diff options
33 files changed, 313 insertions, 329 deletions
diff --git a/checks/cvc_tests.cpp b/checks/cvc_tests.cpp index 9d7b7290b..5bd671ba6 100644 --- a/checks/cvc_tests.cpp +++ b/checks/cvc_tests.cpp @@ -23,7 +23,6 @@ #include <botan/x509cert.h> #include <botan/x509self.h> #include <botan/oids.h> -#include <botan/look_pk.h> #include <botan/cvc_self.h> #include <botan/cvc_cert.h> #include <botan/cvc_ado.h> diff --git a/checks/ecdh.cpp b/checks/ecdh.cpp index 92b2f58e8..a63742f2f 100644 --- a/checks/ecdh.cpp +++ b/checks/ecdh.cpp @@ -17,7 +17,7 @@ #include <iostream> #include <fstream> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/ecdh.h> #include <botan/x509self.h> #include <botan/der_enc.h> @@ -39,11 +39,11 @@ void test_ecdh_normal_derivation(RandomNumberGenerator& rng) ECDH_PrivateKey private_b(rng, dom_pars); //public_a.getCurve() - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(private_a, "KDF2(SHA-1)")); - std::auto_ptr<PK_Key_Agreement> kb(get_pk_kas(private_b, "KDF2(SHA-1)")); + PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); + PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); - SymmetricKey alice_key = ka->derive_key(32, private_b.public_value()); - SymmetricKey bob_key = kb->derive_key(32, private_a.public_value()); + SymmetricKey alice_key = ka.derive_key(32, private_b.public_value()); + SymmetricKey bob_key = kb.derive_key(32, private_a.public_value()); if(alice_key != bob_key) { @@ -70,11 +70,11 @@ void test_ecdh_some_dp(RandomNumberGenerator& rng) ECDH_PrivateKey private_a(rng, dom_pars); ECDH_PrivateKey private_b(rng, dom_pars); - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(private_a, "KDF2(SHA-1)")); - std::auto_ptr<PK_Key_Agreement> kb(get_pk_kas(private_b, "KDF2(SHA-1)")); + PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); + PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); - SymmetricKey alice_key = ka->derive_key(32, private_b.public_value()); - SymmetricKey bob_key = kb->derive_key(32, private_a.public_value()); + SymmetricKey alice_key = ka.derive_key(32, private_b.public_value()); + SymmetricKey bob_key = kb.derive_key(32, private_a.public_value()); CHECK_MESSAGE(alice_key == bob_key, "different keys - " << "Alice's key was: " << alice_key.as_string() << ", Bob's key was: " << bob_key.as_string()); } @@ -99,11 +99,11 @@ void test_ecdh_der_derivation(RandomNumberGenerator& rng) MemoryVector<byte> key_a = private_a.public_value(); MemoryVector<byte> key_b = private_b.public_value(); - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(private_a, "KDF2(SHA-1)")); - std::auto_ptr<PK_Key_Agreement> kb(get_pk_kas(private_b, "KDF2(SHA-1)")); + PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); + PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); - SymmetricKey alice_key = ka->derive_key(32, key_b); - SymmetricKey bob_key = kb->derive_key(32, key_a); + SymmetricKey alice_key = ka.derive_key(32, key_b); + SymmetricKey bob_key = kb.derive_key(32, key_a); CHECK_MESSAGE(alice_key == bob_key, "different keys - " << "Alice's key was: " << alice_key.as_string() << ", Bob's key was: " << bob_key.as_string()); //cout << "key: " << alice_key.as_string() << endl; diff --git a/checks/ecdsa.cpp b/checks/ecdsa.cpp index 036cc4dd1..d46ebb25e 100644 --- a/checks/ecdsa.cpp +++ b/checks/ecdsa.cpp @@ -11,7 +11,7 @@ #if defined(BOTAN_HAS_ECDSA) #include <botan/botan.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/ecdsa.h> #include <botan/rsa.h> #include <botan/x509cert.h> @@ -70,12 +70,12 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) { format = "EMSA1_BSI(SHA-1)"; } - std::auto_ptr<PK_Signer> pk_signer(get_pk_signer(priv_key, format)); + PK_Signer pk_signer(priv_key, format); SecureVector<byte> signature; bool sig_exc = false; try { - signature = pk_signer->sign_message(message, rng); + signature = pk_signer.sign_message(message, rng); } catch(Encoding_Error e) { @@ -90,11 +90,10 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) CHECK(!sig_exc); } - if(i==0) // makes no sense to check for sha224 { - std::auto_ptr<PK_Verifier> pk_verifier(get_pk_verifier(priv_key, format)); - bool ver = pk_verifier->verify_message(message, signature); + PK_Verifier pk_verifier(priv_key, format); + bool ver = pk_verifier.verify_message(message, signature); CHECK(ver); } @@ -103,16 +102,16 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) // now check that verification alone fails // sign it with the normal EMSA1 - std::auto_ptr<PK_Signer> pk_signer(get_pk_signer(priv_key, "EMSA1(SHA-224)")); - SecureVector<byte> signature = pk_signer->sign_message(message, rng); + PK_Signer pk_signer(priv_key, "EMSA1(SHA-224)"); + SecureVector<byte> signature = pk_signer.sign_message(message, rng); - std::auto_ptr<PK_Verifier> pk_verifier(get_pk_verifier(priv_key, "EMSA1_BSI(SHA-224)")); + PK_Verifier pk_verifier(priv_key, "EMSA1_BSI(SHA-224)"); // verify against EMSA1_BSI // we make sure it doesn't fail because of the invalid signature, // but because of the Encoding_Error - if(pk_verifier->verify_message(message, signature)) + if(pk_verifier.verify_message(message, signature)) std::cout << "Corrupt ECDSA signature verified, should not have\n"; } @@ -163,20 +162,20 @@ void test_sign_then_ver(RandomNumberGenerator& rng) EC_Domain_Params dom_pars(OID("1.3.132.0.8")); ECDSA_PrivateKey ecdsa(rng, dom_pars); - std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-1)")); + PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12"); - SecureVector<byte> sig = signer->sign_message(msg, rng); + SecureVector<byte> sig = signer.sign_message(msg, rng); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(ecdsa, "EMSA1(SHA-1)")); + PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); - bool ok = verifier->verify_message(msg, sig); + bool ok = verifier.verify_message(msg, sig); if(!ok) std::cout << "ERROR: Could not verify ECDSA signature\n"; sig[0]++; - ok = verifier->verify_message(msg, sig); + ok = verifier.verify_message(msg, sig); if(ok) std::cout << "ERROR: Bogus ECDSA signature verified anyway\n"; @@ -192,16 +191,16 @@ bool test_ec_sign(RandomNumberGenerator& rng) ECDSA_PrivateKey priv_key(rng, dom_pars); std::string pem_encoded_key = PKCS8::PEM_encode(priv_key); - std::auto_ptr<PK_Signer> signer(get_pk_signer(priv_key, "EMSA1(SHA-224)")); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(priv_key, "EMSA1(SHA-224)")); + PK_Signer signer(priv_key, "EMSA1(SHA-224)"); + PK_Verifier verifier(priv_key, "EMSA1(SHA-224)"); for(u32bit i = 0; i != 256; ++i) - signer->update((byte)i); - SecureVector<byte> sig = signer->signature(rng); + signer.update((byte)i); + SecureVector<byte> sig = signer.signature(rng); for(u32bit i = 0; i != 256; ++i) - verifier->update((byte)i); - if(!verifier->check_signature(sig)) + verifier.update((byte)i); + if(!verifier.check_signature(sig)) { std::cout << "ECDSA self-test failed!"; return false; @@ -209,9 +208,9 @@ bool test_ec_sign(RandomNumberGenerator& rng) // now check valid signature, different input for(u32bit i = 1; i != 256; ++i) //starting from 1 - verifier->update((byte)i); + verifier.update((byte)i); - if(verifier->check_signature(sig)) + if(verifier.check_signature(sig)) { std::cout << "ECDSA with bad input passed validation"; return false; @@ -221,9 +220,9 @@ bool test_ec_sign(RandomNumberGenerator& rng) sig[sig.size()/2]++; for(u32bit i = 0; i != 256; ++i) - verifier->update((byte)i); + verifier.update((byte)i); - if(verifier->check_signature(sig)) + if(verifier.check_signature(sig)) { std::cout << "ECDSA with bad signature passed validation"; return false; @@ -363,13 +362,13 @@ void test_curve_registry(RandomNumberGenerator& rng) dom_pars.get_base_point().check_invariants(); ECDSA_PrivateKey ecdsa(rng, dom_pars); - std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-1)")); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(ecdsa, "EMSA1(SHA-1)")); + PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); + PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12"); - SecureVector<byte> sig = signer->sign_message(msg, rng); + SecureVector<byte> sig = signer.sign_message(msg, rng); - if(!verifier->verify_message(msg, sig)) + if(!verifier.verify_message(msg, sig)) std::cout << "Failed testing ECDSA sig for curve " << oids[i] << "\n"; } catch(Invalid_Argument& e) @@ -383,35 +382,43 @@ void test_curve_registry(RandomNumberGenerator& rng) void test_read_pkcs8(RandomNumberGenerator& rng) { std::cout << "." << std::flush; + + SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12"); + try { std::auto_ptr<PKCS8_PrivateKey> loaded_key(PKCS8::load_key(TEST_DATA_DIR "/wo_dompar_private.pkcs8.pem", rng)); ECDSA_PrivateKey* ecdsa = dynamic_cast<ECDSA_PrivateKey*>(loaded_key.get()); CHECK_MESSAGE(ecdsa, "the loaded key could not be converted into an ECDSA_PrivateKey"); - std::auto_ptr<PK_Signer> signer(get_pk_signer(*ecdsa, "EMSA1(SHA-1)")); - - SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12"); - SecureVector<byte> sig = signer->sign_message(msg, rng); + PK_Signer signer(*ecdsa, "EMSA1(SHA-1)"); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(*ecdsa, "EMSA1(SHA-1)")); + SecureVector<byte> sig = signer.sign_message(msg, rng); - bool ok = verifier->verify_message(msg, sig); + PK_Verifier verifier(*ecdsa, "EMSA1(SHA-1)"); - CHECK_MESSAGE(ok, "generated sig could not be verified positively"); + CHECK_MESSAGE(verifier.verify_message(msg, sig), + "generated sig could not be verified positively"); + } + catch (std::exception& e) + { + std::cout << "Exception in test_read_pkcs8 - " << e.what() << "\n"; + } + try + { std::auto_ptr<PKCS8_PrivateKey> loaded_key_nodp(PKCS8::load_key(TEST_DATA_DIR "/nodompar_private.pkcs8.pem", rng)); // anew in each test with unregistered domain-parameters ECDSA_PrivateKey* ecdsa_nodp = dynamic_cast<ECDSA_PrivateKey*>(loaded_key_nodp.get()); CHECK_MESSAGE(ecdsa_nodp, "the loaded key could not be converted into an ECDSA_PrivateKey"); - signer.reset(get_pk_signer(*ecdsa_nodp, "EMSA1(SHA-1)")); - verifier.reset(get_pk_verifier(*ecdsa_nodp, "EMSA1(SHA-1)")); + PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-1)"); + PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-1)"); - SecureVector<byte> signature_nodp = signer->sign_message(msg, rng); + SecureVector<byte> signature_nodp = signer.sign_message(msg, rng); - ok = verifier->verify_message(msg, signature_nodp); - CHECK_MESSAGE(ok, "generated signature could not be verified positively (no_dom)"); + CHECK_MESSAGE(verifier.verify_message(msg, signature_nodp), + "generated signature could not be verified positively (no_dom)"); try { diff --git a/checks/pk.cpp b/checks/pk.cpp index 33d4da0fc..cee298f6b 100644 --- a/checks/pk.cpp +++ b/checks/pk.cpp @@ -56,7 +56,6 @@ #endif #include <botan/filters.h> -#include <botan/look_pk.h> #include <botan/numthry.h> using namespace Botan; @@ -127,22 +126,21 @@ void validate_save_and_load(const Private_Key* priv_key, } } -void validate_decryption(PK_Decryptor* d, const std::string& algo, +void validate_decryption(PK_Decryptor& d, const std::string& algo, const SecureVector<byte> ctext, const SecureVector<byte> ptext, bool& failure) { - SecureVector<byte> decrypted = d->decrypt(ctext); + SecureVector<byte> decrypted = d.decrypt(ctext); if(decrypted != ptext) { std::cout << "FAILED (decrypt): " << algo << std::endl; dump_data(decrypted, ptext); failure = true; } - delete d; } -void validate_encryption(PK_Encryptor* e, PK_Decryptor* d, +void validate_encryption(PK_Encryptor& e, PK_Decryptor& d, const std::string& algo, const std::string& input, const std::string& random, const std::string& exp, bool& failure) @@ -151,7 +149,7 @@ void validate_encryption(PK_Encryptor* e, PK_Decryptor* d, SecureVector<byte> expected = decode_hex(exp); Fixed_Output_RNG rng(decode_hex(random)); - SecureVector<byte> out = e->encrypt(message, rng); + SecureVector<byte> out = e.encrypt(message, rng); if(out != expected) { std::cout << "FAILED (encrypt): " << algo << std::endl; @@ -160,10 +158,9 @@ void validate_encryption(PK_Encryptor* e, PK_Decryptor* d, } validate_decryption(d, algo, out, message, failure); - delete e; } -void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, +void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, const std::string& input, const std::string& random, const std::string& exp, bool& failure) { @@ -172,7 +169,7 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, SecureVector<byte> expected = decode_hex(exp); Fixed_Output_RNG rng(decode_hex(random)); - SecureVector<byte> sig = s->sign_message(message, message.size(), rng); + SecureVector<byte> sig = s.sign_message(message, message.size(), rng); if(sig != expected) { @@ -181,7 +178,7 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, failure = true; } - if(!v->verify_message(message, message.size(), sig, sig.size())) + if(!v.verify_message(message, message.size(), sig, sig.size())) { std::cout << "FAILED (verify): " << algo << std::endl; failure = true; @@ -190,24 +187,21 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, /* This isn't a very thorough testing method, but it will hopefully catch any really horrible errors */ sig[0]++; - if(v->verify_message(message, message.size(), sig, sig.size())) + if(v.verify_message(message, message.size(), sig, sig.size())) { std::cout << "FAILED (accepted bad sig): " << algo << std::endl; failure = true; } - - delete v; - delete s; } -void validate_kas(PK_Key_Agreement* kas, const std::string& algo, +void validate_kas(PK_Key_Agreement& kas, const std::string& algo, const SecureVector<byte>& pubkey, const std::string& output, u32bit keylen, bool& failure) { SecureVector<byte> expected = decode_hex(output); - SecureVector<byte> got = kas->derive_key(keylen, - pubkey, pubkey.size()).bits_of(); + SecureVector<byte> got = kas.derive_key(keylen, + pubkey, pubkey.size()).bits_of(); if(got != expected) { @@ -215,8 +209,6 @@ void validate_kas(PK_Key_Agreement* kas, const std::string& algo, dump_data(got, expected); failure = true; } - - delete kas; } u32bit validate_rsa_enc_pkcs8(const std::string& algo, @@ -246,8 +238,8 @@ u32bit validate_rsa_enc_pkcs8(const std::string& algo, std::string eme = algo.substr(12, std::string::npos); - PK_Encryptor* e = get_pk_encryptor(*rsapub, eme); - PK_Decryptor* d = get_pk_decryptor(*rsapriv, eme); + PK_Encryptor_MR_with_EME e(*rsapub, eme); + PK_Decryptor_MR_with_EME d(*rsapriv, eme); bool failure = false; validate_encryption(e, d, algo, str[1], str[2], str[3], failure); @@ -273,8 +265,8 @@ u32bit validate_rsa_enc(const std::string& algo, std::string eme = algo.substr(6, std::string::npos); - PK_Encryptor* e = get_pk_encryptor(pubkey, eme); - PK_Decryptor* d = get_pk_decryptor(privkey, eme); + PK_Encryptor_MR_with_EME e(pubkey, eme); + PK_Decryptor_MR_with_EME d(privkey, eme); bool failure = false; validate_encryption(e, d, algo, str[3], str[4], str[5], failure); @@ -299,12 +291,12 @@ u32bit validate_elg_enc(const std::string& algo, std::string eme = algo.substr(8, std::string::npos); - PK_Decryptor* d = get_pk_decryptor(privkey, eme); + PK_Decryptor_MR_with_EME d(privkey, eme); bool failure = false; if(str.size() == 7) { - PK_Encryptor* e = get_pk_encryptor(pubkey, eme); + PK_Encryptor_MR_with_EME e(pubkey, eme); validate_encryption(e, d, algo, str[4], str[5], str[6], failure); } else @@ -333,8 +325,8 @@ u32bit validate_rsa_sig(const std::string& algo, std::string emsa = algo.substr(7, std::string::npos); - PK_Verifier* v = get_pk_verifier(pubkey, emsa); - PK_Signer* s = get_pk_signer(privkey, emsa); + PK_Verifier v(pubkey, emsa); + PK_Signer s(privkey, emsa); bool failure = false; validate_signature(v, s, algo, str[3], str[4], str[5], failure); return (failure ? 1 : 0); @@ -354,13 +346,13 @@ u32bit validate_rsa_ver(const std::string& algo, std::string emsa = algo.substr(6, std::string::npos); - std::auto_ptr<PK_Verifier> v(get_pk_verifier(key, emsa)); + PK_Verifier v(key, emsa); SecureVector<byte> msg = decode_hex(str[2]); SecureVector<byte> sig = decode_hex(str[3]); bool passed = true; - passed = v->verify_message(msg, msg.size(), sig, sig.size()); + passed = v.verify_message(msg, msg.size(), sig, sig.size()); return (passed ? 0 : 1); #endif @@ -386,12 +378,12 @@ u32bit validate_rsa_ver_x509(const std::string& algo, std::string emsa = algo.substr(11, std::string::npos); - std::auto_ptr<PK_Verifier> v(get_pk_verifier(*rsakey, emsa)); + PK_Verifier v(*rsakey, emsa); SecureVector<byte> msg = decode_hex(str[1]); SecureVector<byte> sig = decode_hex(str[2]); - bool passed = v->verify_message(msg, msg.size(), sig, sig.size()); + bool passed = v.verify_message(msg, msg.size(), sig, sig.size()); return (passed ? 0 : 1); #endif @@ -412,13 +404,13 @@ u32bit validate_rw_ver(const std::string& algo, std::string emsa = algo.substr(5, std::string::npos); - std::auto_ptr<PK_Verifier> v(get_pk_verifier(key, emsa)); + PK_Verifier v(key, emsa); SecureVector<byte> msg = decode_hex(str[2]); SecureVector<byte> sig = decode_hex(str[3]); bool passed = true; - passed = v->verify_message(msg, msg.size(), sig, sig.size()); + passed = v.verify_message(msg, msg.size(), sig, sig.size()); return (passed ? 0 : 1); #endif @@ -440,8 +432,8 @@ u32bit validate_rw_sig(const std::string& algo, std::string emsa = algo.substr(3, std::string::npos); - PK_Verifier* v = get_pk_verifier(pubkey, emsa); - PK_Signer* s = get_pk_signer(privkey, emsa); + PK_Verifier v(pubkey, emsa); + PK_Signer s(privkey, emsa); bool failure = false; validate_signature(v, s, algo, str[3], str[4], str[5], failure); @@ -478,8 +470,8 @@ u32bit validate_dsa_sig(const std::string& algo, std::string emsa = algo.substr(4, std::string::npos); - PK_Verifier* v = get_pk_verifier(*dsapub, emsa); - PK_Signer* s = get_pk_signer(*dsapriv, emsa); + PK_Verifier v(*dsapub, emsa); + PK_Signer s(*dsapriv, emsa); bool failure = false; validate_signature(v, s, algo, str[1], str[2], str[3], failure); @@ -503,8 +495,8 @@ u32bit validate_ecdsa_sig(const std::string& algo, std::string emsa = algo.substr(6, std::string::npos); - PK_Verifier* v = get_pk_verifier(ecdsa, emsa); - PK_Signer* s = get_pk_signer(ecdsa, emsa); + PK_Verifier v(ecdsa, emsa); + PK_Signer s(ecdsa, emsa); bool failure = false; validate_signature(v, s, algo, str[2], str[3], str[4], failure); @@ -534,13 +526,13 @@ u32bit validate_dsa_ver(const std::string& algo, std::string emsa = algo.substr(7, std::string::npos); - std::auto_ptr<PK_Verifier> v(get_pk_verifier(*dsakey, emsa)); + PK_Verifier v(*dsakey, emsa); SecureVector<byte> msg = decode_hex(str[1]); SecureVector<byte> sig = decode_hex(str[2]); - v->set_input_format(DER_SEQUENCE); - bool passed = v->verify_message(msg, msg.size(), sig, sig.size()); + v.set_input_format(DER_SEQUENCE); + bool passed = v.verify_message(msg, msg.size(), sig, sig.size()); return (passed ? 0 : 1); #endif @@ -563,8 +555,8 @@ u32bit validate_nr_sig(const std::string& algo, std::string emsa = algo.substr(3, std::string::npos); - PK_Verifier* v = get_pk_verifier(pubkey, emsa); - PK_Signer* s = get_pk_signer(privkey, emsa); + PK_Verifier v(pubkey, emsa); + PK_Signer s(privkey, emsa); bool failure = false; validate_signature(v, s, algo, str[5], str[6], str[7], failure); @@ -594,7 +586,7 @@ u32bit validate_dh(const std::string& algo, if(str.size() == 6) keylen = to_u32bit(str[5]); - PK_Key_Agreement* kas = get_pk_kas(mykey, kdf); + PK_Key_Agreement kas(mykey, kdf); bool failure = false; validate_kas(kas, algo, otherkey.public_value(), @@ -628,17 +620,15 @@ u32bit validate_dlies(const std::string& algo, MessageAuthenticationCode* mac = get_mac(options[1]); u32bit mac_key_len = to_u32bit(options[2]); - PK_Decryptor* d = - new DLIES_Decryptor(to, - get_kdf(options[0]), - mac->clone(), mac_key_len); + DLIES_Encryptor e(from, + get_kdf(options[0]), + mac, mac_key_len); - DLIES_Encryptor* e = - new DLIES_Encryptor(from, - get_kdf(options[0]), - mac, mac_key_len); + DLIES_Decryptor d(to, + get_kdf(options[0]), + mac->clone(), mac_key_len); - e->set_other_key(to.public_value()); + e.set_other_key(to.public_value()); std::string empty = ""; bool failure = false; diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index 56df89eb3..0cc1bea3a 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -6,7 +6,6 @@ #include <botan/pkcs8.h> #include <botan/mem_ops.h> -#include <botan/look_pk.h> #include <botan/libstate.h> #include <botan/parsing.h> @@ -215,13 +214,16 @@ void benchmark_rsa(RandomNumberGenerator& rng, while(verify_timer.seconds() < seconds || sig_timer.seconds() < seconds) { - std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(key, enc_padding)); - std::auto_ptr<PK_Decryptor> dec(get_pk_decryptor(key, enc_padding)); - benchmark_enc_dec(*enc, *dec, enc_timer, dec_timer, rng, 10000, seconds); + PK_Encryptor_MR_with_EME enc(key, enc_padding); + PK_Decryptor_MR_with_EME dec(key, enc_padding); - std::auto_ptr<PK_Signer> sig(get_pk_signer(key, sig_padding)); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(key, sig_padding)); - benchmark_sig_ver(*ver, *sig, verify_timer, + benchmark_enc_dec(enc, dec, enc_timer, dec_timer, + rng, 10000, seconds); + + PK_Signer sig(key, sig_padding); + PK_Verifier ver(key, sig_padding); + + benchmark_sig_ver(ver, sig, verify_timer, sig_timer, rng, 10000, seconds); } @@ -270,10 +272,11 @@ void benchmark_rw(RandomNumberGenerator& rng, RW_PrivateKey key(rng, keylen); keygen_timer.stop(); - std::auto_ptr<PK_Signer> sig(get_pk_signer(key, padding)); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(key, padding)); + PK_Signer sig(key, padding); + PK_Verifier ver(key, padding); - benchmark_sig_ver(*ver, *sig, verify_timer, sig_timer, rng, 10000, seconds); + benchmark_sig_ver(ver, sig, verify_timer, sig_timer, + rng, 10000, seconds); } const std::string nm = "RW-" + to_string(keylen); @@ -325,10 +328,10 @@ void benchmark_ecdsa(RandomNumberGenerator& rng, ECDSA_PrivateKey key(rng, params); keygen_timer.stop(); - std::auto_ptr<PK_Signer> sig(get_pk_signer(key, padding)); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(key, padding)); + PK_Signer sig(key, padding); + PK_Verifier ver(key, padding); - benchmark_sig_ver(*ver, *sig, verify_timer, + benchmark_sig_ver(ver, sig, verify_timer, sig_timer, rng, 1000, seconds); } @@ -384,10 +387,10 @@ void benchmark_gost_3410(RandomNumberGenerator& rng, GOST_3410_PrivateKey key(rng, params); keygen_timer.stop(); - std::auto_ptr<PK_Signer> sig(get_pk_signer(key, padding)); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(key, padding)); + PK_Signer sig(key, padding); + PK_Verifier ver(key, padding); - benchmark_sig_ver(*ver, *sig, verify_timer, + benchmark_sig_ver(ver, sig, verify_timer, sig_timer, rng, 1000, seconds); } @@ -435,8 +438,8 @@ void benchmark_ecdh(RandomNumberGenerator& rng, ECDH_PrivateKey ecdh2(rng, params); keygen_timer.stop(); - std::auto_ptr<PK_Key_Agreement> ka1(get_pk_kas(ecdh1, "KDF2(SHA-1)")); - std::auto_ptr<PK_Key_Agreement> ka2(get_pk_kas(ecdh2, "KDF2(SHA-1)")); + PK_Key_Agreement ka1(ecdh1, "KDF2(SHA-1)"); + PK_Key_Agreement ka2(ecdh2, "KDF2(SHA-1)"); SymmetricKey secret1, secret2; @@ -446,11 +449,11 @@ void benchmark_ecdh(RandomNumberGenerator& rng, break; kex_timer.start(); - secret1 = ka1->derive_key(32, ecdh2.public_value()); + secret1 = ka1.derive_key(32, ecdh2.public_value()); kex_timer.stop(); kex_timer.start(); - secret2 = ka2->derive_key(32, ecdh1.public_value()); + secret2 = ka2.derive_key(32, ecdh1.public_value()); kex_timer.stop(); if(secret1 != secret2) @@ -502,10 +505,10 @@ void benchmark_dsa_nr(RandomNumberGenerator& rng, algo_name = key.algo_name(); keygen_timer.stop(); - std::auto_ptr<PK_Signer> sig(get_pk_signer(key, padding)); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(key, padding)); + PK_Signer sig(key, padding); + PK_Verifier ver(key, padding); - benchmark_sig_ver(*ver, *sig, verify_timer, + benchmark_sig_ver(ver, sig, verify_timer, sig_timer, rng, 1000, seconds); } @@ -548,8 +551,8 @@ void benchmark_dh(RandomNumberGenerator& rng, DH_PrivateKey dh2(rng, group); keygen_timer.stop(); - std::auto_ptr<PK_Key_Agreement> ka1(get_pk_kas(dh1, "KDF2(SHA-1)")); - std::auto_ptr<PK_Key_Agreement> ka2(get_pk_kas(dh2, "KDF2(SHA-1)")); + PK_Key_Agreement ka1(dh1, "KDF2(SHA-1)"); + PK_Key_Agreement ka2(dh2, "KDF2(SHA-1)"); SymmetricKey secret1, secret2; @@ -559,11 +562,11 @@ void benchmark_dh(RandomNumberGenerator& rng, break; kex_timer.start(); - secret1 = ka1->derive_key(32, dh2.public_value()); + secret1 = ka1.derive_key(32, dh2.public_value()); kex_timer.stop(); kex_timer.start(); - secret2 = ka2->derive_key(32, dh1.public_value()); + secret2 = ka2.derive_key(32, dh1.public_value()); kex_timer.stop(); if(secret1 != secret2) @@ -672,10 +675,11 @@ void benchmark_elg(RandomNumberGenerator& rng, ElGamal_PrivateKey key(rng, group); keygen_timer.stop(); - std::auto_ptr<PK_Decryptor> dec(get_pk_decryptor(key, padding)); - std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(key, padding)); + PK_Decryptor_MR_with_EME dec(key, padding); + PK_Encryptor_MR_with_EME enc(key, padding); - benchmark_enc_dec(*enc, *dec, enc_timer, dec_timer, rng, 1000, seconds); + benchmark_enc_dec(enc, dec, enc_timer, dec_timer, + rng, 1000, seconds); } const std::string nm = algo_name + "-" + to_string(pbits); diff --git a/doc/examples/dh.cpp b/doc/examples/dh.cpp index 23d6c3952..652c7b136 100644 --- a/doc/examples/dh.cpp +++ b/doc/examples/dh.cpp @@ -35,8 +35,8 @@ int main() // Bob sends his public key to Alice MemoryVector<byte> public_b = private_b.public_value(); - PK_Key_Agreement ka1(private_a, get_kdf("KDF2(SHA-1)")); - PK_Key_Agreement ka2(private_b, get_kdf("KDF2(SHA-1)")); + PK_Key_Agreement ka1(private_a, "KDF2(SHA-1)"); + PK_Key_Agreement ka2(private_b, "KDF2(SHA-1)"); /* * Preferably, include some salt or parameter that binds this key diff --git a/doc/examples/dsa_sign.cpp b/doc/examples/dsa_sign.cpp index abc22d0de..ea23907cf 100644 --- a/doc/examples/dsa_sign.cpp +++ b/doc/examples/dsa_sign.cpp @@ -12,7 +12,7 @@ #include <memory> #include <botan/botan.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/dsa.h> using namespace Botan; @@ -62,7 +62,7 @@ int main(int argc, char* argv[]) return 1; } - PK_Signer signer(*dsakey, get_emsa("EMSA1(SHA-1)")); + PK_Signer signer(*dsakey, "EMSA1(SHA-1)"); DataSource_Stream in(message); byte buf[4096] = { 0 }; diff --git a/doc/examples/dsa_ver.cpp b/doc/examples/dsa_ver.cpp index 49d9d9bbc..b30208559 100644 --- a/doc/examples/dsa_ver.cpp +++ b/doc/examples/dsa_ver.cpp @@ -21,7 +21,7 @@ signature format, encoded into base64 with a trailing newline. #include <memory> #include <botan/botan.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/dsa.h> using namespace Botan; @@ -75,14 +75,14 @@ int main(int argc, char* argv[]) SecureVector<byte> sig = b64_decode(sigstr); - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(*dsakey, "EMSA1(SHA-1)")); + PK_Verifier ver(*dsakey, "EMSA1(SHA-1)"); DataSource_Stream in(message); byte buf[4096] = { 0 }; while(u32bit got = in.read(buf, sizeof(buf))) - ver->update(buf, got); + ver.update(buf, got); - bool ok = ver->check_signature(sig); + bool ok = ver.check_signature(sig); if(ok) std::cout << "Signature verified\n"; diff --git a/doc/examples/ecdsa.cpp b/doc/examples/ecdsa.cpp index 311a13ad9..df1e1b93a 100644 --- a/doc/examples/ecdsa.cpp +++ b/doc/examples/ecdsa.cpp @@ -7,7 +7,6 @@ #include <botan/botan.h> #include <botan/ecdsa.h> #include <botan/pubkey.h> -#include <botan/look_pk.h> #include <memory> #include <iostream> @@ -35,22 +34,21 @@ int main() std::cout << PKCS8::PEM_encode(ecdsa); */ - std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-256)")); + PK_Signer signer(ecdsa, "EMSA1(SHA-256)"); const char* message = "Hello World"; - signer->update((const byte*)message, strlen(message)); + signer.update((const byte*)message, strlen(message)); - SecureVector<byte> sig = signer->signature(rng); + SecureVector<byte> sig = signer.signature(rng); std::cout << sig.size() << "\n"; - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(ecdsa_pub, "EMSA1(SHA-256)")); + PK_Verifier verifier(ecdsa_pub, "EMSA1(SHA-256)"); - verifier->update((const byte*)message, strlen(message)); + verifier.update((const byte*)message, strlen(message)); - bool ok = verifier->check_signature(sig); + bool ok = verifier.check_signature(sig); if(ok) std::cout << "Signature valid\n"; else diff --git a/doc/examples/pqg_gen.cpp b/doc/examples/pqg_gen.cpp index e797233f9..c033dac3b 100644 --- a/doc/examples/pqg_gen.cpp +++ b/doc/examples/pqg_gen.cpp @@ -13,7 +13,6 @@ #include <botan/botan.h> #include <botan/auto_rng.h> -#include <botan/look_pk.h> #include <botan/dsa.h> #include <botan/numthry.h> #include <botan/dl_group.h> diff --git a/doc/examples/rsa_dec.cpp b/doc/examples/rsa_dec.cpp index 1e789d748..df681d85b 100644 --- a/doc/examples/rsa_dec.cpp +++ b/doc/examples/rsa_dec.cpp @@ -1,5 +1,5 @@ /* -* (C) 2002 Jack Lloyd +* (C) 2002-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -16,7 +16,7 @@ same key format as that generated by rsa_kgen. #include <memory> #include <botan/botan.h> -#include <botan/look_pk.h> // for get_kdf +#include <botan/pubkey.h> #include <botan/rsa.h> using namespace Botan; @@ -75,9 +75,9 @@ int main(int argc, char* argv[]) SecureVector<byte> enc_masterkey = b64_decode(enc_masterkey_str); - std::auto_ptr<PK_Decryptor> decryptor(get_pk_decryptor(*rsakey, - "EME1(SHA-1)")); - SecureVector<byte> masterkey = decryptor->decrypt(enc_masterkey); + PK_Decryptor_MR_with_EME decryptor(*rsakey, "EME1(SHA-1)"); + + SecureVector<byte> masterkey = decryptor.decrypt(enc_masterkey); SymmetricKey cast_key = derive_key("CAST", masterkey, 16); InitializationVector iv = derive_key("IV", masterkey, 8); diff --git a/doc/examples/rsa_enc.cpp b/doc/examples/rsa_enc.cpp index 904b1e379..8ee4df181 100644 --- a/doc/examples/rsa_enc.cpp +++ b/doc/examples/rsa_enc.cpp @@ -32,7 +32,7 @@ #include <memory> #include <botan/botan.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/rsa.h> using namespace Botan; @@ -77,8 +77,7 @@ int main(int argc, char* argv[]) AutoSeeded_RNG rng; - std::auto_ptr<PK_Encryptor> encryptor(get_pk_encryptor(*rsakey, - "EME1(SHA-1)")); + PK_Encryptor_MR_with_EME encryptor(*rsakey, "EME1(SHA-1)"); /* Generate the master key (the other keys are derived from this) @@ -92,14 +91,14 @@ int main(int argc, char* argv[]) a problem. */ SymmetricKey masterkey(rng, - std::min(32U, encryptor->maximum_input_size())); + std::min(32U, encryptor.maximum_input_size())); SymmetricKey cast_key = derive_key("CAST", masterkey, 16); SymmetricKey mac_key = derive_key("MAC", masterkey, 16); SymmetricKey iv = derive_key("IV", masterkey, 8); SecureVector<byte> encrypted_key = - encryptor->encrypt(masterkey.bits_of(), rng); + encryptor.encrypt(masterkey.bits_of(), rng); ciphertext << b64_encode(encrypted_key) << std::endl; diff --git a/doc/examples/sig_gen.cpp b/doc/examples/sig_gen.cpp index fca069862..cf273216a 100644 --- a/doc/examples/sig_gen.cpp +++ b/doc/examples/sig_gen.cpp @@ -12,8 +12,8 @@ #include <memory> #include <botan/botan.h> -#include <botan/look_pk.h> #include <botan/dsa.h> +#include <botan/pubkey.h> using namespace Botan; bool check(std::map<std::string, std::string>); @@ -90,7 +90,7 @@ bool check(std::map<std::string, std::string> inputs) pipe.write(inputs["S"] ); pipe.end_msg(); - std::auto_ptr<PK_Verifier> verify(get_pk_verifier(key, "EMSA1(SHA-1)")); + PK_Verifier verifier(key, "EMSA1(SHA-1)"); - return verify->verify_message(pipe.read_all(0), pipe.read_all(1)); + return verifier.verify_message(pipe.read_all(0), pipe.read_all(1)); } diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index b54b8b4bb..fbd042676 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -10,7 +10,6 @@ #include <botan/point_gfp.h> #include <botan/time.h> #include <botan/oids.h> -#include <botan/look_pk.h> #include <sstream> namespace Botan { @@ -105,12 +104,11 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer( - get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*signer, + return make_cvc_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, @@ -133,7 +131,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); @@ -146,7 +144,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, .get_contents(); MemoryVector<byte> signed_cert = - EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(*signer, + EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); @@ -166,10 +164,10 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); } std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); SecureVector<byte> tbs_bits = req.BER_encode(); tbs_bits.append(DER_Encoder().encode(car).get_contents()); - MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(*signer, tbs_bits, rng); + MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); DataSource_Memory source(signed_cert); return EAC1_1_ADO(source); @@ -199,7 +197,7 @@ EAC1_1_CVC create_cvca(Private_Key const& key, opts.cex.add_months(cvca_validity_months); opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT)); opts.hash_alg = hash; - return Botan::CVC_EAC::create_self_signed_cert(*priv_key, opts, rng); + return CVC_EAC::create_self_signed_cert(*priv_key, opts, rng); } @@ -230,14 +228,14 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, } AlgorithmIdentifier sig_algo = signer.signature_algorithm(); std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer pk_signer(*priv_key, padding_and_hash); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*pk_signer, enc_public_key, + return make_cvc_cert(pk_signer, enc_public_key, signer.get_car(), signee.get_chr(), signer.get_chat_value(), @@ -264,7 +262,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, chr_str += to_string(seqnr, seqnr_len); ASN1_Chr chr(chr_str); std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer pk_signer(*priv_key, padding_and_hash); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); @@ -304,7 +302,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*pk_signer, enc_public_key, + return make_cvc_cert(pk_signer, enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), chr, chat_val, @@ -325,7 +323,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& prkey, } ECDSA_PrivateKey key(*priv_key); key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); - return Botan::CVC_EAC::create_cvc_req(key, chr, hash_alg, rng); + return CVC_EAC::create_cvc_req(key, chr, hash_alg, rng); } } // namespace DE_EAC diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index ddb714621..d6aa2f02b 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -7,7 +7,7 @@ */ #include <botan/signed_obj.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/oids.h> #include <memory> @@ -64,8 +64,8 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, SecureVector<byte> to_sign = tbs_data(); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(pub_key, padding, format)); - return verifier->verify_message(to_sign, sig); + PK_Verifier verifier(pub_key, padding, format); + return verifier.verify_message(to_sign, sig); } catch(...) { diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 00a105d1d..1f3e643e9 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -7,12 +7,12 @@ #include <botan/x509_ca.h> #include <botan/x509stor.h> +#include <botan/pubkey.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> #include <botan/lookup.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/time.h> #include <algorithm> @@ -272,7 +272,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); sig_algo.parameters = key.algorithm_identifier().parameters; - return get_pk_signer(key, padding, format); + return new PK_Signer(key, padding, format); } } diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index fb92a9cb0..820972614 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -7,7 +7,7 @@ #include <botan/x509_obj.h> #include <botan/x509_key.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/oids.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -168,10 +168,9 @@ bool X509_Object::check_signature(Public_Key& pub_key) const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(pub_key, padding, format)); + PK_Verifier verifier(pub_key, padding, format); - return verifier->verify_message(tbs_data(), signature()); + return verifier.verify_message(tbs_data(), signature()); } catch(...) { diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index e85317462..89b63c8b2 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -9,7 +9,6 @@ #include <botan/x509_ext.h> #include <botan/x509_ca.h> #include <botan/der_enc.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/pipe.h> #include <memory> diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp index b134817e4..a24d4a070 100644 --- a/src/cert/x509/x509stor.cpp +++ b/src/cert/x509/x509stor.cpp @@ -8,7 +8,6 @@ #include <botan/x509stor.h> #include <botan/parsing.h> #include <botan/pubkey.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/time.h> #include <algorithm> @@ -394,11 +393,10 @@ X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key) if(key->message_parts() >= 2) format = DER_SEQUENCE; else format = IEEE_1363; - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(*pub_key.get(), padding, format)); + PK_Verifier verifier(*pub_key.get(), padding, format); - bool valid = verifier->verify_message(object.tbs_data(), - object.signature()); + bool valid = verifier.verify_message(object.tbs_data(), + object.signature()); if(valid) return VERIFIED; diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 1fc4e2faa..50a2397e5 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -10,7 +10,6 @@ #include <botan/ber_dec.h> #include <botan/oids.h> #include <botan/hash.h> -#include <botan/look_pk.h> #include <botan/bigint.h> #include <botan/libstate.h> #include <memory> diff --git a/src/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 4bae96302..0cfdbba82 100644 --- a/src/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -6,15 +6,15 @@ */ #include <botan/cms_enc.h> -#include <botan/der_enc.h> -#include <botan/x509find.h> #include <botan/bigint.h> -#include <botan/oids.h> #include <botan/cbc.h> +#include <botan/der_enc.h> #include <botan/hash.h> -#include <botan/look_pk.h> #include <botan/libstate.h> +#include <botan/oids.h> #include <botan/pipe.h> +#include <botan/pubkey.h> +#include <botan/x509find.h> #include <memory> namespace Botan { @@ -130,7 +130,8 @@ void CMS_Encoder::encrypt_ktri(RandomNumberGenerator& rng, { const std::string padding = "EME-PKCS1-v1_5"; const std::string pk_algo = pub_key->algo_name(); - std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(*pub_key, padding)); + + PK_Encryptor_MR_with_EME encryptor(*pub_key, padding); SymmetricKey cek = setup_key(rng, cipher); @@ -146,7 +147,7 @@ void CMS_Encoder::encrypt_ktri(RandomNumberGenerator& rng, .encode((u32bit)0); encode_si(encoder, to) .encode(alg_id) - .encode(enc->encrypt(cek.bits_of(), rng), OCTET_STRING) + .encode(encryptor.encrypt(cek.bits_of(), rng), OCTET_STRING) .end_cons() .end_cons() .raw_bytes(do_encrypt(rng, cek, cipher)) @@ -292,14 +293,14 @@ void CMS_Encoder::sign(const X509_Certificate& cert, Signature_Format format = IEEE_1363; - std::auto_ptr<PK_Signer> signer(get_pk_signer(key, padding, format)); + PK_Signer signer(key, padding, format); AlgorithmIdentifier sig_algo(OIDS::lookup(key.algo_name() + "/" + padding), AlgorithmIdentifier::USE_NULL_PARAM); SecureVector<byte> signed_attr = encode_attr(data, type, hash); - signer->update(signed_attr); - SecureVector<byte> signature = signer->signature(rng); + signer.update(signed_attr); + SecureVector<byte> signature = signer.signature(rng); signed_attr[0] = 0xA0; const u32bit SI_VERSION = cert.subject_key_id().size() ? 3 : 1; diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 2253f84d5..07477fd5d 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -6,7 +6,6 @@ */ #include <botan/dlies.h> -#include <botan/look_pk.h> #include <botan/internal/xor_buf.h> namespace Botan { @@ -18,7 +17,7 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - ka(get_pk_kas(key, "Raw")), + ka(key, "Raw"), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) @@ -28,7 +27,6 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, DLIES_Encryptor::~DLIES_Encryptor() { - delete ka; delete kdf; delete mac; } @@ -48,7 +46,7 @@ SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length, out.copy(my_key, my_key.size()); out.copy(my_key.size(), in, length); - SecureVector<byte> vz(my_key, ka->derive_key(0, other_key).bits_of()); + SecureVector<byte> vz(my_key, ka.derive_key(0, other_key).bits_of()); const u32bit K_LENGTH = length + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); @@ -92,7 +90,7 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - ka(get_pk_kas(key, "Raw")), + ka(key, "Raw"), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) @@ -102,7 +100,6 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, DLIES_Decryptor::~DLIES_Decryptor() { - delete ka; delete kdf; delete mac; } @@ -121,7 +118,7 @@ SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN); SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->OUTPUT_LENGTH); - SecureVector<byte> vz(v, ka->derive_key(0, v).bits_of()); + SecureVector<byte> vz(v, ka.derive_key(0, v).bits_of()); const u32bit K_LENGTH = C.size() + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index e8b87a091..fd2cefe4a 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -35,7 +35,7 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor SecureVector<byte> other_key, my_key; - PK_Key_Agreement* ka; + PK_Key_Agreement ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; @@ -59,7 +59,7 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor SecureVector<byte> my_key; - PK_Key_Agreement* ka; + PK_Key_Agreement ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index 1fbc2abc1..bd9641856 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -8,7 +8,6 @@ #include <botan/dsa.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -65,10 +64,9 @@ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { - KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA1(SHA-1)"), - get_pk_verifier(*this, "EMSA1(SHA-1)") - ); + PK_Signer this_signer(*this, "EMSA1(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA1(SHA-1)"); + KeyPair::check_key(rng, this_signer, this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index 2abd769e5..6b919d916 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -8,7 +8,6 @@ #include <botan/elgamal.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> #include <botan/internal/workfactor.h> namespace Botan { @@ -66,10 +65,12 @@ bool ElGamal_PrivateKey::check_key(RandomNumberGenerator& rng, try { + PK_Encryptor_MR_with_EME this_encryptor(*this, "EME1(SHA-1)"); + PK_Decryptor_MR_with_EME this_decryptor(*this, "EME1(SHA-1)"); + KeyPair::check_key(rng, - get_pk_encryptor(*this, "EME1(SHA-1)"), - get_pk_decryptor(*this, "EME1(SHA-1)") - ); + this_encryptor, + this_decryptor); } catch(Self_Test_Failure) { diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index 486577fc5..d54d8e442 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -1,13 +1,11 @@ /* * Keypair Checks -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ #include <botan/keypair.h> -#include <botan/look_pk.h> -#include <memory> namespace Botan { @@ -17,22 +15,20 @@ namespace KeyPair { * Check an encryption key pair for consistency */ void check_key(RandomNumberGenerator& rng, - PK_Encryptor* encryptor, PK_Decryptor* decryptor) + PK_Encryptor& encryptor, + PK_Decryptor& decryptor) { - if(encryptor->maximum_input_size() == 0) + if(encryptor.maximum_input_size() == 0) return; - std::auto_ptr<PK_Encryptor> enc(encryptor); - std::auto_ptr<PK_Decryptor> dec(decryptor); - - SecureVector<byte> message(enc->maximum_input_size() - 1); + SecureVector<byte> message(encryptor.maximum_input_size() - 1); rng.randomize(message, message.size()); - SecureVector<byte> ciphertext = enc->encrypt(message, rng); + SecureVector<byte> ciphertext = encryptor.encrypt(message, rng); if(ciphertext == message) throw Self_Test_Failure("Encryption key pair consistency failure"); - SecureVector<byte> message2 = dec->decrypt(ciphertext); + SecureVector<byte> message2 = decryptor.decrypt(ciphertext); if(message != message2) throw Self_Test_Failure("Encryption key pair consistency failure"); } @@ -41,11 +37,9 @@ void check_key(RandomNumberGenerator& rng, * Check a signature key pair for consistency */ void check_key(RandomNumberGenerator& rng, - PK_Signer* signer, PK_Verifier* verifier) + PK_Signer& signer, + PK_Verifier& verifier) { - std::auto_ptr<PK_Signer> sig(signer); - std::auto_ptr<PK_Verifier> ver(verifier); - SecureVector<byte> message(16); rng.randomize(message, message.size()); @@ -53,18 +47,18 @@ void check_key(RandomNumberGenerator& rng, try { - signature = sig->sign_message(message, rng); + signature = signer.sign_message(message, rng); } catch(Encoding_Error) { return; } - if(!ver->verify_message(message, signature)) + if(!verifier.verify_message(message, signature)) throw Self_Test_Failure("Signature key pair consistency failure"); ++message[0]; - if(ver->verify_message(message, signature)) + if(verifier.verify_message(message, signature)) throw Self_Test_Failure("Signature key pair consistency failure"); } diff --git a/src/pubkey/keypair/keypair.h b/src/pubkey/keypair/keypair.h index b1d5c2da0..22dcca0ea 100644 --- a/src/pubkey/keypair/keypair.h +++ b/src/pubkey/keypair/keypair.h @@ -24,8 +24,8 @@ namespace KeyPair { * @throw Self_Test_Failure if the arguments are not related to each other */ BOTAN_DLL void check_key(RandomNumberGenerator& rng, - PK_Encryptor* enc, - PK_Decryptor* dec); + PK_Encryptor& enc, + PK_Decryptor& dec); /** * Tests whether the specified signer and verifier are related to each other, @@ -37,8 +37,8 @@ BOTAN_DLL void check_key(RandomNumberGenerator& rng, * @throw Self_Test_Failure if the arguments are not related to each other */ BOTAN_DLL void check_key(RandomNumberGenerator& rng, - PK_Signer* sig, - PK_Verifier* ver); + PK_Signer& sig, + PK_Verifier& ver); } diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 1fc8630d7..8a1b8c261 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -8,7 +8,6 @@ #include <botan/nr.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -71,10 +70,12 @@ bool NR_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { + PK_Signer this_signer(*this, "EMSA1(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA1(SHA-1)"); + KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA1(SHA-1)"), - get_pk_verifier(*this, "EMSA1(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index dc182f36a..984d030ef 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -9,7 +9,6 @@ #include <botan/parsing.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -57,15 +56,12 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { - KeyPair::check_key(rng, - get_pk_encryptor(*this, "EME1(SHA-1)"), - get_pk_decryptor(*this, "EME1(SHA-1)") - ); + PK_Signer this_signer(*this, "EMSA4(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA4(SHA-1)"); KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA4(SHA-1)"), - get_pk_verifier(*this, "EMSA4(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index 7b87ce7df..b2bf2f916 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -8,7 +8,6 @@ #include <botan/rw.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> #include <botan/parsing.h> #include <algorithm> @@ -59,10 +58,12 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { + PK_Signer this_signer(*this, "EMSA2(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA2(SHA-1)"); + KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA2(SHA-1)"), - get_pk_verifier(*this, "EMSA2(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp index 59cfa6547..7140bf35c 100644 --- a/src/ssl/c_kex.cpp +++ b/src/ssl/c_kex.cpp @@ -6,10 +6,10 @@ */ #include <botan/tls_messages.h> +#include <botan/pubkey.h> #include <botan/dh.h> #include <botan/rsa.h> #include <botan/rng.h> -#include <botan/look_pk.h> #include <botan/loadstor.h> #include <memory> @@ -31,9 +31,9 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng, { DH_PrivateKey priv_key(rng, dh_pub->get_domain()); - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(priv_key, "Raw")); + PK_Key_Agreement ka(priv_key, "Raw"); - pre_master = ka->derive_key(0, dh_pub->public_value()).bits_of(); + pre_master = ka.derive_key(0, dh_pub->public_value()).bits_of(); key_material = priv_key.public_value(); } @@ -44,10 +44,9 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng, pre_master[0] = (pref_version >> 8) & 0xFF; pre_master[1] = (pref_version ) & 0xFF; - std::auto_ptr<PK_Encryptor> encryptor(get_pk_encryptor(*rsa_pub, - "PKCS1v15")); + PK_Encryptor_MR_with_EME encryptor(*rsa_pub, "PKCS1v15"); - key_material = encryptor->encrypt(pre_master, rng); + key_material = encryptor.encrypt(pre_master, rng); if(using_version == SSL_V3) include_length = false; @@ -125,9 +124,9 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, if(const DH_PrivateKey* dh_priv = dynamic_cast<const DH_PrivateKey*>(priv_key)) { try { - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(*dh_priv, "Raw")); + PK_Key_Agreement ka(*dh_priv, "Raw"); - pre_master = ka->derive_key(0, key_material).bits_of(); + pre_master = ka.derive_key(0, key_material).bits_of(); } catch(...) { @@ -139,17 +138,16 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } else if(const RSA_PrivateKey* rsa_priv = dynamic_cast<const RSA_PrivateKey*>(priv_key)) { - std::auto_ptr<PK_Decryptor> decryptor(get_pk_decryptor(*rsa_priv, - "PKCS1v15")); + PK_Decryptor_MR_with_EME decryptor(*rsa_priv, "PKCS1v15"); try { - pre_master = decryptor->decrypt(key_material); + pre_master = decryptor.decrypt(key_material); if(pre_master.size() != 48 || make_u16bit(pre_master[0], pre_master[1]) != version) throw Decoding_Error("Client_Key_Exchange: Secret corrupted"); } - catch(std::exception) + catch(...) { pre_master.resize(48); rng.randomize(pre_master, pre_master.size()); diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp index 22dae8350..7e17dbfab 100644 --- a/src/ssl/cert_ver.cpp +++ b/src/ssl/cert_ver.cpp @@ -1,12 +1,12 @@ /** -* Certificate Verify Message -* (C) 2004-2006 Jack Lloyd +* Certificate Verify Message +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ #include <botan/tls_messages.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/rsa.h> #include <botan/dsa.h> #include <botan/loadstor.h> @@ -22,21 +22,23 @@ Certificate_Verify::Certificate_Verify(RandomNumberGenerator& rng, HandshakeHash& hash, const Private_Key* priv_key) { - std::auto_ptr<PK_Signer> signer; + std::string padding = ""; + Signature_Format format = IEEE_1363; - if(const RSA_PrivateKey* rsa = dynamic_cast<const RSA_PrivateKey*>(priv_key)) + if(priv_key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(priv_key->algo_name() == "DSA") { - signer.reset(get_pk_signer(*rsa, "EMSA3(TLS.Digest.0)")); - } - else if(const DSA_PrivateKey* dsa = - dynamic_cast<const DSA_PrivateKey*>(priv_key)) - { - signer.reset(get_pk_signer(*dsa, "EMSA1(SHA-1)")); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } else - throw Invalid_Argument("Unknown PK algo for TLS signature"); + throw Invalid_Argument(priv_key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Signer signer(*priv_key, padding, format); - signature = signer->sign_message(hash.final(), rng); + signature = signer.sign_message(hash.final(), rng); send(writer, hash); } @@ -80,20 +82,22 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, std::auto_ptr<Public_Key> key(cert.subject_public_key()); - DSA_PublicKey* dsa_pub = dynamic_cast<DSA_PublicKey*>(key.get()); - RSA_PublicKey* rsa_pub = dynamic_cast<RSA_PublicKey*>(key.get()); + std::string padding = ""; + Signature_Format format = IEEE_1363; - std::auto_ptr<PK_Verifier> verifier; - - if(dsa_pub) - verifier.reset(get_pk_verifier(*dsa_pub, "EMSA1(SHA-1)", DER_SEQUENCE)); - else if(rsa_pub) - verifier.reset(get_pk_verifier(*rsa_pub, "EMSA3(TLS.Digest.0)")); + if(key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(key->algo_name() == "DSA") + { + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; + } else - throw Invalid_Argument("Client did not provide a RSA/DSA cert"); + throw Invalid_Argument(key->algo_name() + + " is invalid/unknown for TLS signatures"); - // FIXME: WRONG - return verifier->verify_message(hash.final(), signature); + PK_Verifier verifier(*key, padding, format); + return verifier.verify_message(hash.final(), signature); } } diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index d568ef14f..94b17cb7e 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -6,10 +6,10 @@ */ #include <botan/tls_messages.h> +#include <botan/pubkey.h> #include <botan/dh.h> #include <botan/rsa.h> #include <botan/dsa.h> -#include <botan/look_pk.h> #include <botan/loadstor.h> #include <memory> @@ -43,25 +43,27 @@ Server_Key_Exchange::Server_Key_Exchange(RandomNumberGenerator& rng, else throw Invalid_Argument("Bad key for TLS key exchange: not DH or RSA"); - std::auto_ptr<PK_Signer> signer; - if(const RSA_PrivateKey* rsa = dynamic_cast<const RSA_PrivateKey*>(priv_key)) - { - signer.reset(get_pk_signer(*rsa, "EMSA3(TLS.Digest.0)")); - } - else if(const DSA_PrivateKey* dsa = - dynamic_cast<const DSA_PrivateKey*>(priv_key)) + std::string padding = ""; + Signature_Format format = IEEE_1363; + + if(priv_key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(priv_key->algo_name() == "DSA") { - signer.reset(get_pk_signer(*dsa, "EMSA1(SHA-1)")); - signer->set_output_format(DER_SEQUENCE); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } else - throw Invalid_Argument("Bad key for TLS signature: not RSA or DSA"); + throw Invalid_Argument(priv_key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Signer signer(*priv_key, padding, format); - signer->update(c_random); - signer->update(s_random); - signer->update(serialize_params()); - signature = signer->signature(rng); + signer.update(c_random); + signer.update(s_random); + signer.update(serialize_params()); + signature = signer.signature(rng); send(writer, hash); } @@ -154,29 +156,31 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert, const MemoryRegion<byte>& c_random, const MemoryRegion<byte>& s_random) const { - std::auto_ptr<Public_Key> key(cert.subject_public_key()); - DSA_PublicKey* dsa_pub = dynamic_cast<DSA_PublicKey*>(key.get()); - RSA_PublicKey* rsa_pub = dynamic_cast<RSA_PublicKey*>(key.get()); + std::auto_ptr<Public_Key> key(cert.subject_public_key()); - std::auto_ptr<PK_Verifier> verifier; + std::string padding = ""; + Signature_Format format = IEEE_1363; - if(dsa_pub) + if(key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(key->algo_name() == "DSA") { - verifier.reset(get_pk_verifier(*dsa_pub, "EMSA1(SHA-1)", DER_SEQUENCE)); - verifier->set_input_format(DER_SEQUENCE); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } - else if(rsa_pub) - verifier.reset(get_pk_verifier(*rsa_pub, "EMSA3(TLS.Digest.0)")); else - throw Invalid_Argument("Server did not provide a RSA/DSA cert"); + throw Invalid_Argument(key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Verifier verifier(*key, padding, format); SecureVector<byte> params_got = serialize_params(); - verifier->update(c_random); - verifier->update(s_random); - verifier->update(params_got); + verifier.update(c_random); + verifier.update(s_random); + verifier.update(params_got); - return verifier->check_signature(signature, signature.size()); + return verifier.check_signature(signature, signature.size()); } } |