diff options
-rw-r--r-- | checks/pk.cpp | 20 | ||||
-rw-r--r-- | checks/pk_bench.cpp | 6 | ||||
-rw-r--r-- | include/pubkey.h | 8 | ||||
-rw-r--r-- | include/x509_ca.h | 3 | ||||
-rw-r--r-- | include/x509_obj.h | 1 | ||||
-rw-r--r-- | src/keypair.cpp | 7 | ||||
-rw-r--r-- | src/pk_filts.cpp | 2 | ||||
-rw-r--r-- | src/pubkey.cpp | 14 | ||||
-rw-r--r-- | src/x509_ca.cpp | 10 | ||||
-rw-r--r-- | src/x509_obj.cpp | 3 | ||||
-rw-r--r-- | src/x509self.cpp | 5 |
11 files changed, 38 insertions, 41 deletions
diff --git a/checks/pk.cpp b/checks/pk.cpp index 8c2231313..90b9e1b5d 100644 --- a/checks/pk.cpp +++ b/checks/pk.cpp @@ -19,10 +19,6 @@ #include <botan/filters.h> #include <botan/look_pk.h> #include <botan/numthry.h> - -#include <botan/x931_rng.h> -#include <botan/randpool.h> -#include <botan/libstate.h> using namespace Botan; #include "common.h" @@ -165,12 +161,6 @@ u32bit do_pk_validation_tests(const std::string& filename) std::cout << std::endl; - global_state().set_prng(new ANSI_X931_RNG("AES-128", - new Randpool("AES-256", - "HMAC(SHA-256)"))); - for(u32bit j = 0; j != 2; j++) - global_state().seed_prng(true, 384); - do_pk_keygen_tests(); do_x509_tests(); @@ -229,11 +219,11 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, const std::string& exp, bool& failure) { SecureVector<byte> message = decode_hex(input); - global_state().set_prng(new Fixed_Output_RNG(decode_hex(random))); SecureVector<byte> expected = decode_hex(exp); - SecureVector<byte> sig = s->sign_message(message, message.size()); + Fixed_Output_RNG rng(decode_hex(random)); + SecureVector<byte> sig = s->sign_message(message, message.size(), rng); if(sig != expected) { @@ -257,12 +247,6 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo, failure = true; } - global_state().set_prng(new ANSI_X931_RNG("AES-128", - new Randpool("AES-256", - "HMAC(SHA-256)"))); - for(u32bit j = 0; j != 2; j++) - global_state().seed_prng(true, 384); - delete v; delete s; } diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index c34827258..e6ab90153 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -295,7 +295,7 @@ void bench_sig(PK_Signer* sig, const std::string& algo_name, global_state().randomize(msg, MSG_SIZE); u64bit start = get_clock(); sig->update(msg, MSG_SIZE); - sig->signature(); + sig->signature(global_state().prng_reference()); clocks_used += get_clock() - start; } @@ -313,7 +313,7 @@ void bench_ver(PK_Signer* sig, PK_Verifier* ver, global_state().randomize(msg, MSG_SIZE); sig->update(msg, MSG_SIZE); - SecureVector<byte> signature = sig->signature(); + SecureVector<byte> signature = sig->signature(global_state().prng_reference()); u32bit runs = 0; u64bit clocks_used = 0; @@ -325,7 +325,7 @@ void bench_ver(PK_Signer* sig, PK_Verifier* ver, { global_state().randomize(msg, MSG_SIZE); sig->update(msg, MSG_SIZE); - signature = sig->signature(); + signature = sig->signature(global_state().prng_reference()); } runs++; diff --git a/include/pubkey.h b/include/pubkey.h index a5d332241..4890fe38d 100644 --- a/include/pubkey.h +++ b/include/pubkey.h @@ -51,14 +51,16 @@ class BOTAN_DLL PK_Decryptor class BOTAN_DLL PK_Signer { public: - SecureVector<byte> sign_message(const byte[], u32bit); - SecureVector<byte> sign_message(const MemoryRegion<byte>&); + SecureVector<byte> sign_message(const byte[], u32bit, + RandomNumberGenerator&); + SecureVector<byte> sign_message(const MemoryRegion<byte>&, + RandomNumberGenerator&); void update(byte); void update(const byte[], u32bit); void update(const MemoryRegion<byte>&); - SecureVector<byte> signature(); + SecureVector<byte> signature(RandomNumberGenerator&); void set_output_format(Signature_Format); diff --git a/include/x509_ca.h b/include/x509_ca.h index f6564d045..1f0e35261 100644 --- a/include/x509_ca.h +++ b/include/x509_ca.h @@ -31,7 +31,8 @@ class BOTAN_DLL X509_CA X509_CRL update_crl(const X509_CRL&, const std::vector<CRL_Entry>&, u32bit = 0) const; - static X509_Certificate make_cert(PK_Signer*, const AlgorithmIdentifier&, + static X509_Certificate make_cert(PK_Signer*, + const AlgorithmIdentifier&, const MemoryRegion<byte>&, const X509_Time&, const X509_Time&, const X509_DN&, const X509_DN&, diff --git a/include/x509_obj.h b/include/x509_obj.h index 55065f6f5..2ec3740cf 100644 --- a/include/x509_obj.h +++ b/include/x509_obj.h @@ -24,6 +24,7 @@ class BOTAN_DLL X509_Object AlgorithmIdentifier signature_algorithm() const; static MemoryVector<byte> make_signed(class PK_Signer*, + RandomNumberGenerator&, const AlgorithmIdentifier&, const MemoryRegion<byte>&); diff --git a/src/keypair.cpp b/src/keypair.cpp index 242937668..940f0c028 100644 --- a/src/keypair.cpp +++ b/src/keypair.cpp @@ -49,9 +49,10 @@ void check_key(RandomNumberGenerator& rng, SecureVector<byte> signature; - try { - signature = sig->sign_message(message); - } + try + { + signature = sig->sign_message(message, rng); + } catch(Encoding_Error) { return; diff --git a/src/pk_filts.cpp b/src/pk_filts.cpp index 6da6dabfd..85ba6638a 100644 --- a/src/pk_filts.cpp +++ b/src/pk_filts.cpp @@ -56,7 +56,7 @@ void PK_Signer_Filter::write(const byte input[], u32bit length) *************************************************/ void PK_Signer_Filter::end_msg() { - send(signer->signature()); + send(signer->signature(global_state().prng_reference())); } /************************************************* diff --git a/src/pubkey.cpp b/src/pubkey.cpp index 80f49fcad..d51bed70f 100644 --- a/src/pubkey.cpp +++ b/src/pubkey.cpp @@ -144,18 +144,20 @@ void PK_Signer::set_output_format(Signature_Format format) /************************************************* * Sign a message * *************************************************/ -SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length) +SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length, + RandomNumberGenerator& rng) { update(msg, length); - return signature(); + return signature(rng); } /************************************************* * Sign a message * *************************************************/ -SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg) +SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg, + RandomNumberGenerator& rng) { - return sign_message(msg, msg.size()); + return sign_message(msg, msg.size(), rng); } /************************************************* @@ -185,10 +187,8 @@ void PK_Signer::update(const MemoryRegion<byte>& in) /************************************************* * Create a signature * *************************************************/ -SecureVector<byte> PK_Signer::signature() +SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng) { - RandomNumberGenerator& rng = global_state().prng_reference(); - SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(), key.max_input_bits(), rng); diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index d3737108b..e7557cea5 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -88,12 +88,14 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const X509_DN& subject_dn, const Extensions& extensions) { + RandomNumberGenerator& rng = global_state().prng_reference(); + const u32bit X509_CERT_VERSION = 3; const u32bit SERIAL_BITS = 128; - BigInt serial_no(global_state().prng_reference(), SERIAL_BITS); + BigInt serial_no(rng, SERIAL_BITS); - DataSource_Memory source(X509_Object::make_signed(signer, sig_algo, + DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, DER_Encoder().start_cons(SEQUENCE) .start_explicit(0) .encode(X509_CERT_VERSION-1) @@ -194,7 +196,9 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); - DataSource_Memory source(X509_Object::make_signed(signer, ca_sig_algo, + RandomNumberGenerator& rng = global_state().prng_reference(); + + DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, DER_Encoder().start_cons(SEQUENCE) .encode(X509_CRL_VERSION-1) .encode(ca_sig_algo) diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp index ac6eef3b9..e78790949 100644 --- a/src/x509_obj.cpp +++ b/src/x509_obj.cpp @@ -195,6 +195,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const * Apply the X.509 SIGNED macro * *************************************************/ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, + RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, const MemoryRegion<byte>& tbs_bits) { @@ -202,7 +203,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, .start_cons(SEQUENCE) .raw_bytes(tbs_bits) .encode(algo) - .encode(signer->sign_message(tbs_bits), BIT_STRING) + .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() .get_contents(); } diff --git a/src/x509self.cpp b/src/x509self.cpp index c2c8e49e9..b9e558b7a 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -9,6 +9,7 @@ #include <botan/der_enc.h> #include <botan/config.h> #include <botan/look_pk.h> +#include <botan/libstate.h> #include <botan/oids.h> #include <botan/pipe.h> #include <memory> @@ -159,7 +160,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .end_cons(); DataSource_Memory source( - X509_Object::make_signed(signer.get(), sig_algo, + X509_Object::make_signed(signer.get(), + global_state().prng_reference(), + sig_algo, tbs_req.get_contents()) ); |