diff options
| author | Jack Lloyd <[email protected]> | 2019-10-28 06:48:38 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-10-28 06:51:35 -0400 |
| commit | f84a03eaace029270d2d026fc3ecf5ba004f0c89 (patch) | |
| tree | b8d96422275d9686bb56c532c9bdcd2770f3552b /src | |
| parent | dcb621e23a8ff8f1cb24adc681807a52dc6a49b3 (diff) | |
Deprecate DER_Encoder::get_contents_unlocked
It's better to use the version taking the vector in the constructor
as otherwise we store to locked memory then copy out at the end.
Convert all library uses.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/asn1/der_enc.h | 9 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecdh.cpp | 2 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_x509.h | 4 | ||||
| -rw-r--r-- | src/lib/prov/tpm/tpm.cpp | 7 | ||||
| -rw-r--r-- | src/lib/pubkey/pbes2/pbes2.cpp | 11 | ||||
| -rw-r--r-- | src/lib/x509/pkcs10.cpp | 27 | ||||
| -rw-r--r-- | src/tests/test_hash_id.cpp | 4 | ||||
| -rw-r--r-- | src/tests/test_pkcs11_high_level.cpp | 96 | ||||
| -rw-r--r-- | src/tests/unit_x509.cpp | 4 |
9 files changed, 71 insertions, 93 deletions
diff --git a/src/lib/asn1/der_enc.h b/src/lib/asn1/der_enc.h index 135a70d07..fac11ebf2 100644 --- a/src/lib/asn1/der_enc.h +++ b/src/lib/asn1/der_enc.h @@ -52,7 +52,14 @@ class BOTAN_PUBLIC_API(2,0) DER_Encoder final secure_vector<uint8_t> get_contents(); - std::vector<uint8_t> get_contents_unlocked(); + /** + * Return the encoded contents as a std::vector + * + * If using this function, instead pass a std::vector to the + * contructor of DER_Encoder where the output will be placed. This + * avoids several unecessary copies. + */ + std::vector<uint8_t> BOTAN_DEPRECATED("Use DER_Encoder(vector) instead") get_contents_unlocked(); DER_Encoder& start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); diff --git a/src/lib/prov/pkcs11/p11_ecdh.cpp b/src/lib/prov/pkcs11/p11_ecdh.cpp index f6e27e513..32904aef6 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.cpp +++ b/src/lib/prov/pkcs11/p11_ecdh.cpp @@ -55,7 +55,7 @@ class PKCS11_ECDH_KA_Operation final : public PK_Ops::Key_Agreement std::vector<uint8_t> der_encoded_other_key; if(m_key.point_encoding() == PublicPointEncoding::Der) { - der_encoded_other_key = DER_Encoder().encode(other_key, other_key_len, OCTET_STRING).get_contents_unlocked(); + DER_Encoder(der_encoded_other_key).encode(other_key, other_key_len, OCTET_STRING); m_mechanism.set_ecdh_other_key(der_encoded_other_key.data(), der_encoded_other_key.size()); } else diff --git a/src/lib/prov/pkcs11/p11_x509.h b/src/lib/prov/pkcs11/p11_x509.h index ed084e9c1..d3eafbe35 100644 --- a/src/lib/prov/pkcs11/p11_x509.h +++ b/src/lib/prov/pkcs11/p11_x509.h @@ -31,6 +31,10 @@ class BOTAN_PUBLIC_API(2,0) X509_CertificateProperties final : public Certificat */ X509_CertificateProperties(const std::vector<uint8_t>& subject, const std::vector<uint8_t>& value); + X509_CertificateProperties(const X509_Certificate& cert) : + X509_CertificateProperties(cert.raw_subject_dn(), cert.BER_encode()) + {} + /// @param id key identifier for public/private key pair inline void set_id(const std::vector<uint8_t>& id) { diff --git a/src/lib/prov/tpm/tpm.cpp b/src/lib/prov/tpm/tpm.cpp index c77981e55..dec2316b1 100644 --- a/src/lib/prov/tpm/tpm.cpp +++ b/src/lib/prov/tpm/tpm.cpp @@ -352,12 +352,13 @@ AlgorithmIdentifier TPM_PrivateKey::algorithm_identifier() const std::vector<uint8_t> TPM_PrivateKey::public_key_bits() const { - return DER_Encoder() + std::vector<uint8_t> bits; + DER_Encoder(bits) .start_cons(SEQUENCE) .encode(get_n()) .encode(get_e()) - .end_cons() - .get_contents_unlocked(); + .end_cons(); + return bits; } secure_vector<uint8_t> TPM_PrivateKey::private_key_bits() const diff --git a/src/lib/pubkey/pbes2/pbes2.cpp b/src/lib/pubkey/pbes2/pbes2.cpp index d68bf184b..66c621644 100644 --- a/src/lib/pubkey/pbes2/pbes2.cpp +++ b/src/lib/pubkey/pbes2/pbes2.cpp @@ -239,16 +239,14 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits, secure_vector<uint8_t> ctext = key_bits; enc->finish(ctext); - std::vector<uint8_t> pbes2_params; + std::vector<uint8_t> encoded_iv; + DER_Encoder(encoded_iv).encode(iv, OCTET_STRING); + std::vector<uint8_t> pbes2_params; DER_Encoder(pbes2_params) .start_cons(SEQUENCE) .encode(kdf_algo) - .encode( - AlgorithmIdentifier(cipher, - DER_Encoder().encode(iv, OCTET_STRING).get_contents_unlocked() - ) - ) + .encode(AlgorithmIdentifier(cipher, encoded_iv)) .end_cons(); AlgorithmIdentifier id(OID::from_string("PBE-PKCS5v20"), pbes2_params); @@ -256,7 +254,6 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits, return std::make_pair(id, unlock(ctext)); } - } std::pair<AlgorithmIdentifier, std::vector<uint8_t>> diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 5e40cb4c3..d35e8994a 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -80,26 +80,17 @@ PKCS10_Request PKCS10_Request::create(const Private_Key& key, if(challenge.empty() == false) { - ASN1_String challenge_str(challenge, DIRECTORY_STRING); - - tbs_req.encode( - Attribute("PKCS9.ChallengePassword", - DER_Encoder().encode(challenge_str).get_contents_unlocked() - ) - ); + std::vector<uint8_t> value; + DER_Encoder(value).encode(ASN1_String(challenge, DIRECTORY_STRING)); + tbs_req.encode(Attribute("PKCS9.ChallengePassword", value)); } - tbs_req.encode( - Attribute("PKCS9.ExtensionRequest", - DER_Encoder() - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .get_contents_unlocked() - ) - ) - .end_explicit() - .end_cons(); + std::vector<uint8_t> extension_req; + DER_Encoder(extension_req).start_cons(SEQUENCE).encode(extensions).end_cons(); + tbs_req.encode(Attribute("PKCS9.ExtensionRequest", extension_req)); + + // end the start_explicit above + tbs_req.end_explicit().end_cons(); const std::vector<uint8_t> req = X509_Object::make_signed(signer.get(), rng, sig_algo, diff --git a/src/tests/test_hash_id.cpp b/src/tests/test_hash_id.cpp index c82139bc3..47507914e 100644 --- a/src/tests/test_hash_id.cpp +++ b/src/tests/test_hash_id.cpp @@ -55,9 +55,9 @@ class PKCS_HashID_Test final : public Test const Botan::AlgorithmIdentifier alg(oid, Botan::AlgorithmIdentifier::USE_NULL_PARAM); const std::vector<uint8_t> dummy_hash(hash_len); - Botan::DER_Encoder der; + std::vector<uint8_t> bits; + Botan::DER_Encoder der(bits); der.start_cons(Botan::SEQUENCE).encode(alg).encode(dummy_hash, Botan::OCTET_STRING).end_cons(); - const std::vector<uint8_t> bits = der.get_contents_unlocked(); result.test_eq("Dummy hash is expected size", bits.size() - pkcs_id.size(), dummy_hash.size()); diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 994dfbbd3..37e56a0a0 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -489,27 +489,37 @@ Test::Result test_attribute_container() return result; } -#if defined(BOTAN_HAS_ASN1) -Test::Result test_create_destroy_data_object() +DataObjectProperties make_test_object(const std::string& label) { - Test::Result result("Object create/delete data object"); - - TestSession test_session(true); - std::string value_string("test data"); secure_vector<uint8_t> value(value_string.begin(), value_string.end()); std::size_t id = 1337; - std::string label = "Botan test data object"; std::string application = "Botan test application"; + + std::vector<uint8_t> encoded_id; + DER_Encoder(encoded_id).encode(id); + DataObjectProperties data_obj_props; data_obj_props.set_application(application); data_obj_props.set_label(label); data_obj_props.set_value(value); data_obj_props.set_token(true); data_obj_props.set_modifiable(true); - data_obj_props.set_object_id(DER_Encoder().encode(id).get_contents_unlocked()); + data_obj_props.set_object_id(encoded_id); + + return data_obj_props; + } +#if defined(BOTAN_HAS_ASN1) +Test::Result test_create_destroy_data_object() + { + Test::Result result("Object create/delete data object"); + + TestSession test_session(true); + + const std::string label = "Botan test data object"; + auto data_obj_props = make_test_object(label); Object data_obj(test_session.session(), data_obj_props); result.test_success("Data object creation was successful"); @@ -526,19 +536,8 @@ Test::Result test_get_set_attribute_values() TestSession test_session(true); // create object - std::string value_string("test data"); - secure_vector<uint8_t> value(value_string.begin(), value_string.end()); - - std::size_t id = 1337; - std::string label = "Botan test data object"; - std::string application = "Botan test application"; - DataObjectProperties data_obj_props; - data_obj_props.set_application(application); - data_obj_props.set_label(label); - data_obj_props.set_value(value); - data_obj_props.set_token(true); - data_obj_props.set_modifiable(true); - data_obj_props.set_object_id(DER_Encoder().encode(id).get_contents_unlocked()); + const std::string label = "Botan test data object"; + auto data_obj_props = make_test_object(label); Object data_obj(test_session.session(), data_obj_props); // get attribute @@ -567,19 +566,8 @@ Test::Result test_object_finder() TestSession test_session(true); // create object - std::string value_string("test data"); - secure_vector<uint8_t> value(value_string.begin(), value_string.end()); - - std::size_t id = 1337; - std::string label = "Botan test data object"; - std::string application = "Botan test application"; - DataObjectProperties data_obj_props; - data_obj_props.set_application(application); - data_obj_props.set_label(label); - data_obj_props.set_value(value); - data_obj_props.set_token(true); - data_obj_props.set_modifiable(true); - data_obj_props.set_object_id(DER_Encoder().encode(id).get_contents_unlocked()); + const std::string label = "Botan test data object"; + auto data_obj_props = make_test_object(label); Object data_obj(test_session.session(), data_obj_props); // search created object @@ -610,19 +598,8 @@ Test::Result test_object_copy() TestSession test_session(true); // create object - std::string value_string("test data"); - secure_vector<uint8_t> value(value_string.begin(), value_string.end()); - - std::size_t id = 1337; - std::string label = "Botan test data object"; - std::string application = "Botan test application"; - DataObjectProperties data_obj_props; - data_obj_props.set_application(application); - data_obj_props.set_label(label); - data_obj_props.set_value(value); - data_obj_props.set_token(true); - data_obj_props.set_modifiable(true); - data_obj_props.set_object_id(DER_Encoder().encode(id).get_contents_unlocked()); + const std::string label = "Botan test data object"; + auto data_obj_props = make_test_object(label); Object data_obj(test_session.session(), data_obj_props); // copy created object @@ -993,6 +970,13 @@ Test::Result test_ecdsa_privkey_export() return result; } +std::vector<uint8_t> encode_ec_point_in_octet_str(const Botan::PointGFp& point) + { + std::vector<uint8_t> enc; + DER_Encoder(enc).encode(point.encode(PointGFp::UNCOMPRESSED), OCTET_STRING); + return enc; + } + Test::Result test_ecdsa_pubkey_import() { Test::Result result("PKCS11 import ECDSA public key"); @@ -1003,9 +987,7 @@ Test::Result test_ecdsa_pubkey_import() ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); - const std::vector<uint8_t> enc_point = DER_Encoder().encode( - priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). - get_contents_unlocked(); + const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); // import to card EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); @@ -1034,9 +1016,7 @@ Test::Result test_ecdsa_pubkey_export() ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); - const std::vector<uint8_t> enc_point = DER_Encoder().encode( - priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). - get_contents_unlocked(); + const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); // import to card EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); @@ -1270,9 +1250,7 @@ Test::Result test_ecdh_pubkey_import() ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); - const std::vector<uint8_t> enc_point = DER_Encoder().encode( - priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). - get_contents_unlocked(); + const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); // import to card EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); @@ -1301,9 +1279,7 @@ Test::Result test_ecdh_pubkey_export() ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); - const std::vector<uint8_t> enc_point = DER_Encoder().encode( - priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). - get_contents_unlocked(); + const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); // import to card EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); @@ -1610,7 +1586,7 @@ Test::Result test_x509_import() TestSession test_session(true); X509_Certificate root(Test::data_file("x509/nist/test01/end.crt")); - X509_CertificateProperties props(DER_Encoder().encode(root.subject_dn()).get_contents_unlocked(), root.BER_encode()); + X509_CertificateProperties props(root); props.set_label("Botan PKCS#11 test certificate"); props.set_private(false); props.set_token(true); diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index d180e8ffc..eaae35842 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -1356,7 +1356,9 @@ class String_Extension final : public Botan::Certificate_Extension std::vector<uint8_t> encode_inner() const override { - return Botan::DER_Encoder().encode(Botan::ASN1_String(m_contents, Botan::UTF8_STRING)).get_contents_unlocked(); + std::vector<uint8_t> bits; + Botan::DER_Encoder(bits).encode(Botan::ASN1_String(m_contents, Botan::UTF8_STRING)); + return bits; } void decode_inner(const std::vector<uint8_t>& in) override |