aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r--src/lib/pubkey/ecies/ecies.cpp32
-rw-r--r--src/lib/pubkey/ecies/ecies.h14
-rw-r--r--src/lib/pubkey/info.txt5
-rw-r--r--src/lib/pubkey/mce/mce_internal.h2
-rw-r--r--src/lib/pubkey/pk_keys.cpp2
-rw-r--r--src/lib/pubkey/pk_ops_impl.h2
-rw-r--r--src/lib/pubkey/pubkey.cpp29
-rw-r--r--src/lib/pubkey/pubkey.h52
8 files changed, 107 insertions, 31 deletions
diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
index d2e453bdf..ba7140bd0 100644
--- a/src/lib/pubkey/ecies/ecies.cpp
+++ b/src/lib/pubkey/ecies/ecies.cpp
@@ -96,8 +96,10 @@ ECIES_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
* @param for_encryption disable cofactor mode if the secret will be used for encryption
* (according to ISO 18033 cofactor mode is only used during decryption)
*/
-PK_Key_Agreement create_key_agreement(const PK_Key_Agreement_Key& private_key, const ECIES_KA_Params& ecies_params,
- bool for_encryption)
+PK_Key_Agreement create_key_agreement(const PK_Key_Agreement_Key& private_key,
+ const ECIES_KA_Params& ecies_params,
+ bool for_encryption,
+ RandomNumberGenerator& rng)
{
const ECDH_PrivateKey* ecdh_key = dynamic_cast<const ECDH_PrivateKey*>(&private_key);
@@ -114,16 +116,18 @@ PK_Key_Agreement create_key_agreement(const PK_Key_Agreement_Key& private_key, c
if(ecdh_key && (for_encryption || !ecies_params.cofactor_mode()))
{
// ECDH_KA_Operation uses cofactor mode: use own key agreement method if cofactor should not be used.
- return PK_Key_Agreement(ECIES_PrivateKey(*ecdh_key), "Raw");
+ return PK_Key_Agreement(ECIES_PrivateKey(*ecdh_key), rng, "Raw");
}
- return PK_Key_Agreement(private_key, "Raw"); // use default implementation
+ return PK_Key_Agreement(private_key, rng, "Raw"); // use default implementation
}
}
-ECIES_KA_Operation::ECIES_KA_Operation(const PK_Key_Agreement_Key& private_key, const ECIES_KA_Params& ecies_params,
- bool for_encryption) :
- m_ka(create_key_agreement(private_key, ecies_params, for_encryption)),
+ECIES_KA_Operation::ECIES_KA_Operation(const PK_Key_Agreement_Key& private_key,
+ const ECIES_KA_Params& ecies_params,
+ bool for_encryption,
+ RandomNumberGenerator& rng) :
+ m_ka(create_key_agreement(private_key, ecies_params, for_encryption, rng)),
m_params(ecies_params)
{
}
@@ -240,8 +244,10 @@ std::unique_ptr<Cipher_Mode> ECIES_System_Params::create_cipher(Botan::Cipher_Di
/*
* ECIES_Encryptor Constructor
*/
-ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, const ECIES_System_Params& ecies_params) :
- m_ka(private_key, ecies_params, true),
+ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key,
+ const ECIES_System_Params& ecies_params,
+ RandomNumberGenerator& rng) :
+ m_ka(private_key, ecies_params, true, rng),
m_params(ecies_params),
m_eph_public_key_bin(private_key.public_value()), // returns the uncompressed public key, see conversion below
m_iv(),
@@ -261,7 +267,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, const
* ECIES_Encryptor Constructor
*/
ECIES_Encryptor::ECIES_Encryptor(RandomNumberGenerator& rng, const ECIES_System_Params& ecies_params) :
- ECIES_Encryptor(ECDH_PrivateKey(rng, ecies_params.domain()), ecies_params)
+ ECIES_Encryptor(ECDH_PrivateKey(rng, ecies_params.domain()), ecies_params, rng)
{
}
@@ -311,8 +317,10 @@ std::vector<byte> ECIES_Encryptor::enc(const byte data[], size_t length, RandomN
}
-ECIES_Decryptor::ECIES_Decryptor(const PK_Key_Agreement_Key& key, const ECIES_System_Params& ecies_params) :
- m_ka(key, ecies_params, false),
+ECIES_Decryptor::ECIES_Decryptor(const PK_Key_Agreement_Key& key,
+ const ECIES_System_Params& ecies_params,
+ RandomNumberGenerator& rng) :
+ m_ka(key, ecies_params, false, rng),
m_params(ecies_params),
m_iv(),
m_label()
diff --git a/src/lib/pubkey/ecies/ecies.h b/src/lib/pubkey/ecies/ecies.h
index 0bc0bf76e..6b9eba31d 100644
--- a/src/lib/pubkey/ecies/ecies.h
+++ b/src/lib/pubkey/ecies/ecies.h
@@ -184,8 +184,10 @@ class BOTAN_DLL ECIES_KA_Operation
* @param for_encryption disable cofactor mode if the secret will be used for encryption
* (according to ISO 18033 cofactor mode is only used during decryption)
*/
- ECIES_KA_Operation(const PK_Key_Agreement_Key& private_key, const ECIES_KA_Params& ecies_params,
- bool for_encryption);
+ ECIES_KA_Operation(const PK_Key_Agreement_Key& private_key,
+ const ECIES_KA_Params& ecies_params,
+ bool for_encryption,
+ RandomNumberGenerator& rng);
/**
* Performs a key agreement with the provided keys and derives the secret from the result
@@ -211,7 +213,9 @@ class BOTAN_DLL ECIES_Encryptor : public PK_Encryptor
* @param private_key the (ephemeral) private key which is used for the key agreement
* @param ecies_params settings for ecies
*/
- ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, const ECIES_System_Params& ecies_params);
+ ECIES_Encryptor(const PK_Key_Agreement_Key& private_key,
+ const ECIES_System_Params& ecies_params,
+ RandomNumberGenerator& rng);
/**
* Creates an ephemeral private key which is used for the key agreement
@@ -265,7 +269,9 @@ class BOTAN_DLL ECIES_Decryptor : public PK_Decryptor
* @param private_key the private key which is used for the key agreement
* @param ecies_params settings for ecies
*/
- ECIES_Decryptor(const PK_Key_Agreement_Key& private_key, const ECIES_System_Params& ecies_params);
+ ECIES_Decryptor(const PK_Key_Agreement_Key& private_key,
+ const ECIES_System_Params& ecies_params,
+ RandomNumberGenerator& rng);
/// Set the initialization vector for the data encryption method
inline void set_initialization_vector(const InitializationVector& iv)
diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt
index 393e089e2..0e799f372 100644
--- a/src/lib/pubkey/info.txt
+++ b/src/lib/pubkey/info.txt
@@ -14,15 +14,16 @@ x509_key.cpp
<header:public>
blinding.h
pk_keys.h
-pk_ops.h
+pk_ops_fwd.h
pkcs8.h
pubkey.h
-x509_key.h
workfactor.h
+x509_key.h
</header:public>
<header:internal>
pk_algs.h
+pk_ops.h
pk_ops_impl.h
</header:internal>
diff --git a/src/lib/pubkey/mce/mce_internal.h b/src/lib/pubkey/mce/mce_internal.h
index d35479080..526552944 100644
--- a/src/lib/pubkey/mce/mce_internal.h
+++ b/src/lib/pubkey/mce/mce_internal.h
@@ -14,7 +14,7 @@
#include <botan/secmem.h>
#include <botan/types.h>
-#include <botan/pk_ops.h>
+#include <botan/internal/pk_ops.h>
#include <botan/mceliece.h>
namespace Botan {
diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp
index 21b56ed81..2c846d623 100644
--- a/src/lib/pubkey/pk_keys.cpp
+++ b/src/lib/pubkey/pk_keys.cpp
@@ -6,7 +6,7 @@
*/
#include <botan/pk_keys.h>
-#include <botan/pk_ops.h>
+#include <botan/internal/pk_ops.h>
#include <botan/der_enc.h>
#include <botan/oids.h>
#include <botan/hash.h>
diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h
index 9d02de5e5..5fe5623e7 100644
--- a/src/lib/pubkey/pk_ops_impl.h
+++ b/src/lib/pubkey/pk_ops_impl.h
@@ -7,7 +7,7 @@
#ifndef BOTAN_PK_OPERATION_IMPL_H__
#define BOTAN_PK_OPERATION_IMPL_H__
-#include <botan/pk_ops.h>
+#include <botan/internal/pk_ops.h>
namespace Botan {
diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp
index fa5777bde..178eca282 100644
--- a/src/lib/pubkey/pubkey.cpp
+++ b/src/lib/pubkey/pubkey.cpp
@@ -8,7 +8,7 @@
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/bigint.h>
-#include <botan/pk_ops.h>
+#include <botan/internal/pk_ops.h>
#include <botan/internal/ct_utils.h>
namespace Botan {
@@ -92,6 +92,8 @@ PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key,
BOTAN_ASSERT_NONNULL(m_op);
}
+PK_Encryptor_EME::~PK_Encryptor_EME() { /* for unique_ptr */ }
+
std::vector<byte>
PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const
{
@@ -112,6 +114,8 @@ PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key,
BOTAN_ASSERT_NONNULL(m_op);
}
+PK_Decryptor_EME::~PK_Decryptor_EME() { /* for unique_ptr */ }
+
secure_vector<byte> PK_Decryptor_EME::do_decrypt(byte& valid_mask,
const byte in[], size_t in_len) const
{
@@ -127,6 +131,8 @@ PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key,
BOTAN_ASSERT_NONNULL(m_op);
}
+PK_KEM_Encryptor::~PK_KEM_Encryptor() { /* for unique_ptr */ }
+
void PK_KEM_Encryptor::encrypt(secure_vector<byte>& out_encapsulated_key,
secure_vector<byte>& out_shared_key,
size_t desired_shared_key_len,
@@ -151,6 +157,8 @@ PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key,
BOTAN_ASSERT_NONNULL(m_op);
}
+PK_KEM_Decryptor::~PK_KEM_Decryptor() { /* for unique_ptr */ }
+
secure_vector<byte> PK_KEM_Decryptor::decrypt(const byte encap_key[],
size_t encap_key_len,
size_t desired_shared_key_len,
@@ -171,6 +179,21 @@ PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key,
BOTAN_ASSERT_NONNULL(m_op);
}
+PK_Key_Agreement::~PK_Key_Agreement() { /* for unique_ptr */ }
+
+PK_Key_Agreement& PK_Key_Agreement::operator=(PK_Key_Agreement&& other)
+ {
+ if(this != &other)
+ {
+ m_op = std::move(other.m_op);
+ }
+ return (*this);
+ }
+
+PK_Key_Agreement::PK_Key_Agreement(PK_Key_Agreement&& other) :
+ m_op(std::move(other.m_op))
+ {}
+
SymmetricKey PK_Key_Agreement::derive_key(size_t key_len,
const byte in[], size_t in_len,
const byte salt[],
@@ -232,6 +255,8 @@ PK_Signer::PK_Signer(const Private_Key& key,
m_sig_format = format;
}
+PK_Signer::~PK_Signer() { /* for unique_ptr */ }
+
void PK_Signer::update(const byte in[], size_t length)
{
m_op->update(in, length);
@@ -261,6 +286,8 @@ PK_Verifier::PK_Verifier(const Public_Key& key,
m_sig_format = format;
}
+PK_Verifier::~PK_Verifier() { /* for unique_ptr */ }
+
void PK_Verifier::set_input_format(Signature_Format format)
{
if(m_op->message_parts() == 1 && format != IEEE_1363)
diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h
index 077796a5d..94332c8f0 100644
--- a/src/lib/pubkey/pubkey.h
+++ b/src/lib/pubkey/pubkey.h
@@ -9,7 +9,7 @@
#define BOTAN_PUBKEY_H__
#include <botan/pk_keys.h>
-#include <botan/pk_ops.h>
+#include <botan/pk_ops_fwd.h>
#include <botan/symkey.h>
#include <botan/rng.h>
#include <botan/eme.h>
@@ -71,7 +71,6 @@ class BOTAN_DLL PK_Encryptor
virtual ~PK_Encryptor() {}
PK_Encryptor(const PK_Encryptor&) = delete;
-
PK_Encryptor& operator=(const PK_Encryptor&) = delete;
private:
@@ -158,7 +157,7 @@ class BOTAN_DLL PK_Decryptor
* messages. Use multiple calls update() to process large messages and
* generate the signature by finally calling signature().
*/
-class BOTAN_DLL PK_Signer
+class BOTAN_DLL PK_Signer final
{
public:
@@ -192,6 +191,11 @@ class BOTAN_DLL PK_Signer
{}
#endif
+ ~PK_Signer();
+
+ PK_Signer(const PK_Signer&) = delete;
+ PK_Signer& operator=(const PK_Signer&) = delete;
+
/**
* Sign a message all in one go
* @param in the message to sign as a byte array
@@ -271,7 +275,7 @@ class BOTAN_DLL PK_Signer
* messages. Use multiple calls update() to process large messages and
* verify the signature by finally calling check_signature().
*/
-class BOTAN_DLL PK_Verifier
+class BOTAN_DLL PK_Verifier final
{
public:
/**
@@ -285,6 +289,11 @@ class BOTAN_DLL PK_Verifier
Signature_Format format = IEEE_1363,
const std::string& provider = "");
+ ~PK_Verifier();
+
+ PK_Verifier& operator=(const PK_Verifier&) = delete;
+ PK_Verifier(const PK_Verifier&) = delete;
+
/**
* Verify a signature.
* @param msg the message that the signature belongs to, as a byte array
@@ -376,7 +385,7 @@ class BOTAN_DLL PK_Verifier
/**
* Key used for key agreement
*/
-class BOTAN_DLL PK_Key_Agreement
+class BOTAN_DLL PK_Key_Agreement final
{
public:
@@ -406,6 +415,15 @@ class BOTAN_DLL PK_Key_Agreement
{}
#endif
+ ~PK_Key_Agreement();
+
+ // For ECIES
+ PK_Key_Agreement& operator=(PK_Key_Agreement&&);
+ PK_Key_Agreement(PK_Key_Agreement&&);
+
+ PK_Key_Agreement& operator=(const PK_Key_Agreement&) = delete;
+ PK_Key_Agreement(const PK_Key_Agreement&) = delete;
+
/*
* Perform Key Agreement Operation
* @param key_len the desired key output size
@@ -476,7 +494,7 @@ class BOTAN_DLL PK_Key_Agreement
* Encryption using a standard message recovery algorithm like RSA or
* ElGamal, paired with an encoding scheme like OAEP.
*/
-class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor
+class BOTAN_DLL PK_Encryptor_EME final : public PK_Encryptor
{
public:
size_t maximum_input_size() const override;
@@ -504,6 +522,10 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor
PK_Encryptor_EME(key, system_rng(), padding, provider) {}
#endif
+ ~PK_Encryptor_EME();
+
+ PK_Encryptor_EME& operator=(const PK_Encryptor_EME&) = delete;
+ PK_Encryptor_EME(const PK_Encryptor_EME&) = delete;
private:
std::vector<byte> enc(const byte[], size_t,
RandomNumberGenerator& rng) const override;
@@ -514,7 +536,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor
/**
* Decryption with an MR algorithm and an EME.
*/
-class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor
+class BOTAN_DLL PK_Decryptor_EME final : public PK_Decryptor
{
public:
/**
@@ -542,6 +564,9 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor
PK_Decryptor_EME(key, system_rng(), eme, provider) {}
#endif
+ ~PK_Decryptor_EME();
+ PK_Decryptor_EME& operator=(const PK_Decryptor_EME&) = delete;
+ PK_Decryptor_EME(const PK_Decryptor_EME&) = delete;
private:
secure_vector<byte> do_decrypt(byte& valid_mask,
const byte in[],
@@ -550,7 +575,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor
std::unique_ptr<PK_Ops::Decryption> m_op;
};
-class BOTAN_DLL PK_KEM_Encryptor
+class BOTAN_DLL PK_KEM_Encryptor final
{
public:
PK_KEM_Encryptor(const Public_Key& key,
@@ -566,6 +591,11 @@ class BOTAN_DLL PK_KEM_Encryptor
PK_KEM_Encryptor(key, system_rng(), kem_param, provider) {}
#endif
+ ~PK_KEM_Encryptor();
+
+ PK_KEM_Encryptor& operator=(const PK_KEM_Encryptor&) = delete;
+ PK_KEM_Encryptor(const PK_KEM_Encryptor&) = delete;
+
void encrypt(secure_vector<byte>& out_encapsulated_key,
secure_vector<byte>& out_shared_key,
size_t desired_shared_key_len,
@@ -604,7 +634,7 @@ class BOTAN_DLL PK_KEM_Encryptor
std::unique_ptr<PK_Ops::KEM_Encryption> m_op;
};
-class BOTAN_DLL PK_KEM_Decryptor
+class BOTAN_DLL PK_KEM_Decryptor final
{
public:
PK_KEM_Decryptor(const Private_Key& key,
@@ -621,6 +651,10 @@ class BOTAN_DLL PK_KEM_Decryptor
{}
#endif
+ ~PK_KEM_Decryptor();
+ PK_KEM_Decryptor& operator=(const PK_KEM_Decryptor&) = delete;
+ PK_KEM_Decryptor(const PK_KEM_Decryptor&) = delete;
+
secure_vector<byte> decrypt(const byte encap_key[],
size_t encap_key_len,
size_t desired_shared_key_len,