diff options
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/curve25519/curve25519.cpp | 6 | ||||
-rw-r--r-- | src/lib/pubkey/dh/dh.cpp | 6 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/dsa.cpp | 13 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/dsa.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/ecdh/ecdh.cpp | 20 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 44 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/ecgdsa/ecgdsa.cpp | 13 | ||||
-rw-r--r-- | src/lib/pubkey/ecgdsa/ecgdsa.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/eckcdsa/eckcdsa.cpp | 17 | ||||
-rw-r--r-- | src/lib/pubkey/eckcdsa/eckcdsa.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/elgamal/elgamal.cpp | 12 | ||||
-rw-r--r-- | src/lib/pubkey/gost_3410/gost_3410.cpp | 13 | ||||
-rw-r--r-- | src/lib/pubkey/gost_3410/gost_3410.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/keypair/keypair.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/mce/mceliece_key.cpp | 12 | ||||
-rw-r--r-- | src/lib/pubkey/pk_keys.cpp | 3 | ||||
-rw-r--r-- | src/lib/pubkey/pk_keys.h | 7 | ||||
-rw-r--r-- | src/lib/pubkey/pubkey.cpp | 3 | ||||
-rw-r--r-- | src/lib/pubkey/pubkey.h | 17 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 76 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/rsa.h | 3 |
22 files changed, 173 insertions, 119 deletions
diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp index b1dfc59a1..02ee516de 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/curve25519/curve25519.cpp @@ -139,9 +139,11 @@ class Curve25519_KA_Operation : public PK_Ops::Key_Agreement_with_KDF std::unique_ptr<PK_Ops::Key_Agreement> Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 3cd47c581..19ead1b11 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -129,9 +129,11 @@ secure_vector<byte> DH_KA_Operation::raw_agree(const byte w[], size_t w_len) std::unique_ptr<PK_Ops::Key_Agreement> DH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::Key_Agreement>(new DH_KA_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Key_Agreement>(new DH_KA_Operation(*this, params, rng)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 00d7b77d7..15dc45373 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -198,19 +198,22 @@ bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr<PK_Ops::Verification> -DSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +DSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Verification>(new DSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new DSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> -DSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +DSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new DSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dsa/dsa.h b/src/lib/pubkey/dsa/dsa.h index d8cd61df5..57c7b7c5c 100644 --- a/src/lib/pubkey/dsa/dsa.h +++ b/src/lib/pubkey/dsa/dsa.h @@ -34,8 +34,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey DSA_PublicKey(const DL_Group& group, const BigInt& y); std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: DSA_PublicKey() {} @@ -61,7 +60,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey, std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 79c63da8c..a4791e15e 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -39,6 +39,7 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF secure_vector<byte> raw_agree(const byte w[], size_t w_len) override { PointGFp point = OS2ECP(w, w_len, m_curve); + // TODO: add blinding PointGFp S = (m_cofactor * point) * m_l_times_priv; BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes()); @@ -57,15 +58,24 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Key_Agreement> res = make_openssl_ecdh_ka_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdh_ka_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL ECDH refused key or params", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 6a81ababf..f93fcc7a5 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -159,36 +159,54 @@ bool ECDSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr<PK_Ops::Verification> -ECDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Verification> res = make_openssl_ecdsa_ver_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdsa_ver_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL provider refused ECDSA pubkey", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Verification>(new ECDSA_Verification_Operation(*this, params)); + + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new ECDSA_Verification_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> -ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Signature> res = make_openssl_ecdsa_sig_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdsa_sig_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL provider refused ECDSA privkey", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new ECDSA_Signature_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/ecdsa/ecdsa.h b/src/lib/pubkey/ecdsa/ecdsa.h index 9a55fbe48..d9dcacd06 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.h +++ b/src/lib/pubkey/ecdsa/ecdsa.h @@ -54,8 +54,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECDSA_PublicKey() {} @@ -94,7 +93,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index b112a4466..136f2159a 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -141,19 +141,22 @@ bool ECGDSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr<PK_Ops::Verification> -ECGDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECGDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Verification>(new ECGDSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new ECGDSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> -ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Signature>(new ECGDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new ECGDSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.h b/src/lib/pubkey/ecgdsa/ecgdsa.h index ec9180ee5..203e8d0a8 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.h +++ b/src/lib/pubkey/ecgdsa/ecgdsa.h @@ -52,8 +52,7 @@ class BOTAN_DLL ECGDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECGDSA_PublicKey() {} @@ -92,7 +91,7 @@ class BOTAN_DLL ECGDSA_PrivateKey : public ECGDSA_PublicKey, std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index e61ceaa19..5375d047a 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -196,19 +196,22 @@ bool ECKCDSA_Verification_Operation::verify(const byte msg[], size_t, } std::unique_ptr<PK_Ops::Verification> -ECKCDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECKCDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Verification>(new ECKCDSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new ECKCDSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> -ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, - const std::string& params, - const std::string& provider) const +ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& provider) const { - return std::unique_ptr<PK_Ops::Signature>(new ECKCDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new ECKCDSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.h b/src/lib/pubkey/eckcdsa/eckcdsa.h index f8514776b..09ee34ed5 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.h +++ b/src/lib/pubkey/eckcdsa/eckcdsa.h @@ -52,8 +52,7 @@ class BOTAN_DLL ECKCDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECKCDSA_PublicKey() {} @@ -92,7 +91,7 @@ class BOTAN_DLL ECKCDSA_PrivateKey : public ECKCDSA_PublicKey, std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index fbbd09226..046c2c3f6 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -186,17 +186,21 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) std::unique_ptr<PK_Ops::Encryption> ElGamal_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::Encryption>(new ElGamal_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Encryption>(new ElGamal_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Decryption> ElGamal_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::Decryption>(new ElGamal_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Decryption>(new ElGamal_Decryption_Operation(*this, params, rng)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index c37c8c845..7fde29bc5 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -214,19 +214,22 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr<PK_Ops::Verification> -GOST_3410_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +GOST_3410_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Verification>(new GOST_3410_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new GOST_3410_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> -GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr<PK_Ops::Signature>(new GOST_3410_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new GOST_3410_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h index 9d79f48d7..cca811896 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.h +++ b/src/lib/pubkey/gost_3410/gost_3410.h @@ -60,8 +60,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: @@ -97,7 +96,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey, std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/keypair/keypair.cpp b/src/lib/pubkey/keypair/keypair.cpp index 6ea514d34..2efd40b6e 100644 --- a/src/lib/pubkey/keypair/keypair.cpp +++ b/src/lib/pubkey/keypair/keypair.cpp @@ -49,7 +49,7 @@ bool signature_consistency_check(RandomNumberGenerator& rng, const std::string& padding) { PK_Signer signer(key, rng, padding); - PK_Verifier verifier(key, rng, padding); + PK_Verifier verifier(key, padding); std::vector<byte> message = unlock(rng.random_vec(16)); diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index b5eed5a38..c65322348 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -356,17 +356,21 @@ class MCE_KEM_Decryptor : public PK_Ops::KEM_Decryption_with_KDF std::unique_ptr<PK_Ops::KEM_Encryption> McEliece_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Encryption>(new MCE_KEM_Encryptor(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Encryption>(new MCE_KEM_Encryptor(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::KEM_Decryption> McEliece_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Decryption>(new MCE_KEM_Decryptor(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Decryption>(new MCE_KEM_Decryptor(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index ff57d88cc..21b56ed81 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -96,8 +96,7 @@ Public_Key::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, } std::unique_ptr<PK_Ops::Verification> -Public_Key::create_verification_op(RandomNumberGenerator& /*rng*/, - const std::string& /*params*/, +Public_Key::create_verification_op(const std::string& /*params*/, const std::string& /*provider*/) const { throw Lookup_Error(algo_name() + " does not support verification"); diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h index 9de884103..13d94c085 100644 --- a/src/lib/pubkey/pk_keys.h +++ b/src/lib/pubkey/pk_keys.h @@ -122,14 +122,9 @@ class BOTAN_DLL Public_Key /** * Return a verification operation for this key/params or throw - * - * @param rng a random number generator. The PK_Op may maintain a - * reference to the RNG and use it many times. The rng must outlive - * any operations which reference it. */ virtual std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const; virtual ~Public_Key() {} diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index 51869326a..fa5777bde 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -252,12 +252,11 @@ std::vector<byte> PK_Signer::signature(RandomNumberGenerator& rng) } PK_Verifier::PK_Verifier(const Public_Key& key, - RandomNumberGenerator& rng, const std::string& emsa, Signature_Format format, const std::string& provider) { - m_op = key.create_verification_op(rng, emsa, provider); + m_op = key.create_verification_op(emsa, provider); BOTAN_ASSERT_NONNULL(m_op); m_sig_format = format; } diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h index 18b5d0f9b..077796a5d 100644 --- a/src/lib/pubkey/pubkey.h +++ b/src/lib/pubkey/pubkey.h @@ -281,27 +281,10 @@ class BOTAN_DLL PK_Verifier * @param format the signature format to use */ PK_Verifier(const Public_Key& pub_key, - RandomNumberGenerator& rng, const std::string& emsa, Signature_Format format = IEEE_1363, const std::string& provider = ""); -#if defined(BOTAN_PUBKEY_INCLUDE_DEPRECATED_CONSTRUCTORS) - /** - * Construct a PK Verifier. - * @param pub_key the public key to verify against - * @param emsa the EMSA to use (eg "EMSA3(SHA-1)") - * @param format the signature format to use - */ - BOTAN_DEPRECATED("Use constructor taking a RNG object") - PK_Verifier(const Public_Key& pub_key, - const std::string& emsa, - Signature_Format format = IEEE_1363, - const std::string& provider = "") : - PK_Verifier(pub_key, system_rng(), emsa, format, provider) - {} -#endif - /** * Verify a signature. * @param msg the message that the signature belongs to, as a byte array diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index c8d1e7afc..b40f485e3 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -406,37 +406,51 @@ class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF, } std::unique_ptr<PK_Ops::Encryption> -RSA_PublicKey::create_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Encryption> res = make_openssl_rsa_enc_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_enc_op(*this, params); + } + catch(Exception& e) + { + /* + * If OpenSSL for some reason could not handle this (eg due to OAEP params), + * throw if openssl was specifically requested but otherwise just fall back + * to the normal version. + */ + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::KEM_Encryption> -RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Verification> -RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +RSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params); if(res) @@ -444,7 +458,10 @@ RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Decryption> @@ -453,23 +470,35 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Decryption> res = make_openssl_rsa_dec_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_dec_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::KEM_Decryption> RSA_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> @@ -478,7 +507,7 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params); if(res) @@ -486,7 +515,10 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h index 203a3a323..ddfd23b05 100644 --- a/src/lib/pubkey/rsa/rsa.h +++ b/src/lib/pubkey/rsa/rsa.h @@ -63,8 +63,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual Public_Key const std::string& provider) const override; std::unique_ptr<PK_Ops::Verification> - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: |