1 files changed, 58 insertions, 33 deletions

diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp
index 8b24ee983..bb76bf68e 100644
--- a/src/lib/pubkey/pubkey.cpp
+++ b/src/lib/pubkey/pubkey.cpp
@@ -8,29 +8,11 @@
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>
 #include <botan/bigint.h>
-#include <botan/internal/algo_registry.h>
+#include <botan/internal/pk_ops.h>
 #include <botan/internal/ct_utils.h>
 
 namespace Botan {
 
-namespace {
-
-template<typename T, typename Key>
-T* get_pk_op(const std::string& what, const Key& key, const std::string& pad,
-             const std::string& provider = "")
-   {
-   if(T* p = Algo_Registry<T>::global_registry().make(typename T::Spec(key, pad), provider))
-      return p;
-
-   const std::string err = what + " with " + key.algo_name() + "/" + pad + " not supported";
-   if(!provider.empty())
-      throw Lookup_Error(err + " with provider " + provider);
-   else
-      throw Lookup_Error(err);
-   }
-
-}
-
 secure_vector<byte> PK_Decryptor::decrypt(const byte in[], size_t length) const
    {
    byte valid_mask = 0;
@@ -54,8 +36,6 @@ PK_Decryptor::decrypt_or_random(const byte in[],
    {
    const secure_vector<byte> fake_pms = rng.random_vec(expected_pt_len);
 
-   //CT::poison(in, length);
-
    byte valid_mask = 0;
    secure_vector<byte> decoded = do_decrypt(valid_mask, in, length);
 
@@ -90,9 +70,6 @@ PK_Decryptor::decrypt_or_random(const byte in[],
                             /*from1*/fake_pms.data(),
                             expected_pt_len);
 
-   //CT::unpoison(in, length);
-   //CT::unpoison(decoded.data(), decoded.size());
-
    return decoded;
    }
 
@@ -107,12 +84,17 @@ PK_Decryptor::decrypt_or_random(const byte in[],
    }
 
 PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key,
+                                   RandomNumberGenerator& rng,
                                    const std::string& padding,
                                    const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::Encryption>("Encryption", key, padding, provider));
+   m_op = key.create_encryption_op(rng, padding, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support encryption");
    }
 
+PK_Encryptor_EME::~PK_Encryptor_EME() { /* for unique_ptr */ }
+
 std::vector<byte>
 PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const
    {
@@ -124,12 +106,18 @@ size_t PK_Encryptor_EME::maximum_input_size() const
    return m_op->max_input_bits() / 8;
    }
 
-PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key, const std::string& padding,
+PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key,
+                                   RandomNumberGenerator& rng,
+                                   const std::string& padding,
                                    const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::Decryption>("Decryption", key, padding, provider));
+   m_op = key.create_decryption_op(rng, padding, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support decryption");
    }
 
+PK_Decryptor_EME::~PK_Decryptor_EME() { /* for unique_ptr */ }
+
 secure_vector<byte> PK_Decryptor_EME::do_decrypt(byte& valid_mask,
                                                  const byte in[], size_t in_len) const
    {
@@ -137,12 +125,17 @@ secure_vector<byte> PK_Decryptor_EME::do_decrypt(byte& valid_mask,
    }
 
 PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key,
+                                   RandomNumberGenerator& rng,
                                    const std::string& param,
                                    const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::KEM_Encryption>("KEM", key, param, provider));
+   m_op = key.create_kem_encryption_op(rng, param, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support KEM encryption");
    }
 
+PK_KEM_Encryptor::~PK_KEM_Encryptor() { /* for unique_ptr */ }
+
 void PK_KEM_Encryptor::encrypt(secure_vector<byte>& out_encapsulated_key,
                                secure_vector<byte>& out_shared_key,
                                size_t desired_shared_key_len,
@@ -159,12 +152,17 @@ void PK_KEM_Encryptor::encrypt(secure_vector<byte>& out_encapsulated_key,
    }
 
 PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key,
+                                   RandomNumberGenerator& rng,
                                    const std::string& param,
                                    const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::KEM_Decryption>("KEM", key, param, provider));
+   m_op = key.create_kem_decryption_op(rng, param, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support KEM decryption");
    }
 
+PK_KEM_Decryptor::~PK_KEM_Decryptor() { /* for unique_ptr */ }
+
 secure_vector<byte> PK_KEM_Decryptor::decrypt(const byte encap_key[],
                                               size_t encap_key_len,
                                               size_t desired_shared_key_len,
@@ -177,12 +175,30 @@ secure_vector<byte> PK_KEM_Decryptor::decrypt(const byte encap_key[],
    }
 
 PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key,
+                                   RandomNumberGenerator& rng,
                                    const std::string& kdf,
                                    const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::Key_Agreement>("Key agreement", key, kdf, provider));
+   m_op = key.create_key_agreement_op(rng, kdf, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support key agreement");
+   }
+
+PK_Key_Agreement::~PK_Key_Agreement() { /* for unique_ptr */ }
+
+PK_Key_Agreement& PK_Key_Agreement::operator=(PK_Key_Agreement&& other)
+   {
+   if(this != &other)
+      {
+      m_op = std::move(other.m_op);
+      }
+   return (*this);
    }
 
+PK_Key_Agreement::PK_Key_Agreement(PK_Key_Agreement&& other) :
+   m_op(std::move(other.m_op))
+   {}
+
 SymmetricKey PK_Key_Agreement::derive_key(size_t key_len,
                                           const byte in[], size_t in_len,
                                           const byte salt[],
@@ -234,14 +250,19 @@ std::vector<byte> der_decode_signature(const byte sig[], size_t len,
 }
 
 PK_Signer::PK_Signer(const Private_Key& key,
+                     RandomNumberGenerator& rng,
                      const std::string& emsa,
                      Signature_Format format,
                      const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::Signature>("Signing", key, emsa, provider));
+   m_op = key.create_signature_op(rng, emsa, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support signature generation");
    m_sig_format = format;
    }
 
+PK_Signer::~PK_Signer() { /* for unique_ptr */ }
+
 void PK_Signer::update(const byte in[], size_t length)
    {
    m_op->update(in, length);
@@ -262,14 +283,18 @@ std::vector<byte> PK_Signer::signature(RandomNumberGenerator& rng)
    }
 
 PK_Verifier::PK_Verifier(const Public_Key& key,
-                         const std::string& emsa_name,
+                         const std::string& emsa,
                          Signature_Format format,
                          const std::string& provider)
    {
-   m_op.reset(get_pk_op<PK_Ops::Verification>("Verification", key, emsa_name, provider));
+   m_op = key.create_verification_op(emsa, provider);
+   if(!m_op)
+      throw Invalid_Argument("Key type " + key.algo_name() + " does not support signature verification");
    m_sig_format = format;
    }
 
+PK_Verifier::~PK_Verifier() { /* for unique_ptr */ }
+
 void PK_Verifier::set_input_format(Signature_Format format)
    {
    if(m_op->message_parts() == 1 && format != IEEE_1363)