryMapping_Failed("Could not unmap file"); - } - -} diff --git a/src/alloc/alloc_mmap/mmap_mem.h b/src/alloc/alloc_mmap/mmap_mem.h deleted file mode 100644 index c9983ed23..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_MMAP_ALLOCATOR_H__ -#define BOTAN_MMAP_ALLOCATOR_H__ - -#include <botan/internal/mem_pool.h> - -namespace Botan { - -/** -* Allocator that uses memory maps backed by disk. We zeroize the map -* upon deallocation. If swap occurs, the VM will swap to the shared -* file backing rather than to a swap device, which means we know where -* it is and can zap it later. -*/ -class MemoryMapping_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "mmap"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/allocate.h b/src/alloc/allocate.h deleted file mode 100644 index b8574be1e..000000000 --- a/src/alloc/allocate.h +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ALLOCATOR_H__ -#define BOTAN_ALLOCATOR_H__ - -#include <botan/types.h> -#include <string> - -namespace Botan { - -/** -* Allocator Interface -*/ -class BOTAN_DLL Allocator - { - public: - /** - * Acquire a pointer to an allocator - * @param locking is true if the allocator should attempt to - * secure the memory (eg for using to store keys) - * @return pointer to an allocator; ownership remains with library, - * so do not delete - */ - static Allocator* get(bool locking); - - /** - * Allocate a block of memory - * @param n how many bytes to allocate - * @return pointer to n bytes of memory - */ - virtual void* allocate(size_t n) = 0; - - /** - * Deallocate memory allocated with allocate() - * @param ptr the pointer returned by allocate() - * @param n the size of the block pointed to by ptr - */ - virtual void deallocate(void* ptr, size_t n) = 0; - - /** - * @return name of this allocator type - */ - virtual std::string type() const = 0; - - /** - * Initialize the allocator - */ - virtual void init() {} - - /** - * Shutdown the allocator - */ - virtual void destroy() {} - - virtual ~Allocator() {} - }; - -} - -#endif diff --git a/src/alloc/info.txt b/src/alloc/info.txt index 40e7bacdf..0ab7fa768 100644 --- a/src/alloc/info.txt +++ b/src/alloc/info.txt @@ -1,4 +1,3 @@ <header:public> -allocate.h secmem.h </header:public> diff --git a/src/alloc/mem_pool/info.txt b/src/alloc/mem_pool/info.txt deleted file mode 100644 index f87ea4c4c..000000000 --- a/src/alloc/mem_pool/info.txt +++ /dev/null @@ -1,8 +0,0 @@ - -<source> -mem_pool.cpp -</source> - -<header:internal> -mem_pool.h -</header:internal> diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp deleted file mode 100644 index 770622149..000000000 --- a/src/alloc/mem_pool/mem_pool.cpp +++ /dev/null @@ -1,251 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2008 Jack Lloyd -* 2005 Matthew Gregan -* 2005-2006 Matt Johnston -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/mem_pool.h> -#include <botan/internal/rounding.h> -#include <botan/mem_ops.h> -#include <algorithm> -#include <exception> - -namespace Botan { - -/* -* Memory_Block Constructor -*/ -Pooling_Allocator::Memory_Block::Memory_Block(void* buf) - { - buffer = static_cast<byte*>(buf); - bitmap = 0; - buffer_end = buffer + (BLOCK_SIZE * BITMAP_SIZE); - } - -/* -* See if ptr is contained by this block -*/ -bool Pooling_Allocator::Memory_Block::contains(void* ptr, - size_t length) const - { - return ((buffer <= ptr) && - (buffer_end >= static_cast<byte*>(ptr) + length * BLOCK_SIZE)); - } - -/* -* Allocate some memory, if possible -*/ -byte* Pooling_Allocator::Memory_Block::alloc(size_t n) - { - if(n == 0 || n > BITMAP_SIZE) - return 0; - - if(n == BITMAP_SIZE) - { - if(bitmap) - return nullptr; - else - { - bitmap = ~bitmap; - return buffer; - } - } - - bitmap_type mask = (static_cast<bitmap_type>(1) << n) - 1; - size_t offset = 0; - - while(bitmap & mask) - { - mask <<= 1; - ++offset; - - if((bitmap & mask) == 0) - break; - if(mask >> 63) - break; - } - - if(bitmap & mask) - return nullptr; - - bitmap |= mask; - return buffer + offset * BLOCK_SIZE; - } - -/* -* Mark this memory as free, if we own it -*/ -void Pooling_Allocator::Memory_Block::free(void* ptr, size_t blocks) - { - clear_mem(static_cast<byte*>(ptr), blocks * BLOCK_SIZE); - - const size_t offset = (static_cast<byte*>(ptr) - buffer) / BLOCK_SIZE; - - if(offset == 0 && blocks == BITMAP_SIZE) - bitmap = ~bitmap; - else - { - for(size_t j = 0; j != blocks; ++j) - bitmap &= ~(static_cast<bitmap_type>(1) << (j+offset)); - } - } - -/* -* Pooling_Allocator Constructor -*/ -Pooling_Allocator::Pooling_Allocator() - { - last_used = blocks.begin(); - } - -/* -* Pooling_Allocator Destructor -*/ -Pooling_Allocator::~Pooling_Allocator() - { - if(blocks.size()) - throw Invalid_State("Pooling_Allocator: Never released memory"); - } - -/* -* Free all remaining memory -*/ -void Pooling_Allocator::destroy() - { - std::lock_guard<std::mutex> lock(mutex); - - blocks.clear(); - - for(size_t j = 0; j != allocated.size(); ++j) - dealloc_block(allocated[j].first, allocated[j].second); - allocated.clear(); - } - -/* -* Allocation -*/ -void* Pooling_Allocator::allocate(size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - std::lock_guard<std::mutex> lock(mutex); - - if(n <= BITMAP_SIZE * BLOCK_SIZE) - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - byte* mem = allocate_blocks(block_no); - if(mem) - return mem; - - get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE); - - mem = allocate_blocks(block_no); - if(mem) - return mem; - - throw Memory_Exhaustion(); - } - - void* new_buf = alloc_block(n); - if(new_buf) - return new_buf; - - throw Memory_Exhaustion(); - } - -/* -* Deallocation -*/ -void Pooling_Allocator::deallocate(void* ptr, size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - if(ptr == nullptr && n == 0) - return; - - std::lock_guard<std::mutex> lock(mutex); - - if(n > BITMAP_SIZE * BLOCK_SIZE) - dealloc_block(ptr, n); - else - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - auto i = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - - if(i == blocks.end() || !i->contains(ptr, block_no)) - throw Invalid_State("Pointer released to the wrong allocator"); - - i->free(ptr, block_no); - } - } - -/* -* Try to get some memory from an existing block -*/ -byte* Pooling_Allocator::allocate_blocks(size_t n) - { - if(blocks.empty()) - return nullptr; - - auto i = last_used; - - do - { - byte* mem = i->alloc(n); - if(mem) - { - last_used = i; - return mem; - } - - ++i; - if(i == blocks.end()) - i = blocks.begin(); - } - while(i != last_used); - - return nullptr; - } - -/* -* Allocate more memory for the pool -*/ -void Pooling_Allocator::get_more_core(size_t in_bytes) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - const size_t TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE; - - // upper bound on allocation is 1 MiB - in_bytes = std::min<size_t>(in_bytes, 1024 * 1024); - - const size_t in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE; - const size_t to_allocate = in_blocks * TOTAL_BLOCK_SIZE; - - void* ptr = alloc_block(to_allocate); - if(ptr == nullptr) - throw Memory_Exhaustion(); - - allocated.push_back(std::make_pair(ptr, to_allocate)); - - for(size_t j = 0; j != in_blocks; ++j) - { - byte* byte_ptr = static_cast<byte*>(ptr); - blocks.push_back(Memory_Block(byte_ptr + j * TOTAL_BLOCK_SIZE)); - } - - std::sort(blocks.begin(), blocks.end()); - last_used = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - } - -} diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h deleted file mode 100644 index f2225e573..000000000 --- a/src/alloc/mem_pool/mem_pool.h +++ /dev/null @@ -1,74 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_POOLING_ALLOCATOR_H__ -#define BOTAN_POOLING_ALLOCATOR_H__ - -#include <botan/allocate.h> -#include <botan/exceptn.h> -#include <mutex> -#include <utility> -#include <vector> - -namespace Botan { - -/** -* Pooling Allocator -*/ -class Pooling_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - void destroy(); - - Pooling_Allocator(); - ~Pooling_Allocator(); - private: - void get_more_core(size_t); - byte* allocate_blocks(size_t); - - virtual void* alloc_block(size_t) = 0; - virtual void dealloc_block(void*, size_t) = 0; - - class Memory_Block - { - public: - Memory_Block(void*); - - static size_t bitmap_size() { return BITMAP_SIZE; } - static size_t block_size() { return BLOCK_SIZE; } - - bool contains(void*, size_t) const; - byte* alloc(size_t); - void free(void*, size_t); - - bool operator<(const Memory_Block& other) const - { - if(buffer < other.buffer && other.buffer < buffer_end) - return false; - return (buffer < other.buffer); - } - private: - typedef u64bit bitmap_type; - static const size_t BITMAP_SIZE = 8 * sizeof(bitmap_type); - static const size_t BLOCK_SIZE = 64; - - bitmap_type bitmap; - byte* buffer, *buffer_end; - }; - - std::vector<Memory_Block> blocks; - std::vector<Memory_Block>::iterator last_used; - std::vector<std::pair<void*, size_t> > allocated; - std::mutex mutex; - }; - -} - -#endif diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index e6b2b71ec..7c27c8d3b 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -1,6 +1,6 @@ /* * Secure Memory Buffers -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -8,362 +8,87 @@ #ifndef BOTAN_SECURE_MEMORY_BUFFERS_H__ #define BOTAN_SECURE_MEMORY_BUFFERS_H__ -#include <botan/allocate.h> #include <botan/mem_ops.h> #include <algorithm> +extern void note_alloc(int n); + namespace Botan { -/** -* This class represents variable length memory buffers. -*/ template<typename T> -class MemoryRegion +class secure_allocator { public: - /** - * Find out the size of the buffer, i.e. how many objects of type T it - * contains. - * @return size of the buffer - */ - size_t size() const { return used; } - - /** - * Find out whether this buffer is empty. - * @return true if the buffer is empty, false otherwise - */ - bool empty() const { return (used == 0); } - - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - operator T* () { return buf; } + typedef T value_type; - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - operator const T* () const { return buf; } + typedef T* pointer; + typedef const T* const_pointer; - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - T* begin() { return buf; } - - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - const T* begin() const { return buf; } - - /** - * Get a pointer to one past the last element in the buffer. - * @return pointer to one past the last element in the buffer - */ - T* end() { return (buf + size()); } - - /** - * Get a const pointer to one past the last element in the buffer. - * @return const pointer to one past the last element in the buffer - */ - const T* end() const { return (buf + size()); } - - /** - * Check two buffers for equality. - * @return true iff the content of both buffers is byte-wise equal - */ - bool operator==(const MemoryRegion<T>& other) const - { - return (size() == other.size() && - same_mem(buf, other.buf, size())); - } + typedef T& reference; + typedef const T& const_reference; - /** - * Compare two buffers - * @return true iff this is ordered before other - */ - bool operator<(const MemoryRegion<T>& other) const; + typedef std::size_t size_type; + typedef std::ptrdiff_t difference_type; - /** - * Check two buffers for inequality. - * @return false if the content of both buffers is byte-wise equal, true - * otherwise. - */ - bool operator!=(const MemoryRegion<T>& other) const - { return (!(*this == other)); } + secure_allocator() noexcept {} - /** - * Copy the contents of another buffer into this buffer. - * The former contents of *this are discarded. - * @param other the buffer to copy the contents from. - * @return reference to *this - */ - MemoryRegion<T>& operator=(const MemoryRegion<T>& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } + ~secure_allocator() noexcept {} - /** - * Copy the contents of an array of objects of type T into this buffer. - * The former contents of *this are discarded. - * The length of *this must be at least n, otherwise memory errors occur. - * @param in the array to copy the contents from - * @param n the length of in - */ + pointer address(reference x) const noexcept + { return std::addressof(x); } - void copy(const T in[], size_t n) - { - copy_mem(buf, in, std::min(n, size())); - } + const_pointer address(const_reference x) const noexcept + { return std::addressof(x); } - void assign(const T* start, const T* end) + pointer allocate(size_type n, const void* = 0) { - resize(end - start); - copy_mem(buf, start, (end - start)); + pointer p = new T[n]; + clear_mem(p, n); + note_alloc(sizeof(T)*n); + return p; } - /** - * Append a single element. - * @param x the element to append - */ - void push_back(T x) + void deallocate(pointer p, size_type n) { - resize(size() + 1); - buf[size()-1] = x; + clear_mem(p, n); + delete [] p; + note_alloc(-(int(n)*sizeof(T))); } - /** - * Reset this buffer to an empty buffer with size zero. - */ - void clear() { resize(0); } - - /** - * Inserts or erases elements at the end such that the size - * becomes n, leaving elements in the range 0...n unmodified if - * set or otherwise zero-initialized - * @param n length of the new buffer - */ - void resize(size_t n); - - /** - * Swap this buffer with another object. - */ - void swap(MemoryRegion<T>& other); - - virtual ~MemoryRegion() { deallocate(buf, allocated); } - protected: - MemoryRegion() : buf(0), used(0), allocated(0), alloc(0) {} - - /** - * Copy constructor - * @param other the other region to copy - */ - MemoryRegion(const MemoryRegion<T>& other) : - buf(0), - used(0), - allocated(0), - alloc(other.alloc) + size_type max_size() const noexcept { - resize(other.size()); - copy(&other[0], other.size()); + return static_cast<size_type>(-1) / sizeof(T); } - /** - * @param locking should we use a locking allocator - * @param length the initial length to use - */ - void init(bool locking, size_t length = 0) - { alloc = Allocator::get(locking); resize(length); } - - private: - T* allocate(size_t n) - { - return static_cast<T*>(alloc->allocate(sizeof(T)*n)); - } + template<typename U, typename... Args> + void + construct(U* p, Args&&... args) + { ::new((void *)p) U(std::forward<Args>(args)...); } - void deallocate(T* p, size_t n) - { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); } + template<typename U> void destroy(U* p) { p->~U(); } - T* buf; - size_t used; - size_t allocated; - Allocator* alloc; }; -/* -* Change the size of the buffer -*/ -template<typename T> -void MemoryRegion<T>::resize(size_t n) - { - if(n <= allocated) - { - size_t zap = std::min(used, n); - clear_mem(buf + zap, allocated - zap); - used = n; - } - else - { - T* new_buf = allocate(n); - copy_mem(new_buf, buf, used); - deallocate(buf, allocated); - buf = new_buf; - allocated = used = n; - } - } - -/* -* Compare this buffer with another one -*/ -template<typename T> -bool MemoryRegion<T>::operator<(const MemoryRegion<T>& other) const - { - const size_t min_size = std::min(size(), other.size()); +template<typename T> inline bool +operator==(const secure_allocator<T>&, const secure_allocator<T>&) + { return true; } - // This should probably be rewritten to run in constant time - for(size_t i = 0; i != min_size; ++i) - { - if(buf[i] < other[i]) - return true; - if(buf[i] > other[i]) - return false; - } +template<typename T> inline bool +operator!=(const secure_allocator<T>&, const secure_allocator<T>&) + { return false; } - // First min_size bytes are equal, shorter is first - return (size() < other.size()); - } +template<typename T> using secure_vector = std::vector<T, secure_allocator<T>>; -/* -* Swap this buffer with another one -*/ template<typename T> -void MemoryRegion<T>::swap(MemoryRegion<T>& x) +std::vector<T> unlock(const secure_vector<T>& in) { - std::swap(buf, x.buf); - std::swap(used, x.used); - std::swap(allocated, x.allocated); - std::swap(alloc, x.alloc); + std::vector<T> out(in.size()); + copy_mem(&out[0], &in[0], in.size()); + return out; } -/** -* This class represents variable length buffers that do not -* make use of memory locking. -*/ -template<typename T> -class MemoryVector : public MemoryRegion<T> - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param in the buffer to copy the contents from - * @return reference to *this - */ - MemoryVector<T>& operator=(const MemoryRegion<T>& in) - { - if(this != &in) - { - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - MemoryVector(size_t n = 0) { this->init(false, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the arry in - */ - MemoryVector(const T in[], size_t n) - { - this->init(false); - this->resize(n); - this->copy(in, n); - } - - /** - * Copy constructor. - */ - MemoryVector(const MemoryRegion<T>& in) - { - this->init(false); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -/** -* This class represents variable length buffers using the operating -* systems capability to lock memory, i.e. keeping it from being -* swapped out to disk. In this way, a security hole allowing attackers -* to find swapped out secret keys is closed. -*/ -template<typename T> -class SecureVector : public MemoryRegion<T> - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param other the buffer to copy the contents from - * @return reference to *this - */ - SecureVector<T>& operator=(const MemoryRegion<T>& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - SecureVector(size_t n = 0) { this->init(true, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the array in - */ - SecureVector(const T in[], size_t n) - { - this->init(true); - this->resize(n); - this->copy(&in[0], n); - } - - /** - * Create a buffer with contents specified contents. - * @param in the buffer holding the contents that will be - * copied into the newly created buffer. - */ - SecureVector(const MemoryRegion<T>& in) - { - this->init(true); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -template<typename T> -size_t buffer_insert(MemoryRegion<T>& buf, +template<typename T, typename Alloc> +size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, const T input[], size_t input_length) @@ -373,19 +98,20 @@ size_t buffer_insert(MemoryRegion<T>& buf, return to_copy; } -template<typename T> -size_t buffer_insert(MemoryRegion<T>& buf, +template<typename T, typename Alloc, typename Alloc2> +size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, - const MemoryRegion<T>& input) + const std::vector<T, Alloc2>& input) { const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); copy_mem(&buf[buf_offset], &input[0], to_copy); return to_copy; } -template<typename T> -MemoryRegion<T>& operator+=(MemoryRegion<T>& out, - const MemoryRegion<T>& in) +template<typename T, typename Alloc, typename Alloc2> +std::vector<T, Alloc>& +operator+=(std::vector<T, Alloc>& out, + const std::vector<T, Alloc2>& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.size()); @@ -393,17 +119,16 @@ MemoryRegion<T>& operator+=(MemoryRegion<T>& out, return out; } -template<typename T> -MemoryRegion<T>& operator+=(MemoryRegion<T>& out, - T in) +template<typename T, typename Alloc> +std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, T in) { out.push_back(in); return out; } -template<typename T, typename L> -MemoryRegion<T>& operator+=(MemoryRegion<T>& out, - const std::pair<const T*, L>& in) +template<typename T, typename Alloc, typename L> +std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, + const std::pair<const T*, L>& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -411,9 +136,9 @@ MemoryRegion<T>& operator+=(MemoryRegion<T>& out, return out; } -template<typename T, typename L> -MemoryRegion<T>& operator+=(MemoryRegion<T>& out, - const std::pair<T*, L>& in) +template<typename T, typename Alloc, typename L> +std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, + const std::pair<T*, L>& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -425,22 +150,12 @@ MemoryRegion<T>& operator+=(MemoryRegion<T>& out, * Zeroise the values; length remains unchanged * @param vec the vector to zeroise */ -template<typename T> -void zeroise(MemoryRegion<T>& vec) +template<typename T, typename Alloc> +void zeroise(std::vector<T, Alloc>& vec) { clear_mem(&vec[0], vec.size()); } } -namespace std { - -template<typename T> -inline void swap(Botan::MemoryRegion<T>& x, Botan::MemoryRegion<T>& y) - { - x.swap(y); - } - -} - #endif diff --git a/src/alloc/system_alloc/defalloc.cpp b/src/alloc/system_alloc/defalloc.cpp deleted file mode 100644 index 8e178bb14..000000000 --- a/src/alloc/system_alloc/defalloc.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/defalloc.h> -#include <botan/internal/mlock.h> -#include <botan/libstate.h> -#include <cstdlib> -#include <cstring> - -namespace Botan { - -namespace { - -/* -* Perform Memory Allocation -*/ -void* do_malloc(size_t n, bool do_lock) - { - void* ptr = std::malloc(n); - - if(!ptr) - return 0; - - if(do_lock) - lock_mem(ptr, n); - - std::memset(ptr, 0, n); - return ptr; - } - -/* -* Perform Memory Deallocation -*/ -void do_free(void* ptr, size_t n, bool do_lock) - { - if(!ptr) - return; - - std::memset(ptr, 0, n); - if(do_lock) - unlock_mem(ptr, n); - - std::free(ptr); - } - -} - -/* -* Malloc_Allocator's Allocation -*/ -void* Malloc_Allocator::allocate(size_t n) - { - void* ptr = do_malloc(n, false); - if(!ptr) - throw Memory_Exhaustion(); - return ptr; - } - -/* -* Malloc_Allocator's Deallocation -*/ -void Malloc_Allocator::deallocate(void* ptr, size_t n) - { - do_free(ptr, n, false); - } - -/* -* Locking_Allocator's Allocation -*/ -void* Locking_Allocator::alloc_block(size_t n) - { - return do_malloc(n, true); - } - -/* -* Locking_Allocator's Deallocation -*/ -void Locking_Allocator::dealloc_block(void* ptr, size_t n) - { - do_free(ptr, n, true); - } - -/* -* Get an allocator -*/ -Allocator* Allocator::get(bool locking) - { - std::string type = ""; - if(!locking) - type = "malloc"; - - Allocator* alloc = global_state().get_allocator(type); - if(alloc) - return alloc; - - throw Internal_Error("Couldn't find an allocator to use in get_allocator"); - } - -} diff --git a/src/alloc/system_alloc/defalloc.h b/src/alloc/system_alloc/defalloc.h deleted file mode 100644 index c4b90d081..000000000 --- a/src/alloc/system_alloc/defalloc.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_BASIC_ALLOC_H__ -#define BOTAN_BASIC_ALLOC_H__ - -#include <botan/internal/mem_pool.h> - -namespace Botan { - -/** -* Allocator using malloc -*/ -class Malloc_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - std::string type() const { return "malloc"; } - }; - -/** -* Allocator using malloc plus locking -*/ -class Locking_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "locking"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/system_alloc/info.txt b/src/alloc/system_alloc/info.txt deleted file mode 100644 index 87de0cb67..000000000 --- a/src/alloc/system_alloc/info.txt +++ /dev/null @@ -1,13 +0,0 @@ - -<source> -defalloc.cpp -</source> - -<header:internal> -defalloc.h -</header:internal> - -<requires> -libstate -mem_pool -</requires> diff --git a/src/asn1/alg_id.cpp b/src/asn1/alg_id.cpp index 665e42fb3..c4c6b6e24 100644 --- a/src/asn1/alg_id.cpp +++ b/src/asn1/alg_id.cpp @@ -16,7 +16,7 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const MemoryRegion<byte>& param) + const std::vector<byte>& param) { oid = alg_id; parameters = param; @@ -26,7 +26,7 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const MemoryRegion<byte>& param) + const std::vector<byte>& param) { oid = OIDS::lookup(alg_id); parameters = param; diff --git a/src/asn1/alg_id.h b/src/asn1/alg_id.h index 417a71b30..1ec6b62d3 100644 --- a/src/asn1/alg_id.h +++ b/src/asn1/alg_id.h @@ -29,11 +29,11 @@ class BOTAN_DLL AlgorithmIdentifier : public ASN1_Object AlgorithmIdentifier(const OID&, Encoding_Option); AlgorithmIdentifier(const std::string&, Encoding_Option); - AlgorithmIdentifier(const OID&, const MemoryRegion<byte>&); - AlgorithmIdentifier(const std::string&, const MemoryRegion<byte>&); + AlgorithmIdentifier(const OID&, const std::vector<byte>&); + AlgorithmIdentifier(const std::string&, const std::vector<byte>&); OID oid; - SecureVector<byte> parameters; + std::vector<byte> parameters; }; /* diff --git a/src/asn1/asn1_att.cpp b/src/asn1/asn1_att.cpp index c8d771e25..c0adae643 100644 --- a/src/asn1/asn1_att.cpp +++ b/src/asn1/asn1_att.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const MemoryRegion<byte>& attr_value) +Attribute::Attribute(const OID& attr_oid, const std::vector<byte>& attr_value) { oid = attr_oid; parameters = attr_value; @@ -25,7 +25,7 @@ Attribute::Attribute(const OID& attr_oid, const MemoryRegion<byte>& attr_value) * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const MemoryRegion<byte>& attr_value) + const std::vector<byte>& attr_value) { oid = OIDS::lookup(attr_oid); parameters = attr_value; diff --git a/src/asn1/asn1_int.cpp b/src/asn1/asn1_int.cpp index bb4a3ecf7..ff8eba54e 100644 --- a/src/asn1/asn1_int.cpp +++ b/src/asn1/asn1_int.cpp @@ -31,13 +31,13 @@ namespace ASN1 { /* * Put some arbitrary bytes into a SEQUENCE */ -SecureVector<byte> put_in_sequence(const MemoryRegion<byte>& contents) +std::vector<byte> put_in_sequence(const std::vector<byte>& contents) { return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(contents) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/asn1/asn1_int.h b/src/asn1/asn1_int.h index 25b3cf100..37edc4e3c 100644 --- a/src/asn1/asn1_int.h +++ b/src/asn1/asn1_int.h @@ -80,7 +80,7 @@ class BOTAN_DLL BER_Object void assert_is_a(ASN1_Tag, ASN1_Tag); ASN1_Tag type_tag, class_tag; - SecureVector<byte> value; + secure_vector<byte> value; }; /* @@ -90,7 +90,7 @@ class DataSource; namespace ASN1 { -SecureVector<byte> put_in_sequence(const MemoryRegion<byte>& val); +std::vector<byte> put_in_sequence(const std::vector<byte>& val); std::string to_string(const BER_Object& obj); /** diff --git a/src/asn1/asn1_obj.h b/src/asn1/asn1_obj.h index 3cd8422e6..cee5a18ed 100644 --- a/src/asn1/asn1_obj.h +++ b/src/asn1/asn1_obj.h @@ -29,11 +29,11 @@ class BOTAN_DLL Attribute : public ASN1_Object void decode_from(class BER_Decoder& from); OID oid; - MemoryVector<byte> parameters; + std::vector<byte> parameters; Attribute() {} - Attribute(const OID&, const MemoryRegion<byte>&); - Attribute(const std::string&, const MemoryRegion<byte>&); + Attribute(const OID&, const std::vector<byte>&); + Attribute(const std::string&, const std::vector<byte>&); }; /** diff --git a/src/asn1/asn1_oid.cpp b/src/asn1/asn1_oid.cpp index 750eb90f7..009b1c2fc 100644 --- a/src/asn1/asn1_oid.cpp +++ b/src/asn1/asn1_oid.cpp @@ -129,7 +129,7 @@ void OID::encode_into(DER_Encoder& der) const if(id.size() < 2) throw Invalid_Argument("OID::encode_into: OID is invalid"); - MemoryVector<byte> encoding; + std::vector<byte> encoding; encoding.push_back(40 * id[0] + id[1]); for(size_t i = 2; i != id.size(); ++i) diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 3754bb158..ea0a380d4 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -99,7 +99,7 @@ size_t decode_length(DataSource* ber) */ size_t find_eoc(DataSource* ber) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE), data; + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE), data; while(true) { @@ -171,7 +171,16 @@ BER_Decoder& BER_Decoder::verify_end() /* * Save all the bytes remaining in the source */ -BER_Decoder& BER_Decoder::raw_bytes(MemoryRegion<byte>& out) +BER_Decoder& BER_Decoder::raw_bytes(secure_vector<byte>& out) + { + out.clear(); + byte buf; + while(source->read_byte(buf)) + out.push_back(buf); + return (*this); + } + +BER_Decoder& BER_Decoder::raw_bytes(std::vector<byte>& out) { out.clear(); byte buf; @@ -212,7 +221,10 @@ BER_Object BER_Decoder::get_next_object() size_t length = decode_length(source); next.value.resize(length); if(source->read(&next.value[0], length) != length) + { + abort(); throw BER_Decoding_Error("Value truncated"); + } if(next.type_tag == EOC && next.class_tag == UNIVERSAL) return get_next_object(); @@ -281,7 +293,7 @@ BER_Decoder::BER_Decoder(const byte data[], size_t length) /* * BER_Decoder Constructor */ -BER_Decoder::BER_Decoder(const MemoryRegion<byte>& data) +BER_Decoder::BER_Decoder(const secure_vector<byte>& data) { source = new DataSource_Memory(data); owns = true; @@ -290,6 +302,17 @@ BER_Decoder::BER_Decoder(const MemoryRegion<byte>& data) } /* +* BER_Decoder Constructor +*/ +BER_Decoder::BER_Decoder(const std::vector<byte>& data) + { + source = new DataSource_Memory(&data[0], data.size()); + owns = true; + pushed.type_tag = pushed.class_tag = NO_OBJECT; + parent = 0; + } + +/* * BER_Decoder Copy Constructor */ BER_Decoder::BER_Decoder(const BER_Decoder& other) @@ -362,7 +385,7 @@ BER_Decoder& BER_Decoder::decode(BigInt& out) BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) { - SecureVector<byte> out_vec; + secure_vector<byte> out_vec; decode(out_vec, OCTET_STRING); out = BigInt::decode(&out_vec[0], out_vec.size()); return (*this); @@ -462,7 +485,15 @@ BER_Decoder& BER_Decoder::decode(BigInt& out, /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& out, ASN1_Tag real_type) +BER_Decoder& BER_Decoder::decode(secure_vector<byte>& out, ASN1_Tag real_type) + { + return decode(out, real_type, real_type, UNIVERSAL); + } + +/* +* BER decode a BIT STRING or OCTET STRING +*/ +BER_Decoder& BER_Decoder::decode(std::vector<byte>& out, ASN1_Tag real_type) { return decode(out, real_type, real_type, UNIVERSAL); } @@ -470,7 +501,7 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& out, ASN1_Tag real_type) /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer, +BER_Decoder& BER_Decoder::decode(secure_vector<byte>& buffer, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -493,10 +524,50 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer, return (*this); } +BER_Decoder& BER_Decoder::decode(std::vector<byte>& buffer, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + if(real_type != OCTET_STRING && real_type != BIT_STRING) + throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); + + BER_Object obj = get_next_object(); + obj.assert_is_a(type_tag, class_tag); + + if(real_type == OCTET_STRING) + buffer = unlock(obj.value); + else + { + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); + + buffer.resize(obj.value.size() - 1); + copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); + } + return (*this); + } + /* * Decode an OPTIONAL string type */ -BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion<byte>& out, +BER_Decoder& BER_Decoder::decode_optional_string(secure_vector<byte>& out, + ASN1_Tag real_type, + u16bit type_no) + { + BER_Object obj = get_next_object(); + + ASN1_Tag type_tag = static_cast<ASN1_Tag>(type_no); + + out.clear(); + push_back(obj); + + if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC) + decode(out, real_type, type_tag, CONTEXT_SPECIFIC); + + return (*this); + } + +BER_Decoder& BER_Decoder::decode_optional_string(std::vector<byte>& out, ASN1_Tag real_type, u16bit type_no) { diff --git a/src/asn1/ber_dec.h b/src/asn1/ber_dec.h index 87039ed93..6b010fcc4 100644 --- a/src/asn1/ber_dec.h +++ b/src/asn1/ber_dec.h @@ -29,13 +29,15 @@ class BOTAN_DLL BER_Decoder BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); BER_Decoder& end_cons(); - BER_Decoder& raw_bytes(MemoryRegion<byte>& v); + BER_Decoder& raw_bytes(secure_vector<byte>& v); + BER_Decoder& raw_bytes(std::vector<byte>& v); BER_Decoder& decode_null(); BER_Decoder& decode(bool& v); BER_Decoder& decode(size_t& v); BER_Decoder& decode(class BigInt& v); - BER_Decoder& decode(MemoryRegion<byte>& v, ASN1_Tag type_tag); + BER_Decoder& decode(std::vector<byte>& v, ASN1_Tag type_tag); + BER_Decoder& decode(secure_vector<byte>& v, ASN1_Tag type_tag); BER_Decoder& decode(bool& v, ASN1_Tag type_tag, @@ -49,7 +51,12 @@ class BOTAN_DLL BER_Decoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - BER_Decoder& decode(MemoryRegion<byte>& v, + BER_Decoder& decode(std::vector<byte>& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + BER_Decoder& decode(secure_vector<byte>& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -99,15 +106,24 @@ class BOTAN_DLL BER_Decoder return (*this); } - BER_Decoder& decode_optional_string(MemoryRegion<byte>& out, + BER_Decoder& decode_optional_string(std::vector<byte>& out, + ASN1_Tag real_type, + u16bit type_no); + + BER_Decoder& decode_optional_string(secure_vector<byte>& out, ASN1_Tag real_type, u16bit type_no); BER_Decoder& operator=(const BER_Decoder&) = delete; BER_Decoder(DataSource&); + BER_Decoder(const byte[], size_t); - BER_Decoder(const MemoryRegion<byte>&); + + BER_Decoder(const secure_vector<byte>&); + + BER_Decoder(const std::vector<byte>& vec); + BER_Decoder(const BER_Decoder&); ~BER_Decoder(); private: diff --git a/src/asn1/der_enc.cpp b/src/asn1/der_enc.cpp index d19e434f0..ea9dfe9f8 100644 --- a/src/asn1/der_enc.cpp +++ b/src/asn1/der_enc.cpp @@ -20,13 +20,13 @@ namespace { /* * DER encode an ASN.1 type tag */ -SecureVector<byte> encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) +secure_vector<byte> encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) { if((class_tag | 0xE0) != 0xE0) throw Encoding_Error("DER_Encoder: Invalid class tag " + std::to_string(class_tag)); - SecureVector<byte> encoded_tag; + secure_vector<byte> encoded_tag; if(type_tag <= 30) encoded_tag.push_back(static_cast<byte>(type_tag | class_tag)); else @@ -46,9 +46,9 @@ SecureVector<byte> encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) /* * DER encode an ASN.1 length field */ -SecureVector<byte> encode_length(size_t length) +secure_vector<byte> encode_length(size_t length) { - SecureVector<byte> encoded_length; + secure_vector<byte> encoded_length; if(length <= 127) encoded_length.push_back(static_cast<byte>(length)); else @@ -68,7 +68,7 @@ SecureVector<byte> encode_length(size_t length) /* * Return the encoded SEQUENCE/SET */ -SecureVector<byte> DER_Encoder::DER_Sequence::get_contents() +secure_vector<byte> DER_Encoder::DER_Sequence::get_contents() { const ASN1_Tag real_class_tag = ASN1_Tag(class_tag | CONSTRUCTED); @@ -80,7 +80,7 @@ SecureVector<byte> DER_Encoder::DER_Sequence::get_contents() set_contents.clear(); } - SecureVector<byte> result; + secure_vector<byte> result; result += encode_tag(type_tag, real_class_tag); result += encode_length(contents.size()); result += contents; @@ -95,7 +95,7 @@ SecureVector<byte> DER_Encoder::DER_Sequence::get_contents() void DER_Encoder::DER_Sequence::add_bytes(const byte data[], size_t length) { if(type_tag == SET) - set_contents.push_back(SecureVector<byte>(data, length)); + set_contents.push_back(secure_vector<byte>(data, data + length)); else contents += std::make_pair(data, length); } @@ -119,12 +119,12 @@ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) : /* * Return the encoded contents */ -SecureVector<byte> DER_Encoder::get_contents() +secure_vector<byte> DER_Encoder::get_contents() { if(subsequences.size() != 0) throw Invalid_State("DER_Encoder: Sequence hasn't been marked done"); - SecureVector<byte> output; + secure_vector<byte> output; std::swap(output, contents); return output; } @@ -147,7 +147,7 @@ DER_Encoder& DER_Encoder::end_cons() if(subsequences.empty()) throw Invalid_State("DER_Encoder::end_cons: No such sequence"); - SecureVector<byte> seq = subsequences[subsequences.size()-1].get_contents(); + secure_vector<byte> seq = subsequences[subsequences.size()-1].get_contents(); subsequences.pop_back(); raw_bytes(seq); return (*this); @@ -177,7 +177,12 @@ DER_Encoder& DER_Encoder::end_explicit() /* * Write raw bytes into the stream */ -DER_Encoder& DER_Encoder::raw_bytes(const MemoryRegion<byte>& val) +DER_Encoder& DER_Encoder::raw_bytes(const secure_vector<byte>& val) + { + return raw_bytes(&val[0], val.size()); + } + +DER_Encoder& DER_Encoder::raw_bytes(const std::vector<byte>& val) { return raw_bytes(&val[0], val.size()); } @@ -230,7 +235,17 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n) /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector<byte>& bytes, + ASN1_Tag real_type) + { + return encode(&bytes[0], bytes.size(), + real_type, real_type, UNIVERSAL); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector<byte>& bytes, ASN1_Tag real_type) { return encode(&bytes[0], bytes.size(), @@ -275,7 +290,7 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, return add_object(type_tag, class_tag, 0); bool extra_zero = (n.bits() % 8 == 0); - SecureVector<byte> contents(extra_zero + n.bytes()); + secure_vector<byte> contents(extra_zero + n.bytes()); BigInt::encode(&contents[extra_zero], n); if(n < 0) { @@ -292,7 +307,18 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector<byte>& bytes, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + return encode(&bytes[0], bytes.size(), + real_type, type_tag, class_tag); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector<byte>& bytes, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -312,7 +338,7 @@ DER_Encoder& DER_Encoder::encode(const byte bytes[], size_t length, if(real_type == BIT_STRING) { - SecureVector<byte> encoded; + secure_vector<byte> encoded; encoded.push_back(0); encoded += std::make_pair(bytes, length); return add_object(type_tag, class_tag, encoded); @@ -346,7 +372,7 @@ DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const byte rep[], size_t length) { - SecureVector<byte> buffer; + secure_vector<byte> buffer; buffer += encode_tag(type_tag, class_tag); buffer += encode_length(length); buffer += std::make_pair(rep, length); @@ -358,17 +384,6 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, * Write the encoding of the byte(s) */ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion<byte>& rep_buf) - { - const byte* rep = &rep_buf[0]; - const size_t rep_len = rep_buf.size(); - return add_object(type_tag, class_tag, rep, rep_len); - } - -/* -* Write the encoding of the byte(s) -*/ -DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const std::string& rep_str) { const byte* rep = reinterpret_cast<const byte*>(rep_str.data()); diff --git a/src/asn1/der_enc.h b/src/asn1/der_enc.h index 183e43b80..adab02247 100644 --- a/src/asn1/der_enc.h +++ b/src/asn1/der_enc.h @@ -22,7 +22,10 @@ class ASN1_Object; class BOTAN_DLL DER_Encoder { public: - SecureVector<byte> get_contents(); + secure_vector<byte> get_contents(); + + std::vector<byte> get_contents_unlocked() + { return unlock(get_contents()); } DER_Encoder& start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); @@ -32,13 +35,15 @@ class BOTAN_DLL DER_Encoder DER_Encoder& end_explicit(); DER_Encoder& raw_bytes(const byte val[], size_t len); - DER_Encoder& raw_bytes(const MemoryRegion<byte>& val); + DER_Encoder& raw_bytes(const secure_vector<byte>& val); + DER_Encoder& raw_bytes(const std::vector<byte>& val); DER_Encoder& encode_null(); DER_Encoder& encode(bool b); DER_Encoder& encode(size_t s); DER_Encoder& encode(const BigInt& n); - DER_Encoder& encode(const MemoryRegion<byte>& v, ASN1_Tag real_type); + DER_Encoder& encode(const secure_vector<byte>& v, ASN1_Tag real_type); + DER_Encoder& encode(const std::vector<byte>& v, ASN1_Tag real_type); DER_Encoder& encode(const byte val[], size_t len, ASN1_Tag real_type); DER_Encoder& encode(bool b, @@ -53,7 +58,12 @@ class BOTAN_DLL DER_Encoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - DER_Encoder& encode(const MemoryRegion<byte>& v, + DER_Encoder& encode(const std::vector<byte>& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + DER_Encoder& encode(const secure_vector<byte>& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -86,7 +96,16 @@ class BOTAN_DLL DER_Encoder const byte rep[], size_t length); DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion<byte>& rep); + const std::vector<byte>& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } + + DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, + const secure_vector<byte>& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const std::string& str); @@ -99,16 +118,16 @@ class BOTAN_DLL DER_Encoder { public: ASN1_Tag tag_of() const; - SecureVector<byte> get_contents(); + secure_vector<byte> get_contents(); void add_bytes(const byte[], size_t); DER_Sequence(ASN1_Tag, ASN1_Tag); private: ASN1_Tag type_tag, class_tag; - SecureVector<byte> contents; - std::vector< SecureVector<byte> > set_contents; + secure_vector<byte> contents; + std::vector< secure_vector<byte> > set_contents; }; - SecureVector<byte> contents; + secure_vector<byte> contents; std::vector<DER_Sequence> subsequences; }; diff --git a/src/asn1/x509_dn.cpp b/src/asn1/x509_dn.cpp index 984645cfe..8504bed16 100644 --- a/src/asn1/x509_dn.cpp +++ b/src/asn1/x509_dn.cpp @@ -106,7 +106,7 @@ std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const /* * Return the BER encoded data, if any */ -MemoryVector<byte> X509_DN::get_bits() const +std::vector<byte> X509_DN::get_bits() const { return dn_bits; } @@ -247,7 +247,7 @@ void X509_DN::encode_into(DER_Encoder& der) const */ void X509_DN::decode_from(BER_Decoder& source) { - MemoryVector<byte> bits; + std::vector<byte> bits; source.start_cons(SEQUENCE) .raw_bytes(bits) diff --git a/src/asn1/x509_dn.h b/src/asn1/x509_dn.h index 3f63eb49c..a7b2b24d3 100644 --- a/src/asn1/x509_dn.h +++ b/src/asn1/x509_dn.h @@ -34,14 +34,14 @@ class BOTAN_DLL X509_DN : public ASN1_Object static std::string deref_info_field(const std::string&); - MemoryVector<byte> get_bits() const; + std::vector<byte> get_bits() const; X509_DN(); X509_DN(const std::multimap<OID, std::string>&); X509_DN(const std::multimap<std::string, std::string>&); private: std::multimap<OID, ASN1_String> dn_info; - MemoryVector<byte> dn_bits; + std::vector<byte> dn_bits; }; bool BOTAN_DLL operator==(const X509_DN&, const X509_DN&); diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 5f47762a8..42db7abae 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -414,8 +414,8 @@ const u32bit TD[1024] = { */ void aes_encrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion<u32bit>& EK, - const MemoryRegion<byte>& ME) + const secure_vector<u32bit>& EK, + const secure_vector<byte>& ME) { const size_t BLOCK_SIZE = 16; @@ -525,8 +525,8 @@ void aes_encrypt_n(const byte in[], byte out[], * AES Decryption */ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion<u32bit>& DK, - const MemoryRegion<byte>& MD) + const secure_vector<u32bit>& DK, + const secure_vector<byte>& MD) { const size_t BLOCK_SIZE = 16; @@ -606,10 +606,10 @@ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, } void aes_key_schedule(const byte key[], size_t length, - MemoryRegion<u32bit>& EK, - MemoryRegion<u32bit>& DK, - MemoryRegion<byte>& ME, - MemoryRegion<byte>& MD) + secure_vector<u32bit>& EK, + secure_vector<u32bit>& DK, + secure_vector<byte>& ME, + secure_vector<byte>& MD) { static const u32bit RC[10] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, @@ -617,7 +617,7 @@ void aes_key_schedule(const byte key[], size_t length, const size_t rounds = (length / 4) + 6; - SecureVector<u32bit> XEK(length + 32), XDK(length + 32); + secure_vector<u32bit> XEK(length + 32), XDK(length + 32); const size_t X = length / 4; for(size_t i = 0; i != X; ++i) diff --git a/src/block/aes/aes.h b/src/block/aes/aes.h index a165f83b5..f6f683bf9 100644 --- a/src/block/aes/aes.h +++ b/src/block/aes/aes.h @@ -30,8 +30,8 @@ class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector<u32bit> EK, DK; - SecureVector<byte> ME, MD; + secure_vector<u32bit> EK, DK; + secure_vector<byte> ME, MD; }; /** @@ -52,8 +52,8 @@ class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector<u32bit> EK, DK; - SecureVector<byte> ME, MD; + secure_vector<u32bit> EK, DK; + secure_vector<byte> ME, MD; }; /** @@ -74,8 +74,8 @@ class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector<u32bit> EK, DK; - SecureVector<byte> ME, MD; + secure_vector<u32bit> EK, DK; + secure_vector<byte> ME, MD; }; } diff --git a/src/block/aes_ni/aes_ni.h b/src/block/aes_ni/aes_ni.h index ae9e5b3f4..4844b7fe8 100644 --- a/src/block/aes_ni/aes_ni.h +++ b/src/block/aes_ni/aes_ni.h @@ -31,7 +31,7 @@ class BOTAN_DLL AES_128_NI : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; /** @@ -53,7 +53,7 @@ class BOTAN_DLL AES_192_NI : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; /** @@ -75,7 +75,7 @@ class BOTAN_DLL AES_256_NI : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 686b7999f..3d7c16f42 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -29,7 +29,7 @@ class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; /** @@ -69,7 +69,7 @@ class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; } diff --git a/src/block/block_cipher.h b/src/block/block_cipher.h index 8e820fc5a..4a07bb048 100644 --- a/src/block/block_cipher.h +++ b/src/block/block_cipher.h @@ -75,6 +75,50 @@ class BOTAN_DLL BlockCipher : public SymmetricAlgorithm /** * Encrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template<typename Alloc> + void encrypt(std::vector<byte, Alloc>& block) const + { + return encrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template<typename Alloc> + void decrypt(std::vector<byte, Alloc>& block) const + { + return decrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Encrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template<typename Alloc, typename Alloc2> + void encrypt(const std::vector<byte, Alloc>& in, + std::vector<byte, Alloc2>& out) const + { + return encrypt_n(&in[0], &out[0], in.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template<typename Alloc, typename Alloc2> + void decrypt(const std::vector<byte, Alloc>& in, + std::vector<byte, Alloc2>& out) const + { + return decrypt_n(&in[0], &out[0], in.size() / block_size()); + } + + /** + * Encrypt one or more blocks * @param in the input buffer (multiple of block_size()) * @param out the output buffer (same size as in) * @param blocks the number of blocks to process diff --git a/src/block/blowfish/blowfish.cpp b/src/block/blowfish/blowfish.cpp index b6319eec0..9f5ac1724 100644 --- a/src/block/blowfish/blowfish.cpp +++ b/src/block/blowfish/blowfish.cpp @@ -143,7 +143,7 @@ void Blowfish::eks_key_schedule(const byte key[], size_t length, /* * Generate one of the Sboxes */ -void Blowfish::generate_sbox(MemoryRegion<u32bit>& box, +void Blowfish::generate_sbox(secure_vector<u32bit>& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const diff --git a/src/block/blowfish/blowfish.h b/src/block/blowfish/blowfish.h index 13706d21e..5bec4b231 100644 --- a/src/block/blowfish/blowfish.h +++ b/src/block/blowfish/blowfish.h @@ -39,7 +39,7 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> size_t key_length, const byte salt[16]); - void generate_sbox(MemoryRegion<u32bit>& box, + void generate_sbox(secure_vector<u32bit>& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const; @@ -47,8 +47,8 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> static const u32bit P_INIT[18]; static const u32bit S_INIT[1024]; - SecureVector<u32bit> S; - SecureVector<u32bit> P; + secure_vector<u32bit> S; + secure_vector<u32bit> P; }; } diff --git a/src/block/camellia/camellia.cpp b/src/block/camellia/camellia.cpp index 7b85b1aca..bea5d4c51 100644 --- a/src/block/camellia/camellia.cpp +++ b/src/block/camellia/camellia.cpp @@ -116,7 +116,7 @@ inline u64bit FLINV(u64bit v, u64bit K) * Camellia Encryption */ void encrypt(const byte in[], byte out[], size_t blocks, - const SecureVector<u64bit>& SK, const size_t rounds) + const secure_vector<u64bit>& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -160,7 +160,7 @@ void encrypt(const byte in[], byte out[], size_t blocks, * Camellia Decryption */ void decrypt(const byte in[], byte out[], size_t blocks, - const SecureVector<u64bit>& SK, const size_t rounds) + const secure_vector<u64bit>& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -213,7 +213,7 @@ u64bit left_rot_lo(u64bit h, u64bit l, size_t shift) /* * Camellia Key Schedule */ -void key_schedule(SecureVector<u64bit>& SK, const byte key[], size_t length) +void key_schedule(secure_vector<u64bit>& SK, const byte key[], size_t length) { const u64bit Sigma1 = 0xA09E667F3BCC908B; const u64bit Sigma2 = 0xB67AE8584CAA73B2; diff --git a/src/block/camellia/camellia.h b/src/block/camellia/camellia.h index 9ce305983..4db115f2c 100644 --- a/src/block/camellia/camellia.h +++ b/src/block/camellia/camellia.h @@ -27,7 +27,7 @@ class BOTAN_DLL Camellia_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector<u64bit> SK; + secure_vector<u64bit> SK; }; /** @@ -45,7 +45,7 @@ class BOTAN_DLL Camellia_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector<u64bit> SK; + secure_vector<u64bit> SK; }; /** @@ -63,7 +63,7 @@ class BOTAN_DLL Camellia_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector<u64bit> SK; + secure_vector<u64bit> SK; }; } diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp index 24469e025..8fae4040d 100644 --- a/src/block/cast/cast128.cpp +++ b/src/block/cast/cast128.cpp @@ -119,7 +119,7 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const void CAST_128::key_schedule(const byte key[], size_t length) { clear(); - SecureVector<u32bit> X(4); + secure_vector<u32bit> X(4); for(size_t j = 0; j != length; ++j) X[j/4] = (X[j/4] << 8) + key[j]; @@ -133,8 +133,8 @@ void CAST_128::key_schedule(const byte key[], size_t length) /* * S-Box Based Key Expansion */ -void CAST_128::cast_ks(MemoryRegion<u32bit>& K, - MemoryRegion<u32bit>& X) +void CAST_128::cast_ks(secure_vector<u32bit>& K, + secure_vector<u32bit>& X) { class ByteReader { @@ -145,7 +145,7 @@ void CAST_128::cast_ks(MemoryRegion<u32bit>& K, const u32bit* X; }; - SecureVector<u32bit> Z(4); + secure_vector<u32bit> Z(4); ByteReader x(&X[0]), z(&Z[0]); Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 10c646c94..15efc8132 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -29,15 +29,15 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> private: void key_schedule(const byte[], size_t); - static void cast_ks(MemoryRegion<u32bit>& ks, - MemoryRegion<u32bit>& user_key); + static void cast_ks(secure_vector<u32bit>& ks, + secure_vector<u32bit>& user_key); static const u32bit S5[256]; static const u32bit S6[256]; static const u32bit S7[256]; static const u32bit S8[256]; - SecureVector<u32bit> MK, RK; + secure_vector<u32bit> MK, RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp index 8be0a8dd6..00e0fbd30 100644 --- a/src/block/cast/cast256.cpp +++ b/src/block/cast/cast256.cpp @@ -138,7 +138,7 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_256::key_schedule(const byte key[], size_t length) { - SecureVector<u32bit> K(8); + secure_vector<u32bit> K(8); for(size_t j = 0; j != length; ++j) K[j/4] = (K[j/4] << 8) + key[j]; diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 2f2beef47..11c5117a3 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -32,8 +32,8 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> static const u32bit KEY_MASK[192]; static const byte KEY_ROT[32]; - SecureVector<u32bit> MK; - SecureVector<byte> RK; + secure_vector<u32bit> MK; + secure_vector<byte> RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/des/des.h b/src/block/des/des.h index db5a375e0..711efb16d 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -29,7 +29,7 @@ class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> round_key; + secure_vector<u32bit> round_key; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> round_key; + secure_vector<u32bit> round_key; }; /* diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 993eca86b..1fe8b000c 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -28,7 +28,7 @@ class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> DESX() : K1(8), K2(8) {} private: void key_schedule(const byte[], size_t); - SecureVector<byte> K1, K2; + secure_vector<byte> K1, K2; DES des; }; diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index bc26da774..a4a13b827 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -65,13 +65,13 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> */ GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const SecureVector<u32bit>& other_SBOX) : + GOST_28147_89(const secure_vector<u32bit>& other_SBOX) : SBOX(other_SBOX), EK(8) {} void key_schedule(const byte[], size_t); - SecureVector<u32bit> SBOX; - SecureVector<u32bit> EK; + secure_vector<u32bit> SBOX; + secure_vector<u32bit> EK; }; } diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index 42fa60c47..f3f0ce1bc 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -30,16 +30,16 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to encryption subkeys */ - const SecureVector<u16bit>& get_EK() const { return EK; } + const secure_vector<u16bit>& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector<u16bit>& get_DK() const { return DK; } + const secure_vector<u16bit>& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector<u16bit> EK, DK; + secure_vector<u16bit> EK, DK; }; } diff --git a/src/block/kasumi/kasumi.cpp b/src/block/kasumi/kasumi.cpp index a57c0396a..d3894789d 100644 --- a/src/block/kasumi/kasumi.cpp +++ b/src/block/kasumi/kasumi.cpp @@ -204,7 +204,7 @@ void KASUMI::key_schedule(const byte key[], size_t) static const u16bit RC[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF, 0xFEDC, 0xBA98, 0x7654, 0x3210 }; - SecureVector<u16bit> K(16); + secure_vector<u16bit> K(16); for(size_t i = 0; i != 8; ++i) { K[i] = load_be<u16bit>(key, i); diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index 7871aa170..f3dd7e0c7 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -29,7 +29,7 @@ class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector<u16bit> EK; + secure_vector<u16bit> EK; }; } diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index 4a9e8b901..778b55be0 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -16,7 +16,7 @@ namespace Botan { */ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector<byte> buffer_vec(LEFT_SIZE); + secure_vector<byte> buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -43,7 +43,7 @@ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Lion::decrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector<byte> buffer_vec(LEFT_SIZE); + secure_vector<byte> buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lion/lion.h b/src/block/lion/lion.h index 5076f4461..d016c0e82 100644 --- a/src/block/lion/lion.h +++ b/src/block/lion/lion.h @@ -56,7 +56,7 @@ class BOTAN_DLL Lion : public BlockCipher HashFunction* hash; StreamCipher* cipher; - SecureVector<byte> key1, key2; + secure_vector<byte> key1, key2; }; } diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index ef4a11e9d..2fe4c87bf 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -17,7 +17,7 @@ void LubyRackoff::encrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector<byte> buffer_vec(len); + secure_vector<byte> buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -54,7 +54,7 @@ void LubyRackoff::decrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector<byte> buffer_vec(len); + secure_vector<byte> buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lubyrack/lubyrack.h b/src/block/lubyrack/lubyrack.h index 81dddf579..e28c60be7 100644 --- a/src/block/lubyrack/lubyrack.h +++ b/src/block/lubyrack/lubyrack.h @@ -42,7 +42,7 @@ class BOTAN_DLL LubyRackoff : public BlockCipher void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector<byte> K1, K2; + secure_vector<byte> K1, K2; }; } diff --git a/src/block/mars/mars.cpp b/src/block/mars/mars.cpp index 171ce2945..64ece83ab 100644 --- a/src/block/mars/mars.cpp +++ b/src/block/mars/mars.cpp @@ -320,7 +320,7 @@ void MARS::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MARS::key_schedule(const byte key[], size_t length) { - SecureVector<u32bit> T(15); + secure_vector<u32bit> T(15); for(size_t i = 0; i != length / 4; ++i) T[i] = load_le<u32bit>(key, i); diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index 5ca05f886..fc732ae10 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -29,7 +29,7 @@ class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK; + secure_vector<u32bit> EK; }; } diff --git a/src/block/misty1/misty1.cpp b/src/block/misty1/misty1.cpp index 77d1047b1..64298ee92 100644 --- a/src/block/misty1/misty1.cpp +++ b/src/block/misty1/misty1.cpp @@ -204,7 +204,7 @@ void MISTY1::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MISTY1::key_schedule(const byte key[], size_t length) { - SecureVector<u16bit> KS(32); + secure_vector<u16bit> KS(32); for(size_t i = 0; i != length / 2; ++i) KS[i] = load_be<u16bit>(key, i); diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index 14d8a2958..a4bfa14b3 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -33,7 +33,7 @@ class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector<u16bit> EK, DK; + secure_vector<u16bit> EK, DK; }; } diff --git a/src/block/noekeon/noekeon.h b/src/block/noekeon/noekeon.h index 7c5c73dcb..8bcff64c9 100644 --- a/src/block/noekeon/noekeon.h +++ b/src/block/noekeon/noekeon.h @@ -35,16 +35,16 @@ class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> /** * @return const reference to encryption subkeys */ - const SecureVector<u32bit>& get_EK() const { return EK; } + const secure_vector<u32bit>& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector<u32bit>& get_DK() const { return DK; } + const secure_vector<u32bit>& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK, DK; + secure_vector<u32bit> EK, DK; }; } diff --git a/src/block/noekeon_simd/noekeon_simd.cpp b/src/block/noekeon_simd/noekeon_simd.cpp index b2beafc82..2a4c1fd74 100644 --- a/src/block/noekeon_simd/noekeon_simd.cpp +++ b/src/block/noekeon_simd/noekeon_simd.cpp @@ -65,7 +65,7 @@ namespace Botan { */ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector<u32bit>& EK = this->get_EK(); + const secure_vector<u32bit>& EK = this->get_EK(); SIMD_32 K0 = SIMD_32(EK[0]); SIMD_32 K1 = SIMD_32(EK[1]); @@ -122,7 +122,7 @@ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Noekeon_SIMD::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector<u32bit>& DK = this->get_DK(); + const secure_vector<u32bit>& DK = this->get_DK(); SIMD_32 K0 = SIMD_32(DK[0]); SIMD_32 K1 = SIMD_32(DK[1]); diff --git a/src/block/rc2/rc2.cpp b/src/block/rc2/rc2.cpp index 071e4e209..98e76ecfc 100644 --- a/src/block/rc2/rc2.cpp +++ b/src/block/rc2/rc2.cpp @@ -124,7 +124,7 @@ void RC2::key_schedule(const byte key[], size_t length) 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD }; - SecureVector<byte> L(128); + secure_vector<byte> L(128); copy_mem(&L[0], key, length); for(size_t i = length; i != 128; ++i) diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index 1ebad1e73..dc78b06fc 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -36,7 +36,7 @@ class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector<u16bit> K; + secure_vector<u16bit> K; }; } diff --git a/src/block/rc5/rc5.cpp b/src/block/rc5/rc5.cpp index 981f73564..1ac421996 100644 --- a/src/block/rc5/rc5.cpp +++ b/src/block/rc5/rc5.cpp @@ -95,7 +95,7 @@ void RC5::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector<u32bit> K(8); + secure_vector<u32bit> K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index c69705471..bf059a996 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -35,7 +35,7 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> void key_schedule(const byte[], size_t); - SecureVector<u32bit> S; + secure_vector<u32bit> S; }; } diff --git a/src/block/rc6/rc6.cpp b/src/block/rc6/rc6.cpp index 53ca5a7a2..42d00878f 100644 --- a/src/block/rc6/rc6.cpp +++ b/src/block/rc6/rc6.cpp @@ -120,7 +120,7 @@ void RC6::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector<u32bit> K(8); + secure_vector<u32bit> K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index af7b62316..d3270daf7 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -29,7 +29,7 @@ class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> S; + secure_vector<u32bit> S; }; } diff --git a/src/block/safer/safer_sk.cpp b/src/block/safer/safer_sk.cpp index 5275a0781..f5fe4edd7 100644 --- a/src/block/safer/safer_sk.cpp +++ b/src/block/safer/safer_sk.cpp @@ -208,7 +208,7 @@ void SAFER_SK::key_schedule(const byte key[], size_t) 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - SecureVector<byte> KB(18); + secure_vector<byte> KB(18); for(size_t i = 0; i != 8; ++i) { diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index 564ea5c50..cf8ad90f7 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -34,7 +34,7 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> size_t get_rounds() const { return (EK.size() - 8) / 16; } void key_schedule(const byte[], size_t); - SecureVector<byte> EK; + secure_vector<byte> EK; }; } diff --git a/src/block/seed/seed.cpp b/src/block/seed/seed.cpp index 408220013..40deb18bc 100644 --- a/src/block/seed/seed.cpp +++ b/src/block/seed/seed.cpp @@ -111,7 +111,7 @@ void SEED::key_schedule(const byte key[], size_t) 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B }; - SecureVector<u32bit> WK(4); + secure_vector<u32bit> WK(4); for(size_t i = 0; i != 4; ++i) WK[i] = load_be<u32bit>(key, i); diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 979312930..d5476de82 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -37,7 +37,7 @@ class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> static const u32bit S0[256], S1[256], S2[256], S3[256]; }; - SecureVector<u32bit> K; + secure_vector<u32bit> K; }; } diff --git a/src/block/serpent/serpent.cpp b/src/block/serpent/serpent.cpp index b1e632c29..0f0a4fd63 100644 --- a/src/block/serpent/serpent.cpp +++ b/src/block/serpent/serpent.cpp @@ -358,7 +358,7 @@ void Serpent::key_schedule(const byte key[], size_t length) { const u32bit PHI = 0x9E3779B9; - SecureVector<u32bit> W(140); + secure_vector<u32bit> W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le<u32bit>(key, i); diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index df3f039aa..6191e50d7 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -31,7 +31,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> * For use by subclasses using SIMD, asm, etc * @return const reference to the key schedule */ - const SecureVector<u32bit>& get_round_keys() const + const secure_vector<u32bit>& get_round_keys() const { return round_key; } /** @@ -45,7 +45,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> private: void key_schedule(const byte key[], size_t length); - SecureVector<u32bit> round_key; + secure_vector<u32bit> round_key; }; } diff --git a/src/block/serpent_x86_32/serp_x86_32.cpp b/src/block/serpent_x86_32/serp_x86_32.cpp index 4cefe1d65..9566ed8a6 100644 --- a/src/block/serpent_x86_32/serp_x86_32.cpp +++ b/src/block/serpent_x86_32/serp_x86_32.cpp @@ -72,7 +72,7 @@ void Serpent_X86_32::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Serpent_X86_32::key_schedule(const byte key[], size_t length) { - SecureVector<u32bit> W(140); + secure_vector<u32bit> W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le<u32bit>(key, i); W[length / 4] |= u32bit(1) << ((length%4)*8); diff --git a/src/block/skipjack/skipjack.h b/src/block/skipjack/skipjack.h index 051d35351..9abd10d47 100644 --- a/src/block/skipjack/skipjack.h +++ b/src/block/skipjack/skipjack.h @@ -29,7 +29,7 @@ class BOTAN_DLL Skipjack : public Block_Cipher_Fixed_Params<8, 10> private: void key_schedule(const byte[], size_t); - SecureVector<byte> FTAB; + secure_vector<byte> FTAB; }; } diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index ff98c040e..bb9132e10 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -142,7 +142,7 @@ void Square::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Square::key_schedule(const byte key[], size_t) { - SecureVector<u32bit> XEK(36), XDK(36); + secure_vector<u32bit> XEK(36), XDK(36); for(size_t i = 0; i != 4; ++i) XEK[i] = load_be<u32bit>(key, i); diff --git a/src/block/square/square.h b/src/block/square/square.h index 5147c0383..f40ad0e31 100644 --- a/src/block/square/square.h +++ b/src/block/square/square.h @@ -45,8 +45,8 @@ class BOTAN_DLL Square : public Block_Cipher_Fixed_Params<16, 16> static const u32bit TD2[256]; static const u32bit TD3[256]; - SecureVector<u32bit> EK, DK; - SecureVector<byte> ME, MD; + secure_vector<u32bit> EK, DK; + secure_vector<byte> ME, MD; }; } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 0290b112f..5d418e084 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -28,7 +28,7 @@ class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> TEA() : K(4) {} private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> K; + secure_vector<u32bit> K; }; } diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index c0735e202..d0a4213fb 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -121,7 +121,7 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Twofish::key_schedule(const byte key[], size_t length) { - SecureVector<byte> S(16); + secure_vector<byte> S(16); for(size_t i = 0; i != length; ++i) rs_mul(&S[4*(i/8)], key[i], i); diff --git a/src/block/twofish/twofish.h b/src/block/twofish/twofish.h index 7594bdcfd..cd84c6fe0 100644 --- a/src/block/twofish/twofish.h +++ b/src/block/twofish/twofish.h @@ -41,7 +41,7 @@ class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> static const byte EXP_TO_POLY[255]; static const byte POLY_TO_EXP[255]; - SecureVector<u32bit> SB, RK; + secure_vector<u32bit> SB, RK; }; } diff --git a/src/block/xtea/xtea.cpp b/src/block/xtea/xtea.cpp index 597eedd07..29287e5a0 100644 --- a/src/block/xtea/xtea.cpp +++ b/src/block/xtea/xtea.cpp @@ -123,7 +123,7 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void XTEA::key_schedule(const byte key[], size_t) { - SecureVector<u32bit> UK(4); + secure_vector<u32bit> UK(4); for(size_t i = 0; i != 4; ++i) UK[i] = load_be<u32bit>(key, i); diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index 985e9d6d1..2bf544696 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -30,11 +30,11 @@ class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to the key schedule */ - const SecureVector<u32bit>& get_EK() const { return EK; } + const secure_vector<u32bit>& get_EK() const { return EK; } private: void key_schedule(const byte[], size_t); - SecureVector<u32bit> EK; + secure_vector<u32bit> EK; }; } diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index d22ae6202..f3babb394 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -1,6 +1,6 @@ macro_name GCC -binary_name g++-4.6.0 +binary_name g++-4.8.0-r187608 compile_option "-c " output_to_option "-o " diff --git a/src/cert/certstore/certstor.cpp b/src/cert/certstore/certstor.cpp index 3cba2f39e..9c383d9e8 100644 --- a/src/cert/certstore/certstor.cpp +++ b/src/cert/certstore/certstor.cpp @@ -28,7 +28,7 @@ void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) std::vector<X509_Certificate> Certificate_Store_Memory::find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id) const + const std::vector<byte>& key_id) const { std::vector<X509_Certificate> result; @@ -37,7 +37,7 @@ Certificate_Store_Memory::find_cert_by_subject_and_key_id( // Only compare key ids if set in both call and in the cert if(key_id.size()) { - MemoryVector<byte> skid = certs[i].subject_key_id(); + std::vector<byte> skid = certs[i].subject_key_id(); if(skid.size() && skid != key_id) // no match continue; @@ -74,7 +74,7 @@ void Certificate_Store_Memory::add_crl(const X509_CRL& crl) std::vector<X509_CRL> Certificate_Store_Memory::find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion<byte>& key_id) const + const std::vector<byte>& key_id) const { std::vector<X509_CRL> result; @@ -83,7 +83,7 @@ Certificate_Store_Memory::find_crl_by_subject_and_key_id( // Only compare key ids if set in both call and in the CRL if(key_id.size()) { - MemoryVector<byte> akid = crls[i].authority_key_id(); + std::vector<byte> akid = crls[i].authority_key_id(); if(akid.size() && akid != key_id) // no match continue; diff --git a/src/cert/certstore/certstor.h b/src/cert/certstore/certstor.h index 374013984..a0526e1a6 100644 --- a/src/cert/certstore/certstor.h +++ b/src/cert/certstore/certstor.h @@ -39,7 +39,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector<X509_Certificate> find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id) const = 0; + const std::vector<byte>& key_id) const = 0; /** * Find CRLs by the DN and key id of the issuer @@ -47,7 +47,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector<X509_CRL> find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion<byte>& key_id) const = 0; + const std::vector<byte>& key_id) const = 0; }; /** @@ -64,11 +64,11 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store std::vector<X509_Certificate> find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id) const; + const std::vector<byte>& key_id) const; std::vector<X509_CRL> find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion<byte>& key_id) const; + const std::vector<byte>& key_id) const; Certificate_Store_Memory() {} private: diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index 12221b582..a3a4d043d 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -18,9 +18,9 @@ namespace Botan { namespace { -SecureVector<byte> enc_two_digit(u32bit in) +secure_vector<byte> enc_two_digit(u32bit in) { - SecureVector<byte> result; + secure_vector<byte> result; in %= 100; if(in < 10) result.push_back(0x00); @@ -281,9 +281,9 @@ void EAC_Time::decode_from(BER_Decoder& source) /* * make the value an octet string for encoding */ -SecureVector<byte> EAC_Time::encoded_eac_time() const +secure_vector<byte> EAC_Time::encoded_eac_time() const { - SecureVector<byte> result; + secure_vector<byte> result; result += enc_two_digit(year); result += enc_two_digit(month); result += enc_two_digit(day); diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp index 38f51e8dc..f224d15b9 100644 --- a/src/cert/cvc/cvc_ado.cpp +++ b/src/cert/cvc/cvc_ado.cpp @@ -26,7 +26,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in) void EAC1_1_ADO::force_decode() { - SecureVector<byte> inner_cert; + secure_vector<byte> inner_cert; BER_Decoder(tbs_bits) .start_cons(ASN1_Tag(33)) .raw_bytes(inner_cert) @@ -34,7 +34,7 @@ void EAC1_1_ADO::force_decode() .decode(m_car) .verify_end(); - SecureVector<byte> req_bits = DER_Encoder() + secure_vector<byte> req_bits = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(inner_cert) .end_cons() @@ -45,11 +45,11 @@ void EAC1_1_ADO::force_decode() sig_algo = m_req.sig_algo; } -MemoryVector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer, - const MemoryRegion<byte>& tbs_bits, +std::vector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer, + const secure_vector<byte>& tbs_bits, RandomNumberGenerator& rng) { - SecureVector<byte> concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) @@ -65,11 +65,11 @@ ASN1_Car EAC1_1_ADO::get_car() const } void EAC1_1_ADO::decode_info(DataSource& source, - SecureVector<byte> & res_tbs_bits, + secure_vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector<byte> concat_sig; - SecureVector<byte> cert_inner_bits; + secure_vector<byte> concat_sig; + secure_vector<byte> cert_inner_bits; ASN1_Car car; BER_Decoder(source) @@ -81,7 +81,7 @@ void EAC1_1_ADO::decode_info(DataSource& source, .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons(); - SecureVector<byte> enc_cert = DER_Encoder() + secure_vector<byte> enc_cert = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(cert_inner_bits) .end_cons() @@ -97,7 +97,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const if(encoding == PEM) throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object"); - SecureVector<byte> concat_sig( + secure_vector<byte> concat_sig( EAC1_1_obj<EAC1_1_ADO>::m_sig.get_concatenation()); out.write(DER_Encoder() @@ -108,7 +108,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const .get_contents()); } -SecureVector<byte> EAC1_1_ADO::tbs_data() const +secure_vector<byte> EAC1_1_ADO::tbs_data() const { return tbs_bits; } diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index 65a39fd91..81b89ea00 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -43,9 +43,9 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> * @param tbs_bits the TBS data to sign * @param rng a random number generator */ - static MemoryVector<byte> make_signed( + static std::vector<byte> make_signed( PK_Signer& signer, - const MemoryRegion<byte>& tbs_bits, + const secure_vector<byte>& tbs_bits, RandomNumberGenerator& rng); /** @@ -73,7 +73,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> * Get the TBS data of this CVC ADO request. * @result the TBS data */ - SecureVector<byte> tbs_data() const; + secure_vector<byte> tbs_data() const; virtual ~EAC1_1_ADO() {} private: @@ -82,7 +82,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> void force_decode(); static void decode_info(DataSource& source, - SecureVector<byte> & res_tbs_bits, + secure_vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig); }; diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 54f72ecfc..12558bb80 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -33,8 +33,8 @@ u32bit EAC1_1_CVC::get_chat_value() const */ void EAC1_1_CVC::force_decode() { - SecureVector<byte> enc_pk; - SecureVector<byte> enc_chat_val; + secure_vector<byte> enc_pk; + secure_vector<byte> enc_chat_val; size_t cpi; BER_Decoder tbs_cert(tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) @@ -88,7 +88,7 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const && get_concat_sig() == rhs.get_concat_sig()); } -ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>&, +ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>&, AlgorithmIdentifier&) { throw Internal_Error("decode_eac1_1_key: Unimplemented"); @@ -96,7 +96,7 @@ ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>&, } EAC1_1_CVC make_cvc_cert(PK_Signer& signer, - MemoryRegion<byte> const& public_key, + secure_vector<byte> const& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -105,12 +105,12 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, RandomNumberGenerator& rng) { OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); - MemoryVector<byte> enc_chat_val; + std::vector<byte> enc_chat_val; enc_chat_val.push_back(holder_auth_templ); - MemoryVector<byte> enc_cpi; + std::vector<byte> enc_cpi; enc_cpi.push_back(0x00); - MemoryVector<byte> tbs = DER_Encoder() + std::vector<byte> tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi .encode(car) .raw_bytes(public_key) @@ -123,7 +123,7 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, .encode(cex) .get_contents(); - MemoryVector<byte> signed_cert = + std::vector<byte> signed_cert = EAC1_1_CVC::make_signed(signer, EAC1_1_CVC::build_cert_body(tbs), rng); diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index 69d0d824a..20370e64b 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -96,7 +96,7 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) * @param rng a random number generator */ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, - const MemoryRegion<byte>& public_key, + const secure_vector<byte>& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -107,7 +107,7 @@ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, /** * Decode an EAC encoding ECDSA key */ -BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>& enc_key, +BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>& enc_key, AlgorithmIdentifier& sig_algo); } diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index ad61b85bf..a272e316f 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -56,14 +56,14 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 * Get the to-be-signed (TBS) data of this object. * @result the TBS data of this object */ - SecureVector<byte> tbs_data() const; + secure_vector<byte> tbs_data() const; /** * Build the DER encoded certifcate body of an object * @param tbs the data to be signed * @result the correctly encoded body of the object */ - static SecureVector<byte> build_cert_body(MemoryRegion<byte> const& tbs); + static secure_vector<byte> build_cert_body(secure_vector<byte> const& tbs); /** * Create a signed generalized CVC object. @@ -72,9 +72,9 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 * @param rng a random number generator * @result the DER encoded signed generalized CVC object */ - static MemoryVector<byte> make_signed( + static std::vector<byte> make_signed( PK_Signer& signer, - const MemoryRegion<byte>& tbs_bits, + const secure_vector<byte>& tbs_bits, RandomNumberGenerator& rng); EAC1_1_gen_CVC() { m_pk = 0; } @@ -88,7 +88,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 bool self_signed; static void decode_info(DataSource& source, - SecureVector<byte> & res_tbs_bits, + secure_vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig); }; @@ -104,12 +104,12 @@ template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const } template<typename Derived> -MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed( +std::vector<byte> EAC1_1_gen_CVC<Derived>::make_signed( PK_Signer& signer, - const MemoryRegion<byte>& tbs_bits, + const secure_vector<byte>& tbs_bits, RandomNumberGenerator& rng) // static { - SecureVector<byte> concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) @@ -125,7 +125,7 @@ Public_Key* EAC1_1_gen_CVC<Derived>::subject_public_key() const return new ECDSA_PublicKey(*m_pk); } -template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs) +template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(secure_vector<byte> const& tbs) { return DER_Encoder() .start_cons(ASN1_Tag(78), APPLICATION) @@ -133,15 +133,15 @@ template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cer .end_cons().get_contents(); } -template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const +template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const { return build_cert_body(EAC1_1_obj<Derived>::tbs_bits); } template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_Encoding encoding) const { - SecureVector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation()); - SecureVector<byte> der = DER_Encoder() + secure_vector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation()); + secure_vector<byte> der = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .start_cons(ASN1_Tag(78), APPLICATION) .raw_bytes(EAC1_1_obj<Derived>::tbs_bits) @@ -159,10 +159,10 @@ template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_ template<typename Derived> void EAC1_1_gen_CVC<Derived>::decode_info( DataSource& source, - SecureVector<byte> & res_tbs_bits, + secure_vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector<byte> concat_sig; + secure_vector<byte> concat_sig; BER_Decoder(source) .start_cons(ASN1_Tag(33)) .start_cons(ASN1_Tag(78)) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index ad9e2f4ca..bd7dee3fa 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -19,7 +19,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const void EAC1_1_Req::force_decode() { - SecureVector<byte> enc_pk; + secure_vector<byte> enc_pk; BER_Decoder tbs_cert(tbs_bits); size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 61a1e7b64..e692bc9b8 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -34,7 +34,7 @@ void encode_eac_bigint(DER_Encoder& der, const BigInt& x, ASN1_Tag tag) der.encode(BigInt::encode_1363(x, x.bytes()), OCTET_STRING, tag); } -MemoryVector<byte> eac_1_1_encoding(const EC_PublicKey* key, +std::vector<byte> eac_1_1_encoding(const EC_PublicKey* key, const OID& sig_algo) { if(key->domain_format() == EC_DOMPAR_ENC_OID) @@ -106,7 +106,7 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(signer, enc_public_key, @@ -133,17 +133,17 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - MemoryVector<byte> enc_cpi; + std::vector<byte> enc_cpi; enc_cpi.push_back(0x00); - MemoryVector<byte> tbs = DER_Encoder() + std::vector<byte> tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) .raw_bytes(enc_public_key) .encode(chr) .get_contents(); - MemoryVector<byte> signed_cert = + std::vector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); @@ -166,10 +166,10 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); PK_Signer signer(*priv_key, padding_and_hash); - SecureVector<byte> tbs_bits = req.BER_encode(); + secure_vector<byte> tbs_bits = req.BER_encode(); tbs_bits += DER_Encoder().encode(car).get_contents(); - MemoryVector<byte> signed_cert = + std::vector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); DataSource_Memory source(signed_cert); @@ -235,7 +235,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); - MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, signer.get_car(), @@ -309,7 +309,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, // (IS cannot sign certificates) } - MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 54a9f1517..9937abb01 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -98,7 +98,7 @@ class BOTAN_DLL EAC_Time : public ASN1_Object virtual ~EAC_Time() {} private: - SecureVector<byte> encoded_eac_time() const; + secure_vector<byte> encoded_eac_time() const; bool passes_sanity_check() const; u32bit year, month, day; ASN1_Tag tag; diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index eb6db3369..39f34b874 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -24,7 +24,7 @@ class EAC1_1_obj : public EAC_Signed_Object * Return the signature as a concatenation of the encoded parts. * @result the concatenated signature */ - SecureVector<byte> get_concat_sig() const + secure_vector<byte> get_concat_sig() const { return m_sig.get_concatenation(); } bool check_signature(class Public_Key& key) const diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index e8fd7f051..91166ad79 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -10,7 +10,7 @@ namespace Botan { -ECDSA_Signature::ECDSA_Signature(const MemoryRegion<byte>& ber) +ECDSA_Signature::ECDSA_Signature(const secure_vector<byte>& ber) { BER_Decoder(ber) .start_cons(SEQUENCE) @@ -20,7 +20,7 @@ ECDSA_Signature::ECDSA_Signature(const MemoryRegion<byte>& ber) .verify_end(); } -MemoryVector<byte> ECDSA_Signature::DER_encode() const +std::vector<byte> ECDSA_Signature::DER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -30,20 +30,20 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const .get_contents(); } -MemoryVector<byte> ECDSA_Signature::get_concatenation() const +std::vector<byte> ECDSA_Signature::get_concatenation() const { // use the larger const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); - SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); - SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); + secure_vector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); + secure_vector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); - SecureVector<byte> result(sv_r); + secure_vector<byte> result(sv_r); result += sv_s; return result; } -ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat) +ECDSA_Signature decode_concatenation(const secure_vector<byte>& concat) { if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h index a92052470..a92d5078c 100644 --- a/src/cert/cvc/ecdsa_sig.h +++ b/src/cert/cvc/ecdsa_sig.h @@ -27,7 +27,7 @@ class BOTAN_DLL ECDSA_Signature ECDSA_Signature(const BigInt& r, const BigInt& s) : m_r(r), m_s(s) {} - ECDSA_Signature(const MemoryRegion<byte>& ber); + ECDSA_Signature(const secure_vector<byte>& ber); const BigInt& get_r() const { return m_r; } const BigInt& get_s() const { return m_s; } @@ -35,9 +35,9 @@ class BOTAN_DLL ECDSA_Signature /** * return the r||s */ - MemoryVector<byte> get_concatenation() const; + std::vector<byte> get_concatenation() const; - MemoryVector<byte> DER_encode() const; + std::vector<byte> DER_encode() const; bool operator==(const ECDSA_Signature& other) const { @@ -54,7 +54,7 @@ inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) return !(lhs == rhs); } -ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concatenation); +ECDSA_Signature decode_concatenation(const secure_vector<byte>& concatenation); } diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index d6aa2f02b..4f04cd72e 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -16,7 +16,7 @@ namespace Botan { /* * Return a BER encoded X.509 object */ -SecureVector<byte> EAC_Signed_Object::BER_encode() const +secure_vector<byte> EAC_Signed_Object::BER_encode() const { Pipe ber; ber.start_msg(); @@ -46,7 +46,7 @@ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const } bool EAC_Signed_Object::check_signature(Public_Key& pub_key, - const MemoryRegion<byte>& sig) const + const secure_vector<byte>& sig) const { try { @@ -62,7 +62,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - SecureVector<byte> to_sign = tbs_data(); + secure_vector<byte> to_sign = tbs_data(); PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(to_sign, sig); diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h index 0c0fb30af..eb0e11848 100644 --- a/src/cert/cvc/signed_obj.h +++ b/src/cert/cvc/signed_obj.h @@ -26,7 +26,7 @@ class BOTAN_DLL EAC_Signed_Object * Get the TBS (to-be-signed) data in this object. * @return DER encoded TBS data of this object */ - virtual SecureVector<byte> tbs_data() const = 0; + virtual secure_vector<byte> tbs_data() const = 0; /** * Get the signature of this object as a concatenation, i.e. if the @@ -39,7 +39,7 @@ class BOTAN_DLL EAC_Signed_Object NOTE: this is here only because abstract signature objects have not yet been introduced */ - virtual SecureVector<byte> get_concat_sig() const = 0; + virtual secure_vector<byte> get_concat_sig() const = 0; /** * Get the signature algorithm identifier used to sign this object. @@ -55,7 +55,7 @@ class BOTAN_DLL EAC_Signed_Object * associated with this public key */ bool check_signature(class Public_Key& key, - const MemoryRegion<byte>& sig) const; + const secure_vector<byte>& sig) const; /** * Write this object DER encoded into a specified pipe. @@ -69,7 +69,7 @@ class BOTAN_DLL EAC_Signed_Object * BER encode this object. * @return result containing the BER representation of this object. */ - SecureVector<byte> BER_encode() const; + secure_vector<byte> BER_encode() const; /** * PEM encode this object. @@ -83,7 +83,7 @@ class BOTAN_DLL EAC_Signed_Object EAC_Signed_Object() {} AlgorithmIdentifier sig_algo; - SecureVector<byte> tbs_bits; + secure_vector<byte> tbs_bits; std::string PEM_label_pref; std::vector<std::string> PEM_labels_allowed; private: diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp index 870a4d3a1..c67f74142 100644 --- a/src/cert/pkcs10/pkcs10.cpp +++ b/src/cert/pkcs10/pkcs10.cpp @@ -35,6 +35,15 @@ PKCS10_Request::PKCS10_Request(const std::string& in) : } /* +* PKCS10_Request Constructor +*/ +PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) : + X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") + { + do_decode(); + } + +/* * Deocde the CertificateRequestInfo */ void PKCS10_Request::force_decode() @@ -59,7 +68,7 @@ void PKCS10_Request::force_decode() info.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -136,10 +145,10 @@ X509_DN PKCS10_Request::subject_dn() const /* * Return the public key of the requestor */ -MemoryVector<byte> PKCS10_Request::raw_public_key() const +std::vector<byte> PKCS10_Request::raw_public_key() const { DataSource_Memory source(info.get1("X509.Certificate.public_key")); - return PEM_Code::decode_check_label(source, "PUBLIC KEY"); + return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); } /* diff --git a/src/cert/pkcs10/pkcs10.h b/src/cert/pkcs10/pkcs10.h index bd01fb6b5..1ab0af7c7 100644 --- a/src/cert/pkcs10/pkcs10.h +++ b/src/cert/pkcs10/pkcs10.h @@ -32,7 +32,7 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * Get the raw DER encoded public key. * @return raw DER encoded public key */ - MemoryVector<byte> raw_public_key() const; + std::vector<byte> raw_public_key() const; /** * Get the subject DN. @@ -90,6 +90,12 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * encoded request file */ PKCS10_Request(const std::string& filename); + + /** + * Create a PKCS#10 Request from binary data. + * @param vec a std::vector containing the DER value + */ + PKCS10_Request(const std::vector<byte>& vec); private: void force_decode(); void handle_attribute(const Attribute&); diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 37b4f44b4..4012a873b 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -86,7 +86,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, X509_Certificate X509_CA::make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion<byte>& pub_key, + const std::vector<byte>& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, @@ -98,35 +98,35 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, BigInt serial_no(rng, SERIAL_BITS); - DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .start_explicit(0) - .encode(X509_CERT_VERSION-1) - .end_explicit() + const std::vector<byte> cert = X509_Object::make_signed( + signer, rng, sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .start_explicit(0) + .encode(X509_CERT_VERSION-1) + .end_explicit() - .encode(serial_no) + .encode(serial_no) - .encode(sig_algo) - .encode(issuer_dn) + .encode(sig_algo) + .encode(issuer_dn) - .start_cons(SEQUENCE) - .encode(not_before) - .encode(not_after) - .end_cons() + .start_cons(SEQUENCE) + .encode(not_before) + .encode(not_after) + .end_cons() - .encode(subject_dn) - .raw_bytes(pub_key) + .encode(subject_dn) + .raw_bytes(pub_key) - .start_explicit(3) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + .start_explicit(3) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_Certificate(source); + return X509_Certificate(cert); } /* @@ -176,29 +176,29 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); - DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .encode(X509_CRL_VERSION-1) - .encode(ca_sig_algo) - .encode(cert.issuer_dn()) - .encode(X509_Time(current_time)) - .encode(X509_Time(expire_time)) - .encode_if(revoked.size() > 0, - DER_Encoder() - .start_cons(SEQUENCE) - .encode_list(revoked) - .end_cons() - ) - .start_explicit(0) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + const std::vector<byte> crl = X509_Object::make_signed( + signer, rng, ca_sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .encode(X509_CRL_VERSION-1) + .encode(ca_sig_algo) + .encode(cert.issuer_dn()) + .encode(X509_Time(current_time)) + .encode(X509_Time(expire_time)) + .encode_if(revoked.size() > 0, + DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(revoked) + .end_cons() + ) + .start_explicit(0) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_CRL(source); + return X509_CRL(crl); } /* diff --git a/src/cert/x509ca/x509_ca.h b/src/cert/x509ca/x509_ca.h index 7aca26d03..d37b02eaf 100644 --- a/src/cert/x509ca/x509_ca.h +++ b/src/cert/x509ca/x509_ca.h @@ -82,7 +82,7 @@ class BOTAN_DLL X509_CA static X509_Certificate make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion<byte>& pub_key, + const std::vector<byte>& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 6e0befaf3..873de4264 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -114,7 +114,7 @@ void Extensions::decode_from(BER_Decoder& from_source) while(sequence.more_items()) { OID oid; - MemoryVector<byte> value; + std::vector<byte> value; bool critical; sequence.start_cons(SEQUENCE) @@ -176,7 +176,7 @@ size_t Basic_Constraints::get_path_limit() const /* * Encode the extension */ -MemoryVector<byte> Basic_Constraints::encode_inner() const +std::vector<byte> Basic_Constraints::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -186,13 +186,13 @@ MemoryVector<byte> Basic_Constraints::encode_inner() const .encode_optional(path_limit, NO_CERT_PATH_LIMIT) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in) +void Basic_Constraints::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -217,14 +217,14 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> Key_Usage::encode_inner() const +std::vector<byte> Key_Usage::encode_inner() const { if(constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); const size_t unused_bits = low_bit(constraints) - 1; - MemoryVector<byte> der; + std::vector<byte> der; der.push_back(BIT_STRING); der.push_back(2 + ((unused_bits < 8) ? 1 : 0)); der.push_back(unused_bits % 8); @@ -238,7 +238,7 @@ MemoryVector<byte> Key_Usage::encode_inner() const /* * Decode the extension */ -void Key_Usage::decode_inner(const MemoryRegion<byte>& in) +void Key_Usage::decode_inner(const std::vector<byte>& in) { BER_Decoder ber(in); @@ -274,15 +274,15 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> Subject_Key_ID::encode_inner() const +std::vector<byte> Subject_Key_ID::encode_inner() const { - return DER_Encoder().encode(key_id, OCTET_STRING).get_contents(); + return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked(); } /* * Decode the extension */ -void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in) +void Subject_Key_ID::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); } @@ -298,28 +298,28 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key) +Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) { SHA_160 hash; - key_id = hash.process(pub_key); + key_id = unlock(hash.process(pub_key)); } /* * Encode the extension */ -MemoryVector<byte> Authority_Key_ID::encode_inner() const +std::vector<byte> Authority_Key_ID::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in) +void Authority_Key_ID::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -338,15 +338,15 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const /* * Encode the extension */ -MemoryVector<byte> Alternative_Name::encode_inner() const +std::vector<byte> Alternative_Name::encode_inner() const { - return DER_Encoder().encode(alt_name).get_contents(); + return DER_Encoder().encode(alt_name).get_contents_unlocked(); } /* * Decode the extension */ -void Alternative_Name::decode_inner(const MemoryRegion<byte>& in) +void Alternative_Name::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(alt_name); } @@ -404,19 +404,19 @@ Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : /* * Encode the extension */ -MemoryVector<byte> Extended_Key_Usage::encode_inner() const +std::vector<byte> Extended_Key_Usage::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode_list(oids) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in) +void Extended_Key_Usage::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -467,7 +467,7 @@ class Policy_Information : public ASN1_Object /* * Encode the extension */ -MemoryVector<byte> Certificate_Policies::encode_inner() const +std::vector<byte> Certificate_Policies::encode_inner() const { std::vector<Policy_Information> policies; @@ -478,13 +478,13 @@ MemoryVector<byte> Certificate_Policies::encode_inner() const .start_cons(SEQUENCE) .encode_list(policies) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in) +void Certificate_Policies::decode_inner(const std::vector<byte>& in) { std::vector<Policy_Information> policies; @@ -530,15 +530,15 @@ CRL_Number* CRL_Number::copy() const /* * Encode the extension */ -MemoryVector<byte> CRL_Number::encode_inner() const +std::vector<byte> CRL_Number::encode_inner() const { - return DER_Encoder().encode(crl_number).get_contents(); + return DER_Encoder().encode(crl_number).get_contents_unlocked(); } /* * Decode the extension */ -void CRL_Number::decode_inner(const MemoryRegion<byte>& in) +void CRL_Number::decode_inner(const std::vector<byte>& in) { BER_Decoder(in).decode(crl_number); } @@ -554,17 +554,17 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const /* * Encode the extension */ -MemoryVector<byte> CRL_ReasonCode::encode_inner() const +std::vector<byte> CRL_ReasonCode::encode_inner() const { return DER_Encoder() .encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL) - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in) +void CRL_ReasonCode::decode_inner(const std::vector<byte>& in) { size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h index 8799c5921..ee0e66959 100644 --- a/src/cert/x509cert/x509_ext.h +++ b/src/cert/x509cert/x509_ext.h @@ -56,8 +56,8 @@ class BOTAN_DLL Certificate_Extension protected: friend class Extensions; virtual bool should_encode() const { return true; } - virtual MemoryVector<byte> encode_inner() const = 0; - virtual void decode_inner(const MemoryRegion<byte>&) = 0; + virtual std::vector<byte> encode_inner() const = 0; + virtual void decode_inner(const std::vector<byte>&) = 0; }; /** @@ -107,8 +107,8 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension std::string config_id() const { return "basic_constraints"; } std::string oid_name() const { return "X509v3.BasicConstraints"; } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; bool is_ca; @@ -131,8 +131,8 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.KeyUsage"; } bool should_encode() const { return (constraints != NO_CONSTRAINTS); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; Key_Constraints constraints; @@ -147,19 +147,19 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } Subject_Key_ID() {} - Subject_Key_ID(const MemoryRegion<byte>&); + Subject_Key_ID(const std::vector<byte>&); - MemoryVector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return key_id; } private: std::string config_id() const { return "subject_key_id"; } std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector<byte> key_id; + std::vector<byte> key_id; }; /** @@ -171,19 +171,19 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } Authority_Key_ID() {} - Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {} + Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {} - MemoryVector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return key_id; } private: std::string config_id() const { return "authority_key_id"; } std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector<byte> key_id; + std::vector<byte> key_id; }; /** @@ -204,8 +204,8 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension std::string oid_name() const { return oid_name_str; } bool should_encode() const { return alt_name.has_items(); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::string config_name_str, oid_name_str; @@ -253,8 +253,8 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::vector<OID> oids; @@ -278,8 +278,8 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension std::string oid_name() const { return "X509v3.CertificatePolicies"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; std::vector<OID> oids; @@ -302,8 +302,8 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension std::string oid_name() const { return "X509v3.CRLNumber"; } bool should_encode() const { return has_value; } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; bool has_value; @@ -326,8 +326,8 @@ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension std::string oid_name() const { return "X509v3.ReasonCode"; } bool should_encode() const { return (reason != UNSPECIFIED); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); + std::vector<byte> encode_inner() const; + void decode_inner(const std::vector<byte>&); void contents_to(Data_Store&, Data_Store&) const; CRL_Code reason; diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index eff8e2543..5de4049ba 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -27,7 +27,7 @@ X509_Object::X509_Object(DataSource& stream, const std::string& labels) } /* -* Createa a generic X.509 object +* Create a generic X.509 object */ X509_Object::X509_Object(const std::string& file, const std::string& labels) { @@ -36,6 +36,15 @@ X509_Object::X509_Object(const std::string& file, const std::string& labels) } /* +* Create a generic X.509 object +*/ +X509_Object::X509_Object(const std::vector<byte>& vec, const std::string& labels) + { + DataSource_Memory stream(&vec[0], vec.size()); + init(stream, labels); + } + +/* * Read a PEM or BER X.509 object */ void X509_Object::init(DataSource& in, const std::string& labels) @@ -97,7 +106,7 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const /* * Return a BER encoded X.509 object */ -MemoryVector<byte> X509_Object::BER_encode() const +std::vector<byte> X509_Object::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -107,7 +116,7 @@ MemoryVector<byte> X509_Object::BER_encode() const .encode(sig_algo) .encode(sig, BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -121,7 +130,7 @@ std::string X509_Object::PEM_encode() const /* * Return the TBS data */ -MemoryVector<byte> X509_Object::tbs_data() const +std::vector<byte> X509_Object::tbs_data() const { return ASN1::put_in_sequence(tbs_bits); } @@ -129,7 +138,7 @@ MemoryVector<byte> X509_Object::tbs_data() const /* * Return the signature of this object */ -MemoryVector<byte> X509_Object::signature() const +std::vector<byte> X509_Object::signature() const { return sig; } @@ -201,10 +210,10 @@ bool X509_Object::check_signature(Public_Key& pub_key) const /* * Apply the X.509 SIGNED macro */ -MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, +std::vector<byte> X509_Object::make_signed(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, - const MemoryRegion<byte>& tbs_bits) + const secure_vector<byte>& tbs_bits) { return DER_Encoder() .start_cons(SEQUENCE) @@ -212,7 +221,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 570b00f51..26c9e22bf 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -27,12 +27,12 @@ class BOTAN_DLL X509_Object * The underlying data that is to be or was signed * @return data that is or was signed */ - MemoryVector<byte> tbs_data() const; + std::vector<byte> tbs_data() const; /** * @return signature on tbs_data() */ - MemoryVector<byte> signature() const; + std::vector<byte> signature() const; /** * @return signature algorithm that was used to generate signature @@ -52,10 +52,10 @@ class BOTAN_DLL X509_Object * @param tbs the tbs bits to be signed * @return signed X509 object */ - static MemoryVector<byte> make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& tbs); + static std::vector<byte> make_signed(class PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector<byte>& tbs); /** * Check the signature on this data @@ -75,7 +75,7 @@ class BOTAN_DLL X509_Object /** * @return BER encoding of this */ - MemoryVector<byte> BER_encode() const; + std::vector<byte> BER_encode() const; /** * @return PEM encoding of this @@ -95,15 +95,17 @@ class BOTAN_DLL X509_Object protected: X509_Object(DataSource& src, const std::string& pem_labels); X509_Object(const std::string& file, const std::string& pem_labels); + X509_Object(const std::vector<byte>& vec, const std::string& labels); void do_decode(); X509_Object() {} AlgorithmIdentifier sig_algo; - MemoryVector<byte> tbs_bits, sig; + std::vector<byte> tbs_bits, sig; private: virtual void force_decode() = 0; void init(DataSource&, const std::string&); void decode_info(DataSource&); + std::vector<std::string> PEM_labels_allowed; std::string PEM_label_pref; }; diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 4cff28c39..8dc4b8b0c 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -58,6 +58,16 @@ X509_Certificate::X509_Certificate(const std::string& in) : } /* +* X509_Certificate Constructor +*/ +X509_Certificate::X509_Certificate(const std::vector<byte>& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + +/* * Decode the TBSCertificate data */ void X509_Certificate::force_decode() @@ -97,7 +107,7 @@ void X509_Certificate::force_decode() throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id; + std::vector<byte> v2_issuer_key_id, v2_subject_key_id; tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); @@ -129,7 +139,7 @@ void X509_Certificate::force_decode() subject.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -243,7 +253,7 @@ std::vector<std::string> X509_Certificate::policies() const /* * Return the authority key id */ -MemoryVector<byte> X509_Certificate::authority_key_id() const +std::vector<byte> X509_Certificate::authority_key_id() const { return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); } @@ -251,7 +261,7 @@ MemoryVector<byte> X509_Certificate::authority_key_id() const /* * Return the subject key id */ -MemoryVector<byte> X509_Certificate::subject_key_id() const +std::vector<byte> X509_Certificate::subject_key_id() const { return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); } @@ -259,7 +269,7 @@ MemoryVector<byte> X509_Certificate::subject_key_id() const /* * Return the certificate serial number */ -MemoryVector<byte> X509_Certificate::serial_number() const +std::vector<byte> X509_Certificate::serial_number() const { return subject.get1_memvec("X509.Certificate.serial"); } diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 26c57e524..87a8069d6 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -85,19 +85,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get the serial number of this certificate. * @return certificates serial number */ - MemoryVector<byte> serial_number() const; + std::vector<byte> serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier */ - MemoryVector<byte> authority_key_id() const; + std::vector<byte> authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. * @return DER encoded SubjectKeyIdentifier */ - MemoryVector<byte> subject_key_id() const; + std::vector<byte> subject_key_id() const; /** * Check whether this certificate is self signed. @@ -176,6 +176,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object * @param filename the name of the certificate file */ X509_Certificate(const std::string& filename); + + X509_Certificate(const std::vector<byte>& in); + private: void force_decode(); friend class X509_CA; diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h index b3e696a86..f80fbb862 100644 --- a/src/cert/x509crl/crl_ent.h +++ b/src/cert/x509crl/crl_ent.h @@ -25,7 +25,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object * Get the serial number of the certificate associated with this entry. * @return certificate's serial number */ - MemoryVector<byte> serial_number() const { return serial; } + std::vector<byte> serial_number() const { return serial; } /** * Get the revocation date of the certificate associated with this entry @@ -54,7 +54,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object private: bool throw_on_unknown_critical; - MemoryVector<byte> serial; + std::vector<byte> serial; X509_Time time; CRL_Code reason; }; diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp index 72da81fce..7b0d03453 100644 --- a/src/cert/x509crl/x509_crl.cpp +++ b/src/cert/x509crl/x509_crl.cpp @@ -32,6 +32,12 @@ X509_CRL::X509_CRL(const std::string& in, bool touc) : do_decode(); } +X509_CRL::X509_CRL(const std::vector<byte>& in, bool touc) : + X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) + { + do_decode(); + } + /* * Decode the TBSCertList data */ @@ -115,7 +121,7 @@ X509_DN X509_CRL::issuer_dn() const /* * Return the key identifier of the issuer */ -MemoryVector<byte> X509_CRL::authority_key_id() const +std::vector<byte> X509_CRL::authority_key_id() const { return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); } diff --git a/src/cert/x509crl/x509_crl.h b/src/cert/x509crl/x509_crl.h index c2b3c4f5c..37076169e 100644 --- a/src/cert/x509crl/x509_crl.h +++ b/src/cert/x509crl/x509_crl.h @@ -45,7 +45,7 @@ class BOTAN_DLL X509_CRL : public X509_Object * Get the AuthorityKeyIdentifier of this CRL. * @return this CRLs AuthorityKeyIdentifier */ - MemoryVector<byte> authority_key_id() const; + std::vector<byte> authority_key_id() const; /** * Get the serial number of this CRL. @@ -81,6 +81,16 @@ class BOTAN_DLL X509_CRL : public X509_Object */ X509_CRL(const std::string& filename, bool throw_on_unknown_critical = false); + + /** + * Construct a CRL from a binary vector + * @param vec the binary (DER) representation of the CRL + * @param throw_on_unknown_critical should we throw an exception + * if an unknown CRL extension marked as critical is encountered. + */ + X509_CRL(const std::vector<byte>& vec, + bool throw_on_unknown_critical = false); + private: void force_decode(); diff --git a/src/cert/x509self/x509self.cpp b/src/cert/x509self/x509self.cpp index c100ee825..c13772382 100644 --- a/src/cert/x509self/x509self.cpp +++ b/src/cert/x509self/x509self.cpp @@ -53,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector<byte> pub_key = X509::BER_encode(key); + std::vector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -99,7 +99,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector<byte> pub_key = X509::BER_encode(key); + std::vector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -134,7 +134,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, tbs_req.encode( Attribute("PKCS9.ChallengePassword", - DER_Encoder().encode(challenge).get_contents() + DER_Encoder().encode(challenge).get_contents_unlocked() ) ); } @@ -145,20 +145,17 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .start_cons(SEQUENCE) .encode(extensions) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .end_explicit() .end_cons(); - DataSource_Memory source( - X509_Object::make_signed(signer.get(), - rng, - sig_algo, - tbs_req.get_contents()) - ); + const std::vector<byte> req = + X509_Object::make_signed(signer.get(), rng, sig_algo, + tbs_req.get_contents()); - return PKCS10_Request(source); + return PKCS10_Request(req); } } diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index a635b3930..ccce9abce 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -36,8 +36,8 @@ s32bit validity_check(const X509_Time& start, const X509_Time& end, /* * Compare the value of unique ID fields */ -bool compare_ids(const MemoryVector<byte>& id1, - const MemoryVector<byte>& id2) +bool compare_ids(const std::vector<byte>& id1, + const std::vector<byte>& id2) { if(!id1.size() || !id2.size()) return true; @@ -136,10 +136,10 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const if(*this == other) return false; - const MemoryVector<byte>& serial1 = serial; - const MemoryVector<byte>& key_id1 = auth_key_id; - const MemoryVector<byte>& serial2 = other.serial; - const MemoryVector<byte>& key_id2 = other.auth_key_id; + const std::vector<byte>& serial1 = serial; + const std::vector<byte>& key_id1 = auth_key_id; + const std::vector<byte>& serial2 = other.serial; + const std::vector<byte>& key_id2 = other.auth_key_id; if(compare_ids(key_id1, key_id2) == false) { @@ -252,7 +252,7 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, * Find this certificate */ size_t X509_Store::find_cert(const X509_DN& subject_dn, - const MemoryRegion<byte>& subject_key_id) const + const std::vector<byte>& subject_key_id) const { for(size_t j = 0; j != certs.size(); ++j) { @@ -270,7 +270,7 @@ size_t X509_Store::find_cert(const X509_DN& subject_dn, size_t X509_Store::find_parent_of(const X509_Certificate& cert) { const X509_DN issuer_dn = cert.issuer_dn(); - const MemoryVector<byte> auth_key_id = cert.authority_key_id(); + const std::vector<byte> auth_key_id = cert.authority_key_id(); size_t index = find_cert(issuer_dn, auth_key_id); diff --git a/src/cert/x509store/x509stor.h b/src/cert/x509store/x509stor.h index 532db6190..3945f9fd3 100644 --- a/src/cert/x509store/x509stor.h +++ b/src/cert/x509store/x509stor.h @@ -87,7 +87,7 @@ class BOTAN_DLL X509_Store { public: X509_DN issuer; - MemoryVector<byte> serial, auth_key_id; + std::vector<byte> serial, auth_key_id; bool operator==(const CRL_Data&) const; bool operator!=(const CRL_Data&) const; bool operator<(const CRL_Data&) const; @@ -112,7 +112,7 @@ class BOTAN_DLL X509_Store static X509_Code check_sig(const X509_Object&, Public_Key*); - size_t find_cert(const X509_DN&, const MemoryRegion<byte>&) const; + size_t find_cert(const X509_DN&, const std::vector<byte>&) const; X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; void recompute_revoked_info() const; diff --git a/src/cms/cms_algo.cpp b/src/cms/cms_algo.cpp index 3c245cc6f..6d768306b 100644 --- a/src/cms/cms_algo.cpp +++ b/src/cms/cms_algo.cpp @@ -23,10 +23,10 @@ namespace { /* * Wrap a key as specified in RFC 3217 */ -SecureVector<byte> do_rfc3217_wrap(RandomNumberGenerator& rng, +secure_vector<byte> do_rfc3217_wrap(RandomNumberGenerator& rng, const std::string& cipher_name, const SymmetricKey& kek, - const SecureVector<byte>& input) + const secure_vector<byte>& input) { class Flip_Bytes : public Filter { @@ -44,9 +44,9 @@ SecureVector<byte> do_rfc3217_wrap(RandomNumberGenerator& rng, buf.clear(); } - Flip_Bytes(const SecureVector<byte>& prefix) : buf(prefix) {} + Flip_Bytes(const secure_vector<byte>& prefix) : buf(prefix) {} private: - SecureVector<byte> buf; + secure_vector<byte> buf; }; Algorithm_Factory& af = global_state().algorithm_factory(); @@ -78,7 +78,7 @@ SecureVector<byte> do_rfc3217_wrap(RandomNumberGenerator& rng, /* * Wrap a CEK with a KEK */ -SecureVector<byte> CMS_Encoder::wrap_key(RandomNumberGenerator& rng, +secure_vector<byte> CMS_Encoder::wrap_key(RandomNumberGenerator& rng, const std::string& cipher, const SymmetricKey& cek, const SymmetricKey& kek) @@ -98,7 +98,7 @@ SecureVector<byte> CMS_Encoder::wrap_key(RandomNumberGenerator& rng, if(kek.length() != 16) throw Encoding_Error("CMS: 128-bit KEKs must be used with " + cipher); - SecureVector<byte> lcekpad; + secure_vector<byte> lcekpad; lcekpad.push_back(static_cast<byte>(cek.length())); lcekpad += cek.bits_of(); while(lcekpad.size() % 8) @@ -113,7 +113,7 @@ SecureVector<byte> CMS_Encoder::wrap_key(RandomNumberGenerator& rng, /* * Encode the parameters for an encryption algo */ -SecureVector<byte> CMS_Encoder::encode_params(const std::string& cipher, +secure_vector<byte> CMS_Encoder::encode_params(const std::string& cipher, const SymmetricKey& key, const InitializationVector& iv) { diff --git a/src/cms/cms_comp.cpp b/src/cms/cms_comp.cpp index 3d9108e13..8ff46acea 100644 --- a/src/cms/cms_comp.cpp +++ b/src/cms/cms_comp.cpp @@ -37,13 +37,13 @@ void CMS_Encoder::compress(const std::string& algo) Pipe pipe(compressor); pipe.process_msg(data); - SecureVector<byte> compressed = pipe.read_all(); + secure_vector<byte> compressed = pipe.read_all(); DER_Encoder encoder; encoder.start_cons(SEQUENCE). encode(static_cast<size_t>(0)). encode(AlgorithmIdentifier("Compression." + algo, - MemoryVector<byte>())). + std::vector<byte>())). raw_bytes(make_econtent(compressed, type)). end_cons(); diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 9fb5a29f2..96bdd5be3 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -20,7 +20,7 @@ namespace { /* * Compute the hash of some content */ -SecureVector<byte> hash_of(const SecureVector<byte>& content, +secure_vector<byte> hash_of(const secure_vector<byte>& content, const AlgorithmIdentifier& hash_algo, std::string& hash_name) { @@ -106,11 +106,11 @@ void read_orig_info(BER_Decoder& info, X509_Store& store) /* * Decode any Attributes, and check type */ -SecureVector<byte> decode_attributes(BER_Decoder& ber, const OID& type, +secure_vector<byte> decode_attributes(BER_Decoder& ber, const OID& type, bool& bad_attributes) { BER_Object obj = ber.get_next_object(); - SecureVector<byte> digest; + secure_vector<byte> digest; bool got_digest = false; bool got_content_type = false; @@ -178,7 +178,7 @@ void CMS_Decoder::decode_layer() { size_t version; AlgorithmIdentifier hash_algo; - SecureVector<byte> digest; + secure_vector<byte> digest; BER_Decoder hash_info = decoder.start_cons(SEQUENCE); @@ -213,7 +213,7 @@ void CMS_Decoder::decode_layer() while(signer_infos.more_items()) { AlgorithmIdentifier sig_algo, hash_algo; - SecureVector<byte> signature, digest; + secure_vector<byte> signature, digest; size_t version; BER_Decoder signer_info = BER::get_subsequence(signer_infos); diff --git a/src/cms/cms_dec.h b/src/cms/cms_dec.h index 8aa5c0edb..8c2057c2a 100644 --- a/src/cms/cms_dec.h +++ b/src/cms/cms_dec.h @@ -52,7 +52,7 @@ class BOTAN_DLL CMS_Decoder std::vector<Private_Key*> keys; OID type, next_type; - SecureVector<byte> data; + secure_vector<byte> data; Status status; std::string info; }; diff --git a/src/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 2acffa5f7..4c3fd98fc 100644 --- a/src/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -53,7 +53,7 @@ DER_Encoder& encode_si(DER_Encoder& der, const X509_Certificate& cert, /* * Compute the hash of some content */ -SecureVector<byte> hash_of(const SecureVector<byte>& content, +secure_vector<byte> hash_of(const secure_vector<byte>& content, const std::string& hash_name) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -64,11 +64,11 @@ SecureVector<byte> hash_of(const SecureVector<byte>& content, /* * Encode Attributes containing info on content */ -SecureVector<byte> encode_attr(const SecureVector<byte>& data, +secure_vector<byte> encode_attr(const secure_vector<byte>& data, const std::string& type, const std::string& hash) { - SecureVector<byte> digest = hash_of(data, hash); + secure_vector<byte> digest = hash_of(data, hash); DER_Encoder encoder; encoder.encode(OIDS::lookup(type)); @@ -198,7 +198,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator& rng, const std::string cipher = choose_algo(user_cipher, "TripleDES"); SymmetricKey cek = setup_key(rng, cipher); - SecureVector<byte> kek_id; // FIXME: ? + secure_vector<byte> kek_id; // FIXME: ? DER_Encoder encoder; @@ -244,7 +244,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator&, /* * Encrypt the content with the chosen key/cipher */ -SecureVector<byte> CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, +secure_vector<byte> CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, const SymmetricKey& key, const std::string& cipher_name) { @@ -297,9 +297,9 @@ void CMS_Encoder::sign(const X509_Certificate& cert, AlgorithmIdentifier sig_algo(OIDS::lookup(key.algo_name() + "/" + padding), AlgorithmIdentifier::USE_NULL_PARAM); - SecureVector<byte> signed_attr = encode_attr(data, type, hash); + secure_vector<byte> signed_attr = encode_attr(data, type, hash); signer.update(signed_attr); - SecureVector<byte> signature = signer.signature(rng); + secure_vector<byte> signature = signer.signature(rng); signed_attr[0] = 0xA0; const size_t SI_VERSION = cert.subject_key_id().size() ? 3 : 1; diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 1a45a6a46..58d7cabb6 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -36,7 +36,7 @@ void CMS_Encoder::set_data(const std::string& str) /* * Finalize and return the CMS encoded data */ -SecureVector<byte> CMS_Encoder::get_contents() +secure_vector<byte> CMS_Encoder::get_contents() { DER_Encoder encoder; @@ -72,7 +72,7 @@ std::string CMS_Encoder::PEM_contents() /* * Make an EncapsulatedContentInfo */ -SecureVector<byte> CMS_Encoder::make_econtent(const SecureVector<byte>& data, +secure_vector<byte> CMS_Encoder::make_econtent(const secure_vector<byte>& data, const std::string& type) { return DER_Encoder().start_cons(SEQUENCE). diff --git a/src/cms/cms_enc.h b/src/cms/cms_enc.h index 5dca838dd..c86dbe58e 100644 --- a/src/cms/cms_enc.h +++ b/src/cms/cms_enc.h @@ -47,7 +47,7 @@ class BOTAN_DLL CMS_Encoder void compress(const std::string&); static bool can_compress_with(const std::string&); - SecureVector<byte> get_contents(); + secure_vector<byte> get_contents(); std::string PEM_contents(); void set_data(const std::string&); @@ -65,25 +65,25 @@ class BOTAN_DLL CMS_Encoder const X509_Certificate&, Public_Key*, const std::string&); - SecureVector<byte> do_encrypt(RandomNumberGenerator& rng, + secure_vector<byte> do_encrypt(RandomNumberGenerator& rng, const SymmetricKey&, const std::string&); - static SecureVector<byte> make_econtent(const SecureVector<byte>&, + static secure_vector<byte> make_econtent(const secure_vector<byte>&, const std::string&); static SymmetricKey setup_key(RandomNumberGenerator& rng, const std::string&); - static SecureVector<byte> wrap_key(RandomNumberGenerator& rng, + static secure_vector<byte> wrap_key(RandomNumberGenerator& rng, const std::string&, const SymmetricKey&, const SymmetricKey&); - static SecureVector<byte> encode_params(const std::string&, + static secure_vector<byte> encode_params(const std::string&, const SymmetricKey&, const InitializationVector&); - SecureVector<byte> data; + secure_vector<byte> data; std::string type; }; diff --git a/src/codec/base64/base64.cpp b/src/codec/base64/base64.cpp index 6a53a7a9a..719a3e8fa 100644 --- a/src/codec/base64/base64.cpp +++ b/src/codec/base64/base64.cpp @@ -92,11 +92,6 @@ std::string base64_encode(const byte input[], return output; } -std::string base64_encode(const MemoryRegion<byte>& input) - { - return base64_encode(&input[0], input.size()); - } - size_t base64_decode(byte output[], const char input[], size_t input_length, @@ -226,11 +221,11 @@ size_t base64_decode(byte output[], return base64_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector<byte> base64_decode(const char input[], +secure_vector<byte> base64_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector<byte> bin((round_up<size_t>(input_length, 4) * 3) / 4); + secure_vector<byte> bin((round_up<size_t>(input_length, 4) * 3) / 4); size_t written = base64_decode(&bin[0], input, @@ -241,7 +236,7 @@ SecureVector<byte> base64_decode(const char input[], return bin; } -SecureVector<byte> base64_decode(const std::string& input, +secure_vector<byte> base64_decode(const std::string& input, bool ignore_ws) { return base64_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/base64/base64.h b/src/codec/base64/base64.h index 23a2558bd..9ea4143b7 100644 --- a/src/codec/base64/base64.h +++ b/src/codec/base64/base64.h @@ -46,7 +46,11 @@ std::string BOTAN_DLL base64_encode(const byte input[], * @param input some input * @return base64adecimal representation of input */ -std::string BOTAN_DLL base64_encode(const MemoryRegion<byte>& input); +template<typename Alloc> +std::string base64_encode(const std::vector<byte, Alloc>& input) + { + return base64_encode(&input[0], input.size()); + } /** * Perform base64 decoding @@ -104,7 +108,7 @@ size_t BOTAN_DLL base64_decode(byte output[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector<byte> BOTAN_DLL base64_decode(const char input[], +secure_vector<byte> BOTAN_DLL base64_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -115,7 +119,7 @@ SecureVector<byte> BOTAN_DLL base64_decode(const char input[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector<byte> BOTAN_DLL base64_decode(const std::string& input, +secure_vector<byte> BOTAN_DLL base64_decode(const std::string& input, bool ignore_ws = true); } diff --git a/src/codec/hex/hex.cpp b/src/codec/hex/hex.cpp index 41ba1298d..1fd32e2ed 100644 --- a/src/codec/hex/hex.cpp +++ b/src/codec/hex/hex.cpp @@ -34,12 +34,6 @@ void hex_encode(char output[], } } -std::string hex_encode(const MemoryRegion<byte>& input, - bool uppercase) - { - return hex_encode(&input[0], input.size(), uppercase); - } - std::string hex_encode(const byte input[], size_t input_length, bool uppercase) @@ -165,11 +159,11 @@ size_t hex_decode(byte output[], return hex_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector<byte> hex_decode(const char input[], +secure_vector<byte> hex_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector<byte> bin(1 + input_length / 2); + secure_vector<byte> bin(1 + input_length / 2); size_t written = hex_decode(&bin[0], input, @@ -180,7 +174,7 @@ SecureVector<byte> hex_decode(const char input[], return bin; } -SecureVector<byte> hex_decode(const std::string& input, +secure_vector<byte> hex_decode(const std::string& input, bool ignore_ws) { return hex_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/hex/hex.h b/src/codec/hex/hex.h index 40930e808..bdb5e5365 100644 --- a/src/codec/hex/hex.h +++ b/src/codec/hex/hex.h @@ -42,8 +42,12 @@ std::string BOTAN_DLL hex_encode(const byte input[], * @param uppercase should output be upper or lower case? * @return hexadecimal representation of input */ -std::string BOTAN_DLL hex_encode(const MemoryRegion<byte>& input, - bool uppercase = true); +template<typename Alloc> +std::string hex_encode(const std::vector<byte, Alloc>& input, + bool uppercase = true) + { + return hex_encode(&input[0], input.size(), uppercase); + } /** * Perform hex decoding @@ -98,7 +102,7 @@ size_t BOTAN_DLL hex_decode(byte output[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector<byte> BOTAN_DLL hex_decode(const char input[], +secure_vector<byte> BOTAN_DLL hex_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -109,8 +113,8 @@ SecureVector<byte> BOTAN_DLL hex_decode(const char input[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector<byte> BOTAN_DLL hex_decode(const std::string& input, - bool ignore_ws = true); +secure_vector<byte> BOTAN_DLL hex_decode(const std::string& input, + bool ignore_ws = true); } diff --git a/src/codec/openpgp/openpgp.cpp b/src/codec/openpgp/openpgp.cpp index ab9673689..fe6ac6edf 100644 --- a/src/codec/openpgp/openpgp.cpp +++ b/src/codec/openpgp/openpgp.cpp @@ -67,7 +67,7 @@ std::string PGP_encode(const byte input[], size_t length, /* * OpenPGP Base64 decoding */ -SecureVector<byte> PGP_decode(DataSource& source, +secure_vector<byte> PGP_decode(DataSource& source, std::string& label, std::map<std::string, std::string>& headers) { @@ -186,7 +186,7 @@ SecureVector<byte> PGP_decode(DataSource& source, /* * OpenPGP Base64 decoding */ -SecureVector<byte> PGP_decode(DataSource& source, std::string& label) +secure_vector<byte> PGP_decode(DataSource& source, std::string& label) { std::map<std::string, std::string> ignored; return PGP_decode(source, label, ignored); diff --git a/src/codec/openpgp/openpgp.h b/src/codec/openpgp/openpgp.h index 0cd77d53a..de56155f2 100644 --- a/src/codec/openpgp/openpgp.h +++ b/src/codec/openpgp/openpgp.h @@ -42,7 +42,7 @@ BOTAN_DLL std::string PGP_encode( * @param headers is set to any headers * @return decoded output as raw binary */ -BOTAN_DLL SecureVector<byte> PGP_decode( +BOTAN_DLL secure_vector<byte> PGP_decode( DataSource& source, std::string& label, std::map<std::string, std::string>& headers); @@ -52,7 +52,7 @@ BOTAN_DLL SecureVector<byte> PGP_decode( * @param label is set to the human-readable label * @return decoded output as raw binary */ -BOTAN_DLL SecureVector<byte> PGP_decode( +BOTAN_DLL secure_vector<byte> PGP_decode( DataSource& source, std::string& label); diff --git a/src/codec/pem/pem.cpp b/src/codec/pem/pem.cpp index 52a22d8ef..03ec33440 100644 --- a/src/codec/pem/pem.cpp +++ b/src/codec/pem/pem.cpp @@ -28,22 +28,13 @@ std::string encode(const byte der[], size_t length, const std::string& label, } /* -* PEM encode BER/DER-encoded objects -*/ -std::string encode(const MemoryRegion<byte>& data, const std::string& label, - size_t width) - { - return encode(&data[0], data.size(), label, width); - } - -/* * Decode PEM down to raw BER/DER */ -SecureVector<byte> decode_check_label(DataSource& source, +secure_vector<byte> decode_check_label(DataSource& source, const std::string& label_want) { std::string label_got; - SecureVector<byte> ber = decode(source, label_got); + secure_vector<byte> ber = decode(source, label_got); if(label_got != label_want) throw Decoding_Error("PEM: Label mismatch, wanted " + label_want + ", got " + label_got); @@ -53,7 +44,7 @@ SecureVector<byte> decode_check_label(DataSource& source, /* * Decode PEM down to raw BER/DER */ -SecureVector<byte> decode(DataSource& source, std::string& label) +secure_vector<byte> decode(DataSource& source, std::string& label) { const size_t RANDOM_CHAR_LIMIT = 8; @@ -110,14 +101,14 @@ SecureVector<byte> decode(DataSource& source, std::string& label) return base64.read_all(); } -SecureVector<byte> decode_check_label(const std::string& pem, +secure_vector<byte> decode_check_label(const std::string& pem, const std::string& label_want) { DataSource_Memory src(pem); return decode_check_label(src, label_want); } -SecureVector<byte> decode(const std::string& pem, std::string& label) +secure_vector<byte> decode(const std::string& pem, std::string& label) { DataSource_Memory src(pem); return decode(src, label); @@ -131,7 +122,7 @@ bool matches(DataSource& source, const std::string& extra, { const std::string PEM_HEADER = "-----BEGIN " + extra; - SecureVector<byte> search_buf(search_range); + secure_vector<byte> search_buf(search_range); size_t got = source.peek(&search_buf[0], search_buf.size(), 0); if(got < PEM_HEADER.length()) diff --git a/src/codec/pem/pem.h b/src/codec/pem/pem.h index 10267f029..6c33c642d 100644 --- a/src/codec/pem/pem.h +++ b/src/codec/pem/pem.h @@ -17,37 +17,50 @@ namespace PEM_Code { /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const byte der[], - size_t der_len, +BOTAN_DLL std::string encode(const byte data[], + size_t data_len, const std::string& label, size_t line_width = 64); /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const MemoryRegion<byte>& der, - const std::string& label, - size_t line_width = 64); +inline std::string encode(const std::vector<byte>& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } + +/** +* Encode some binary data in PEM format +*/ +inline std::string encode(const secure_vector<byte>& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector<byte> decode(DataSource& pem, +BOTAN_DLL secure_vector<byte> decode(DataSource& pem, std::string& label); /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector<byte> decode(const std::string& pem, +BOTAN_DLL secure_vector<byte> decode(const std::string& pem, std::string& label); /** * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector<byte> decode_check_label( +BOTAN_DLL secure_vector<byte> decode_check_label( DataSource& pem, const std::string& label); @@ -55,7 +68,7 @@ BOTAN_DLL SecureVector<byte> decode_check_label( * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector<byte> decode_check_label( +BOTAN_DLL secure_vector<byte> decode_check_label( const std::string& pem, const std::string& label); diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index 4d46f6b61..1adee90e8 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -37,7 +37,7 @@ void aont_package(RandomNumberGenerator& rng, // Set K0 (the all zero key) cipher->set_key(SymmetricKey(all_zeros)); - SecureVector<byte> buf(BLOCK_SIZE); + secure_vector<byte> buf(BLOCK_SIZE); const size_t blocks = (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE; @@ -57,13 +57,13 @@ void aont_package(RandomNumberGenerator& rng, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(final_block, buf, BLOCK_SIZE); + xor_buf(&final_block[0], &buf[0], BLOCK_SIZE); } // XOR the random package key into the final block - xor_buf(final_block, package_key.begin(), BLOCK_SIZE); + xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE); } void aont_unpackage(BlockCipher* cipher, @@ -83,8 +83,8 @@ void aont_unpackage(BlockCipher* cipher, cipher->set_key(SymmetricKey(all_zeros)); - SecureVector<byte> package_key(BLOCK_SIZE); - SecureVector<byte> buf(BLOCK_SIZE); + secure_vector<byte> package_key(BLOCK_SIZE); + secure_vector<byte> buf(BLOCK_SIZE); // Copy the package key (masked with the block hashes) copy_mem(&package_key[0], @@ -105,9 +105,9 @@ void aont_unpackage(BlockCipher* cipher, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(&package_key[0], buf, BLOCK_SIZE); + xor_buf(&package_key[0], &buf[0], BLOCK_SIZE); } Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key)); diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index ab263c3e9..bb7bf353c 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -44,7 +44,7 @@ std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng) { - SecureVector<byte> pbkdf_salt(PBKDF_SALT_LEN); + secure_vector<byte> pbkdf_salt(PBKDF_SALT_LEN); rng.randomize(&pbkdf_salt[0], pbkdf_salt.size()); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); @@ -79,10 +79,10 @@ std::string encrypt(const byte input[], size_t input_len, */ const size_t ciphertext_len = pipe.remaining(0); - SecureVector<byte> out_buf(VERSION_CODE_LEN + - PBKDF_SALT_LEN + - MAC_OUTPUT_LEN + - ciphertext_len); + std::vector<byte> out_buf(VERSION_CODE_LEN + + PBKDF_SALT_LEN + + MAC_OUTPUT_LEN + + ciphertext_len); for(size_t i = 0; i != VERSION_CODE_LEN; ++i) out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); @@ -100,7 +100,7 @@ std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase) { DataSource_Memory input_src(input, input_len); - SecureVector<byte> ciphertext = + secure_vector<byte> ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE"); diff --git a/src/constructs/fpe_fe1/fpe_fe1.cpp b/src/constructs/fpe_fe1/fpe_fe1.cpp index 91d328c17..b22d3a8df 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.cpp +++ b/src/constructs/fpe_fe1/fpe_fe1.cpp @@ -84,7 +84,7 @@ class FPE_Encryptor public: FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion<byte>& tweak); + const std::vector<byte>& tweak); ~FPE_Encryptor() { delete mac; } @@ -92,17 +92,17 @@ class FPE_Encryptor private: MessageAuthenticationCode* mac; - SecureVector<byte> mac_n_t; + std::vector<byte> mac_n_t; }; FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion<byte>& tweak) + const std::vector<byte>& tweak) { mac = new HMAC(new SHA_256); mac->set_key(key); - SecureVector<byte> n_bin = BigInt::encode(n); + std::vector<byte> n_bin = BigInt::encode(n); if(n_bin.size() > MAX_N_BYTES) throw std::runtime_error("N is too large for FPE encryption"); @@ -113,12 +113,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, mac->update_be(static_cast<u32bit>(tweak.size())); mac->update(&tweak[0], tweak.size()); - mac_n_t = mac->final(); + mac_n_t = unlock(mac->final()); } BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { - SecureVector<byte> r_bin = BigInt::encode(R); + secure_vector<byte> r_bin = BigInt::encode_locked(R); mac->update(mac_n_t); mac->update_be(static_cast<u32bit>(round_no)); @@ -126,7 +126,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) mac->update_be(static_cast<u32bit>(r_bin.size())); mac->update(&r_bin[0], r_bin.size()); - SecureVector<byte> X = mac->final(); + secure_vector<byte> X = mac->final(); return BigInt(&X[0], X.size()); } @@ -137,7 +137,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) */ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion<byte>& tweak) + const std::vector<byte>& tweak) { FPE_Encryptor F(key, n, tweak); @@ -165,7 +165,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, */ BigInt fe1_decrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion<byte>& tweak) + const std::vector<byte>& tweak) { FPE_Encryptor F(key, n, tweak); diff --git a/src/constructs/fpe_fe1/fpe_fe1.h b/src/constructs/fpe_fe1/fpe_fe1.h index da9a6bcb6..66e7f1cfa 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.h +++ b/src/constructs/fpe_fe1/fpe_fe1.h @@ -24,7 +24,7 @@ namespace FPE { */ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion<byte>& tweak); + const std::vector<byte>& tweak); /** * Decrypt X from and onto the group Z_n using key and tweak @@ -35,7 +35,7 @@ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, */ BigInt BOTAN_DLL fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion<byte>& tweak); + const std::vector<byte>& tweak); } diff --git a/src/constructs/rfc3394/rfc3394.cpp b/src/constructs/rfc3394/rfc3394.cpp index db6420ff3..cfe95f40b 100644 --- a/src/constructs/rfc3394/rfc3394.cpp +++ b/src/constructs/rfc3394/rfc3394.cpp @@ -32,9 +32,9 @@ BlockCipher* make_aes(size_t keylength, } -SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key, - const SymmetricKey& kek, - Algorithm_Factory& af) +secure_vector<byte> rfc3394_keywrap(const secure_vector<byte>& key, + const SymmetricKey& kek, + Algorithm_Factory& af) { if(key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key wrap"); @@ -44,13 +44,13 @@ SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key, const size_t n = key.size() / 8; - SecureVector<byte> R((n + 1) * 8); - SecureVector<byte> A(16); + secure_vector<byte> R((n + 1) * 8); + secure_vector<byte> A(16); for(size_t i = 0; i != 8; ++i) A[i] = 0xA6; - copy_mem(&R[8], key.begin(), key.size()); + copy_mem(&R[8], &key[0], key.size()); for(size_t j = 0; j <= 5; ++j) { @@ -74,7 +74,7 @@ SecureVector<byte> rfc3394_keywrap(const MemoryRegion<byte>& key, return R; } -SecureVector<byte> rfc3394_keyunwrap(const MemoryRegion<byte>& key, +secure_vector<byte> rfc3394_keyunwrap(const secure_vector<byte>& key, const SymmetricKey& kek, Algorithm_Factory& af) { @@ -86,13 +86,13 @@ SecureVector<byte> rfc3394_keyunwrap(const MemoryRegion<byte>& key, const size_t n = (key.size() - 8) / 8; - SecureVector<byte> R(n * 8); - SecureVector<byte> A(16); + secure_vector<byte> R(n * 8); + secure_vector<byte> A(16); for(size_t i = 0; i != 8; ++i) A[i] = key[i]; - copy_mem(&R[0], key.begin() + 8, key.size() - 8); + copy_mem(&R[0], &key[8], key.size() - 8); for(size_t j = 0; j <= 5; ++j) { diff --git a/src/constructs/rfc3394/rfc3394.h b/src/constructs/rfc3394/rfc3394.h index 645586ee2..febd5207e 100644 --- a/src/constructs/rfc3394/rfc3394.h +++ b/src/constructs/rfc3394/rfc3394.h @@ -23,7 +23,7 @@ class Algorithm_Factory; * @param af an algorithm factory * @return key encrypted under kek */ -SecureVector<byte> BOTAN_DLL rfc3394_keywrap(const MemoryRegion<byte>& key, +secure_vector<byte> BOTAN_DLL rfc3394_keywrap(const secure_vector<byte>& key, const SymmetricKey& kek, Algorithm_Factory& af); @@ -36,7 +36,7 @@ SecureVector<byte> BOTAN_DLL rfc3394_keywrap(const MemoryRegion<byte>& key, * @param af an algorithm factory * @return key decrypted under kek */ -SecureVector<byte> BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion<byte>& key, +secure_vector<byte> BOTAN_DLL rfc3394_keyunwrap(const secure_vector<byte>& key, const SymmetricKey& kek, Algorithm_Factory& af); diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 0eccdc154..569454350 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -48,7 +48,7 @@ BigInt hash_seq(const std::string& hash_id, BigInt compute_x(const std::string& hash_id, const std::string& identifier, const std::string& password, - const MemoryRegion<byte>& salt) + const std::vector<byte>& salt) { std::unique_ptr<HashFunction> hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); @@ -57,12 +57,12 @@ BigInt compute_x(const std::string& hash_id, hash_fn->update(":"); hash_fn->update(password); - SecureVector<byte> inner_h = hash_fn->final(); + secure_vector<byte> inner_h = hash_fn->final(); hash_fn->update(salt); hash_fn->update(inner_h); - SecureVector<byte> outer_h = hash_fn->final(); + secure_vector<byte> outer_h = hash_fn->final(); return BigInt::decode(outer_h); } @@ -97,7 +97,7 @@ srp6_client_agree(const std::string& identifier, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, const BigInt& B, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ srp6_client_agree(const std::string& identifier, BigInt generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, const std::string& group_id, const std::string& hash_id) { diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h index 4fd127c70..b34253d7a 100644 --- a/src/constructs/srp6/srp6.h +++ b/src/constructs/srp6/srp6.h @@ -33,7 +33,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, const BigInt& B, RandomNumberGenerator& rng); @@ -45,7 +45,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, */ BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, const std::string& group_id, const std::string& hash_id); diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp index bc321745f..4df2986f3 100644 --- a/src/constructs/srp6/srp6_files.cpp +++ b/src/constructs/srp6/srp6_files.cpp @@ -31,7 +31,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) std::string username = parts[0]; BigInt v = BigInt::decode(base64_decode(parts[1])); - MemoryVector<byte> salt = base64_decode(parts[2]); + std::vector<byte> salt = unlock(base64_decode(parts[2])); BigInt group_id_idx = BigInt::decode(base64_decode(parts[3])); std::string group_id; @@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) bool SRP6_Authenticator_File::lookup_user(const std::string& username, BigInt& v, - MemoryRegion<byte>& salt, + std::vector<byte>& salt, std::string& group_id) const { std::map<std::string, SRP6_Data>::const_iterator i = entries.find(username); diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h index 4e3293423..4e0d3ff02 100644 --- a/src/constructs/srp6/srp6_files.h +++ b/src/constructs/srp6/srp6_files.h @@ -28,7 +28,7 @@ class BOTAN_DLL SRP6_Authenticator_File bool lookup_user(const std::string& username, BigInt& v, - MemoryRegion<byte>& salt, + std::vector<byte>& salt, std::string& group_id) const; private: struct SRP6_Data @@ -36,12 +36,12 @@ class BOTAN_DLL SRP6_Authenticator_File SRP6_Data() {} SRP6_Data(const BigInt& v, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, const std::string& group_id) : v(v), salt(salt), group_id(group_id) {} BigInt v; - MemoryVector<byte> salt; + std::vector<byte> salt; std::string group_id; }; diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp index cc34216f3..e002084a1 100644 --- a/src/constructs/tss/tss.cpp +++ b/src/constructs/tss/tss.cpp @@ -150,7 +150,7 @@ RTSS_Share::split(byte M, byte N, shares[i].contents.push_back(i+1); // secret = S || H(S) - SecureVector<byte> secret(S, S_len); + secure_vector<byte> secret(S, S + S_len); secret += hash.process(S, S_len); for(size_t i = 0; i != secret.size(); ++i) @@ -178,7 +178,7 @@ RTSS_Share::split(byte M, byte N, return shares; } -SecureVector<byte> +secure_vector<byte> RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) { const size_t RTSS_HEADER_SIZE = 20; @@ -211,7 +211,7 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) throw Decoding_Error("Bad RTSS length field in header"); std::vector<byte> V(shares.size()); - SecureVector<byte> secret; + secure_vector<byte> secret; for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i) { @@ -250,13 +250,13 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) throw Decoding_Error("Bad length in RTSS output"); hash->update(&secret[0], secret_len); - SecureVector<byte> hash_check = hash->final(); + secure_vector<byte> hash_check = hash->final(); if(!same_mem(&hash_check[0], &secret[secret_len], hash->output_length())) throw Decoding_Error("RTSS hash check failed"); - return SecureVector<byte>(&secret[0], secret_len); + return secure_vector<byte>(&secret[0], &secret[secret_len]); } } diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h index 297c65971..4664af317 100644 --- a/src/constructs/tss/tss.h +++ b/src/constructs/tss/tss.h @@ -38,7 +38,7 @@ class BOTAN_DLL RTSS_Share /** * @param shares the list of shares */ - static SecureVector<byte> + static secure_vector<byte> reconstruct(const std::vector<RTSS_Share>& shares); RTSS_Share() {} @@ -68,7 +68,7 @@ class BOTAN_DLL RTSS_Share */ bool initialized() const { return (contents.size() > 0); } private: - SecureVector<byte> contents; + secure_vector<byte> contents; }; } diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index 07d2979f9..6013fe4ea 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -54,7 +54,7 @@ bool Credentials_Manager::srp_verifier(const std::string&, const std::string&, std::string&, BigInt&, - MemoryRegion<byte>&, + std::vector<byte>&, bool) { return false; diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 67da07eec..57ebd8b38 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -81,7 +81,7 @@ class BOTAN_DLL Credentials_Manager const std::string& identifier, std::string& group_name, BigInt& verifier, - MemoryRegion<byte>& salt, + std::vector<byte>& salt, bool generate_fake_on_unknown); /** diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h index fc7aa856e..0a786f3ee 100644 --- a/src/engine/gnump/gmp_wrap.h +++ b/src/engine/gnump/gmp_wrap.h @@ -25,7 +25,7 @@ class GMP_MPZ void encode(byte[], size_t) const; size_t bytes() const; - SecureVector<byte> to_bytes() const + secure_vector<byte> to_bytes() const { return BigInt::encode(to_bigint()); } GMP_MPZ& operator=(const GMP_MPZ&); diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 25735fe55..b2a2f9352 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -38,7 +38,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], size_t w_len) + secure_vector<byte> agree(const byte w[], size_t w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -66,14 +66,14 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; size_t q_bits; }; -SecureVector<byte> +secure_vector<byte> GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(mpz_cmp_ui(r.value, 0) == 0 || mpz_cmp_ui(s.value, 0) == 0) throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); - SecureVector<byte> output(2*q_bytes); + secure_vector<byte> output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -192,7 +192,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -200,7 +200,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], size_t msg_len) + secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -238,14 +238,14 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> encrypt(const byte msg[], size_t msg_len, + secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], size_t msg_len) + secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp index 779956824..0ac31f61b 100644 --- a/src/engine/openssl/bn_wrap.cpp +++ b/src/engine/openssl/bn_wrap.cpp @@ -15,7 +15,7 @@ namespace Botan { OSSL_BN::OSSL_BN(const BigInt& in) { value = BN_new(); - SecureVector<byte> encoding = BigInt::encode(in); + secure_vector<byte> encoding = BigInt::encode(in); if(in != 0) BN_bin2bn(encoding, encoding.size(), value); } @@ -75,7 +75,7 @@ size_t OSSL_BN::bytes() const */ BigInt OSSL_BN::to_bigint() const { - SecureVector<byte> out(bytes()); + secure_vector<byte> out(bytes()); BN_bn2bin(value, out); return BigInt::decode(out); } diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h index c5c07a35c..177dbd8c7 100644 --- a/src/engine/openssl/bn_wrap.h +++ b/src/engine/openssl/bn_wrap.h @@ -25,7 +25,7 @@ class OSSL_BN void encode(byte[], size_t) const; size_t bytes() const; - SecureVector<byte> to_bytes() const + secure_vector<byte> to_bytes() const { return BigInt::encode(to_bigint()); } OSSL_BN& operator=(const OSSL_BN&); diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp index 36f78205f..d419f56be 100644 --- a/src/engine/openssl/ossl_bc.cpp +++ b/src/engine/openssl/ossl_bc.cpp @@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], */ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) { - SecureVector<byte> full_key(key, length); + secure_vector<byte> full_key(key, length); if(cipher_name == "TripleDES" && length == 16) { diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp index 23ae6b25d..2557ec297 100644 --- a/src/engine/openssl/ossl_pk.cpp +++ b/src/engine/openssl/ossl_pk.cpp @@ -36,7 +36,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], size_t w_len) + secure_vector<byte> agree(const byte w[], size_t w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -65,7 +65,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t q_bits; }; -SecureVector<byte> +secure_vector<byte> OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -103,7 +103,7 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(BN_is_zero(r.value) || BN_is_zero(s.value)) throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - SecureVector<byte> output(2*q_bytes); + secure_vector<byte> output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -191,7 +191,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -199,7 +199,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], size_t msg_len) + secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -237,14 +237,14 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> encrypt(const byte msg[], size_t msg_len, + secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], size_t msg_len) + secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp index c9069ce65..a706b4d5c 100644 --- a/src/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/entropy/cryptoapi_rng/es_capi.cpp @@ -55,7 +55,7 @@ class CSP_Handle */ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) { - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(32); + secure_vector<byte>& io_buffer = accum.get_io_buffer(32); for(size_t i = 0; i != prov_types.size(); ++i) { diff --git a/src/entropy/dev_random/dev_random.cpp b/src/entropy/dev_random/dev_random.cpp index 9e4f0b373..d92176ce9 100644 --- a/src/entropy/dev_random/dev_random.cpp +++ b/src/entropy/dev_random/dev_random.cpp @@ -111,7 +111,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) accum.desired_remaining_bits() / ENTROPY_BITS_PER_BYTE, 32); const size_t read_wait_ms = std::max<size_t>(go_get, 100); - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(go_get); + secure_vector<byte>& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != devices.size(); ++i) { diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp index e0ebf9509..d8dbecd44 100644 --- a/src/entropy/egd/es_egd.cpp +++ b/src/entropy/egd/es_egd.cpp @@ -139,7 +139,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { size_t go_get = std::min<size_t>(accum.desired_remaining_bits() / 8, 32); - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(go_get); + secure_vector<byte>& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != sockets.size(); ++i) { diff --git a/src/entropy/entropy_src.h b/src/entropy/entropy_src.h index 3f15b5907..e130574f4 100644 --- a/src/entropy/entropy_src.h +++ b/src/entropy/entropy_src.h @@ -35,7 +35,7 @@ class BOTAN_DLL Entropy_Accumulator * @param size requested size for the I/O buffer * @return cached I/O buffer for repeated polls */ - MemoryRegion<byte>& get_io_buffer(size_t size) + secure_vector<byte>& get_io_buffer(size_t size) { io_buffer.resize(size); return io_buffer; } /** @@ -87,7 +87,7 @@ class BOTAN_DLL Entropy_Accumulator private: virtual void add_bytes(const byte bytes[], size_t length) = 0; - SecureVector<byte> io_buffer; + secure_vector<byte> io_buffer; size_t entropy_goal; double collected_bits; }; diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp index 407034891..d65aadfb1 100644 --- a/src/entropy/proc_walk/es_ftw.cpp +++ b/src/entropy/proc_walk/es_ftw.cpp @@ -151,7 +151,7 @@ void FTW_EntropySource::poll(Entropy_Accumulator& accum) if(!dir) dir = new Directory_Walker(path); - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(4096); + secure_vector<byte>& io_buffer = accum.get_io_buffer(4096); for(size_t i = 0; i != MAX_FILES_READ_PER_POLL; ++i) { diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp index b989e0213..9ec5f7148 100644 --- a/src/entropy/unix_procs/es_unix.cpp +++ b/src/entropy/unix_procs/es_unix.cpp @@ -93,7 +93,7 @@ void Unix_EntropySource::poll(Entropy_Accumulator& accum) const size_t MINIMAL_WORKING = 16; - MemoryRegion<byte>& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte>& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); for(size_t i = 0; i != sources.size(); i++) { diff --git a/src/filters/algo_filt.cpp b/src/filters/algo_filt.cpp index 337733b5f..dbc46c7e6 100644 --- a/src/filters/algo_filt.cpp +++ b/src/filters/algo_filt.cpp @@ -92,7 +92,7 @@ Hash_Filter::Hash_Filter(const std::string& algo_spec, */ void Hash_Filter::end_msg() { - SecureVector<byte> output = hash->final(); + secure_vector<byte> output = hash->final(); if(OUTPUT_LENGTH) send(output, std::min<size_t>(OUTPUT_LENGTH, output.size())); else @@ -125,7 +125,7 @@ MAC_Filter::MAC_Filter(const std::string& mac_name, const SymmetricKey& key, */ void MAC_Filter::end_msg() { - SecureVector<byte> output = mac->final(); + secure_vector<byte> output = mac->final(); if(OUTPUT_LENGTH) send(output, std::min<size_t>(OUTPUT_LENGTH, output.size())); else diff --git a/src/filters/buf_filt.h b/src/filters/buf_filt.h index 87180e3e1..9a3fc9a2b 100644 --- a/src/filters/buf_filt.h +++ b/src/filters/buf_filt.h @@ -27,6 +27,12 @@ class BOTAN_DLL Buffered_Filter */ void write(const byte in[], size_t length); + template<typename Alloc> + void write(const std::vector<byte, Alloc>& in, size_t length) + { + write(&in[0], length); + } + /** * Finish a message, emitting to buffered_block and buffered_final * Will throw an exception if less than final_minimum bytes were @@ -78,7 +84,7 @@ class BOTAN_DLL Buffered_Filter private: size_t main_block_mod, final_minimum; - SecureVector<byte> buffer; + secure_vector<byte> buffer; size_t buffer_pos; }; diff --git a/src/filters/bzip2/bzip2.h b/src/filters/bzip2/bzip2.h index b3b222eb2..2505cf54e 100644 --- a/src/filters/bzip2/bzip2.h +++ b/src/filters/bzip2/bzip2.h @@ -33,7 +33,7 @@ class BOTAN_DLL Bzip_Compression : public Filter void clear(); const size_t level; - SecureVector<byte> buffer; + secure_vector<byte> buffer; class Bzip_Stream* bz; }; @@ -55,7 +55,7 @@ class BOTAN_DLL Bzip_Decompression : public Filter void clear(); const bool small_mem; - SecureVector<byte> buffer; + secure_vector<byte> buffer; class Bzip_Stream* bz; bool no_writes; }; diff --git a/src/filters/codec_filt/b64_filt.h b/src/filters/codec_filt/b64_filt.h index afff53f30..dcb3cdbd5 100644 --- a/src/filters/codec_filt/b64_filt.h +++ b/src/filters/codec_filt/b64_filt.h @@ -47,7 +47,7 @@ class BOTAN_DLL Base64_Encoder : public Filter const size_t line_length; const bool trailing_newline; - MemoryVector<byte> in, out; + std::vector<byte> in, out; size_t position, out_position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL Base64_Decoder : public Filter Base64_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector<byte> in, out; + std::vector<byte> in, out; size_t position; }; diff --git a/src/filters/codec_filt/hex_filt.h b/src/filters/codec_filt/hex_filt.h index 0dc38c804..dbe6b9bae 100644 --- a/src/filters/codec_filt/hex_filt.h +++ b/src/filters/codec_filt/hex_filt.h @@ -49,7 +49,7 @@ class BOTAN_DLL Hex_Encoder : public Filter const Case casing; const size_t line_length; - MemoryVector<byte> in, out; + std::vector<byte> in, out; size_t position, counter; }; @@ -72,7 +72,7 @@ class BOTAN_DLL Hex_Decoder : public Filter Hex_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector<byte> in, out; + std::vector<byte> in, out; size_t position; }; diff --git a/src/filters/data_src.cpp b/src/filters/data_src.cpp index da67baa98..4980507ca 100644 --- a/src/filters/data_src.cpp +++ b/src/filters/data_src.cpp @@ -77,26 +77,10 @@ bool DataSource_Memory::end_of_data() const /* * DataSource_Memory Constructor */ -DataSource_Memory::DataSource_Memory(const byte in[], size_t length) : - source(in, length) - { - offset = 0; - } - -/* -* DataSource_Memory Constructor -*/ -DataSource_Memory::DataSource_Memory(const MemoryRegion<byte>& in) : - source(in) - { - offset = 0; - } - -/* -* DataSource_Memory Constructor -*/ DataSource_Memory::DataSource_Memory(const std::string& in) : - source(reinterpret_cast<const byte*>(in.data()), in.length()) + source(reinterpret_cast<const byte*>(in.data()), + reinterpret_cast<const byte*>(in.data()) + in.length()), + offset(0) { offset = 0; } @@ -127,7 +111,7 @@ size_t DataSource_Stream::peek(byte out[], size_t length, size_t offset) const if(offset) { - SecureVector<byte> buf(offset); + secure_vector<byte> buf(offset); source.read(reinterpret_cast<char*>(&buf[0]), buf.size()); if(source.bad()) throw Stream_IO_Error("DataSource_Stream::peek: Source failure"); diff --git a/src/filters/data_src.h b/src/filters/data_src.h index d2d51fe23..62bdacd33 100644 --- a/src/filters/data_src.h +++ b/src/filters/data_src.h @@ -106,15 +106,24 @@ class BOTAN_DLL DataSource_Memory : public DataSource * @param in the byte array to read from * @param length the length of the byte array */ - DataSource_Memory(const byte in[], size_t length); + DataSource_Memory(const byte in[], size_t length) : + source(in, in + length), offset(0) {} /** - * Construct a memory source that reads from a MemoryRegion + * Construct a memory source that reads from a secure_vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const MemoryRegion<byte>& in); + DataSource_Memory(const secure_vector<byte>& in) : + source(in), offset(0) {} + + /** + * Construct a memory source that reads from a std::vector + * @param in the MemoryRegion to read from + */ + DataSource_Memory(const std::vector<byte>& in) : + source(&in[0], &in[in.size()]), offset(0) {} private: - SecureVector<byte> source; + secure_vector<byte> source; size_t offset; }; diff --git a/src/filters/fd_unix/fd_unix.cpp b/src/filters/fd_unix/fd_unix.cpp index 3a9253b5e..dc6fbe696 100644 --- a/src/filters/fd_unix/fd_unix.cpp +++ b/src/filters/fd_unix/fd_unix.cpp @@ -16,7 +16,7 @@ namespace Botan { */ int operator<<(int fd, Pipe& pipe) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -38,7 +38,7 @@ int operator<<(int fd, Pipe& pipe) */ int operator>>(int fd, Pipe& pipe) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(true) { ssize_t ret = read(fd, &buffer[0], buffer.size()); diff --git a/src/filters/filter.h b/src/filters/filter.h index b62846075..f59677528 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -65,13 +65,27 @@ class BOTAN_DLL Filter /** * @param in some input for the filter */ - void send(const MemoryRegion<byte>& in) { send(&in[0], in.size()); } + void send(const secure_vector<byte>& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + */ + void send(const std::vector<byte>& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + * @param length the number of bytes of in to send + */ + void send(const secure_vector<byte>& in, size_t length) + { + send(&in[0], length); + } /** * @param in some input for the filter * @param length the number of bytes of in to send */ - void send(const MemoryRegion<byte>& in, size_t length) + void send(const std::vector<byte>& in, size_t length) { send(&in[0], length); } @@ -120,7 +134,7 @@ class BOTAN_DLL Filter void set_next(Filter* filters[], size_t count); Filter* get_next() const; - SecureVector<byte> write_queue; + secure_vector<byte> write_queue; std::vector<Filter*> next; size_t port_num, filter_owns; diff --git a/src/filters/filters.h b/src/filters/filters.h index b409e78f5..08b505bc0 100644 --- a/src/filters/filters.h +++ b/src/filters/filters.h @@ -94,7 +94,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter ~StreamCipher_Filter() { delete cipher; } private: - SecureVector<byte> buffer; + secure_vector<byte> buffer; StreamCipher* cipher; }; diff --git a/src/filters/modes/cbc/cbc.cpp b/src/filters/modes/cbc/cbc.cpp index b464d075f..00518fc86 100644 --- a/src/filters/modes/cbc/cbc.cpp +++ b/src/filters/modes/cbc/cbc.cpp @@ -65,9 +65,9 @@ void CBC_Encryption::buffered_block(const byte input[], size_t length) for(size_t i = 0; i != blocks; ++i) { - xor_buf(state, input + i * cipher->block_size(), state.size()); + xor_buf(&state[0], input + i * cipher->block_size(), state.size()); cipher->encrypt(state); - send(state, state.size()); + send(state); } } @@ -91,13 +91,13 @@ void CBC_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector<byte> padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + std::vector<byte> padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); if(pad_bytes) - Buffered_Filter::write(padding, pad_bytes); + Buffered_Filter::write(&padding[0], pad_bytes); Buffered_Filter::end_msg(); } @@ -170,7 +170,7 @@ void CBC_Decryption::buffered_block(const byte input[], size_t length) cipher->decrypt_n(input, &temp[0], to_proc); - xor_buf(temp, state, cipher->block_size()); + xor_buf(&temp[0], &state[0], cipher->block_size()); for(size_t i = 1; i < to_proc; ++i) xor_buf(&temp[i * cipher->block_size()], @@ -202,9 +202,9 @@ void CBC_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - xor_buf(temp, state, cipher->block_size()); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(&input[0], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); copy_mem(&state[0], input, state.size()); // save for IV chaining } diff --git a/src/filters/modes/cbc/cbc.h b/src/filters/modes/cbc/cbc.h index d828f53a6..4fd0f7d66 100644 --- a/src/filters/modes/cbc/cbc.h +++ b/src/filters/modes/cbc/cbc.h @@ -52,7 +52,7 @@ class BOTAN_DLL CBC_Encryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector<byte> state; + secure_vector<byte> state; }; /** @@ -92,7 +92,7 @@ class BOTAN_DLL CBC_Decryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector<byte> state, temp; + secure_vector<byte> state, temp; }; } diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp index 9aa6f6159..2b7cca84a 100644 --- a/src/filters/modes/cfb/cfb.cpp +++ b/src/filters/modes/cfb/cfb.cpp @@ -61,7 +61,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv) zeroise(buffer); position = 0; - cipher->encrypt(state, buffer); + cipher->encrypt(&state[0], &buffer[0]); } /* diff --git a/src/filters/modes/cfb/cfb.h b/src/filters/modes/cfb/cfb.h index 64eb1e832..212ac76da 100644 --- a/src/filters/modes/cfb/cfb.h +++ b/src/filters/modes/cfb/cfb.h @@ -43,7 +43,7 @@ class BOTAN_DLL CFB_Encryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector<byte> buffer, state; + secure_vector<byte> buffer, state; size_t position, feedback; }; @@ -77,7 +77,7 @@ class BOTAN_DLL CFB_Decryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector<byte> buffer, state; + secure_vector<byte> buffer, state; size_t position, feedback; }; diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp index 694d7d524..f77a28dd5 100644 --- a/src/filters/modes/cts/cts.cpp +++ b/src/filters/modes/cts/cts.cpp @@ -56,7 +56,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv) */ void CTS_Encryption::encrypt(const byte block[]) { - xor_buf(state, block, cipher->block_size()); + xor_buf(&state[0], &block[0], cipher->block_size()); cipher->encrypt(state); send(state, cipher->block_size()); } @@ -105,7 +105,7 @@ void CTS_Encryption::end_msg() xor_buf(state, buffer, cipher->block_size()); cipher->encrypt(state); - SecureVector<byte> cn = state; + secure_vector<byte> cn = state; clear_mem(&buffer[position], buffer.size() - position); encrypt(&buffer[cipher->block_size()]); send(cn, position - cipher->block_size()); @@ -177,7 +177,7 @@ void CTS_Decryption::write(const byte input[], size_t length) if(length == 0) return; - decrypt(buffer); + decrypt(&buffer[0]); if(length > cipher->block_size()) { decrypt(&buffer[cipher->block_size()]); @@ -203,17 +203,17 @@ void CTS_Decryption::write(const byte input[], size_t length) */ void CTS_Decryption::end_msg() { - cipher->decrypt(buffer, temp); - xor_buf(temp, &buffer[cipher->block_size()], position - cipher->block_size()); + cipher->decrypt(&buffer[0], &temp[0]); + xor_buf(&temp[0], &buffer[cipher->block_size()], position - cipher->block_size()); - SecureVector<byte> xn = temp; + secure_vector<byte> xn = temp; copy_mem(&buffer[position], &xn[position - cipher->block_size()], buffer.size() - position); - cipher->decrypt(&buffer[cipher->block_size()], temp); - xor_buf(temp, state, cipher->block_size()); + cipher->decrypt(&buffer[cipher->block_size()], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); send(temp, cipher->block_size()); send(xn, position - cipher->block_size()); } diff --git a/src/filters/modes/cts/cts.h b/src/filters/modes/cts/cts.h index 8e19073f4..ac296316f 100644 --- a/src/filters/modes/cts/cts.h +++ b/src/filters/modes/cts/cts.h @@ -44,7 +44,7 @@ class BOTAN_DLL CTS_Encryption : public Keyed_Filter void encrypt(const byte[]); BlockCipher* cipher; - SecureVector<byte> buffer, state; + secure_vector<byte> buffer, state; size_t position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL CTS_Decryption : public Keyed_Filter void decrypt(const byte[]); BlockCipher* cipher; - SecureVector<byte> buffer, state, temp; + secure_vector<byte> buffer, state, temp; size_t position; }; diff --git a/src/filters/modes/eax/eax.cpp b/src/filters/modes/eax/eax.cpp index 791286cc6..fb75d73fd 100644 --- a/src/filters/modes/eax/eax.cpp +++ b/src/filters/modes/eax/eax.cpp @@ -19,7 +19,7 @@ namespace { /* * EAX MAC-based PRF */ -SecureVector<byte> eax_prf(byte tag, size_t BLOCK_SIZE, +secure_vector<byte> eax_prf(byte tag, size_t BLOCK_SIZE, MessageAuthenticationCode* mac, const byte in[], size_t length) { @@ -131,7 +131,7 @@ void EAX_Encryption::write(const byte input[], size_t length) */ void EAX_Encryption::end_msg() { - SecureVector<byte> data_mac = cmac->final(); + secure_vector<byte> data_mac = cmac->final(); xor_buf(data_mac, nonce_mac, data_mac.size()); xor_buf(data_mac, header_mac, data_mac.size()); diff --git a/src/filters/modes/eax/eax.h b/src/filters/modes/eax/eax.h index e8efb9398..d78287521 100644 --- a/src/filters/modes/eax/eax.h +++ b/src/filters/modes/eax/eax.h @@ -81,17 +81,17 @@ class BOTAN_DLL EAX_Base : public Keyed_Filter /** * The MAC of the nonce */ - SecureVector<byte> nonce_mac; + secure_vector<byte> nonce_mac; /** * The MAC of the header */ - SecureVector<byte> header_mac; + secure_vector<byte> header_mac; /** * A buffer for CTR mode encryption */ - SecureVector<byte> ctr_buf; + secure_vector<byte> ctr_buf; }; /** @@ -151,7 +151,7 @@ class BOTAN_DLL EAX_Decryption : public EAX_Base void do_write(const byte[], size_t); void end_msg(); - SecureVector<byte> queue; + secure_vector<byte> queue; size_t queue_start, queue_end; }; diff --git a/src/filters/modes/eax/eax_dec.cpp b/src/filters/modes/eax/eax_dec.cpp index d14ba5e70..a2675cac0 100644 --- a/src/filters/modes/eax/eax_dec.cpp +++ b/src/filters/modes/eax/eax_dec.cpp @@ -62,7 +62,7 @@ void EAX_Decryption::write(const byte input[], size_t length) if(queue_start + TAG_SIZE == queue_end && queue_start >= queue.size() / 2) { - SecureVector<byte> queue_data(TAG_SIZE); + secure_vector<byte> queue_data(TAG_SIZE); copy_mem(&queue_data[0], &queue[queue_start], TAG_SIZE); copy_mem(&queue[0], &queue_data[0], TAG_SIZE); queue_start = 0; @@ -100,7 +100,7 @@ void EAX_Decryption::end_msg() if((queue_end - queue_start) != TAG_SIZE) throw Decoding_Error(name() + ": Message authentication failure"); - SecureVector<byte> data_mac = cmac->final(); + secure_vector<byte> data_mac = cmac->final(); for(size_t j = 0; j != TAG_SIZE; ++j) if(queue[queue_start+j] != (data_mac[j] ^ nonce_mac[j] ^ header_mac[j])) diff --git a/src/filters/modes/ecb/ecb.cpp b/src/filters/modes/ecb/ecb.cpp index 9115d6362..d36d2350b 100644 --- a/src/filters/modes/ecb/ecb.cpp +++ b/src/filters/modes/ecb/ecb.cpp @@ -70,8 +70,8 @@ void ECB_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector<byte> padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + secure_vector<byte> padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); @@ -203,8 +203,8 @@ void ECB_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(input, &temp[0]); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); } } diff --git a/src/filters/modes/ecb/ecb.h b/src/filters/modes/ecb/ecb.h index 94cff1f52..e6476ab5d 100644 --- a/src/filters/modes/ecb/ecb.h +++ b/src/filters/modes/ecb/ecb.h @@ -46,7 +46,7 @@ class BOTAN_DLL ECB_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector<byte> temp; + secure_vector<byte> temp; }; /** @@ -80,7 +80,7 @@ class BOTAN_DLL ECB_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector<byte> temp; + secure_vector<byte> temp; }; } diff --git a/src/filters/modes/xts/xts.cpp b/src/filters/modes/xts/xts.cpp index 42b1f2bf0..e29ef6b98 100644 --- a/src/filters/modes/xts/xts.cpp +++ b/src/filters/modes/xts/xts.cpp @@ -136,7 +136,7 @@ void XTS_Encryption::buffered_block(const byte input[], size_t length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = length / cipher->block_size(); - SecureVector<byte> temp(tweak.size()); + secure_vector<byte> temp(tweak.size()); while(blocks) { @@ -194,7 +194,7 @@ void XTS_Encryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector<byte> temp(input, length); + secure_vector<byte> temp(input, input + length); xor_buf(temp, tweak, cipher->block_size()); cipher->encrypt(temp); @@ -311,7 +311,7 @@ void XTS_Decryption::buffered_block(const byte input[], size_t input_length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = input_length / cipher->block_size(); - SecureVector<byte> temp(tweak.size()); + secure_vector<byte> temp(tweak.size()); while(blocks) { @@ -365,8 +365,8 @@ void XTS_Decryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector<byte> temp(input, length); - SecureVector<byte> tweak_copy(&tweak[0], cipher->block_size()); + secure_vector<byte> temp(input, input + length); + secure_vector<byte> tweak_copy(&tweak[0], &tweak[cipher->block_size()]); poly_double(&tweak_copy[0], cipher->block_size()); diff --git a/src/filters/modes/xts/xts.h b/src/filters/modes/xts/xts.h index 52db9bcfc..d4801cd37 100644 --- a/src/filters/modes/xts/xts.h +++ b/src/filters/modes/xts/xts.h @@ -48,7 +48,7 @@ class BOTAN_DLL XTS_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector<byte> tweak; + secure_vector<byte> tweak; }; /** @@ -85,7 +85,7 @@ class BOTAN_DLL XTS_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector<byte> tweak; + secure_vector<byte> tweak; }; } diff --git a/src/filters/pipe.cpp b/src/filters/pipe.cpp index 2c5e07589..6664098b3 100644 --- a/src/filters/pipe.cpp +++ b/src/filters/pipe.cpp @@ -124,7 +124,12 @@ void Pipe::process_msg(const byte input[], size_t length) /* * Process a full message at once */ -void Pipe::process_msg(const MemoryRegion<byte>& input) +void Pipe::process_msg(const secure_vector<byte>& input) + { + process_msg(&input[0], input.size()); + } + +void Pipe::process_msg(const std::vector<byte>& input) { process_msg(&input[0], input.size()); } diff --git a/src/filters/pipe.h b/src/filters/pipe.h index 6df518d3e..e53f0d508 100644 --- a/src/filters/pipe.h +++ b/src/filters/pipe.h @@ -66,9 +66,17 @@ class BOTAN_DLL Pipe : public DataSource /** * Write input to the pipe, i.e. to its first filter. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write */ - void write(const MemoryRegion<byte>& in); + void write(const secure_vector<byte>& in) + { write(&in[0], in.size()); } + + /** + * Write input to the pipe, i.e. to its first filter. + * @param in the std::vector containing the data to write + */ + void write(const std::vector<byte>& in) + { write(&in[0], in.size()); } /** * Write input to the pipe, i.e. to its first filter. @@ -97,9 +105,15 @@ class BOTAN_DLL Pipe : public DataSource /** * Perform start_msg(), write() and end_msg() sequentially. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write + */ + void process_msg(const secure_vector<byte>& in); + + /** + * Perform start_msg(), write() and end_msg() sequentially. + * @param in the secure_vector containing the data to write */ - void process_msg(const MemoryRegion<byte>& in); + void process_msg(const std::vector<byte>& in); /** * Perform start_msg(), write() and end_msg() sequentially. @@ -157,9 +171,9 @@ class BOTAN_DLL Pipe : public DataSource /** * Read the full contents of the pipe. * @param msg the number identifying the message to read from - * @return SecureVector holding the contents of the pipe + * @return secure_vector holding the contents of the pipe */ - SecureVector<byte> read_all(message_id msg = DEFAULT_MESSAGE); + secure_vector<byte> read_all(message_id msg = DEFAULT_MESSAGE); /** * Read the full contents of the pipe. diff --git a/src/filters/pipe_io.cpp b/src/filters/pipe_io.cpp index 9dd0ad0bb..a549eaee8 100644 --- a/src/filters/pipe_io.cpp +++ b/src/filters/pipe_io.cpp @@ -15,7 +15,7 @@ namespace Botan { */ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(stream.good() && pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -31,7 +31,7 @@ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) */ std::istream& operator>>(std::istream& stream, Pipe& pipe) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(stream.good()) { stream.read(reinterpret_cast<char*>(&buffer[0]), buffer.size()); diff --git a/src/filters/pipe_rw.cpp b/src/filters/pipe_rw.cpp index 90af9ed34..8a713ea8d 100644 --- a/src/filters/pipe_rw.cpp +++ b/src/filters/pipe_rw.cpp @@ -39,14 +39,6 @@ void Pipe::write(const byte input[], size_t length) } /* -* Write into a Pipe -*/ -void Pipe::write(const MemoryRegion<byte>& input) - { - write(&input[0], input.size()); - } - -/* * Write a string into a Pipe */ void Pipe::write(const std::string& str) @@ -67,7 +59,7 @@ void Pipe::write(byte input) */ void Pipe::write(DataSource& source) { - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(!source.end_of_data()) { size_t got = source.read(&buffer[0], buffer.size()); @@ -102,10 +94,10 @@ size_t Pipe::read(byte& out, message_id msg) /* * Return all data in the pipe */ -SecureVector<byte> Pipe::read_all(message_id msg) +secure_vector<byte> Pipe::read_all(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector<byte> buffer(remaining(msg)); + secure_vector<byte> buffer(remaining(msg)); size_t got = read(&buffer[0], buffer.size(), msg); buffer.resize(got); return buffer; @@ -117,7 +109,7 @@ SecureVector<byte> Pipe::read_all(message_id msg) std::string Pipe::read_all_as_string(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); std::string str; str.reserve(remaining(msg)); diff --git a/src/filters/pk_filts/pk_filts.cpp b/src/filters/pk_filts/pk_filts.cpp index d843d711c..45fcc18b8 100644 --- a/src/filters/pk_filts/pk_filts.cpp +++ b/src/filters/pk_filts/pk_filts.cpp @@ -83,14 +83,13 @@ void PK_Verifier_Filter::end_msg() */ void PK_Verifier_Filter::set_signature(const byte sig[], size_t length) { - signature.resize(length); - copy_mem(&signature[0], sig, length); + signature.assign(sig, sig + length); } /* * Set the signature to check */ -void PK_Verifier_Filter::set_signature(const MemoryRegion<byte>& sig) +void PK_Verifier_Filter::set_signature(const secure_vector<byte>& sig) { signature = sig; } @@ -100,7 +99,7 @@ void PK_Verifier_Filter::set_signature(const MemoryRegion<byte>& sig) */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], size_t length) : - verifier(v), signature(sig, length) + verifier(v), signature(sig, sig + length) { } @@ -108,7 +107,7 @@ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], * PK_Verifier_Filter Constructor */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, - const MemoryRegion<byte>& sig) : + const secure_vector<byte>& sig) : verifier(v), signature(sig) { } diff --git a/src/filters/pk_filts/pk_filts.h b/src/filters/pk_filts/pk_filts.h index dd67e389b..cc1c2220d 100644 --- a/src/filters/pk_filts/pk_filts.h +++ b/src/filters/pk_filts/pk_filts.h @@ -28,7 +28,7 @@ class BOTAN_DLL PK_Encryptor_Filter : public Filter private: PK_Encryptor* cipher; RandomNumberGenerator& rng; - SecureVector<byte> buffer; + secure_vector<byte> buffer; }; /** @@ -43,7 +43,7 @@ class BOTAN_DLL PK_Decryptor_Filter : public Filter ~PK_Decryptor_Filter() { delete cipher; } private: PK_Decryptor* cipher; - SecureVector<byte> buffer; + secure_vector<byte> buffer; }; /** @@ -75,15 +75,15 @@ class BOTAN_DLL PK_Verifier_Filter : public Filter void end_msg(); void set_signature(const byte[], size_t); - void set_signature(const MemoryRegion<byte>&); + void set_signature(const secure_vector<byte>&); PK_Verifier_Filter(PK_Verifier* v) : verifier(v) {} PK_Verifier_Filter(PK_Verifier*, const byte[], size_t); - PK_Verifier_Filter(PK_Verifier*, const MemoryRegion<byte>&); + PK_Verifier_Filter(PK_Verifier*, const secure_vector<byte>&); ~PK_Verifier_Filter() { delete verifier; } private: PK_Verifier* verifier; - SecureVector<byte> signature; + secure_vector<byte> signature; }; } diff --git a/src/filters/secqueue.cpp b/src/filters/secqueue.cpp index f65aff2a9..63d4f88d3 100644 --- a/src/filters/secqueue.cpp +++ b/src/filters/secqueue.cpp @@ -50,7 +50,7 @@ class SecureQueueNode private: friend class SecureQueue; SecureQueueNode* next; - SecureVector<byte> buffer; + secure_vector<byte> buffer; size_t start, end; }; diff --git a/src/filters/zlib/zlib.h b/src/filters/zlib/zlib.h index 60117f2bc..c4d21a250 100644 --- a/src/filters/zlib/zlib.h +++ b/src/filters/zlib/zlib.h @@ -45,7 +45,7 @@ class BOTAN_DLL Zlib_Compression : public Filter const size_t level; const bool raw_deflate; - SecureVector<byte> buffer; + secure_vector<byte> buffer; class Zlib_Stream* zlib; }; @@ -68,7 +68,7 @@ class BOTAN_DLL Zlib_Decompression : public Filter const bool raw_deflate; - SecureVector<byte> buffer; + secure_vector<byte> buffer; class Zlib_Stream* zlib; bool no_writes; }; diff --git a/src/hash/bmw_512/bmw_512.h b/src/hash/bmw_512/bmw_512.h index 474b607bb..b9ea63578 100644 --- a/src/hash/bmw_512/bmw_512.h +++ b/src/hash/bmw_512/bmw_512.h @@ -30,7 +30,7 @@ class BOTAN_DLL BMW_512 : public MDx_HashFunction void compress_n(const byte input[], size_t blocks); void copy_out(byte output[]); - SecureVector<u64bit> H, M, Q; + secure_vector<u64bit> H, M, Q; }; } diff --git a/src/hash/comb4p/comb4p.cpp b/src/hash/comb4p/comb4p.cpp index 1ea64a5cb..7aec5972e 100644 --- a/src/hash/comb4p/comb4p.cpp +++ b/src/hash/comb4p/comb4p.cpp @@ -13,8 +13,8 @@ namespace Botan { namespace { -void comb4p_round(MemoryRegion<byte>& out, - const MemoryRegion<byte>& in, +void comb4p_round(secure_vector<byte>& out, + const secure_vector<byte>& in, byte round_no, HashFunction* h1, HashFunction* h2) @@ -25,7 +25,7 @@ void comb4p_round(MemoryRegion<byte>& out, h1->update(&in[0], in.size()); h2->update(&in[0], in.size()); - SecureVector<byte> h_buf = h1->final(); + secure_vector<byte> h_buf = h1->final(); xor_buf(&out[0], &h_buf[0], std::min(out.size(), h_buf.size())); h_buf = h2->final(); @@ -78,8 +78,8 @@ void Comb4P::add_data(const byte input[], size_t length) void Comb4P::final_result(byte out[]) { - SecureVector<byte> h1 = hash1->final(); - SecureVector<byte> h2 = hash2->final(); + secure_vector<byte> h1 = hash1->final(); + secure_vector<byte> h2 = hash2->final(); // First round xor_buf(&h1[0], &h2[0], std::min(h1.size(), h2.size())); diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp index 6e56c2b97..eb889c0a5 100644 --- a/src/hash/gost_3411/gost_3411.cpp +++ b/src/hash/gost_3411/gost_3411.cpp @@ -225,11 +225,11 @@ void GOST_34_11::final_result(byte out[]) compress_n(&buffer[0], 1); } - SecureVector<byte> length_buf(32); + secure_vector<byte> length_buf(32); const u64bit bit_count = count * 8; store_le(bit_count, &length_buf[0]); - SecureVector<byte> sum_buf = sum; + secure_vector<byte> sum_buf = sum; compress_n(&length_buf[0], 1); compress_n(&sum_buf[0], 1); diff --git a/src/hash/gost_3411/gost_3411.h b/src/hash/gost_3411/gost_3411.h index fbbcb7a89..5437ca4d8 100644 --- a/src/hash/gost_3411/gost_3411.h +++ b/src/hash/gost_3411/gost_3411.h @@ -34,7 +34,7 @@ class BOTAN_DLL GOST_34_11 : public HashFunction void final_result(byte[]); GOST_28147_89 cipher; - SecureVector<byte> buffer, sum, hash; + secure_vector<byte> buffer, sum, hash; size_t position; u64bit count; }; diff --git a/src/hash/has160/has160.h b/src/hash/has160/has160.h index d32361601..9947d9580 100644 --- a/src/hash/has160/has160.h +++ b/src/hash/has160/has160.h @@ -31,7 +31,7 @@ class BOTAN_DLL HAS_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u32bit> X, digest; + secure_vector<u32bit> X, digest; }; } diff --git a/src/hash/keccak/keccak.cpp b/src/hash/keccak/keccak.cpp index 107055509..e34c0fd43 100644 --- a/src/hash/keccak/keccak.cpp +++ b/src/hash/keccak/keccak.cpp @@ -178,12 +178,12 @@ void Keccak_1600::add_data(const byte input[], size_t length) void Keccak_1600::final_result(byte output[]) { - MemoryVector<byte> padding(bitrate / 8 - S_pos); + std::vector<byte> padding(bitrate / 8 - S_pos); padding[0] = 0x01; padding[padding.size()-1] |= 0x80; - add_data(padding, padding.size()); + add_data(&padding[0], padding.size()); /* * We never have to run the permutation again because we only support diff --git a/src/hash/keccak/keccak.h b/src/hash/keccak/keccak.h index 17ae632ba..e91a04d32 100644 --- a/src/hash/keccak/keccak.h +++ b/src/hash/keccak/keccak.h @@ -38,7 +38,7 @@ class BOTAN_DLL Keccak_1600 : public HashFunction void final_result(byte out[]); size_t output_bits, bitrate; - SecureVector<u64bit> S; + secure_vector<u64bit> S; size_t S_pos; }; diff --git a/src/hash/md2/md2.h b/src/hash/md2/md2.h index 84e0323f7..032d8a8e0 100644 --- a/src/hash/md2/md2.h +++ b/src/hash/md2/md2.h @@ -32,7 +32,7 @@ class BOTAN_DLL MD2 : public HashFunction void hash(const byte[]); void final_result(byte[]); - SecureVector<byte> X, checksum, buffer; + secure_vector<byte> X, checksum, buffer; size_t position; }; diff --git a/src/hash/md4/md4.h b/src/hash/md4/md4.h index d37dbe3b2..750be0fe7 100644 --- a/src/hash/md4/md4.h +++ b/src/hash/md4/md4.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD4 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector<u32bit> M; + secure_vector<u32bit> M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector<u32bit> digest; + secure_vector<u32bit> digest; }; } diff --git a/src/hash/md5/md5.h b/src/hash/md5/md5.h index 92c023c92..bc90df0af 100644 --- a/src/hash/md5/md5.h +++ b/src/hash/md5/md5.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD5 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector<u32bit> M; + secure_vector<u32bit> M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector<u32bit> digest; + secure_vector<u32bit> digest; }; } diff --git a/src/hash/mdx_hash/mdx_hash.h b/src/hash/mdx_hash/mdx_hash.h index ed3381605..14d3c27a0 100644 --- a/src/hash/mdx_hash/mdx_hash.h +++ b/src/hash/mdx_hash/mdx_hash.h @@ -55,7 +55,7 @@ class BOTAN_DLL MDx_HashFunction : public HashFunction */ virtual void write_count(byte out[]); private: - SecureVector<byte> buffer; + secure_vector<byte> buffer; u64bit count; size_t position; diff --git a/src/hash/rmd128/rmd128.h b/src/hash/rmd128/rmd128.h index d64cf3c84..e37666a27 100644 --- a/src/hash/rmd128/rmd128.h +++ b/src/hash/rmd128/rmd128.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u32bit> M, digest; + secure_vector<u32bit> M, digest; }; } diff --git a/src/hash/rmd160/rmd160.h b/src/hash/rmd160/rmd160.h index 5df4ad490..0e43fed9a 100644 --- a/src/hash/rmd160/rmd160.h +++ b/src/hash/rmd160/rmd160.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u32bit> M, digest; + secure_vector<u32bit> M, digest; }; } diff --git a/src/hash/sha1/sha160.h b/src/hash/sha1/sha160.h index c3b264861..e2a81808d 100644 --- a/src/hash/sha1/sha160.h +++ b/src/hash/sha1/sha160.h @@ -47,12 +47,12 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction /** * The digest value, exposed for use by subclasses (asm, SSE2) */ - SecureVector<u32bit> digest; + secure_vector<u32bit> digest; /** * The message buffer, exposed for use by subclasses (asm, SSE2) */ - SecureVector<u32bit> W; + secure_vector<u32bit> W; }; } diff --git a/src/hash/sha2_32/sha2_32.cpp b/src/hash/sha2_32/sha2_32.cpp index 6dd780e64..cffc8bd2a 100644 --- a/src/hash/sha2_32/sha2_32.cpp +++ b/src/hash/sha2_32/sha2_32.cpp @@ -50,7 +50,7 @@ inline u32bit sigma(u32bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-224 / SHA-256 compression function */ -void compress(MemoryRegion<u32bit>& digest, +void compress(secure_vector<u32bit>& digest, const byte input[], size_t blocks) { u32bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_32/sha2_32.h b/src/hash/sha2_32/sha2_32.h index 807b979d1..ccb8e07f2 100644 --- a/src/hash/sha2_32/sha2_32.h +++ b/src/hash/sha2_32/sha2_32.h @@ -31,7 +31,7 @@ class BOTAN_DLL SHA_224 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u32bit> digest; + secure_vector<u32bit> digest; }; /** @@ -52,7 +52,7 @@ class BOTAN_DLL SHA_256 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u32bit> digest; + secure_vector<u32bit> digest; }; } diff --git a/src/hash/sha2_64/sha2_64.cpp b/src/hash/sha2_64/sha2_64.cpp index 3026c3a39..8dcb4684e 100644 --- a/src/hash/sha2_64/sha2_64.cpp +++ b/src/hash/sha2_64/sha2_64.cpp @@ -49,7 +49,7 @@ inline u64bit sigma(u64bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-{384,512} Compression Function */ -void compress(MemoryRegion<u64bit>& digest, +void compress(secure_vector<u64bit>& digest, const byte input[], size_t blocks) { u64bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_64/sha2_64.h b/src/hash/sha2_64/sha2_64.h index 124d4bbfb..58b154170 100644 --- a/src/hash/sha2_64/sha2_64.h +++ b/src/hash/sha2_64/sha2_64.h @@ -30,7 +30,7 @@ class BOTAN_DLL SHA_384 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u64bit> digest; + secure_vector<u64bit> digest; }; /** @@ -51,7 +51,7 @@ class BOTAN_DLL SHA_512 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector<u64bit> digest; + secure_vector<u64bit> digest; }; } diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp index 2458bf5f0..28c2aa38b 100644 --- a/src/hash/skein/skein_512.cpp +++ b/src/hash/skein/skein_512.cpp @@ -27,8 +27,8 @@ enum type_code { SKEIN_OUTPUT = 63 }; -void ubi_512(MemoryRegion<u64bit>& H, - MemoryRegion<u64bit>& T, +void ubi_512(secure_vector<u64bit>& H, + secure_vector<u64bit>& T, const byte msg[], size_t msg_len) { do @@ -125,7 +125,7 @@ void ubi_512(MemoryRegion<u64bit>& H, } while(msg_len); } -void reset_tweak(MemoryRegion<u64bit>& T, +void reset_tweak(secure_vector<u64bit>& T, type_code type, bool final) { T[0] = 0; @@ -135,8 +135,8 @@ void reset_tweak(MemoryRegion<u64bit>& T, (static_cast<u64bit>(final) << 63); } -void initial_block(MemoryRegion<u64bit>& H, - MemoryRegion<u64bit>& T, +void initial_block(secure_vector<u64bit>& H, + secure_vector<u64bit>& T, size_t output_bits, const std::string& personalization) { @@ -245,7 +245,7 @@ void Skein_512::final_result(byte out[]) size_t out_bytes = output_bits / 8; - SecureVector<u64bit> H_out(9); + secure_vector<u64bit> H_out(9); while(out_bytes) { diff --git a/src/hash/skein/skein_512.h b/src/hash/skein/skein_512.h index 8605e5991..e0abc06ae 100644 --- a/src/hash/skein/skein_512.h +++ b/src/hash/skein/skein_512.h @@ -41,9 +41,9 @@ class BOTAN_DLL Skein_512 : public HashFunction std::string personalization; size_t output_bits; - SecureVector<u64bit> H; - SecureVector<u64bit> T; - SecureVector<byte> buffer; + secure_vector<u64bit> H; + secure_vector<u64bit> T; + secure_vector<byte> buffer; size_t buf_pos; }; diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp index daa0939b9..57250d6f5 100644 --- a/src/hash/tiger/tiger.cpp +++ b/src/hash/tiger/tiger.cpp @@ -17,7 +17,7 @@ namespace { /* * Tiger Mixing Function */ -inline void mix(MemoryRegion<u64bit>& X) +inline void mix(secure_vector<u64bit>& X) { X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5; X[1] ^= X[0]; @@ -83,7 +83,7 @@ void Tiger::copy_out(byte output[]) * Tiger Pass */ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion<u64bit>& X, + const secure_vector<u64bit>& X, byte mul) { C ^= X[0]; diff --git a/src/hash/tiger/tiger.h b/src/hash/tiger/tiger.h index 09c9947fb..70c70958b 100644 --- a/src/hash/tiger/tiger.h +++ b/src/hash/tiger/tiger.h @@ -38,7 +38,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction void copy_out(byte[]); static void pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion<u64bit>& M, + const secure_vector<u64bit>& M, byte mul); static const u64bit SBOX1[256]; @@ -46,7 +46,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction static const u64bit SBOX3[256]; static const u64bit SBOX4[256]; - SecureVector<u64bit> X, digest; + secure_vector<u64bit> X, digest; const size_t hash_len, passes; }; diff --git a/src/hash/whirlpool/whrlpool.h b/src/hash/whirlpool/whrlpool.h index ab7a78bc8..d4ad805e1 100644 --- a/src/hash/whirlpool/whrlpool.h +++ b/src/hash/whirlpool/whrlpool.h @@ -39,7 +39,7 @@ class BOTAN_DLL Whirlpool : public MDx_HashFunction static const u64bit C6[256]; static const u64bit C7[256]; - SecureVector<u64bit> M, digest; + secure_vector<u64bit> M, digest; }; } diff --git a/src/kdf/kdf.cpp b/src/kdf/kdf.cpp index 6281f753c..88cbd5b99 100644 --- a/src/kdf/kdf.cpp +++ b/src/kdf/kdf.cpp @@ -12,8 +12,8 @@ namespace Botan { /* * Derive a key */ -SecureVector<byte> KDF::derive_key(size_t key_len, - const MemoryRegion<byte>& secret, +secure_vector<byte> KDF::derive_key(size_t key_len, + const secure_vector<byte>& secret, const std::string& salt) const { return derive_key(key_len, &secret[0], secret.size(), @@ -24,8 +24,8 @@ SecureVector<byte> KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector<byte> KDF::derive_key(size_t key_len, - const MemoryRegion<byte>& secret, +secure_vector<byte> KDF::derive_key(size_t key_len, + const secure_vector<byte>& secret, const byte salt[], size_t salt_len) const { return derive_key(key_len, &secret[0], secret.size(), @@ -35,18 +35,7 @@ SecureVector<byte> KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector<byte> KDF::derive_key(size_t key_len, - const MemoryRegion<byte>& secret, - const MemoryRegion<byte>& salt) const - { - return derive_key(key_len, &secret[0], secret.size(), - &salt[0], salt.size()); - } - -/* -* Derive a key -*/ -SecureVector<byte> KDF::derive_key(size_t key_len, +secure_vector<byte> KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt) const { @@ -58,7 +47,7 @@ SecureVector<byte> KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector<byte> KDF::derive_key(size_t key_len, +secure_vector<byte> KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { diff --git a/src/kdf/kdf.h b/src/kdf/kdf.h index 3ec912cfe..e158df0ae 100644 --- a/src/kdf/kdf.h +++ b/src/kdf/kdf.h @@ -26,8 +26,8 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector<byte> derive_key(size_t key_len, - const MemoryRegion<byte>& secret, + secure_vector<byte> derive_key(size_t key_len, + const secure_vector<byte>& secret, const std::string& salt = "") const; /** @@ -36,9 +36,15 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector<byte> derive_key(size_t key_len, - const MemoryRegion<byte>& secret, - const MemoryRegion<byte>& salt) const; + template<typename Alloc, typename Alloc2> + secure_vector<byte> derive_key(size_t key_len, + const std::vector<byte, Alloc>& secret, + const std::vector<byte, Alloc2>& salt) const + { + return derive_key(key_len, &secret[0], secret.size(), + &salt[0], salt.size()); + + } /** * Derive a key @@ -47,8 +53,8 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector<byte> derive_key(size_t key_len, - const MemoryRegion<byte>& secret, + secure_vector<byte> derive_key(size_t key_len, + const secure_vector<byte>& secret, const byte salt[], size_t salt_len) const; @@ -59,7 +65,7 @@ class BOTAN_DLL KDF : public Algorithm * @param secret_len size of secret in bytes * @param salt a diversifier */ - SecureVector<byte> derive_key(size_t key_len, + secure_vector<byte> derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt = "") const; @@ -72,7 +78,7 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector<byte> derive_key(size_t key_len, + secure_vector<byte> derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], @@ -82,7 +88,7 @@ class BOTAN_DLL KDF : public Algorithm virtual KDF* clone() const = 0; private: - virtual SecureVector<byte> + virtual secure_vector<byte> derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const = 0; diff --git a/src/kdf/kdf1/kdf1.cpp b/src/kdf/kdf1/kdf1.cpp index f3e4e208f..f00f71010 100644 --- a/src/kdf/kdf1/kdf1.cpp +++ b/src/kdf/kdf1/kdf1.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * KDF1 Key Derivation Mechanism */ -SecureVector<byte> KDF1::derive(size_t, +secure_vector<byte> KDF1::derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { diff --git a/src/kdf/kdf1/kdf1.h b/src/kdf/kdf1/kdf1.h index f627235be..6a14d2995 100644 --- a/src/kdf/kdf1/kdf1.h +++ b/src/kdf/kdf1/kdf1.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF1 : public KDF { public: - SecureVector<byte> derive(size_t, + secure_vector<byte> derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const; diff --git a/src/kdf/kdf2/kdf2.cpp b/src/kdf/kdf2/kdf2.cpp index 51b9e41ea..39a929b58 100644 --- a/src/kdf/kdf2/kdf2.cpp +++ b/src/kdf/kdf2/kdf2.cpp @@ -12,11 +12,11 @@ namespace Botan { /* * KDF2 Key Derivation Mechanism */ -SecureVector<byte> KDF2::derive(size_t out_len, +secure_vector<byte> KDF2::derive(size_t out_len, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { - SecureVector<byte> output; + secure_vector<byte> output; u32bit counter = 1; while(out_len && counter) @@ -25,7 +25,7 @@ SecureVector<byte> KDF2::derive(size_t out_len, hash->update_be(counter); hash->update(P, P_len); - SecureVector<byte> hash_result = hash->final(); + secure_vector<byte> hash_result = hash->final(); size_t added = std::min(hash_result.size(), out_len); output += std::make_pair(&hash_result[0], added); diff --git a/src/kdf/kdf2/kdf2.h b/src/kdf/kdf2/kdf2.h index e85fe6d1c..e33939df9 100644 --- a/src/kdf/kdf2/kdf2.h +++ b/src/kdf/kdf2/kdf2.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF2 : public KDF { public: - SecureVector<byte> derive(size_t, const byte[], size_t, + secure_vector<byte> derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "KDF2(" + hash->name() + ")"; } diff --git a/src/kdf/mgf1/mgf1.cpp b/src/kdf/mgf1/mgf1.cpp index 7d949c2b8..e0433a02f 100644 --- a/src/kdf/mgf1/mgf1.cpp +++ b/src/kdf/mgf1/mgf1.cpp @@ -25,7 +25,7 @@ void MGF1::mask(const byte in[], size_t in_len, byte out[], { hash->update(in, in_len); hash->update_be(counter); - SecureVector<byte> buffer = hash->final(); + secure_vector<byte> buffer = hash->final(); size_t xored = std::min<size_t>(buffer.size(), out_len); xor_buf(out, &buffer[0], xored); diff --git a/src/kdf/prf_ssl3/prf_ssl3.cpp b/src/kdf/prf_ssl3/prf_ssl3.cpp index 72cf023e2..8475bf40a 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.cpp +++ b/src/kdf/prf_ssl3/prf_ssl3.cpp @@ -33,11 +33,11 @@ OctetString next_hash(size_t where, size_t want, sha1.update(static_cast<byte>(ASCII_A_CHAR + where)); sha1.update(secret, secret_len); sha1.update(seed, seed_len); - SecureVector<byte> sha1_hash = sha1.final(); + secure_vector<byte> sha1_hash = sha1.final(); md5.update(secret, secret_len); md5.update(sha1_hash); - SecureVector<byte> md5_hash = md5.final(); + secure_vector<byte> md5_hash = md5.final(); return OctetString(&md5_hash[0], want); } @@ -47,7 +47,7 @@ OctetString next_hash(size_t where, size_t want, /* * SSL3 PRF */ -SecureVector<byte> SSL3_PRF::derive(size_t key_len, +secure_vector<byte> SSL3_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { diff --git a/src/kdf/prf_ssl3/prf_ssl3.h b/src/kdf/prf_ssl3/prf_ssl3.h index b07454be2..bae8badb8 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.h +++ b/src/kdf/prf_ssl3/prf_ssl3.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL SSL3_PRF : public KDF { public: - SecureVector<byte> derive(size_t, const byte[], size_t, + secure_vector<byte> derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "SSL3-PRF"; } diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 1236e13c7..006b418c9 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -18,7 +18,7 @@ namespace { /* * TLS PRF P_hash function */ -void P_hash(MemoryRegion<byte>& output, +void P_hash(secure_vector<byte>& output, MessageAuthenticationCode* mac, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) @@ -34,7 +34,7 @@ void P_hash(MemoryRegion<byte>& output, " bytes is too long for the PRF"); } - SecureVector<byte> A(seed, seed_len); + secure_vector<byte> A(seed, seed + seed_len); size_t offset = 0; @@ -47,7 +47,7 @@ void P_hash(MemoryRegion<byte>& output, mac->update(A); mac->update(seed, seed_len); - SecureVector<byte> block = mac->final(); + secure_vector<byte> block = mac->final(); xor_buf(&output[offset], &block[0], this_block_len); offset += this_block_len; @@ -74,11 +74,11 @@ TLS_PRF::~TLS_PRF() /* * TLS PRF */ -SecureVector<byte> TLS_PRF::derive(size_t key_len, +secure_vector<byte> TLS_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector<byte> output(key_len); + secure_vector<byte> output(key_len); size_t S1_len = (secret_len + 1) / 2, S2_len = (secret_len + 1) / 2; @@ -103,11 +103,11 @@ TLS_12_PRF::~TLS_12_PRF() delete hmac; } -SecureVector<byte> TLS_12_PRF::derive(size_t key_len, +secure_vector<byte> TLS_12_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector<byte> output(key_len); + secure_vector<byte> output(key_len); P_hash(output, hmac, secret, secret_len, seed, seed_len); diff --git a/src/kdf/prf_tls/prf_tls.h b/src/kdf/prf_tls/prf_tls.h index 5237f17c0..fce11eae0 100644 --- a/src/kdf/prf_tls/prf_tls.h +++ b/src/kdf/prf_tls/prf_tls.h @@ -20,7 +20,7 @@ namespace Botan { class BOTAN_DLL TLS_PRF : public KDF { public: - SecureVector<byte> derive(size_t key_len, + secure_vector<byte> derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; @@ -40,7 +40,7 @@ class BOTAN_DLL TLS_PRF : public KDF class BOTAN_DLL TLS_12_PRF : public KDF { public: - SecureVector<byte> derive(size_t key_len, + secure_vector<byte> derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; diff --git a/src/kdf/prf_x942/prf_x942.cpp b/src/kdf/prf_x942/prf_x942.cpp index fc31effe4..149be163f 100644 --- a/src/kdf/prf_x942/prf_x942.cpp +++ b/src/kdf/prf_x942/prf_x942.cpp @@ -20,11 +20,11 @@ namespace { /* * Encode an integer as an OCTET STRING */ -MemoryVector<byte> encode_x942_int(u32bit n) +std::vector<byte> encode_x942_int(u32bit n) { byte n_buf[4] = { 0 }; store_be(n, n_buf); - return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents_unlocked(); } } @@ -32,14 +32,14 @@ MemoryVector<byte> encode_x942_int(u32bit n) /* * X9.42 PRF */ -SecureVector<byte> X942_PRF::derive(size_t key_len, +secure_vector<byte> X942_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { SHA_160 hash; const OID kek_algo(key_wrap_oid); - SecureVector<byte> key; + secure_vector<byte> key; u32bit counter = 1; while(key.size() != key_len && counter) @@ -68,7 +68,7 @@ SecureVector<byte> X942_PRF::derive(size_t key_len, .end_cons().get_contents() ); - SecureVector<byte> digest = hash.final(); + secure_vector<byte> digest = hash.final(); const size_t needed = std::min(digest.size(), key_len - key.size()); key += std::make_pair(&digest[0], needed); diff --git a/src/kdf/prf_x942/prf_x942.h b/src/kdf/prf_x942/prf_x942.h index e6093eda6..f86b1bdd5 100644 --- a/src/kdf/prf_x942/prf_x942.h +++ b/src/kdf/prf_x942/prf_x942.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL X942_PRF : public KDF { public: - SecureVector<byte> derive(size_t, const byte[], size_t, + secure_vector<byte> derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "X942_PRF(" + key_wrap_oid + ")"; } diff --git a/src/libstate/info.txt b/src/libstate/info.txt index ef0c9a47e..0e523e601 100644 --- a/src/libstate/info.txt +++ b/src/libstate/info.txt @@ -45,5 +45,4 @@ rng sha2_32 sha2_64 stream -system_alloc </requires> diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index 588c5db1b..eafa6dbb0 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -9,7 +9,6 @@ #include <botan/charset.h> #include <botan/engine.h> #include <botan/cpuid.h> -#include <botan/internal/defalloc.h> #include <botan/internal/core_engine.h> #include <botan/internal/stl_util.h> #include <botan/internal/mlock.h> @@ -19,10 +18,6 @@ #include <botan/selftest.h> #endif -#if defined(BOTAN_HAS_ALLOC_MMAP) - #include <botan/internal/mmap_mem.h> -#endif - #if defined(BOTAN_HAS_ENGINE_ASSEMBLER) #include <botan/internal/asm_engine.h> #endif @@ -46,53 +41,6 @@ namespace Botan { /* -* Get an allocator by its name -*/ -Allocator* Library_State::get_allocator(const std::string& type) - { - std::lock_guard<std::mutex> lock(allocator_lock); - - if(type != "") - return search_map<std::string, Allocator*>(alloc_factory, type, 0); - - if(!cached_default_allocator) - { - cached_default_allocator = - search_map<std::string, Allocator*>(alloc_factory, - default_allocator_name, 0); - } - - return cached_default_allocator; - } - -/* -* Create a new name to object mapping -*/ -void Library_State::add_allocator(Allocator* allocator) - { - std::lock_guard<std::mutex> lock(allocator_lock); - - allocator->init(); - - allocators.push_back(allocator); - alloc_factory[allocator->type()] = allocator; - } - -/* -* Set the default allocator type -*/ -void Library_State::set_default_allocator(const std::string& type) - { - if(type == "") - return; - - std::lock_guard<std::mutex> lock(allocator_lock); - - default_allocator_name = type; - cached_default_allocator = 0; - } - -/* * Get a configuration value */ std::string Library_State::get(const std::string& section, @@ -184,16 +132,6 @@ void Library_State::initialize() if(m_algorithm_factory) throw Invalid_State("Library_State has already been initialized"); - cached_default_allocator = 0; - default_allocator_name = has_mlock() ? "locking" : "malloc"; - - add_allocator(new Malloc_Allocator); - add_allocator(new Locking_Allocator); - -#if defined(BOTAN_HAS_ALLOC_MMAP) - add_allocator(new MemoryMapping_Allocator); -#endif - load_default_config(); m_algorithm_factory = new Algorithm_Factory(); @@ -230,7 +168,6 @@ void Library_State::initialize() */ Library_State::Library_State() { - cached_default_allocator = 0; m_algorithm_factory = 0; global_rng_ptr = 0; @@ -246,15 +183,6 @@ Library_State::~Library_State() delete global_rng_ptr; global_rng_ptr = 0; - - - cached_default_allocator = 0; - - for(size_t i = 0; i != allocators.size(); ++i) - { - allocators[i]->destroy(); - delete allocators[i]; - } } } diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h index 49908a1e3..b260a5bb9 100644 --- a/src/libstate/libstate.h +++ b/src/libstate/libstate.h @@ -9,7 +9,6 @@ #define BOTAN_LIB_STATE_H__ #include <botan/global_state.h> -#include <botan/allocate.h> #include <botan/algo_factory.h> #include <botan/rng.h> @@ -45,18 +44,6 @@ class BOTAN_DLL Library_State RandomNumberGenerator& global_rng(); /** - * @param name the name of the allocator - * @return allocator matching this name, or NULL - */ - Allocator* get_allocator(const std::string& name = ""); - - /** - * Add a new allocator to the list of available ones - * @param alloc the allocator to add - */ - void add_allocator(Allocator* alloc); - - /** * Set the default allocator * @param name the name of the allocator to use as the default */ @@ -121,12 +108,6 @@ class BOTAN_DLL Library_State std::mutex config_lock; std::map<std::string, std::string> config; - std::mutex allocator_lock; - std::string default_allocator_name; - std::map<std::string, Allocator*> alloc_factory; - mutable Allocator* cached_default_allocator; - std::vector<Allocator*> allocators; - Algorithm_Factory* m_algorithm_factory; }; diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h index 5cc8adc67..be25718d9 100644 --- a/src/mac/cbc_mac/cbc_mac.h +++ b/src/mac/cbc_mac/cbc_mac.h @@ -40,7 +40,7 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector<byte> state; + secure_vector<byte> state; size_t position; }; diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index 7cd53f578..00120cf14 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -13,12 +13,12 @@ namespace Botan { /* * Perform CMAC's multiplication in GF(2^n) */ -SecureVector<byte> CMAC::poly_double(const MemoryRegion<byte>& in, +secure_vector<byte> CMAC::poly_double(const secure_vector<byte>& in, byte polynomial) { const byte poly_xor = (in[0] & 0x80) ? polynomial : 0; - SecureVector<byte> out = in; + secure_vector<byte> out = in; byte carry = 0; for(size_t i = out.size(); i != 0; --i) diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h index 98634bdb7..3e75d3951 100644 --- a/src/mac/cmac/cmac.h +++ b/src/mac/cmac/cmac.h @@ -35,7 +35,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode * @param in the input * @param polynomial the byte value of the polynomial */ - static SecureVector<byte> poly_double(const MemoryRegion<byte>& in, + static secure_vector<byte> poly_double(const secure_vector<byte>& in, byte polynomial); /** @@ -49,7 +49,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector<byte> buffer, state, B, P; + secure_vector<byte> buffer, state, B, P; size_t position; byte polynomial; }; diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index fc35e26ea..61cb262d0 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -42,7 +42,7 @@ void HMAC::key_schedule(const byte key[], size_t length) if(length > hash->hash_block_size()) { - SecureVector<byte> hmac_key = hash->process(key, length); + secure_vector<byte> hmac_key = hash->process(key, length); xor_buf(i_key, hmac_key, hmac_key.size()); xor_buf(o_key, hmac_key, hmac_key.size()); } diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h index 9de1bc7b5..cb5bd6917 100644 --- a/src/mac/hmac/hmac.h +++ b/src/mac/hmac/hmac.h @@ -41,7 +41,7 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector<byte> i_key, o_key; + secure_vector<byte> i_key, o_key; }; } diff --git a/src/mac/mac.cpp b/src/mac/mac.cpp index 2ef4ab64c..094aa1b4a 100644 --- a/src/mac/mac.cpp +++ b/src/mac/mac.cpp @@ -15,7 +15,7 @@ namespace Botan { */ bool MessageAuthenticationCode::verify_mac(const byte mac[], size_t length) { - SecureVector<byte> our_mac = final(); + secure_vector<byte> our_mac = final(); if(our_mac.size() != length) return false; diff --git a/src/mac/ssl3mac/ssl3_mac.h b/src/mac/ssl3mac/ssl3_mac.h index a85a78263..d23ac023c 100644 --- a/src/mac/ssl3mac/ssl3_mac.h +++ b/src/mac/ssl3mac/ssl3_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL SSL3_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector<byte> i_key, o_key; + secure_vector<byte> i_key, o_key; }; } diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp index fcbe77537..faf6138ef 100644 --- a/src/mac/x919_mac/x919_mac.cpp +++ b/src/mac/x919_mac/x919_mac.cpp @@ -44,7 +44,7 @@ void ANSI_X919_MAC::final_result(byte mac[]) { if(position) e->encrypt(state); - d->decrypt(state, mac); + d->decrypt(&state[0], mac); e->encrypt(mac); zeroise(state); position = 0; diff --git a/src/mac/x919_mac/x919_mac.h b/src/mac/x919_mac/x919_mac.h index 58a005e0b..4b5e63b33 100644 --- a/src/mac/x919_mac/x919_mac.h +++ b/src/mac/x919_mac/x919_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL ANSI_X919_MAC : public MessageAuthenticationCode BlockCipher* e; BlockCipher* d; - SecureVector<byte> state; + secure_vector<byte> state; size_t position; }; diff --git a/src/math/bigint/big_code.cpp b/src/math/bigint/big_code.cpp index 28614c9f1..a55ec662e 100644 --- a/src/math/bigint/big_code.cpp +++ b/src/math/bigint/big_code.cpp @@ -21,7 +21,7 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) n.binary_encode(output); else if(base == Hexadecimal) { - SecureVector<byte> binary(n.encoded_size(Binary)); + secure_vector<byte> binary(n.encoded_size(Binary)); n.binary_encode(&binary[0]); hex_encode(reinterpret_cast<char*>(output), @@ -61,9 +61,23 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) /* * Encode a BigInt */ -SecureVector<byte> BigInt::encode(const BigInt& n, Base base) +std::vector<byte> BigInt::encode(const BigInt& n, Base base) { - SecureVector<byte> output(n.encoded_size(base)); + std::vector<byte> output(n.encoded_size(base)); + encode(&output[0], n, base); + if(base != Binary) + for(size_t j = 0; j != output.size(); ++j) + if(output[j] == 0) + output[j] = '0'; + return output; + } + +/* +* Encode a BigInt +*/ +secure_vector<byte> BigInt::encode_locked(const BigInt& n, Base base) + { + secure_vector<byte> output(n.encoded_size(base)); encode(&output[0], n, base); if(base != Binary) for(size_t j = 0; j != output.size(); ++j) @@ -75,7 +89,7 @@ SecureVector<byte> BigInt::encode(const BigInt& n, Base base) /* * Encode a BigInt, with leading 0s if needed */ -SecureVector<byte> BigInt::encode_1363(const BigInt& n, size_t bytes) +secure_vector<byte> BigInt::encode_1363(const BigInt& n, size_t bytes) { const size_t n_bytes = n.bytes(); if(n_bytes > bytes) @@ -83,7 +97,7 @@ SecureVector<byte> BigInt::encode_1363(const BigInt& n, size_t bytes) const size_t leading_0s = bytes - n_bytes; - SecureVector<byte> output(bytes); + secure_vector<byte> output(bytes); encode(&output[leading_0s], n, Binary); return output; } @@ -91,14 +105,6 @@ SecureVector<byte> BigInt::encode_1363(const BigInt& n, size_t bytes) /* * Decode a BigInt */ -BigInt BigInt::decode(const MemoryRegion<byte>& buf, Base base) - { - return BigInt::decode(&buf[0], buf.size(), base); - } - -/* -* Decode a BigInt -*/ BigInt BigInt::decode(const byte buf[], size_t length, Base base) { BigInt r; @@ -106,7 +112,7 @@ BigInt BigInt::decode(const byte buf[], size_t length, Base base) r.binary_decode(buf, length); else if(base == Hexadecimal) { - SecureVector<byte> binary; + secure_vector<byte> binary; if(length % 2) { diff --git a/src/math/bigint/big_io.cpp b/src/math/bigint/big_io.cpp index 70e4a464a..130a98a3b 100644 --- a/src/math/bigint/big_io.cpp +++ b/src/math/bigint/big_io.cpp @@ -27,7 +27,7 @@ std::ostream& operator<<(std::ostream& stream, const BigInt& n) { if(n < 0) stream.write("-", 1); - SecureVector<byte> buffer = BigInt::encode(n, base); + const std::vector<byte> buffer = BigInt::encode(n, base); size_t skip = 0; while(buffer[skip] == '0' && skip < buffer.size()) ++skip; diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp index ff5cc7922..ea2bdc961 100644 --- a/src/math/bigint/big_ops2.cpp +++ b/src/math/bigint/big_ops2.cpp @@ -23,15 +23,15 @@ BigInt& BigInt::operator+=(const BigInt& y) grow_to(reg_size); if(sign() == y.sign()) - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - SecureVector<word> z(reg_size - 1); - bigint_sub3(z, y.data(), reg_size - 1, data(), x_sw); + secure_vector<word> z(reg_size - 1); + bigint_sub3(&z[0], y.data(), reg_size - 1, data(), x_sw); copy_mem(®[0], &z[0], z.size()); set_sign(y.sign()); } @@ -41,7 +41,7 @@ BigInt& BigInt::operator+=(const BigInt& y) set_sign(Positive); } else if(relative_size > 0) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); } return (*this); @@ -62,9 +62,9 @@ BigInt& BigInt::operator-=(const BigInt& y) if(relative_size < 0) { if(sign() == y.sign()) - bigint_sub2_rev(get_reg(), y.data(), y_sw); + bigint_sub2_rev(data(), y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); set_sign(y.reverse_sign()); } @@ -76,14 +76,14 @@ BigInt& BigInt::operator-=(const BigInt& y) set_sign(Positive); } else - bigint_shl1(get_reg(), x_sw, 0, 1); + bigint_shl1(data(), x_sw, 0, 1); } else if(relative_size > 0) { if(sign() == y.sign()) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); } return (*this); @@ -105,22 +105,22 @@ BigInt& BigInt::operator*=(const BigInt& y) else if(x_sw == 1 && y_sw) { grow_to(y_sw + 2); - bigint_linmul3(get_reg(), y.data(), y_sw, word_at(0)); + bigint_linmul3(data(), y.data(), y_sw, word_at(0)); } else if(y_sw == 1 && x_sw) { grow_to(x_sw + 2); - bigint_linmul2(get_reg(), x_sw, y.word_at(0)); + bigint_linmul2(data(), x_sw, y.word_at(0)); } else { grow_to(size() + y.size()); - SecureVector<word> z(data(), x_sw); - SecureVector<word> workspace(size()); + secure_vector<word> z(data(), data() + x_sw); + secure_vector<word> workspace(size()); - bigint_mul(get_reg(), size(), workspace, - z, z.size(), x_sw, + bigint_mul(data(), size(), &workspace[0], + &z[0], z.size(), x_sw, y.data(), y.size(), y_sw); } @@ -159,7 +159,7 @@ word BigInt::operator%=(word mod) word result = (word_at(0) & (mod - 1)); clear(); grow_to(2); - get_reg()[0] = result; + reg[0] = result; return result; } @@ -171,9 +171,9 @@ word BigInt::operator%=(word mod) grow_to(2); if(remainder && sign() == BigInt::Negative) - get_reg()[0] = mod - remainder; + reg[0] = mod - remainder; else - get_reg()[0] = remainder; + reg[0] = remainder; set_sign(BigInt::Positive); @@ -192,7 +192,7 @@ BigInt& BigInt::operator<<=(size_t shift) words = sig_words(); grow_to(words + shift_words + (shift_bits ? 1 : 0)); - bigint_shl1(get_reg(), words, shift_words, shift_bits); + bigint_shl1(data(), words, shift_words, shift_bits); } return (*this); @@ -208,7 +208,7 @@ BigInt& BigInt::operator>>=(size_t shift) const size_t shift_words = shift / MP_WORD_BITS, shift_bits = shift % MP_WORD_BITS; - bigint_shr1(get_reg(), sig_words(), shift_words, shift_bits); + bigint_shr1(data(), sig_words(), shift_words, shift_bits); if(is_zero()) set_sign(Positive); diff --git a/src/math/bigint/big_ops3.cpp b/src/math/bigint/big_ops3.cpp index 52472bc52..a33b32bb7 100644 --- a/src/math/bigint/big_ops3.cpp +++ b/src/math/bigint/big_ops3.cpp @@ -23,20 +23,20 @@ BigInt operator+(const BigInt& x, const BigInt& y) BigInt z(x.sign(), std::max(x_sw, y_sw) + 1); if((x.sign() == y.sign())) - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); z.set_sign(y.sign()); } else if(relative_size == 0) z.set_sign(BigInt::Positive); else if(relative_size > 0) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); } return z; @@ -56,22 +56,22 @@ BigInt operator-(const BigInt& x, const BigInt& y) if(relative_size < 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(y.reverse_sign()); } else if(relative_size == 0) { if(x.sign() != y.sign()) - bigint_shl2(z.get_reg(), x.data(), x_sw, 0, 1); + bigint_shl2(z.data(), x.data(), x_sw, 0, 1); } else if(relative_size > 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(x.sign()); } return z; @@ -87,13 +87,13 @@ BigInt operator*(const BigInt& x, const BigInt& y) BigInt z(BigInt::Positive, x.size() + y.size()); if(x_sw == 1 && y_sw) - bigint_linmul3(z.get_reg(), y.data(), y_sw, x.word_at(0)); + bigint_linmul3(z.data(), y.data(), y_sw, x.word_at(0)); else if(y_sw == 1 && x_sw) - bigint_linmul3(z.get_reg(), x.data(), x_sw, y.word_at(0)); + bigint_linmul3(z.data(), x.data(), x_sw, y.word_at(0)); else if(x_sw && y_sw) { - SecureVector<word> workspace(z.size()); - bigint_mul(z.get_reg(), z.size(), workspace, + secure_vector<word> workspace(z.size()); + bigint_mul(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw, y.data(), y.size(), y_sw); } @@ -164,7 +164,7 @@ BigInt operator<<(const BigInt& x, size_t shift) const size_t x_sw = x.sig_words(); BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0)); - bigint_shl2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shl2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } @@ -183,7 +183,7 @@ BigInt operator>>(const BigInt& x, size_t shift) x_sw = x.sig_words(); BigInt y(x.sign(), x_sw - shift_words); - bigint_shr2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shr2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } diff --git a/src/math/bigint/big_rand.cpp b/src/math/bigint/big_rand.cpp index 7cddb2de0..a6776a296 100644 --- a/src/math/bigint/big_rand.cpp +++ b/src/math/bigint/big_rand.cpp @@ -35,7 +35,7 @@ void BigInt::randomize(RandomNumberGenerator& rng, clear(); else { - SecureVector<byte> array = rng.random_vec((bitsize + 7) / 8); + secure_vector<byte> array = rng.random_vec((bitsize + 7) / 8); if(bitsize % 8) array[0] &= 0xFF >> (8 - (bitsize % 8)); diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index df4414aba..5029c01f8 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -345,12 +345,4 @@ void BigInt::binary_decode(const byte buf[], size_t length) reg[length / WORD_BYTES] = (reg[length / WORD_BYTES] << 8) | buf[i]; } -/* -* Set this number to the value in buf -*/ -void BigInt::binary_decode(const MemoryRegion<byte>& buf) - { - binary_decode(buf, buf.size()); - } - } diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 57aa84528..98b98bd6f 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -314,22 +314,29 @@ class BOTAN_DLL BigInt * @result a pointer to the start of the internal register of * the integer value */ + word* data() { return ®[0]; } + + /** + * Return a pointer to the big integer word register + * @result a pointer to the start of the internal register of + * the integer value + */ const word* data() const { return ®[0]; } /** * return a reference to the internal register containing the value - * @result a reference to the word-array (SecureVector<word>) + * @result a reference to the word-array (secure_vector<word>) * with the internal register value (containing the integer * value) */ - SecureVector<word>& get_reg() { return reg; } + secure_vector<word>& get_reg() { return reg; } /** * return a const reference to the internal register containing the value - * @result a const reference to the word-array (SecureVector<word>) + * @result a const reference to the word-array (secure_vector<word>) * with the internal register value (containing the integer value) */ - const SecureVector<word>& get_reg() const { return reg; } + const secure_vector<word>& get_reg() const { return reg; } /** * Assign using a plain word array @@ -369,10 +376,13 @@ class BOTAN_DLL BigInt void binary_decode(const byte buf[], size_t length); /** - * Read integer value from a byte array (MemoryRegion<byte>) + * Read integer value from a byte array (secure_vector<byte>) * @param buf the array to load from */ - void binary_decode(const MemoryRegion<byte>& buf); + void binary_decode(const secure_vector<byte>& buf) + { + binary_decode(&buf[0], buf.size()); + } /** * @param base the base to measure the size for @@ -391,12 +401,21 @@ class BOTAN_DLL BigInt const BigInt& max); /** - * Encode the integer value from a BigInt to a SecureVector of bytes + * Encode the integer value from a BigInt to a std::vector of bytes + * @param n the BigInt to use as integer source + * @param base number-base of resulting byte array representation + * @result secure_vector of bytes containing the integer with given base + */ + static std::vector<byte> encode(const BigInt& n, Base base = Binary); + + /** + * Encode the integer value from a BigInt to a secure_vector of bytes * @param n the BigInt to use as integer source * @param base number-base of resulting byte array representation - * @result SecureVector of bytes containing the integer with given base + * @result secure_vector of bytes containing the integer with given base */ - static SecureVector<byte> encode(const BigInt& n, Base base = Binary); + static secure_vector<byte> encode_locked(const BigInt& n, + Base base = Binary); /** * Encode the integer value from a BigInt to a byte array @@ -423,16 +442,31 @@ class BOTAN_DLL BigInt * @param base number-base of the integer in buf * @result BigInt representing the integer in the byte array */ - static BigInt decode(const MemoryRegion<byte>& buf, - Base base = Binary); + static BigInt decode(const secure_vector<byte>& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } + + /** + * Create a BigInt from an integer in a byte array + * @param buf the binary value to load + * @param base number-base of the integer in buf + * @result BigInt representing the integer in the byte array + */ + static BigInt decode(const std::vector<byte>& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } /** * Encode a BigInt to a byte array according to IEEE 1363 * @param n the BigInt to encode - * @param bytes the length of the resulting SecureVector<byte> - * @result a SecureVector<byte> containing the encoded BigInt + * @param bytes the length of the resulting secure_vector<byte> + * @result a secure_vector<byte> containing the encoded BigInt */ - static SecureVector<byte> encode_1363(const BigInt& n, size_t bytes); + static secure_vector<byte> encode_1363(const BigInt& n, size_t bytes); /** * Swap this value with another @@ -528,7 +562,7 @@ class BOTAN_DLL BigInt */ BigInt& operator=(const BigInt&) = default; private: - SecureVector<word> reg; + secure_vector<word> reg; Sign signedness; }; diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp index 7ac6b4141..ec6fed4a1 100644 --- a/src/math/ec_gfp/point_gfp.cpp +++ b/src/math/ec_gfp/point_gfp.cpp @@ -45,7 +45,7 @@ void PointGFp::monty_mult(BigInt& z, const BigInt& x, const BigInt& y) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector<word>& z_reg = z.get_reg(); + secure_vector<word>& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -71,7 +71,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector<word>& z_reg = z.get_reg(); + secure_vector<word>& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -479,22 +479,22 @@ bool PointGFp::operator==(const PointGFp& other) const } // encoding and decoding -SecureVector<byte> EC2OSP(const PointGFp& point, byte format) +secure_vector<byte> EC2OSP(const PointGFp& point, byte format) { if(point.is_zero()) - return SecureVector<byte>(1); // single 0 byte + return secure_vector<byte>(1); // single 0 byte const size_t p_bytes = point.get_curve().get_p().bytes(); BigInt x = point.get_affine_x(); BigInt y = point.get_affine_y(); - SecureVector<byte> bX = BigInt::encode_1363(x, p_bytes); - SecureVector<byte> bY = BigInt::encode_1363(y, p_bytes); + secure_vector<byte> bX = BigInt::encode_1363(x, p_bytes); + secure_vector<byte> bY = BigInt::encode_1363(y, p_bytes); if(format == PointGFp::UNCOMPRESSED) { - SecureVector<byte> result; + secure_vector<byte> result; result.push_back(0x04); result += bX; @@ -504,7 +504,7 @@ SecureVector<byte> EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::COMPRESSED) { - SecureVector<byte> result; + secure_vector<byte> result; result.push_back(0x02 | static_cast<byte>(y.get_bit(0))); result += bX; @@ -513,7 +513,7 @@ SecureVector<byte> EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::HYBRID) { - SecureVector<byte> result; + secure_vector<byte> result; result.push_back(0x06 | static_cast<byte>(y.get_bit(0))); result += bX; diff --git a/src/math/ec_gfp/point_gfp.h b/src/math/ec_gfp/point_gfp.h index 546a8dd6f..017f66e1c 100644 --- a/src/math/ec_gfp/point_gfp.h +++ b/src/math/ec_gfp/point_gfp.h @@ -245,7 +245,7 @@ class BOTAN_DLL PointGFp CurveGFp curve; BigInt coord_x, coord_y, coord_z; - mutable SecureVector<word> ws; // workspace for Montgomery + mutable secure_vector<word> ws; // workspace for Montgomery }; // relational operators @@ -278,12 +278,13 @@ inline PointGFp operator*(const PointGFp& point, const BigInt& scalar) } // encoding and decoding -SecureVector<byte> BOTAN_DLL EC2OSP(const PointGFp& point, byte format); +secure_vector<byte> BOTAN_DLL EC2OSP(const PointGFp& point, byte format); PointGFp BOTAN_DLL OS2ECP(const byte data[], size_t data_len, const CurveGFp& curve); -inline PointGFp OS2ECP(const MemoryRegion<byte>& data, const CurveGFp& curve) +template<typename Alloc> +PointGFp OS2ECP(const std::vector<byte, Alloc>& data, const CurveGFp& curve) { return OS2ECP(&data[0], data.size(), curve); } } diff --git a/src/math/numbertheory/dsa_gen.cpp b/src/math/numbertheory/dsa_gen.cpp index 612370804..d30a08f1a 100644 --- a/src/math/numbertheory/dsa_gen.cpp +++ b/src/math/numbertheory/dsa_gen.cpp @@ -42,7 +42,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p, BigInt& q, size_t pbits, size_t qbits, - const MemoryRegion<byte>& seed_c) + const std::vector<byte>& seed_c) { if(!fips186_3_valid_size(pbits, qbits)) throw Invalid_Argument( @@ -62,9 +62,9 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, class Seed { public: - Seed(const MemoryRegion<byte>& s) : seed(s) {} + Seed(const std::vector<byte>& s) : seed(s) {} - operator MemoryRegion<byte>& () { return seed; } + operator std::vector<byte>& () { return seed; } Seed& operator++() { @@ -74,7 +74,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, return (*this); } private: - SecureVector<byte> seed; + std::vector<byte> seed; }; Seed seed(seed_c); @@ -90,7 +90,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, b = (pbits-1) % (HASH_SIZE * 8); BigInt X; - SecureVector<byte> V(HASH_SIZE * (n+1)); + std::vector<byte> V(HASH_SIZE * (n+1)); for(size_t j = 0; j != 4096; ++j) { @@ -116,14 +116,15 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, /* * Generate DSA Primes */ -SecureVector<byte> generate_dsa_primes(RandomNumberGenerator& rng, - Algorithm_Factory& af, - BigInt& p, BigInt& q, - size_t pbits, size_t qbits) +std::vector<byte> generate_dsa_primes(RandomNumberGenerator& rng, + Algorithm_Factory& af, + BigInt& p, BigInt& q, + size_t pbits, size_t qbits) { while(true) { - SecureVector<byte> seed = rng.random_vec(qbits / 8); + std::vector<byte> seed(qbits / 8); + rng.randomize(&seed[0], seed.size()); if(generate_dsa_primes(rng, af, p, q, pbits, qbits, seed)) return seed; diff --git a/src/math/numbertheory/make_prm.cpp b/src/math/numbertheory/make_prm.cpp index 1e8d11000..dc94420ab 100644 --- a/src/math/numbertheory/make_prm.cpp +++ b/src/math/numbertheory/make_prm.cpp @@ -48,7 +48,7 @@ BigInt random_prime(RandomNumberGenerator& rng, p += (modulo - p % modulo) + equiv; const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE); - SecureVector<size_t> sieve(sieve_size); + secure_vector<u16bit> sieve(sieve_size); for(size_t j = 0; j != sieve.size(); ++j) sieve[j] = p % PRIMES[j]; diff --git a/src/math/numbertheory/mp_numth.cpp b/src/math/numbertheory/mp_numth.cpp index 23623b5f0..b10fe2639 100644 --- a/src/math/numbertheory/mp_numth.cpp +++ b/src/math/numbertheory/mp_numth.cpp @@ -20,9 +20,9 @@ BigInt square(const BigInt& x) const size_t x_sw = x.sig_words(); BigInt z(BigInt::Positive, round_up<size_t>(2*x_sw, 16)); - SecureVector<word> workspace(z.size()); + secure_vector<word> workspace(z.size()); - bigint_sqr(z.get_reg(), z.size(), workspace, + bigint_sqr(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw); return z; } @@ -44,13 +44,13 @@ BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c) const size_t c_sw = c.sig_words(); BigInt r(sign, std::max(a.size() + b.size(), c_sw) + 1); - SecureVector<word> workspace(r.size()); + secure_vector<word> workspace(r.size()); - bigint_mul(r.get_reg(), r.size(), workspace, + bigint_mul(r.data(), r.size(), &workspace[0], a.data(), a.size(), a_sw, b.data(), b.size(), b_sw); const size_t r_size = std::max(r.sig_words(), c_sw); - bigint_add2(r.get_reg(), r_size, c.data(), c_sw); + bigint_add2(r.data(), r_size, c.data(), c_sw); return r; } diff --git a/src/math/numbertheory/numthry.h b/src/math/numbertheory/numthry.h index 750fbc78e..d21635f34 100644 --- a/src/math/numbertheory/numthry.h +++ b/src/math/numbertheory/numthry.h @@ -189,7 +189,7 @@ class Algorithm_Factory; * @param qbits how long q will be in bits * @return random seed used to generate this parameter set */ -SecureVector<byte> BOTAN_DLL +std::vector<byte> BOTAN_DLL generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, @@ -212,7 +212,7 @@ generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, size_t pbits, size_t qbits, - const MemoryRegion<byte>& seed); + const std::vector<byte>& seed); /** * The size of the PRIMES[] array diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index 8993f4ba9..0db5455a7 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -29,8 +29,8 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) g.resize((1 << window_bits) - 1); - SecureVector<word> z(2 * (mod_words + 1)); - SecureVector<word> workspace(z.size()); + secure_vector<word> z(2 * (mod_words + 1)); + secure_vector<word> workspace(z.size()); g[0] = (base >= modulus) ? (base % modulus) : base; @@ -69,8 +69,8 @@ BigInt Montgomery_Exponentiator::execute() const const size_t exp_nibbles = (exp_bits + window_bits - 1) / window_bits; BigInt x = R_mod; - SecureVector<word> z(2 * (mod_words + 1)); - SecureVector<word> workspace(2 * (mod_words + 1)); + secure_vector<word> z(2 * (mod_words + 1)); + secure_vector<word> workspace(2 * (mod_words + 1)); for(size_t i = exp_nibbles; i > 0; --i) { diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp index b0d654717..eeb99399f 100644 --- a/src/passhash/bcrypt/bcrypt.cpp +++ b/src/passhash/bcrypt/bcrypt.cpp @@ -54,7 +54,7 @@ std::string bcrypt_base64_encode(const byte input[], size_t length) return b64; } -MemoryVector<byte> bcrypt_base64_decode(std::string input) +std::vector<byte> bcrypt_base64_decode(std::string input) { const byte OPENBSD_BASE64_SUB[256] = { 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, @@ -84,11 +84,11 @@ MemoryVector<byte> bcrypt_base64_decode(std::string input) for(size_t i = 0; i != input.size(); ++i) input[i] = OPENBSD_BASE64_SUB[static_cast<byte>(input[i])]; - return base64_decode(input); + return unlock(base64_decode(input)); } std::string make_bcrypt(const std::string& pass, - const MemoryRegion<byte>& salt, + const std::vector<byte>& salt, u16bit work_factor) { const byte magic[24] = { @@ -97,14 +97,14 @@ std::string make_bcrypt(const std::string& pass, 0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74 }; - MemoryVector<byte> ctext(magic, 24); + std::vector<byte> ctext(magic, magic + sizeof(magic)); Blowfish blowfish; // Include the trailing NULL byte blowfish.eks_key_schedule(reinterpret_cast<const byte*>(pass.c_str()), pass.length() + 1, - salt, + &salt[0], work_factor); for(size_t i = 0; i != 64; ++i) @@ -127,7 +127,7 @@ std::string generate_bcrypt(const std::string& pass, RandomNumberGenerator& rng, u16bit work_factor) { - return make_bcrypt(pass, rng.random_vec(16), work_factor); + return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor); } bool check_bcrypt(const std::string& pass, const std::string& hash) @@ -141,7 +141,7 @@ bool check_bcrypt(const std::string& pass, const std::string& hash) const u16bit workfactor = to_u32bit(hash.substr(4, 2)); - MemoryVector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22)); + std::vector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22)); const std::string compare = make_bcrypt(pass, salt, workfactor); diff --git a/src/passhash/passhash9/passhash9.cpp b/src/passhash/passhash9/passhash9.cpp index 43bfdd36e..cbfe668f1 100644 --- a/src/passhash/passhash9/passhash9.cpp +++ b/src/passhash/passhash9/passhash9.cpp @@ -59,12 +59,12 @@ std::string generate_passhash9(const std::string& pass, PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer - SecureVector<byte> salt(SALT_BYTES); + secure_vector<byte> salt(SALT_BYTES); rng.randomize(&salt[0], salt.size()); const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor; - SecureVector<byte> pbkdf2_output = + secure_vector<byte> pbkdf2_output = kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN, pass, &salt[0], salt.size(), @@ -105,7 +105,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) pipe.write(hash.c_str() + MAGIC_PREFIX.size()); pipe.end_msg(); - SecureVector<byte> bin = pipe.read_all(); + secure_vector<byte> bin = pipe.read_all(); if(bin.size() != BINARY_LENGTH) return false; @@ -125,7 +125,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer - SecureVector<byte> cmp = kdf.derive_key( + secure_vector<byte> cmp = kdf.derive_key( PASSHASH9_PBKDF_OUTPUT_LEN, pass, &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES, diff --git a/src/pbe/pbe.h b/src/pbe/pbe.h index 9add98872..975f3e6c7 100644 --- a/src/pbe/pbe.h +++ b/src/pbe/pbe.h @@ -37,7 +37,7 @@ class BOTAN_DLL PBE : public Filter * DER encode the params (the number of iterations and the salt value) * @return encoded params */ - virtual MemoryVector<byte> encode_params() const = 0; + virtual std::vector<byte> encode_params() const = 0; /** * Decode params and use them inside this Filter. diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index ec5ebb253..0e5e8284c 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -65,7 +65,7 @@ void PBE_PKCS5v15::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -80,7 +80,7 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) { PKCS5_PBKDF1 pbkdf(hash_function->clone()); - SecureVector<byte> key_and_iv = pbkdf.derive_key(16, passphrase, + secure_vector<byte> key_and_iv = pbkdf.derive_key(16, passphrase, &salt[0], salt.size(), iterations).bits_of(); @@ -102,14 +102,14 @@ void PBE_PKCS5v15::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES1 parameters */ -MemoryVector<byte> PBE_PKCS5v15::encode_params() const +std::vector<byte> PBE_PKCS5v15::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(salt, OCTET_STRING) .encode(iterations) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes1/pbes1.h b/src/pbe/pbes1/pbes1.h index e10cbbb53..bbdbd5b9d 100644 --- a/src/pbe/pbes1/pbes1.h +++ b/src/pbe/pbes1/pbes1.h @@ -40,7 +40,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector<byte> encode_params() const; + std::vector<byte> encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -50,7 +50,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector<byte> salt, key, iv; + secure_vector<byte> salt, key, iv; size_t iterations; Pipe pipe; }; diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index 85afe6ffe..384fc3d90 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -72,7 +72,7 @@ void PBE_PKCS5v20::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -107,7 +107,7 @@ void PBE_PKCS5v20::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES2 parameters */ -MemoryVector<byte> PBE_PKCS5v20::encode_params() const +std::vector<byte> PBE_PKCS5v20::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -119,18 +119,18 @@ MemoryVector<byte> PBE_PKCS5v20::encode_params() const .encode(iterations) .encode(key_length) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .encode( AlgorithmIdentifier(block_cipher->name() + "/CBC", DER_Encoder() .encode(iv, OCTET_STRING) - .get_contents() + .get_contents_unlocked() ) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes2/pbes2.h b/src/pbe/pbes2/pbes2.h index 7b82980e5..5593c9091 100644 --- a/src/pbe/pbes2/pbes2.h +++ b/src/pbe/pbes2/pbes2.h @@ -49,7 +49,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector<byte> encode_params() const; + std::vector<byte> encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -58,7 +58,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE Cipher_Dir direction; BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector<byte> salt, key, iv; + secure_vector<byte> salt, key, iv; size_t iterations, key_length; Pipe pipe; }; diff --git a/src/pbkdf/pbkdf1/pbkdf1.cpp b/src/pbkdf/pbkdf1/pbkdf1.cpp index 16de435e9..7f0939b8f 100644 --- a/src/pbkdf/pbkdf1/pbkdf1.cpp +++ b/src/pbkdf/pbkdf1/pbkdf1.cpp @@ -26,7 +26,7 @@ OctetString PKCS5_PBKDF1::derive_key(size_t key_len, hash->update(passphrase); hash->update(salt, salt_size); - SecureVector<byte> key = hash->final(); + secure_vector<byte> key = hash->final(); for(size_t j = 1; j != iterations; ++j) { diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp index 39d53d417..699ce7c6b 100644 --- a/src/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/pbkdf/pbkdf2/pbkdf2.cpp @@ -33,11 +33,11 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, std::to_string(passphrase.length())); } - SecureVector<byte> key(key_len); + secure_vector<byte> key(key_len); byte* T = &key[0]; - SecureVector<byte> U(mac->output_length()); + secure_vector<byte> U(mac->output_length()); u32bit counter = 1; while(key_len) @@ -48,13 +48,13 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, mac->update_be(counter); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); for(size_t j = 1; j != iterations; ++j) { mac->update(U); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); } key_len -= T_size; diff --git a/src/pbkdf/pgps2k/pgp_s2k.cpp b/src/pbkdf/pgps2k/pgp_s2k.cpp index 4ee4c6bd9..6f6de58e2 100644 --- a/src/pbkdf/pgps2k/pgp_s2k.cpp +++ b/src/pbkdf/pgps2k/pgp_s2k.cpp @@ -17,7 +17,7 @@ OctetString OpenPGP_S2K::derive_key(size_t key_len, const byte salt_buf[], size_t salt_size, size_t iterations) const { - SecureVector<byte> key(key_len), hash_buf; + secure_vector<byte> key(key_len), hash_buf; size_t pass = 0, generated = 0, total_size = passphrase.size() + salt_size; diff --git a/src/pk_pad/eme.cpp b/src/pk_pad/eme.cpp index cfdaa240d..f90239d8c 100644 --- a/src/pk_pad/eme.cpp +++ b/src/pk_pad/eme.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * Encode a message */ -SecureVector<byte> EME::encode(const byte msg[], size_t msg_len, +secure_vector<byte> EME::encode(const byte msg[], size_t msg_len, size_t key_bits, RandomNumberGenerator& rng) const { @@ -22,7 +22,7 @@ SecureVector<byte> EME::encode(const byte msg[], size_t msg_len, /* * Encode a message */ -SecureVector<byte> EME::encode(const MemoryRegion<byte>& msg, +secure_vector<byte> EME::encode(const secure_vector<byte>& msg, size_t key_bits, RandomNumberGenerator& rng) const { @@ -32,7 +32,7 @@ SecureVector<byte> EME::encode(const MemoryRegion<byte>& msg, /* * Decode a message */ -SecureVector<byte> EME::decode(const byte msg[], size_t msg_len, +secure_vector<byte> EME::decode(const byte msg[], size_t msg_len, size_t key_bits) const { return unpad(msg, msg_len, key_bits); @@ -41,7 +41,7 @@ SecureVector<byte> EME::decode(const byte msg[], size_t msg_len, /* * Decode a message */ -SecureVector<byte> EME::decode(const MemoryRegion<byte>& msg, +secure_vector<byte> EME::decode(const secure_vector<byte>& msg, size_t key_bits) const { return unpad(&msg[0], msg.size(), key_bits); diff --git a/src/pk_pad/eme.h b/src/pk_pad/eme.h index 4e89ef9d3..6f8acaa23 100644 --- a/src/pk_pad/eme.h +++ b/src/pk_pad/eme.h @@ -34,7 +34,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector<byte> encode(const byte in[], + secure_vector<byte> encode(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const; @@ -46,7 +46,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector<byte> encode(const MemoryRegion<byte>& in, + secure_vector<byte> encode(const secure_vector<byte>& in, size_t key_length, RandomNumberGenerator& rng) const; @@ -57,7 +57,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector<byte> decode(const byte in[], + secure_vector<byte> decode(const byte in[], size_t in_length, size_t key_length) const; @@ -67,7 +67,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector<byte> decode(const MemoryRegion<byte>& in, + secure_vector<byte> decode(const secure_vector<byte>& in, size_t key_length) const; virtual ~EME() {} @@ -80,7 +80,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - virtual SecureVector<byte> pad(const byte in[], + virtual secure_vector<byte> pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const = 0; @@ -92,7 +92,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - virtual SecureVector<byte> unpad(const byte in[], + virtual secure_vector<byte> unpad(const byte in[], size_t in_length, size_t key_length) const = 0; }; diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 69251605f..57275d4f9 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * EME1 Pad Operation */ -SecureVector<byte> EME1::pad(const byte in[], size_t in_length, +secure_vector<byte> EME1::pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const { @@ -24,7 +24,7 @@ SecureVector<byte> EME1::pad(const byte in[], size_t in_length, if(in_length > key_length - 2*Phash.size() - 1) throw Invalid_Argument("EME1: Input is too large"); - SecureVector<byte> out(key_length); + secure_vector<byte> out(key_length); rng.randomize(&out[0], Phash.size()); @@ -44,7 +44,7 @@ SecureVector<byte> EME1::pad(const byte in[], size_t in_length, /* * EME1 Unpad Operation */ -SecureVector<byte> EME1::unpad(const byte in[], size_t in_length, +secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, size_t key_length) const { /* @@ -65,7 +65,7 @@ SecureVector<byte> EME1::unpad(const byte in[], size_t in_length, if(in_length > key_length) in_length = 0; - SecureVector<byte> input(key_length); + secure_vector<byte> input(key_length); buffer_insert(input, key_length - in_length, in, in_length); mgf->mask(&input[Phash.size()], input.size() - Phash.size(), @@ -104,8 +104,7 @@ SecureVector<byte> EME1::unpad(const byte in[], size_t in_length, if(bad_input) throw Decoding_Error("Invalid EME1 encoding"); - return SecureVector<byte>(input + delim_idx + 1, - input.size() - delim_idx - 1); + return secure_vector<byte>(&input[delim_idx + 1], &input[input.size()]); } /* diff --git a/src/pk_pad/eme1/eme1.h b/src/pk_pad/eme1/eme1.h index 0d0223de0..eb6fc6bf5 100644 --- a/src/pk_pad/eme1/eme1.h +++ b/src/pk_pad/eme1/eme1.h @@ -30,11 +30,11 @@ class BOTAN_DLL EME1 : public EME ~EME1() { delete mgf; } private: - SecureVector<byte> pad(const byte[], size_t, size_t, + secure_vector<byte> pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector<byte> unpad(const byte[], size_t, size_t) const; + secure_vector<byte> unpad(const byte[], size_t, size_t) const; - SecureVector<byte> Phash; + secure_vector<byte> Phash; MGF* mgf; }; diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.cpp b/src/pk_pad/eme_pkcs/eme_pkcs.cpp index a217d6d03..0e7d1fc30 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.cpp +++ b/src/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * PKCS1 Pad Operation */ -SecureVector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, +secure_vector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, size_t olen, RandomNumberGenerator& rng) const { @@ -23,7 +23,7 @@ SecureVector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, if(inlen > olen - 10) throw Encoding_Error("PKCS1: Input is too large"); - SecureVector<byte> out(olen); + secure_vector<byte> out(olen); out[0] = 0x02; for(size_t j = 1; j != olen - inlen - 1; ++j) @@ -37,7 +37,7 @@ SecureVector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, /* * PKCS1 Unpad Operation */ -SecureVector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, +secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, size_t key_len) const { if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) @@ -53,7 +53,7 @@ SecureVector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, if(seperator < 9) throw Decoding_Error("PKCS1::unpad"); - return SecureVector<byte>(in + seperator + 1, inlen - seperator - 1); + return secure_vector<byte>(&in[seperator + 1], &in[inlen]); } /* diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.h b/src/pk_pad/eme_pkcs/eme_pkcs.h index 4c4614bda..2808e18d6 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.h +++ b/src/pk_pad/eme_pkcs/eme_pkcs.h @@ -20,9 +20,9 @@ class BOTAN_DLL EME_PKCS1v15 : public EME public: size_t maximum_input_size(size_t) const; private: - SecureVector<byte> pad(const byte[], size_t, size_t, + secure_vector<byte> pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector<byte> unpad(const byte[], size_t, size_t) const; + secure_vector<byte> unpad(const byte[], size_t, size_t) const; }; } diff --git a/src/pk_pad/emsa.h b/src/pk_pad/emsa.h index e943fc5eb..821ca782f 100644 --- a/src/pk_pad/emsa.h +++ b/src/pk_pad/emsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL EMSA /** * @return raw hash */ - virtual SecureVector<byte> raw_data() = 0; + virtual secure_vector<byte> raw_data() = 0; /** * Return the encoding of a message @@ -38,7 +38,7 @@ class BOTAN_DLL EMSA * @param rng a random number generator * @return encoded signature */ - virtual SecureVector<byte> encoding_of(const MemoryRegion<byte>& msg, + virtual secure_vector<byte> encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator& rng) = 0; @@ -49,8 +49,8 @@ class BOTAN_DLL EMSA * @param key_bits the size of the key in bits * @return true if coded is a valid encoding of raw, otherwise false */ - virtual bool verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, + virtual bool verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) = 0; virtual ~EMSA() {} }; diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp index ba861898a..7f9a1885f 100644 --- a/src/pk_pad/emsa1/emsa1.cpp +++ b/src/pk_pad/emsa1/emsa1.cpp @@ -11,7 +11,7 @@ namespace Botan { namespace { -SecureVector<byte> emsa1_encoding(const MemoryRegion<byte>& msg, +secure_vector<byte> emsa1_encoding(const secure_vector<byte>& msg, size_t output_bits) { if(8*msg.size() <= output_bits) @@ -20,7 +20,7 @@ SecureVector<byte> emsa1_encoding(const MemoryRegion<byte>& msg, size_t shift = 8*msg.size() - output_bits; size_t byte_shift = shift / 8, bit_shift = shift % 8; - SecureVector<byte> digest(msg.size() - byte_shift); + secure_vector<byte> digest(msg.size() - byte_shift); for(size_t j = 0; j != msg.size() - byte_shift; ++j) digest[j] = msg[j]; @@ -51,7 +51,7 @@ void EMSA1::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA1::raw_data() +secure_vector<byte> EMSA1::raw_data() { return hash->final(); } @@ -59,7 +59,7 @@ SecureVector<byte> EMSA1::raw_data() /* * EMSA1 Encode Operation */ -SecureVector<byte> EMSA1::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA1::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator&) { @@ -71,14 +71,14 @@ SecureVector<byte> EMSA1::encoding_of(const MemoryRegion<byte>& msg, /* * EMSA1 Decode/Verify Operation */ -bool EMSA1::verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, size_t key_bits) +bool EMSA1::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) { try { if(raw.size() != hash->output_length()) throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); - SecureVector<byte> our_coding = emsa1_encoding(raw, key_bits); + secure_vector<byte> our_coding = emsa1_encoding(raw, key_bits); if(our_coding == coded) return true; if(our_coding[0] != 0) return false; diff --git a/src/pk_pad/emsa1/emsa1.h b/src/pk_pad/emsa1/emsa1.h index 120cb0cd3..f84ca5ae7 100644 --- a/src/pk_pad/emsa1/emsa1.h +++ b/src/pk_pad/emsa1/emsa1.h @@ -32,12 +32,12 @@ class BOTAN_DLL EMSA1 : public EMSA const HashFunction* hash_ptr() const { return hash; } private: void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); HashFunction* hash; diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp index bbcc5aae7..9096edfbf 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp @@ -13,7 +13,7 @@ namespace Botan { /* * EMSA1 BSI Encode Operation */ -SecureVector<byte> EMSA1_BSI::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA1_BSI::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator&) { diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.h b/src/pk_pad/emsa1_bsi/emsa1_bsi.h index 51ed6bc00..1b90f48df 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.h +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -26,7 +26,7 @@ class BOTAN_DLL EMSA1_BSI : public EMSA1 */ EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} private: - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); }; diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp index 50ea7dbe3..d299ddacd 100644 --- a/src/pk_pad/emsa2/emsa2.cpp +++ b/src/pk_pad/emsa2/emsa2.cpp @@ -15,9 +15,9 @@ namespace { /* * EMSA2 Encode Operation */ -SecureVector<byte> emsa2_encoding(const MemoryRegion<byte>& msg, +secure_vector<byte> emsa2_encoding(const secure_vector<byte>& msg, size_t output_bits, - const MemoryRegion<byte>& empty_hash, + const secure_vector<byte>& empty_hash, byte hash_id) { const size_t HASH_SIZE = empty_hash.size(); @@ -34,7 +34,7 @@ SecureVector<byte> emsa2_encoding(const MemoryRegion<byte>& msg, if(empty_hash[j] != msg[j]) empty = false; - SecureVector<byte> output(output_length); + secure_vector<byte> output(output_length); output[0] = (empty ? 0x4B : 0x6B); output[output_length - 3 - HASH_SIZE] = 0xBA; @@ -59,7 +59,7 @@ void EMSA2::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA2::raw_data() +secure_vector<byte> EMSA2::raw_data() { return hash->final(); } @@ -67,7 +67,7 @@ SecureVector<byte> EMSA2::raw_data() /* * EMSA2 Encode Operation */ -SecureVector<byte> EMSA2::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA2::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator&) { @@ -77,8 +77,8 @@ SecureVector<byte> EMSA2::encoding_of(const MemoryRegion<byte>& msg, /* * EMSA2 Verify Operation */ -bool EMSA2::verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, +bool EMSA2::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa2/emsa2.h b/src/pk_pad/emsa2/emsa2.h index 9e0fa6a95..fb0cecb21 100644 --- a/src/pk_pad/emsa2/emsa2.h +++ b/src/pk_pad/emsa2/emsa2.h @@ -27,15 +27,15 @@ class BOTAN_DLL EMSA2 : public EMSA ~EMSA2() { delete hash; } private: void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); - SecureVector<byte> empty_hash; + secure_vector<byte> empty_hash; HashFunction* hash; byte hash_id; }; diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 6532bafd4..493140a63 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -15,7 +15,7 @@ namespace { /* * EMSA3 Encode Operation */ -SecureVector<byte> emsa3_encoding(const MemoryRegion<byte>& msg, +secure_vector<byte> emsa3_encoding(const secure_vector<byte>& msg, size_t output_bits, const byte hash_id[], size_t hash_id_length) @@ -24,7 +24,7 @@ SecureVector<byte> emsa3_encoding(const MemoryRegion<byte>& msg, if(output_length < hash_id_length + msg.size() + 10) throw Encoding_Error("emsa3_encoding: Output length is too small"); - SecureVector<byte> T(output_length); + secure_vector<byte> T(output_length); const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2; T[0] = 0x01; @@ -48,7 +48,7 @@ void EMSA3::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA3::raw_data() +secure_vector<byte> EMSA3::raw_data() { return hash->final(); } @@ -56,7 +56,7 @@ SecureVector<byte> EMSA3::raw_data() /* * EMSA3 Encode Operation */ -SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA3::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator&) { @@ -70,8 +70,8 @@ SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg, /* * Default signature decoding */ -bool EMSA3::verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, +bool EMSA3::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) { if(raw.size() != hash->output_length()) @@ -115,9 +115,9 @@ void EMSA3_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA3_Raw::raw_data() +secure_vector<byte> EMSA3_Raw::raw_data() { - SecureVector<byte> ret; + secure_vector<byte> ret; std::swap(ret, message); return ret; } @@ -125,7 +125,7 @@ SecureVector<byte> EMSA3_Raw::raw_data() /* * EMSA3_Raw Encode Operation */ -SecureVector<byte> EMSA3_Raw::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA3_Raw::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator&) { @@ -135,8 +135,8 @@ SecureVector<byte> EMSA3_Raw::encoding_of(const MemoryRegion<byte>& msg, /* * Default signature decoding */ -bool EMSA3_Raw::verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, +bool EMSA3_Raw::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa3/emsa3.h b/src/pk_pad/emsa3/emsa3.h index 5faf9d7e5..9fbda67ee 100644 --- a/src/pk_pad/emsa3/emsa3.h +++ b/src/pk_pad/emsa3/emsa3.h @@ -29,16 +29,16 @@ class BOTAN_DLL EMSA3 : public EMSA void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); private: HashFunction* hash; - SecureVector<byte> hash_id; + std::vector<byte> hash_id; }; /** @@ -51,16 +51,16 @@ class BOTAN_DLL EMSA3_Raw : public EMSA public: void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); private: - SecureVector<byte> message; + secure_vector<byte> message; }; } diff --git a/src/pk_pad/emsa4/emsa4.cpp b/src/pk_pad/emsa4/emsa4.cpp index d05e4a5b5..c8b8cbc6a 100644 --- a/src/pk_pad/emsa4/emsa4.cpp +++ b/src/pk_pad/emsa4/emsa4.cpp @@ -22,7 +22,7 @@ void EMSA4::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA4::raw_data() +secure_vector<byte> EMSA4::raw_data() { return hash->final(); } @@ -30,7 +30,7 @@ SecureVector<byte> EMSA4::raw_data() /* * EMSA4 Encode Operation */ -SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA4::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator& rng) { @@ -43,19 +43,19 @@ SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, const size_t output_length = (output_bits + 7) / 8; - SecureVector<byte> salt = rng.random_vec(SALT_SIZE); + secure_vector<byte> salt = rng.random_vec(SALT_SIZE); for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(msg); - hash->update(salt, SALT_SIZE); - SecureVector<byte> H = hash->final(); + hash->update(salt); + secure_vector<byte> H = hash->final(); - SecureVector<byte> EM(output_length); + secure_vector<byte> EM(output_length); EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); - mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1); + mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); buffer_insert(EM, output_length - 1 - HASH_SIZE, H); EM[output_length-1] = 0xBC; @@ -66,8 +66,8 @@ SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, /* * EMSA4 Decode/Verify Operation */ -bool EMSA4::verify(const MemoryRegion<byte>& const_coded, - const MemoryRegion<byte>& raw, size_t key_bits) +bool EMSA4::verify(const secure_vector<byte>& const_coded, + const secure_vector<byte>& raw, size_t key_bits) { const size_t HASH_SIZE = hash->output_length(); const size_t KEY_BYTES = (key_bits + 7) / 8; @@ -84,10 +84,10 @@ bool EMSA4::verify(const MemoryRegion<byte>& const_coded, if(const_coded[const_coded.size()-1] != 0xBC) return false; - SecureVector<byte> coded = const_coded; + secure_vector<byte> coded = const_coded; if(coded.size() < KEY_BYTES) { - SecureVector<byte> temp(KEY_BYTES); + secure_vector<byte> temp(KEY_BYTES); buffer_insert(temp, KEY_BYTES - coded.size(), coded); coded = temp; } @@ -96,14 +96,17 @@ bool EMSA4::verify(const MemoryRegion<byte>& const_coded, if(TOP_BITS > 8 - high_bit(coded[0])) return false; - SecureVector<byte> DB(&coded[0], coded.size() - HASH_SIZE - 1); - SecureVector<byte> H(&coded[coded.size() - HASH_SIZE - 1], HASH_SIZE); + byte* DB = &coded[0]; + const size_t DB_size = coded.size() - HASH_SIZE - 1; + + const byte* H = &coded[DB_size]; + const size_t H_size = HASH_SIZE; - mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1); + mgf->mask(&H[0], H_size, &DB[0], DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; - for(size_t j = 0; j != DB.size(); ++j) + for(size_t j = 0; j != DB_size; ++j) { if(DB[j] == 0x01) { salt_offset = j + 1; break; } @@ -113,15 +116,13 @@ bool EMSA4::verify(const MemoryRegion<byte>& const_coded, if(salt_offset == 0) return false; - SecureVector<byte> salt(&DB[salt_offset], DB.size() - salt_offset); - for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(raw); - hash->update(salt); - SecureVector<byte> H2 = hash->final(); + hash->update(&DB[salt_offset], DB_size - salt_offset); + secure_vector<byte> H2 = hash->final(); - return (H == H2); + return same_mem(&H[0], &H2[0], HASH_SIZE); } /* diff --git a/src/pk_pad/emsa4/emsa4.h b/src/pk_pad/emsa4/emsa4.h index bd8b32ca1..44bf5a429 100644 --- a/src/pk_pad/emsa4/emsa4.h +++ b/src/pk_pad/emsa4/emsa4.h @@ -34,11 +34,11 @@ class BOTAN_DLL EMSA4 : public EMSA ~EMSA4() { delete hash; delete mgf; } private: void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); size_t SALT_SIZE; diff --git a/src/pk_pad/emsa_raw/emsa_raw.cpp b/src/pk_pad/emsa_raw/emsa_raw.cpp index d0f3918dd..cb0f99e9c 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.cpp +++ b/src/pk_pad/emsa_raw/emsa_raw.cpp @@ -20,9 +20,9 @@ void EMSA_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector<byte> EMSA_Raw::raw_data() +secure_vector<byte> EMSA_Raw::raw_data() { - SecureVector<byte> output; + secure_vector<byte> output; std::swap(message, output); return output; } @@ -30,7 +30,7 @@ SecureVector<byte> EMSA_Raw::raw_data() /* * EMSA-Raw Encode Operation */ -SecureVector<byte> EMSA_Raw::encoding_of(const MemoryRegion<byte>& msg, +secure_vector<byte> EMSA_Raw::encoding_of(const secure_vector<byte>& msg, size_t, RandomNumberGenerator&) { @@ -40,8 +40,8 @@ SecureVector<byte> EMSA_Raw::encoding_of(const MemoryRegion<byte>& msg, /* * EMSA-Raw Verify Operation */ -bool EMSA_Raw::verify(const MemoryRegion<byte>& coded, - const MemoryRegion<byte>& raw, +bool EMSA_Raw::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t) { if(coded.size() == raw.size()) diff --git a/src/pk_pad/emsa_raw/emsa_raw.h b/src/pk_pad/emsa_raw/emsa_raw.h index 2ccd076f2..8ab763575 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.h +++ b/src/pk_pad/emsa_raw/emsa_raw.h @@ -20,14 +20,14 @@ class BOTAN_DLL EMSA_Raw : public EMSA { private: void update(const byte[], size_t); - SecureVector<byte> raw_data(); + secure_vector<byte> raw_data(); - SecureVector<byte> encoding_of(const MemoryRegion<byte>&, size_t, + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator&); - bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t); - SecureVector<byte> message; + secure_vector<byte> message; }; } diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp index 74653cb83..a60e53352 100644 --- a/src/pk_pad/hash_id/hash_id.cpp +++ b/src/pk_pad/hash_id/hash_id.cpp @@ -57,32 +57,51 @@ const byte TIGER_PKCS_ID[] = { /* * HashID as specified by PKCS */ -MemoryVector<byte> pkcs_hash_id(const std::string& name) +std::vector<byte> pkcs_hash_id(const std::string& name) { // Special case for SSL/TLS RSA signatures if(name == "Parallel(MD5,SHA-160)") - return MemoryVector<byte>(); + return std::vector<byte>(); if(name == "MD2") - return MemoryVector<byte>(MD2_PKCS_ID, sizeof(MD2_PKCS_ID)); + return std::vector<byte>(MD2_PKCS_ID, + MD2_PKCS_ID + sizeof(MD2_PKCS_ID)); + if(name == "MD5") - return MemoryVector<byte>(MD5_PKCS_ID, sizeof(MD5_PKCS_ID)); + return std::vector<byte>(MD5_PKCS_ID, + MD5_PKCS_ID + sizeof(MD5_PKCS_ID)); + if(name == "RIPEMD-128") - return MemoryVector<byte>(RIPEMD_128_PKCS_ID, sizeof(RIPEMD_128_PKCS_ID)); + return std::vector<byte>(RIPEMD_128_PKCS_ID, + RIPEMD_128_PKCS_ID + sizeof(RIPEMD_128_PKCS_ID)); + if(name == "RIPEMD-160") - return MemoryVector<byte>(RIPEMD_160_PKCS_ID, sizeof(RIPEMD_160_PKCS_ID)); + return std::vector<byte>(RIPEMD_160_PKCS_ID, + RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID)); + if(name == "SHA-160") - return MemoryVector<byte>(SHA_160_PKCS_ID, sizeof(SHA_160_PKCS_ID)); + return std::vector<byte>(SHA_160_PKCS_ID, + SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID)); + if(name == "SHA-224") - return MemoryVector<byte>(SHA_224_PKCS_ID, sizeof(SHA_224_PKCS_ID)); + return std::vector<byte>(SHA_224_PKCS_ID, + SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID)); + if(name == "SHA-256") - return MemoryVector<byte>(SHA_256_PKCS_ID, sizeof(SHA_256_PKCS_ID)); + return std::vector<byte>(SHA_256_PKCS_ID, + SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID)); + if(name == "SHA-384") - return MemoryVector<byte>(SHA_384_PKCS_ID, sizeof(SHA_384_PKCS_ID)); + return std::vector<byte>(SHA_384_PKCS_ID, + SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID)); + if(name == "SHA-512") - return MemoryVector<byte>(SHA_512_PKCS_ID, sizeof(SHA_512_PKCS_ID)); + return std::vector<byte>(SHA_512_PKCS_ID, + SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID)); + if(name == "Tiger(24,3)") - return MemoryVector<byte>(TIGER_PKCS_ID, sizeof(TIGER_PKCS_ID)); + return std::vector<byte>(TIGER_PKCS_ID, + TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID)); throw Invalid_Argument("No PKCS #1 identifier for " + name); } diff --git a/src/pk_pad/hash_id/hash_id.h b/src/pk_pad/hash_id/hash_id.h index 909cc6b19..070e7ddb9 100644 --- a/src/pk_pad/hash_id/hash_id.h +++ b/src/pk_pad/hash_id/hash_id.h @@ -20,7 +20,7 @@ namespace Botan { * @return byte sequence identifying the hash * @throw Invalid_Argument if the hash has no known PKCS #1 hash id */ -BOTAN_DLL MemoryVector<byte> pkcs_hash_id(const std::string& hash_name); +BOTAN_DLL std::vector<byte> pkcs_hash_id(const std::string& hash_name); /** * Return the IEEE 1363 hash identifier diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index d58fece12..04941af73 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -24,9 +24,9 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) /* * Return the public value for key agreement */ -MemoryVector<byte> DH_PublicKey::public_value() const +std::vector<byte> DH_PublicKey::public_value() const { - return BigInt::encode_1363(y, group_p().bytes()); + return unlock(BigInt::encode_1363(y, group_p().bytes())); } /* @@ -58,7 +58,7 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, * Load a DH private key */ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -71,7 +71,7 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, /* * Return the public value for key agreement */ -MemoryVector<byte> DH_PrivateKey::public_value() const +std::vector<byte> DH_PrivateKey::public_value() const { return DH_PublicKey::public_value(); } @@ -83,7 +83,7 @@ DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector<byte> DH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector<byte> DH_KA_Operation::agree(const byte w[], size_t w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 497238417..bf02ffdb9 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -23,13 +23,13 @@ class BOTAN_DLL DH_PublicKey : public virtual DL_Scheme_PublicKey public: std::string algo_name() const { return "DH"; } - MemoryVector<byte> public_value() const; + std::vector<byte> public_value() const; size_t max_input_bits() const { return group_p().bits(); } DL_Group::Format group_format() const { return DL_Group::ANSI_X9_42; } DH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} /** @@ -50,7 +50,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, public virtual DL_Scheme_PrivateKey { public: - MemoryVector<byte> public_value() const; + std::vector<byte> public_value() const; /** * Load a DH private key @@ -59,7 +59,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, * @param rng a random number generator */ DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); /** @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], size_t w_len); + secure_vector<byte> agree(const byte w[], size_t w_len); private: const BigInt& p; diff --git a/src/pubkey/dl_algo/dl_algo.cpp b/src/pubkey/dl_algo/dl_algo.cpp index 8e326ef6a..1034a3252 100644 --- a/src/pubkey/dl_algo/dl_algo.cpp +++ b/src/pubkey/dl_algo/dl_algo.cpp @@ -18,13 +18,13 @@ AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const group.DER_encode(group_format())); } -MemoryVector<byte> DL_Scheme_PublicKey::x509_subject_public_key() const +std::vector<byte> DL_Scheme_PublicKey::x509_subject_public_key() const { - return DER_Encoder().encode(y).get_contents(); + return DER_Encoder().encode(y).get_contents_unlocked(); } DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); @@ -33,13 +33,13 @@ DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits).decode(y); } -MemoryVector<byte> DL_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector<byte> DL_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder().encode(x).get_contents(); } DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); diff --git a/src/pubkey/dl_algo/dl_algo.h b/src/pubkey/dl_algo/dl_algo.h index 2cc632caa..af2806b02 100644 --- a/src/pubkey/dl_algo/dl_algo.h +++ b/src/pubkey/dl_algo/dl_algo.h @@ -24,7 +24,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector<byte> x509_subject_public_key() const; + std::vector<byte> x509_subject_public_key() const; /** * Get the DL domain parameters of this key. @@ -62,7 +62,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key virtual DL_Group::Format group_format() const = 0; DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, DL_Group::Format group_format); protected: @@ -94,10 +94,10 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, */ const BigInt& get_x() const { return x; } - MemoryVector<byte> pkcs8_private_key() const; + secure_vector<byte> pkcs8_private_key() const; DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, DL_Group::Format group_format); protected: diff --git a/src/pubkey/dl_group/dl_group.cpp b/src/pubkey/dl_group/dl_group.cpp index 3904841ba..93bbcbb2d 100644 --- a/src/pubkey/dl_group/dl_group.cpp +++ b/src/pubkey/dl_group/dl_group.cpp @@ -90,7 +90,8 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, * DL_Group Constructor */ DL_Group::DL_Group(RandomNumberGenerator& rng, - const MemoryRegion<byte>& seed, size_t pbits, size_t qbits) + const std::vector<byte>& seed, + size_t pbits, size_t qbits) { if(!generate_dsa_primes(rng, global_state().algorithm_factory(), @@ -202,7 +203,7 @@ const BigInt& DL_Group::get_q() const /* * DER encode the parameters */ -SecureVector<byte> DL_Group::DER_encode(Format format) const +std::vector<byte> DL_Group::DER_encode(Format format) const { init_check(); @@ -217,7 +218,7 @@ SecureVector<byte> DL_Group::DER_encode(Format format) const .encode(q) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == ANSI_X9_42) { @@ -227,7 +228,7 @@ SecureVector<byte> DL_Group::DER_encode(Format format) const .encode(g) .encode(q) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == PKCS_3) { @@ -236,7 +237,7 @@ SecureVector<byte> DL_Group::DER_encode(Format format) const .encode(p) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); @@ -247,7 +248,8 @@ SecureVector<byte> DL_Group::DER_encode(Format format) const */ std::string DL_Group::PEM_encode(Format format) const { - SecureVector<byte> encoding = DER_encode(format); + const std::vector<byte> encoding = DER_encode(format); + if(format == PKCS_3) return PEM_Code::encode(encoding, "DH PARAMETERS"); else if(format == ANSI_X9_57) diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h index bfc2c04e5..aa90388ae 100644 --- a/src/pubkey/dl_group/dl_group.h +++ b/src/pubkey/dl_group/dl_group.h @@ -77,7 +77,7 @@ class BOTAN_DLL DL_Group * @param format the encoding format * @return string holding the DER encoded group */ - SecureVector<byte> DER_encode(Format format) const; + std::vector<byte> DER_encode(Format format) const; /** * Decode a DER/BER encoded group into this instance. @@ -131,7 +131,8 @@ class BOTAN_DLL DL_Group * @param pbits the desired bit size of the prime p * @param qbits the desired bit size of the prime q. */ - DL_Group(RandomNumberGenerator& rng, const MemoryRegion<byte>& seed, + DL_Group(RandomNumberGenerator& rng, + const std::vector<byte>& seed, size_t pbits = 1024, size_t qbits = 0); /** diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 80dde048b..715b55a36 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -34,19 +34,19 @@ DLIES_Encryptor::~DLIES_Encryptor() /* * DLIES Encryption */ -SecureVector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, - RandomNumberGenerator&) const +std::vector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, + RandomNumberGenerator&) const { if(length > maximum_input_size()) throw Invalid_Argument("DLIES: Plaintext too large"); if(other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - SecureVector<byte> out(my_key.size() + length + mac->output_length()); + secure_vector<byte> out(my_key.size() + length + mac->output_length()); buffer_insert(out, 0, my_key); buffer_insert(out, my_key.size(), in, length); - SecureVector<byte> vz = my_key; + secure_vector<byte> vz(my_key.begin(), my_key.end()); vz += ka.derive_key(0, other_key).bits_of(); const size_t K_LENGTH = length + mac_keylen; @@ -65,13 +65,13 @@ SecureVector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, mac->final(C + length); - return out; + return unlock(out); } /* * Set the other parties public key */ -void DLIES_Encryptor::set_other_key(const MemoryRegion<byte>& ok) +void DLIES_Encryptor::set_other_key(const std::vector<byte>& ok) { other_key = ok; } @@ -108,18 +108,21 @@ DLIES_Decryptor::~DLIES_Decryptor() /* * DLIES Decryption */ -SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const +secure_vector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const { if(length < my_key.size() + mac->output_length()) throw Decoding_Error("DLIES decryption: ciphertext is too short"); const size_t CIPHER_LEN = length - my_key.size() - mac->output_length(); - SecureVector<byte> v(msg, my_key.size()); - SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN); - SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->output_length()); + std::vector<byte> v(msg, msg + my_key.size()); - SecureVector<byte> vz(msg, my_key.size()); + secure_vector<byte> C(msg + my_key.size(), msg + my_key.size() + CIPHER_LEN); + + secure_vector<byte> T(msg + my_key.size() + CIPHER_LEN, + msg + my_key.size() + CIPHER_LEN + mac->output_length()); + + secure_vector<byte> vz(msg, msg + my_key.size()); vz += ka.derive_key(0, v).bits_of(); const size_t K_LENGTH = C.size() + mac_keylen; @@ -131,7 +134,7 @@ SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const mac->update(C); for(size_t j = 0; j != 8; ++j) mac->update(0); - SecureVector<byte> T2 = mac->final(); + secure_vector<byte> T2 = mac->final(); if(T != T2) throw Decoding_Error("DLIES: message authentication failed"); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index 8e5c05852..9739afeb2 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -27,13 +27,14 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor ~DLIES_Encryptor(); - void set_other_key(const MemoryRegion<byte>&); + void set_other_key(const std::vector<byte>&); private: - SecureVector<byte> enc(const byte[], size_t, - RandomNumberGenerator&) const; + std::vector<byte> enc(const byte[], size_t, + RandomNumberGenerator&) const; + size_t maximum_input_size() const; - SecureVector<byte> other_key, my_key; + std::vector<byte> other_key, my_key; PK_Key_Agreement ka; KDF* kdf; @@ -55,9 +56,9 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor ~DLIES_Decryptor(); private: - SecureVector<byte> dec(const byte[], size_t) const; + secure_vector<byte> dec(const byte[], size_t) const; - SecureVector<byte> my_key; + std::vector<byte> my_key; PK_Key_Agreement ka; KDF* kdf; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index c3b4f260b..5d56d6b89 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -42,7 +42,7 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, } DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -73,7 +73,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : { } -SecureVector<byte> +secure_vector<byte> DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -97,7 +97,7 @@ DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_q.multiply(s, mul_add(x, r, i)); } - SecureVector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*q.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a41a8432c..7d51cfdd0 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return group_q().bits(); } DSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -47,7 +47,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey, { public: DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); DSA_PrivateKey(RandomNumberGenerator& rng, @@ -69,7 +69,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return q.bits(); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; diff --git a/src/pubkey/ec_group/ec_group.cpp b/src/pubkey/ec_group/ec_group.cpp index fe4fae885..88c4616a4 100644 --- a/src/pubkey/ec_group/ec_group.cpp +++ b/src/pubkey/ec_group/ec_group.cpp @@ -37,8 +37,8 @@ EC_Group::EC_Group(const std::string& str) { DataSource_Memory input(str); - SecureVector<byte> ber = - PEM_Code::decode_check_label(input, "EC PARAMETERS"); + std::vector<byte> ber = + unlock(PEM_Code::decode_check_label(input, "EC PARAMETERS")); *this = EC_Group(ber); } @@ -48,7 +48,7 @@ EC_Group::EC_Group(const std::string& str) } } -EC_Group::EC_Group(const MemoryRegion<byte>& ber_data) +EC_Group::EC_Group(const std::vector<byte>& ber_data) { BER_Decoder ber(ber_data); BER_Object obj = ber.get_next_object(); @@ -64,7 +64,7 @@ EC_Group::EC_Group(const MemoryRegion<byte>& ber_data) else if(obj.type_tag == SEQUENCE) { BigInt p, a, b; - SecureVector<byte> sv_base_point; + std::vector<byte> sv_base_point; BER_Decoder(ber_data) .start_cons(SEQUENCE) @@ -91,7 +91,7 @@ EC_Group::EC_Group(const MemoryRegion<byte>& ber_data) throw Decoding_Error("Unexpected tag while decoding ECC domain params"); } -SecureVector<byte> +std::vector<byte> EC_Group::DER_encode(EC_Group_Encoding form) const { if(form == EC_DOMPAR_ENC_EXPLICIT) @@ -118,19 +118,19 @@ EC_Group::DER_encode(EC_Group_Encoding form) const .encode(order) .encode(cofactor) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(form == EC_DOMPAR_ENC_OID) - return DER_Encoder().encode(get_oid()).get_contents(); + return DER_Encoder().encode(get_oid()).get_contents_unlocked(); else if(form == EC_DOMPAR_ENC_IMPLICITCA) - return DER_Encoder().encode_null().get_contents(); + return DER_Encoder().encode_null().get_contents_unlocked(); else throw Internal_Error("EC_Group::DER_encode: Unknown encoding"); } std::string EC_Group::PEM_encode() const { - SecureVector<byte> der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); + const std::vector<byte> der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); return PEM_Code::encode(der, "EC PARAMETERS"); } diff --git a/src/pubkey/ec_group/ec_group.h b/src/pubkey/ec_group/ec_group.h index dadc9fba3..756c158dc 100644 --- a/src/pubkey/ec_group/ec_group.h +++ b/src/pubkey/ec_group/ec_group.h @@ -54,7 +54,7 @@ class BOTAN_DLL EC_Group * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding */ - EC_Group(const MemoryRegion<byte>& ber_encoding); + EC_Group(const std::vector<byte>& ber_encoding); /** * Create an EC domain by OID (or throw if unknown) @@ -74,7 +74,7 @@ class BOTAN_DLL EC_Group * @param form of encoding to use * @returns bytes encododed as DER */ - SecureVector<byte> DER_encode(EC_Group_Encoding form) const; + std::vector<byte> DER_encode(EC_Group_Encoding form) const; /** * Return the PEM encoding (always in explicit form) diff --git a/src/pubkey/ecc_key/ecc_key.cpp b/src/pubkey/ecc_key/ecc_key.cpp index 991446f07..ead129ec6 100644 --- a/src/pubkey/ecc_key/ecc_key.cpp +++ b/src/pubkey/ecc_key/ecc_key.cpp @@ -28,7 +28,7 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -47,9 +47,9 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const return AlgorithmIdentifier(get_oid(), DER_domain()); } -MemoryVector<byte> EC_PublicKey::x509_subject_public_key() const +std::vector<byte> EC_PublicKey::x509_subject_public_key() const { - return EC2OSP(public_point(), PointGFp::COMPRESSED); + return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED)); } void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) @@ -96,7 +96,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, "ECC private key was not on the curve"); } -MemoryVector<byte> EC_PrivateKey::pkcs8_private_key() const +secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -108,7 +108,7 @@ MemoryVector<byte> EC_PrivateKey::pkcs8_private_key() const } EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; diff --git a/src/pubkey/ecc_key/ecc_key.h b/src/pubkey/ecc_key/ecc_key.h index cccc8d53c..76a63a7e4 100644 --- a/src/pubkey/ecc_key/ecc_key.h +++ b/src/pubkey/ecc_key/ecc_key.h @@ -34,7 +34,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key const PointGFp& pub_point); EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); /** * Get the public point of this key. @@ -46,7 +46,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector<byte> x509_subject_public_key() const; + std::vector<byte> x509_subject_public_key() const; bool check_key(RandomNumberGenerator& rng, bool strong) const; @@ -69,7 +69,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * Return the DER encoding of this keys domain in whatever format * is preset for this particular key */ - MemoryVector<byte> DER_domain() const + std::vector<byte> DER_domain() const { return domain().DER_encode(domain_format()); } /** @@ -98,9 +98,9 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, const BigInt& private_key); EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); - MemoryVector<byte> pkcs8_private_key() const; + secure_vector<byte> pkcs8_private_key() const; /** * Get the private key value of this key object. diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index 656644370..511dd0678 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -20,7 +20,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector<byte> ECDH_KA_Operation::agree(const byte w[], size_t w_len) { PointGFp point = OS2ECP(w, w_len, curve); diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index 6fe0697bf..0c5d4e010 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -23,7 +23,7 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey public: ECDH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -52,8 +52,8 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey /** * @return public point value */ - MemoryVector<byte> public_value() const - { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } + std::vector<byte> public_value() const + { return unlock(EC2OSP(public_point(), PointGFp::UNCOMPRESSED)); } protected: ECDH_PublicKey() {} @@ -69,7 +69,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, public: ECDH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -83,7 +83,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, const BigInt& x = 0) : EC_PrivateKey(rng, domain, x) {} - MemoryVector<byte> public_value() const + std::vector<byte> public_value() const { return ECDH_PublicKey::public_value(); } }; @@ -95,7 +95,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], size_t w_len); + secure_vector<byte> agree(const byte w[], size_t w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 5c45c5ed3..6ff082649 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -32,7 +32,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd { } -SecureVector<byte> +secure_vector<byte> ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -56,7 +56,7 @@ ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); } - SecureVector<byte> output(2*order.bytes()); + secure_vector<byte> output(2*order.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index f0834abd8..e37fa1562 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -33,7 +33,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey EC_PublicKey(dom_par, public_point) {} ECDSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -72,7 +72,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, * @param key_bits PKCS #8 structure */ ECDSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -97,7 +97,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature public: ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); size_t message_parts() const { return 2; } diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index 6d15aed79..3988f3155 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -44,7 +44,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, } ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -76,7 +76,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK mod_p = Modular_Reducer(p); } -SecureVector<byte> +secure_vector<byte> ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -92,7 +92,7 @@ ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, BigInt a = powermod_g_p(k); BigInt b = mod_p.multiply(m, powermod_y_p(k)); - SecureVector<byte> output(2*p.bytes()); + secure_vector<byte> output(2*p.bytes()); a.binary_encode(&output[p.bytes() - a.bytes()]); b.binary_encode(&output[output.size() / 2 + (p.bytes() - b.bytes())]); return output; @@ -109,7 +109,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private blinder = Blinder(k, powermod_x_p(k), p); } -SecureVector<byte> +secure_vector<byte> ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) { const BigInt& p = mod_p.get_modulus(); @@ -129,7 +129,7 @@ ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)); - return BigInt::encode(blinder.unblind(r)); + return BigInt::encode_locked(blinder.unblind(r)); } } diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index 383a4160b..957aa4656 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -28,7 +28,7 @@ class BOTAN_DLL ElGamal_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_p().bits() - 1); } ElGamal_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} @@ -47,7 +47,7 @@ class BOTAN_DLL ElGamal_PrivateKey : public ElGamal_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); ElGamal_PrivateKey(RandomNumberGenerator& rng, @@ -65,7 +65,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); - SecureVector<byte> encrypt(const byte msg[], size_t msg_len, + secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: @@ -83,7 +83,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector<byte> decrypt(const byte msg[], size_t msg_len); + secure_vector<byte> decrypt(const byte msg[], size_t msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp index f97f83aa0..289cdcac4 100644 --- a/src/pubkey/gost_3410/gost_3410.cpp +++ b/src/pubkey/gost_3410/gost_3410.cpp @@ -14,7 +14,7 @@ namespace Botan { -MemoryVector<byte> GOST_3410_PublicKey::x509_subject_public_key() const +std::vector<byte> GOST_3410_PublicKey::x509_subject_public_key() const { // Trust CryptoPro to come up with something obnoxious const BigInt x = public_point().get_affine_x(); @@ -22,7 +22,7 @@ MemoryVector<byte> GOST_3410_PublicKey::x509_subject_public_key() const size_t part_size = std::max(x.bytes(), y.bytes()); - MemoryVector<byte> bits(2*part_size); + std::vector<byte> bits(2*part_size); x.binary_encode(&bits[part_size - x.bytes()]); y.binary_encode(&bits[2*part_size - y.bytes()]); @@ -34,22 +34,22 @@ MemoryVector<byte> GOST_3410_PublicKey::x509_subject_public_key() const std::swap(bits[part_size+i], bits[2*part_size-1-i]); } - return DER_Encoder().encode(bits, OCTET_STRING).get_contents(); + return DER_Encoder().encode(bits, OCTET_STRING).get_contents_unlocked(); } AlgorithmIdentifier GOST_3410_PublicKey::algorithm_identifier() const { - MemoryVector<byte> params = + std::vector<byte> params = DER_Encoder().start_cons(SEQUENCE) .encode(OID(domain().get_oid())) .end_cons() - .get_contents(); + .get_contents_unlocked(); return AlgorithmIdentifier(get_oid(), params); } GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { OID ecc_param_id; @@ -58,7 +58,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, domain_params = EC_Group(ecc_param_id); - SecureVector<byte> bits; + secure_vector<byte> bits; BER_Decoder(key_bits).decode(bits, OCTET_STRING); const size_t part_size = bits.size() / 2; @@ -83,7 +83,7 @@ namespace { BigInt decode_le(const byte msg[], size_t msg_len) { - SecureVector<byte> msg_le(msg, msg_len); + secure_vector<byte> msg_le(msg, msg + msg_len); for(size_t i = 0; i != msg_le.size() / 2; ++i) std::swap(msg_le[i], msg_le[msg_le.size()-1-i]); @@ -102,7 +102,7 @@ GOST_3410_Signature_Operation::GOST_3410_Signature_Operation( { } -SecureVector<byte> +secure_vector<byte> GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, if(r == 0 || s == 0) throw Invalid_State("GOST 34.10: r == 0 || s == 0"); - SecureVector<byte> output(2*order.bytes()); + secure_vector<byte> output(2*order.bytes()); s.binary_encode(&output[output.size() / 2 - s.bytes()]); r.binary_encode(&output[output.size() - r.bytes()]); return output; diff --git a/src/pubkey/gost_3410/gost_3410.h b/src/pubkey/gost_3410/gost_3410.h index 7b638d7b5..6b1506b10 100644 --- a/src/pubkey/gost_3410/gost_3410.h +++ b/src/pubkey/gost_3410/gost_3410.h @@ -35,7 +35,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey * Construct from X.509 algorithm id and subject public key bits */ GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); /** * Get this keys algorithm name. @@ -45,7 +45,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey AlgorithmIdentifier algorithm_identifier() const; - MemoryVector<byte> x509_subject_public_key() const; + std::vector<byte> x509_subject_public_key() const; /** * Get the maximum number of bits allowed to be fed to this key. @@ -73,7 +73,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey, public: GOST_3410_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -103,7 +103,7 @@ class BOTAN_DLL GOST_3410_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return order.bytes(); } size_t max_input_bits() const { return order.bits(); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: diff --git a/src/pubkey/if_algo/if_algo.cpp b/src/pubkey/if_algo/if_algo.cpp index 6e75bc276..f044afd03 100644 --- a/src/pubkey/if_algo/if_algo.cpp +++ b/src/pubkey/if_algo/if_algo.cpp @@ -18,18 +18,18 @@ AlgorithmIdentifier IF_Scheme_PublicKey::algorithm_identifier() const AlgorithmIdentifier::USE_NULL_PARAM); } -MemoryVector<byte> IF_Scheme_PublicKey::x509_subject_public_key() const +std::vector<byte> IF_Scheme_PublicKey::x509_subject_public_key() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(n) .encode(e) .end_cons() - .get_contents(); + .get_contents_unlocked(); } IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) @@ -49,7 +49,7 @@ bool IF_Scheme_PublicKey::check_key(RandomNumberGenerator&, bool) const return true; } -MemoryVector<byte> IF_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector<byte> IF_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -68,7 +68,7 @@ MemoryVector<byte> IF_Scheme_PrivateKey::pkcs8_private_key() const IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier&, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) diff --git a/src/pubkey/if_algo/if_algo.h b/src/pubkey/if_algo/if_algo.h index b6683d30e..5c95aecd1 100644 --- a/src/pubkey/if_algo/if_algo.h +++ b/src/pubkey/if_algo/if_algo.h @@ -22,7 +22,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key { public: IF_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); IF_Scheme_PublicKey(const BigInt& n, const BigInt& e) : n(n), e(e) {} @@ -31,7 +31,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector<byte> x509_subject_public_key() const; + std::vector<byte> x509_subject_public_key() const; /** * @return public modulus @@ -67,7 +67,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); bool check_key(RandomNumberGenerator& rng, bool) const; @@ -93,7 +93,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, const BigInt& get_d1() const { return d1; } const BigInt& get_d2() const { return d2; } - MemoryVector<byte> pkcs8_private_key() const; + secure_vector<byte> pkcs8_private_key() const; protected: IF_Scheme_PrivateKey() {} diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index 857a5328a..a8631062d 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -29,14 +29,14 @@ bool encryption_consistency_check(RandomNumberGenerator& rng, if(encryptor.maximum_input_size() == 0) return true; - SecureVector<byte> plaintext = - rng.random_vec(encryptor.maximum_input_size() - 1); + std::vector<byte> plaintext = + unlock(rng.random_vec(encryptor.maximum_input_size() - 1)); - SecureVector<byte> ciphertext = encryptor.encrypt(plaintext, rng); + std::vector<byte> ciphertext = encryptor.encrypt(plaintext, rng); if(ciphertext == plaintext) return false; - SecureVector<byte> decrypted = decryptor.decrypt(ciphertext); + std::vector<byte> decrypted = unlock(decryptor.decrypt(ciphertext)); return (plaintext == decrypted); } @@ -51,9 +51,9 @@ bool signature_consistency_check(RandomNumberGenerator& rng, PK_Signer signer(key, padding); PK_Verifier verifier(key, padding); - SecureVector<byte> message = rng.random_vec(16); + std::vector<byte> message = unlock(rng.random_vec(16)); - SecureVector<byte> signature; + std::vector<byte> signature; try { diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 7490e1b64..87cf3d038 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -13,7 +13,7 @@ namespace Botan { NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -49,7 +49,7 @@ NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, } NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -80,7 +80,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : { } -SecureVector<byte> +secure_vector<byte> NR_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ NR_Signature_Operation::sign(const byte msg[], size_t msg_len, d = mod_q.reduce(k - x * c); } - SecureVector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*q.bytes()); c.binary_encode(&output[output.size() / 2 - c.bytes()]); d.binary_encode(&output[output.size() - d.bytes()]); return output; @@ -119,7 +119,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : mod_q = Modular_Reducer(nr.group_q()); } -SecureVector<byte> +secure_vector<byte> NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { const BigInt& q = mod_q.get_modulus(); @@ -137,7 +137,7 @@ NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt g_d = powermod_g_p(d); BigInt i = mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode(mod_q.reduce(c - i)); + return BigInt::encode_locked(mod_q.reduce(c - i)); } } diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 0d426fb3a..5be336a21 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -30,7 +30,7 @@ class BOTAN_DLL NR_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_q().bits() - 1); } NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); NR_PublicKey(const DL_Group& group, const BigInt& pub_key); protected: @@ -47,7 +47,7 @@ class BOTAN_DLL NR_PrivateKey : public NR_PublicKey, bool check_key(RandomNumberGenerator& rng, bool strong) const; NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); NR_PrivateKey(RandomNumberGenerator& rng, @@ -67,7 +67,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return (q.bits() - 1); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; @@ -90,7 +90,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], size_t msg_len); + secure_vector<byte> verify_mr(const byte msg[], size_t msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_algs.cpp b/src/pubkey/pk_algs.cpp index 9b3218ac4..863eb57e4 100644 --- a/src/pubkey/pk_algs.cpp +++ b/src/pubkey/pk_algs.cpp @@ -47,7 +47,7 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) + const secure_vector<byte>& key_bits) { const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "") @@ -102,7 +102,7 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, } Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) { const std::string alg_name = OIDS::lookup(alg_id.oid); diff --git a/src/pubkey/pk_algs.h b/src/pubkey/pk_algs.h index a1e65cb3d..d8f24a1b8 100644 --- a/src/pubkey/pk_algs.h +++ b/src/pubkey/pk_algs.h @@ -13,10 +13,10 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits); + const secure_vector<byte>& key_bits); Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); } diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h index 770949b59..a3b693956 100644 --- a/src/pubkey/pk_keys.h +++ b/src/pubkey/pk_keys.h @@ -69,7 +69,7 @@ class BOTAN_DLL Public_Key /** * @return X.509 subject key encoding for this key object */ - virtual MemoryVector<byte> x509_subject_public_key() const = 0; + virtual std::vector<byte> x509_subject_public_key() const = 0; virtual ~Public_Key() {} protected: @@ -89,7 +89,7 @@ class BOTAN_DLL Private_Key : public virtual Public_Key /** * @return PKCS #8 private key encoding for this key object */ - virtual MemoryVector<byte> pkcs8_private_key() const = 0; + virtual secure_vector<byte> pkcs8_private_key() const = 0; /** * @return PKCS #8 AlgorithmIdentifier for this key @@ -121,7 +121,7 @@ class BOTAN_DLL PK_Key_Agreement_Key : public virtual Private_Key /* * @return public component of this key */ - virtual MemoryVector<byte> public_value() const = 0; + virtual std::vector<byte> public_value() const = 0; virtual ~PK_Key_Agreement_Key() {} }; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index 51543cd33..8a08ef430 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -23,7 +23,7 @@ class BOTAN_DLL Encryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector<byte> encrypt(const byte msg[], size_t msg_len, + virtual secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} @@ -37,7 +37,7 @@ class BOTAN_DLL Decryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector<byte> decrypt(const byte msg[], + virtual secure_vector<byte> decrypt(const byte msg[], size_t msg_len) = 0; virtual ~Decryption() {} @@ -73,7 +73,7 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector<byte> sign(const byte msg[], size_t msg_len, + virtual secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Signature() {} @@ -130,7 +130,7 @@ class BOTAN_DLL Verification * @param msg_len the length of msg in bytes * @returns recovered message */ - virtual SecureVector<byte> verify_mr(const byte[], + virtual secure_vector<byte> verify_mr(const byte[], size_t) { throw Invalid_State("Message recovery not supported"); @@ -151,7 +151,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector<byte> agree(const byte w[], size_t w_len) = 0; + virtual secure_vector<byte> agree(const byte w[], size_t w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp index 57bb5c1e2..baf6d1250 100644 --- a/src/pubkey/pkcs8.cpp +++ b/src/pubkey/pkcs8.cpp @@ -24,10 +24,10 @@ namespace { /* * Get info from an EncryptedPrivateKeyInfo */ -SecureVector<byte> PKCS8_extract(DataSource& source, +secure_vector<byte> PKCS8_extract(DataSource& source, AlgorithmIdentifier& pbe_alg_id) { - SecureVector<byte> key_data; + secure_vector<byte> key_data; BER_Decoder(source) .start_cons(SEQUENCE) @@ -41,13 +41,13 @@ SecureVector<byte> PKCS8_extract(DataSource& source, /* * PEM decode and/or decrypt a private key */ -SecureVector<byte> PKCS8_decode( +secure_vector<byte> PKCS8_decode( DataSource& source, std::function<std::pair<bool,std::string> ()> get_passphrase, AlgorithmIdentifier& pk_alg_id) { AlgorithmIdentifier pbe_alg_id; - SecureVector<byte> key_data, key; + secure_vector<byte> key_data, key; bool is_encrypted = true; try { @@ -71,9 +71,9 @@ SecureVector<byte> PKCS8_decode( if(key_data.empty()) throw PKCS8_Exception("No key data found"); } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error("PKCS #8 private key decoding failed"); + throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); } if(!is_encrypted) @@ -131,7 +131,7 @@ SecureVector<byte> PKCS8_decode( /* * BER encode a PKCS #8 private key, unencrypted */ -SecureVector<byte> BER_encode(const Private_Key& key) +secure_vector<byte> BER_encode(const Private_Key& key) { const size_t PKCS8_VERSION = 0; @@ -155,7 +155,7 @@ std::string PEM_encode(const Private_Key& key) /* * BER encode a PKCS #8 private key, encrypted */ -SecureVector<byte> BER_encode(const Private_Key& key, +secure_vector<byte> BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo) @@ -203,7 +203,7 @@ Private_Key* load_key(DataSource& source, std::function<std::pair<bool, std::string> ()> get_pass) { AlgorithmIdentifier alg_id; - SecureVector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id); + secure_vector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id); const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "" || alg_name == alg_id.oid.as_string()) diff --git a/src/pubkey/pkcs8.h b/src/pubkey/pkcs8.h index d573fb460..fae1633a8 100644 --- a/src/pubkey/pkcs8.h +++ b/src/pubkey/pkcs8.h @@ -32,7 +32,7 @@ namespace PKCS8 { * @param key the private key to encode * @return BER encoded key */ -BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key); +BOTAN_DLL secure_vector<byte> BER_encode(const Private_Key& key); /** * Get a string containing a PEM encoded private key. @@ -51,7 +51,7 @@ BOTAN_DLL std::string PEM_encode(const Private_Key& key); default will be chosen. * @return encrypted key in binary BER form */ -BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key, +BOTAN_DLL secure_vector<byte> BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo = ""); diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index d0b74071c..370eeddbf 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -44,27 +44,27 @@ PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key, /* * Encrypt a message */ -SecureVector<byte> +std::vector<byte> PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const { if(eme) { - SecureVector<byte> encoded = + secure_vector<byte> encoded = eme->encode(in, length, op->max_input_bits(), rng); if(8*(encoded.size() - 1) + high_bit(encoded[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&encoded[0], encoded.size(), rng); + return unlock(op->encrypt(&encoded[0], encoded.size(), rng)); } else { if(8*(length - 1) + high_bit(in[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&in[0], length, rng); + return unlock(op->encrypt(&in[0], length, rng)); } } @@ -104,11 +104,11 @@ PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key, /* * Decrypt a message */ -SecureVector<byte> PK_Decryptor_EME::dec(const byte msg[], - size_t length) const +secure_vector<byte> PK_Decryptor_EME::dec(const byte msg[], + size_t length) const { try { - SecureVector<byte> decrypted = op->decrypt(msg, length); + secure_vector<byte> decrypted = op->decrypt(msg, length); if(eme) return eme->decode(decrypted, op->max_input_bits()); else @@ -156,7 +156,7 @@ PK_Signer::PK_Signer(const Private_Key& key, /* * Sign a message */ -SecureVector<byte> PK_Signer::sign_message(const byte msg[], size_t length, +std::vector<byte> PK_Signer::sign_message(const byte msg[], size_t length, RandomNumberGenerator& rng) { update(msg, length); @@ -174,16 +174,16 @@ void PK_Signer::update(const byte in[], size_t length) /* * Check the signature we just created, to help prevent fault attacks */ -bool PK_Signer::self_test_signature(const MemoryRegion<byte>& msg, - const MemoryRegion<byte>& sig) const +bool PK_Signer::self_test_signature(const std::vector<byte>& msg, + const std::vector<byte>& sig) const { if(!verify_op) return true; // checking disabled, assume ok if(verify_op->with_recovery()) { - SecureVector<byte> recovered = - verify_op->verify_mr(&sig[0], sig.size()); + std::vector<byte> recovered = + unlock(verify_op->verify_mr(&sig[0], sig.size())); if(msg.size() > recovered.size()) { @@ -206,13 +206,13 @@ bool PK_Signer::self_test_signature(const MemoryRegion<byte>& msg, /* * Create a signature */ -SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng) +std::vector<byte> PK_Signer::signature(RandomNumberGenerator& rng) { - SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(), - op->max_input_bits(), - rng); + std::vector<byte> encoded = unlock(emsa->encoding_of(emsa->raw_data(), + op->max_input_bits(), + rng)); - SecureVector<byte> plain_sig = op->sign(&encoded[0], encoded.size(), rng); + std::vector<byte> plain_sig = unlock(op->sign(&encoded[0], encoded.size(), rng)); BOTAN_ASSERT(self_test_signature(encoded, plain_sig), "PK_Signer consistency check failed"); @@ -234,7 +234,7 @@ SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng) .start_cons(SEQUENCE) .encode_list(sig_parts) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else throw Encoding_Error("PK_Signer: Unknown signature format " + @@ -307,7 +307,7 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) BER_Decoder ber_sig = decoder.start_cons(SEQUENCE); size_t count = 0; - SecureVector<byte> real_sig; + std::vector<byte> real_sig; while(ber_sig.more_items()) { BigInt sig_part; @@ -332,19 +332,19 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) /* * Verify a signature */ -bool PK_Verifier::validate_signature(const MemoryRegion<byte>& msg, +bool PK_Verifier::validate_signature(const secure_vector<byte>& msg, const byte sig[], size_t sig_len) { if(op->with_recovery()) { - SecureVector<byte> output_of_key = op->verify_mr(sig, sig_len); + secure_vector<byte> output_of_key = op->verify_mr(sig, sig_len); return emsa->verify(output_of_key, msg, op->max_input_bits()); } else { Null_RNG rng; - SecureVector<byte> encoded = + secure_vector<byte> encoded = emsa->encoding_of(msg, op->max_input_bits(), rng); return op->verify(&encoded[0], encoded.size(), sig, sig_len); @@ -377,7 +377,7 @@ SymmetricKey PK_Key_Agreement::derive_key(size_t key_len, const byte in[], size_t in_len, const byte params[], size_t params_len) const { - SecureVector<byte> z = op->agree(in, in_len); + secure_vector<byte> z = op->agree(in, in_len); if(!kdf) return z; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index cd813dc65..5013a1ed1 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -45,7 +45,7 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector<byte> encrypt(const byte in[], size_t length, + std::vector<byte> encrypt(const byte in[], size_t length, RandomNumberGenerator& rng) const { return enc(in, length, rng); @@ -57,8 +57,9 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector<byte> encrypt(const MemoryRegion<byte>& in, - RandomNumberGenerator& rng) const + template<typename Alloc> + std::vector<byte> encrypt(const std::vector<byte, Alloc>& in, + RandomNumberGenerator& rng) const { return enc(&in[0], in.size(), rng); } @@ -75,7 +76,7 @@ class BOTAN_DLL PK_Encryptor PK_Encryptor(const PK_Encryptor&) {} PK_Encryptor& operator=(const PK_Encryptor&) { return *this; } - virtual SecureVector<byte> enc(const byte[], size_t, + virtual std::vector<byte> enc(const byte[], size_t, RandomNumberGenerator&) const = 0; }; @@ -91,7 +92,7 @@ class BOTAN_DLL PK_Decryptor * @param length the length of the above byte array * @return decrypted message */ - SecureVector<byte> decrypt(const byte in[], size_t length) const + secure_vector<byte> decrypt(const byte in[], size_t length) const { return dec(in, length); } @@ -101,7 +102,8 @@ class BOTAN_DLL PK_Decryptor * @param in the ciphertext * @return decrypted message */ - SecureVector<byte> decrypt(const MemoryRegion<byte>& in) const + template<typename Alloc> + secure_vector<byte> decrypt(const std::vector<byte, Alloc>& in) const { return dec(&in[0], in.size()); } @@ -112,7 +114,7 @@ class BOTAN_DLL PK_Decryptor PK_Decryptor(const PK_Decryptor&) {} PK_Decryptor& operator=(const PK_Decryptor&) { return *this; } - virtual SecureVector<byte> dec(const byte[], size_t) const = 0; + virtual secure_vector<byte> dec(const byte[], size_t) const = 0; }; /** @@ -130,7 +132,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector<byte> sign_message(const byte in[], size_t length, + std::vector<byte> sign_message(const byte in[], size_t length, RandomNumberGenerator& rng); /** @@ -139,8 +141,12 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector<byte> sign_message(const MemoryRegion<byte>& in, - RandomNumberGenerator& rng) + std::vector<byte> sign_message(const std::vector<byte>& in, + RandomNumberGenerator& rng) + { return sign_message(&in[0], in.size(), rng); } + + std::vector<byte> sign_message(const secure_vector<byte>& in, + RandomNumberGenerator& rng) { return sign_message(&in[0], in.size(), rng); } /** @@ -160,7 +166,7 @@ class BOTAN_DLL PK_Signer * Add a message part. * @param in the message part to add */ - void update(const MemoryRegion<byte>& in) { update(&in[0], in.size()); } + void update(const std::vector<byte>& in) { update(&in[0], in.size()); } /** * Get the signature of the so far processed message (provided by the @@ -168,7 +174,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature of the total message */ - SecureVector<byte> signature(RandomNumberGenerator& rng); + std::vector<byte> signature(RandomNumberGenerator& rng); /** * Set the output format of the signature. @@ -191,8 +197,8 @@ class BOTAN_DLL PK_Signer ~PK_Signer() { delete op; delete verify_op; delete emsa; } private: - bool self_test_signature(const MemoryRegion<byte>& msg, - const MemoryRegion<byte>& sig) const; + bool self_test_signature(const std::vector<byte>& msg, + const std::vector<byte>& sig) const; PK_Signer(const PK_Signer&) {} PK_Signer& operator=(const PK_Signer&) { return *this; } @@ -227,8 +233,9 @@ class BOTAN_DLL PK_Verifier * @param sig the signature * @return true if the signature is valid */ - bool verify_message(const MemoryRegion<byte>& msg, - const MemoryRegion<byte>& sig) + template<typename Alloc, typename Alloc2> + bool verify_message(const std::vector<byte, Alloc>& msg, + const std::vector<byte, Alloc2>& sig) { return verify_message(&msg[0], msg.size(), &sig[0], sig.size()); @@ -254,7 +261,7 @@ class BOTAN_DLL PK_Verifier * signature to be verified. * @param in the new message part */ - void update(const MemoryRegion<byte>& in) + void update(const std::vector<byte>& in) { update(&in[0], in.size()); } /** @@ -272,7 +279,8 @@ class BOTAN_DLL PK_Verifier * @param sig the signature to be verified * @return true if the signature is valid, false otherwise */ - bool check_signature(const MemoryRegion<byte>& sig) + template<typename Alloc> + bool check_signature(const std::vector<byte, Alloc>& sig) { return check_signature(&sig[0], sig.size()); } @@ -298,7 +306,7 @@ class BOTAN_DLL PK_Verifier PK_Verifier(const PK_Verifier&) {} PK_Verifier& operator=(const PK_Verifier&) { return *this; } - bool validate_signature(const MemoryRegion<byte>& msg, + bool validate_signature(const secure_vector<byte>& msg, const byte sig[], size_t sig_len); PK_Ops::Verification* op; @@ -336,7 +344,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params_len the length of params in bytes */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion<byte>& in, + const std::vector<byte>& in, const byte params[], size_t params_len) const { @@ -367,7 +375,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params extra derivation params */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion<byte>& in, + const std::vector<byte>& in, const std::string& params = "") const { return derive_key(key_len, &in[0], in.size(), @@ -410,7 +418,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor ~PK_Encryptor_EME() { delete op; delete eme; } private: - SecureVector<byte> enc(const byte[], size_t, + std::vector<byte> enc(const byte[], size_t, RandomNumberGenerator& rng) const; PK_Ops::Encryption* op; @@ -433,7 +441,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor ~PK_Decryptor_EME() { delete op; delete eme; } private: - SecureVector<byte> dec(const byte[], size_t) const; + secure_vector<byte> dec(const byte[], size_t) const; PK_Ops::Decryption* op; const EME* eme; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 2da366699..22474d7d5 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -88,7 +88,7 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const return mul_add(j1, q, j2); } -SecureVector<byte> +secure_vector<byte> RSA_Private_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { @@ -105,7 +105,7 @@ RSA_Private_Operation::sign(const byte msg[], size_t msg_len, /* * RSA Decryption Operation */ -SecureVector<byte> +secure_vector<byte> RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -114,7 +114,7 @@ RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) BOTAN_ASSERT(m == powermod_e_n(x), "RSA private op failed consistency check"); - return BigInt::encode(x); + return BigInt::encode_locked(x); } } diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index dddecdbed..0942d92ad 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -24,7 +24,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RSA"; } RSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -51,7 +51,7 @@ class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; RSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -94,10 +94,10 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); - SecureVector<byte> decrypt(const byte msg[], size_t msg_len); + secure_vector<byte> decrypt(const byte msg[], size_t msg_len); private: BigInt private_op(const BigInt& m) const; @@ -124,17 +124,17 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> encrypt(const byte msg[], size_t msg_len, + secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], size_t msg_len) + secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index dab84b59f..c41b18101 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -70,7 +70,7 @@ RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : { } -SecureVector<byte> +secure_vector<byte> RW_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -101,7 +101,7 @@ RW_Signature_Operation::sign(const byte msg[], size_t msg_len, return BigInt::encode_1363(r, n.bytes()); } -SecureVector<byte> +secure_vector<byte> RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -111,15 +111,15 @@ RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt r = powermod_e_n(m); if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); r = n - r; if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); throw Invalid_Argument("RW signature verification: Invalid signature"); } diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index b8d92eb3a..1e918e70c 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -24,7 +24,7 @@ class BOTAN_DLL RW_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RW"; } RW_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits) : + const secure_vector<byte>& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -44,7 +44,7 @@ class BOTAN_DLL RW_PrivateKey : public RW_PublicKey, { public: RW_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion<byte>& key_bits, + const secure_vector<byte>& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -69,7 +69,7 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector<byte> sign(const byte msg[], size_t msg_len, + secure_vector<byte> sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& n; @@ -95,7 +95,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], size_t msg_len); + secure_vector<byte> verify_mr(const byte msg[], size_t msg_len); private: const BigInt& n; diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp index 4714b1285..1b0ce46b3 100644 --- a/src/pubkey/x509_key.cpp +++ b/src/pubkey/x509_key.cpp @@ -18,14 +18,14 @@ namespace Botan { namespace X509 { -MemoryVector<byte> BER_encode(const Public_Key& key) +std::vector<byte> BER_encode(const Public_Key& key) { return DER_Encoder() .start_cons(SEQUENCE) .encode(key.algorithm_identifier()) .encode(key.x509_subject_public_key(), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -44,7 +44,7 @@ Public_Key* load_key(DataSource& source) { try { AlgorithmIdentifier alg_id; - MemoryVector<byte> key_bits; + secure_vector<byte> key_bits; if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { @@ -92,7 +92,7 @@ Public_Key* load_key(const std::string& fsname) /* * Extract a public key and return it */ -Public_Key* load_key(const MemoryRegion<byte>& mem) +Public_Key* load_key(const secure_vector<byte>& mem) { DataSource_Memory source(mem); return X509::load_key(source); diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h index 3fdee8cde..9d4c883a1 100644 --- a/src/pubkey/x509_key.h +++ b/src/pubkey/x509_key.h @@ -26,7 +26,7 @@ namespace X509 { * @param key the public key to encode * @return BER encoding of this key */ -BOTAN_DLL MemoryVector<byte> BER_encode(const Public_Key& key); +BOTAN_DLL std::vector<byte> BER_encode(const Public_Key& key); /** * PEM encode a public key into a string. @@ -54,7 +54,7 @@ BOTAN_DLL Public_Key* load_key(const std::string& filename); * @param enc the memory region containing the DER or PEM encoded key * @return new public key object */ -BOTAN_DLL Public_Key* load_key(const MemoryRegion<byte>& enc); +BOTAN_DLL Public_Key* load_key(const secure_vector<byte>& enc); /** * Copy a key. diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 311942c19..da7535b18 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -15,7 +15,7 @@ namespace Botan { namespace { void hmac_prf(MessageAuthenticationCode* prf, - MemoryRegion<byte>& K, + secure_vector<byte>& K, u32bit& counter, const std::string& label) { @@ -200,7 +200,7 @@ HMAC_RNG::HMAC_RNG(MessageAuthenticationCode* extractor_mac, the estimated entropy counter is high enough. That variable is only set when a reseeding is performed. */ - MemoryVector<byte> prf_key(extractor->output_length()); + secure_vector<byte> prf_key(extractor->output_length()); prf->set_key(prf_key); /* diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h index fc6a14f3a..1e70c00a7 100644 --- a/src/rng/hmac_rng/hmac_rng.h +++ b/src/rng/hmac_rng/hmac_rng.h @@ -51,7 +51,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator std::vector<EntropySource*> entropy_sources; bool seeded; - SecureVector<byte> K, io_buffer; + secure_vector<byte> K, io_buffer; size_t user_input_len; u32bit counter; }; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 51354db12..ef55f3975 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -56,7 +56,7 @@ void Randpool::update_buffer() mac->update(static_cast<byte>(GEN_OUTPUT)); mac->update(counter); - SecureVector<byte> mac_val = mac->final(); + secure_vector<byte> mac_val = mac->final(); for(size_t i = 0; i != mac_val.size(); ++i) buffer[i % buffer.size()] ^= mac_val[i]; @@ -112,7 +112,7 @@ void Randpool::reseed(size_t poll_bits) } } - SecureVector<byte> mac_val = mac->final(); + secure_vector<byte> mac_val = mac->final(); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); @@ -126,7 +126,7 @@ void Randpool::reseed(size_t poll_bits) */ void Randpool::add_entropy(const byte input[], size_t length) { - SecureVector<byte> mac_val = mac->process(input, length); + secure_vector<byte> mac_val = mac->process(input, length); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h index ed224221c..64572bcfb 100644 --- a/src/rng/randpool/randpool.h +++ b/src/rng/randpool/randpool.h @@ -52,7 +52,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator MessageAuthenticationCode* mac; std::vector<EntropySource*> entropy_sources; - SecureVector<byte> pool, buffer, counter; + secure_vector<byte> pool, buffer, counter; bool seeded; }; diff --git a/src/rng/rng.h b/src/rng/rng.h index c078ef08f..12b423e7c 100644 --- a/src/rng/rng.h +++ b/src/rng/rng.h @@ -37,9 +37,9 @@ class BOTAN_DLL RandomNumberGenerator * @param bytes number of bytes in the result * @return randomized vector of length bytes */ - SecureVector<byte> random_vec(size_t bytes) + secure_vector<byte> random_vec(size_t bytes) { - SecureVector<byte> output(bytes); + secure_vector<byte> output(bytes); randomize(&output[0], output.size()); return output; } diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp index ac77b4344..7562c7ad5 100644 --- a/src/rng/x931_rng/x931_rng.cpp +++ b/src/rng/x931_rng/x931_rng.cpp @@ -40,7 +40,7 @@ void ANSI_X931_RNG::update_buffer() { const size_t BLOCK_SIZE = cipher->block_size(); - SecureVector<byte> DT = prng->random_vec(BLOCK_SIZE); + secure_vector<byte> DT = prng->random_vec(BLOCK_SIZE); cipher->encrypt(DT); xor_buf(&R[0], &V[0], &DT[0], BLOCK_SIZE); diff --git a/src/rng/x931_rng/x931_rng.h b/src/rng/x931_rng/x931_rng.h index 41fa9328b..c8a1b8707 100644 --- a/src/rng/x931_rng/x931_rng.h +++ b/src/rng/x931_rng/x931_rng.h @@ -42,7 +42,7 @@ class BOTAN_DLL ANSI_X931_RNG : public RandomNumberGenerator BlockCipher* cipher; RandomNumberGenerator* prng; - SecureVector<byte> V, R; + secure_vector<byte> V, R; size_t position; }; diff --git a/src/stream/arc4/arc4.h b/src/stream/arc4/arc4.h index e3df97f83..8f8de87b6 100644 --- a/src/stream/arc4/arc4.h +++ b/src/stream/arc4/arc4.h @@ -44,9 +44,9 @@ class BOTAN_DLL ARC4 : public StreamCipher const size_t SKIP; byte X, Y; - SecureVector<byte> state; + secure_vector<byte> state; - SecureVector<byte> buffer; + secure_vector<byte> buffer; size_t position; }; diff --git a/src/stream/ctr/ctr.h b/src/stream/ctr/ctr.h index 64b43b0f5..9f391da7e 100644 --- a/src/stream/ctr/ctr.h +++ b/src/stream/ctr/ctr.h @@ -48,7 +48,7 @@ class BOTAN_DLL CTR_BE : public StreamCipher void increment_counter(); BlockCipher* permutation; - SecureVector<byte> counter, buffer; + secure_vector<byte> counter, buffer; size_t position; }; diff --git a/src/stream/ofb/ofb.h b/src/stream/ofb/ofb.h index c4d8b2601..9d4fd882f 100644 --- a/src/stream/ofb/ofb.h +++ b/src/stream/ofb/ofb.h @@ -47,7 +47,7 @@ class BOTAN_DLL OFB : public StreamCipher void key_schedule(const byte key[], size_t key_len); BlockCipher* permutation; - SecureVector<byte> buffer; + secure_vector<byte> buffer; size_t position; }; diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index 7d062befe..65ee3d758 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -193,7 +193,7 @@ void Salsa20::set_iv(const byte iv[], size_t length) state[8] = load_le<u32bit>(iv, 2); state[9] = load_le<u32bit>(iv, 3); - SecureVector<u32bit> hsalsa(8); + secure_vector<u32bit> hsalsa(8); hsalsa20(&hsalsa[0], &state[0]); state[ 1] = hsalsa[0]; diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h index d9645015f..ac2a9b33a 100644 --- a/src/stream/salsa20/salsa20.h +++ b/src/stream/salsa20/salsa20.h @@ -38,8 +38,8 @@ class BOTAN_DLL Salsa20 : public StreamCipher private: void key_schedule(const byte key[], size_t key_len); - SecureVector<u32bit> state; - SecureVector<byte> buffer; + secure_vector<u32bit> state; + secure_vector<byte> buffer; size_t position; }; diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 697c660ed..c455185b0 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -17,7 +17,7 @@ namespace { /* * Perform an N-way PHT */ -inline void PHT(MemoryRegion<u32bit>& B) +inline void PHT(secure_vector<u32bit>& B) { u32bit sum = 0; for(size_t i = 0; i < B.size() - 1; ++i) @@ -284,7 +284,7 @@ void Turing::set_iv(const byte iv[], size_t length) if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); - SecureVector<u32bit> IV(length / 4); + secure_vector<u32bit> IV(length / 4); for(size_t i = 0; i != length; ++i) IV[i/4] = (IV[i/4] << 8) + iv[i]; diff --git a/src/stream/turing/turing.h b/src/stream/turing/turing.h index aff314080..84bfbe9c0 100644 --- a/src/stream/turing/turing.h +++ b/src/stream/turing/turing.h @@ -45,10 +45,10 @@ class BOTAN_DLL Turing : public StreamCipher static const u32bit Q_BOX[256]; static const byte SBOX[256]; - SecureVector<u32bit> S0, S1, S2, S3; - SecureVector<u32bit> R; - SecureVector<u32bit> K; - SecureVector<byte> buffer; + secure_vector<u32bit> S0, S1, S2, S3; + secure_vector<u32bit> R; + secure_vector<u32bit> K; + secure_vector<byte> buffer; size_t position; }; diff --git a/src/stream/wid_wake/wid_wake.h b/src/stream/wid_wake/wid_wake.h index 05842a574..ca8d9a316 100644 --- a/src/stream/wid_wake/wid_wake.h +++ b/src/stream/wid_wake/wid_wake.h @@ -45,10 +45,10 @@ class BOTAN_DLL WiderWake_41_BE : public StreamCipher void generate(size_t); - SecureVector<u32bit> T; - SecureVector<u32bit> state; - SecureVector<u32bit> t_key; - SecureVector<byte> buffer; + secure_vector<u32bit> T; + secure_vector<u32bit> state; + secure_vector<u32bit> t_key; + secure_vector<byte> buffer; size_t position; }; diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index df3957a4b..e63dc91ba 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -21,14 +21,14 @@ enum { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }; -MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) +std::vector<byte> make_hello_random(RandomNumberGenerator& rng) { - MemoryVector<byte> buf(32); + std::vector<byte> buf(32); const u32bit time32 = static_cast<u32bit>( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); - store_be(time32, buf); + store_be(time32, &buf[0]); rng.randomize(&buf[4], buf.size() - 4); return buf; } @@ -44,7 +44,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) /* * Deserialize a Hello Request message */ -Hello_Request::Hello_Request(const MemoryRegion<byte>& buf) +Hello_Request::Hello_Request(const std::vector<byte>& buf) { if(buf.size()) throw Decoding_Error("Bad Hello_Request, has non-zero size"); @@ -53,9 +53,9 @@ Hello_Request::Hello_Request(const MemoryRegion<byte>& buf) /* * Serialize a Hello Request message */ -MemoryVector<byte> Hello_Request::serialize() const +std::vector<byte> Hello_Request::serialize() const { - return MemoryVector<byte>(); + return std::vector<byte>(); } /* @@ -65,7 +65,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool next_protocol, const std::string& hostname, const std::string& srp_identifier) : @@ -101,7 +101,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, const Session& session, bool next_protocol) : m_version(session.version()), @@ -140,7 +140,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, /* * Read a counterparty client hello */ -Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type) +Client_Hello::Client_Hello(const std::vector<byte>& buf, Handshake_Type type) { m_next_protocol = false; m_secure_renegotiation = false; @@ -158,9 +158,9 @@ Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type) /* * Serialize a Client Hello message */ -MemoryVector<byte> Client_Hello::serialize() const +std::vector<byte> Client_Hello::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -202,7 +202,7 @@ MemoryVector<byte> Client_Hello::serialize() const return buf; } -void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) +void Client_Hello::deserialize_sslv2(const std::vector<byte>& buf) { if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); @@ -243,7 +243,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) /* * Deserialize a Client Hello message */ -void Client_Hello::deserialize(const MemoryRegion<byte>& buf) +void Client_Hello::deserialize(const std::vector<byte>& buf) { if(buf.size() == 0) throw Decoding_Error("Client_Hello: Packet corrupted"); diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index f97081383..5ff9ec1ce 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -26,7 +26,7 @@ namespace TLS { namespace { -SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) +secure_vector<byte> strip_leading_zeros(const secure_vector<byte>& input) { size_t leading_zeros = 0; @@ -37,8 +37,8 @@ SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) ++leading_zeros; } - SecureVector<byte> output(&input[leading_zeros], - input.size() - leading_zeros); + secure_vector<byte> output(&input[leading_zeros], + &input[input.size()-1]); return output; } @@ -76,7 +76,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); - MemoryVector<byte> zeros(psk.length()); + std::vector<byte> zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); @@ -124,7 +124,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector<byte> dh_secret = strip_leading_zeros( + secure_vector<byte> dh_secret = strip_leading_zeros( ka.derive_key(0, counterparty_key.public_value()).bits_of()); if(kex_algo == "DH") @@ -153,7 +153,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, EC_Group group(name); - MemoryVector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); + std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); @@ -161,7 +161,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector<byte> ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); + secure_vector<byte> ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); if(kex_algo == "ECDH") pre_master = ecdh_secret; @@ -177,7 +177,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, { const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - MemoryVector<byte> salt = reader.get_range<byte>(1, 1, 255); + std::vector<byte> salt = reader.get_range<byte>(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const std::string srp_group = srp6_group_identifier(N, g); @@ -228,7 +228,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15"); - MemoryVector<byte> encrypted_key = encryptor.encrypt(pre_master, rng); + std::vector<byte> encrypted_key = encryptor.encrypt(pre_master, rng); if(state->version() == Protocol_Version::SSL_V3) key_material = encrypted_key; // no length field @@ -247,7 +247,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, /* * Read a Client Key Exchange message */ -Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, +Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, @@ -326,7 +326,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, if(kex_algo == "PSK") { - MemoryVector<byte> zeros(psk.length()); + std::vector<byte> zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); } @@ -352,14 +352,14 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, { PK_Key_Agreement ka(*ka_key, "Raw"); - MemoryVector<byte> client_pubkey; + std::vector<byte> client_pubkey; if(ka_key->algo_name() == "DH") client_pubkey = reader.get_range<byte>(2, 0, 65535); else client_pubkey = reader.get_range<byte>(1, 0, 255); - SecureVector<byte> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); + secure_vector<byte> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") shared_secret = strip_leading_zeros(shared_secret); diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 1b686c1c4..6ec5339bb 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -80,7 +80,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, /** * Deserialize a Certificate Request message */ -Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, +Certificate_Req::Certificate_Req(const std::vector<byte>& buf, Protocol_Version version) { if(buf.size() < 4) @@ -141,9 +141,9 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, /** * Serialize a Certificate Request message */ -MemoryVector<byte> Certificate_Req::serialize() const +std::vector<byte> Certificate_Req::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; std::vector<byte> cert_types; @@ -155,7 +155,7 @@ MemoryVector<byte> Certificate_Req::serialize() const if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); - MemoryVector<byte> encoded_names; + std::vector<byte> encoded_names; for(size_t i = 0; i != names.size(); ++i) { @@ -184,7 +184,7 @@ Certificate::Certificate(Record_Writer& writer, /** * Deserialize a Certificate message */ -Certificate::Certificate(const MemoryRegion<byte>& buf) +Certificate::Certificate(const std::vector<byte>& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); @@ -196,14 +196,14 @@ Certificate::Certificate(const MemoryRegion<byte>& buf) const byte* certs = &buf[3]; - while(certs != buf.end()) + while(size_t remaining_bytes = &buf[buf.size()] - certs) { - if(buf.end() - certs < 3) + if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); - if(buf.end() - certs < (3 + cert_size)) + if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); DataSource_Memory cert_buf(&certs[3], cert_size); @@ -216,13 +216,13 @@ Certificate::Certificate(const MemoryRegion<byte>& buf) /** * Serialize a Certificate message */ -MemoryVector<byte> Certificate::serialize() const +std::vector<byte> Certificate::serialize() const { - MemoryVector<byte> buf(3); + std::vector<byte> buf(3); for(size_t i = 0; i != m_certs.size(); ++i) { - MemoryVector<byte> raw_cert = m_certs[i].BER_encode(); + std::vector<byte> raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte<u32bit>(i+1, cert_size)); diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 0a377b35f..e6d90b060 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -33,7 +33,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector<byte> md5_sha = state->hash.final_ssl3( + secure_vector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); if(priv_key->algo_name() == "DSA") @@ -52,7 +52,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, /* * Deserialize a Certificate Verify message */ -Certificate_Verify::Certificate_Verify(const MemoryRegion<byte>& buf, +Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf, Protocol_Version version) { TLS_Data_Reader reader(buf); @@ -69,9 +69,9 @@ Certificate_Verify::Certificate_Verify(const MemoryRegion<byte>& buf, /* * Serialize a Certificate Verify message */ -MemoryVector<byte> Certificate_Verify::serialize() const +std::vector<byte> Certificate_Verify::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; if(hash_algo != "" && sig_algo != "") { @@ -102,7 +102,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector<byte> md5_sha = state->hash.final_ssl3( + secure_vector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index bb6e8d20e..c8ae4a343 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -18,7 +18,7 @@ namespace { /* * Compute the verify_data */ -MemoryVector<byte> finished_compute_verify(Handshake_State* state, +std::vector<byte> finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version() == Protocol_Version::SSL_V3) @@ -28,14 +28,14 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, Handshake_Hash hash = state->hash; // don't modify state - MemoryVector<byte> ssl3_finished; + std::vector<byte> ssl3_finished; if(side == CLIENT) hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL)); else hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL)); - return hash.final_ssl3(state->keys.master_secret()); + return unlock(hash.final_ssl3(state->keys.master_secret())); } else { @@ -49,7 +49,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, std::unique_ptr<KDF> prf(state->protocol_specific_prf()); - MemoryVector<byte> input; + std::vector<byte> input; if(side == CLIENT) input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else @@ -57,7 +57,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, input += state->hash.final(state->version(), state->suite.mac_algo()); - return prf->derive_key(12, state->keys.master_secret(), input); + return unlock(prf->derive_key(12, state->keys.master_secret(), input)); } } @@ -77,7 +77,7 @@ Finished::Finished(Record_Writer& writer, /* * Serialize a Finished message */ -MemoryVector<byte> Finished::serialize() const +std::vector<byte> Finished::serialize() const { return verification_data; } @@ -85,7 +85,7 @@ MemoryVector<byte> Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const MemoryRegion<byte>& buf) +Finished::Finished(const std::vector<byte>& buf) { verification_data = buf; } diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index e844d7f72..c77076e4c 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -13,7 +13,7 @@ namespace Botan { namespace TLS { -Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion<byte>& buf) +Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& buf) { if(buf.size() < 3) throw Decoding_Error("Hello verify request too small"); @@ -25,7 +25,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion<byte>& buf) copy_mem(&m_cookie[0], &buf[2], buf.size() - 2); } -Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hello_bits, +Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key) { @@ -37,10 +37,10 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hell hmac->update_be(client_identity.size()); hmac->update(client_identity); - m_cookie = hmac->final(); + m_cookie = unlock(hmac->final()); } -MemoryVector<byte> Hello_Verify_Request::serialize() const +std::vector<byte> Hello_Verify_Request::serialize() const { /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be @@ -49,7 +49,7 @@ MemoryVector<byte> Hello_Verify_Request::serialize() const Protocol_Version format_version(Protocol_Version::TLS_V11); - MemoryVector<byte> bits; + std::vector<byte> bits; bits.push_back(format_version.major_version()); bits.push_back(format_version.minor_version()); bits += m_cookie; diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index 17b77fb6e..adf9acbe9 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -22,7 +22,7 @@ Next_Protocol::Next_Protocol(Record_Writer& writer, hash.update(writer.send(*this)); } -Next_Protocol::Next_Protocol(const MemoryRegion<byte>& buf) +Next_Protocol::Next_Protocol(const std::vector<byte>& buf) { TLS_Data_Reader reader(buf); @@ -31,9 +31,9 @@ Next_Protocol::Next_Protocol(const MemoryRegion<byte>& buf) reader.get_range_vector<byte>(1, 0, 255); // padding, ignored } -MemoryVector<byte> Next_Protocol::serialize() const +std::vector<byte> Next_Protocol::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; append_tls_length_value(buf, reinterpret_cast<const byte*>(m_protocol.data()), diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index b240f4703..4a1d6aac1 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -165,7 +165,7 @@ size_t Record_Reader::fill_buffer_to(const byte*& input, size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, size_t& consumed, byte& msg_type, - MemoryVector<byte>& msg) + std::vector<byte>& msg) { const byte* input = &input_array[0]; @@ -333,7 +333,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, ++m_seq_no; - m_mac->final(m_macbuf); + m_mac->final(&m_macbuf[0]); const size_t mac_offset = record_len - (m_macbuf.size() + pad_size); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 3a54d7931..63383f85e 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -146,10 +146,10 @@ void Record_Writer::activate(Connection_Side side, throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); } -MemoryVector<byte> Record_Writer::send(Handshake_Message& msg) +std::vector<byte> Record_Writer::send(Handshake_Message& msg) { - const MemoryVector<byte> buf = msg.serialize(); - MemoryVector<byte> send_buf(4); + const std::vector<byte> buf = msg.serialize(); + std::vector<byte> send_buf(4); const size_t buf_size = buf.size(); diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 1244dd2d8..d4cc4a1ab 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -21,13 +21,13 @@ namespace TLS { */ Server_Hello::Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& session_id, + const std::vector<byte>& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector<std::string>& next_protocols, @@ -53,7 +53,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, /* * Deserialize a Server Hello message */ -Server_Hello::Server_Hello(const MemoryRegion<byte>& buf) +Server_Hello::Server_Hello(const std::vector<byte>& buf) { m_secure_renegotiation = false; m_supports_session_ticket = false; @@ -118,9 +118,9 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf) /* * Serialize a Server Hello message */ -MemoryVector<byte> Server_Hello::serialize() const +std::vector<byte> Server_Hello::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -167,7 +167,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, /* * Deserialize a Server Hello Done message */ -Server_Hello_Done::Server_Hello_Done(const MemoryRegion<byte>& buf) +Server_Hello_Done::Server_Hello_Done(const std::vector<byte>& buf) { if(buf.size()) throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); @@ -176,9 +176,9 @@ Server_Hello_Done::Server_Hello_Done(const MemoryRegion<byte>& buf) /* * Serialize a Server Hello Done message */ -MemoryVector<byte> Server_Hello_Done::serialize() const +std::vector<byte> Server_Hello_Done::serialize() const { - return MemoryVector<byte>(); + return std::vector<byte>(); } } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 34cd872ac..d28b44857 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -95,7 +95,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, std::string group_id; BigInt v; - MemoryVector<byte> salt; + std::vector<byte> salt; const bool found = creds.srp_verifier("tls-server", hostname, srp_identifier, @@ -142,7 +142,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, /** * Deserialize a Server Key Exchange message */ -Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, +Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, const std::string& kex_algo, const std::string& sig_algo, Protocol_Version version) : @@ -186,7 +186,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); - MemoryVector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); + std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + @@ -203,7 +203,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - MemoryVector<byte> salt = reader.get_range<byte>(1, 1, 255); + std::vector<byte> salt = reader.get_range<byte>(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); append_tls_length_value(m_params, BigInt::encode(N), 2); @@ -236,9 +236,9 @@ Server_Key_Exchange::~Server_Key_Exchange() /** * Serialize a Server Key Exchange message */ -MemoryVector<byte> Server_Key_Exchange::serialize() const +std::vector<byte> Server_Key_Exchange::serialize() const { - MemoryVector<byte> buf = params(); + std::vector<byte> buf = params(); if(m_signature.size()) { diff --git a/src/tls/session_ticket.cpp b/src/tls/session_ticket.cpp index 273996a16..8cee2a454 100644 --- a/src/tls/session_ticket.cpp +++ b/src/tls/session_ticket.cpp @@ -17,7 +17,7 @@ namespace TLS { New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, u32bit lifetime) : m_ticket_lifetime_hint(lifetime), m_ticket(ticket) @@ -32,7 +32,7 @@ New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, hash.update(writer.send(*this)); } -New_Session_Ticket::New_Session_Ticket(const MemoryRegion<byte>& buf) : +New_Session_Ticket::New_Session_Ticket(const std::vector<byte>& buf) : m_ticket_lifetime_hint(0) { if(buf.size() < 6) @@ -44,9 +44,9 @@ New_Session_Ticket::New_Session_Ticket(const MemoryRegion<byte>& buf) : m_ticket = reader.get_range<byte>(2, 0, 65535); } -MemoryVector<byte> New_Session_Ticket::serialize() const +std::vector<byte> New_Session_Ticket::serialize() const { - MemoryVector<byte> buf(4); + std::vector<byte> buf(4); store_be(m_ticket_lifetime_hint, &buf[0]); append_tls_length_value(buf, m_ticket, 2); return buf; diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index f4d0e1034..b6aaa3498 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -53,7 +53,7 @@ class sqlite3_statement bind(column, timeval); } - void bind(int column, const MemoryRegion<byte>& val) + void bind(int column, const std::vector<byte>& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); if(rc != SQLITE_OK) @@ -137,7 +137,7 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - SecureVector<byte> x = pbkdf->derive_key(32 + 3, + std::vector<byte> x = pbkdf->derive_key(32 + 3, passphrase, salt, salt_len, iterations).bits_of(); @@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, // new database case - MemoryVector<byte> salt = rng.random_vec(16); + std::vector<byte> salt = rng.random_vec(16); const size_t iterations = 64 * 1024; size_t check_val = 0; @@ -240,7 +240,7 @@ Session_Manager_SQLite::~Session_Manager_SQLite() sqlite3_close(m_db); } -bool Session_Manager_SQLite::load_from_session_id(const MemoryRegion<byte>& session_id, +bool Session_Manager_SQLite::load_from_session_id(const std::vector<byte>& session_id, Session& session) { sqlite3_statement stmt(m_db, "select session from tls_sessions where session_id = ?1"); @@ -300,7 +300,7 @@ bool Session_Manager_SQLite::load_from_host_info(const std::string& hostname, return false; } -void Session_Manager_SQLite::remove_entry(const MemoryRegion<byte>& session_id) +void Session_Manager_SQLite::remove_entry(const std::vector<byte>& session_id) { sqlite3_statement stmt(m_db, "delete from tls_sessions where session_id = ?1"); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index cac7affd0..923915496 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -40,13 +40,13 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager ~Session_Manager_SQLite(); - bool load_from_session_id(const MemoryRegion<byte>& session_id, + bool load_from_session_id(const std::vector<byte>& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion<byte>& session_id); + void remove_entry(const std::vector<byte>& session_id); void save(const Session& session_data); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index dee082bac..5bc2e7484 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Alert::Alert(const MemoryRegion<byte>& buf) +Alert::Alert(const std::vector<byte>& buf) { if(buf.size() != 2) throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + diff --git a/src/tls/tls_alert.h b/src/tls/tls_alert.h index 3dfff3d29..b3001f259 100644 --- a/src/tls/tls_alert.h +++ b/src/tls/tls_alert.h @@ -82,7 +82,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const MemoryRegion<byte>& buf); + Alert(const std::vector<byte>& buf); Alert(Type alert_type, bool is_fatal = false) : fatal(is_fatal), type_code(alert_type) {} diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 7a66eb946..ff6722b5e 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -43,7 +43,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) while(buf_size) { byte rec_type = CONNECTION_CLOSED; - MemoryVector<byte> record; + std::vector<byte> record; size_t consumed = 0; const size_t needed = reader.add_input(buf, buf_size, @@ -67,12 +67,12 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) { Heartbeat_Message heartbeat(record); - const MemoryRegion<byte>& payload = heartbeat.payload(); + const std::vector<byte>& payload = heartbeat.payload(); if(heartbeat.is_request() && !state) { Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload, payload.size()); + &payload[0], payload.size()); writer.send(HEARTBEAT, response.contents()); } @@ -159,7 +159,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) * Split up and process handshake messages */ void Channel::read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf) + const std::vector<byte>& rec_buf) { if(rec_type == HANDSHAKE) { @@ -178,7 +178,7 @@ void Channel::read_handshake(byte rec_type, { if(state->handshake_reader()->have_full_record()) { - std::pair<Handshake_Type, MemoryVector<byte> > msg = + std::pair<Handshake_Type, std::vector<byte> > msg = state->handshake_reader()->get_next_record(); process_handshake_msg(msg.first, msg.second); } @@ -188,7 +188,7 @@ void Channel::read_handshake(byte rec_type, else if(rec_type == CHANGE_CIPHER_SPEC) { if(state->handshake_reader()->empty() && rec_buf.size() == 1 && rec_buf[0] == 1) - process_handshake_msg(HANDSHAKE_CCS, MemoryVector<byte>()); + process_handshake_msg(HANDSHAKE_CCS, std::vector<byte>()); else throw Decoding_Error("Malformed ChangeCipherSpec message"); } @@ -259,7 +259,7 @@ void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) if(client_hello->secure_renegotiation()) { - const MemoryVector<byte>& data = client_hello->renegotiation_info(); + const std::vector<byte>& data = client_hello->renegotiation_info(); if(initial_handshake) { @@ -294,7 +294,7 @@ void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) if(secure_renegotiation) { - const MemoryVector<byte>& data = server_hello->renegotiation_info(); + const std::vector<byte>& data = server_hello->renegotiation_info(); if(initial_handshake) { diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index d1131460b..46dafc416 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -92,10 +92,10 @@ class BOTAN_DLL Channel void send_alert(const Alert& alert); virtual void read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf); + const std::vector<byte>& rec_buf); virtual void process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) = 0; + const std::vector<byte>& contents) = 0; virtual void alert_notify(const Alert& alert) = 0; @@ -122,12 +122,12 @@ class BOTAN_DLL Channel void update(class Finished* client_finished, class Finished* server_finished); - const MemoryVector<byte>& for_client_hello() const + const std::vector<byte>& for_client_hello() const { return client_verify; } - MemoryVector<byte> for_server_hello() const + std::vector<byte> for_server_hello() const { - MemoryVector<byte> buf = client_verify; + std::vector<byte> buf = client_verify; buf += server_verify; return buf; } @@ -137,7 +137,7 @@ class BOTAN_DLL Channel private: bool initial_handshake; bool secure_renegotiation; - MemoryVector<byte> client_verify, server_verify; + std::vector<byte> client_verify, server_verify; }; Secure_Renegotiation_State secure_renegotiation; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index dd17db2cf..feb9ef85f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -141,7 +141,7 @@ void Client::alert_notify(const Alert& alert) * Process a handshake message */ void Client::process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) + const std::vector<byte>& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from server"); @@ -446,9 +446,9 @@ void Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->client_finished, state->server_finished); - MemoryVector<byte> session_id = state->server_hello->session_id(); + std::vector<byte> session_id = state->server_hello->session_id(); - const MemoryRegion<byte>& session_ticket = state->session_ticket(); + const std::vector<byte>& session_ticket = state->session_ticket(); if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng); diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 297c5f611..2844780bd 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -56,7 +56,7 @@ class BOTAN_DLL Client : public Channel void renegotiate(bool force_full_renegotiation); private: void process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents); + const std::vector<byte>& contents) override; void alert_notify(const Alert& alert); diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 6d69bfb9b..0f4e3176e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -81,9 +81,9 @@ Extensions::Extensions(TLS_Data_Reader& reader) } } -MemoryVector<byte> Extensions::serialize() const +std::vector<byte> Extensions::serialize() const { - MemoryVector<byte> buf(2); // 2 bytes for length field + std::vector<byte> buf(2); // 2 bytes for length field for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin(); i != extensions.end(); ++i) @@ -93,7 +93,7 @@ MemoryVector<byte> Extensions::serialize() const const u16bit extn_code = i->second->type(); - MemoryVector<byte> extn_val = i->second->serialize(); + std::vector<byte> extn_val = i->second->serialize(); buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); @@ -111,7 +111,7 @@ MemoryVector<byte> Extensions::serialize() const // avoid sending a completely empty extensions block if(buf.size() == 2) - return MemoryVector<byte>(); + return std::vector<byte>(); return buf; } @@ -159,9 +159,9 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, } } -MemoryVector<byte> Server_Name_Indicator::serialize() const +std::vector<byte> Server_Name_Indicator::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; size_t name_len = sni_host_name.size(); @@ -188,9 +188,9 @@ SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for SRP identifier extension"); } -MemoryVector<byte> SRP_Identifier::serialize() const +std::vector<byte> SRP_Identifier::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; const byte* srp_bytes = reinterpret_cast<const byte*>(srp_identifier.data()); @@ -209,9 +209,9 @@ Renegotation_Extension::Renegotation_Extension(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for secure renegotiation extn"); } -MemoryVector<byte> Renegotation_Extension::serialize() const +std::vector<byte> Renegotation_Extension::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; append_tls_length_value(buf, reneg_data, 1); return buf; } @@ -279,9 +279,9 @@ Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader, } } -MemoryVector<byte> Next_Protocol_Notification::serialize() const +std::vector<byte> Next_Protocol_Notification::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; for(size_t i = 0; i != m_protocols.size(); ++i) { @@ -356,9 +356,9 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) throw Invalid_Argument("name_to_curve_id unknown name " + name); } -MemoryVector<byte> Supported_Elliptic_Curves::serialize() const +std::vector<byte> Supported_Elliptic_Curves::serialize() const { - MemoryVector<byte> buf(2); + std::vector<byte> buf(2); for(size_t i = 0; i != m_curves.size(); ++i) { @@ -466,9 +466,9 @@ byte Signature_Algorithms::sig_algo_code(const std::string& name) throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); } -MemoryVector<byte> Signature_Algorithms::serialize() const +std::vector<byte> Signature_Algorithms::serialize() const { - MemoryVector<byte> buf(2); + std::vector<byte> buf(2); for(size_t i = 0; i != m_supported_algos.size(); ++i) { @@ -516,7 +516,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size) { - m_ticket = reader.get_elem<byte, MemoryVector<byte> >(extension_size); + m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size); } } diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index 3fe3f7399..885851c95 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -49,7 +49,7 @@ class Extension public: virtual Handshake_Extension_Type type() const = 0; - virtual MemoryVector<byte> serialize() const = 0; + virtual std::vector<byte> serialize() const = 0; virtual bool empty() const = 0; @@ -75,7 +75,7 @@ class Server_Name_Indicator : public Extension std::string host_name() const { return sni_host_name; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return sni_host_name == ""; } private: @@ -101,7 +101,7 @@ class SRP_Identifier : public Extension std::string identifier() const { return srp_identifier; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return srp_identifier == ""; } private: @@ -121,20 +121,20 @@ class Renegotation_Extension : public Extension Renegotation_Extension() {} - Renegotation_Extension(const MemoryRegion<byte>& bits) : + Renegotation_Extension(const std::vector<byte>& bits) : reneg_data(bits) {} Renegotation_Extension(TLS_Data_Reader& reader, u16bit extension_size); - const MemoryVector<byte>& renegotiation_info() const + const std::vector<byte>& renegotiation_info() const { return reneg_data; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } // always send this private: - MemoryVector<byte> reneg_data; + std::vector<byte> reneg_data; }; /** @@ -152,9 +152,9 @@ class Maximum_Fragment_Length : public Extension size_t fragment_size() const; - MemoryVector<byte> serialize() const + std::vector<byte> serialize() const { - return MemoryVector<byte>(&val, 1); + return std::vector<byte>(1, val); } /** @@ -204,7 +204,7 @@ class Next_Protocol_Notification : public Extension Next_Protocol_Notification(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } private: @@ -219,7 +219,7 @@ class Session_Ticket : public Extension Handshake_Extension_Type type() const { return static_type(); } - const MemoryVector<byte>& contents() const { return m_ticket; } + const std::vector<byte>& contents() const { return m_ticket; } /** * Create empty extension, used by both client and server @@ -229,7 +229,7 @@ class Session_Ticket : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const MemoryRegion<byte>& session_ticket) : + Session_Ticket(const std::vector<byte>& session_ticket) : m_ticket(session_ticket) {} /** @@ -237,11 +237,11 @@ class Session_Ticket : public Extension */ Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector<byte> serialize() const { return m_ticket; } + std::vector<byte> serialize() const { return m_ticket; } bool empty() const { return false; } private: - MemoryVector<byte> m_ticket; + std::vector<byte> m_ticket; }; /** @@ -260,7 +260,7 @@ class Supported_Elliptic_Curves : public Extension const std::vector<std::string>& curves() const { return m_curves; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Supported_Elliptic_Curves(const std::vector<std::string>& curves) : m_curves(curves) {} @@ -296,7 +296,7 @@ class Signature_Algorithms : public Extension return m_supported_algos; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } @@ -322,7 +322,7 @@ class Heartbeat_Support_Indicator : public Extension bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } @@ -360,7 +360,7 @@ class Extensions extensions[extn->type()] = extn; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Extensions() {} diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 02516632e..df956e7bb 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { void Handshake_Hash::update(Handshake_Type handshake_type, - const MemoryRegion<byte>& handshake_msg) + const std::vector<byte>& handshake_msg) { update(static_cast<byte>(handshake_type)); @@ -30,7 +30,7 @@ void Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector<byte> Handshake_Hash::final(Protocol_Version version, +secure_vector<byte> Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -59,7 +59,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version, /** * Return a SSLv3 Handshake Hash */ -SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) +secure_vector<byte> Handshake_Hash::final_ssl3(const secure_vector<byte>& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -79,7 +79,7 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) for(size_t i = 0; i != 40; ++i) sha1->update(PAD_INNER); - SecureVector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final(); + secure_vector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final(); md5->update(secret); sha1->update(secret); @@ -92,7 +92,7 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) md5->update(inner_md5); sha1->update(inner_sha1); - SecureVector<byte> output; + secure_vector<byte> output; output += md5->final(); output += sha1->final(); return output; diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index c13f97aa8..02943977f 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -27,25 +27,28 @@ class Handshake_Hash void update(const byte in[], size_t length) { data += std::make_pair(in, length); } - void update(const MemoryRegion<byte>& in) + void update(const secure_vector<byte>& in) + { data += in; } + + void update(const std::vector<byte>& in) { data += in; } void update(byte in) { data.push_back(in); } void update(Handshake_Type handshake_type, - const MemoryRegion<byte>& handshake_msg); + const std::vector<byte>& handshake_msg); - SecureVector<byte> final(Protocol_Version version, + secure_vector<byte> final(Protocol_Version version, const std::string& mac_algo); - SecureVector<byte> final_ssl3(const MemoryRegion<byte>& master_secret); + secure_vector<byte> final_ssl3(const secure_vector<byte>& master_secret); - const SecureVector<byte>& get_contents() const + const secure_vector<byte>& get_contents() const { return data; } private: - SecureVector<byte> data; + secure_vector<byte> data; }; } diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp index 8278a2296..a3fe48f71 100644 --- a/src/tls/tls_handshake_reader.cpp +++ b/src/tls/tls_handshake_reader.cpp @@ -38,7 +38,7 @@ bool Stream_Handshake_Reader::have_full_record() const return false; } -std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next_record() +std::pair<Handshake_Type, std::vector<byte> > Stream_Handshake_Reader::get_next_record() { if(m_queue.size() >= 4) { @@ -50,7 +50,7 @@ std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next if(m_queue.size() >= length + 4) { Handshake_Type type = static_cast<Handshake_Type>(head[0]); - MemoryVector<byte> contents(length); + std::vector<byte> contents(length); m_queue.read(head, 4); // discard m_queue.read(&contents[0], contents.size()); diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h index 06a273ced..618e1878a 100644 --- a/src/tls/tls_handshake_reader.h +++ b/src/tls/tls_handshake_reader.h @@ -29,7 +29,7 @@ class Handshake_Reader virtual bool have_full_record() const = 0; - virtual std::pair<Handshake_Type, MemoryVector<byte> > get_next_record() = 0; + virtual std::pair<Handshake_Type, std::vector<byte> > get_next_record() = 0; virtual ~Handshake_Reader() {} }; @@ -46,7 +46,7 @@ class Stream_Handshake_Reader : public Handshake_Reader bool have_full_record() const; - std::pair<Handshake_Type, MemoryVector<byte> > get_next_record(); + std::pair<Handshake_Type, std::vector<byte> > get_next_record(); private: SecureQueue m_queue; }; diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index f5a9f899c..b8f3125c8 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -154,7 +154,7 @@ std::string Handshake_State::srp_identifier() const return ""; } -const MemoryRegion<byte>& Handshake_State::session_ticket() const +const std::vector<byte>& Handshake_State::session_ticket() const { if(new_session_ticket && !new_session_ticket->ticket().empty()) return new_session_ticket->ticket(); diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 364c715f8..ef8b4ee8f 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -37,7 +37,7 @@ class Handshake_State void confirm_transition_to(Handshake_Type handshake_msg); void set_expected_next(Handshake_Type handshake_msg); - const MemoryRegion<byte>& session_ticket() const; + const std::vector<byte>& session_ticket() const; std::pair<std::string, Signature_Format> understand_sig_format(const Public_Key* key, @@ -86,7 +86,7 @@ class Handshake_State /* * Only used by clients for session resumption */ - SecureVector<byte> resume_master_secret; + secure_vector<byte> resume_master_secret; /* * diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index 059772d34..8c129858e 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace TLS { -Heartbeat_Message::Heartbeat_Message(const MemoryRegion<byte>& buf) +Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf) { TLS_Data_Reader reader(buf); @@ -35,13 +35,13 @@ Heartbeat_Message::Heartbeat_Message(Type type, const byte payload[], size_t payload_len) : m_type(type), - m_payload(payload, payload_len) + m_payload(payload, payload + payload_len) { } -MemoryVector<byte> Heartbeat_Message::contents() const +std::vector<byte> Heartbeat_Message::contents() const { - MemoryVector<byte> send_buf(3 + m_payload.size() + 16); + std::vector<byte> send_buf(3 + m_payload.size() + 16); send_buf[0] = m_type; send_buf[1] = get_byte<u16bit>(0, m_payload.size()); send_buf[2] = get_byte<u16bit>(1, m_payload.size()); @@ -51,9 +51,9 @@ MemoryVector<byte> Heartbeat_Message::contents() const return send_buf; } -MemoryVector<byte> Heartbeat_Support_Indicator::serialize() const +std::vector<byte> Heartbeat_Support_Indicator::serialize() const { - MemoryVector<byte> heartbeat(1); + std::vector<byte> heartbeat(1); heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); return heartbeat; } diff --git a/src/tls/tls_heartbeats.h b/src/tls/tls_heartbeats.h index 4fa49501b..f3cc9ec68 100644 --- a/src/tls/tls_heartbeats.h +++ b/src/tls/tls_heartbeats.h @@ -19,18 +19,18 @@ class Heartbeat_Message public: enum Type { REQUEST = 1, RESPONSE = 2 }; - MemoryVector<byte> contents() const; + std::vector<byte> contents() const; - const MemoryRegion<byte>& payload() const { return m_payload; } + const std::vector<byte>& payload() const { return m_payload; } bool is_request() const { return m_type == REQUEST; } - Heartbeat_Message(const MemoryRegion<byte>& buf); + Heartbeat_Message(const std::vector<byte>& buf); Heartbeat_Message(Type type, const byte payload[], size_t payload_len); private: Type m_type; - MemoryVector<byte> m_payload; + std::vector<byte> m_payload; }; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index d9146dda1..e3bdaa6a0 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -34,7 +34,7 @@ class Record_Reader; class Handshake_Message { public: - virtual MemoryVector<byte> serialize() const = 0; + virtual std::vector<byte> serialize() const = 0; virtual Handshake_Type type() const = 0; Handshake_Message() {} @@ -44,7 +44,7 @@ class Handshake_Message Handshake_Message& operator=(const Handshake_Message&) { return (*this); } }; -MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng); +std::vector<byte> make_hello_random(RandomNumberGenerator& rng); /** * DTLS Hello Verify Request @@ -52,18 +52,18 @@ MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng); class Hello_Verify_Request : public Handshake_Message { public: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Handshake_Type type() const { return HELLO_VERIFY_REQUEST; } - MemoryVector<byte> cookie() const { return m_cookie; } + std::vector<byte> cookie() const { return m_cookie; } - Hello_Verify_Request(const MemoryRegion<byte>& buf); + Hello_Verify_Request(const std::vector<byte>& buf); - Hello_Verify_Request(const MemoryVector<byte>& client_hello_bits, + Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key); private: - MemoryVector<byte> m_cookie; + std::vector<byte> m_cookie; }; /** @@ -76,7 +76,7 @@ class Client_Hello : public Handshake_Message Protocol_Version version() const { return m_version; } - const MemoryVector<byte>& session_id() const { return m_session_id; } + const std::vector<byte>& session_id() const { return m_session_id; } const std::vector<std::pair<std::string, std::string> >& supported_algos() const { return m_supported_algos; } @@ -87,7 +87,7 @@ class Client_Hello : public Handshake_Message std::vector<u16bit> ciphersuites() const { return m_suites; } std::vector<byte> compression_methods() const { return m_comp_methods; } - const MemoryVector<byte>& random() const { return m_random; } + const std::vector<byte>& random() const { return m_random; } std::string sni_hostname() const { return m_hostname; } @@ -95,7 +95,7 @@ class Client_Hello : public Handshake_Message bool secure_renegotiation() const { return m_secure_renegotiation; } - const MemoryVector<byte>& renegotiation_info() + const std::vector<byte>& renegotiation_info() { return m_renegotiation_info; } bool offered_suite(u16bit ciphersuite) const; @@ -106,7 +106,7 @@ class Client_Hello : public Handshake_Message bool supports_session_ticket() const { return m_supports_session_ticket; } - const MemoryRegion<byte>& session_ticket() const + const std::vector<byte>& session_ticket() const { return m_session_ticket; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -117,7 +117,7 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool next_protocol = false, const std::string& hostname = "", const std::string& srp_identifier = ""); @@ -126,20 +126,20 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, const Session& resumed_session, bool next_protocol = false); - Client_Hello(const MemoryRegion<byte>& buf, + Client_Hello(const std::vector<byte>& buf, Handshake_Type type); private: - MemoryVector<byte> serialize() const; - void deserialize(const MemoryRegion<byte>& buf); - void deserialize_sslv2(const MemoryRegion<byte>& buf); + std::vector<byte> serialize() const; + void deserialize(const std::vector<byte>& buf); + void deserialize_sslv2(const std::vector<byte>& buf); Protocol_Version m_version; - MemoryVector<byte> m_session_id, m_random; + std::vector<byte> m_session_id, m_random; std::vector<u16bit> m_suites; std::vector<byte> m_comp_methods; std::string m_hostname; @@ -148,13 +148,13 @@ class Client_Hello : public Handshake_Message size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector<byte> m_renegotiation_info; + std::vector<byte> m_renegotiation_info; std::vector<std::pair<std::string, std::string> > m_supported_algos; std::vector<std::string> m_supported_curves; bool m_supports_session_ticket; - MemoryVector<byte> m_session_ticket; + std::vector<byte> m_session_ticket; bool m_supports_heartbeats; bool m_peer_can_send_heartbeats; @@ -170,9 +170,9 @@ class Server_Hello : public Handshake_Message Protocol_Version version() { return m_version; } - const MemoryVector<byte>& random() const { return m_random; } + const std::vector<byte>& random() const { return m_random; } - const MemoryVector<byte>& session_id() const { return m_session_id; } + const std::vector<byte>& session_id() const { return m_session_id; } u16bit ciphersuite() const { return m_ciphersuite; } @@ -189,7 +189,7 @@ class Server_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } - const MemoryVector<byte>& renegotiation_info() + const std::vector<byte>& renegotiation_info() { return m_renegotiation_info; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -198,31 +198,31 @@ class Server_Hello : public Handshake_Message Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& session_id, + const std::vector<byte>& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector<std::string>& next_protocols, bool client_has_heartbeat, RandomNumberGenerator& rng); - Server_Hello(const MemoryRegion<byte>& buf); + Server_Hello(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Protocol_Version m_version; - MemoryVector<byte> m_session_id, m_random; + std::vector<byte> m_session_id, m_random; u16bit m_ciphersuite; byte m_comp_method; size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector<byte> m_renegotiation_info; + std::vector<byte> m_renegotiation_info; bool m_next_protocol; std::vector<std::string> m_next_protocols; @@ -240,7 +240,7 @@ class Client_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return CLIENT_KEX; } - const SecureVector<byte>& pre_master_secret() const + const secure_vector<byte>& pre_master_secret() const { return pre_master; } Client_Key_Exchange(Record_Writer& output, @@ -250,16 +250,17 @@ class Client_Key_Exchange : public Handshake_Message const std::string& hostname, RandomNumberGenerator& rng); - Client_Key_Exchange(const MemoryRegion<byte>& buf, + Client_Key_Exchange(const std::vector<byte>& buf, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng); private: - MemoryVector<byte> serialize() const { return key_material; } + std::vector<byte> serialize() const { return key_material; } - SecureVector<byte> key_material, pre_master; + std::vector<byte> key_material; + secure_vector<byte> pre_master; }; /** @@ -278,9 +279,9 @@ class Certificate : public Handshake_Message Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); - Certificate(const MemoryRegion<byte>& buf); + Certificate(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::vector<X509_Certificate> m_certs; }; @@ -307,10 +308,10 @@ class Certificate_Req : public Handshake_Message const std::vector<X509_Certificate>& allowed_cas, Protocol_Version version); - Certificate_Req(const MemoryRegion<byte>& buf, + Certificate_Req(const std::vector<byte>& buf, Protocol_Version version); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::vector<X509_DN> names; std::vector<std::string> cert_key_types; @@ -339,14 +340,14 @@ class Certificate_Verify : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* key); - Certificate_Verify(const MemoryRegion<byte>& buf, + Certificate_Verify(const std::vector<byte>& buf, Protocol_Version version); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::string sig_algo; // sig algo used to create signature std::string hash_algo; // hash used to create signature - MemoryVector<byte> signature; + std::vector<byte> signature; }; /** @@ -357,7 +358,7 @@ class Finished : public Handshake_Message public: Handshake_Type type() const { return FINISHED; } - MemoryVector<byte> verify_data() const + std::vector<byte> verify_data() const { return verification_data; } bool verify(Handshake_State* state, @@ -367,12 +368,12 @@ class Finished : public Handshake_Message Handshake_State* state, Connection_Side side); - Finished(const MemoryRegion<byte>& buf); + Finished(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Connection_Side side; - MemoryVector<byte> verification_data; + std::vector<byte> verification_data; }; /** @@ -384,9 +385,9 @@ class Hello_Request : public Handshake_Message Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer& writer); - Hello_Request(const MemoryRegion<byte>& buf); + Hello_Request(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; }; /** @@ -397,7 +398,7 @@ class Server_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return SERVER_KEX; } - const MemoryVector<byte>& params() const { return m_params; } + const std::vector<byte>& params() const { return m_params; } bool verify(const X509_Certificate& cert, Handshake_State* state) const; @@ -415,23 +416,23 @@ class Server_Key_Exchange : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* signing_key = 0); - Server_Key_Exchange(const MemoryRegion<byte>& buf, + Server_Key_Exchange(const std::vector<byte>& buf, const std::string& kex_alg, const std::string& sig_alg, Protocol_Version version); ~Server_Key_Exchange(); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Private_Key* m_kex_key; SRP6_Server_Session* m_srp_params; - MemoryVector<byte> m_params; + std::vector<byte> m_params; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - MemoryVector<byte> m_signature; + std::vector<byte> m_signature; }; /** @@ -443,9 +444,9 @@ class Server_Hello_Done : public Handshake_Message Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); - Server_Hello_Done(const MemoryRegion<byte>& buf); + Server_Hello_Done(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; }; /** @@ -462,9 +463,9 @@ class Next_Protocol : public Handshake_Message Handshake_Hash& hash, const std::string& protocol); - Next_Protocol(const MemoryRegion<byte>& buf); + Next_Protocol(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::string m_protocol; }; @@ -475,22 +476,22 @@ class New_Session_Ticket : public Handshake_Message Handshake_Type type() const { return NEW_SESSION_TICKET; } u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } - const MemoryVector<byte>& ticket() const { return m_ticket; } + const std::vector<byte>& ticket() const { return m_ticket; } New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, u32bit lifetime); New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash); - New_Session_Ticket(const MemoryRegion<byte>& buf); + New_Session_Ticket(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; u32bit m_ticket_lifetime_hint; - MemoryVector<byte> m_ticket; + std::vector<byte> m_ticket; }; } diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index bf8098bed..7440e16b7 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -25,7 +25,7 @@ namespace TLS { class TLS_Data_Reader { public: - TLS_Data_Reader(const MemoryRegion<byte>& buf_in) : + TLS_Data_Reader(const std::vector<byte>& buf_in) : buf(buf_in), offset(0) {} void assert_done() const @@ -91,14 +91,14 @@ class TLS_Data_Reader } template<typename T> - SecureVector<T> get_range(size_t len_bytes, + std::vector<T> get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); - return get_elem<T, SecureVector<T> >(num_elems); + return get_elem<T, std::vector<T> >(num_elems); } template<typename T> @@ -123,9 +123,9 @@ class TLS_Data_Reader } template<typename T> - SecureVector<T> get_fixed(size_t size) + std::vector<T> get_fixed(size_t size) { - return get_elem<T, SecureVector<T> >(size); + return get_elem<T, std::vector<T> >(size); } private: @@ -169,15 +169,15 @@ class TLS_Data_Reader } } - const MemoryRegion<byte>& buf; + const std::vector<byte>& buf; size_t offset; }; /** * Helper function for encoding length-tagged vectors */ -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, +template<typename T, typename Alloc> +void append_tls_length_value(std::vector<byte, Alloc>& buf, const T* vals, size_t vals_size, size_t tag_size) @@ -200,26 +200,19 @@ void append_tls_length_value(MemoryRegion<byte>& buf, buf.push_back(get_byte(j, vals[i])); } -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, - const MemoryRegion<T>& vals, +template<typename T, typename Alloc, typename Alloc2> +void append_tls_length_value(std::vector<byte, Alloc>& buf, + const std::vector<T, Alloc2>& vals, size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, - const std::vector<T>& vals, +template<typename Alloc> +void append_tls_length_value(std::vector<byte, Alloc>& buf, + const std::string& str, size_t tag_size) { - append_tls_length_value(buf, &vals[0], vals.size(), tag_size); - } - -inline void append_tls_length_value(MemoryRegion<byte>& buf, - const std::string& str, - size_t tag_size) - { append_tls_length_value(buf, reinterpret_cast<const byte*>(&str[0]), str.size(), diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 3b44ee1c6..a92dcbe9d 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -33,10 +33,10 @@ class BOTAN_DLL Record_Writer void send(byte type, const byte input[], size_t length); void send(byte type, byte val) { send(type, &val, 1); } - void send(byte type, const MemoryRegion<byte>& input) + void send(byte type, const std::vector<byte>& input) { send(type, &input[0], input.size()); } - MemoryVector<byte> send(class Handshake_Message& msg); + std::vector<byte> send(class Handshake_Message& msg); void send_alert(const Alert& alert); @@ -62,7 +62,7 @@ class BOTAN_DLL Record_Writer std::function<void (const byte[], size_t)> m_output_fn; - MemoryVector<byte> m_writebuf; + std::vector<byte> m_writebuf; Pipe m_cipher; MessageAuthenticationCode* m_mac; @@ -93,7 +93,7 @@ class BOTAN_DLL Record_Reader size_t add_input(const byte input[], size_t input_size, size_t& input_consumed, byte& msg_type, - MemoryVector<byte>& msg); + std::vector<byte>& msg); void activate(Connection_Side side, const Ciphersuite& suite, @@ -118,8 +118,8 @@ class BOTAN_DLL Record_Reader size_t& input_consumed, size_t desired); - MemoryVector<byte> m_readbuf; - MemoryVector<byte> m_macbuf; + std::vector<byte> m_readbuf; + std::vector<byte> m_macbuf; size_t m_readbuf_pos; Pipe m_cipher; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1e8c73ec3..7c2c4d323 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -24,8 +24,8 @@ bool check_for_resume(Session& session_info, Client_Hello* client_hello, std::chrono::seconds session_ticket_lifetime) { - const MemoryVector<byte>& client_session_id = client_hello->session_id(); - const MemoryVector<byte>& session_ticket = client_hello->session_ticket(); + const std::vector<byte>& client_session_id = client_hello->session_id(); + const std::vector<byte>& session_ticket = client_hello->session_ticket(); if(session_ticket.empty()) { @@ -232,7 +232,7 @@ void Server::alert_notify(const Alert& alert) * Split up and process handshake messages */ void Server::read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf) + const std::vector<byte>& rec_buf) { if(rec_type == HANDSHAKE && !state) { @@ -247,7 +247,7 @@ void Server::read_handshake(byte rec_type, * Process a handshake message */ void Server::process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) + const std::vector<byte>& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from client"); @@ -396,7 +396,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - rng.random_vec(32), // new session ID + unlock(rng.random_vec(32)), // new session ID state->version(), choose_ciphersuite(policy, creds, cert_chains, state->client_hello), choose_compression(policy, state->client_hello->compression_methods()), @@ -569,7 +569,7 @@ void Server::process_handshake_msg(Handshake_Type type, secure_renegotiation.supported(), state->server_hello->fragment_size(), peer_certs, - MemoryVector<byte>(), + std::vector<byte>(), m_hostname, state->srp_identifier() ); diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 684021ebc..441e03eb2 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -51,9 +51,9 @@ class BOTAN_DLL Server : public Channel { return m_next_protocol; } private: - void read_handshake(byte, const MemoryRegion<byte>&); + void read_handshake(byte, const std::vector<byte>&); - void process_handshake_msg(Handshake_Type, const MemoryRegion<byte>&); + void process_handshake_msg(Handshake_Type, const std::vector<byte>&); void alert_notify(const Alert& alert); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index dac38e67b..d2aae9a7e 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -18,8 +18,8 @@ namespace Botan { namespace TLS { -Session::Session(const MemoryRegion<byte>& session_identifier, - const MemoryRegion<byte>& master_secret, +Session::Session(const std::vector<byte>& session_identifier, + const secure_vector<byte>& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, bool secure_renegotiation_supported, size_t fragment_size, const std::vector<X509_Certificate>& certs, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : m_start_time(std::chrono::system_clock::now()), @@ -48,7 +48,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, Session::Session(const std::string& pem) { - SecureVector<byte> der = PEM_Code::decode_check_label(pem, "SSL SESSION"); + secure_vector<byte> der = PEM_Code::decode_check_label(pem, "SSL SESSION"); *this = Session(&der[0], der.size()); } @@ -61,7 +61,7 @@ Session::Session(const byte ber[], size_t ber_len) byte major_version = 0, minor_version = 0; - MemoryVector<byte> peer_cert_bits; + std::vector<byte> peer_cert_bits; size_t start_time = 0; @@ -94,16 +94,16 @@ Session::Session(const byte ber[], size_t ber_len) if(!peer_cert_bits.empty()) { - DataSource_Memory certs(peer_cert_bits); + DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size()); while(!certs.end_of_data()) m_peer_certs.push_back(X509_Certificate(certs)); } } -SecureVector<byte> Session::DER_encode() const +secure_vector<byte> Session::DER_encode() const { - MemoryVector<byte> peer_cert_bits; + std::vector<byte> peer_cert_bits; for(size_t i = 0; i != m_peer_certs.size(); ++i) peer_cert_bits += m_peer_certs[i].BER_encode(); @@ -154,7 +154,7 @@ const size_t MAC_OUTPUT_LENGTH = 32; } -MemoryVector<byte> +std::vector<byte> Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { @@ -177,9 +177,9 @@ Session::encrypt(const SymmetricKey& master_key, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); pipe.process_msg(this->DER_encode()); - MemoryVector<byte> ctext = pipe.read_all(0); + secure_vector<byte> ctext = pipe.read_all(0); - MemoryVector<byte> out(MAGIC_LENGTH); + std::vector<byte> out(MAGIC_LENGTH); store_be(SESSION_CRYPTO_MAGIC, &out[0]); out += cipher_iv.bits_of(); out += ctext; @@ -217,7 +217,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); - MemoryVector<byte> computed_mac = mac->final(); + secure_vector<byte> computed_mac = mac->final(); if(!same_mem(&buf[buf_len - MAC_OUTPUT_LENGTH], &computed_mac[0], computed_mac.size())) throw Decoding_Error("MAC verification failed for encrypted session"); @@ -234,7 +234,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, DECRYPTION)); pipe.process_msg(&buf[CTEXT_OFFSET], buf_len - (MAC_OUTPUT_LENGTH + CTEXT_OFFSET)); - SecureVector<byte> ber = pipe.read_all(); + secure_vector<byte> ber = pipe.read_all(); return Session(&ber[0], ber.size()); } diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index a2b341a30..2c474bc6a 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -43,8 +43,8 @@ class BOTAN_DLL Session /** * New session (sets session start time) */ - Session(const MemoryRegion<byte>& session_id, - const MemoryRegion<byte>& master_secret, + Session(const std::vector<byte>& session_id, + const secure_vector<byte>& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -52,7 +52,7 @@ class BOTAN_DLL Session bool secure_renegotiation_supported, size_t fragment_size, const std::vector<X509_Certificate>& peer_certs, - const MemoryRegion<byte>& session_ticket, + const std::vector<byte>& session_ticket, const std::string& sni_hostname = "", const std::string& srp_identifier = ""); @@ -71,12 +71,12 @@ class BOTAN_DLL Session * @warning if the master secret is compromised so is the * session traffic */ - SecureVector<byte> DER_encode() const; + secure_vector<byte> DER_encode() const; /** * Encrypt a session (useful for serialization or session tickets) */ - MemoryVector<byte> encrypt(const SymmetricKey& key, + std::vector<byte> encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const; @@ -95,7 +95,7 @@ class BOTAN_DLL Session * @param ctext the ciphertext returned by encrypt * @param key the same key used by the encrypting side */ - static inline Session decrypt(const MemoryRegion<byte>& ctext, + static inline Session decrypt(const std::vector<byte>& ctext, const SymmetricKey& key) { return Session::decrypt(&ctext[0], ctext.size(), key); @@ -147,13 +147,13 @@ class BOTAN_DLL Session /** * Get the saved master secret */ - const SecureVector<byte>& master_secret() const + const secure_vector<byte>& master_secret() const { return m_master_secret; } /** * Get the session identifier */ - const MemoryVector<byte>& session_id() const + const std::vector<byte>& session_id() const { return m_identifier; } /** @@ -186,16 +186,16 @@ class BOTAN_DLL Session /** * Return the session ticket the server gave us */ - const MemoryVector<byte>& session_ticket() const { return m_session_ticket; } + const std::vector<byte>& session_ticket() const { return m_session_ticket; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; std::chrono::system_clock::time_point m_start_time; - MemoryVector<byte> m_identifier; - MemoryVector<byte> m_session_ticket; // only used by client side - SecureVector<byte> m_master_secret; + std::vector<byte> m_identifier; + std::vector<byte> m_session_ticket; // only used by client side + secure_vector<byte> m_master_secret; Protocol_Version m_version; u16bit m_ciphersuite; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 4d7603ce1..0cd74a63a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -19,7 +19,7 @@ namespace TLS { * Session_Keys Constructor */ Session_Keys::Session_Keys(Handshake_State* state, - const MemoryRegion<byte>& pre_master_secret, + const secure_vector<byte>& pre_master_secret, bool resuming) { const size_t mac_keylen = output_length_of(state->suite.mac_algo()); @@ -45,7 +45,7 @@ Session_Keys::Session_Keys(Handshake_State* state, } else { - SecureVector<byte> salt; + secure_vector<byte> salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); @@ -56,7 +56,7 @@ Session_Keys::Session_Keys(Handshake_State* state, master_sec = prf->derive_key(48, pre_master_secret, salt); } - SecureVector<byte> salt; + secure_vector<byte> salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello->random(); diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 25de56aea..0021694e3 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -31,16 +31,16 @@ class Session_Keys InitializationVector client_iv() const { return c_iv; } InitializationVector server_iv() const { return s_iv; } - const SecureVector<byte>& master_secret() const { return master_sec; } + const secure_vector<byte>& master_secret() const { return master_sec; } Session_Keys() {} Session_Keys(class Handshake_State* state, - const MemoryRegion<byte>& pre_master, + const secure_vector<byte>& pre_master, bool resuming); private: - SecureVector<byte> master_sec; + secure_vector<byte> master_sec; SymmetricKey c_cipher, s_cipher, c_mac, s_mac; InitializationVector c_iv, s_iv; }; diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index d103df35f..72eb83c21 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -37,7 +37,7 @@ bool Session_Manager_In_Memory::load_from_session_str( } bool Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion<byte>& session_id, Session& session) + const std::vector<byte>& session_id, Session& session) { std::lock_guard<std::mutex> lock(m_mutex); @@ -69,7 +69,7 @@ bool Session_Manager_In_Memory::load_from_host_info( } void Session_Manager_In_Memory::remove_entry( - const MemoryRegion<byte>& session_id) + const std::vector<byte>& session_id) { std::lock_guard<std::mutex> lock(m_mutex); diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 84d51406d..fa1ecae39 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager or not modified if not found * @return true if session was modified */ - virtual bool load_from_session_id(const MemoryRegion<byte>& session_id, + virtual bool load_from_session_id(const std::vector<byte>& session_id, Session& session) = 0; /** @@ -53,7 +53,7 @@ class BOTAN_DLL Session_Manager /** * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const MemoryRegion<byte>& session_id) = 0; + virtual void remove_entry(const std::vector<byte>& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -94,13 +94,13 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager m_session_lifetime(session_lifetime) {} - bool load_from_session_id(const MemoryRegion<byte>& session_id, + bool load_from_session_id(const std::vector<byte>& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion<byte>& session_id); + void remove_entry(const std::vector<byte>& session_id); void save(const Session& session_data); diff --git a/src/utils/datastor/datastor.cpp b/src/utils/datastor/datastor.cpp index 363136c69..d65b3f1ac 100644 --- a/src/utils/datastor/datastor.cpp +++ b/src/utils/datastor/datastor.cpp @@ -72,21 +72,21 @@ std::string Data_Store::get1(const std::string& key) const } /* -* Get a single MemoryVector atom +* Get a single std::vector atom */ -MemoryVector<byte> +std::vector<byte> Data_Store::get1_memvec(const std::string& key) const { std::vector<std::string> vals = get(key); if(vals.empty()) - return MemoryVector<byte>(); + return std::vector<byte>(); if(vals.size() > 1) throw Invalid_State("Data_Store::get1_memvec: Multiple values for " + key); - return hex_decode(vals[0]); + return unlock(hex_decode(vals[0])); } /* @@ -125,7 +125,12 @@ void Data_Store::add(const std::string& key, u32bit val) /* * Insert a single key and value */ -void Data_Store::add(const std::string& key, const MemoryRegion<byte>& val) +void Data_Store::add(const std::string& key, const secure_vector<byte>& val) + { + add(key, hex_encode(&val[0], val.size())); + } + +void Data_Store::add(const std::string& key, const std::vector<byte>& val) { add(key, hex_encode(&val[0], val.size())); } diff --git a/src/utils/datastor/datastor.h b/src/utils/datastor/datastor.h index 26a0d418c..b471f85e1 100644 --- a/src/utils/datastor/datastor.h +++ b/src/utils/datastor/datastor.h @@ -35,7 +35,7 @@ class BOTAN_DLL Data_Store std::string get1(const std::string&) const; - MemoryVector<byte> get1_memvec(const std::string&) const; + std::vector<byte> get1_memvec(const std::string&) const; u32bit get1_u32bit(const std::string&, u32bit = 0) const; bool has_value(const std::string&) const; @@ -43,7 +43,8 @@ class BOTAN_DLL Data_Store void add(const std::multimap<std::string, std::string>&); void add(const std::string&, const std::string&); void add(const std::string&, u32bit); - void add(const std::string&, const MemoryRegion<byte>&); + void add(const std::string&, const secure_vector<byte>&); + void add(const std::string&, const std::vector<byte>&); private: std::multimap<std::string, std::string> contents; }; diff --git a/src/utils/xor_buf.h b/src/utils/xor_buf.h index 3c96dea70..b67d84c50 100644 --- a/src/utils/xor_buf.h +++ b/src/utils/xor_buf.h @@ -9,6 +9,7 @@ #define BOTAN_XOR_BUF_H__ #include <botan/types.h> +#include <vector> namespace Botan { @@ -70,6 +71,31 @@ inline void xor_buf(byte out[], out[i] = in[i] ^ in2[i]; } +template<typename Alloc, typename Alloc2> +void xor_buf(std::vector<byte, Alloc>& out, + const std::vector<byte, Alloc2>& in, + size_t n) + { + xor_buf(&out[0], &in[0], n); + } + +template<typename Alloc> +void xor_buf(std::vector<byte, Alloc>& out, + const byte* in, + size_t n) + { + xor_buf(&out[0], in, n); + } + +template<typename Alloc, typename Alloc2> +void xor_buf(std::vector<byte, Alloc>& out, + const byte* in, + const std::vector<byte, Alloc2>& in2, + size_t n) + { + xor_buf(&out[0], &in[0], &in2[0], n); + } + } #endif diff --git a/src/wrap/python/python_botan.h b/src/wrap/python/python_botan.h index ac0a17d7f..03bdd9156 100644 --- a/src/wrap/python/python_botan.h +++ b/src/wrap/python/python_botan.h @@ -34,7 +34,7 @@ inline std::string make_string(const byte input[], u32bit length) return std::string((const char*)input, length); } -inline std::string make_string(const MemoryRegion<byte>& in) +inline std::string make_string(const secure_vector<byte>& in) { return make_string(in.begin(), in.size()); } diff --git a/src/wrap/python/rsa.cpp b/src/wrap/python/rsa.cpp index dc6053503..3ff1edb07 100644 --- a/src/wrap/python/rsa.cpp +++ b/src/wrap/python/rsa.cpp @@ -40,7 +40,7 @@ class Py_RSA_PrivateKey std::string to_ber() const { - SecureVector<byte> bits = PKCS8::BER_encode(*rsa_key); + secure_vector<byte> bits = PKCS8::BER_encode(*rsa_key); return std::string(reinterpret_cast<const char*>(&bits[0]), bits.size()); @@ -140,7 +140,7 @@ class Py_RSA_PublicKey std::string to_ber() const { - SecureVector<byte> bits = X509::BER_encode(*rsa_key); + secure_vector<byte> bits = X509::BER_encode(*rsa_key); return std::string(reinterpret_cast<const char*>(&bits[0]), bits.size()); diff --git a/src/wrap/python/x509.cpp b/src/wrap/python/x509.cpp index 4c248890d..0a29ad83a 100644 --- a/src/wrap/python/x509.cpp +++ b/src/wrap/python/x509.cpp @@ -63,7 +63,7 @@ void export_x509() { vector_to_list<std::string>(); vector_to_list<X509_Certificate>(); - memvec_to_hexstr<MemoryVector<byte> >(); + memvec_to_hexstr<std::vector<byte> >(); python::class_<X509_Certificate> ("X509_Certificate", python::init<std::string>()) |