diff options
-rw-r--r-- | src/cms/Makefile (renamed from misc/cms/Makefile) | 0 | ||||
-rw-r--r-- | src/cms/cms_algo.cpp (renamed from misc/cms/cms_algo.cpp) | 19 | ||||
-rw-r--r-- | src/cms/cms_comp.cpp (renamed from misc/cms/cms_comp.cpp) | 0 | ||||
-rw-r--r-- | src/cms/cms_dalg.cpp (renamed from misc/cms/cms_dalg.cpp) | 6 | ||||
-rw-r--r-- | src/cms/cms_dec.cpp (renamed from misc/cms/cms_dec.cpp) | 0 | ||||
-rw-r--r-- | src/cms/cms_dec.h (renamed from misc/cms/cms_dec.h) | 0 | ||||
-rw-r--r-- | src/cms/cms_ealg.cpp (renamed from misc/cms/cms_ealg.cpp) | 15 | ||||
-rw-r--r-- | src/cms/cms_enc.cpp (renamed from misc/cms/cms_enc.cpp) | 0 | ||||
-rw-r--r-- | src/cms/cms_enc.h (renamed from misc/cms/cms_enc.h) | 8 | ||||
-rw-r--r-- | src/cms/tests/cms_dec.cpp (renamed from misc/cms/tests/cms_dec.cpp) | 0 | ||||
-rw-r--r-- | src/cms/tests/cms_enc.cpp (renamed from misc/cms/tests/cms_enc.cpp) | 0 |
11 files changed, 28 insertions, 20 deletions
diff --git a/misc/cms/Makefile b/src/cms/Makefile index 143c0d741..143c0d741 100644 --- a/misc/cms/Makefile +++ b/src/cms/Makefile diff --git a/misc/cms/cms_algo.cpp b/src/cms/cms_algo.cpp index 2473e8885..efd016514 100644 --- a/misc/cms/cms_algo.cpp +++ b/src/cms/cms_algo.cpp @@ -17,7 +17,8 @@ namespace { /************************************************* * Wrap a key as specified in RFC 3217 * *************************************************/ -SecureVector<byte> do_rfc3217_wrap(const std::string& cipher, +SecureVector<byte> do_rfc3217_wrap(RandomNumberGenerator& rng, + const std::string& cipher, const SymmetricKey& kek, const SecureVector<byte>& input) { @@ -45,7 +46,7 @@ SecureVector<byte> do_rfc3217_wrap(const std::string& cipher, Pipe icv(new Hash_Filter("SHA-160", 8)); icv.process_msg(input); - InitializationVector iv(8); + InitializationVector iv(rng, 8); InitializationVector fixed("4ADDA22C79E82105"); Pipe pipe(get_cipher(cipher + "/CBC/NoPadding", kek, iv, ENCRYPTION), @@ -63,7 +64,8 @@ SecureVector<byte> do_rfc3217_wrap(const std::string& cipher, /************************************************* * Wrap a CEK with a KEK * *************************************************/ -SecureVector<byte> CMS_Encoder::wrap_key(const std::string& cipher, +SecureVector<byte> CMS_Encoder::wrap_key(RandomNumberGenerator& rng, + const std::string& cipher, const SymmetricKey& cek, const SymmetricKey& kek) { @@ -71,7 +73,7 @@ SecureVector<byte> CMS_Encoder::wrap_key(const std::string& cipher, { SymmetricKey cek_parity = cek; cek_parity.set_odd_parity(); - return do_rfc3217_wrap(cipher, kek, cek_parity.bits_of()); + return do_rfc3217_wrap(rng, cipher, kek, cek_parity.bits_of()); } else if(cipher == "RC2" || cipher == "CAST-128") { @@ -82,8 +84,8 @@ SecureVector<byte> CMS_Encoder::wrap_key(const std::string& cipher, lcekpad.append((byte)cek.length()); lcekpad.append(cek.bits_of()); while(lcekpad.size() % 8) - lcekpad.append(global_state().random()); - return do_rfc3217_wrap(cipher, kek, lcekpad); + lcekpad.append(rng.next_byte()); + return do_rfc3217_wrap(rng, cipher, kek, lcekpad); } else throw Invalid_Argument("CMS_Encoder::wrap: Unknown cipher " + cipher); @@ -121,7 +123,8 @@ SecureVector<byte> CMS_Encoder::encode_params(const std::string& cipher, /************************************************* * Generate a CEK or KEK for the cipher * *************************************************/ -SymmetricKey CMS_Encoder::setup_key(const std::string& cipher) +SymmetricKey CMS_Encoder::setup_key(RandomNumberGenerator& rng, + const std::string& cipher) { u32bit keysize = 0; @@ -132,7 +135,7 @@ SymmetricKey CMS_Encoder::setup_key(const std::string& cipher) if(keysize == 0) throw Invalid_Argument("CMS: Cannot encrypt with cipher " + cipher); - SymmetricKey key(keysize); + SymmetricKey key(rng, keysize); if(cipher == "DES" || cipher == "TripleDES") key.set_odd_parity(); return key; diff --git a/misc/cms/cms_comp.cpp b/src/cms/cms_comp.cpp index 0d75dae76..0d75dae76 100644 --- a/misc/cms/cms_comp.cpp +++ b/src/cms/cms_comp.cpp diff --git a/misc/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 92e620fc4..cd38c596d 100644 --- a/misc/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -4,6 +4,7 @@ *************************************************/ #include <botan/cms_dec.h> +#include <botan/x509find.h> #include <botan/ber_dec.h> #include <botan/oids.h> #include <botan/lookup.h> @@ -45,11 +46,10 @@ std::vector<X509_Certificate> get_cert(BER_Decoder& signer_info, iands.decode(issuer); iands.decode(serial); - found = X509_Store_Search::by_iands(store, issuer, - BigInt::encode(serial)); + found = store.get_certs(IandS_Match(issuer, BigInt::encode(serial))); } else if(id.type_tag == 0 && id.class_tag == CONSTRUCTED) - found = X509_Store_Search::by_SKID(store, id.value); + found = store.get_certs(SKID_Match(id.value)); else throw Decoding_Error("CMS: Unknown tag for cert identifier"); diff --git a/misc/cms/cms_dec.cpp b/src/cms/cms_dec.cpp index edd1cd489..edd1cd489 100644 --- a/misc/cms/cms_dec.cpp +++ b/src/cms/cms_dec.cpp diff --git a/misc/cms/cms_dec.h b/src/cms/cms_dec.h index ef21036bb..ef21036bb 100644 --- a/misc/cms/cms_dec.h +++ b/src/cms/cms_dec.h diff --git a/misc/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 7ea8429e8..7749200d2 100644 --- a/misc/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -9,8 +9,9 @@ #include <botan/oids.h> #include <botan/lookup.h> #include <botan/look_pk.h> +#include <botan/libstate.h> #include <botan/pipe.h> -#include <botan/config.h> +#include <memory> namespace Botan { @@ -23,8 +24,8 @@ std::string choose_algo(const std::string& user_algo, const std::string& default_algo) { if(user_algo == "") - return deref_alias(default_algo); - return deref_alias(user_algo); + return global_state().deref_alias(default_algo); + return global_state().deref_alias(user_algo); } /************************************************* @@ -127,7 +128,7 @@ void CMS_Encoder::encrypt_ktri(const X509_Certificate& to, const std::string pk_algo = pub_key->algo_name(); std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(*pub_key, padding)); - SymmetricKey cek = setup_key(cipher); + SymmetricKey cek = setup_key(rng, cipher); DER_Encoder encoder; encoder.start_cons(SEQUENCE); @@ -155,7 +156,7 @@ void CMS_Encoder::encrypt_kari(const X509_Certificate&, { throw Exception("FIXME: unimplemented"); #if 0 - SymmetricKey cek = setup_key(cipher); + SymmetricKey cek = setup_key(rng, cipher); DER_Encoder encoder; encoder.start_cons(SEQUENCE); @@ -184,7 +185,7 @@ void CMS_Encoder::encrypt(const SymmetricKey& kek, throw Exception("FIXME: untested"); const std::string cipher = choose_algo(user_cipher, "TripleDES"); - SymmetricKey cek = setup_key(cipher); + SymmetricKey cek = setup_key(rng, cipher); SecureVector<byte> kek_id; // FIXME: ? @@ -273,7 +274,7 @@ void CMS_Encoder::sign(X509_Store& store, const PKCS8_PrivateKey& key) std::string padding, hash; Signature_Format format; - Config::choose_sig_format(key.algo_name(), padding, hash, format); + choose_sig_format(key.algo_name(), padding, hash, format); const std::string sig_algo = key.algo_name() + "/" + padding; SecureVector<byte> signed_attr = encode_attr(data, type, hash); diff --git a/misc/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 601fbc9b6..601fbc9b6 100644 --- a/misc/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp diff --git a/misc/cms/cms_enc.h b/src/cms/cms_enc.h index 286fa8b53..6bdde8813 100644 --- a/misc/cms/cms_enc.h +++ b/src/cms/cms_enc.h @@ -53,10 +53,14 @@ class CMS_Encoder static SecureVector<byte> make_econtent(const SecureVector<byte>&, const std::string&); - static SymmetricKey setup_key(const std::string&); - static SecureVector<byte> wrap_key(const std::string&, + static SymmetricKey setup_key(RandomNumberGenerator& rng, + const std::string&); + + static SecureVector<byte> wrap_key(RandomNumberGenerator& rng, + const std::string&, const SymmetricKey&, const SymmetricKey&); + static SecureVector<byte> encode_params(const std::string&, const SymmetricKey&, const InitializationVector&); diff --git a/misc/cms/tests/cms_dec.cpp b/src/cms/tests/cms_dec.cpp index 593cf2e09..593cf2e09 100644 --- a/misc/cms/tests/cms_dec.cpp +++ b/src/cms/tests/cms_dec.cpp diff --git a/misc/cms/tests/cms_enc.cpp b/src/cms/tests/cms_enc.cpp index 0319925d8..0319925d8 100644 --- a/misc/cms/tests/cms_enc.cpp +++ b/src/cms/tests/cms_enc.cpp |