aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/pubkey/pubkey.cpp11
-rw-r--r--src/pubkey/pubkey.h12
2 files changed, 17 insertions, 6 deletions
diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp
index 4a9f1be9d..1d5d8542c 100644
--- a/src/pubkey/pubkey.cpp
+++ b/src/pubkey/pubkey.cpp
@@ -117,7 +117,8 @@ SecureVector<byte> PK_Decryptor_EME::dec(const byte msg[],
*/
PK_Signer::PK_Signer(const Private_Key& key,
const std::string& emsa_name,
- Signature_Format format)
+ Signature_Format format,
+ Fault_Protection prot)
{
Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory());
@@ -129,14 +130,14 @@ PK_Signer::PK_Signer(const Private_Key& key,
if(!op)
op = engine->get_signature_op(key);
- if(!verify_op)
+ if(!verify_op && prot == ENABLE_FAULT_PROTECTION)
verify_op = engine->get_verify_op(key);
- if(op && verify_op)
+ if(op && (verify_op || prot == DISABLE_FAULT_PROTECTION))
break;
}
- if(!op || !verify_op)
+ if(!op || (!verify_op && prot == ENABLE_FAULT_PROTECTION))
throw Lookup_Error("PK_Signer: No working engine for " +
key.algo_name());
@@ -202,7 +203,7 @@ SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng)
SecureVector<byte> plain_sig = op->sign(encoded, encoded.size(), rng);
- if(!self_test_signature(encoded, plain_sig))
+ if(verify_op && !self_test_signature(encoded, plain_sig))
throw Internal_Error("PK_Signer consistency check failed");
if(op->message_parts() == 1 || sig_format == IEEE_1363)
diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h
index c31aed67b..eeb4d5841 100644
--- a/src/pubkey/pubkey.h
+++ b/src/pubkey/pubkey.h
@@ -24,6 +24,14 @@ namespace Botan {
enum Signature_Format { IEEE_1363, DER_SEQUENCE };
/**
+* Enum marking if protection against fault attacks should be used
+*/
+enum Fault_Protection {
+ ENABLE_FAULT_PROTECTION,
+ DISABLE_FAULT_PROTECTION
+};
+
+/**
* Public Key Encryptor
*/
class BOTAN_DLL PK_Encryptor
@@ -174,10 +182,12 @@ class BOTAN_DLL PK_Signer
* @param emsa the EMSA to use
* An example would be "EMSA1(SHA-224)".
* @param format the signature format to use
+ * @param prot says if fault protection should be enabled
*/
PK_Signer(const Private_Key& key,
const std::string& emsa,
- Signature_Format format = IEEE_1363);
+ Signature_Format format = IEEE_1363,
+ Fault_Protection prot = ENABLE_FAULT_PROTECTION);
~PK_Signer() { delete op; delete verify_op; delete emsa; }
private: