diff options
-rw-r--r-- | src/pubkey/pubkey.cpp | 11 | ||||
-rw-r--r-- | src/pubkey/pubkey.h | 12 |
2 files changed, 17 insertions, 6 deletions
diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index 4a9f1be9d..1d5d8542c 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -117,7 +117,8 @@ SecureVector<byte> PK_Decryptor_EME::dec(const byte msg[], */ PK_Signer::PK_Signer(const Private_Key& key, const std::string& emsa_name, - Signature_Format format) + Signature_Format format, + Fault_Protection prot) { Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory()); @@ -129,14 +130,14 @@ PK_Signer::PK_Signer(const Private_Key& key, if(!op) op = engine->get_signature_op(key); - if(!verify_op) + if(!verify_op && prot == ENABLE_FAULT_PROTECTION) verify_op = engine->get_verify_op(key); - if(op && verify_op) + if(op && (verify_op || prot == DISABLE_FAULT_PROTECTION)) break; } - if(!op || !verify_op) + if(!op || (!verify_op && prot == ENABLE_FAULT_PROTECTION)) throw Lookup_Error("PK_Signer: No working engine for " + key.algo_name()); @@ -202,7 +203,7 @@ SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng) SecureVector<byte> plain_sig = op->sign(encoded, encoded.size(), rng); - if(!self_test_signature(encoded, plain_sig)) + if(verify_op && !self_test_signature(encoded, plain_sig)) throw Internal_Error("PK_Signer consistency check failed"); if(op->message_parts() == 1 || sig_format == IEEE_1363) diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index c31aed67b..eeb4d5841 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -24,6 +24,14 @@ namespace Botan { enum Signature_Format { IEEE_1363, DER_SEQUENCE }; /** +* Enum marking if protection against fault attacks should be used +*/ +enum Fault_Protection { + ENABLE_FAULT_PROTECTION, + DISABLE_FAULT_PROTECTION +}; + +/** * Public Key Encryptor */ class BOTAN_DLL PK_Encryptor @@ -174,10 +182,12 @@ class BOTAN_DLL PK_Signer * @param emsa the EMSA to use * An example would be "EMSA1(SHA-224)". * @param format the signature format to use + * @param prot says if fault protection should be enabled */ PK_Signer(const Private_Key& key, const std::string& emsa, - Signature_Format format = IEEE_1363); + Signature_Format format = IEEE_1363, + Fault_Protection prot = ENABLE_FAULT_PROTECTION); ~PK_Signer() { delete op; delete verify_op; delete emsa; } private: |