diff options
Diffstat (limited to 'src/lib')
407 files changed, 6435 insertions, 5430 deletions
diff --git a/src/lib/asn1/alg_id.cpp b/src/lib/asn1/alg_id.cpp index 7d476a225..75ea78c18 100644 --- a/src/lib/asn1/alg_id.cpp +++ b/src/lib/asn1/alg_id.cpp @@ -16,32 +16,24 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const std::vector<byte>& param) - { - oid = alg_id; - parameters = param; - } + const std::vector<byte>& param) : oid(alg_id), parameters(param) + {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const std::vector<byte>& param) - { - oid = OIDS::lookup(alg_id); - parameters = param; - } + const std::vector<byte>& param) : oid(OIDS::lookup(alg_id)), parameters(param) + {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - Encoding_Option option) + Encoding_Option option) : oid(alg_id), parameters() { const byte DER_NULL[] = { 0x05, 0x00 }; - oid = alg_id; - if(option == USE_NULL_PARAM) parameters += std::pair<const byte*, size_t>(DER_NULL, sizeof(DER_NULL)); } @@ -50,12 +42,10 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - Encoding_Option option) + Encoding_Option option) : oid(OIDS::lookup(alg_id)), parameters() { const byte DER_NULL[] = { 0x05, 0x00 }; - oid = OIDS::lookup(alg_id); - if(option == USE_NULL_PARAM) parameters += std::pair<const byte*, size_t>(DER_NULL, sizeof(DER_NULL)); } diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index 9e36fd120..3b6c3f7ec 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -17,7 +17,7 @@ namespace Botan { /** * Algorithm Identifier */ -class BOTAN_DLL AlgorithmIdentifier : public ASN1_Object +class BOTAN_DLL AlgorithmIdentifier final : public ASN1_Object { public: enum Encoding_Option { USE_NULL_PARAM }; @@ -32,7 +32,10 @@ class BOTAN_DLL AlgorithmIdentifier : public ASN1_Object AlgorithmIdentifier(const OID&, const std::vector<byte>&); AlgorithmIdentifier(const std::string&, const std::vector<byte>&); + // public member variable: OID oid; + + // public member variable: std::vector<byte> parameters; }; diff --git a/src/lib/asn1/asn1_alt_name.cpp b/src/lib/asn1/asn1_alt_name.cpp index 9e59321f7..bd23bdff1 100644 --- a/src/lib/asn1/asn1_alt_name.cpp +++ b/src/lib/asn1/asn1_alt_name.cpp @@ -55,15 +55,15 @@ AlternativeName::AlternativeName(const std::string& email_addr, void AlternativeName::add_attribute(const std::string& type, const std::string& str) { - if(type == "" || str == "") + if(type.empty() || str.empty()) return; - auto range = alt_info.equal_range(type); + auto range = m_alt_info.equal_range(type); for(auto j = range.first; j != range.second; ++j) if(j->second == str) return; - multimap_insert(alt_info, type, str); + multimap_insert(m_alt_info, type, str); } /* @@ -72,9 +72,9 @@ void AlternativeName::add_attribute(const std::string& type, void AlternativeName::add_othername(const OID& oid, const std::string& value, ASN1_Tag type) { - if(value == "") + if(value.empty()) return; - multimap_insert(othernames, oid, ASN1_String(value, type)); + multimap_insert(m_othernames, oid, ASN1_String(value, type)); } /* @@ -82,7 +82,7 @@ void AlternativeName::add_othername(const OID& oid, const std::string& value, */ std::multimap<std::string, std::string> AlternativeName::get_attributes() const { - return alt_info; + return m_alt_info; } /* @@ -90,7 +90,7 @@ std::multimap<std::string, std::string> AlternativeName::get_attributes() const */ std::multimap<OID, ASN1_String> AlternativeName::get_othernames() const { - return othernames; + return m_othernames; } /* @@ -100,10 +100,10 @@ std::multimap<std::string, std::string> AlternativeName::contents() const { std::multimap<std::string, std::string> names; - for(auto i = alt_info.begin(); i != alt_info.end(); ++i) + for(auto i = m_alt_info.begin(); i != m_alt_info.end(); ++i) multimap_insert(names, i->first, i->second); - for(auto i = othernames.begin(); i != othernames.end(); ++i) + for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) multimap_insert(names, OIDS::lookup(i->first), i->second.value()); return names; @@ -114,7 +114,7 @@ std::multimap<std::string, std::string> AlternativeName::contents() const */ bool AlternativeName::has_items() const { - return (alt_info.size() > 0 || othernames.size() > 0); + return (m_alt_info.size() > 0 || m_othernames.size() > 0); } namespace { @@ -154,12 +154,12 @@ void AlternativeName::encode_into(DER_Encoder& der) const { der.start_cons(SEQUENCE); - encode_entries(der, alt_info, "RFC822", ASN1_Tag(1)); - encode_entries(der, alt_info, "DNS", ASN1_Tag(2)); - encode_entries(der, alt_info, "URI", ASN1_Tag(6)); - encode_entries(der, alt_info, "IP", ASN1_Tag(7)); + encode_entries(der, m_alt_info, "RFC822", ASN1_Tag(1)); + encode_entries(der, m_alt_info, "DNS", ASN1_Tag(2)); + encode_entries(der, m_alt_info, "URI", ASN1_Tag(6)); + encode_entries(der, m_alt_info, "IP", ASN1_Tag(7)); - for(auto i = othernames.begin(); i != othernames.end(); ++i) + for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) { der.start_explicit(0) .encode(i->first) diff --git a/src/lib/asn1/asn1_alt_name.h b/src/lib/asn1/asn1_alt_name.h index 91ba2bcf1..5ea7cfb14 100644 --- a/src/lib/asn1/asn1_alt_name.h +++ b/src/lib/asn1/asn1_alt_name.h @@ -19,7 +19,7 @@ namespace Botan { /** * Alternative Name */ -class BOTAN_DLL AlternativeName : public ASN1_Object +class BOTAN_DLL AlternativeName final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -38,8 +38,8 @@ class BOTAN_DLL AlternativeName : public ASN1_Object AlternativeName(const std::string& = "", const std::string& = "", const std::string& = "", const std::string& = ""); private: - std::multimap<std::string, std::string> alt_info; - std::multimap<OID, ASN1_String> othernames; + std::multimap<std::string, std::string> m_alt_info; + std::multimap<OID, ASN1_String> m_othernames; }; } diff --git a/src/lib/asn1/asn1_attribute.cpp b/src/lib/asn1/asn1_attribute.cpp index 406a57d9a..bd7e5bf11 100644 --- a/src/lib/asn1/asn1_attribute.cpp +++ b/src/lib/asn1/asn1_attribute.cpp @@ -15,21 +15,15 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const std::vector<byte>& attr_value) - { - oid = attr_oid; - parameters = attr_value; - } +Attribute::Attribute(const OID& attr_oid, const std::vector<byte>& attr_value) : oid(attr_oid), parameters(attr_value) + {} /* * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const std::vector<byte>& attr_value) - { - oid = OIDS::lookup(attr_oid); - parameters = attr_value; - } + const std::vector<byte>& attr_value) : oid(OIDS::lookup(attr_oid)), parameters(attr_value) + {} /* * DER encode a Attribute diff --git a/src/lib/asn1/asn1_attribute.h b/src/lib/asn1/asn1_attribute.h index 371b0f99a..737d84b81 100644 --- a/src/lib/asn1/asn1_attribute.h +++ b/src/lib/asn1/asn1_attribute.h @@ -17,13 +17,16 @@ namespace Botan { /** * Attribute */ -class BOTAN_DLL Attribute : public ASN1_Object +class BOTAN_DLL Attribute final : public ASN1_Object { public: void encode_into(class DER_Encoder& to) const override; void decode_from(class BER_Decoder& from) override; + // public member variable: OID oid; + + // public member variable: std::vector<byte> parameters; Attribute() {} diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index f68ef675e..3e119dc01 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -84,7 +84,10 @@ class BOTAN_DLL BER_Object public: void assert_is_a(ASN1_Tag, ASN1_Tag); + // public member variable: ASN1_Tag type_tag, class_tag; + + // public member variable: secure_vector<byte> value; }; @@ -111,7 +114,7 @@ bool maybe_BER(DataSource& src); */ struct BOTAN_DLL BER_Decoding_Error : public Decoding_Error { - BER_Decoding_Error(const std::string&); + explicit BER_Decoding_Error(const std::string&); }; /** diff --git a/src/lib/asn1/asn1_oid.cpp b/src/lib/asn1/asn1_oid.cpp index 2fbc4b27c..5b0a557d2 100644 --- a/src/lib/asn1/asn1_oid.cpp +++ b/src/lib/asn1/asn1_oid.cpp @@ -18,20 +18,20 @@ namespace Botan { */ OID::OID(const std::string& oid_str) { - if(oid_str != "") + if(!oid_str.empty()) { try { - id = parse_asn1_oid(oid_str); + m_id = parse_asn1_oid(oid_str); } catch(...) { throw Invalid_OID(oid_str); } - if(id.size() < 2 || id[0] > 2) + if(m_id.size() < 2 || m_id[0] > 2) throw Invalid_OID(oid_str); - if((id[0] == 0 || id[0] == 1) && id[1] > 39) + if((m_id[0] == 0 || m_id[0] == 1) && m_id[1] > 39) throw Invalid_OID(oid_str); } } @@ -41,7 +41,7 @@ OID::OID(const std::string& oid_str) */ void OID::clear() { - id.clear(); + m_id.clear(); } /* @@ -50,10 +50,10 @@ void OID::clear() std::string OID::as_string() const { std::string oid_str; - for(size_t i = 0; i != id.size(); ++i) + for(size_t i = 0; i != m_id.size(); ++i) { - oid_str += std::to_string(id[i]); - if(i != id.size() - 1) + oid_str += std::to_string(m_id[i]); + if(i != m_id.size() - 1) oid_str += "."; } return oid_str; @@ -64,10 +64,10 @@ std::string OID::as_string() const */ bool OID::operator==(const OID& oid) const { - if(id.size() != oid.id.size()) + if(m_id.size() != oid.m_id.size()) return false; - for(size_t i = 0; i != id.size(); ++i) - if(id[i] != oid.id[i]) + for(size_t i = 0; i != m_id.size(); ++i) + if(m_id[i] != oid.m_id[i]) return false; return true; } @@ -77,7 +77,7 @@ bool OID::operator==(const OID& oid) const */ OID& OID::operator+=(u32bit component) { - id.push_back(component); + m_id.push_back(component); return (*this); } @@ -126,24 +126,26 @@ bool operator<(const OID& a, const OID& b) */ void OID::encode_into(DER_Encoder& der) const { - if(id.size() < 2) + if(m_id.size() < 2) throw Invalid_Argument("OID::encode_into: OID is invalid"); std::vector<byte> encoding; - encoding.push_back(40 * id[0] + id[1]); + encoding.push_back(40 * m_id[0] + m_id[1]); - for(size_t i = 2; i != id.size(); ++i) + for(size_t i = 2; i != m_id.size(); ++i) { - if(id[i] == 0) + if(m_id[i] == 0) encoding.push_back(0); else { - size_t blocks = high_bit(id[i]) + 6; + size_t blocks = high_bit(m_id[i]) + 6; blocks = (blocks - (blocks % 7)) / 7; + BOTAN_ASSERT(blocks > 0, "Math works"); + for(size_t j = 0; j != blocks - 1; ++j) - encoding.push_back(0x80 | ((id[i] >> 7*(blocks-j-1)) & 0x7F)); - encoding.push_back(id[i] & 0x7F); + encoding.push_back(0x80 | ((m_id[i] >> 7*(blocks-j-1)) & 0x7F)); + encoding.push_back(m_id[i] & 0x7F); } } der.add_object(OBJECT_ID, UNIVERSAL, encoding); @@ -163,8 +165,8 @@ void OID::decode_from(BER_Decoder& decoder) clear(); - id.push_back(obj.value[0] / 40); - id.push_back(obj.value[0] % 40); + m_id.push_back(obj.value[0] / 40); + m_id.push_back(obj.value[0] % 40); size_t i = 0; while(i != obj.value.size() - 1) @@ -182,7 +184,7 @@ void OID::decode_from(BER_Decoder& decoder) if(!(obj.value[i] & 0x80)) break; } - id.push_back(component); + m_id.push_back(component); } } diff --git a/src/lib/asn1/asn1_oid.h b/src/lib/asn1/asn1_oid.h index 7cdb9f58f..6fbd876ec 100644 --- a/src/lib/asn1/asn1_oid.h +++ b/src/lib/asn1/asn1_oid.h @@ -17,7 +17,7 @@ namespace Botan { /** * This class represents ASN.1 object identifiers. */ -class BOTAN_DLL OID : public ASN1_Object +class BOTAN_DLL OID final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -27,13 +27,13 @@ class BOTAN_DLL OID : public ASN1_Object * Find out whether this OID is empty * @return true is no OID value is set */ - bool empty() const { return id.size() == 0; } + bool empty() const { return m_id.size() == 0; } /** * Get this OID as list (vector) of its components. * @return vector representing this OID */ - const std::vector<u32bit>& get_id() const { return id; } + const std::vector<u32bit>& get_id() const { return m_id; } /** * Get this OID as a string @@ -65,7 +65,7 @@ class BOTAN_DLL OID : public ASN1_Object */ OID(const std::string& str = ""); private: - std::vector<u32bit> id; + std::vector<u32bit> m_id; }; /** diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 05be90e3d..c378d5dfe 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -62,39 +62,35 @@ ASN1_Tag choose_encoding(const std::string& str, /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : tag(t) +ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(t) { - iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); - - if(tag == DIRECTORY_STRING) - tag = choose_encoding(iso_8859_str, "latin1"); - - if(tag != NUMERIC_STRING && - tag != PRINTABLE_STRING && - tag != VISIBLE_STRING && - tag != T61_STRING && - tag != IA5_STRING && - tag != UTF8_STRING && - tag != BMP_STRING) + + if(m_tag == DIRECTORY_STRING) + m_tag = choose_encoding(m_iso_8859_str, "latin1"); + + if(m_tag != NUMERIC_STRING && + m_tag != PRINTABLE_STRING && + m_tag != VISIBLE_STRING && + m_tag != T61_STRING && + m_tag != IA5_STRING && + m_tag != UTF8_STRING && + m_tag != BMP_STRING) throw Invalid_Argument("ASN1_String: Unknown string type " + - std::to_string(tag)); + std::to_string(m_tag)); } /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str) - { - iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); - tag = choose_encoding(iso_8859_str, "latin1"); - } +ASN1_String::ASN1_String(const std::string& str) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(choose_encoding(m_iso_8859_str, "latin1")) + {} /* * Return this string in ISO 8859-1 encoding */ std::string ASN1_String::iso_8859() const { - return iso_8859_str; + return m_iso_8859_str; } /* @@ -102,7 +98,7 @@ std::string ASN1_String::iso_8859() const */ std::string ASN1_String::value() const { - return Charset::transcode(iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); + return Charset::transcode(m_iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); } /* @@ -110,7 +106,7 @@ std::string ASN1_String::value() const */ ASN1_Tag ASN1_String::tagging() const { - return tag; + return m_tag; } /* @@ -141,7 +137,7 @@ void ASN1_String::decode_from(BER_Decoder& source) charset_is = LATIN1_CHARSET; *this = ASN1_String( - Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), + Charset::transcode(ASN1::to_string(obj), LOCAL_CHARSET, charset_is), obj.type_tag); } diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 84458e517..1d75ec519 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -15,7 +15,7 @@ namespace Botan { /** * Simple String */ -class BOTAN_DLL ASN1_String : public ASN1_Object +class BOTAN_DLL ASN1_String final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -26,11 +26,11 @@ class BOTAN_DLL ASN1_String : public ASN1_Object ASN1_Tag tagging() const; - ASN1_String(const std::string& = ""); + explicit ASN1_String(const std::string& = ""); ASN1_String(const std::string&, ASN1_Tag); private: - std::string iso_8859_str; - ASN1_Tag tag; + std::string m_iso_8859_str; + ASN1_Tag m_tag; }; } diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index a9dffa95c..67fc8b5ac 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -149,14 +149,14 @@ void X509_Time::set_to(const std::string& t_spec, ASN1_Tag spec_tag) set_to(t_spec, GENERALIZED_TIME); return; } - catch(Invalid_Argument) {} // Not a generalized time. Continue + catch(Invalid_Argument&) {} // Not a generalized time. Continue try { set_to(t_spec, UTC_TIME); return; } - catch(Invalid_Argument) {} // Not a UTC time. Continue + catch(Invalid_Argument&) {} // Not a UTC time. Continue throw Invalid_Argument("Time string could not be parsed as GeneralizedTime or UTCTime."); } diff --git a/src/lib/asn1/asn1_time.h b/src/lib/asn1/asn1_time.h index 313b26b06..ba5b84838 100644 --- a/src/lib/asn1/asn1_time.h +++ b/src/lib/asn1/asn1_time.h @@ -16,7 +16,7 @@ namespace Botan { /** * X.509 Time */ -class BOTAN_DLL X509_Time : public ASN1_Object +class BOTAN_DLL X509_Time final : public ASN1_Object { public: /// DER encode a X509_Time @@ -41,7 +41,7 @@ class BOTAN_DLL X509_Time : public ASN1_Object X509_Time() {} /// Create a X509_Time from a time point - X509_Time(const std::chrono::system_clock::time_point& time); + explicit X509_Time(const std::chrono::system_clock::time_point& time); /// Create an X509_Time from string X509_Time(const std::string& t_spec, ASN1_Tag tag); diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index 80dfba3bb..ac676cd08 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -139,14 +139,14 @@ size_t find_eoc(DataSource* ber) /* * Check a type invariant on BER data */ -void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) +void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) { - if(this->type_tag != type_tag || this->class_tag != class_tag) + if(type_tag != type_tag_ || class_tag != class_tag_) throw BER_Decoding_Error("Tag mismatch when decoding got " + - std::to_string(this->type_tag) + "/" + - std::to_string(this->class_tag) + " expected " + std::to_string(type_tag) + "/" + - std::to_string(class_tag)); + std::to_string(class_tag) + " expected " + + std::to_string(type_tag_) + "/" + + std::to_string(class_tag_)); } /* @@ -154,7 +154,7 @@ void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) */ bool BER_Decoder::more_items() const { - if(source->end_of_data() && (pushed.type_tag == NO_OBJECT)) + if(m_source->end_of_data() && (m_pushed.type_tag == NO_OBJECT)) return false; return true; } @@ -164,7 +164,7 @@ bool BER_Decoder::more_items() const */ BER_Decoder& BER_Decoder::verify_end() { - if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT)) + if(!m_source->end_of_data() || (m_pushed.type_tag != NO_OBJECT)) throw Invalid_State("BER_Decoder::verify_end called, but data remains"); return (*this); } @@ -176,7 +176,7 @@ BER_Decoder& BER_Decoder::raw_bytes(secure_vector<byte>& out) { out.clear(); byte buf; - while(source->read_byte(buf)) + while(m_source->read_byte(buf)) out.push_back(buf); return (*this); } @@ -185,7 +185,7 @@ BER_Decoder& BER_Decoder::raw_bytes(std::vector<byte>& out) { out.clear(); byte buf; - while(source->read_byte(buf)) + while(m_source->read_byte(buf)) out.push_back(buf); return (*this); } @@ -196,7 +196,7 @@ BER_Decoder& BER_Decoder::raw_bytes(std::vector<byte>& out) BER_Decoder& BER_Decoder::discard_remaining() { byte buf; - while(source->read_byte(buf)) + while(m_source->read_byte(buf)) ; return (*this); } @@ -208,23 +208,23 @@ BER_Object BER_Decoder::get_next_object() { BER_Object next; - if(pushed.type_tag != NO_OBJECT) + if(m_pushed.type_tag != NO_OBJECT) { - next = pushed; - pushed.class_tag = pushed.type_tag = NO_OBJECT; + next = m_pushed; + m_pushed.class_tag = m_pushed.type_tag = NO_OBJECT; return next; } - decode_tag(source, next.type_tag, next.class_tag); + decode_tag(m_source, next.type_tag, next.class_tag); if(next.type_tag == NO_OBJECT) return next; - const size_t length = decode_length(source); - if(!source->check_available(length)) + const size_t length = decode_length(m_source); + if(!m_source->check_available(length)) throw BER_Decoding_Error("Value truncated"); next.value.resize(length); - if(source->read(next.value.data(), length) != length) + if(m_source->read(next.value.data(), length) != length) throw BER_Decoding_Error("Value truncated"); if(next.type_tag == EOC && next.class_tag == UNIVERSAL) @@ -244,9 +244,9 @@ BER_Decoder& BER_Decoder::get_next(BER_Object& ber) */ void BER_Decoder::push_back(const BER_Object& obj) { - if(pushed.type_tag != NO_OBJECT) + if(m_pushed.type_tag != NO_OBJECT) throw Invalid_State("BER_Decoder: Only one push back is allowed"); - pushed = obj; + m_pushed = obj; } /* @@ -259,7 +259,7 @@ BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag, obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED)); BER_Decoder result(obj.value.data(), obj.value.size()); - result.parent = this; + result.m_parent = this; return result; } @@ -268,11 +268,11 @@ BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag, */ BER_Decoder& BER_Decoder::end_cons() { - if(!parent) + if(!m_parent) throw Invalid_State("BER_Decoder::end_cons called with NULL parent"); - if(!source->end_of_data()) + if(!m_source->end_of_data()) throw Decoding_Error("BER_Decoder::end_cons called with data left"); - return (*parent); + return (*m_parent); } /* @@ -280,10 +280,10 @@ BER_Decoder& BER_Decoder::end_cons() */ BER_Decoder::BER_Decoder(DataSource& src) { - source = &src; - owns = false; - pushed.type_tag = pushed.class_tag = NO_OBJECT; - parent = nullptr; + m_source = &src; + m_owns = false; + m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; + m_parent = nullptr; } /* @@ -291,10 +291,10 @@ BER_Decoder::BER_Decoder(DataSource& src) */ BER_Decoder::BER_Decoder(const byte data[], size_t length) { - source = new DataSource_Memory(data, length); - owns = true; - pushed.type_tag = pushed.class_tag = NO_OBJECT; - parent = nullptr; + m_source = new DataSource_Memory(data, length); + m_owns = true; + m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; + m_parent = nullptr; } /* @@ -302,10 +302,10 @@ BER_Decoder::BER_Decoder(const byte data[], size_t length) */ BER_Decoder::BER_Decoder(const secure_vector<byte>& data) { - source = new DataSource_Memory(data); - owns = true; - pushed.type_tag = pushed.class_tag = NO_OBJECT; - parent = nullptr; + m_source = new DataSource_Memory(data); + m_owns = true; + m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; + m_parent = nullptr; } /* @@ -313,10 +313,10 @@ BER_Decoder::BER_Decoder(const secure_vector<byte>& data) */ BER_Decoder::BER_Decoder(const std::vector<byte>& data) { - source = new DataSource_Memory(data.data(), data.size()); - owns = true; - pushed.type_tag = pushed.class_tag = NO_OBJECT; - parent = nullptr; + m_source = new DataSource_Memory(data.data(), data.size()); + m_owns = true; + m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; + m_parent = nullptr; } /* @@ -324,15 +324,15 @@ BER_Decoder::BER_Decoder(const std::vector<byte>& data) */ BER_Decoder::BER_Decoder(const BER_Decoder& other) { - source = other.source; - owns = false; - if(other.owns) + m_source = other.m_source; + m_owns = false; + if(other.m_owns) { - other.owns = false; - owns = true; + other.m_owns = false; + m_owns = true; } - pushed.type_tag = pushed.class_tag = NO_OBJECT; - parent = other.parent; + m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; + m_parent = other.m_parent; } /* @@ -340,9 +340,9 @@ BER_Decoder::BER_Decoder(const BER_Decoder& other) */ BER_Decoder::~BER_Decoder() { - if(owns) - delete source; - source = nullptr; + if(m_owns) + delete m_source; + m_source = nullptr; } /* diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index 98cfcb10f..8a5c9ca45 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -157,21 +157,21 @@ class BOTAN_DLL BER_Decoder BER_Decoder& operator=(const BER_Decoder&) = delete; - BER_Decoder(DataSource&); + explicit BER_Decoder(DataSource&); BER_Decoder(const byte[], size_t); - BER_Decoder(const secure_vector<byte>&); + explicit BER_Decoder(const secure_vector<byte>&); - BER_Decoder(const std::vector<byte>& vec); + explicit BER_Decoder(const std::vector<byte>& vec); BER_Decoder(const BER_Decoder&); ~BER_Decoder(); private: - BER_Decoder* parent; - DataSource* source; - BER_Object pushed; - mutable bool owns; + BER_Decoder* m_parent; + DataSource* m_source; + BER_Object m_pushed; + mutable bool m_owns; }; /* diff --git a/src/lib/asn1/der_enc.cpp b/src/lib/asn1/der_enc.cpp index f1bcf634e..c5c2b4803 100644 --- a/src/lib/asn1/der_enc.cpp +++ b/src/lib/asn1/der_enc.cpp @@ -34,6 +34,8 @@ secure_vector<byte> encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) size_t blocks = high_bit(type_tag) + 6; blocks = (blocks - (blocks % 7)) / 7; + BOTAN_ASSERT(blocks > 0, "Math works"); + encoded_tag.push_back(class_tag | 0x1F); for(size_t i = 0; i != blocks - 1; ++i) encoded_tag.push_back(0x80 | ((type_tag >> 7*(blocks-i-1)) & 0x7F)); @@ -70,21 +72,21 @@ secure_vector<byte> encode_length(size_t length) */ secure_vector<byte> DER_Encoder::DER_Sequence::get_contents() { - const ASN1_Tag real_class_tag = ASN1_Tag(class_tag | CONSTRUCTED); + const ASN1_Tag real_class_tag = ASN1_Tag(m_class_tag | CONSTRUCTED); - if(type_tag == SET) + if(m_type_tag == SET) { - std::sort(set_contents.begin(), set_contents.end()); - for(size_t i = 0; i != set_contents.size(); ++i) - contents += set_contents[i]; - set_contents.clear(); + std::sort(m_set_contents.begin(), m_set_contents.end()); + for(size_t i = 0; i != m_set_contents.size(); ++i) + m_contents += m_set_contents[i]; + m_set_contents.clear(); } secure_vector<byte> result; - result += encode_tag(type_tag, real_class_tag); - result += encode_length(contents.size()); - result += contents; - contents.clear(); + result += encode_tag(m_type_tag, real_class_tag); + result += encode_length(m_contents.size()); + result += m_contents; + m_contents.clear(); return result; } @@ -94,10 +96,10 @@ secure_vector<byte> DER_Encoder::DER_Sequence::get_contents() */ void DER_Encoder::DER_Sequence::add_bytes(const byte data[], size_t length) { - if(type_tag == SET) - set_contents.push_back(secure_vector<byte>(data, data + length)); + if(m_type_tag == SET) + m_set_contents.push_back(secure_vector<byte>(data, data + length)); else - contents += std::make_pair(data, length); + m_contents += std::make_pair(data, length); } /* @@ -105,14 +107,14 @@ void DER_Encoder::DER_Sequence::add_bytes(const byte data[], size_t length) */ ASN1_Tag DER_Encoder::DER_Sequence::tag_of() const { - return ASN1_Tag(type_tag | class_tag); + return ASN1_Tag(m_type_tag | m_class_tag); } /* * DER_Sequence Constructor */ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) : - type_tag(t1), class_tag(t2) + m_type_tag(t1), m_class_tag(t2) { } @@ -121,11 +123,11 @@ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) : */ secure_vector<byte> DER_Encoder::get_contents() { - if(subsequences.size() != 0) + if(m_subsequences.size() != 0) throw Invalid_State("DER_Encoder: Sequence hasn't been marked done"); secure_vector<byte> output; - std::swap(output, contents); + std::swap(output, m_contents); return output; } @@ -135,7 +137,7 @@ secure_vector<byte> DER_Encoder::get_contents() DER_Encoder& DER_Encoder::start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag) { - subsequences.push_back(DER_Sequence(type_tag, class_tag)); + m_subsequences.push_back(DER_Sequence(type_tag, class_tag)); return (*this); } @@ -144,11 +146,11 @@ DER_Encoder& DER_Encoder::start_cons(ASN1_Tag type_tag, */ DER_Encoder& DER_Encoder::end_cons() { - if(subsequences.empty()) + if(m_subsequences.empty()) throw Invalid_State("DER_Encoder::end_cons: No such sequence"); - secure_vector<byte> seq = subsequences[subsequences.size()-1].get_contents(); - subsequences.pop_back(); + secure_vector<byte> seq = m_subsequences[m_subsequences.size()-1].get_contents(); + m_subsequences.pop_back(); raw_bytes(seq); return (*this); } @@ -192,10 +194,10 @@ DER_Encoder& DER_Encoder::raw_bytes(const std::vector<byte>& val) */ DER_Encoder& DER_Encoder::raw_bytes(const byte bytes[], size_t length) { - if(subsequences.size()) - subsequences[subsequences.size()-1].add_bytes(bytes, length); + if(m_subsequences.size()) + m_subsequences[m_subsequences.size()-1].add_bytes(bytes, length); else - contents += std::make_pair(bytes, length); + m_contents += std::make_pair(bytes, length); return (*this); } diff --git a/src/lib/asn1/der_enc.h b/src/lib/asn1/der_enc.h index dbb97d1aa..78cb4c38d 100644 --- a/src/lib/asn1/der_enc.h +++ b/src/lib/asn1/der_enc.h @@ -123,13 +123,13 @@ class BOTAN_DLL DER_Encoder void add_bytes(const byte[], size_t); DER_Sequence(ASN1_Tag, ASN1_Tag); private: - ASN1_Tag type_tag, class_tag; - secure_vector<byte> contents; - std::vector< secure_vector<byte> > set_contents; + ASN1_Tag m_type_tag, m_class_tag; + secure_vector<byte> m_contents; + std::vector< secure_vector<byte> > m_set_contents; }; - secure_vector<byte> contents; - std::vector<DER_Sequence> subsequences; + secure_vector<byte> m_contents; + std::vector<DER_Sequence> m_subsequences; }; } diff --git a/src/lib/asn1/oid_lookup/default.cpp b/src/lib/asn1/oid_lookup/default.cpp index 2034ab25c..5bd268e5b 100644 --- a/src/lib/asn1/oid_lookup/default.cpp +++ b/src/lib/asn1/oid_lookup/default.cpp @@ -201,6 +201,8 @@ const char* default_oid_list() "1.3.6.1.5.5.7.48.1 = PKIX.OCSP" "\n" "1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse" "\n" + "1.3.6.1.4.1.311.20.2.2 = Microsoft SmartcardLogon" "\n" + // ECC param sets "1.3.132.0.8 = secp160r1" "\n" "1.3.132.0.9 = secp160k1" "\n" diff --git a/src/lib/asn1/oid_lookup/oids.cpp b/src/lib/asn1/oid_lookup/oids.cpp index 8ce0ec644..cdb863494 100644 --- a/src/lib/asn1/oid_lookup/oids.cpp +++ b/src/lib/asn1/oid_lookup/oids.cpp @@ -109,12 +109,12 @@ void OID_Map::read_cfg(std::istream& cfg, const std::string& source) std::getline(cfg, s); ++line; - if(s == "" || s[0] == '#') + if(s.empty() || s[0] == '#') continue; s = clean_ws(s.substr(0, s.find('#'))); - if(s == "") + if(s.empty()) continue; auto eq = s.find("="); @@ -125,8 +125,8 @@ void OID_Map::read_cfg(std::istream& cfg, const std::string& source) const std::string oid = clean_ws(s.substr(0, eq)); const std::string name = clean_ws(s.substr(eq + 1, std::string::npos)); - m_str2oid.insert(std::make_pair(name, oid)); - m_oid2str.insert(std::make_pair(oid, name)); + m_str2oid.insert(std::make_pair(name, OID(oid))); + m_oid2str.insert(std::make_pair(OID(oid), name)); } } diff --git a/src/lib/asn1/x509_dn.cpp b/src/lib/asn1/x509_dn.cpp index ff4a73ebb..9c36cd695 100644 --- a/src/lib/asn1/x509_dn.cpp +++ b/src/lib/asn1/x509_dn.cpp @@ -55,16 +55,16 @@ void X509_DN::add_attribute(const std::string& type, */ void X509_DN::add_attribute(const OID& oid, const std::string& str) { - if(str == "") + if(str.empty()) return; - auto range = dn_info.equal_range(oid); + auto range = m_dn_info.equal_range(oid); for(auto i = range.first; i != range.second; ++i) if(i->second.value() == str) return; - multimap_insert(dn_info, oid, ASN1_String(str)); - dn_bits.clear(); + multimap_insert(m_dn_info, oid, ASN1_String(str)); + m_dn_bits.clear(); } /* @@ -73,7 +73,7 @@ void X509_DN::add_attribute(const OID& oid, const std::string& str) std::multimap<OID, std::string> X509_DN::get_attributes() const { std::multimap<OID, std::string> retval; - for(auto i = dn_info.begin(); i != dn_info.end(); ++i) + for(auto i = m_dn_info.begin(); i != m_dn_info.end(); ++i) multimap_insert(retval, i->first, i->second.value()); return retval; } @@ -84,7 +84,7 @@ std::multimap<OID, std::string> X509_DN::get_attributes() const std::multimap<std::string, std::string> X509_DN::contents() const { std::multimap<std::string, std::string> retval; - for(auto i = dn_info.begin(); i != dn_info.end(); ++i) + for(auto i = m_dn_info.begin(); i != m_dn_info.end(); ++i) multimap_insert(retval, OIDS::lookup(i->first), i->second.value()); return retval; } @@ -96,7 +96,7 @@ std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const { const OID oid = OIDS::lookup(deref_info_field(attr)); - auto range = dn_info.equal_range(oid); + auto range = m_dn_info.equal_range(oid); std::vector<std::string> values; for(auto i = range.first; i != range.second; ++i) @@ -109,7 +109,7 @@ std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const */ std::vector<byte> X509_DN::get_bits() const { - return dn_bits; + return m_dn_bits; } /* @@ -227,8 +227,8 @@ void X509_DN::encode_into(DER_Encoder& der) const der.start_cons(SEQUENCE); - if(!dn_bits.empty()) - der.raw_bytes(dn_bits); + if(!m_dn_bits.empty()) + der.raw_bytes(m_dn_bits); else { do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country"); @@ -275,7 +275,7 @@ void X509_DN::decode_from(BER_Decoder& source) } } - dn_bits = bits; + m_dn_bits = bits; } namespace { diff --git a/src/lib/asn1/x509_dn.h b/src/lib/asn1/x509_dn.h index cf1fbc03b..12553a1a0 100644 --- a/src/lib/asn1/x509_dn.h +++ b/src/lib/asn1/x509_dn.h @@ -19,7 +19,7 @@ namespace Botan { /** * Distinguished Name */ -class BOTAN_DLL X509_DN : public ASN1_Object +class BOTAN_DLL X509_DN final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -38,11 +38,11 @@ class BOTAN_DLL X509_DN : public ASN1_Object std::vector<byte> get_bits() const; X509_DN(); - X509_DN(const std::multimap<OID, std::string>&); - X509_DN(const std::multimap<std::string, std::string>&); + explicit X509_DN(const std::multimap<OID, std::string>&); + explicit X509_DN(const std::multimap<std::string, std::string>&); private: - std::multimap<OID, ASN1_String> dn_info; - std::vector<byte> dn_bits; + std::multimap<OID, ASN1_String> m_dn_info; + std::vector<byte> m_dn_bits; }; bool BOTAN_DLL operator==(const X509_DN&, const X509_DN&); diff --git a/src/lib/base/algo_registry.h b/src/lib/base/algo_registry.h index 3b1a72d88..ebc23bfca 100644 --- a/src/lib/base/algo_registry.h +++ b/src/lib/base/algo_registry.h @@ -8,8 +8,10 @@ #ifndef BOTAN_ALGO_REGISTRY_H__ #define BOTAN_ALGO_REGISTRY_H__ +#include <botan/build.h> #include <botan/types.h> #include <botan/exceptn.h> +#include <botan/scan_name.h> #include <functional> #include <mutex> #include <vector> @@ -22,7 +24,7 @@ #define BOTAN_WORKAROUND_GH_321 #define NOMINMAX 1 #define WIN32_LEAN_AND_MEAN 1 - #include <Windows.h> + #include <windows.h> #endif @@ -33,28 +35,28 @@ namespace Botan { class WinCS_Mutex { public: - WinCS_Mutex() - { - InitializeCriticalSection(&m_cs); - } - - ~WinCS_Mutex() - { - DeleteCriticalSection(&m_cs); - } - - void lock() - { - EnterCriticalSection(&m_cs); - } - - void unlock() - { - LeaveCriticalSection(&m_cs); - } - - private: - CRITICAL_SECTION m_cs; + WinCS_Mutex() + { + ::InitializeCriticalSection(&m_cs); + } + + ~WinCS_Mutex() + { + ::DeleteCriticalSection(&m_cs); + } + + void lock() + { + ::EnterCriticalSection(&m_cs); + } + + void unlock() + { + ::LeaveCriticalSection(&m_cs); + } + + private: + CRITICAL_SECTION m_cs; }; #endif @@ -111,7 +113,7 @@ class Algo_Registry } catch(std::exception& e) { - throw Exception("Creating '" + spec.as_string() + "' failed: " + e.what()); + throw Lookup_Error("Creating '" + spec.as_string() + "' failed: " + e.what()); } return nullptr; @@ -186,7 +188,7 @@ class Algo_Registry { std::vector<maker_fn> r; - if(req_provider != "") + if(!req_provider.empty()) { // find one explicit provider requested by user or fail auto i = m_maker_fns.find(req_provider); @@ -211,7 +213,7 @@ class Algo_Registry }; template<typename T> T* -make_a(const typename T::Spec& spec, const std::string provider = "") +make_a(const typename T::Spec& spec, const std::string& provider = "") { return Algo_Registry<T>::global_registry().make(spec, provider); } @@ -256,16 +258,12 @@ make_new_T_1str_req(const typename Algo_Registry<T>::Spec& spec) template<typename T, typename X> T* make_new_T_1X(const typename Algo_Registry<T>::Spec& spec) { - std::unique_ptr<X> x(Algo_Registry<X>::global_registry().make(spec.arg(0))); + std::unique_ptr<X> x(Algo_Registry<X>::global_registry().make(Botan::SCAN_Name(spec.arg(0)))); if(!x) throw Exception(spec.arg(0)); return new T(x.release()); } -// Append to macros living outside of functions, so that invocations must end with a semicolon. -// The struct is only declared to force the semicolon, it is never defined. -#define BOTAN_FORCE_SEMICOLON struct BOTAN_DUMMY_STRUCT - #define BOTAN_REGISTER_TYPE(T, type, name, maker, provider, pref) \ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, maker, provider, pref); } \ BOTAN_FORCE_SEMICOLON diff --git a/src/lib/base/init.h b/src/lib/base/init.h index 0c61eba6f..7709883af 100644 --- a/src/lib/base/init.h +++ b/src/lib/base/init.h @@ -22,7 +22,7 @@ namespace Botan { class BOTAN_DLL LibraryInitializer { public: - LibraryInitializer(const std::string& s = "") { initialize(s); } + explicit LibraryInitializer(const std::string& s = "") { initialize(s); } ~LibraryInitializer() { deinitialize(); } static void initialize(const std::string& = ""); diff --git a/src/lib/base/key_spec.h b/src/lib/base/key_spec.h index 78b6b8a23..82e0e7e6f 100644 --- a/src/lib/base/key_spec.h +++ b/src/lib/base/key_spec.h @@ -22,10 +22,10 @@ class BOTAN_DLL Key_Length_Specification * Constructor for fixed length keys * @param keylen the supported key length */ - Key_Length_Specification(size_t keylen) : - min_keylen(keylen), - max_keylen(keylen), - keylen_mod(1) + explicit Key_Length_Specification(size_t keylen) : + m_min_keylen(keylen), + m_max_keylen(keylen), + m_keylen_mod(1) { } @@ -38,9 +38,9 @@ class BOTAN_DLL Key_Length_Specification Key_Length_Specification(size_t min_k, size_t max_k, size_t k_mod = 1) : - min_keylen(min_k), - max_keylen(max_k ? max_k : min_k), - keylen_mod(k_mod) + m_min_keylen(min_k), + m_max_keylen(max_k ? max_k : min_k), + m_keylen_mod(k_mod) { } @@ -50,9 +50,9 @@ class BOTAN_DLL Key_Length_Specification */ bool valid_keylength(size_t length) const { - return ((length >= min_keylen) && - (length <= max_keylen) && - (length % keylen_mod == 0)); + return ((length >= m_min_keylen) && + (length <= m_max_keylen) && + (length % m_keylen_mod == 0)); } /** @@ -60,7 +60,7 @@ class BOTAN_DLL Key_Length_Specification */ size_t minimum_keylength() const { - return min_keylen; + return m_min_keylen; } /** @@ -68,7 +68,7 @@ class BOTAN_DLL Key_Length_Specification */ size_t maximum_keylength() const { - return max_keylen; + return m_max_keylen; } /** @@ -76,18 +76,18 @@ class BOTAN_DLL Key_Length_Specification */ size_t keylength_multiple() const { - return keylen_mod; + return m_keylen_mod; } Key_Length_Specification multiple(size_t n) const { - return Key_Length_Specification(n * min_keylen, - n * max_keylen, - n * keylen_mod); + return Key_Length_Specification(n * m_min_keylen, + n * m_max_keylen, + n * m_keylen_mod); } private: - size_t min_keylen, max_keylen, keylen_mod; + size_t m_min_keylen, m_max_keylen, m_keylen_mod; }; } diff --git a/src/lib/base/scan_name.cpp b/src/lib/base/scan_name.cpp index 2b32dc7d3..08f5e8702 100644 --- a/src/lib/base/scan_name.cpp +++ b/src/lib/base/scan_name.cpp @@ -63,17 +63,15 @@ deref_aliases(const std::pair<size_t, std::string>& in) SCAN_Name::SCAN_Name(std::string algo_spec, const std::string& extra) : SCAN_Name(algo_spec) { - alg_name += extra; + m_alg_name += extra; } SCAN_Name::SCAN_Name(const char* algo_spec) : SCAN_Name(std::string(algo_spec)) { } -SCAN_Name::SCAN_Name(std::string algo_spec) +SCAN_Name::SCAN_Name(std::string algo_spec) : m_orig_algo_spec(algo_spec), m_alg_name(), m_args(), m_mode_info() { - orig_algo_spec = algo_spec; - std::vector<std::pair<size_t, std::string> > name; size_t level = 0; std::pair<size_t, std::string> accum = std::make_pair(level, ""); @@ -119,7 +117,7 @@ SCAN_Name::SCAN_Name(std::string algo_spec) if(name.size() == 0) throw Decoding_Error(decoding_error + "Empty name"); - alg_name = name[0].second; + m_alg_name = name[0].second; bool in_modes = false; @@ -127,11 +125,11 @@ SCAN_Name::SCAN_Name(std::string algo_spec) { if(name[i].first == 0) { - mode_info.push_back(make_arg(name, i)); + m_mode_info.push_back(make_arg(name, i)); in_modes = true; } else if(name[i].first == 1 && !in_modes) - args.push_back(make_arg(name, i)); + m_args.push_back(make_arg(name, i)); } } @@ -157,21 +155,21 @@ std::string SCAN_Name::arg(size_t i) const if(i >= arg_count()) throw Invalid_Argument("SCAN_Name::arg " + std::to_string(i) + " out of range for '" + as_string() + "'"); - return args[i]; + return m_args[i]; } std::string SCAN_Name::arg(size_t i, const std::string& def_value) const { if(i >= arg_count()) return def_value; - return args[i]; + return m_args[i]; } size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const { if(i >= arg_count()) return def_value; - return to_u32bit(args[i]); + return to_u32bit(m_args[i]); } std::mutex SCAN_Name::g_alias_map_mutex; diff --git a/src/lib/base/scan_name.h b/src/lib/base/scan_name.h index cc89bf998..d59d5889e 100644 --- a/src/lib/base/scan_name.h +++ b/src/lib/base/scan_name.h @@ -26,12 +26,12 @@ class BOTAN_DLL SCAN_Name /** * @param algo_spec A SCAN-format name */ - SCAN_Name(const char* algo_spec); + explicit SCAN_Name(const char* algo_spec); /** * @param algo_spec A SCAN-format name */ - SCAN_Name(std::string algo_spec); + explicit SCAN_Name(std::string algo_spec); /** * @param algo_spec A SCAN-format name @@ -41,12 +41,12 @@ class BOTAN_DLL SCAN_Name /** * @return original input string */ - const std::string& as_string() const { return orig_algo_spec; } + const std::string& as_string() const { return m_orig_algo_spec; } /** * @return algorithm name */ - const std::string& algo_name() const { return alg_name; } + const std::string& algo_name() const { return m_alg_name; } /** * @return algorithm name plus any arguments @@ -61,7 +61,7 @@ class BOTAN_DLL SCAN_Name /** * @return number of arguments */ - size_t arg_count() const { return args.size(); } + size_t arg_count() const { return m_args.size(); } /** * @param lower is the lower bound @@ -95,13 +95,13 @@ class BOTAN_DLL SCAN_Name * @return cipher mode (if any) */ std::string cipher_mode() const - { return (mode_info.size() >= 1) ? mode_info[0] : ""; } + { return (m_mode_info.size() >= 1) ? m_mode_info[0] : ""; } /** * @return cipher mode padding (if any) */ std::string cipher_mode_pad() const - { return (mode_info.size() >= 2) ? mode_info[1] : ""; } + { return (m_mode_info.size() >= 2) ? m_mode_info[1] : ""; } static void add_alias(const std::string& alias, const std::string& basename); @@ -110,10 +110,10 @@ class BOTAN_DLL SCAN_Name static std::mutex g_alias_map_mutex; static std::map<std::string, std::string> g_alias_map; - std::string orig_algo_spec; - std::string alg_name; - std::vector<std::string> args; - std::vector<std::string> mode_info; + std::string m_orig_algo_spec; + std::string m_alg_name; + std::vector<std::string> m_args; + std::vector<std::string> m_mode_info; }; } diff --git a/src/lib/base/symkey.cpp b/src/lib/base/symkey.cpp index 2f739998f..d5a02a45d 100644 --- a/src/lib/base/symkey.cpp +++ b/src/lib/base/symkey.cpp @@ -16,9 +16,9 @@ namespace Botan { * Create an OctetString from RNG output */ OctetString::OctetString(RandomNumberGenerator& rng, - size_t length) + size_t len) { - m_data = rng.random_vec(length); + m_data = rng.random_vec(len); } /* diff --git a/src/lib/base/symkey.h b/src/lib/base/symkey.h index 3b0208e51..c780e5239 100644 --- a/src/lib/base/symkey.h +++ b/src/lib/base/symkey.h @@ -61,7 +61,7 @@ class BOTAN_DLL OctetString * Create a new OctetString * @param str is a hex encoded string */ - OctetString(const std::string& str = ""); + explicit OctetString(const std::string& str = ""); /** * Create a new random OctetString diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 0da4ff0a0..aac277b4f 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -345,6 +345,12 @@ void aes_key_schedule(const byte key[], size_t length, secure_vector<byte>& ME, secure_vector<byte>& MD) { + + // if length is < 4, X = 0, the first for loop is not entered and in + // the second for loop "RC[(i-X)/X]" = division by zero + // But obviously valid aes length values are only 16, 24 and 32 + BOTAN_ASSERT( length >= 4, "aes key length has valid size" ); + static const u32bit RC[10] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; @@ -414,71 +420,71 @@ void aes_key_schedule(const byte key[], size_t length, void AES_128::encrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_encrypt_n(in, out, blocks, EK, ME); + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } void AES_128::decrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_decrypt_n(in, out, blocks, DK, MD); + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } void AES_128::key_schedule(const byte key[], size_t length) { - aes_key_schedule(key, length, EK, DK, ME, MD); + aes_key_schedule(key, length, m_EK, m_DK, m_ME, m_MD); } void AES_128::clear() { - zap(EK); - zap(DK); - zap(ME); - zap(MD); + zap(m_EK); + zap(m_DK); + zap(m_ME); + zap(m_MD); } void AES_192::encrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_encrypt_n(in, out, blocks, EK, ME); + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } void AES_192::decrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_decrypt_n(in, out, blocks, DK, MD); + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } void AES_192::key_schedule(const byte key[], size_t length) { - aes_key_schedule(key, length, EK, DK, ME, MD); + aes_key_schedule(key, length, m_EK, m_DK, m_ME, m_MD); } void AES_192::clear() { - zap(EK); - zap(DK); - zap(ME); - zap(MD); + zap(m_EK); + zap(m_DK); + zap(m_ME); + zap(m_MD); } void AES_256::encrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_encrypt_n(in, out, blocks, EK, ME); + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } void AES_256::decrypt_n(const byte in[], byte out[], size_t blocks) const { - aes_decrypt_n(in, out, blocks, DK, MD); + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } void AES_256::key_schedule(const byte key[], size_t length) { - aes_key_schedule(key, length, EK, DK, ME, MD); + aes_key_schedule(key, length, m_EK, m_DK, m_ME, m_MD); } void AES_256::clear() { - zap(EK); - zap(DK); - zap(ME); - zap(MD); + zap(m_EK); + zap(m_DK); + zap(m_ME); + zap(m_MD); } } diff --git a/src/lib/block/aes/aes.h b/src/lib/block/aes/aes.h index f8b8d2938..a058adcf1 100644 --- a/src/lib/block/aes/aes.h +++ b/src/lib/block/aes/aes.h @@ -15,7 +15,7 @@ namespace Botan { /** * AES-128 */ -class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> +class BOTAN_DLL AES_128 final : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -28,14 +28,14 @@ class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u32bit> EK, DK; - secure_vector<byte> ME, MD; + secure_vector<u32bit> m_EK, m_DK; + secure_vector<byte> m_ME, m_MD; }; /** * AES-192 */ -class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> +class BOTAN_DLL AES_192 final : public Block_Cipher_Fixed_Params<16, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -48,14 +48,14 @@ class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u32bit> EK, DK; - secure_vector<byte> ME, MD; + secure_vector<u32bit> m_EK, m_DK; + secure_vector<byte> m_ME, m_MD; }; /** * AES-256 */ -class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> +class BOTAN_DLL AES_256 final : public Block_Cipher_Fixed_Params<16, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -68,8 +68,8 @@ class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u32bit> EK, DK; - secure_vector<byte> ME, MD; + secure_vector<u32bit> m_EK, m_DK; + secure_vector<byte> m_ME, m_MD; }; } diff --git a/src/lib/block/aes_ni/aes_ni.cpp b/src/lib/block/aes_ni/aes_ni.cpp index d359ec772..51b30881f 100644 --- a/src/lib/block/aes_ni/aes_ni.cpp +++ b/src/lib/block/aes_ni/aes_ni.cpp @@ -109,7 +109,7 @@ void AES_128_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_EK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -185,7 +185,7 @@ void AES_128_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_DK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -258,8 +258,8 @@ void AES_128_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_128_NI::key_schedule(const byte key[], size_t) { - EK.resize(44); - DK.resize(44); + m_EK.resize(44); + m_DK.resize(44); #define AES_128_key_exp(K, RCON) \ aes_128_key_expansion(K, _mm_aeskeygenassist_si128(K, RCON)) @@ -276,7 +276,7 @@ void AES_128_NI::key_schedule(const byte key[], size_t) __m128i K9 = AES_128_key_exp(K8, 0x1B); __m128i K10 = AES_128_key_exp(K9, 0x36); - __m128i* EK_mm = reinterpret_cast<__m128i*>(EK.data()); + __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); _mm_storeu_si128(EK_mm , K0); _mm_storeu_si128(EK_mm + 1, K1); _mm_storeu_si128(EK_mm + 2, K2); @@ -291,7 +291,7 @@ void AES_128_NI::key_schedule(const byte key[], size_t) // Now generate decryption keys - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); _mm_storeu_si128(DK_mm , K10); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K9)); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K8)); @@ -310,8 +310,8 @@ void AES_128_NI::key_schedule(const byte key[], size_t) */ void AES_128_NI::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } /* @@ -322,7 +322,7 @@ void AES_192_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_EK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -404,7 +404,7 @@ void AES_192_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_DK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -483,19 +483,19 @@ void AES_192_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_192_NI::key_schedule(const byte key[], size_t) { - EK.resize(52); - DK.resize(52); + m_EK.resize(52); + m_DK.resize(52); __m128i K0 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key)); __m128i K1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key + 8)); K1 = _mm_srli_si128(K1, 8); - load_le(EK.data(), key, 6); + load_le(m_EK.data(), key, 6); #define AES_192_key_exp(RCON, EK_OFF) \ aes_192_key_expansion(&K0, &K1, \ _mm_aeskeygenassist_si128(K1, RCON), \ - &EK[EK_OFF], EK_OFF == 48) + &m_EK[EK_OFF], EK_OFF == 48) AES_192_key_exp(0x01, 6); AES_192_key_exp(0x02, 12); @@ -509,9 +509,9 @@ void AES_192_NI::key_schedule(const byte key[], size_t) #undef AES_192_key_exp // Now generate decryption keys - const __m128i* EK_mm = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* EK_mm = reinterpret_cast<const __m128i*>(m_EK.data()); - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); _mm_storeu_si128(DK_mm , _mm_loadu_si128(EK_mm + 12)); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(_mm_loadu_si128(EK_mm + 11))); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(_mm_loadu_si128(EK_mm + 10))); @@ -532,8 +532,8 @@ void AES_192_NI::key_schedule(const byte key[], size_t) */ void AES_192_NI::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } /* @@ -544,7 +544,7 @@ void AES_256_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_EK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -632,7 +632,7 @@ void AES_256_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* key_mm = reinterpret_cast<const __m128i*>(m_DK.data()); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -717,8 +717,8 @@ void AES_256_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_256_NI::key_schedule(const byte key[], size_t) { - EK.resize(60); - DK.resize(60); + m_EK.resize(60); + m_DK.resize(60); __m128i K0 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key)); __m128i K1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key + 16)); @@ -743,7 +743,7 @@ void AES_256_NI::key_schedule(const byte key[], size_t) __m128i K14 = aes_128_key_expansion(K12, _mm_aeskeygenassist_si128(K13, 0x40)); - __m128i* EK_mm = reinterpret_cast<__m128i*>(EK.data()); + __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); _mm_storeu_si128(EK_mm , K0); _mm_storeu_si128(EK_mm + 1, K1); _mm_storeu_si128(EK_mm + 2, K2); @@ -761,7 +761,7 @@ void AES_256_NI::key_schedule(const byte key[], size_t) _mm_storeu_si128(EK_mm + 14, K14); // Now generate decryption keys - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); _mm_storeu_si128(DK_mm , K14); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K13)); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K12)); @@ -784,8 +784,8 @@ void AES_256_NI::key_schedule(const byte key[], size_t) */ void AES_256_NI::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } #undef AES_ENC_4_ROUNDS diff --git a/src/lib/block/aes_ni/aes_ni.h b/src/lib/block/aes_ni/aes_ni.h index 0f85c3482..296fd7fcc 100644 --- a/src/lib/block/aes_ni/aes_ni.h +++ b/src/lib/block/aes_ni/aes_ni.h @@ -15,7 +15,7 @@ namespace Botan { /** * AES-128 using AES-NI */ -class BOTAN_DLL AES_128_NI : public Block_Cipher_Fixed_Params<16, 16> +class BOTAN_DLL AES_128_NI final : public Block_Cipher_Fixed_Params<16, 16> { public: size_t parallelism() const override { return 4; } @@ -29,13 +29,13 @@ class BOTAN_DLL AES_128_NI : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; /** * AES-192 using AES-NI */ -class BOTAN_DLL AES_192_NI : public Block_Cipher_Fixed_Params<16, 24> +class BOTAN_DLL AES_192_NI final : public Block_Cipher_Fixed_Params<16, 24> { public: size_t parallelism() const override { return 4; } @@ -49,13 +49,13 @@ class BOTAN_DLL AES_192_NI : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; /** * AES-256 using AES-NI */ -class BOTAN_DLL AES_256_NI : public Block_Cipher_Fixed_Params<16, 32> +class BOTAN_DLL AES_256_NI final : public Block_Cipher_Fixed_Params<16, 32> { public: size_t parallelism() const override { return 4; } @@ -69,7 +69,7 @@ class BOTAN_DLL AES_256_NI : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; } diff --git a/src/lib/block/aes_ssse3/aes_ssse3.cpp b/src/lib/block/aes_ssse3/aes_ssse3.cpp index bfc76ecee..54e8fcbd8 100644 --- a/src/lib/block/aes_ssse3/aes_ssse3.cpp +++ b/src/lib/block/aes_ssse3/aes_ssse3.cpp @@ -1,6 +1,6 @@ /* * AES using SSSE3 -* (C) 2010 Jack Lloyd +* (C) 2010,2016 Jack Lloyd * * This is more or less a direct translation of public domain x86-64 * assembly written by Mike Hamburg, described in "Accelerating AES @@ -12,6 +12,7 @@ #include <botan/aes_ssse3.h> #include <botan/cpuid.h> +#include <botan/internal/ct_utils.h> #include <tmmintrin.h> namespace Botan { @@ -58,8 +59,6 @@ __m128i aes_schedule_transform(__m128i input, __m128i i_1 = _mm_and_si128(low_nibs, input); __m128i i_2 = _mm_srli_epi32(_mm_andnot_si128(low_nibs, input), 4); - input = _mm_and_si128(low_nibs, input); - return _mm_xor_si128( _mm_shuffle_epi8(table_1, i_1), _mm_shuffle_epi8(table_2, i_2)); @@ -343,13 +342,18 @@ void AES_128_SSSE3::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_EK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_encrypt(B, keys, 10)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -360,13 +364,18 @@ void AES_128_SSSE3::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_DK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_decrypt(B, keys, 10)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -379,11 +388,11 @@ void AES_128_SSSE3::key_schedule(const byte keyb[], size_t) __m128i key = _mm_loadu_si128(reinterpret_cast<const __m128i*>(keyb)); - EK.resize(11*4); - DK.resize(11*4); + m_EK.resize(11*4); + m_DK.resize(11*4); - __m128i* EK_mm = reinterpret_cast<__m128i*>(EK.data()); - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); _mm_storeu_si128(DK_mm + 10, _mm_shuffle_epi8(key, sr[2])); @@ -409,8 +418,8 @@ void AES_128_SSSE3::key_schedule(const byte keyb[], size_t) void AES_128_SSSE3::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } /* @@ -421,13 +430,18 @@ void AES_192_SSSE3::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_EK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_encrypt(B, keys, 12)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -438,13 +452,18 @@ void AES_192_SSSE3::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_DK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_decrypt(B, keys, 12)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -455,11 +474,11 @@ void AES_192_SSSE3::key_schedule(const byte keyb[], size_t) __m128i rcon = _mm_set_epi32(0x702A9808, 0x4D7C7D81, 0x1F8391B9, 0xAF9DEEB6); - EK.resize(13*4); - DK.resize(13*4); + m_EK.resize(13*4); + m_DK.resize(13*4); - __m128i* EK_mm = reinterpret_cast<__m128i*>(EK.data()); - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); __m128i key1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(keyb)); __m128i key2 = _mm_loadu_si128(reinterpret_cast<const __m128i*>((keyb + 8))); @@ -516,8 +535,8 @@ void AES_192_SSSE3::key_schedule(const byte keyb[], size_t) void AES_192_SSSE3::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } /* @@ -528,13 +547,18 @@ void AES_256_SSSE3::encrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(EK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_EK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_encrypt(B, keys, 14)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -545,13 +569,18 @@ void AES_256_SSSE3::decrypt_n(const byte in[], byte out[], size_t blocks) const const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* keys = reinterpret_cast<const __m128i*>(DK.data()); + const __m128i* keys = reinterpret_cast<const __m128i*>(m_DK.data()); + + CT::poison(in, blocks * block_size()); for(size_t i = 0; i != blocks; ++i) { __m128i B = _mm_loadu_si128(in_mm + i); _mm_storeu_si128(out_mm + i, aes_ssse3_decrypt(B, keys, 14)); } + + CT::unpoison(in, blocks * block_size()); + CT::unpoison(out, blocks * block_size()); } /* @@ -562,11 +591,11 @@ void AES_256_SSSE3::key_schedule(const byte keyb[], size_t) __m128i rcon = _mm_set_epi32(0x702A9808, 0x4D7C7D81, 0x1F8391B9, 0xAF9DEEB6); - EK.resize(15*4); - DK.resize(15*4); + m_EK.resize(15*4); + m_DK.resize(15*4); - __m128i* EK_mm = reinterpret_cast<__m128i*>(EK.data()); - __m128i* DK_mm = reinterpret_cast<__m128i*>(DK.data()); + __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); + __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); __m128i key1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(keyb)); __m128i key2 = _mm_loadu_si128(reinterpret_cast<const __m128i*>((keyb + 16))); @@ -602,8 +631,8 @@ void AES_256_SSSE3::key_schedule(const byte keyb[], size_t) void AES_256_SSSE3::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } } diff --git a/src/lib/block/aes_ssse3/aes_ssse3.h b/src/lib/block/aes_ssse3/aes_ssse3.h index 49e0346e4..8e6c40dcd 100644 --- a/src/lib/block/aes_ssse3/aes_ssse3.h +++ b/src/lib/block/aes_ssse3/aes_ssse3.h @@ -15,7 +15,7 @@ namespace Botan { /** * AES-128 using SSSE3 */ -class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> +class BOTAN_DLL AES_128_SSSE3 final : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,13 +27,13 @@ class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; /** * AES-192 using SSSE3 */ -class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> +class BOTAN_DLL AES_192_SSSE3 final : public Block_Cipher_Fixed_Params<16, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -45,13 +45,13 @@ class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; /** * AES-256 using SSSE3 */ -class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> +class BOTAN_DLL AES_256_SSSE3 final : public Block_Cipher_Fixed_Params<16, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -63,7 +63,7 @@ class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; } diff --git a/src/lib/block/block_cipher.cpp b/src/lib/block/block_cipher.cpp index 7b52f8716..c70ba229d 100644 --- a/src/lib/block/block_cipher.cpp +++ b/src/lib/block/block_cipher.cpp @@ -150,7 +150,7 @@ BlockCipher::~BlockCipher() {} std::unique_ptr<BlockCipher> BlockCipher::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<BlockCipher>(make_a<BlockCipher>(algo_spec, provider)); + return std::unique_ptr<BlockCipher>(make_a<BlockCipher>(Botan::BlockCipher::Spec(algo_spec), provider)); } std::vector<std::string> BlockCipher::providers(const std::string& algo_spec) diff --git a/src/lib/block/blowfish/blowfish.cpp b/src/lib/block/blowfish/blowfish.cpp index 0b0e685a8..e38668934 100644 --- a/src/lib/block/blowfish/blowfish.cpp +++ b/src/lib/block/blowfish/blowfish.cpp @@ -15,10 +15,10 @@ namespace Botan { */ void Blowfish::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const u32bit* S1 = &S[0]; - const u32bit* S2 = &S[256]; - const u32bit* S3 = &S[512]; - const u32bit* S4 = &S[768]; + const u32bit* S1 = &m_S[0]; + const u32bit* S2 = &m_S[256]; + const u32bit* S3 = &m_S[512]; + const u32bit* S4 = &m_S[768]; for(size_t i = 0; i != blocks; ++i) { @@ -27,16 +27,16 @@ void Blowfish::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 16; j += 2) { - L ^= P[j]; + L ^= m_P[j]; R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ S3[get_byte(2, L)]) + S4[get_byte(3, L)]; - R ^= P[j+1]; + R ^= m_P[j+1]; L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ S3[get_byte(2, R)]) + S4[get_byte(3, R)]; } - L ^= P[16]; R ^= P[17]; + L ^= m_P[16]; R ^= m_P[17]; store_be(out, R, L); @@ -50,10 +50,10 @@ void Blowfish::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Blowfish::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const u32bit* S1 = &S[0]; - const u32bit* S2 = &S[256]; - const u32bit* S3 = &S[512]; - const u32bit* S4 = &S[768]; + const u32bit* S1 = &m_S[0]; + const u32bit* S2 = &m_S[256]; + const u32bit* S3 = &m_S[512]; + const u32bit* S4 = &m_S[768]; for(size_t i = 0; i != blocks; ++i) { @@ -62,16 +62,16 @@ void Blowfish::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 17; j != 1; j -= 2) { - L ^= P[j]; + L ^= m_P[j]; R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ S3[get_byte(2, L)]) + S4[get_byte(3, L)]; - R ^= P[j-1]; + R ^= m_P[j-1]; L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ S3[get_byte(2, R)]) + S4[get_byte(3, R)]; } - L ^= P[1]; R ^= P[0]; + L ^= m_P[1]; R ^= m_P[0]; store_be(out, R, L); @@ -85,11 +85,11 @@ void Blowfish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Blowfish::key_schedule(const byte key[], size_t length) { - P.resize(18); - copy_mem(P.data(), P_INIT, 18); + m_P.resize(18); + copy_mem(m_P.data(), P_INIT, 18); - S.resize(1024); - copy_mem(S.data(), S_INIT, 1024); + m_S.resize(1024); + copy_mem(m_S.data(), S_INIT, 1024); const byte null_salt[16] = { 0 }; @@ -101,12 +101,12 @@ void Blowfish::key_expansion(const byte key[], const byte salt[16]) { for(size_t i = 0, j = 0; i != 18; ++i, j += 4) - P[i] ^= make_u32bit(key[(j ) % length], key[(j+1) % length], + m_P[i] ^= make_u32bit(key[(j ) % length], key[(j+1) % length], key[(j+2) % length], key[(j+3) % length]); u32bit L = 0, R = 0; - generate_sbox(P, L, R, salt, 0); - generate_sbox(S, L, R, salt, 2); + generate_sbox(m_P, L, R, salt, 0); + generate_sbox(m_S, L, R, salt, 2); } /* @@ -130,11 +130,11 @@ void Blowfish::eks_key_schedule(const byte key[], size_t length, throw Invalid_Argument("Requested Bcrypt work factor " + std::to_string(workfactor) + " too large"); - P.resize(18); - copy_mem(P.data(), P_INIT, 18); + m_P.resize(18); + copy_mem(m_P.data(), P_INIT, 18); - S.resize(1024); - copy_mem(S.data(), S_INIT, 1024); + m_S.resize(1024); + copy_mem(m_S.data(), S_INIT, 1024); key_expansion(key, length, salt); @@ -156,10 +156,10 @@ void Blowfish::generate_sbox(secure_vector<u32bit>& box, const byte salt[16], size_t salt_off) const { - const u32bit* S1 = &S[0]; - const u32bit* S2 = &S[256]; - const u32bit* S3 = &S[512]; - const u32bit* S4 = &S[768]; + const u32bit* S1 = &m_S[0]; + const u32bit* S2 = &m_S[256]; + const u32bit* S3 = &m_S[512]; + const u32bit* S4 = &m_S[768]; for(size_t i = 0; i != box.size(); i += 2) { @@ -168,16 +168,16 @@ void Blowfish::generate_sbox(secure_vector<u32bit>& box, for(size_t j = 0; j != 16; j += 2) { - L ^= P[j]; + L ^= m_P[j]; R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ S3[get_byte(2, L)]) + S4[get_byte(3, L)]; - R ^= P[j+1]; + R ^= m_P[j+1]; L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ S3[get_byte(2, R)]) + S4[get_byte(3, R)]; } - u32bit T = R; R = L ^ P[16]; L = T ^ P[17]; + u32bit T = R; R = L ^ m_P[16]; L = T ^ m_P[17]; box[i] = L; box[i+1] = R; } @@ -188,8 +188,8 @@ void Blowfish::generate_sbox(secure_vector<u32bit>& box, */ void Blowfish::clear() { - zap(P); - zap(S); + zap(m_P); + zap(m_S); } } diff --git a/src/lib/block/blowfish/blowfish.h b/src/lib/block/blowfish/blowfish.h index e1042465f..b7deeab96 100644 --- a/src/lib/block/blowfish/blowfish.h +++ b/src/lib/block/blowfish/blowfish.h @@ -15,7 +15,7 @@ namespace Botan { /** * Blowfish */ -class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> +class BOTAN_DLL Blowfish final : public Block_Cipher_Fixed_Params<8, 1, 56> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -45,7 +45,7 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> static const u32bit P_INIT[18]; static const u32bit S_INIT[1024]; - secure_vector<u32bit> S, P; + secure_vector<u32bit> m_S, m_P; }; } diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index e9b10c528..ac5d57d4e 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -860,62 +860,62 @@ void key_schedule(secure_vector<u64bit>& SK, const byte key[], size_t length) void Camellia_128::encrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::encrypt(in, out, blocks, SK, 9); + Camellia_F::encrypt(in, out, blocks, m_SK, 9); } void Camellia_192::encrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::encrypt(in, out, blocks, SK, 12); + Camellia_F::encrypt(in, out, blocks, m_SK, 12); } void Camellia_256::encrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::encrypt(in, out, blocks, SK, 12); + Camellia_F::encrypt(in, out, blocks, m_SK, 12); } void Camellia_128::decrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::decrypt(in, out, blocks, SK, 9); + Camellia_F::decrypt(in, out, blocks, m_SK, 9); } void Camellia_192::decrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::decrypt(in, out, blocks, SK, 12); + Camellia_F::decrypt(in, out, blocks, m_SK, 12); } void Camellia_256::decrypt_n(const byte in[], byte out[], size_t blocks) const { - Camellia_F::decrypt(in, out, blocks, SK, 12); + Camellia_F::decrypt(in, out, blocks, m_SK, 12); } void Camellia_128::key_schedule(const byte key[], size_t length) { - Camellia_F::key_schedule(SK, key, length); + Camellia_F::key_schedule(m_SK, key, length); } void Camellia_192::key_schedule(const byte key[], size_t length) { - Camellia_F::key_schedule(SK, key, length); + Camellia_F::key_schedule(m_SK, key, length); } void Camellia_256::key_schedule(const byte key[], size_t length) { - Camellia_F::key_schedule(SK, key, length); + Camellia_F::key_schedule(m_SK, key, length); } void Camellia_128::clear() { - zap(SK); + zap(m_SK); } void Camellia_192::clear() { - zap(SK); + zap(m_SK); } void Camellia_256::clear() { - zap(SK); + zap(m_SK); } } diff --git a/src/lib/block/camellia/camellia.h b/src/lib/block/camellia/camellia.h index 884cb2bd7..71aa95ac6 100644 --- a/src/lib/block/camellia/camellia.h +++ b/src/lib/block/camellia/camellia.h @@ -15,7 +15,7 @@ namespace Botan { /** * Camellia-128 */ -class BOTAN_DLL Camellia_128 : public Block_Cipher_Fixed_Params<16, 16> +class BOTAN_DLL Camellia_128 final : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,13 +27,13 @@ class BOTAN_DLL Camellia_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u64bit> SK; + secure_vector<u64bit> m_SK; }; /** * Camellia-192 */ -class BOTAN_DLL Camellia_192 : public Block_Cipher_Fixed_Params<16, 24> +class BOTAN_DLL Camellia_192 final : public Block_Cipher_Fixed_Params<16, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -45,13 +45,13 @@ class BOTAN_DLL Camellia_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u64bit> SK; + secure_vector<u64bit> m_SK; }; /** * Camellia-256 */ -class BOTAN_DLL Camellia_256 : public Block_Cipher_Fixed_Params<16, 32> +class BOTAN_DLL Camellia_256 final : public Block_Cipher_Fixed_Params<16, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -63,7 +63,7 @@ class BOTAN_DLL Camellia_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u64bit> SK; + secure_vector<u64bit> m_SK; }; } diff --git a/src/lib/block/cascade/cascade.h b/src/lib/block/cascade/cascade.h index 386f1bd21..21af5bea4 100644 --- a/src/lib/block/cascade/cascade.h +++ b/src/lib/block/cascade/cascade.h @@ -15,7 +15,7 @@ namespace Botan { /** * Block Cipher Cascade */ -class BOTAN_DLL Cascade_Cipher : public BlockCipher +class BOTAN_DLL Cascade_Cipher final : public BlockCipher { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index 3973418a3..53f7d4611 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -55,22 +55,22 @@ void CAST_128::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = load_be<u32bit>(in, 0); u32bit R = load_be<u32bit>(in, 1); - R1(L, R, MK[ 0], RK[ 0]); - R2(R, L, MK[ 1], RK[ 1]); - R3(L, R, MK[ 2], RK[ 2]); - R1(R, L, MK[ 3], RK[ 3]); - R2(L, R, MK[ 4], RK[ 4]); - R3(R, L, MK[ 5], RK[ 5]); - R1(L, R, MK[ 6], RK[ 6]); - R2(R, L, MK[ 7], RK[ 7]); - R3(L, R, MK[ 8], RK[ 8]); - R1(R, L, MK[ 9], RK[ 9]); - R2(L, R, MK[10], RK[10]); - R3(R, L, MK[11], RK[11]); - R1(L, R, MK[12], RK[12]); - R2(R, L, MK[13], RK[13]); - R3(L, R, MK[14], RK[14]); - R1(R, L, MK[15], RK[15]); + R1(L, R, m_MK[ 0], m_RK[ 0]); + R2(R, L, m_MK[ 1], m_RK[ 1]); + R3(L, R, m_MK[ 2], m_RK[ 2]); + R1(R, L, m_MK[ 3], m_RK[ 3]); + R2(L, R, m_MK[ 4], m_RK[ 4]); + R3(R, L, m_MK[ 5], m_RK[ 5]); + R1(L, R, m_MK[ 6], m_RK[ 6]); + R2(R, L, m_MK[ 7], m_RK[ 7]); + R3(L, R, m_MK[ 8], m_RK[ 8]); + R1(R, L, m_MK[ 9], m_RK[ 9]); + R2(L, R, m_MK[10], m_RK[10]); + R3(R, L, m_MK[11], m_RK[11]); + R1(L, R, m_MK[12], m_RK[12]); + R2(R, L, m_MK[13], m_RK[13]); + R3(L, R, m_MK[14], m_RK[14]); + R1(R, L, m_MK[15], m_RK[15]); store_be(out, R, L); @@ -89,22 +89,22 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = load_be<u32bit>(in, 0); u32bit R = load_be<u32bit>(in, 1); - R1(L, R, MK[15], RK[15]); - R3(R, L, MK[14], RK[14]); - R2(L, R, MK[13], RK[13]); - R1(R, L, MK[12], RK[12]); - R3(L, R, MK[11], RK[11]); - R2(R, L, MK[10], RK[10]); - R1(L, R, MK[ 9], RK[ 9]); - R3(R, L, MK[ 8], RK[ 8]); - R2(L, R, MK[ 7], RK[ 7]); - R1(R, L, MK[ 6], RK[ 6]); - R3(L, R, MK[ 5], RK[ 5]); - R2(R, L, MK[ 4], RK[ 4]); - R1(L, R, MK[ 3], RK[ 3]); - R3(R, L, MK[ 2], RK[ 2]); - R2(L, R, MK[ 1], RK[ 1]); - R1(R, L, MK[ 0], RK[ 0]); + R1(L, R, m_MK[15], m_RK[15]); + R3(R, L, m_MK[14], m_RK[14]); + R2(L, R, m_MK[13], m_RK[13]); + R1(R, L, m_MK[12], m_RK[12]); + R3(L, R, m_MK[11], m_RK[11]); + R2(R, L, m_MK[10], m_RK[10]); + R1(L, R, m_MK[ 9], m_RK[ 9]); + R3(R, L, m_MK[ 8], m_RK[ 8]); + R2(L, R, m_MK[ 7], m_RK[ 7]); + R1(R, L, m_MK[ 6], m_RK[ 6]); + R3(L, R, m_MK[ 5], m_RK[ 5]); + R2(R, L, m_MK[ 4], m_RK[ 4]); + R1(L, R, m_MK[ 3], m_RK[ 3]); + R3(R, L, m_MK[ 2], m_RK[ 2]); + R2(L, R, m_MK[ 1], m_RK[ 1]); + R1(R, L, m_MK[ 0], m_RK[ 0]); store_be(out, R, L); @@ -118,26 +118,26 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_128::key_schedule(const byte key[], size_t length) { - MK.resize(48); - RK.resize(48); + m_MK.resize(48); + m_RK.resize(48); secure_vector<u32bit> X(4); for(size_t i = 0; i != length; ++i) X[i/4] = (X[i/4] << 8) + key[i]; - cast_ks(MK, X); + cast_ks(m_MK, X); secure_vector<u32bit> RK32(48); cast_ks(RK32, X); for(size_t i = 0; i != 16; ++i) - RK[i] = RK32[i] % 32; + m_RK[i] = RK32[i] % 32; } void CAST_128::clear() { - zap(MK); - zap(RK); + zap(m_MK); + zap(m_RK); } /* @@ -329,10 +329,10 @@ void CAST_128::cast_ks(secure_vector<u32bit>& K, class ByteReader { public: - byte operator()(size_t i) { return (X[i/4] >> (8*(3 - (i%4)))); } - ByteReader(const u32bit* x) : X(x) {} + byte operator()(size_t i) { return (m_X[i/4] >> (8*(3 - (i%4)))); } + explicit ByteReader(const u32bit* x) : m_X(x) {} private: - const u32bit* X; + const u32bit* m_X; }; secure_vector<u32bit> Z(4); diff --git a/src/lib/block/cast/cast128.h b/src/lib/block/cast/cast128.h index 2a0f4462a..2782e96b9 100644 --- a/src/lib/block/cast/cast128.h +++ b/src/lib/block/cast/cast128.h @@ -15,7 +15,7 @@ namespace Botan { /** * CAST-128 */ -class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> +class BOTAN_DLL CAST_128 final : public Block_Cipher_Fixed_Params<8, 11, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -31,8 +31,8 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> static void cast_ks(secure_vector<u32bit>& ks, secure_vector<u32bit>& user_key); - secure_vector<u32bit> MK; - secure_vector<byte> RK; + secure_vector<u32bit> m_MK; + secure_vector<byte> m_RK; }; } diff --git a/src/lib/block/cast/cast256.cpp b/src/lib/block/cast/cast256.cpp index 7178dc5c1..637fdfee2 100644 --- a/src/lib/block/cast/cast256.cpp +++ b/src/lib/block/cast/cast256.cpp @@ -57,30 +57,30 @@ void CAST_256::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit C = load_be<u32bit>(in, 2); u32bit D = load_be<u32bit>(in, 3); - round1(C, D, MK[ 0], RK[ 0]); round2(B, C, MK[ 1], RK[ 1]); - round3(A, B, MK[ 2], RK[ 2]); round1(D, A, MK[ 3], RK[ 3]); - round1(C, D, MK[ 4], RK[ 4]); round2(B, C, MK[ 5], RK[ 5]); - round3(A, B, MK[ 6], RK[ 6]); round1(D, A, MK[ 7], RK[ 7]); - round1(C, D, MK[ 8], RK[ 8]); round2(B, C, MK[ 9], RK[ 9]); - round3(A, B, MK[10], RK[10]); round1(D, A, MK[11], RK[11]); - round1(C, D, MK[12], RK[12]); round2(B, C, MK[13], RK[13]); - round3(A, B, MK[14], RK[14]); round1(D, A, MK[15], RK[15]); - round1(C, D, MK[16], RK[16]); round2(B, C, MK[17], RK[17]); - round3(A, B, MK[18], RK[18]); round1(D, A, MK[19], RK[19]); - round1(C, D, MK[20], RK[20]); round2(B, C, MK[21], RK[21]); - round3(A, B, MK[22], RK[22]); round1(D, A, MK[23], RK[23]); - round1(D, A, MK[27], RK[27]); round3(A, B, MK[26], RK[26]); - round2(B, C, MK[25], RK[25]); round1(C, D, MK[24], RK[24]); - round1(D, A, MK[31], RK[31]); round3(A, B, MK[30], RK[30]); - round2(B, C, MK[29], RK[29]); round1(C, D, MK[28], RK[28]); - round1(D, A, MK[35], RK[35]); round3(A, B, MK[34], RK[34]); - round2(B, C, MK[33], RK[33]); round1(C, D, MK[32], RK[32]); - round1(D, A, MK[39], RK[39]); round3(A, B, MK[38], RK[38]); - round2(B, C, MK[37], RK[37]); round1(C, D, MK[36], RK[36]); - round1(D, A, MK[43], RK[43]); round3(A, B, MK[42], RK[42]); - round2(B, C, MK[41], RK[41]); round1(C, D, MK[40], RK[40]); - round1(D, A, MK[47], RK[47]); round3(A, B, MK[46], RK[46]); - round2(B, C, MK[45], RK[45]); round1(C, D, MK[44], RK[44]); + round1(C, D, m_MK[ 0], m_RK[ 0]); round2(B, C, m_MK[ 1], m_RK[ 1]); + round3(A, B, m_MK[ 2], m_RK[ 2]); round1(D, A, m_MK[ 3], m_RK[ 3]); + round1(C, D, m_MK[ 4], m_RK[ 4]); round2(B, C, m_MK[ 5], m_RK[ 5]); + round3(A, B, m_MK[ 6], m_RK[ 6]); round1(D, A, m_MK[ 7], m_RK[ 7]); + round1(C, D, m_MK[ 8], m_RK[ 8]); round2(B, C, m_MK[ 9], m_RK[ 9]); + round3(A, B, m_MK[10], m_RK[10]); round1(D, A, m_MK[11], m_RK[11]); + round1(C, D, m_MK[12], m_RK[12]); round2(B, C, m_MK[13], m_RK[13]); + round3(A, B, m_MK[14], m_RK[14]); round1(D, A, m_MK[15], m_RK[15]); + round1(C, D, m_MK[16], m_RK[16]); round2(B, C, m_MK[17], m_RK[17]); + round3(A, B, m_MK[18], m_RK[18]); round1(D, A, m_MK[19], m_RK[19]); + round1(C, D, m_MK[20], m_RK[20]); round2(B, C, m_MK[21], m_RK[21]); + round3(A, B, m_MK[22], m_RK[22]); round1(D, A, m_MK[23], m_RK[23]); + round1(D, A, m_MK[27], m_RK[27]); round3(A, B, m_MK[26], m_RK[26]); + round2(B, C, m_MK[25], m_RK[25]); round1(C, D, m_MK[24], m_RK[24]); + round1(D, A, m_MK[31], m_RK[31]); round3(A, B, m_MK[30], m_RK[30]); + round2(B, C, m_MK[29], m_RK[29]); round1(C, D, m_MK[28], m_RK[28]); + round1(D, A, m_MK[35], m_RK[35]); round3(A, B, m_MK[34], m_RK[34]); + round2(B, C, m_MK[33], m_RK[33]); round1(C, D, m_MK[32], m_RK[32]); + round1(D, A, m_MK[39], m_RK[39]); round3(A, B, m_MK[38], m_RK[38]); + round2(B, C, m_MK[37], m_RK[37]); round1(C, D, m_MK[36], m_RK[36]); + round1(D, A, m_MK[43], m_RK[43]); round3(A, B, m_MK[42], m_RK[42]); + round2(B, C, m_MK[41], m_RK[41]); round1(C, D, m_MK[40], m_RK[40]); + round1(D, A, m_MK[47], m_RK[47]); round3(A, B, m_MK[46], m_RK[46]); + round2(B, C, m_MK[45], m_RK[45]); round1(C, D, m_MK[44], m_RK[44]); store_be(out, A, B, C, D); @@ -101,30 +101,30 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit C = load_be<u32bit>(in, 2); u32bit D = load_be<u32bit>(in, 3); - round1(C, D, MK[44], RK[44]); round2(B, C, MK[45], RK[45]); - round3(A, B, MK[46], RK[46]); round1(D, A, MK[47], RK[47]); - round1(C, D, MK[40], RK[40]); round2(B, C, MK[41], RK[41]); - round3(A, B, MK[42], RK[42]); round1(D, A, MK[43], RK[43]); - round1(C, D, MK[36], RK[36]); round2(B, C, MK[37], RK[37]); - round3(A, B, MK[38], RK[38]); round1(D, A, MK[39], RK[39]); - round1(C, D, MK[32], RK[32]); round2(B, C, MK[33], RK[33]); - round3(A, B, MK[34], RK[34]); round1(D, A, MK[35], RK[35]); - round1(C, D, MK[28], RK[28]); round2(B, C, MK[29], RK[29]); - round3(A, B, MK[30], RK[30]); round1(D, A, MK[31], RK[31]); - round1(C, D, MK[24], RK[24]); round2(B, C, MK[25], RK[25]); - round3(A, B, MK[26], RK[26]); round1(D, A, MK[27], RK[27]); - round1(D, A, MK[23], RK[23]); round3(A, B, MK[22], RK[22]); - round2(B, C, MK[21], RK[21]); round1(C, D, MK[20], RK[20]); - round1(D, A, MK[19], RK[19]); round3(A, B, MK[18], RK[18]); - round2(B, C, MK[17], RK[17]); round1(C, D, MK[16], RK[16]); - round1(D, A, MK[15], RK[15]); round3(A, B, MK[14], RK[14]); - round2(B, C, MK[13], RK[13]); round1(C, D, MK[12], RK[12]); - round1(D, A, MK[11], RK[11]); round3(A, B, MK[10], RK[10]); - round2(B, C, MK[ 9], RK[ 9]); round1(C, D, MK[ 8], RK[ 8]); - round1(D, A, MK[ 7], RK[ 7]); round3(A, B, MK[ 6], RK[ 6]); - round2(B, C, MK[ 5], RK[ 5]); round1(C, D, MK[ 4], RK[ 4]); - round1(D, A, MK[ 3], RK[ 3]); round3(A, B, MK[ 2], RK[ 2]); - round2(B, C, MK[ 1], RK[ 1]); round1(C, D, MK[ 0], RK[ 0]); + round1(C, D, m_MK[44], m_RK[44]); round2(B, C, m_MK[45], m_RK[45]); + round3(A, B, m_MK[46], m_RK[46]); round1(D, A, m_MK[47], m_RK[47]); + round1(C, D, m_MK[40], m_RK[40]); round2(B, C, m_MK[41], m_RK[41]); + round3(A, B, m_MK[42], m_RK[42]); round1(D, A, m_MK[43], m_RK[43]); + round1(C, D, m_MK[36], m_RK[36]); round2(B, C, m_MK[37], m_RK[37]); + round3(A, B, m_MK[38], m_RK[38]); round1(D, A, m_MK[39], m_RK[39]); + round1(C, D, m_MK[32], m_RK[32]); round2(B, C, m_MK[33], m_RK[33]); + round3(A, B, m_MK[34], m_RK[34]); round1(D, A, m_MK[35], m_RK[35]); + round1(C, D, m_MK[28], m_RK[28]); round2(B, C, m_MK[29], m_RK[29]); + round3(A, B, m_MK[30], m_RK[30]); round1(D, A, m_MK[31], m_RK[31]); + round1(C, D, m_MK[24], m_RK[24]); round2(B, C, m_MK[25], m_RK[25]); + round3(A, B, m_MK[26], m_RK[26]); round1(D, A, m_MK[27], m_RK[27]); + round1(D, A, m_MK[23], m_RK[23]); round3(A, B, m_MK[22], m_RK[22]); + round2(B, C, m_MK[21], m_RK[21]); round1(C, D, m_MK[20], m_RK[20]); + round1(D, A, m_MK[19], m_RK[19]); round3(A, B, m_MK[18], m_RK[18]); + round2(B, C, m_MK[17], m_RK[17]); round1(C, D, m_MK[16], m_RK[16]); + round1(D, A, m_MK[15], m_RK[15]); round3(A, B, m_MK[14], m_RK[14]); + round2(B, C, m_MK[13], m_RK[13]); round1(C, D, m_MK[12], m_RK[12]); + round1(D, A, m_MK[11], m_RK[11]); round3(A, B, m_MK[10], m_RK[10]); + round2(B, C, m_MK[ 9], m_RK[ 9]); round1(C, D, m_MK[ 8], m_RK[ 8]); + round1(D, A, m_MK[ 7], m_RK[ 7]); round3(A, B, m_MK[ 6], m_RK[ 6]); + round2(B, C, m_MK[ 5], m_RK[ 5]); round1(C, D, m_MK[ 4], m_RK[ 4]); + round1(D, A, m_MK[ 3], m_RK[ 3]); round3(A, B, m_MK[ 2], m_RK[ 2]); + round2(B, C, m_MK[ 1], m_RK[ 1]); round1(C, D, m_MK[ 0], m_RK[ 0]); store_be(out, A, B, C, D); @@ -178,8 +178,8 @@ void CAST_256::key_schedule(const byte key[], size_t length) 0x07, 0x18, 0x09, 0x1A, 0x0B, 0x1C, 0x0D, 0x1E, 0x0F, 0x00, 0x11, 0x02 }; - MK.resize(48); - RK.resize(48); + m_MK.resize(48); + m_RK.resize(48); secure_vector<u32bit> K(8); for(size_t i = 0; i != length; ++i) @@ -207,21 +207,21 @@ void CAST_256::key_schedule(const byte key[], size_t length) round1(A, B, KEY_MASK[4*i+14], KEY_ROT[(4*i+14) % 32]); round2(H, A, KEY_MASK[4*i+15], KEY_ROT[(4*i+15) % 32]); - RK[i ] = (A % 32); - RK[i+1] = (C % 32); - RK[i+2] = (E % 32); - RK[i+3] = (G % 32); - MK[i ] = H; - MK[i+1] = F; - MK[i+2] = D; - MK[i+3] = B; + m_RK[i ] = (A % 32); + m_RK[i+1] = (C % 32); + m_RK[i+2] = (E % 32); + m_RK[i+3] = (G % 32); + m_MK[i ] = H; + m_MK[i+1] = F; + m_MK[i+2] = D; + m_MK[i+3] = B; } } void CAST_256::clear() { - zap(MK); - zap(RK); + zap(m_MK); + zap(m_RK); } } diff --git a/src/lib/block/cast/cast256.h b/src/lib/block/cast/cast256.h index 9f7546711..086c94331 100644 --- a/src/lib/block/cast/cast256.h +++ b/src/lib/block/cast/cast256.h @@ -15,7 +15,7 @@ namespace Botan { /** * CAST-256 */ -class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> +class BOTAN_DLL CAST_256 final : public Block_Cipher_Fixed_Params<16, 4, 32, 4> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,8 +27,8 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> MK; - secure_vector<byte> RK; + secure_vector<u32bit> m_MK; + secure_vector<byte> m_RK; }; } diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp index 6d2bcfe1e..88671df8d 100644 --- a/src/lib/block/des/des.cpp +++ b/src/lib/block/des/des.cpp @@ -154,7 +154,7 @@ void DES::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = static_cast<u32bit>(T >> 32); u32bit R = static_cast<u32bit>(T); - des_encrypt(L, R, round_key.data()); + des_encrypt(L, R, m_round_key.data()); T = (DES_FPTAB1[get_byte(0, L)] << 5) | (DES_FPTAB1[get_byte(1, L)] << 3) | (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | @@ -184,7 +184,7 @@ void DES::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = static_cast<u32bit>(T >> 32); u32bit R = static_cast<u32bit>(T); - des_decrypt(L, R, round_key.data()); + des_decrypt(L, R, m_round_key.data()); T = (DES_FPTAB1[get_byte(0, L)] << 5) | (DES_FPTAB1[get_byte(1, L)] << 3) | (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | @@ -205,13 +205,13 @@ void DES::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void DES::key_schedule(const byte key[], size_t) { - round_key.resize(32); - des_key_schedule(round_key.data(), key); + m_round_key.resize(32); + des_key_schedule(m_round_key.data(), key); } void DES::clear() { - zap(round_key); + zap(m_round_key); } /* @@ -229,9 +229,9 @@ void TripleDES::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = static_cast<u32bit>(T >> 32); u32bit R = static_cast<u32bit>(T); - des_encrypt(L, R, &round_key[0]); - des_decrypt(R, L, &round_key[32]); - des_encrypt(L, R, &round_key[64]); + des_encrypt(L, R, &m_round_key[0]); + des_decrypt(R, L, &m_round_key[32]); + des_encrypt(L, R, &m_round_key[64]); T = (DES_FPTAB1[get_byte(0, L)] << 5) | (DES_FPTAB1[get_byte(1, L)] << 3) | (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | @@ -262,9 +262,9 @@ void TripleDES::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit L = static_cast<u32bit>(T >> 32); u32bit R = static_cast<u32bit>(T); - des_decrypt(L, R, &round_key[64]); - des_encrypt(R, L, &round_key[32]); - des_decrypt(L, R, &round_key[0]); + des_decrypt(L, R, &m_round_key[64]); + des_encrypt(R, L, &m_round_key[32]); + des_decrypt(L, R, &m_round_key[0]); T = (DES_FPTAB1[get_byte(0, L)] << 5) | (DES_FPTAB1[get_byte(1, L)] << 3) | (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | @@ -285,19 +285,19 @@ void TripleDES::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void TripleDES::key_schedule(const byte key[], size_t length) { - round_key.resize(3*32); - des_key_schedule(&round_key[0], key); - des_key_schedule(&round_key[32], key + 8); + m_round_key.resize(3*32); + des_key_schedule(&m_round_key[0], key); + des_key_schedule(&m_round_key[32], key + 8); if(length == 24) - des_key_schedule(&round_key[64], key + 16); + des_key_schedule(&m_round_key[64], key + 16); else - copy_mem(&round_key[64], &round_key[0], 32); + copy_mem(&m_round_key[64], &m_round_key[0], 32); } void TripleDES::clear() { - zap(round_key); + zap(m_round_key); } } diff --git a/src/lib/block/des/des.h b/src/lib/block/des/des.h index 1a2fdc5c9..ff31421d2 100644 --- a/src/lib/block/des/des.h +++ b/src/lib/block/des/des.h @@ -15,7 +15,7 @@ namespace Botan { /** * DES */ -class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> +class BOTAN_DLL DES final : public Block_Cipher_Fixed_Params<8, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,13 +27,13 @@ class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> round_key; + secure_vector<u32bit> m_round_key; }; /** * Triple DES */ -class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> +class BOTAN_DLL TripleDES final : public Block_Cipher_Fixed_Params<8, 16, 24, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -45,7 +45,7 @@ class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> round_key; + secure_vector<u32bit> m_round_key; }; /* diff --git a/src/lib/block/des/desx.cpp b/src/lib/block/des/desx.cpp index f6538748c..76a50f9a2 100644 --- a/src/lib/block/des/desx.cpp +++ b/src/lib/block/des/desx.cpp @@ -16,9 +16,9 @@ void DESX::encrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - xor_buf(out, in, K1.data(), BLOCK_SIZE); - des.encrypt(out); - xor_buf(out, K2.data(), BLOCK_SIZE); + xor_buf(out, in, m_K1.data(), BLOCK_SIZE); + m_des.encrypt(out); + xor_buf(out, m_K2.data(), BLOCK_SIZE); in += BLOCK_SIZE; out += BLOCK_SIZE; @@ -32,9 +32,9 @@ void DESX::decrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - xor_buf(out, in, K2.data(), BLOCK_SIZE); - des.decrypt(out); - xor_buf(out, K1.data(), BLOCK_SIZE); + xor_buf(out, in, m_K2.data(), BLOCK_SIZE); + m_des.decrypt(out); + xor_buf(out, m_K1.data(), BLOCK_SIZE); in += BLOCK_SIZE; out += BLOCK_SIZE; @@ -46,16 +46,16 @@ void DESX::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void DESX::key_schedule(const byte key[], size_t) { - K1.assign(key, key + 8); - des.set_key(key + 8, 8); - K2.assign(key + 16, key + 24); + m_K1.assign(key, key + 8); + m_des.set_key(key + 8, 8); + m_K2.assign(key + 16, key + 24); } void DESX::clear() { - des.clear(); - zap(K1); - zap(K2); + m_des.clear(); + zap(m_K1); + zap(m_K2); } } diff --git a/src/lib/block/des/desx.h b/src/lib/block/des/desx.h index 0f155b241..f3c9ac99a 100644 --- a/src/lib/block/des/desx.h +++ b/src/lib/block/des/desx.h @@ -15,7 +15,7 @@ namespace Botan { /** * DESX */ -class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> +class BOTAN_DLL DESX final : public Block_Cipher_Fixed_Params<8, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -26,8 +26,8 @@ class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> BlockCipher* clone() const override { return new DESX; } private: void key_schedule(const byte[], size_t) override; - secure_vector<byte> K1, K2; - DES des; + secure_vector<byte> m_K1, m_K2; + DES m_des; }; } diff --git a/src/lib/block/gost_28147/gost_28147.cpp b/src/lib/block/gost_28147/gost_28147.cpp index b8c3b7280..5fa232478 100644 --- a/src/lib/block/gost_28147/gost_28147.cpp +++ b/src/lib/block/gost_28147/gost_28147.cpp @@ -12,12 +12,12 @@ namespace Botan { byte GOST_28147_89_Params::sbox_entry(size_t row, size_t col) const { - byte x = sboxes[4 * col + (row / 2)]; + byte x = m_sboxes[4 * col + (row / 2)]; return (row % 2 == 0) ? (x >> 4) : (x & 0x0F); } -GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : name(n) +GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : m_name(n) { // Encoded in the packed fromat from RFC 4357 @@ -39,18 +39,18 @@ GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : name(n) 0x03, 0x25, 0xEB, 0xFE, 0x9C, 0x6D, 0xF8, 0x6D, 0x2E, 0xAB, 0xDE, 0x20, 0xBA, 0x89, 0x3C, 0x92, 0xF8, 0xD3, 0x53, 0xBC }; - if(name == "R3411_94_TestParam") - sboxes = GOST_R_3411_TEST_PARAMS; - else if(name == "R3411_CryptoPro") - sboxes = GOST_R_3411_CRYPTOPRO_PARAMS; + if(m_name == "R3411_94_TestParam") + m_sboxes = GOST_R_3411_TEST_PARAMS; + else if(m_name == "R3411_CryptoPro") + m_sboxes = GOST_R_3411_CRYPTOPRO_PARAMS; else - throw Invalid_Argument("GOST_28147_89_Params: Unknown " + name); + throw Invalid_Argument("GOST_28147_89_Params: Unknown " + m_name); } /* * GOST Constructor */ -GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : SBOX(1024) +GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : m_SBOX(1024) { // Convert the parallel 4x4 sboxes into larger word-based sboxes for(size_t i = 0; i != 4; ++i) @@ -58,7 +58,7 @@ GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : SBOX(1024) { const u32bit T = (param.sbox_entry(2*i , j % 16)) | (param.sbox_entry(2*i+1, j / 16) << 4); - SBOX[256*i+j] = rotate_left(T, (11+8*i) % 32); + m_SBOX[256*i+j] = rotate_left(T, (11+8*i) % 32); } } @@ -71,9 +71,9 @@ std::string GOST_28147_89::name() const constructor, but can't break binary compat. */ std::string sbox_name = ""; - if(SBOX[0] == 0x00072000) + if(m_SBOX[0] == 0x00072000) sbox_name = "R3411_94_TestParam"; - else if(SBOX[0] == 0x0002D000) + else if(m_SBOX[0] == 0x0002D000) sbox_name = "R3411_CryptoPro"; else throw Internal_Error("GOST-28147 unrecognized sbox value"); @@ -86,17 +86,17 @@ std::string GOST_28147_89::name() const */ #define GOST_2ROUND(N1, N2, R1, R2) \ do { \ - u32bit T0 = N1 + EK[R1]; \ - N2 ^= SBOX[get_byte(3, T0)] | \ - SBOX[get_byte(2, T0)+256] | \ - SBOX[get_byte(1, T0)+512] | \ - SBOX[get_byte(0, T0)+768]; \ + u32bit T0 = N1 + m_EK[R1]; \ + N2 ^= m_SBOX[get_byte(3, T0)] | \ + m_SBOX[get_byte(2, T0)+256] | \ + m_SBOX[get_byte(1, T0)+512] | \ + m_SBOX[get_byte(0, T0)+768]; \ \ - u32bit T1 = N2 + EK[R2]; \ - N1 ^= SBOX[get_byte(3, T1)] | \ - SBOX[get_byte(2, T1)+256] | \ - SBOX[get_byte(1, T1)+512] | \ - SBOX[get_byte(0, T1)+768]; \ + u32bit T1 = N2 + m_EK[R2]; \ + N1 ^= m_SBOX[get_byte(3, T1)] | \ + m_SBOX[get_byte(2, T1)+256] | \ + m_SBOX[get_byte(1, T1)+512] | \ + m_SBOX[get_byte(0, T1)+768]; \ } while(0) /* @@ -163,14 +163,14 @@ void GOST_28147_89::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void GOST_28147_89::key_schedule(const byte key[], size_t) { - EK.resize(8); + m_EK.resize(8); for(size_t i = 0; i != 8; ++i) - EK[i] = load_le<u32bit>(key, i); + m_EK[i] = load_le<u32bit>(key, i); } void GOST_28147_89::clear() { - zap(EK); + zap(m_EK); } } diff --git a/src/lib/block/gost_28147/gost_28147.h b/src/lib/block/gost_28147/gost_28147.h index 3cf1c4578..4105154e3 100644 --- a/src/lib/block/gost_28147/gost_28147.h +++ b/src/lib/block/gost_28147/gost_28147.h @@ -31,7 +31,7 @@ class BOTAN_DLL GOST_28147_89_Params /** * @return name of this parameter set */ - std::string param_name() const { return name; } + std::string param_name() const { return m_name; } /** * Default GOST parameters are the ones given in GOST R 34.11 for @@ -42,14 +42,14 @@ class BOTAN_DLL GOST_28147_89_Params */ GOST_28147_89_Params(const std::string& name = "R3411_94_TestParam"); private: - const byte* sboxes; - std::string name; + const byte* m_sboxes; + std::string m_name; }; /** * GOST 28147-89 */ -class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> +class BOTAN_DLL GOST_28147_89 final : public Block_Cipher_Fixed_Params<8, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -58,15 +58,15 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> void clear() override; std::string name() const override; - BlockCipher* clone() const override { return new GOST_28147_89(SBOX); } + BlockCipher* clone() const override { return new GOST_28147_89(m_SBOX); } /** * @param params the sbox parameters to use */ - GOST_28147_89(const GOST_28147_89_Params& params); + explicit GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const std::vector<u32bit>& other_SBOX) : - SBOX(other_SBOX), EK(8) {} + explicit GOST_28147_89(const std::vector<u32bit>& other_SBOX) : + m_SBOX(other_SBOX), m_EK(8) {} void key_schedule(const byte[], size_t) override; @@ -74,9 +74,9 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> * The sbox is not secret, this is just a larger expansion of it * which we generate at runtime for faster execution */ - std::vector<u32bit> SBOX; + std::vector<u32bit> m_SBOX; - secure_vector<u32bit> EK; + secure_vector<u32bit> m_EK; }; } diff --git a/src/lib/block/idea/idea.cpp b/src/lib/block/idea/idea.cpp index 8069e16f7..4182c59a7 100644 --- a/src/lib/block/idea/idea.cpp +++ b/src/lib/block/idea/idea.cpp @@ -113,7 +113,7 @@ void idea_op(const byte in[], byte out[], size_t blocks, const u16bit K[52]) */ void IDEA::encrypt_n(const byte in[], byte out[], size_t blocks) const { - idea_op(in, out, blocks, EK.data()); + idea_op(in, out, blocks, m_EK.data()); } /* @@ -121,7 +121,7 @@ void IDEA::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void IDEA::decrypt_n(const byte in[], byte out[], size_t blocks) const { - idea_op(in, out, blocks, DK.data()); + idea_op(in, out, blocks, m_DK.data()); } /* @@ -129,54 +129,54 @@ void IDEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void IDEA::key_schedule(const byte key[], size_t) { - EK.resize(52); - DK.resize(52); + m_EK.resize(52); + m_DK.resize(52); CT::poison(key, 16); - CT::poison(EK.data(), 52); - CT::poison(DK.data(), 52); + CT::poison(m_EK.data(), 52); + CT::poison(m_DK.data(), 52); for(size_t i = 0; i != 8; ++i) - EK[i] = load_be<u16bit>(key, i); + m_EK[i] = load_be<u16bit>(key, i); for(size_t i = 1, j = 8, offset = 0; j != 52; i %= 8, ++i, ++j) { - EK[i+7+offset] = static_cast<u16bit>((EK[(i % 8) + offset] << 9) | - (EK[((i+1) % 8) + offset] >> 7)); + m_EK[i+7+offset] = static_cast<u16bit>((m_EK[(i % 8) + offset] << 9) | + (m_EK[((i+1) % 8) + offset] >> 7)); offset += (i == 8) ? 8 : 0; } - DK[51] = mul_inv(EK[3]); - DK[50] = -EK[2]; - DK[49] = -EK[1]; - DK[48] = mul_inv(EK[0]); + m_DK[51] = mul_inv(m_EK[3]); + m_DK[50] = -m_EK[2]; + m_DK[49] = -m_EK[1]; + m_DK[48] = mul_inv(m_EK[0]); for(size_t i = 1, j = 4, counter = 47; i != 8; ++i, j += 6) { - DK[counter--] = EK[j+1]; - DK[counter--] = EK[j]; - DK[counter--] = mul_inv(EK[j+5]); - DK[counter--] = -EK[j+3]; - DK[counter--] = -EK[j+4]; - DK[counter--] = mul_inv(EK[j+2]); + m_DK[counter--] = m_EK[j+1]; + m_DK[counter--] = m_EK[j]; + m_DK[counter--] = mul_inv(m_EK[j+5]); + m_DK[counter--] = -m_EK[j+3]; + m_DK[counter--] = -m_EK[j+4]; + m_DK[counter--] = mul_inv(m_EK[j+2]); } - DK[5] = EK[47]; - DK[4] = EK[46]; - DK[3] = mul_inv(EK[51]); - DK[2] = -EK[50]; - DK[1] = -EK[49]; - DK[0] = mul_inv(EK[48]); + m_DK[5] = m_EK[47]; + m_DK[4] = m_EK[46]; + m_DK[3] = mul_inv(m_EK[51]); + m_DK[2] = -m_EK[50]; + m_DK[1] = -m_EK[49]; + m_DK[0] = mul_inv(m_EK[48]); CT::unpoison(key, 16); - CT::unpoison(EK.data(), 52); - CT::unpoison(DK.data(), 52); + CT::unpoison(m_EK.data(), 52); + CT::unpoison(m_DK.data(), 52); } void IDEA::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } } diff --git a/src/lib/block/idea/idea.h b/src/lib/block/idea/idea.h index 68d4d61b0..59f98da9e 100644 --- a/src/lib/block/idea/idea.h +++ b/src/lib/block/idea/idea.h @@ -28,17 +28,17 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to encryption subkeys */ - const secure_vector<u16bit>& get_EK() const { return EK; } + const secure_vector<u16bit>& get_EK() const { return m_EK; } /** * @return const reference to decryption subkeys */ - const secure_vector<u16bit>& get_DK() const { return DK; } + const secure_vector<u16bit>& get_DK() const { return m_DK; } private: void key_schedule(const byte[], size_t) override; - secure_vector<u16bit> EK, DK; + secure_vector<u16bit> m_EK, m_DK; }; } diff --git a/src/lib/block/idea_sse2/idea_sse2.h b/src/lib/block/idea_sse2/idea_sse2.h index 18ea7c74d..9e0df9925 100644 --- a/src/lib/block/idea_sse2/idea_sse2.h +++ b/src/lib/block/idea_sse2/idea_sse2.h @@ -15,7 +15,7 @@ namespace Botan { /** * IDEA in SSE2 */ -class BOTAN_DLL IDEA_SSE2 : public IDEA +class BOTAN_DLL IDEA_SSE2 final : public IDEA { public: size_t parallelism() const override { return 8; } diff --git a/src/lib/block/kasumi/kasumi.cpp b/src/lib/block/kasumi/kasumi.cpp index 604d2d21a..014987bc6 100644 --- a/src/lib/block/kasumi/kasumi.cpp +++ b/src/lib/block/kasumi/kasumi.cpp @@ -119,7 +119,7 @@ void KASUMI::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 8; j += 2) { - const u16bit* K = &EK[8*j]; + const u16bit* K = &m_EK[8*j]; u16bit R = B1 ^ (rotate_left(B0, 1) & K[0]); u16bit L = B0 ^ (rotate_left(R, 1) | K[1]); @@ -163,7 +163,7 @@ void KASUMI::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 8; j += 2) { - const u16bit* K = &EK[8*(6-j)]; + const u16bit* K = &m_EK[8*(6-j)]; u16bit L = B2, R = B3; @@ -210,24 +210,24 @@ void KASUMI::key_schedule(const byte key[], size_t) K[i+8] = K[i] ^ RC[i]; } - EK.resize(64); + m_EK.resize(64); for(size_t i = 0; i != 8; ++i) { - EK[8*i ] = rotate_left(K[(i+0) % 8 ], 2); - EK[8*i+1] = rotate_left(K[(i+2) % 8 + 8], 1); - EK[8*i+2] = rotate_left(K[(i+1) % 8 ], 5); - EK[8*i+3] = K[(i+4) % 8 + 8]; - EK[8*i+4] = rotate_left(K[(i+5) % 8 ], 8); - EK[8*i+5] = K[(i+3) % 8 + 8]; - EK[8*i+6] = rotate_left(K[(i+6) % 8 ], 13); - EK[8*i+7] = K[(i+7) % 8 + 8]; + m_EK[8*i ] = rotate_left(K[(i+0) % 8 ], 2); + m_EK[8*i+1] = rotate_left(K[(i+2) % 8 + 8], 1); + m_EK[8*i+2] = rotate_left(K[(i+1) % 8 ], 5); + m_EK[8*i+3] = K[(i+4) % 8 + 8]; + m_EK[8*i+4] = rotate_left(K[(i+5) % 8 ], 8); + m_EK[8*i+5] = K[(i+3) % 8 + 8]; + m_EK[8*i+6] = rotate_left(K[(i+6) % 8 ], 13); + m_EK[8*i+7] = K[(i+7) % 8 + 8]; } } void KASUMI::clear() { - zap(EK); + zap(m_EK); } } diff --git a/src/lib/block/kasumi/kasumi.h b/src/lib/block/kasumi/kasumi.h index 9f86279af..24fd83050 100644 --- a/src/lib/block/kasumi/kasumi.h +++ b/src/lib/block/kasumi/kasumi.h @@ -15,7 +15,7 @@ namespace Botan { /** * KASUMI, the block cipher used in 3G telephony */ -class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> +class BOTAN_DLL KASUMI final : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,7 +27,7 @@ class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t) override; - secure_vector<u16bit> EK; + secure_vector<u16bit> m_EK; }; } diff --git a/src/lib/block/lion/lion.cpp b/src/lib/block/lion/lion.cpp index 559816aea..7ae620504 100644 --- a/src/lib/block/lion/lion.cpp +++ b/src/lib/block/lion/lion.cpp @@ -130,8 +130,8 @@ void Lion::clear() /* * Lion Constructor */ -Lion::Lion(HashFunction* hash, StreamCipher* cipher, size_t block_size) : - m_block_size(std::max<size_t>(2*hash->output_length() + 1, block_size)), +Lion::Lion(HashFunction* hash, StreamCipher* cipher, size_t bs) : + m_block_size(std::max<size_t>(2*hash->output_length() + 1, bs)), m_hash(hash), m_cipher(cipher) { diff --git a/src/lib/block/lion/lion.h b/src/lib/block/lion/lion.h index 116fa911b..f22f0f8a8 100644 --- a/src/lib/block/lion/lion.h +++ b/src/lib/block/lion/lion.h @@ -22,7 +22,7 @@ namespace Botan { * http://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf */ -class BOTAN_DLL Lion : public BlockCipher +class BOTAN_DLL Lion final : public BlockCipher { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; diff --git a/src/lib/block/mars/mars.cpp b/src/lib/block/mars/mars.cpp index becbbf2db..4605be415 100644 --- a/src/lib/block/mars/mars.cpp +++ b/src/lib/block/mars/mars.cpp @@ -216,7 +216,7 @@ u32bit gen_mask(u32bit input) if(value == 0 || value == 0x3FF) { - mask |= 1 << j; + mask |= static_cast<u32bit>(1) << j; break; } } @@ -235,34 +235,34 @@ void MARS::encrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - u32bit A = load_le<u32bit>(in, 0) + EK[0]; - u32bit B = load_le<u32bit>(in, 1) + EK[1]; - u32bit C = load_le<u32bit>(in, 2) + EK[2]; - u32bit D = load_le<u32bit>(in, 3) + EK[3]; + u32bit A = load_le<u32bit>(in, 0) + m_EK[0]; + u32bit B = load_le<u32bit>(in, 1) + m_EK[1]; + u32bit C = load_le<u32bit>(in, 2) + m_EK[2]; + u32bit D = load_le<u32bit>(in, 3) + m_EK[3]; forward_mix(A, B, C, D); - encrypt_round(A, B, C, D, EK[ 4], EK[ 5]); - encrypt_round(B, C, D, A, EK[ 6], EK[ 7]); - encrypt_round(C, D, A, B, EK[ 8], EK[ 9]); - encrypt_round(D, A, B, C, EK[10], EK[11]); - encrypt_round(A, B, C, D, EK[12], EK[13]); - encrypt_round(B, C, D, A, EK[14], EK[15]); - encrypt_round(C, D, A, B, EK[16], EK[17]); - encrypt_round(D, A, B, C, EK[18], EK[19]); - - encrypt_round(A, D, C, B, EK[20], EK[21]); - encrypt_round(B, A, D, C, EK[22], EK[23]); - encrypt_round(C, B, A, D, EK[24], EK[25]); - encrypt_round(D, C, B, A, EK[26], EK[27]); - encrypt_round(A, D, C, B, EK[28], EK[29]); - encrypt_round(B, A, D, C, EK[30], EK[31]); - encrypt_round(C, B, A, D, EK[32], EK[33]); - encrypt_round(D, C, B, A, EK[34], EK[35]); + encrypt_round(A, B, C, D, m_EK[ 4], m_EK[ 5]); + encrypt_round(B, C, D, A, m_EK[ 6], m_EK[ 7]); + encrypt_round(C, D, A, B, m_EK[ 8], m_EK[ 9]); + encrypt_round(D, A, B, C, m_EK[10], m_EK[11]); + encrypt_round(A, B, C, D, m_EK[12], m_EK[13]); + encrypt_round(B, C, D, A, m_EK[14], m_EK[15]); + encrypt_round(C, D, A, B, m_EK[16], m_EK[17]); + encrypt_round(D, A, B, C, m_EK[18], m_EK[19]); + + encrypt_round(A, D, C, B, m_EK[20], m_EK[21]); + encrypt_round(B, A, D, C, m_EK[22], m_EK[23]); + encrypt_round(C, B, A, D, m_EK[24], m_EK[25]); + encrypt_round(D, C, B, A, m_EK[26], m_EK[27]); + encrypt_round(A, D, C, B, m_EK[28], m_EK[29]); + encrypt_round(B, A, D, C, m_EK[30], m_EK[31]); + encrypt_round(C, B, A, D, m_EK[32], m_EK[33]); + encrypt_round(D, C, B, A, m_EK[34], m_EK[35]); reverse_mix(A, B, C, D); - A -= EK[36]; B -= EK[37]; C -= EK[38]; D -= EK[39]; + A -= m_EK[36]; B -= m_EK[37]; C -= m_EK[38]; D -= m_EK[39]; store_le(out, A, B, C, D); @@ -278,34 +278,34 @@ void MARS::decrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - u32bit A = load_le<u32bit>(in, 3) + EK[39]; - u32bit B = load_le<u32bit>(in, 2) + EK[38]; - u32bit C = load_le<u32bit>(in, 1) + EK[37]; - u32bit D = load_le<u32bit>(in, 0) + EK[36]; + u32bit A = load_le<u32bit>(in, 3) + m_EK[39]; + u32bit B = load_le<u32bit>(in, 2) + m_EK[38]; + u32bit C = load_le<u32bit>(in, 1) + m_EK[37]; + u32bit D = load_le<u32bit>(in, 0) + m_EK[36]; forward_mix(A, B, C, D); - decrypt_round(A, B, C, D, EK[35], EK[34]); - decrypt_round(B, C, D, A, EK[33], EK[32]); - decrypt_round(C, D, A, B, EK[31], EK[30]); - decrypt_round(D, A, B, C, EK[29], EK[28]); - decrypt_round(A, B, C, D, EK[27], EK[26]); - decrypt_round(B, C, D, A, EK[25], EK[24]); - decrypt_round(C, D, A, B, EK[23], EK[22]); - decrypt_round(D, A, B, C, EK[21], EK[20]); - - decrypt_round(A, D, C, B, EK[19], EK[18]); - decrypt_round(B, A, D, C, EK[17], EK[16]); - decrypt_round(C, B, A, D, EK[15], EK[14]); - decrypt_round(D, C, B, A, EK[13], EK[12]); - decrypt_round(A, D, C, B, EK[11], EK[10]); - decrypt_round(B, A, D, C, EK[ 9], EK[ 8]); - decrypt_round(C, B, A, D, EK[ 7], EK[ 6]); - decrypt_round(D, C, B, A, EK[ 5], EK[ 4]); + decrypt_round(A, B, C, D, m_EK[35], m_EK[34]); + decrypt_round(B, C, D, A, m_EK[33], m_EK[32]); + decrypt_round(C, D, A, B, m_EK[31], m_EK[30]); + decrypt_round(D, A, B, C, m_EK[29], m_EK[28]); + decrypt_round(A, B, C, D, m_EK[27], m_EK[26]); + decrypt_round(B, C, D, A, m_EK[25], m_EK[24]); + decrypt_round(C, D, A, B, m_EK[23], m_EK[22]); + decrypt_round(D, A, B, C, m_EK[21], m_EK[20]); + + decrypt_round(A, D, C, B, m_EK[19], m_EK[18]); + decrypt_round(B, A, D, C, m_EK[17], m_EK[16]); + decrypt_round(C, B, A, D, m_EK[15], m_EK[14]); + decrypt_round(D, C, B, A, m_EK[13], m_EK[12]); + decrypt_round(A, D, C, B, m_EK[11], m_EK[10]); + decrypt_round(B, A, D, C, m_EK[ 9], m_EK[ 8]); + decrypt_round(C, B, A, D, m_EK[ 7], m_EK[ 6]); + decrypt_round(D, C, B, A, m_EK[ 5], m_EK[ 4]); reverse_mix(A, B, C, D); - A -= EK[3]; B -= EK[2]; C -= EK[1]; D -= EK[0]; + A -= m_EK[3]; B -= m_EK[2]; C -= m_EK[1]; D -= m_EK[0]; store_le(out, D, C, B, A); @@ -325,7 +325,7 @@ void MARS::key_schedule(const byte key[], size_t length) T[length / 4] = static_cast<u32bit>(length) / 4; - EK.resize(40); + m_EK.resize(40); for(u32bit i = 0; i != 4; ++i) { @@ -364,29 +364,29 @@ void MARS::key_schedule(const byte key[], size_t length) T[14] = rotate_left(T[14] + SBOX[T[13] % 512], 9); } - EK[10*i + 0] = T[ 0]; - EK[10*i + 1] = T[ 4]; - EK[10*i + 2] = T[ 8]; - EK[10*i + 3] = T[12]; - EK[10*i + 4] = T[ 1]; - EK[10*i + 5] = T[ 5]; - EK[10*i + 6] = T[ 9]; - EK[10*i + 7] = T[13]; - EK[10*i + 8] = T[ 2]; - EK[10*i + 9] = T[ 6]; + m_EK[10*i + 0] = T[ 0]; + m_EK[10*i + 1] = T[ 4]; + m_EK[10*i + 2] = T[ 8]; + m_EK[10*i + 3] = T[12]; + m_EK[10*i + 4] = T[ 1]; + m_EK[10*i + 5] = T[ 5]; + m_EK[10*i + 6] = T[ 9]; + m_EK[10*i + 7] = T[13]; + m_EK[10*i + 8] = T[ 2]; + m_EK[10*i + 9] = T[ 6]; } for(size_t i = 5; i != 37; i += 2) { - const u32bit key3 = EK[i] & 3; - EK[i] |= 3; - EK[i] ^= rotate_left(SBOX[265 + key3], EK[i-1] % 32) & gen_mask(EK[i]); + const u32bit key3 = m_EK[i] & 3; + m_EK[i] |= 3; + m_EK[i] ^= rotate_left(SBOX[265 + key3], m_EK[i-1] % 32) & gen_mask(m_EK[i]); } } void MARS::clear() { - zap(EK); + zap(m_EK); } } diff --git a/src/lib/block/mars/mars.h b/src/lib/block/mars/mars.h index 250fd2731..a4d7a07d6 100644 --- a/src/lib/block/mars/mars.h +++ b/src/lib/block/mars/mars.h @@ -15,7 +15,7 @@ namespace Botan { /** * MARS, IBM's candidate for AES */ -class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> +class BOTAN_DLL MARS final : public Block_Cipher_Fixed_Params<16, 16, 32, 4> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,7 +27,7 @@ class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK; + secure_vector<u32bit> m_EK; }; } diff --git a/src/lib/block/misty1/misty1.cpp b/src/lib/block/misty1/misty1.cpp index 490eec826..7f8ac7c76 100644 --- a/src/lib/block/misty1/misty1.cpp +++ b/src/lib/block/misty1/misty1.cpp @@ -113,7 +113,7 @@ void MISTY1::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 12; j += 3) { - const u16bit* RK = &EK[8 * j]; + const u16bit* RK = &m_EK[8 * j]; B1 ^= B0 & RK[0]; B0 ^= B1 | RK[1]; @@ -137,10 +137,10 @@ void MISTY1::encrypt_n(const byte in[], byte out[], size_t blocks) const B1 ^= T0; } - B1 ^= B0 & EK[96]; - B0 ^= B1 | EK[97]; - B3 ^= B2 & EK[98]; - B2 ^= B3 | EK[99]; + B1 ^= B0 & m_EK[96]; + B0 ^= B1 | m_EK[97]; + B3 ^= B2 & m_EK[98]; + B2 ^= B3 | m_EK[99]; store_be(out, B2, B3, B0, B1); @@ -163,7 +163,7 @@ void MISTY1::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 12; j += 3) { - const u16bit* RK = &DK[8 * j]; + const u16bit* RK = &m_DK[8 * j]; B2 ^= B3 | RK[0]; B3 ^= B2 & RK[1]; @@ -187,10 +187,10 @@ void MISTY1::decrypt_n(const byte in[], byte out[], size_t blocks) const B3 ^= T0; } - B2 ^= B3 | DK[96]; - B3 ^= B2 & DK[97]; - B0 ^= B1 | DK[98]; - B1 ^= B0 & DK[99]; + B2 ^= B3 | m_DK[96]; + B3 ^= B2 & m_DK[97]; + B0 ^= B1 | m_DK[98]; + B1 ^= B0 & m_DK[99]; store_be(out, B0, B1, B2, B3); @@ -241,20 +241,20 @@ void MISTY1::key_schedule(const byte key[], size_t length) 0x1C, 0x05, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13, 0x1B, 0x04, 0x04, 0x0A, 0x0E, 0x00 }; - EK.resize(100); - DK.resize(100); + m_EK.resize(100); + m_DK.resize(100); for(size_t i = 0; i != 100; ++i) { - EK[i] = KS[EK_ORDER[i]]; - DK[i] = KS[DK_ORDER[i]]; + m_EK[i] = KS[EK_ORDER[i]]; + m_DK[i] = KS[DK_ORDER[i]]; } } void MISTY1::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } } diff --git a/src/lib/block/misty1/misty1.h b/src/lib/block/misty1/misty1.h index 56153f929..791ace6aa 100644 --- a/src/lib/block/misty1/misty1.h +++ b/src/lib/block/misty1/misty1.h @@ -15,7 +15,7 @@ namespace Botan { /** * MISTY1 with 8 rounds */ -class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> +class BOTAN_DLL MISTY1 final : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,7 +27,7 @@ class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t) override; - secure_vector<u16bit> EK, DK; + secure_vector<u16bit> m_EK, m_DK; }; } diff --git a/src/lib/block/noekeon/noekeon.cpp b/src/lib/block/noekeon/noekeon.cpp index d63ec3129..01f7491f3 100644 --- a/src/lib/block/noekeon/noekeon.cpp +++ b/src/lib/block/noekeon/noekeon.cpp @@ -95,7 +95,7 @@ void Noekeon::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 16; ++j) { A0 ^= RC[j]; - theta(A0, A1, A2, A3, EK.data()); + theta(A0, A1, A2, A3, m_EK.data()); A1 = rotate_left(A1, 1); A2 = rotate_left(A2, 5); @@ -109,7 +109,7 @@ void Noekeon::encrypt_n(const byte in[], byte out[], size_t blocks) const } A0 ^= RC[16]; - theta(A0, A1, A2, A3, EK.data()); + theta(A0, A1, A2, A3, m_EK.data()); store_be(out, A0, A1, A2, A3); @@ -132,7 +132,7 @@ void Noekeon::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 16; j != 0; --j) { - theta(A0, A1, A2, A3, DK.data()); + theta(A0, A1, A2, A3, m_DK.data()); A0 ^= RC[j]; A1 = rotate_left(A1, 1); @@ -146,7 +146,7 @@ void Noekeon::decrypt_n(const byte in[], byte out[], size_t blocks) const A3 = rotate_right(A3, 2); } - theta(A0, A1, A2, A3, DK.data()); + theta(A0, A1, A2, A3, m_DK.data()); A0 ^= RC[0]; store_be(out, A0, A1, A2, A3); @@ -184,19 +184,19 @@ void Noekeon::key_schedule(const byte key[], size_t) A0 ^= RC[16]; - DK.resize(4); - DK[0] = A0; - DK[1] = A1; - DK[2] = A2; - DK[3] = A3; + m_DK.resize(4); + m_DK[0] = A0; + m_DK[1] = A1; + m_DK[2] = A2; + m_DK[3] = A3; theta(A0, A1, A2, A3); - EK.resize(4); - EK[0] = A0; - EK[1] = A1; - EK[2] = A2; - EK[3] = A3; + m_EK.resize(4); + m_EK[0] = A0; + m_EK[1] = A1; + m_EK[2] = A2; + m_EK[3] = A3; } /* @@ -204,8 +204,8 @@ void Noekeon::key_schedule(const byte key[], size_t) */ void Noekeon::clear() { - zap(EK); - zap(DK); + zap(m_EK); + zap(m_DK); } } diff --git a/src/lib/block/noekeon/noekeon.h b/src/lib/block/noekeon/noekeon.h index 7b5b6d11b..4a3b9de0c 100644 --- a/src/lib/block/noekeon/noekeon.h +++ b/src/lib/block/noekeon/noekeon.h @@ -33,16 +33,16 @@ class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> /** * @return const reference to encryption subkeys */ - const secure_vector<u32bit>& get_EK() const { return EK; } + const secure_vector<u32bit>& get_EK() const { return m_EK; } /** * @return const reference to decryption subkeys */ - const secure_vector<u32bit>& get_DK() const { return DK; } + const secure_vector<u32bit>& get_DK() const { return m_DK; } private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK, DK; + secure_vector<u32bit> m_EK, m_DK; }; } diff --git a/src/lib/block/noekeon_simd/noekeon_simd.h b/src/lib/block/noekeon_simd/noekeon_simd.h index 8d40d13dd..7907fc4ca 100644 --- a/src/lib/block/noekeon_simd/noekeon_simd.h +++ b/src/lib/block/noekeon_simd/noekeon_simd.h @@ -15,7 +15,7 @@ namespace Botan { /** * Noekeon implementation using SIMD operations */ -class BOTAN_DLL Noekeon_SIMD : public Noekeon +class BOTAN_DLL Noekeon_SIMD final : public Noekeon { public: size_t parallelism() const override { return 4; } diff --git a/src/lib/block/rc2/rc2.cpp b/src/lib/block/rc2/rc2.cpp index bcd8475e3..112c6561d 100644 --- a/src/lib/block/rc2/rc2.cpp +++ b/src/lib/block/rc2/rc2.cpp @@ -24,24 +24,24 @@ void RC2::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 16; ++j) { - R0 += (R1 & ~R3) + (R2 & R3) + K[4*j]; + R0 += (R1 & ~R3) + (R2 & R3) + m_K[4*j]; R0 = rotate_left(R0, 1); - R1 += (R2 & ~R0) + (R3 & R0) + K[4*j + 1]; + R1 += (R2 & ~R0) + (R3 & R0) + m_K[4*j + 1]; R1 = rotate_left(R1, 2); - R2 += (R3 & ~R1) + (R0 & R1) + K[4*j + 2]; + R2 += (R3 & ~R1) + (R0 & R1) + m_K[4*j + 2]; R2 = rotate_left(R2, 3); - R3 += (R0 & ~R2) + (R1 & R2) + K[4*j + 3]; + R3 += (R0 & ~R2) + (R1 & R2) + m_K[4*j + 3]; R3 = rotate_left(R3, 5); if(j == 4 || j == 10) { - R0 += K[R3 % 64]; - R1 += K[R0 % 64]; - R2 += K[R1 % 64]; - R3 += K[R2 % 64]; + R0 += m_K[R3 % 64]; + R1 += m_K[R0 % 64]; + R2 += m_K[R1 % 64]; + R3 += m_K[R2 % 64]; } } @@ -67,23 +67,23 @@ void RC2::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 16; ++j) { R3 = rotate_right(R3, 5); - R3 -= (R0 & ~R2) + (R1 & R2) + K[63 - (4*j + 0)]; + R3 -= (R0 & ~R2) + (R1 & R2) + m_K[63 - (4*j + 0)]; R2 = rotate_right(R2, 3); - R2 -= (R3 & ~R1) + (R0 & R1) + K[63 - (4*j + 1)]; + R2 -= (R3 & ~R1) + (R0 & R1) + m_K[63 - (4*j + 1)]; R1 = rotate_right(R1, 2); - R1 -= (R2 & ~R0) + (R3 & R0) + K[63 - (4*j + 2)]; + R1 -= (R2 & ~R0) + (R3 & R0) + m_K[63 - (4*j + 2)]; R0 = rotate_right(R0, 1); - R0 -= (R1 & ~R3) + (R2 & R3) + K[63 - (4*j + 3)]; + R0 -= (R1 & ~R3) + (R2 & R3) + m_K[63 - (4*j + 3)]; if(j == 4 || j == 10) { - R3 -= K[R2 % 64]; - R2 -= K[R1 % 64]; - R1 -= K[R0 % 64]; - R0 -= K[R3 % 64]; + R3 -= m_K[R2 % 64]; + R2 -= m_K[R1 % 64]; + R1 -= m_K[R0 % 64]; + R0 -= m_K[R3 % 64]; } } @@ -134,13 +134,13 @@ void RC2::key_schedule(const byte key[], size_t length) for(s32bit i = 127-length; i >= 0; --i) L[i] = TABLE[L[i+1] ^ L[i+length]]; - K.resize(64); - load_le<u16bit>(K.data(), L.data(), 64); + m_K.resize(64); + load_le<u16bit>(m_K.data(), L.data(), 64); } void RC2::clear() { - zap(K); + zap(m_K); } /* diff --git a/src/lib/block/rc2/rc2.h b/src/lib/block/rc2/rc2.h index 11956f408..9ec9b9557 100644 --- a/src/lib/block/rc2/rc2.h +++ b/src/lib/block/rc2/rc2.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC2 */ -class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> +class BOTAN_DLL RC2 final : public Block_Cipher_Fixed_Params<8, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -34,7 +34,7 @@ class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> private: void key_schedule(const byte[], size_t) override; - secure_vector<u16bit> K; + secure_vector<u16bit> m_K; }; } diff --git a/src/lib/block/rc5/rc5.cpp b/src/lib/block/rc5/rc5.cpp index a32efd775..a02a45e9f 100644 --- a/src/lib/block/rc5/rc5.cpp +++ b/src/lib/block/rc5/rc5.cpp @@ -21,20 +21,20 @@ void RC5::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit A = load_le<u32bit>(in, 0); u32bit B = load_le<u32bit>(in, 1); - A += S[0]; B += S[1]; - for(size_t j = 0; j != rounds; j += 4) + A += m_S[0]; B += m_S[1]; + for(size_t j = 0; j != m_rounds; j += 4) { - A = rotate_left(A ^ B, B % 32) + S[2*j+2]; - B = rotate_left(B ^ A, A % 32) + S[2*j+3]; + A = rotate_left(A ^ B, B % 32) + m_S[2*j+2]; + B = rotate_left(B ^ A, A % 32) + m_S[2*j+3]; - A = rotate_left(A ^ B, B % 32) + S[2*j+4]; - B = rotate_left(B ^ A, A % 32) + S[2*j+5]; + A = rotate_left(A ^ B, B % 32) + m_S[2*j+4]; + B = rotate_left(B ^ A, A % 32) + m_S[2*j+5]; - A = rotate_left(A ^ B, B % 32) + S[2*j+6]; - B = rotate_left(B ^ A, A % 32) + S[2*j+7]; + A = rotate_left(A ^ B, B % 32) + m_S[2*j+6]; + B = rotate_left(B ^ A, A % 32) + m_S[2*j+7]; - A = rotate_left(A ^ B, B % 32) + S[2*j+8]; - B = rotate_left(B ^ A, A % 32) + S[2*j+9]; + A = rotate_left(A ^ B, B % 32) + m_S[2*j+8]; + B = rotate_left(B ^ A, A % 32) + m_S[2*j+9]; } store_le(out, A, B); @@ -54,21 +54,21 @@ void RC5::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit A = load_le<u32bit>(in, 0); u32bit B = load_le<u32bit>(in, 1); - for(size_t j = rounds; j != 0; j -= 4) + for(size_t j = m_rounds; j != 0; j -= 4) { - B = rotate_right(B - S[2*j+1], A % 32) ^ A; - A = rotate_right(A - S[2*j ], B % 32) ^ B; + B = rotate_right(B - m_S[2*j+1], A % 32) ^ A; + A = rotate_right(A - m_S[2*j ], B % 32) ^ B; - B = rotate_right(B - S[2*j-1], A % 32) ^ A; - A = rotate_right(A - S[2*j-2], B % 32) ^ B; + B = rotate_right(B - m_S[2*j-1], A % 32) ^ A; + A = rotate_right(A - m_S[2*j-2], B % 32) ^ B; - B = rotate_right(B - S[2*j-3], A % 32) ^ A; - A = rotate_right(A - S[2*j-4], B % 32) ^ B; + B = rotate_right(B - m_S[2*j-3], A % 32) ^ A; + A = rotate_right(A - m_S[2*j-4], B % 32) ^ B; - B = rotate_right(B - S[2*j-5], A % 32) ^ A; - A = rotate_right(A - S[2*j-6], B % 32) ^ B; + B = rotate_right(B - m_S[2*j-5], A % 32) ^ A; + A = rotate_right(A - m_S[2*j-6], B % 32) ^ B; } - B -= S[1]; A -= S[0]; + B -= m_S[1]; A -= m_S[0]; store_le(out, A, B); @@ -82,14 +82,14 @@ void RC5::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void RC5::key_schedule(const byte key[], size_t length) { - S.resize(2*rounds + 2); + m_S.resize(2*m_rounds + 2); const size_t WORD_KEYLENGTH = (((length - 1) / 4) + 1); - const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, S.size()); + const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, m_S.size()); - S[0] = 0xB7E15163; - for(size_t i = 1; i != S.size(); ++i) - S[i] = S[i-1] + 0x9E3779B9; + m_S[0] = 0xB7E15163; + for(size_t i = 1; i != m_S.size(); ++i) + m_S[i] = m_S[i-1] + 0x9E3779B9; secure_vector<u32bit> K(8); @@ -100,16 +100,16 @@ void RC5::key_schedule(const byte key[], size_t length) for(size_t i = 0; i != MIX_ROUNDS; ++i) { - A = rotate_left(S[i % S.size()] + A + B, 3); + A = rotate_left(m_S[i % m_S.size()] + A + B, 3); B = rotate_left(K[i % WORD_KEYLENGTH] + A + B, (A + B) % 32); - S[i % S.size()] = A; + m_S[i % m_S.size()] = A; K[i % WORD_KEYLENGTH] = B; } } void RC5::clear() { - zap(S); + zap(m_S); } /* @@ -117,17 +117,17 @@ void RC5::clear() */ std::string RC5::name() const { - return "RC5(" + std::to_string(rounds) + ")"; + return "RC5(" + std::to_string(m_rounds) + ")"; } /* * RC5 Constructor */ -RC5::RC5(size_t r) : rounds(r) +RC5::RC5(size_t r) : m_rounds(r) { - if(rounds < 8 || rounds > 32 || (rounds % 4 != 0)) + if(m_rounds < 8 || m_rounds > 32 || (m_rounds % 4 != 0)) throw Invalid_Argument("RC5: Invalid number of rounds " + - std::to_string(rounds)); + std::to_string(m_rounds)); } } diff --git a/src/lib/block/rc5/rc5.h b/src/lib/block/rc5/rc5.h index b8ff1c3f7..4d9232326 100644 --- a/src/lib/block/rc5/rc5.h +++ b/src/lib/block/rc5/rc5.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC5 */ -class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> +class BOTAN_DLL RC5 final : public Block_Cipher_Fixed_Params<8, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -23,18 +23,18 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> void clear() override; std::string name() const override; - BlockCipher* clone() const override { return new RC5(rounds); } + BlockCipher* clone() const override { return new RC5(m_rounds); } /** * @param rounds the number of RC5 rounds to run. Must be between * 8 and 32 and a multiple of 4. */ - RC5(size_t rounds); + explicit RC5(size_t rounds); private: void key_schedule(const byte[], size_t) override; - size_t rounds; - secure_vector<u32bit> S; + size_t m_rounds; + secure_vector<u32bit> m_S; }; } diff --git a/src/lib/block/rc6/rc6.cpp b/src/lib/block/rc6/rc6.cpp index 48fb1c32e..426b86ebd 100644 --- a/src/lib/block/rc6/rc6.cpp +++ b/src/lib/block/rc6/rc6.cpp @@ -22,7 +22,7 @@ void RC6::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit C = load_le<u32bit>(in, 2); u32bit D = load_le<u32bit>(in, 3); - B += S[0]; D += S[1]; + B += m_S[0]; D += m_S[1]; for(size_t j = 0; j != 20; j += 4) { @@ -30,26 +30,26 @@ void RC6::encrypt_n(const byte in[], byte out[], size_t blocks) const T1 = rotate_left(B*(2*B+1), 5); T2 = rotate_left(D*(2*D+1), 5); - A = rotate_left(A ^ T1, T2 % 32) + S[2*j+2]; - C = rotate_left(C ^ T2, T1 % 32) + S[2*j+3]; + A = rotate_left(A ^ T1, T2 % 32) + m_S[2*j+2]; + C = rotate_left(C ^ T2, T1 % 32) + m_S[2*j+3]; T1 = rotate_left(C*(2*C+1), 5); T2 = rotate_left(A*(2*A+1), 5); - B = rotate_left(B ^ T1, T2 % 32) + S[2*j+4]; - D = rotate_left(D ^ T2, T1 % 32) + S[2*j+5]; + B = rotate_left(B ^ T1, T2 % 32) + m_S[2*j+4]; + D = rotate_left(D ^ T2, T1 % 32) + m_S[2*j+5]; T1 = rotate_left(D*(2*D+1), 5); T2 = rotate_left(B*(2*B+1), 5); - C = rotate_left(C ^ T1, T2 % 32) + S[2*j+6]; - A = rotate_left(A ^ T2, T1 % 32) + S[2*j+7]; + C = rotate_left(C ^ T1, T2 % 32) + m_S[2*j+6]; + A = rotate_left(A ^ T2, T1 % 32) + m_S[2*j+7]; T1 = rotate_left(A*(2*A+1), 5); T2 = rotate_left(C*(2*C+1), 5); - D = rotate_left(D ^ T1, T2 % 32) + S[2*j+8]; - B = rotate_left(B ^ T2, T1 % 32) + S[2*j+9]; + D = rotate_left(D ^ T1, T2 % 32) + m_S[2*j+8]; + B = rotate_left(B ^ T2, T1 % 32) + m_S[2*j+9]; } - A += S[42]; C += S[43]; + A += m_S[42]; C += m_S[43]; store_le(out, A, B, C, D); @@ -70,7 +70,7 @@ void RC6::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit C = load_le<u32bit>(in, 2); u32bit D = load_le<u32bit>(in, 3); - C -= S[43]; A -= S[42]; + C -= m_S[43]; A -= m_S[42]; for(size_t j = 0; j != 20; j += 4) { @@ -78,26 +78,26 @@ void RC6::decrypt_n(const byte in[], byte out[], size_t blocks) const T1 = rotate_left(A*(2*A+1), 5); T2 = rotate_left(C*(2*C+1), 5); - B = rotate_right(B - S[41 - 2*j], T1 % 32) ^ T2; - D = rotate_right(D - S[40 - 2*j], T2 % 32) ^ T1; + B = rotate_right(B - m_S[41 - 2*j], T1 % 32) ^ T2; + D = rotate_right(D - m_S[40 - 2*j], T2 % 32) ^ T1; T1 = rotate_left(D*(2*D+1), 5); T2 = rotate_left(B*(2*B+1), 5); - A = rotate_right(A - S[39 - 2*j], T1 % 32) ^ T2; - C = rotate_right(C - S[38 - 2*j], T2 % 32) ^ T1; + A = rotate_right(A - m_S[39 - 2*j], T1 % 32) ^ T2; + C = rotate_right(C - m_S[38 - 2*j], T2 % 32) ^ T1; T1 = rotate_left(C*(2*C+1), 5); T2 = rotate_left(A*(2*A+1), 5); - D = rotate_right(D - S[37 - 2*j], T1 % 32) ^ T2; - B = rotate_right(B - S[36 - 2*j], T2 % 32) ^ T1; + D = rotate_right(D - m_S[37 - 2*j], T1 % 32) ^ T2; + B = rotate_right(B - m_S[36 - 2*j], T2 % 32) ^ T1; T1 = rotate_left(B*(2*B+1), 5); T2 = rotate_left(D*(2*D+1), 5); - C = rotate_right(C - S[35 - 2*j], T1 % 32) ^ T2; - A = rotate_right(A - S[34 - 2*j], T2 % 32) ^ T1; + C = rotate_right(C - m_S[35 - 2*j], T1 % 32) ^ T2; + A = rotate_right(A - m_S[34 - 2*j], T2 % 32) ^ T1; } - D -= S[1]; B -= S[0]; + D -= m_S[1]; B -= m_S[0]; store_le(out, A, B, C, D); @@ -111,14 +111,14 @@ void RC6::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void RC6::key_schedule(const byte key[], size_t length) { - S.resize(44); + m_S.resize(44); const size_t WORD_KEYLENGTH = (((length - 1) / 4) + 1); - const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, S.size()); + const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, m_S.size()); - S[0] = 0xB7E15163; - for(size_t i = 1; i != S.size(); ++i) - S[i] = S[i-1] + 0x9E3779B9; + m_S[0] = 0xB7E15163; + for(size_t i = 1; i != m_S.size(); ++i) + m_S[i] = m_S[i-1] + 0x9E3779B9; secure_vector<u32bit> K(8); @@ -128,16 +128,16 @@ void RC6::key_schedule(const byte key[], size_t length) u32bit A = 0, B = 0; for(size_t i = 0; i != MIX_ROUNDS; ++i) { - A = rotate_left(S[i % S.size()] + A + B, 3); + A = rotate_left(m_S[i % m_S.size()] + A + B, 3); B = rotate_left(K[i % WORD_KEYLENGTH] + A + B, (A + B) % 32); - S[i % S.size()] = A; + m_S[i % m_S.size()] = A; K[i % WORD_KEYLENGTH] = B; } } void RC6::clear() { - zap(S); + zap(m_S); } } diff --git a/src/lib/block/rc6/rc6.h b/src/lib/block/rc6/rc6.h index 1ff7304ed..3f9bb0af1 100644 --- a/src/lib/block/rc6/rc6.h +++ b/src/lib/block/rc6/rc6.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC6, Ron Rivest's AES candidate */ -class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> +class BOTAN_DLL RC6 final : public Block_Cipher_Fixed_Params<16, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,7 +27,7 @@ class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> S; + secure_vector<u32bit> m_S; }; } diff --git a/src/lib/block/safer/safer_sk.cpp b/src/lib/block/safer/safer_sk.cpp index a8781697d..8dec0b897 100644 --- a/src/lib/block/safer/safer_sk.cpp +++ b/src/lib/block/safer/safer_sk.cpp @@ -94,15 +94,15 @@ void SAFER_SK::encrypt_n(const byte in[], byte out[], size_t blocks) const byte A = in[0], B = in[1], C = in[2], D = in[3], E = in[4], F = in[5], G = in[6], H = in[7], X, Y; - for(size_t j = 0; j != 16*rounds; j += 16) + for(size_t j = 0; j != 16*m_rounds; j += 16) { - A = EXP[A ^ EK[j ]]; B = LOG[B + EK[j+1]]; - C = LOG[C + EK[j+2]]; D = EXP[D ^ EK[j+3]]; - E = EXP[E ^ EK[j+4]]; F = LOG[F + EK[j+5]]; - G = LOG[G + EK[j+6]]; H = EXP[H ^ EK[j+7]]; + A = EXP[A ^ m_EK[j ]]; B = LOG[B + m_EK[j+1]]; + C = LOG[C + m_EK[j+2]]; D = EXP[D ^ m_EK[j+3]]; + E = EXP[E ^ m_EK[j+4]]; F = LOG[F + m_EK[j+5]]; + G = LOG[G + m_EK[j+6]]; H = EXP[H ^ m_EK[j+7]]; - A += EK[j+ 8]; B ^= EK[j+ 9]; C ^= EK[j+10]; D += EK[j+11]; - E += EK[j+12]; F ^= EK[j+13]; G ^= EK[j+14]; H += EK[j+15]; + A += m_EK[j+ 8]; B ^= m_EK[j+ 9]; C ^= m_EK[j+10]; D += m_EK[j+11]; + E += m_EK[j+12]; F ^= m_EK[j+13]; G ^= m_EK[j+14]; H += m_EK[j+15]; B += A; D += C; F += E; H += G; A += B; C += D; E += F; G += H; C += A; G += E; D += B; H += F; A += C; E += G; B += D; F += H; @@ -110,10 +110,10 @@ void SAFER_SK::encrypt_n(const byte in[], byte out[], size_t blocks) const A += B; F = C + G; E = C + F; C = X; G = Y; } - out[0] = A ^ EK[16*rounds+0]; out[1] = B + EK[16*rounds+1]; - out[2] = C + EK[16*rounds+2]; out[3] = D ^ EK[16*rounds+3]; - out[4] = E ^ EK[16*rounds+4]; out[5] = F + EK[16*rounds+5]; - out[6] = G + EK[16*rounds+6]; out[7] = H ^ EK[16*rounds+7]; + out[0] = A ^ m_EK[16*m_rounds+0]; out[1] = B + m_EK[16*m_rounds+1]; + out[2] = C + m_EK[16*m_rounds+2]; out[3] = D ^ m_EK[16*m_rounds+3]; + out[4] = E ^ m_EK[16*m_rounds+4]; out[5] = F + m_EK[16*m_rounds+5]; + out[6] = G + m_EK[16*m_rounds+6]; out[7] = H ^ m_EK[16*m_rounds+7]; in += BLOCK_SIZE; out += BLOCK_SIZE; @@ -130,24 +130,24 @@ void SAFER_SK::decrypt_n(const byte in[], byte out[], size_t blocks) const byte A = in[0], B = in[1], C = in[2], D = in[3], E = in[4], F = in[5], G = in[6], H = in[7]; - A ^= EK[16*rounds+0]; B -= EK[16*rounds+1]; C -= EK[16*rounds+2]; - D ^= EK[16*rounds+3]; E ^= EK[16*rounds+4]; F -= EK[16*rounds+5]; - G -= EK[16*rounds+6]; H ^= EK[16*rounds+7]; + A ^= m_EK[16*m_rounds+0]; B -= m_EK[16*m_rounds+1]; C -= m_EK[16*m_rounds+2]; + D ^= m_EK[16*m_rounds+3]; E ^= m_EK[16*m_rounds+4]; F -= m_EK[16*m_rounds+5]; + G -= m_EK[16*m_rounds+6]; H ^= m_EK[16*m_rounds+7]; - for(s32bit j = 16*(rounds-1); j >= 0; j -= 16) + for(s32bit j = 16*(m_rounds-1); j >= 0; j -= 16) { byte T = E; E = B; B = C; C = T; T = F; F = D; D = G; G = T; A -= E; B -= F; C -= G; D -= H; E -= A; F -= B; G -= C; H -= D; A -= C; E -= G; B -= D; F -= H; C -= A; G -= E; D -= B; H -= F; A -= B; C -= D; E -= F; G -= H; B -= A; D -= C; F -= E; H -= G; - A = LOG[A - EK[j+8 ] + 256]; B = EXP[B ^ EK[j+9 ]]; - C = EXP[C ^ EK[j+10]]; D = LOG[D - EK[j+11] + 256]; - E = LOG[E - EK[j+12] + 256]; F = EXP[F ^ EK[j+13]]; - G = EXP[G ^ EK[j+14]]; H = LOG[H - EK[j+15] + 256]; + A = LOG[A - m_EK[j+8 ] + 256]; B = EXP[B ^ m_EK[j+9 ]]; + C = EXP[C ^ m_EK[j+10]]; D = LOG[D - m_EK[j+11] + 256]; + E = LOG[E - m_EK[j+12] + 256]; F = EXP[F ^ m_EK[j+13]]; + G = EXP[G ^ m_EK[j+14]]; H = LOG[H - m_EK[j+15] + 256]; - A ^= EK[j+0]; B -= EK[j+1]; C -= EK[j+2]; D ^= EK[j+3]; - E ^= EK[j+4]; F -= EK[j+5]; G -= EK[j+6]; H ^= EK[j+7]; + A ^= m_EK[j+0]; B -= m_EK[j+1]; C -= m_EK[j+2]; D ^= m_EK[j+3]; + E ^= m_EK[j+4]; F -= m_EK[j+5]; G -= m_EK[j+6]; H ^= m_EK[j+7]; } out[0] = A; out[1] = B; out[2] = C; out[3] = D; @@ -203,28 +203,28 @@ void SAFER_SK::key_schedule(const byte key[], size_t) 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - EK.resize(16 * rounds + 8); + m_EK.resize(16 * m_rounds + 8); secure_vector<byte> KB(18); for(size_t i = 0; i != 8; ++i) { KB[ 8] ^= KB[i] = rotate_left(key[i], 5); - KB[17] ^= KB[i+9] = EK[i] = key[i+8]; + KB[17] ^= KB[i+9] = m_EK[i] = key[i+8]; } - for(size_t i = 0; i != rounds; ++i) + for(size_t i = 0; i != m_rounds; ++i) { for(size_t j = 0; j != 18; ++j) KB[j] = rotate_left(KB[j], 6); for(size_t j = 0; j != 16; ++j) - EK[16*i+j+8] = KB[KEY_INDEX[16*i+j]] + BIAS[16*i+j]; + m_EK[16*i+j+8] = KB[KEY_INDEX[16*i+j]] + BIAS[16*i+j]; } } void SAFER_SK::clear() { - zap(EK); + zap(m_EK); } /* @@ -232,7 +232,7 @@ void SAFER_SK::clear() */ std::string SAFER_SK::name() const { - return "SAFER-SK(" + std::to_string(rounds) + ")"; + return "SAFER-SK(" + std::to_string(m_rounds) + ")"; } /* @@ -240,15 +240,15 @@ std::string SAFER_SK::name() const */ BlockCipher* SAFER_SK::clone() const { - return new SAFER_SK(rounds); + return new SAFER_SK(m_rounds); } /* * SAFER-SK Constructor */ -SAFER_SK::SAFER_SK(size_t r) : rounds(r) +SAFER_SK::SAFER_SK(size_t r) : m_rounds(r) { - if(rounds > 13 || rounds == 0) + if(m_rounds > 13 || m_rounds == 0) throw Invalid_Argument(name() + ": Invalid number of rounds"); } diff --git a/src/lib/block/safer/safer_sk.h b/src/lib/block/safer/safer_sk.h index 74241d4e6..af944b36c 100644 --- a/src/lib/block/safer/safer_sk.h +++ b/src/lib/block/safer/safer_sk.h @@ -15,7 +15,7 @@ namespace Botan { /** * SAFER-SK */ -class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> +class BOTAN_DLL SAFER_SK final : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -29,12 +29,12 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> * @param rounds the number of rounds to use - must be between 1 * and 13 */ - SAFER_SK(size_t rounds); + explicit SAFER_SK(size_t rounds); private: void key_schedule(const byte[], size_t) override; - size_t rounds; - secure_vector<byte> EK; + size_t m_rounds; + secure_vector<byte> m_EK; }; } diff --git a/src/lib/block/seed/seed.cpp b/src/lib/block/seed/seed.cpp index 833f9943f..6e0aaa41f 100644 --- a/src/lib/block/seed/seed.cpp +++ b/src/lib/block/seed/seed.cpp @@ -10,15 +10,199 @@ namespace Botan { +namespace { + +const u32bit SEED_S0[256] = { + 0x2989A1A8, 0x05858184, 0x16C6D2D4, 0x13C3D3D0, 0x14445054, 0x1D0D111C, + 0x2C8CA0AC, 0x25052124, 0x1D4D515C, 0x03434340, 0x18081018, 0x1E0E121C, + 0x11415150, 0x3CCCF0FC, 0x0ACAC2C8, 0x23436360, 0x28082028, 0x04444044, + 0x20002020, 0x1D8D919C, 0x20C0E0E0, 0x22C2E2E0, 0x08C8C0C8, 0x17071314, + 0x2585A1A4, 0x0F8F838C, 0x03030300, 0x3B4B7378, 0x3B8BB3B8, 0x13031310, + 0x12C2D2D0, 0x2ECEE2EC, 0x30407070, 0x0C8C808C, 0x3F0F333C, 0x2888A0A8, + 0x32023230, 0x1DCDD1DC, 0x36C6F2F4, 0x34447074, 0x2CCCE0EC, 0x15859194, + 0x0B0B0308, 0x17475354, 0x1C4C505C, 0x1B4B5358, 0x3D8DB1BC, 0x01010100, + 0x24042024, 0x1C0C101C, 0x33437370, 0x18889098, 0x10001010, 0x0CCCC0CC, + 0x32C2F2F0, 0x19C9D1D8, 0x2C0C202C, 0x27C7E3E4, 0x32427270, 0x03838380, + 0x1B8B9398, 0x11C1D1D0, 0x06868284, 0x09C9C1C8, 0x20406060, 0x10405050, + 0x2383A3A0, 0x2BCBE3E8, 0x0D0D010C, 0x3686B2B4, 0x1E8E929C, 0x0F4F434C, + 0x3787B3B4, 0x1A4A5258, 0x06C6C2C4, 0x38487078, 0x2686A2A4, 0x12021210, + 0x2F8FA3AC, 0x15C5D1D4, 0x21416160, 0x03C3C3C0, 0x3484B0B4, 0x01414140, + 0x12425250, 0x3D4D717C, 0x0D8D818C, 0x08080008, 0x1F0F131C, 0x19899198, + 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37C7F3F4, 0x21C1E1E0, + 0x3DCDF1FC, 0x36467274, 0x2F0F232C, 0x27072324, 0x3080B0B0, 0x0B8B8388, + 0x0E0E020C, 0x2B8BA3A8, 0x2282A2A0, 0x2E4E626C, 0x13839390, 0x0D4D414C, + 0x29496168, 0x3C4C707C, 0x09090108, 0x0A0A0208, 0x3F8FB3BC, 0x2FCFE3EC, + 0x33C3F3F0, 0x05C5C1C4, 0x07878384, 0x14041014, 0x3ECEF2FC, 0x24446064, + 0x1ECED2DC, 0x2E0E222C, 0x0B4B4348, 0x1A0A1218, 0x06060204, 0x21012120, + 0x2B4B6368, 0x26466264, 0x02020200, 0x35C5F1F4, 0x12829290, 0x0A8A8288, + 0x0C0C000C, 0x3383B3B0, 0x3E4E727C, 0x10C0D0D0, 0x3A4A7278, 0x07474344, + 0x16869294, 0x25C5E1E4, 0x26062224, 0x00808080, 0x2D8DA1AC, 0x1FCFD3DC, + 0x2181A1A0, 0x30003030, 0x37073334, 0x2E8EA2AC, 0x36063234, 0x15051114, + 0x22022220, 0x38083038, 0x34C4F0F4, 0x2787A3A4, 0x05454144, 0x0C4C404C, + 0x01818180, 0x29C9E1E8, 0x04848084, 0x17879394, 0x35053134, 0x0BCBC3C8, + 0x0ECEC2CC, 0x3C0C303C, 0x31417170, 0x11011110, 0x07C7C3C4, 0x09898188, + 0x35457174, 0x3BCBF3F8, 0x1ACAD2D8, 0x38C8F0F8, 0x14849094, 0x19495158, + 0x02828280, 0x04C4C0C4, 0x3FCFF3FC, 0x09494148, 0x39093138, 0x27476364, + 0x00C0C0C0, 0x0FCFC3CC, 0x17C7D3D4, 0x3888B0B8, 0x0F0F030C, 0x0E8E828C, + 0x02424240, 0x23032320, 0x11819190, 0x2C4C606C, 0x1BCBD3D8, 0x2484A0A4, + 0x34043034, 0x31C1F1F0, 0x08484048, 0x02C2C2C0, 0x2F4F636C, 0x3D0D313C, + 0x2D0D212C, 0x00404040, 0x3E8EB2BC, 0x3E0E323C, 0x3C8CB0BC, 0x01C1C1C0, + 0x2A8AA2A8, 0x3A8AB2B8, 0x0E4E424C, 0x15455154, 0x3B0B3338, 0x1CCCD0DC, + 0x28486068, 0x3F4F737C, 0x1C8C909C, 0x18C8D0D8, 0x0A4A4248, 0x16465254, + 0x37477374, 0x2080A0A0, 0x2DCDE1EC, 0x06464244, 0x3585B1B4, 0x2B0B2328, + 0x25456164, 0x3ACAF2F8, 0x23C3E3E0, 0x3989B1B8, 0x3181B1B0, 0x1F8F939C, + 0x1E4E525C, 0x39C9F1F8, 0x26C6E2E4, 0x3282B2B0, 0x31013130, 0x2ACAE2E8, + 0x2D4D616C, 0x1F4F535C, 0x24C4E0E4, 0x30C0F0F0, 0x0DCDC1CC, 0x08888088, + 0x16061214, 0x3A0A3238, 0x18485058, 0x14C4D0D4, 0x22426260, 0x29092128, + 0x07070304, 0x33033330, 0x28C8E0E8, 0x1B0B1318, 0x05050104, 0x39497178, + 0x10809090, 0x2A4A6268, 0x2A0A2228, 0x1A8A9298 }; + +const u32bit SEED_S1[256] = { + 0x38380830, 0xE828C8E0, 0x2C2D0D21, 0xA42686A2, 0xCC0FCFC3, 0xDC1ECED2, + 0xB03383B3, 0xB83888B0, 0xAC2F8FA3, 0x60204060, 0x54154551, 0xC407C7C3, + 0x44044440, 0x6C2F4F63, 0x682B4B63, 0x581B4B53, 0xC003C3C3, 0x60224262, + 0x30330333, 0xB43585B1, 0x28290921, 0xA02080A0, 0xE022C2E2, 0xA42787A3, + 0xD013C3D3, 0x90118191, 0x10110111, 0x04060602, 0x1C1C0C10, 0xBC3C8CB0, + 0x34360632, 0x480B4B43, 0xEC2FCFE3, 0x88088880, 0x6C2C4C60, 0xA82888A0, + 0x14170713, 0xC404C4C0, 0x14160612, 0xF434C4F0, 0xC002C2C2, 0x44054541, + 0xE021C1E1, 0xD416C6D2, 0x3C3F0F33, 0x3C3D0D31, 0x8C0E8E82, 0x98188890, + 0x28280820, 0x4C0E4E42, 0xF436C6F2, 0x3C3E0E32, 0xA42585A1, 0xF839C9F1, + 0x0C0D0D01, 0xDC1FCFD3, 0xD818C8D0, 0x282B0B23, 0x64264662, 0x783A4A72, + 0x24270723, 0x2C2F0F23, 0xF031C1F1, 0x70324272, 0x40024242, 0xD414C4D0, + 0x40014141, 0xC000C0C0, 0x70334373, 0x64274763, 0xAC2C8CA0, 0x880B8B83, + 0xF437C7F3, 0xAC2D8DA1, 0x80008080, 0x1C1F0F13, 0xC80ACAC2, 0x2C2C0C20, + 0xA82A8AA2, 0x34340430, 0xD012C2D2, 0x080B0B03, 0xEC2ECEE2, 0xE829C9E1, + 0x5C1D4D51, 0x94148490, 0x18180810, 0xF838C8F0, 0x54174753, 0xAC2E8EA2, + 0x08080800, 0xC405C5C1, 0x10130313, 0xCC0DCDC1, 0x84068682, 0xB83989B1, + 0xFC3FCFF3, 0x7C3D4D71, 0xC001C1C1, 0x30310131, 0xF435C5F1, 0x880A8A82, + 0x682A4A62, 0xB03181B1, 0xD011C1D1, 0x20200020, 0xD417C7D3, 0x00020202, + 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xD81BCBD3, + 0x9C1D8D91, 0x98198991, 0x60214161, 0xBC3E8EB2, 0xE426C6E2, 0x58194951, + 0xDC1DCDD1, 0x50114151, 0x90108090, 0xDC1CCCD0, 0x981A8A92, 0xA02383A3, + 0xA82B8BA3, 0xD010C0D0, 0x80018181, 0x0C0F0F03, 0x44074743, 0x181A0A12, + 0xE023C3E3, 0xEC2CCCE0, 0x8C0D8D81, 0xBC3F8FB3, 0x94168692, 0x783B4B73, + 0x5C1C4C50, 0xA02282A2, 0xA02181A1, 0x60234363, 0x20230323, 0x4C0D4D41, + 0xC808C8C0, 0x9C1E8E92, 0x9C1C8C90, 0x383A0A32, 0x0C0C0C00, 0x2C2E0E22, + 0xB83A8AB2, 0x6C2E4E62, 0x9C1F8F93, 0x581A4A52, 0xF032C2F2, 0x90128292, + 0xF033C3F3, 0x48094941, 0x78384870, 0xCC0CCCC0, 0x14150511, 0xF83BCBF3, + 0x70304070, 0x74354571, 0x7C3F4F73, 0x34350531, 0x10100010, 0x00030303, + 0x64244460, 0x6C2D4D61, 0xC406C6C2, 0x74344470, 0xD415C5D1, 0xB43484B0, + 0xE82ACAE2, 0x08090901, 0x74364672, 0x18190911, 0xFC3ECEF2, 0x40004040, + 0x10120212, 0xE020C0E0, 0xBC3D8DB1, 0x04050501, 0xF83ACAF2, 0x00010101, + 0xF030C0F0, 0x282A0A22, 0x5C1E4E52, 0xA82989A1, 0x54164652, 0x40034343, + 0x84058581, 0x14140410, 0x88098981, 0x981B8B93, 0xB03080B0, 0xE425C5E1, + 0x48084840, 0x78394971, 0x94178793, 0xFC3CCCF0, 0x1C1E0E12, 0x80028282, + 0x20210121, 0x8C0C8C80, 0x181B0B13, 0x5C1F4F53, 0x74374773, 0x54144450, + 0xB03282B2, 0x1C1D0D11, 0x24250521, 0x4C0F4F43, 0x00000000, 0x44064642, + 0xEC2DCDE1, 0x58184850, 0x50124252, 0xE82BCBE3, 0x7C3E4E72, 0xD81ACAD2, + 0xC809C9C1, 0xFC3DCDF1, 0x30300030, 0x94158591, 0x64254561, 0x3C3C0C30, + 0xB43686B2, 0xE424C4E0, 0xB83B8BB3, 0x7C3C4C70, 0x0C0E0E02, 0x50104050, + 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393, + 0x34370733, 0xE427C7E3, 0x24240420, 0xA42484A0, 0xC80BCBC3, 0x50134353, + 0x080A0A02, 0x84078783, 0xD819C9D1, 0x4C0C4C40, 0x80038383, 0x8C0F8F83, + 0xCC0ECEC2, 0x383B0B33, 0x480A4A42, 0xB43787B3 }; + +const u32bit SEED_S2[256] = { + 0xA1A82989, 0x81840585, 0xD2D416C6, 0xD3D013C3, 0x50541444, 0x111C1D0D, + 0xA0AC2C8C, 0x21242505, 0x515C1D4D, 0x43400343, 0x10181808, 0x121C1E0E, + 0x51501141, 0xF0FC3CCC, 0xC2C80ACA, 0x63602343, 0x20282808, 0x40440444, + 0x20202000, 0x919C1D8D, 0xE0E020C0, 0xE2E022C2, 0xC0C808C8, 0x13141707, + 0xA1A42585, 0x838C0F8F, 0x03000303, 0x73783B4B, 0xB3B83B8B, 0x13101303, + 0xD2D012C2, 0xE2EC2ECE, 0x70703040, 0x808C0C8C, 0x333C3F0F, 0xA0A82888, + 0x32303202, 0xD1DC1DCD, 0xF2F436C6, 0x70743444, 0xE0EC2CCC, 0x91941585, + 0x03080B0B, 0x53541747, 0x505C1C4C, 0x53581B4B, 0xB1BC3D8D, 0x01000101, + 0x20242404, 0x101C1C0C, 0x73703343, 0x90981888, 0x10101000, 0xC0CC0CCC, + 0xF2F032C2, 0xD1D819C9, 0x202C2C0C, 0xE3E427C7, 0x72703242, 0x83800383, + 0x93981B8B, 0xD1D011C1, 0x82840686, 0xC1C809C9, 0x60602040, 0x50501040, + 0xA3A02383, 0xE3E82BCB, 0x010C0D0D, 0xB2B43686, 0x929C1E8E, 0x434C0F4F, + 0xB3B43787, 0x52581A4A, 0xC2C406C6, 0x70783848, 0xA2A42686, 0x12101202, + 0xA3AC2F8F, 0xD1D415C5, 0x61602141, 0xC3C003C3, 0xB0B43484, 0x41400141, + 0x52501242, 0x717C3D4D, 0x818C0D8D, 0x00080808, 0x131C1F0F, 0x91981989, + 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xF3F437C7, 0xE1E021C1, + 0xF1FC3DCD, 0x72743646, 0x232C2F0F, 0x23242707, 0xB0B03080, 0x83880B8B, + 0x020C0E0E, 0xA3A82B8B, 0xA2A02282, 0x626C2E4E, 0x93901383, 0x414C0D4D, + 0x61682949, 0x707C3C4C, 0x01080909, 0x02080A0A, 0xB3BC3F8F, 0xE3EC2FCF, + 0xF3F033C3, 0xC1C405C5, 0x83840787, 0x10141404, 0xF2FC3ECE, 0x60642444, + 0xD2DC1ECE, 0x222C2E0E, 0x43480B4B, 0x12181A0A, 0x02040606, 0x21202101, + 0x63682B4B, 0x62642646, 0x02000202, 0xF1F435C5, 0x92901282, 0x82880A8A, + 0x000C0C0C, 0xB3B03383, 0x727C3E4E, 0xD0D010C0, 0x72783A4A, 0x43440747, + 0x92941686, 0xE1E425C5, 0x22242606, 0x80800080, 0xA1AC2D8D, 0xD3DC1FCF, + 0xA1A02181, 0x30303000, 0x33343707, 0xA2AC2E8E, 0x32343606, 0x11141505, + 0x22202202, 0x30383808, 0xF0F434C4, 0xA3A42787, 0x41440545, 0x404C0C4C, + 0x81800181, 0xE1E829C9, 0x80840484, 0x93941787, 0x31343505, 0xC3C80BCB, + 0xC2CC0ECE, 0x303C3C0C, 0x71703141, 0x11101101, 0xC3C407C7, 0x81880989, + 0x71743545, 0xF3F83BCB, 0xD2D81ACA, 0xF0F838C8, 0x90941484, 0x51581949, + 0x82800282, 0xC0C404C4, 0xF3FC3FCF, 0x41480949, 0x31383909, 0x63642747, + 0xC0C000C0, 0xC3CC0FCF, 0xD3D417C7, 0xB0B83888, 0x030C0F0F, 0x828C0E8E, + 0x42400242, 0x23202303, 0x91901181, 0x606C2C4C, 0xD3D81BCB, 0xA0A42484, + 0x30343404, 0xF1F031C1, 0x40480848, 0xC2C002C2, 0x636C2F4F, 0x313C3D0D, + 0x212C2D0D, 0x40400040, 0xB2BC3E8E, 0x323C3E0E, 0xB0BC3C8C, 0xC1C001C1, + 0xA2A82A8A, 0xB2B83A8A, 0x424C0E4E, 0x51541545, 0x33383B0B, 0xD0DC1CCC, + 0x60682848, 0x737C3F4F, 0x909C1C8C, 0xD0D818C8, 0x42480A4A, 0x52541646, + 0x73743747, 0xA0A02080, 0xE1EC2DCD, 0x42440646, 0xB1B43585, 0x23282B0B, + 0x61642545, 0xF2F83ACA, 0xE3E023C3, 0xB1B83989, 0xB1B03181, 0x939C1F8F, + 0x525C1E4E, 0xF1F839C9, 0xE2E426C6, 0xB2B03282, 0x31303101, 0xE2E82ACA, + 0x616C2D4D, 0x535C1F4F, 0xE0E424C4, 0xF0F030C0, 0xC1CC0DCD, 0x80880888, + 0x12141606, 0x32383A0A, 0x50581848, 0xD0D414C4, 0x62602242, 0x21282909, + 0x03040707, 0x33303303, 0xE0E828C8, 0x13181B0B, 0x01040505, 0x71783949, + 0x90901080, 0x62682A4A, 0x22282A0A, 0x92981A8A }; + +const u32bit SEED_S3[256] = { + 0x08303838, 0xC8E0E828, 0x0D212C2D, 0x86A2A426, 0xCFC3CC0F, 0xCED2DC1E, + 0x83B3B033, 0x88B0B838, 0x8FA3AC2F, 0x40606020, 0x45515415, 0xC7C3C407, + 0x44404404, 0x4F636C2F, 0x4B63682B, 0x4B53581B, 0xC3C3C003, 0x42626022, + 0x03333033, 0x85B1B435, 0x09212829, 0x80A0A020, 0xC2E2E022, 0x87A3A427, + 0xC3D3D013, 0x81919011, 0x01111011, 0x06020406, 0x0C101C1C, 0x8CB0BC3C, + 0x06323436, 0x4B43480B, 0xCFE3EC2F, 0x88808808, 0x4C606C2C, 0x88A0A828, + 0x07131417, 0xC4C0C404, 0x06121416, 0xC4F0F434, 0xC2C2C002, 0x45414405, + 0xC1E1E021, 0xC6D2D416, 0x0F333C3F, 0x0D313C3D, 0x8E828C0E, 0x88909818, + 0x08202828, 0x4E424C0E, 0xC6F2F436, 0x0E323C3E, 0x85A1A425, 0xC9F1F839, + 0x0D010C0D, 0xCFD3DC1F, 0xC8D0D818, 0x0B23282B, 0x46626426, 0x4A72783A, + 0x07232427, 0x0F232C2F, 0xC1F1F031, 0x42727032, 0x42424002, 0xC4D0D414, + 0x41414001, 0xC0C0C000, 0x43737033, 0x47636427, 0x8CA0AC2C, 0x8B83880B, + 0xC7F3F437, 0x8DA1AC2D, 0x80808000, 0x0F131C1F, 0xCAC2C80A, 0x0C202C2C, + 0x8AA2A82A, 0x04303434, 0xC2D2D012, 0x0B03080B, 0xCEE2EC2E, 0xC9E1E829, + 0x4D515C1D, 0x84909414, 0x08101818, 0xC8F0F838, 0x47535417, 0x8EA2AC2E, + 0x08000808, 0xC5C1C405, 0x03131013, 0xCDC1CC0D, 0x86828406, 0x89B1B839, + 0xCFF3FC3F, 0x4D717C3D, 0xC1C1C001, 0x01313031, 0xC5F1F435, 0x8A82880A, + 0x4A62682A, 0x81B1B031, 0xC1D1D011, 0x00202020, 0xC7D3D417, 0x02020002, + 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xCBD3D81B, + 0x8D919C1D, 0x89919819, 0x41616021, 0x8EB2BC3E, 0xC6E2E426, 0x49515819, + 0xCDD1DC1D, 0x41515011, 0x80909010, 0xCCD0DC1C, 0x8A92981A, 0x83A3A023, + 0x8BA3A82B, 0xC0D0D010, 0x81818001, 0x0F030C0F, 0x47434407, 0x0A12181A, + 0xC3E3E023, 0xCCE0EC2C, 0x8D818C0D, 0x8FB3BC3F, 0x86929416, 0x4B73783B, + 0x4C505C1C, 0x82A2A022, 0x81A1A021, 0x43636023, 0x03232023, 0x4D414C0D, + 0xC8C0C808, 0x8E929C1E, 0x8C909C1C, 0x0A32383A, 0x0C000C0C, 0x0E222C2E, + 0x8AB2B83A, 0x4E626C2E, 0x8F939C1F, 0x4A52581A, 0xC2F2F032, 0x82929012, + 0xC3F3F033, 0x49414809, 0x48707838, 0xCCC0CC0C, 0x05111415, 0xCBF3F83B, + 0x40707030, 0x45717435, 0x4F737C3F, 0x05313435, 0x00101010, 0x03030003, + 0x44606424, 0x4D616C2D, 0xC6C2C406, 0x44707434, 0xC5D1D415, 0x84B0B434, + 0xCAE2E82A, 0x09010809, 0x46727436, 0x09111819, 0xCEF2FC3E, 0x40404000, + 0x02121012, 0xC0E0E020, 0x8DB1BC3D, 0x05010405, 0xCAF2F83A, 0x01010001, + 0xC0F0F030, 0x0A22282A, 0x4E525C1E, 0x89A1A829, 0x46525416, 0x43434003, + 0x85818405, 0x04101414, 0x89818809, 0x8B93981B, 0x80B0B030, 0xC5E1E425, + 0x48404808, 0x49717839, 0x87939417, 0xCCF0FC3C, 0x0E121C1E, 0x82828002, + 0x01212021, 0x8C808C0C, 0x0B13181B, 0x4F535C1F, 0x47737437, 0x44505414, + 0x82B2B032, 0x0D111C1D, 0x05212425, 0x4F434C0F, 0x00000000, 0x46424406, + 0xCDE1EC2D, 0x48505818, 0x42525012, 0xCBE3E82B, 0x4E727C3E, 0xCAD2D81A, + 0xC9C1C809, 0xCDF1FC3D, 0x00303030, 0x85919415, 0x45616425, 0x0C303C3C, + 0x86B2B436, 0xC4E0E424, 0x8BB3B83B, 0x4C707C3C, 0x0E020C0E, 0x40505010, + 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013, + 0x07333437, 0xC7E3E427, 0x04202424, 0x84A0A424, 0xCBC3C80B, 0x43535013, + 0x0A02080A, 0x87838407, 0xC9D1D819, 0x4C404C0C, 0x83838003, 0x8F838C0F, + 0xCEC2CC0E, 0x0B33383B, 0x4A42480A, 0x87B3B437 }; + /* * SEED G Function */ -u32bit SEED::G_FUNC::operator()(u32bit X) const +u32bit SEED_G(u32bit X) { - return (S0[get_byte(3, X)] ^ S1[get_byte(2, X)] ^ - S2[get_byte(1, X)] ^ S3[get_byte(0, X)]); + return (SEED_S0[get_byte(3, X)] ^ SEED_S1[get_byte(2, X)] ^ + SEED_S2[get_byte(1, X)] ^ SEED_S3[get_byte(0, X)]); } +} + /* * SEED Encryption */ @@ -31,23 +215,21 @@ void SEED::encrypt_n(const byte in[], byte out[], size_t blocks) const u32bit B2 = load_be<u32bit>(in, 2); u32bit B3 = load_be<u32bit>(in, 3); - G_FUNC G; - for(size_t j = 0; j != 16; j += 2) { u32bit T0, T1; - T0 = B2 ^ K[2*j]; - T1 = G(B2 ^ B3 ^ K[2*j+1]); - T0 = G(T1 + T0); - T1 = G(T1 + T0); + T0 = B2 ^ m_K[2*j]; + T1 = SEED_G(B2 ^ B3 ^ m_K[2*j+1]); + T0 = SEED_G(T1 + T0); + T1 = SEED_G(T1 + T0); B1 ^= T1; B0 ^= T0 + T1; - T0 = B0 ^ K[2*j+2]; - T1 = G(B0 ^ B1 ^ K[2*j+3]); - T0 = G(T1 + T0); - T1 = G(T1 + T0); + T0 = B0 ^ m_K[2*j+2]; + T1 = SEED_G(B0 ^ B1 ^ m_K[2*j+3]); + T0 = SEED_G(T1 + T0); + T1 = SEED_G(T1 + T0); B3 ^= T1; B2 ^= T0 + T1; } @@ -71,23 +253,21 @@ void SEED::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit B2 = load_be<u32bit>(in, 2); u32bit B3 = load_be<u32bit>(in, 3); - G_FUNC G; - for(size_t j = 0; j != 16; j += 2) { u32bit T0, T1; - T0 = B2 ^ K[30-2*j]; - T1 = G(B2 ^ B3 ^ K[31-2*j]); - T0 = G(T1 + T0); - T1 = G(T1 + T0); + T0 = B2 ^ m_K[30-2*j]; + T1 = SEED_G(B2 ^ B3 ^ m_K[31-2*j]); + T0 = SEED_G(T1 + T0); + T1 = SEED_G(T1 + T0); B1 ^= T1; B0 ^= T0 + T1; - T0 = B0 ^ K[28-2*j]; - T1 = G(B0 ^ B1 ^ K[29-2*j]); - T0 = G(T1 + T0); - T1 = G(T1 + T0); + T0 = B0 ^ m_K[28-2*j]; + T1 = SEED_G(B0 ^ B1 ^ m_K[29-2*j]); + T0 = SEED_G(T1 + T0); + T1 = SEED_G(T1 + T0); B3 ^= T1; B2 ^= T0 + T1; } @@ -116,21 +296,19 @@ void SEED::key_schedule(const byte key[], size_t) for(size_t i = 0; i != 4; ++i) WK[i] = load_be<u32bit>(key, i); - G_FUNC G; - - K.resize(32); + m_K.resize(32); for(size_t i = 0; i != 16; i += 2) { - K[2*i ] = G(WK[0] + WK[2] - RC[i]); - K[2*i+1] = G(WK[1] - WK[3] + RC[i]) ^ K[2*i]; + m_K[2*i ] = SEED_G(WK[0] + WK[2] - RC[i]); + m_K[2*i+1] = SEED_G(WK[1] - WK[3] + RC[i]) ^ m_K[2*i]; byte T = get_byte(3, WK[0]); WK[0] = (WK[0] >> 8) | (get_byte(3, WK[1]) << 24); WK[1] = (WK[1] >> 8) | (T << 24); - K[2*i+2] = G(WK[0] + WK[2] - RC[i+1]); - K[2*i+3] = G(WK[1] - WK[3] + RC[i+1]) ^ K[2*i+2]; + m_K[2*i+2] = SEED_G(WK[0] + WK[2] - RC[i+1]); + m_K[2*i+3] = SEED_G(WK[1] - WK[3] + RC[i+1]) ^ m_K[2*i+2]; T = get_byte(0, WK[3]); WK[3] = (WK[3] << 8) | get_byte(0, WK[2]); @@ -140,7 +318,7 @@ void SEED::key_schedule(const byte key[], size_t) void SEED::clear() { - zap(K); + zap(m_K); } } diff --git a/src/lib/block/seed/seed.h b/src/lib/block/seed/seed.h index 431af7309..45e691913 100644 --- a/src/lib/block/seed/seed.h +++ b/src/lib/block/seed/seed.h @@ -15,7 +15,7 @@ namespace Botan { /** * SEED, a Korean block cipher */ -class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> +class BOTAN_DLL SEED final : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -27,15 +27,7 @@ class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t) override; - class G_FUNC - { - public: - u32bit operator()(u32bit) const; - private: - static const u32bit S0[256], S1[256], S2[256], S3[256]; - }; - - secure_vector<u32bit> K; + secure_vector<u32bit> m_K; }; } diff --git a/src/lib/block/seed/seed_tab.cpp b/src/lib/block/seed/seed_tab.cpp deleted file mode 100644 index eb2a9a2fc..000000000 --- a/src/lib/block/seed/seed_tab.cpp +++ /dev/null @@ -1,192 +0,0 @@ -/* -* S-Box Tables for SEED -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/seed.h> - -namespace Botan { - -const u32bit SEED::G_FUNC::S0[256] = { - 0x2989A1A8, 0x05858184, 0x16C6D2D4, 0x13C3D3D0, 0x14445054, 0x1D0D111C, - 0x2C8CA0AC, 0x25052124, 0x1D4D515C, 0x03434340, 0x18081018, 0x1E0E121C, - 0x11415150, 0x3CCCF0FC, 0x0ACAC2C8, 0x23436360, 0x28082028, 0x04444044, - 0x20002020, 0x1D8D919C, 0x20C0E0E0, 0x22C2E2E0, 0x08C8C0C8, 0x17071314, - 0x2585A1A4, 0x0F8F838C, 0x03030300, 0x3B4B7378, 0x3B8BB3B8, 0x13031310, - 0x12C2D2D0, 0x2ECEE2EC, 0x30407070, 0x0C8C808C, 0x3F0F333C, 0x2888A0A8, - 0x32023230, 0x1DCDD1DC, 0x36C6F2F4, 0x34447074, 0x2CCCE0EC, 0x15859194, - 0x0B0B0308, 0x17475354, 0x1C4C505C, 0x1B4B5358, 0x3D8DB1BC, 0x01010100, - 0x24042024, 0x1C0C101C, 0x33437370, 0x18889098, 0x10001010, 0x0CCCC0CC, - 0x32C2F2F0, 0x19C9D1D8, 0x2C0C202C, 0x27C7E3E4, 0x32427270, 0x03838380, - 0x1B8B9398, 0x11C1D1D0, 0x06868284, 0x09C9C1C8, 0x20406060, 0x10405050, - 0x2383A3A0, 0x2BCBE3E8, 0x0D0D010C, 0x3686B2B4, 0x1E8E929C, 0x0F4F434C, - 0x3787B3B4, 0x1A4A5258, 0x06C6C2C4, 0x38487078, 0x2686A2A4, 0x12021210, - 0x2F8FA3AC, 0x15C5D1D4, 0x21416160, 0x03C3C3C0, 0x3484B0B4, 0x01414140, - 0x12425250, 0x3D4D717C, 0x0D8D818C, 0x08080008, 0x1F0F131C, 0x19899198, - 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37C7F3F4, 0x21C1E1E0, - 0x3DCDF1FC, 0x36467274, 0x2F0F232C, 0x27072324, 0x3080B0B0, 0x0B8B8388, - 0x0E0E020C, 0x2B8BA3A8, 0x2282A2A0, 0x2E4E626C, 0x13839390, 0x0D4D414C, - 0x29496168, 0x3C4C707C, 0x09090108, 0x0A0A0208, 0x3F8FB3BC, 0x2FCFE3EC, - 0x33C3F3F0, 0x05C5C1C4, 0x07878384, 0x14041014, 0x3ECEF2FC, 0x24446064, - 0x1ECED2DC, 0x2E0E222C, 0x0B4B4348, 0x1A0A1218, 0x06060204, 0x21012120, - 0x2B4B6368, 0x26466264, 0x02020200, 0x35C5F1F4, 0x12829290, 0x0A8A8288, - 0x0C0C000C, 0x3383B3B0, 0x3E4E727C, 0x10C0D0D0, 0x3A4A7278, 0x07474344, - 0x16869294, 0x25C5E1E4, 0x26062224, 0x00808080, 0x2D8DA1AC, 0x1FCFD3DC, - 0x2181A1A0, 0x30003030, 0x37073334, 0x2E8EA2AC, 0x36063234, 0x15051114, - 0x22022220, 0x38083038, 0x34C4F0F4, 0x2787A3A4, 0x05454144, 0x0C4C404C, - 0x01818180, 0x29C9E1E8, 0x04848084, 0x17879394, 0x35053134, 0x0BCBC3C8, - 0x0ECEC2CC, 0x3C0C303C, 0x31417170, 0x11011110, 0x07C7C3C4, 0x09898188, - 0x35457174, 0x3BCBF3F8, 0x1ACAD2D8, 0x38C8F0F8, 0x14849094, 0x19495158, - 0x02828280, 0x04C4C0C4, 0x3FCFF3FC, 0x09494148, 0x39093138, 0x27476364, - 0x00C0C0C0, 0x0FCFC3CC, 0x17C7D3D4, 0x3888B0B8, 0x0F0F030C, 0x0E8E828C, - 0x02424240, 0x23032320, 0x11819190, 0x2C4C606C, 0x1BCBD3D8, 0x2484A0A4, - 0x34043034, 0x31C1F1F0, 0x08484048, 0x02C2C2C0, 0x2F4F636C, 0x3D0D313C, - 0x2D0D212C, 0x00404040, 0x3E8EB2BC, 0x3E0E323C, 0x3C8CB0BC, 0x01C1C1C0, - 0x2A8AA2A8, 0x3A8AB2B8, 0x0E4E424C, 0x15455154, 0x3B0B3338, 0x1CCCD0DC, - 0x28486068, 0x3F4F737C, 0x1C8C909C, 0x18C8D0D8, 0x0A4A4248, 0x16465254, - 0x37477374, 0x2080A0A0, 0x2DCDE1EC, 0x06464244, 0x3585B1B4, 0x2B0B2328, - 0x25456164, 0x3ACAF2F8, 0x23C3E3E0, 0x3989B1B8, 0x3181B1B0, 0x1F8F939C, - 0x1E4E525C, 0x39C9F1F8, 0x26C6E2E4, 0x3282B2B0, 0x31013130, 0x2ACAE2E8, - 0x2D4D616C, 0x1F4F535C, 0x24C4E0E4, 0x30C0F0F0, 0x0DCDC1CC, 0x08888088, - 0x16061214, 0x3A0A3238, 0x18485058, 0x14C4D0D4, 0x22426260, 0x29092128, - 0x07070304, 0x33033330, 0x28C8E0E8, 0x1B0B1318, 0x05050104, 0x39497178, - 0x10809090, 0x2A4A6268, 0x2A0A2228, 0x1A8A9298 }; - -const u32bit SEED::G_FUNC::S1[256] = { - 0x38380830, 0xE828C8E0, 0x2C2D0D21, 0xA42686A2, 0xCC0FCFC3, 0xDC1ECED2, - 0xB03383B3, 0xB83888B0, 0xAC2F8FA3, 0x60204060, 0x54154551, 0xC407C7C3, - 0x44044440, 0x6C2F4F63, 0x682B4B63, 0x581B4B53, 0xC003C3C3, 0x60224262, - 0x30330333, 0xB43585B1, 0x28290921, 0xA02080A0, 0xE022C2E2, 0xA42787A3, - 0xD013C3D3, 0x90118191, 0x10110111, 0x04060602, 0x1C1C0C10, 0xBC3C8CB0, - 0x34360632, 0x480B4B43, 0xEC2FCFE3, 0x88088880, 0x6C2C4C60, 0xA82888A0, - 0x14170713, 0xC404C4C0, 0x14160612, 0xF434C4F0, 0xC002C2C2, 0x44054541, - 0xE021C1E1, 0xD416C6D2, 0x3C3F0F33, 0x3C3D0D31, 0x8C0E8E82, 0x98188890, - 0x28280820, 0x4C0E4E42, 0xF436C6F2, 0x3C3E0E32, 0xA42585A1, 0xF839C9F1, - 0x0C0D0D01, 0xDC1FCFD3, 0xD818C8D0, 0x282B0B23, 0x64264662, 0x783A4A72, - 0x24270723, 0x2C2F0F23, 0xF031C1F1, 0x70324272, 0x40024242, 0xD414C4D0, - 0x40014141, 0xC000C0C0, 0x70334373, 0x64274763, 0xAC2C8CA0, 0x880B8B83, - 0xF437C7F3, 0xAC2D8DA1, 0x80008080, 0x1C1F0F13, 0xC80ACAC2, 0x2C2C0C20, - 0xA82A8AA2, 0x34340430, 0xD012C2D2, 0x080B0B03, 0xEC2ECEE2, 0xE829C9E1, - 0x5C1D4D51, 0x94148490, 0x18180810, 0xF838C8F0, 0x54174753, 0xAC2E8EA2, - 0x08080800, 0xC405C5C1, 0x10130313, 0xCC0DCDC1, 0x84068682, 0xB83989B1, - 0xFC3FCFF3, 0x7C3D4D71, 0xC001C1C1, 0x30310131, 0xF435C5F1, 0x880A8A82, - 0x682A4A62, 0xB03181B1, 0xD011C1D1, 0x20200020, 0xD417C7D3, 0x00020202, - 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xD81BCBD3, - 0x9C1D8D91, 0x98198991, 0x60214161, 0xBC3E8EB2, 0xE426C6E2, 0x58194951, - 0xDC1DCDD1, 0x50114151, 0x90108090, 0xDC1CCCD0, 0x981A8A92, 0xA02383A3, - 0xA82B8BA3, 0xD010C0D0, 0x80018181, 0x0C0F0F03, 0x44074743, 0x181A0A12, - 0xE023C3E3, 0xEC2CCCE0, 0x8C0D8D81, 0xBC3F8FB3, 0x94168692, 0x783B4B73, - 0x5C1C4C50, 0xA02282A2, 0xA02181A1, 0x60234363, 0x20230323, 0x4C0D4D41, - 0xC808C8C0, 0x9C1E8E92, 0x9C1C8C90, 0x383A0A32, 0x0C0C0C00, 0x2C2E0E22, - 0xB83A8AB2, 0x6C2E4E62, 0x9C1F8F93, 0x581A4A52, 0xF032C2F2, 0x90128292, - 0xF033C3F3, 0x48094941, 0x78384870, 0xCC0CCCC0, 0x14150511, 0xF83BCBF3, - 0x70304070, 0x74354571, 0x7C3F4F73, 0x34350531, 0x10100010, 0x00030303, - 0x64244460, 0x6C2D4D61, 0xC406C6C2, 0x74344470, 0xD415C5D1, 0xB43484B0, - 0xE82ACAE2, 0x08090901, 0x74364672, 0x18190911, 0xFC3ECEF2, 0x40004040, - 0x10120212, 0xE020C0E0, 0xBC3D8DB1, 0x04050501, 0xF83ACAF2, 0x00010101, - 0xF030C0F0, 0x282A0A22, 0x5C1E4E52, 0xA82989A1, 0x54164652, 0x40034343, - 0x84058581, 0x14140410, 0x88098981, 0x981B8B93, 0xB03080B0, 0xE425C5E1, - 0x48084840, 0x78394971, 0x94178793, 0xFC3CCCF0, 0x1C1E0E12, 0x80028282, - 0x20210121, 0x8C0C8C80, 0x181B0B13, 0x5C1F4F53, 0x74374773, 0x54144450, - 0xB03282B2, 0x1C1D0D11, 0x24250521, 0x4C0F4F43, 0x00000000, 0x44064642, - 0xEC2DCDE1, 0x58184850, 0x50124252, 0xE82BCBE3, 0x7C3E4E72, 0xD81ACAD2, - 0xC809C9C1, 0xFC3DCDF1, 0x30300030, 0x94158591, 0x64254561, 0x3C3C0C30, - 0xB43686B2, 0xE424C4E0, 0xB83B8BB3, 0x7C3C4C70, 0x0C0E0E02, 0x50104050, - 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393, - 0x34370733, 0xE427C7E3, 0x24240420, 0xA42484A0, 0xC80BCBC3, 0x50134353, - 0x080A0A02, 0x84078783, 0xD819C9D1, 0x4C0C4C40, 0x80038383, 0x8C0F8F83, - 0xCC0ECEC2, 0x383B0B33, 0x480A4A42, 0xB43787B3 }; - -const u32bit SEED::G_FUNC::S2[256] = { - 0xA1A82989, 0x81840585, 0xD2D416C6, 0xD3D013C3, 0x50541444, 0x111C1D0D, - 0xA0AC2C8C, 0x21242505, 0x515C1D4D, 0x43400343, 0x10181808, 0x121C1E0E, - 0x51501141, 0xF0FC3CCC, 0xC2C80ACA, 0x63602343, 0x20282808, 0x40440444, - 0x20202000, 0x919C1D8D, 0xE0E020C0, 0xE2E022C2, 0xC0C808C8, 0x13141707, - 0xA1A42585, 0x838C0F8F, 0x03000303, 0x73783B4B, 0xB3B83B8B, 0x13101303, - 0xD2D012C2, 0xE2EC2ECE, 0x70703040, 0x808C0C8C, 0x333C3F0F, 0xA0A82888, - 0x32303202, 0xD1DC1DCD, 0xF2F436C6, 0x70743444, 0xE0EC2CCC, 0x91941585, - 0x03080B0B, 0x53541747, 0x505C1C4C, 0x53581B4B, 0xB1BC3D8D, 0x01000101, - 0x20242404, 0x101C1C0C, 0x73703343, 0x90981888, 0x10101000, 0xC0CC0CCC, - 0xF2F032C2, 0xD1D819C9, 0x202C2C0C, 0xE3E427C7, 0x72703242, 0x83800383, - 0x93981B8B, 0xD1D011C1, 0x82840686, 0xC1C809C9, 0x60602040, 0x50501040, - 0xA3A02383, 0xE3E82BCB, 0x010C0D0D, 0xB2B43686, 0x929C1E8E, 0x434C0F4F, - 0xB3B43787, 0x52581A4A, 0xC2C406C6, 0x70783848, 0xA2A42686, 0x12101202, - 0xA3AC2F8F, 0xD1D415C5, 0x61602141, 0xC3C003C3, 0xB0B43484, 0x41400141, - 0x52501242, 0x717C3D4D, 0x818C0D8D, 0x00080808, 0x131C1F0F, 0x91981989, - 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xF3F437C7, 0xE1E021C1, - 0xF1FC3DCD, 0x72743646, 0x232C2F0F, 0x23242707, 0xB0B03080, 0x83880B8B, - 0x020C0E0E, 0xA3A82B8B, 0xA2A02282, 0x626C2E4E, 0x93901383, 0x414C0D4D, - 0x61682949, 0x707C3C4C, 0x01080909, 0x02080A0A, 0xB3BC3F8F, 0xE3EC2FCF, - 0xF3F033C3, 0xC1C405C5, 0x83840787, 0x10141404, 0xF2FC3ECE, 0x60642444, - 0xD2DC1ECE, 0x222C2E0E, 0x43480B4B, 0x12181A0A, 0x02040606, 0x21202101, - 0x63682B4B, 0x62642646, 0x02000202, 0xF1F435C5, 0x92901282, 0x82880A8A, - 0x000C0C0C, 0xB3B03383, 0x727C3E4E, 0xD0D010C0, 0x72783A4A, 0x43440747, - 0x92941686, 0xE1E425C5, 0x22242606, 0x80800080, 0xA1AC2D8D, 0xD3DC1FCF, - 0xA1A02181, 0x30303000, 0x33343707, 0xA2AC2E8E, 0x32343606, 0x11141505, - 0x22202202, 0x30383808, 0xF0F434C4, 0xA3A42787, 0x41440545, 0x404C0C4C, - 0x81800181, 0xE1E829C9, 0x80840484, 0x93941787, 0x31343505, 0xC3C80BCB, - 0xC2CC0ECE, 0x303C3C0C, 0x71703141, 0x11101101, 0xC3C407C7, 0x81880989, - 0x71743545, 0xF3F83BCB, 0xD2D81ACA, 0xF0F838C8, 0x90941484, 0x51581949, - 0x82800282, 0xC0C404C4, 0xF3FC3FCF, 0x41480949, 0x31383909, 0x63642747, - 0xC0C000C0, 0xC3CC0FCF, 0xD3D417C7, 0xB0B83888, 0x030C0F0F, 0x828C0E8E, - 0x42400242, 0x23202303, 0x91901181, 0x606C2C4C, 0xD3D81BCB, 0xA0A42484, - 0x30343404, 0xF1F031C1, 0x40480848, 0xC2C002C2, 0x636C2F4F, 0x313C3D0D, - 0x212C2D0D, 0x40400040, 0xB2BC3E8E, 0x323C3E0E, 0xB0BC3C8C, 0xC1C001C1, - 0xA2A82A8A, 0xB2B83A8A, 0x424C0E4E, 0x51541545, 0x33383B0B, 0xD0DC1CCC, - 0x60682848, 0x737C3F4F, 0x909C1C8C, 0xD0D818C8, 0x42480A4A, 0x52541646, - 0x73743747, 0xA0A02080, 0xE1EC2DCD, 0x42440646, 0xB1B43585, 0x23282B0B, - 0x61642545, 0xF2F83ACA, 0xE3E023C3, 0xB1B83989, 0xB1B03181, 0x939C1F8F, - 0x525C1E4E, 0xF1F839C9, 0xE2E426C6, 0xB2B03282, 0x31303101, 0xE2E82ACA, - 0x616C2D4D, 0x535C1F4F, 0xE0E424C4, 0xF0F030C0, 0xC1CC0DCD, 0x80880888, - 0x12141606, 0x32383A0A, 0x50581848, 0xD0D414C4, 0x62602242, 0x21282909, - 0x03040707, 0x33303303, 0xE0E828C8, 0x13181B0B, 0x01040505, 0x71783949, - 0x90901080, 0x62682A4A, 0x22282A0A, 0x92981A8A }; - -const u32bit SEED::G_FUNC::S3[256] = { - 0x08303838, 0xC8E0E828, 0x0D212C2D, 0x86A2A426, 0xCFC3CC0F, 0xCED2DC1E, - 0x83B3B033, 0x88B0B838, 0x8FA3AC2F, 0x40606020, 0x45515415, 0xC7C3C407, - 0x44404404, 0x4F636C2F, 0x4B63682B, 0x4B53581B, 0xC3C3C003, 0x42626022, - 0x03333033, 0x85B1B435, 0x09212829, 0x80A0A020, 0xC2E2E022, 0x87A3A427, - 0xC3D3D013, 0x81919011, 0x01111011, 0x06020406, 0x0C101C1C, 0x8CB0BC3C, - 0x06323436, 0x4B43480B, 0xCFE3EC2F, 0x88808808, 0x4C606C2C, 0x88A0A828, - 0x07131417, 0xC4C0C404, 0x06121416, 0xC4F0F434, 0xC2C2C002, 0x45414405, - 0xC1E1E021, 0xC6D2D416, 0x0F333C3F, 0x0D313C3D, 0x8E828C0E, 0x88909818, - 0x08202828, 0x4E424C0E, 0xC6F2F436, 0x0E323C3E, 0x85A1A425, 0xC9F1F839, - 0x0D010C0D, 0xCFD3DC1F, 0xC8D0D818, 0x0B23282B, 0x46626426, 0x4A72783A, - 0x07232427, 0x0F232C2F, 0xC1F1F031, 0x42727032, 0x42424002, 0xC4D0D414, - 0x41414001, 0xC0C0C000, 0x43737033, 0x47636427, 0x8CA0AC2C, 0x8B83880B, - 0xC7F3F437, 0x8DA1AC2D, 0x80808000, 0x0F131C1F, 0xCAC2C80A, 0x0C202C2C, - 0x8AA2A82A, 0x04303434, 0xC2D2D012, 0x0B03080B, 0xCEE2EC2E, 0xC9E1E829, - 0x4D515C1D, 0x84909414, 0x08101818, 0xC8F0F838, 0x47535417, 0x8EA2AC2E, - 0x08000808, 0xC5C1C405, 0x03131013, 0xCDC1CC0D, 0x86828406, 0x89B1B839, - 0xCFF3FC3F, 0x4D717C3D, 0xC1C1C001, 0x01313031, 0xC5F1F435, 0x8A82880A, - 0x4A62682A, 0x81B1B031, 0xC1D1D011, 0x00202020, 0xC7D3D417, 0x02020002, - 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xCBD3D81B, - 0x8D919C1D, 0x89919819, 0x41616021, 0x8EB2BC3E, 0xC6E2E426, 0x49515819, - 0xCDD1DC1D, 0x41515011, 0x80909010, 0xCCD0DC1C, 0x8A92981A, 0x83A3A023, - 0x8BA3A82B, 0xC0D0D010, 0x81818001, 0x0F030C0F, 0x47434407, 0x0A12181A, - 0xC3E3E023, 0xCCE0EC2C, 0x8D818C0D, 0x8FB3BC3F, 0x86929416, 0x4B73783B, - 0x4C505C1C, 0x82A2A022, 0x81A1A021, 0x43636023, 0x03232023, 0x4D414C0D, - 0xC8C0C808, 0x8E929C1E, 0x8C909C1C, 0x0A32383A, 0x0C000C0C, 0x0E222C2E, - 0x8AB2B83A, 0x4E626C2E, 0x8F939C1F, 0x4A52581A, 0xC2F2F032, 0x82929012, - 0xC3F3F033, 0x49414809, 0x48707838, 0xCCC0CC0C, 0x05111415, 0xCBF3F83B, - 0x40707030, 0x45717435, 0x4F737C3F, 0x05313435, 0x00101010, 0x03030003, - 0x44606424, 0x4D616C2D, 0xC6C2C406, 0x44707434, 0xC5D1D415, 0x84B0B434, - 0xCAE2E82A, 0x09010809, 0x46727436, 0x09111819, 0xCEF2FC3E, 0x40404000, - 0x02121012, 0xC0E0E020, 0x8DB1BC3D, 0x05010405, 0xCAF2F83A, 0x01010001, - 0xC0F0F030, 0x0A22282A, 0x4E525C1E, 0x89A1A829, 0x46525416, 0x43434003, - 0x85818405, 0x04101414, 0x89818809, 0x8B93981B, 0x80B0B030, 0xC5E1E425, - 0x48404808, 0x49717839, 0x87939417, 0xCCF0FC3C, 0x0E121C1E, 0x82828002, - 0x01212021, 0x8C808C0C, 0x0B13181B, 0x4F535C1F, 0x47737437, 0x44505414, - 0x82B2B032, 0x0D111C1D, 0x05212425, 0x4F434C0F, 0x00000000, 0x46424406, - 0xCDE1EC2D, 0x48505818, 0x42525012, 0xCBE3E82B, 0x4E727C3E, 0xCAD2D81A, - 0xC9C1C809, 0xCDF1FC3D, 0x00303030, 0x85919415, 0x45616425, 0x0C303C3C, - 0x86B2B436, 0xC4E0E424, 0x8BB3B83B, 0x4C707C3C, 0x0E020C0E, 0x40505010, - 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013, - 0x07333437, 0xC7E3E427, 0x04202424, 0x84A0A424, 0xCBC3C80B, 0x43535013, - 0x0A02080A, 0x87838407, 0xC9D1D819, 0x4C404C0C, 0x83838003, 0x8F838C0F, - 0xCEC2CC0E, 0x0B33383B, 0x4A42480A, 0x87B3B437 }; - -} diff --git a/src/lib/block/serpent/serpent.cpp b/src/lib/block/serpent/serpent.cpp index c0a65ed33..c35e3e338 100644 --- a/src/lib/block/serpent/serpent.cpp +++ b/src/lib/block/serpent/serpent.cpp @@ -43,10 +43,10 @@ inline void i_transform(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) * XOR a key block with a data block */ #define key_xor(round, B0, B1, B2, B3) \ - B0 ^= round_key[4*round ]; \ - B1 ^= round_key[4*round+1]; \ - B2 ^= round_key[4*round+2]; \ - B3 ^= round_key[4*round+3]; + B0 ^= m_round_key[4*round ]; \ + B1 ^= m_round_key[4*round+1]; \ + B2 ^= m_round_key[4*round+2]; \ + B3 ^= m_round_key[4*round+3]; /* * Serpent Encryption @@ -193,12 +193,12 @@ void Serpent::key_schedule(const byte key[], size_t length) SBoxE6(W[128],W[129],W[130],W[131]); SBoxE5(W[132],W[133],W[134],W[135]); SBoxE4(W[136],W[137],W[138],W[139]); - round_key.assign(W.begin() + 8, W.end()); + m_round_key.assign(W.begin() + 8, W.end()); } void Serpent::clear() { - zap(round_key); + zap(m_round_key); } } diff --git a/src/lib/block/serpent/serpent.h b/src/lib/block/serpent/serpent.h index 7fdf4600d..b9864cf89 100644 --- a/src/lib/block/serpent/serpent.h +++ b/src/lib/block/serpent/serpent.h @@ -30,7 +30,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> * @return const reference to the key schedule */ const secure_vector<u32bit>& get_round_keys() const - { return round_key; } + { return m_round_key; } /** * For use by subclasses that implement the key schedule @@ -38,12 +38,12 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> */ void set_round_keys(const u32bit ks[132]) { - round_key.assign(&ks[0], &ks[132]); + m_round_key.assign(&ks[0], &ks[132]); } private: void key_schedule(const byte key[], size_t length) override; - secure_vector<u32bit> round_key; + secure_vector<u32bit> m_round_key; }; } diff --git a/src/lib/block/serpent_simd/serp_simd.h b/src/lib/block/serpent_simd/serp_simd.h index 373d47fa1..e10d4cfe2 100644 --- a/src/lib/block/serpent_simd/serp_simd.h +++ b/src/lib/block/serpent_simd/serp_simd.h @@ -15,7 +15,7 @@ namespace Botan { /** * Serpent implementation using SIMD */ -class BOTAN_DLL Serpent_SIMD : public Serpent +class BOTAN_DLL Serpent_SIMD final : public Serpent { public: size_t parallelism() const override { return 4; } diff --git a/src/lib/block/tea/tea.cpp b/src/lib/block/tea/tea.cpp index 01f342607..457171e1d 100644 --- a/src/lib/block/tea/tea.cpp +++ b/src/lib/block/tea/tea.cpp @@ -24,8 +24,8 @@ void TEA::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 32; ++j) { S += 0x9E3779B9; - L += ((R << 4) + K[0]) ^ (R + S) ^ ((R >> 5) + K[1]); - R += ((L << 4) + K[2]) ^ (L + S) ^ ((L >> 5) + K[3]); + L += ((R << 4) + m_K[0]) ^ (R + S) ^ ((R >> 5) + m_K[1]); + R += ((L << 4) + m_K[2]) ^ (L + S) ^ ((L >> 5) + m_K[3]); } store_be(out, L, R); @@ -48,8 +48,8 @@ void TEA::decrypt_n(const byte in[], byte out[], size_t blocks) const u32bit S = 0xC6EF3720; for(size_t j = 0; j != 32; ++j) { - R -= ((L << 4) + K[2]) ^ (L + S) ^ ((L >> 5) + K[3]); - L -= ((R << 4) + K[0]) ^ (R + S) ^ ((R >> 5) + K[1]); + R -= ((L << 4) + m_K[2]) ^ (L + S) ^ ((L >> 5) + m_K[3]); + L -= ((R << 4) + m_K[0]) ^ (R + S) ^ ((R >> 5) + m_K[1]); S -= 0x9E3779B9; } @@ -65,14 +65,14 @@ void TEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void TEA::key_schedule(const byte key[], size_t) { - K.resize(4); + m_K.resize(4); for(size_t i = 0; i != 4; ++i) - K[i] = load_be<u32bit>(key, i); + m_K[i] = load_be<u32bit>(key, i); } void TEA::clear() { - zap(K); + zap(m_K); } } diff --git a/src/lib/block/tea/tea.h b/src/lib/block/tea/tea.h index 3c5b4773e..6b6308381 100644 --- a/src/lib/block/tea/tea.h +++ b/src/lib/block/tea/tea.h @@ -15,7 +15,7 @@ namespace Botan { /** * TEA */ -class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> +class BOTAN_DLL TEA final : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -26,7 +26,7 @@ class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> BlockCipher* clone() const override { return new TEA; } private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> K; + secure_vector<u32bit> m_K; }; } diff --git a/src/lib/block/threefish_avx2/threefish_avx2.h b/src/lib/block/threefish_avx2/threefish_avx2.h index d851ff0dc..fbf2f9d8a 100644 --- a/src/lib/block/threefish_avx2/threefish_avx2.h +++ b/src/lib/block/threefish_avx2/threefish_avx2.h @@ -15,7 +15,7 @@ namespace Botan { /** * Threefish-512 */ -class BOTAN_DLL Threefish_512_AVX2 : public Threefish_512 +class BOTAN_DLL Threefish_512_AVX2 final : public Threefish_512 { private: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; diff --git a/src/lib/block/twofish/twofish.cpp b/src/lib/block/twofish/twofish.cpp index ffdf4b198..336d73a03 100644 --- a/src/lib/block/twofish/twofish.cpp +++ b/src/lib/block/twofish/twofish.cpp @@ -21,42 +21,42 @@ void Twofish::encrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - u32bit A = load_le<u32bit>(in, 0) ^ RK[0]; - u32bit B = load_le<u32bit>(in, 1) ^ RK[1]; - u32bit C = load_le<u32bit>(in, 2) ^ RK[2]; - u32bit D = load_le<u32bit>(in, 3) ^ RK[3]; + u32bit A = load_le<u32bit>(in, 0) ^ m_RK[0]; + u32bit B = load_le<u32bit>(in, 1) ^ m_RK[1]; + u32bit C = load_le<u32bit>(in, 2) ^ m_RK[2]; + u32bit D = load_le<u32bit>(in, 3) ^ m_RK[3]; for(size_t j = 0; j != 16; j += 2) { u32bit X, Y; - X = SB[ get_byte(3, A)] ^ SB[256+get_byte(2, A)] ^ - SB[512+get_byte(1, A)] ^ SB[768+get_byte(0, A)]; - Y = SB[ get_byte(0, B)] ^ SB[256+get_byte(3, B)] ^ - SB[512+get_byte(2, B)] ^ SB[768+get_byte(1, B)]; + X = m_SB[ get_byte(3, A)] ^ m_SB[256+get_byte(2, A)] ^ + m_SB[512+get_byte(1, A)] ^ m_SB[768+get_byte(0, A)]; + Y = m_SB[ get_byte(0, B)] ^ m_SB[256+get_byte(3, B)] ^ + m_SB[512+get_byte(2, B)] ^ m_SB[768+get_byte(1, B)]; X += Y; - Y += X + RK[2*j + 9]; - X += RK[2*j + 8]; + Y += X + m_RK[2*j + 9]; + X += m_RK[2*j + 8]; C = rotate_right(C ^ X, 1); D = rotate_left(D, 1) ^ Y; - X = SB[ get_byte(3, C)] ^ SB[256+get_byte(2, C)] ^ - SB[512+get_byte(1, C)] ^ SB[768+get_byte(0, C)]; - Y = SB[ get_byte(0, D)] ^ SB[256+get_byte(3, D)] ^ - SB[512+get_byte(2, D)] ^ SB[768+get_byte(1, D)]; + X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ + m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; + Y = m_SB[ get_byte(0, D)] ^ m_SB[256+get_byte(3, D)] ^ + m_SB[512+get_byte(2, D)] ^ m_SB[768+get_byte(1, D)]; X += Y; - Y += X + RK[2*j + 11]; - X += RK[2*j + 10]; + Y += X + m_RK[2*j + 11]; + X += m_RK[2*j + 10]; A = rotate_right(A ^ X, 1); B = rotate_left(B, 1) ^ Y; } - C ^= RK[4]; - D ^= RK[5]; - A ^= RK[6]; - B ^= RK[7]; + C ^= m_RK[4]; + D ^= m_RK[5]; + A ^= m_RK[6]; + B ^= m_RK[7]; store_le(out, C, D, A, B); @@ -72,42 +72,42 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const { for(size_t i = 0; i != blocks; ++i) { - u32bit A = load_le<u32bit>(in, 0) ^ RK[4]; - u32bit B = load_le<u32bit>(in, 1) ^ RK[5]; - u32bit C = load_le<u32bit>(in, 2) ^ RK[6]; - u32bit D = load_le<u32bit>(in, 3) ^ RK[7]; + u32bit A = load_le<u32bit>(in, 0) ^ m_RK[4]; + u32bit B = load_le<u32bit>(in, 1) ^ m_RK[5]; + u32bit C = load_le<u32bit>(in, 2) ^ m_RK[6]; + u32bit D = load_le<u32bit>(in, 3) ^ m_RK[7]; for(size_t j = 0; j != 16; j += 2) { u32bit X, Y; - X = SB[ get_byte(3, A)] ^ SB[256+get_byte(2, A)] ^ - SB[512+get_byte(1, A)] ^ SB[768+get_byte(0, A)]; - Y = SB[ get_byte(0, B)] ^ SB[256+get_byte(3, B)] ^ - SB[512+get_byte(2, B)] ^ SB[768+get_byte(1, B)]; + X = m_SB[ get_byte(3, A)] ^ m_SB[256+get_byte(2, A)] ^ + m_SB[512+get_byte(1, A)] ^ m_SB[768+get_byte(0, A)]; + Y = m_SB[ get_byte(0, B)] ^ m_SB[256+get_byte(3, B)] ^ + m_SB[512+get_byte(2, B)] ^ m_SB[768+get_byte(1, B)]; X += Y; - Y += X + RK[39 - 2*j]; - X += RK[38 - 2*j]; + Y += X + m_RK[39 - 2*j]; + X += m_RK[38 - 2*j]; C = rotate_left(C, 1) ^ X; D = rotate_right(D ^ Y, 1); - X = SB[ get_byte(3, C)] ^ SB[256+get_byte(2, C)] ^ - SB[512+get_byte(1, C)] ^ SB[768+get_byte(0, C)]; - Y = SB[ get_byte(0, D)] ^ SB[256+get_byte(3, D)] ^ - SB[512+get_byte(2, D)] ^ SB[768+get_byte(1, D)]; + X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ + m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; + Y = m_SB[ get_byte(0, D)] ^ m_SB[256+get_byte(3, D)] ^ + m_SB[512+get_byte(2, D)] ^ m_SB[768+get_byte(1, D)]; X += Y; - Y += X + RK[37 - 2*j]; - X += RK[36 - 2*j]; + Y += X + m_RK[37 - 2*j]; + X += m_RK[36 - 2*j]; A = rotate_left(A, 1) ^ X; B = rotate_right(B ^ Y, 1); } - C ^= RK[0]; - D ^= RK[1]; - A ^= RK[2]; - B ^= RK[3]; + C ^= m_RK[0]; + D ^= m_RK[1]; + A ^= m_RK[2]; + B ^= m_RK[3]; store_le(out, C, D, A, B); @@ -121,8 +121,8 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Twofish::key_schedule(const byte key[], size_t length) { - SB.resize(1024); - RK.resize(40); + m_SB.resize(1024); + m_RK.resize(40); secure_vector<byte> S(16); @@ -133,10 +133,10 @@ void Twofish::key_schedule(const byte key[], size_t length) { for(size_t i = 0; i != 256; ++i) { - SB[ i] = MDS0[Q0[Q0[i]^S[ 0]]^S[ 4]]; - SB[256+i] = MDS1[Q0[Q1[i]^S[ 1]]^S[ 5]]; - SB[512+i] = MDS2[Q1[Q0[i]^S[ 2]]^S[ 6]]; - SB[768+i] = MDS3[Q1[Q1[i]^S[ 3]]^S[ 7]]; + m_SB[ i] = MDS0[Q0[Q0[i]^S[ 0]]^S[ 4]]; + m_SB[256+i] = MDS1[Q0[Q1[i]^S[ 1]]^S[ 5]]; + m_SB[512+i] = MDS2[Q1[Q0[i]^S[ 2]]^S[ 6]]; + m_SB[768+i] = MDS3[Q1[Q1[i]^S[ 3]]^S[ 7]]; } for(size_t i = 0; i != 40; i += 2) @@ -152,18 +152,18 @@ void Twofish::key_schedule(const byte key[], size_t length) Y = rotate_left(Y, 8); X += Y; Y += X; - RK[i] = X; - RK[i+1] = rotate_left(Y, 9); + m_RK[i] = X; + m_RK[i+1] = rotate_left(Y, 9); } } else if(length == 24) { for(size_t i = 0; i != 256; ++i) { - SB[ i] = MDS0[Q0[Q0[Q1[i]^S[ 0]]^S[ 4]]^S[ 8]]; - SB[256+i] = MDS1[Q0[Q1[Q1[i]^S[ 1]]^S[ 5]]^S[ 9]]; - SB[512+i] = MDS2[Q1[Q0[Q0[i]^S[ 2]]^S[ 6]]^S[10]]; - SB[768+i] = MDS3[Q1[Q1[Q0[i]^S[ 3]]^S[ 7]]^S[11]]; + m_SB[ i] = MDS0[Q0[Q0[Q1[i]^S[ 0]]^S[ 4]]^S[ 8]]; + m_SB[256+i] = MDS1[Q0[Q1[Q1[i]^S[ 1]]^S[ 5]]^S[ 9]]; + m_SB[512+i] = MDS2[Q1[Q0[Q0[i]^S[ 2]]^S[ 6]]^S[10]]; + m_SB[768+i] = MDS3[Q1[Q1[Q0[i]^S[ 3]]^S[ 7]]^S[11]]; } for(size_t i = 0; i != 40; i += 2) @@ -179,18 +179,18 @@ void Twofish::key_schedule(const byte key[], size_t length) Y = rotate_left(Y, 8); X += Y; Y += X; - RK[i] = X; - RK[i+1] = rotate_left(Y, 9); + m_RK[i] = X; + m_RK[i+1] = rotate_left(Y, 9); } } else if(length == 32) { for(size_t i = 0; i != 256; ++i) { - SB[ i] = MDS0[Q0[Q0[Q1[Q1[i]^S[ 0]]^S[ 4]]^S[ 8]]^S[12]]; - SB[256+i] = MDS1[Q0[Q1[Q1[Q0[i]^S[ 1]]^S[ 5]]^S[ 9]]^S[13]]; - SB[512+i] = MDS2[Q1[Q0[Q0[Q0[i]^S[ 2]]^S[ 6]]^S[10]]^S[14]]; - SB[768+i] = MDS3[Q1[Q1[Q0[Q1[i]^S[ 3]]^S[ 7]]^S[11]]^S[15]]; + m_SB[ i] = MDS0[Q0[Q0[Q1[Q1[i]^S[ 0]]^S[ 4]]^S[ 8]]^S[12]]; + m_SB[256+i] = MDS1[Q0[Q1[Q1[Q0[i]^S[ 1]]^S[ 5]]^S[ 9]]^S[13]]; + m_SB[512+i] = MDS2[Q1[Q0[Q0[Q0[i]^S[ 2]]^S[ 6]]^S[10]]^S[14]]; + m_SB[768+i] = MDS3[Q1[Q1[Q0[Q1[i]^S[ 3]]^S[ 7]]^S[11]]^S[15]]; } for(size_t i = 0; i != 40; i += 2) @@ -206,8 +206,8 @@ void Twofish::key_schedule(const byte key[], size_t length) Y = rotate_left(Y, 8); X += Y; Y += X; - RK[i] = X; - RK[i+1] = rotate_left(Y, 9); + m_RK[i] = X; + m_RK[i+1] = rotate_left(Y, 9); } } } @@ -238,8 +238,8 @@ void Twofish::rs_mul(byte S[4], byte key, size_t offset) */ void Twofish::clear() { - zap(SB); - zap(RK); + zap(m_SB); + zap(m_RK); } } diff --git a/src/lib/block/twofish/twofish.h b/src/lib/block/twofish/twofish.h index c6af1a030..42991e354 100644 --- a/src/lib/block/twofish/twofish.h +++ b/src/lib/block/twofish/twofish.h @@ -15,7 +15,7 @@ namespace Botan { /** * Twofish, an AES finalist */ -class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> +class BOTAN_DLL Twofish final : public Block_Cipher_Fixed_Params<16, 16, 32, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const override; @@ -39,7 +39,7 @@ class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> static const byte EXP_TO_POLY[255]; static const byte POLY_TO_EXP[255]; - secure_vector<u32bit> SB, RK; + secure_vector<u32bit> m_SB, m_RK; }; } diff --git a/src/lib/block/xtea/xtea.cpp b/src/lib/block/xtea/xtea.cpp index 59060dff7..333406d9b 100644 --- a/src/lib/block/xtea/xtea.cpp +++ b/src/lib/block/xtea/xtea.cpp @@ -63,7 +63,7 @@ void XTEA::encrypt_n(const byte in[], byte out[], size_t blocks) const { while(blocks >= 4) { - xtea_encrypt_4(in, out, &(this->EK[0])); + xtea_encrypt_4(in, out, &(this->m_EK[0])); in += 4 * BLOCK_SIZE; out += 4 * BLOCK_SIZE; blocks -= 4; @@ -76,8 +76,8 @@ void XTEA::encrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 32; ++j) { - L += (((R << 4) ^ (R >> 5)) + R) ^ EK[2*j]; - R += (((L << 4) ^ (L >> 5)) + L) ^ EK[2*j+1]; + L += (((R << 4) ^ (R >> 5)) + R) ^ m_EK[2*j]; + R += (((L << 4) ^ (L >> 5)) + L) ^ m_EK[2*j+1]; } store_be(out, L, R); @@ -94,7 +94,7 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const { while(blocks >= 4) { - xtea_decrypt_4(in, out, &(this->EK[0])); + xtea_decrypt_4(in, out, &(this->m_EK[0])); in += 4 * BLOCK_SIZE; out += 4 * BLOCK_SIZE; blocks -= 4; @@ -107,8 +107,8 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const for(size_t j = 0; j != 32; ++j) { - R -= (((L << 4) ^ (L >> 5)) + L) ^ EK[63 - 2*j]; - L -= (((R << 4) ^ (R >> 5)) + R) ^ EK[62 - 2*j]; + R -= (((L << 4) ^ (L >> 5)) + L) ^ m_EK[63 - 2*j]; + L -= (((R << 4) ^ (R >> 5)) + R) ^ m_EK[62 - 2*j]; } store_be(out, L, R); @@ -123,7 +123,7 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void XTEA::key_schedule(const byte key[], size_t) { - EK.resize(64); + m_EK.resize(64); secure_vector<u32bit> UK(4); for(size_t i = 0; i != 4; ++i) @@ -132,15 +132,15 @@ void XTEA::key_schedule(const byte key[], size_t) u32bit D = 0; for(size_t i = 0; i != 64; i += 2) { - EK[i ] = D + UK[D % 4]; + m_EK[i ] = D + UK[D % 4]; D += 0x9E3779B9; - EK[i+1] = D + UK[(D >> 11) % 4]; + m_EK[i+1] = D + UK[(D >> 11) % 4]; } } void XTEA::clear() { - zap(EK); + zap(m_EK); } } diff --git a/src/lib/block/xtea/xtea.h b/src/lib/block/xtea/xtea.h index ea5c39418..3baccc866 100644 --- a/src/lib/block/xtea/xtea.h +++ b/src/lib/block/xtea/xtea.h @@ -28,11 +28,11 @@ class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to the key schedule */ - const secure_vector<u32bit>& get_EK() const { return EK; } + const secure_vector<u32bit>& get_EK() const { return m_EK; } private: void key_schedule(const byte[], size_t) override; - secure_vector<u32bit> EK; + secure_vector<u32bit> m_EK; }; } diff --git a/src/lib/block/xtea_simd/xtea_simd.h b/src/lib/block/xtea_simd/xtea_simd.h index 04280f1ae..0b0558032 100644 --- a/src/lib/block/xtea_simd/xtea_simd.h +++ b/src/lib/block/xtea_simd/xtea_simd.h @@ -15,7 +15,7 @@ namespace Botan { /** * XTEA implemented using SIMD operations */ -class BOTAN_DLL XTEA_SIMD : public XTEA +class BOTAN_DLL XTEA_SIMD final : public XTEA { public: size_t parallelism() const override { return 8; } diff --git a/src/lib/cert/cvc/asn1_eac_str.cpp b/src/lib/cert/cvc/asn1_eac_str.cpp index 2472eee17..72ad24926 100644 --- a/src/lib/cert/cvc/asn1_eac_str.cpp +++ b/src/lib/cert/cvc/asn1_eac_str.cpp @@ -19,9 +19,9 @@ namespace Botan { /* * Create an ASN1_EAC_String */ -ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : tag(t) +ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : m_tag(t) { - iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); + m_iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); if(!sanity_check()) throw Invalid_Argument("ASN1_EAC_String contains illegal characters"); @@ -32,7 +32,7 @@ ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : tag(t) */ std::string ASN1_EAC_String::iso_8859() const { - return iso_8859_str; + return m_iso_8859_str; } /* @@ -40,7 +40,7 @@ std::string ASN1_EAC_String::iso_8859() const */ std::string ASN1_EAC_String::value() const { - return Charset::transcode(iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); + return Charset::transcode(m_iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); } /* @@ -48,7 +48,7 @@ std::string ASN1_EAC_String::value() const */ ASN1_Tag ASN1_EAC_String::tagging() const { - return tag; + return m_tag; } /* @@ -67,14 +67,14 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); - if(obj.type_tag != this->tag) + if(obj.type_tag != m_tag) { std::stringstream ss; ss << "ASN1_EAC_String tag mismatch, tag was " << std::hex << obj.type_tag << " expected " - << std::hex << this->tag; + << std::hex << m_tag; throw Decoding_Error(ss.str()); } @@ -85,7 +85,7 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) try { *this = ASN1_EAC_String( - Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), + Charset::transcode(ASN1::to_string(obj), LOCAL_CHARSET, charset_is), obj.type_tag); } catch(Invalid_Argument& inv_arg) @@ -99,8 +99,8 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) // p. 43 bool ASN1_EAC_String::sanity_check() const { - const byte* rep = reinterpret_cast<const byte*>(iso_8859_str.data()); - const size_t rep_len = iso_8859_str.size(); + const byte* rep = reinterpret_cast<const byte*>(m_iso_8859_str.data()); + const size_t rep_len = m_iso_8859_str.size(); for(size_t i = 0; i != rep_len; ++i) { diff --git a/src/lib/cert/cvc/asn1_eac_tm.cpp b/src/lib/cert/cvc/asn1_eac_tm.cpp index 83a6ef391..9c65fcf6a 100644 --- a/src/lib/cert/cvc/asn1_eac_tm.cpp +++ b/src/lib/cert/cvc/asn1_eac_tm.cpp @@ -54,19 +54,19 @@ u32bit dec_two_digit(byte b1, byte b2) * Create an EAC_Time */ EAC_Time::EAC_Time(const std::chrono::system_clock::time_point& time, - ASN1_Tag t) : tag(t) + ASN1_Tag t) : m_tag(t) { calendar_point cal = calendar_value(time); - year = cal.year; - month = cal.month; - day = cal.day; + m_year = cal.year; + m_month = cal.month; + m_day = cal.day; } /* * Create an EAC_Time */ -EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t) +EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : m_tag(t) { set_to(t_spec); } @@ -75,7 +75,7 @@ EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t) * Create an EAC_Time */ EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) : - year(y), month(m), day(d), tag(t) + m_year(y), m_month(m), m_day(d), m_tag(t) { } @@ -86,7 +86,7 @@ void EAC_Time::set_to(const std::string& time_str) { if(time_str == "") { - year = month = day = 0; + m_year = m_month = m_day = 0; return; } @@ -110,9 +110,9 @@ void EAC_Time::set_to(const std::string& time_str) if(params.size() != 3) throw Invalid_Argument("Invalid time specification " + time_str); - year = to_u32bit(params[0]); - month = to_u32bit(params[1]); - day = to_u32bit(params[2]); + m_year = to_u32bit(params[0]); + m_month = to_u32bit(params[1]); + m_day = to_u32bit(params[2]); if(!passes_sanity_check()) throw Invalid_Argument("Invalid time specification " + time_str); @@ -124,7 +124,7 @@ void EAC_Time::set_to(const std::string& time_str) */ void EAC_Time::encode_into(DER_Encoder& der) const { - der.add_object(tag, APPLICATION, + der.add_object(m_tag, APPLICATION, encoded_eac_time()); } @@ -136,7 +136,7 @@ std::string EAC_Time::as_string() const if(time_is_set() == false) throw Invalid_State("EAC_Time::as_string: No time set"); - return std::to_string(year * 10000 + month * 100 + day); + return std::to_string(m_year * 10000 + m_month * 100 + m_day); } /* @@ -144,7 +144,7 @@ std::string EAC_Time::as_string() const */ bool EAC_Time::time_is_set() const { - return (year != 0); + return (m_year != 0); } /* @@ -158,9 +158,9 @@ std::string EAC_Time::readable_string() const // desired format: "%04d/%02d/%02d" std::stringstream output; output << std::setfill('0') - << std::setw(4) << year << "/" - << std::setw(2) << month << "/" - << std::setw(2) << day; + << std::setw(4) << m_year << "/" + << std::setw(2) << m_month << "/" + << std::setw(2) << m_day; return output.str(); } @@ -169,11 +169,11 @@ std::string EAC_Time::readable_string() const */ bool EAC_Time::passes_sanity_check() const { - if(year < 2000 || year > 2099) + if(m_year < 2000 || m_year > 2099) return false; - if(month == 0 || month > 12) + if(m_month == 0 || m_month > 12) return false; - if(day == 0 || day > 31) + if(m_day == 0 || m_day > 31) return false; return true; @@ -184,17 +184,17 @@ bool EAC_Time::passes_sanity_check() const */ void EAC_Time::add_years(u32bit years) { - year += years; + m_year += years; } void EAC_Time::add_months(u32bit months) { - year += months/12; - month += months % 12; - if(month > 12) + m_year += months/12; + m_month += months % 12; + if(m_month > 12) { - year += 1; - month -= 12; + m_year += 1; + m_month -= 12; } } @@ -208,12 +208,12 @@ s32bit EAC_Time::cmp(const EAC_Time& other) const const s32bit EARLIER = -1, LATER = 1, SAME_TIME = 0; - if(year < other.year) return EARLIER; - if(year > other.year) return LATER; - if(month < other.month) return EARLIER; - if(month > other.month) return LATER; - if(day < other.day) return EARLIER; - if(day > other.day) return LATER; + if(m_year < other.m_year) return EARLIER; + if(m_year > other.m_year) return LATER; + if(m_month < other.m_month) return EARLIER; + if(m_month > other.m_month) return LATER; + if(m_day < other.m_day) return EARLIER; + if(m_day > other.m_day) return LATER; return SAME_TIME; } @@ -258,7 +258,7 @@ void EAC_Time::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); - if(obj.type_tag != this->tag) + if(obj.type_tag != m_tag) throw BER_Decoding_Error("Tag mismatch when decoding"); if(obj.value.size() != 6) @@ -271,9 +271,9 @@ void EAC_Time::decode_from(BER_Decoder& source) u32bit tmp_year = dec_two_digit(obj.value[0], obj.value[1]); u32bit tmp_mon = dec_two_digit(obj.value[2], obj.value[3]); u32bit tmp_day = dec_two_digit(obj.value[4], obj.value[5]); - year = tmp_year + 2000; - month = tmp_mon; - day = tmp_day; + m_year = tmp_year + 2000; + m_month = tmp_mon; + m_day = tmp_day; } catch (Invalid_Argument) { @@ -288,9 +288,9 @@ void EAC_Time::decode_from(BER_Decoder& source) std::vector<byte> EAC_Time::encoded_eac_time() const { std::vector<byte> result; - result += enc_two_digit(year); - result += enc_two_digit(month); - result += enc_two_digit(day); + result += enc_two_digit(m_year); + result += enc_two_digit(m_month); + result += enc_two_digit(m_day); return result; } diff --git a/src/lib/cert/cvc/cvc_ado.cpp b/src/lib/cert/cvc/cvc_ado.cpp index 21a345808..f803c6bf3 100644 --- a/src/lib/cert/cvc/cvc_ado.cpp +++ b/src/lib/cert/cvc/cvc_ado.cpp @@ -27,7 +27,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in) void EAC1_1_ADO::force_decode() { std::vector<byte> inner_cert; - BER_Decoder(tbs_bits) + BER_Decoder(m_tbs_bits) .start_cons(ASN1_Tag(33)) .raw_bytes(inner_cert) .end_cons() @@ -42,7 +42,7 @@ void EAC1_1_ADO::force_decode() DataSource_Memory req_source(req_bits); m_req = EAC1_1_Req(req_source); - sig_algo = m_req.sig_algo; + m_sig_algo = m_req.m_sig_algo; } std::vector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer, @@ -101,7 +101,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const out.write(DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) - .raw_bytes(tbs_bits) + .raw_bytes(m_tbs_bits) .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() .get_contents()); @@ -109,7 +109,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const std::vector<byte> EAC1_1_ADO::tbs_data() const { - return tbs_bits; + return m_tbs_bits; } bool EAC1_1_ADO::operator==(EAC1_1_ADO const& rhs) const diff --git a/src/lib/cert/cvc/cvc_cert.cpp b/src/lib/cert/cvc/cvc_cert.cpp index cf6bc409a..280a8acda 100644 --- a/src/lib/cert/cvc/cvc_cert.cpp +++ b/src/lib/cert/cvc/cvc_cert.cpp @@ -36,7 +36,7 @@ void EAC1_1_CVC::force_decode() std::vector<byte> enc_pk; std::vector<byte> enc_chat_val; size_t cpi; - BER_Decoder tbs_cert(tbs_bits); + BER_Decoder tbs_cert(m_tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) .decode(m_car) .start_cons(ASN1_Tag(73)) @@ -57,11 +57,11 @@ void EAC1_1_CVC::force_decode() if(cpi != 0) throw Decoding_Error("EAC1_1 certificate's cpi was not 0"); - m_pk = decode_eac1_1_key(enc_pk, sig_algo); + m_pk = decode_eac1_1_key(enc_pk, m_sig_algo); m_chat_val = enc_chat_val[0]; - self_signed = (m_car.iso_8859() == m_chr.iso_8859()); + m_self_signed = (m_car.iso_8859() == m_chr.iso_8859()); } /* @@ -70,7 +70,7 @@ void EAC1_1_CVC::force_decode() EAC1_1_CVC::EAC1_1_CVC(DataSource& in) { init(in); - self_signed = false; + m_self_signed = false; do_decode(); } @@ -78,7 +78,7 @@ EAC1_1_CVC::EAC1_1_CVC(const std::string& in) { DataSource_Stream stream(in, true); init(stream); - self_signed = false; + m_self_signed = false; do_decode(); } diff --git a/src/lib/cert/cvc/cvc_gen_cert.h b/src/lib/cert/cvc/cvc_gen_cert.h index 6bdf116f3..2c3bca73d 100644 --- a/src/lib/cert/cvc/cvc_gen_cert.h +++ b/src/lib/cert/cvc/cvc_gen_cert.h @@ -85,7 +85,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 protected: ECDSA_PublicKey* m_pk; ASN1_Chr m_chr; - bool self_signed; + bool m_self_signed; static void decode_info(DataSource& source, std::vector<byte> & res_tbs_bits, @@ -100,7 +100,7 @@ template<typename Derived> ASN1_Chr EAC1_1_gen_CVC<Derived>::get_chr() const template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const { - return self_signed; + return m_self_signed; } template<typename Derived> @@ -135,7 +135,7 @@ template<typename Derived> std::vector<byte> EAC1_1_gen_CVC<Derived>::build_cert template<typename Derived> std::vector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const { - return build_cert_body(EAC1_1_obj<Derived>::tbs_bits); + return build_cert_body(EAC1_1_obj<Derived>::m_tbs_bits); } template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_Encoding encoding) const @@ -144,7 +144,7 @@ template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_ std::vector<byte> der = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .start_cons(ASN1_Tag(78), APPLICATION) - .raw_bytes(EAC1_1_obj<Derived>::tbs_bits) + .raw_bytes(EAC1_1_obj<Derived>::m_tbs_bits) .end_cons() .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() diff --git a/src/lib/cert/cvc/cvc_req.cpp b/src/lib/cert/cvc/cvc_req.cpp index e142a5ac6..1cb6b50ac 100644 --- a/src/lib/cert/cvc/cvc_req.cpp +++ b/src/lib/cert/cvc/cvc_req.cpp @@ -20,7 +20,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const void EAC1_1_Req::force_decode() { std::vector<byte> enc_pk; - BER_Decoder tbs_cert(tbs_bits); + BER_Decoder tbs_cert(m_tbs_bits); size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) .start_cons(ASN1_Tag(73)) @@ -32,13 +32,13 @@ void EAC1_1_Req::force_decode() if(cpi != 0) throw Decoding_Error("EAC1_1 requests cpi was not 0"); - m_pk = decode_eac1_1_key(enc_pk, sig_algo); + m_pk = decode_eac1_1_key(enc_pk, m_sig_algo); } EAC1_1_Req::EAC1_1_Req(DataSource& in) { init(in); - self_signed = true; + m_self_signed = true; do_decode(); } @@ -46,7 +46,7 @@ EAC1_1_Req::EAC1_1_Req(const std::string& in) { DataSource_Stream stream(in, true); init(stream); - self_signed = true; + m_self_signed = true; do_decode(); } diff --git a/src/lib/cert/cvc/cvc_self.h b/src/lib/cert/cvc/cvc_self.h index 005703636..d56e96c40 100644 --- a/src/lib/cert/cvc/cvc_self.h +++ b/src/lib/cert/cvc/cvc_self.h @@ -24,11 +24,22 @@ class BOTAN_DLL EAC1_1_CVC_Options { public: + // public member variable: ASN1_Car car; + + // public member variable: ASN1_Chr chr; + + // public member variable: byte holder_auth_templ; + + // public member variable: ASN1_Ced ced; + + // public member variable: ASN1_Cex cex; + + // public member variable: std::string hash_alg; }; diff --git a/src/lib/cert/cvc/eac_asn_obj.h b/src/lib/cert/cvc/eac_asn_obj.h index e102c65fb..b4dcb6342 100644 --- a/src/lib/cert/cvc/eac_asn_obj.h +++ b/src/lib/cert/cvc/eac_asn_obj.h @@ -74,19 +74,19 @@ class BOTAN_DLL EAC_Time : public ASN1_Object * Get the year value of this objects. * @return year value */ - u32bit get_year() const { return year; } + u32bit get_year() const { return m_year; } /** * Get the month value of this objects. * @return month value */ - u32bit get_month() const { return month; } + u32bit get_month() const { return m_month; } /** * Get the day value of this objects. * @return day value */ - u32bit get_day() const { return day; } + u32bit get_day() const { return m_day; } EAC_Time(const std::chrono::system_clock::time_point& time, ASN1_Tag tag = ASN1_Tag(0)); @@ -101,8 +101,8 @@ class BOTAN_DLL EAC_Time : public ASN1_Object private: std::vector<byte> encoded_eac_time() const; bool passes_sanity_check() const; - u32bit year, month, day; - ASN1_Tag tag; + u32bit m_year, m_month, m_day; + ASN1_Tag m_tag; }; /** @@ -188,8 +188,8 @@ class BOTAN_DLL ASN1_EAC_String: public ASN1_Object protected: bool sanity_check() const; private: - std::string iso_8859_str; - ASN1_Tag tag; + std::string m_iso_8859_str; + ASN1_Tag m_tag; }; /** diff --git a/src/lib/cert/cvc/eac_obj.h b/src/lib/cert/cvc/eac_obj.h index b1e353ddf..a6e676076 100644 --- a/src/lib/cert/cvc/eac_obj.h +++ b/src/lib/cert/cvc/eac_obj.h @@ -39,11 +39,11 @@ class EAC1_1_obj : public EAC_Signed_Object { try { - Derived::decode_info(in, tbs_bits, m_sig); + Derived::decode_info(in, m_tbs_bits, m_sig); } catch(Decoding_Error) { - throw Decoding_Error(PEM_label_pref + " decoding failed"); + throw Decoding_Error(m_PEM_label_pref + " decoding failed"); } } diff --git a/src/lib/cert/cvc/signed_obj.cpp b/src/lib/cert/cvc/signed_obj.cpp index 4a0f12008..1e3849663 100644 --- a/src/lib/cert/cvc/signed_obj.cpp +++ b/src/lib/cert/cvc/signed_obj.cpp @@ -41,7 +41,7 @@ std::string EAC_Signed_Object::PEM_encode() const */ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const { - return sig_algo; + return m_sig_algo; } bool EAC_Signed_Object::check_signature(Public_Key& pub_key, @@ -50,7 +50,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, try { std::vector<std::string> sig_info = - split_on(OIDS::lookup(sig_algo.oid), '/'); + split_on(OIDS::lookup(m_sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) { @@ -83,12 +83,12 @@ void EAC_Signed_Object::do_decode() catch(Decoding_Error& e) { const std::string what = e.what(); - throw Decoding_Error(PEM_label_pref + " decoding failed (" + what + ")"); + throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + what + ")"); } catch(Invalid_Argument& e) { const std::string what = e.what(); - throw Decoding_Error(PEM_label_pref + " decoding failed (" + what + ")"); + throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + what + ")"); } } diff --git a/src/lib/cert/cvc/signed_obj.h b/src/lib/cert/cvc/signed_obj.h index aa6ace4b7..b3fe20f31 100644 --- a/src/lib/cert/cvc/signed_obj.h +++ b/src/lib/cert/cvc/signed_obj.h @@ -82,10 +82,10 @@ class BOTAN_DLL EAC_Signed_Object void do_decode(); EAC_Signed_Object() {} - AlgorithmIdentifier sig_algo; - std::vector<byte> tbs_bits; - std::string PEM_label_pref; - std::vector<std::string> PEM_labels_allowed; + AlgorithmIdentifier m_sig_algo; + std::vector<byte> m_tbs_bits; + std::string m_PEM_label_pref; + std::vector<std::string> m_PEM_labels_allowed; private: virtual void force_decode() = 0; }; diff --git a/src/lib/cert/x509/certstor.cpp b/src/lib/cert/x509/certstor.cpp index e3498f602..26c9ce117 100644 --- a/src/lib/cert/x509/certstor.cpp +++ b/src/lib/cert/x509/certstor.cpp @@ -115,7 +115,7 @@ Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir) { - if(dir == "") + if(dir.empty()) return; std::vector<std::string> maybe_certs = get_files_recursive(dir); diff --git a/src/lib/cert/x509/certstor.h b/src/lib/cert/x509/certstor.h index eb42c6a49..29948c709 100644 --- a/src/lib/cert/x509/certstor.h +++ b/src/lib/cert/x509/certstor.h @@ -48,9 +48,9 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store * Attempt to parse all files in dir (including subdirectories) * as certificates. Ignores errors. */ - Certificate_Store_In_Memory(const std::string& dir); + explicit Certificate_Store_In_Memory(const std::string& dir); - Certificate_Store_In_Memory(const X509_Certificate& cert); + explicit Certificate_Store_In_Memory(const X509_Certificate& cert); Certificate_Store_In_Memory() {} @@ -74,7 +74,7 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store { public: - Certificate_Store_Overlay(const std::vector<X509_Certificate>& certs) : + explicit Certificate_Store_Overlay(const std::vector<X509_Certificate>& certs) : m_certs(certs) {} std::vector<X509_DN> all_subjects() const override; diff --git a/src/lib/cert/x509/crl_ent.cpp b/src/lib/cert/x509/crl_ent.cpp index 1f2069baa..d6923f714 100644 --- a/src/lib/cert/x509/crl_ent.cpp +++ b/src/lib/cert/x509/crl_ent.cpp @@ -18,20 +18,20 @@ namespace Botan { * Create a CRL_Entry */ CRL_Entry::CRL_Entry(bool t_on_unknown_crit) : - throw_on_unknown_critical(t_on_unknown_crit) + m_throw_on_unknown_critical(t_on_unknown_crit) { - reason = UNSPECIFIED; + m_reason = UNSPECIFIED; } /* * Create a CRL_Entry */ CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) : - throw_on_unknown_critical(false) + m_throw_on_unknown_critical(false) { - serial = cert.serial_number(); - time = X509_Time(std::chrono::system_clock::now()); - reason = why; + m_serial = cert.serial_number(); + m_time = X509_Time(std::chrono::system_clock::now()); + m_reason = why; } /* @@ -63,11 +63,11 @@ void CRL_Entry::encode_into(DER_Encoder& der) const { Extensions extensions; - extensions.add(new Cert_Extension::CRL_ReasonCode(reason)); + extensions.add(new Cert_Extension::CRL_ReasonCode(m_reason)); der.start_cons(SEQUENCE) - .encode(BigInt::decode(serial)) - .encode(time) + .encode(BigInt::decode(m_serial)) + .encode(m_time) .start_cons(SEQUENCE) .encode(extensions) .end_cons() @@ -80,24 +80,24 @@ void CRL_Entry::encode_into(DER_Encoder& der) const void CRL_Entry::decode_from(BER_Decoder& source) { BigInt serial_number_bn; - reason = UNSPECIFIED; + m_reason = UNSPECIFIED; BER_Decoder entry = source.start_cons(SEQUENCE); - entry.decode(serial_number_bn).decode(time); + entry.decode(serial_number_bn).decode(m_time); if(entry.more_items()) { - Extensions extensions(throw_on_unknown_critical); + Extensions extensions(m_throw_on_unknown_critical); entry.decode(extensions); Data_Store info; extensions.contents_to(info, info); - reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode")); + m_reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode")); } entry.end_cons(); - serial = BigInt::encode(serial_number_bn); + m_serial = BigInt::encode(serial_number_bn); } } diff --git a/src/lib/cert/x509/crl_ent.h b/src/lib/cert/x509/crl_ent.h index 42cb25fe3..11ab34365 100644 --- a/src/lib/cert/x509/crl_ent.h +++ b/src/lib/cert/x509/crl_ent.h @@ -36,7 +36,7 @@ enum CRL_Code { /** * This class represents CRL entries */ -class BOTAN_DLL CRL_Entry : public ASN1_Object +class BOTAN_DLL CRL_Entry final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -46,24 +46,24 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object * Get the serial number of the certificate associated with this entry. * @return certificate's serial number */ - std::vector<byte> serial_number() const { return serial; } + std::vector<byte> serial_number() const { return m_serial; } /** * Get the revocation date of the certificate associated with this entry * @return certificate's revocation date */ - X509_Time expire_time() const { return time; } + X509_Time expire_time() const { return m_time; } /** * Get the entries reason code * @return reason code */ - CRL_Code reason_code() const { return reason; } + CRL_Code reason_code() const { return m_reason; } /** * Construct an empty CRL entry. */ - CRL_Entry(bool throw_on_unknown_critical_extension = false); + explicit CRL_Entry(bool throw_on_unknown_critical_extension = false); /** * Construct an CRL entry. @@ -74,10 +74,10 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object CRL_Code reason = UNSPECIFIED); private: - bool throw_on_unknown_critical; - std::vector<byte> serial; - X509_Time time; - CRL_Code reason; + bool m_throw_on_unknown_critical; + std::vector<byte> m_serial; + X509_Time m_time; + CRL_Code m_reason; }; /** diff --git a/src/lib/cert/x509/ocsp.cpp b/src/lib/cert/x509/ocsp.cpp index 75475fe55..4f4a3aece 100644 --- a/src/lib/cert/x509/ocsp.cpp +++ b/src/lib/cert/x509/ocsp.cpp @@ -228,7 +228,7 @@ Response online_check(const X509_Certificate& issuer, { const std::string responder_url = subject.ocsp_responder(); - if(responder_url == "") + if(responder_url.empty()) throw Exception("No OCSP responder specified"); OCSP::Request req(issuer, subject); diff --git a/src/lib/cert/x509/ocsp_types.h b/src/lib/cert/x509/ocsp_types.h index 42a84c38b..6df8ac17f 100644 --- a/src/lib/cert/x509/ocsp_types.h +++ b/src/lib/cert/x509/ocsp_types.h @@ -16,7 +16,7 @@ namespace Botan { namespace OCSP { -class BOTAN_DLL CertID : public ASN1_Object +class BOTAN_DLL CertID final : public ASN1_Object { public: CertID() {} @@ -39,7 +39,7 @@ class BOTAN_DLL CertID : public ASN1_Object BigInt m_subject_serial; }; -class BOTAN_DLL SingleResponse : public ASN1_Object +class BOTAN_DLL SingleResponse final : public ASN1_Object { public: const CertID& certid() const { return m_certid; } diff --git a/src/lib/cert/x509/pkcs10.cpp b/src/lib/cert/x509/pkcs10.cpp index cb4be6d5f..40a9894cc 100644 --- a/src/lib/cert/x509/pkcs10.cpp +++ b/src/lib/cert/x509/pkcs10.cpp @@ -48,7 +48,7 @@ PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) : */ void PKCS10_Request::force_decode() { - BER_Decoder cert_req_info(tbs_bits); + BER_Decoder cert_req_info(m_tbs_bits); size_t version; cert_req_info.decode(version); @@ -59,14 +59,14 @@ void PKCS10_Request::force_decode() X509_DN dn_subject; cert_req_info.decode(dn_subject); - info.add(dn_subject.contents()); + m_info.add(dn_subject.contents()); BER_Object public_key = cert_req_info.get_next_object(); if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - info.add("X509.Certificate.public_key", + m_info.add("X509.Certificate.public_key", PEM_Code::encode( ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" @@ -108,13 +108,13 @@ void PKCS10_Request::handle_attribute(const Attribute& attr) { ASN1_String email; value.decode(email); - info.add("RFC822", email.value()); + m_info.add("RFC822", email.value()); } else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) { ASN1_String challenge_password; value.decode(challenge_password); - info.add("PKCS9.ChallengePassword", challenge_password.value()); + m_info.add("PKCS9.ChallengePassword", challenge_password.value()); } else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) { @@ -122,7 +122,7 @@ void PKCS10_Request::handle_attribute(const Attribute& attr) value.decode(extensions).verify_end(); Data_Store issuer_info; - extensions.contents_to(info, issuer_info); + extensions.contents_to(m_info, issuer_info); } } @@ -131,7 +131,7 @@ void PKCS10_Request::handle_attribute(const Attribute& attr) */ std::string PKCS10_Request::challenge_password() const { - return info.get1("PKCS9.ChallengePassword"); + return m_info.get1("PKCS9.ChallengePassword"); } /* @@ -139,7 +139,7 @@ std::string PKCS10_Request::challenge_password() const */ X509_DN PKCS10_Request::subject_dn() const { - return create_dn(info); + return create_dn(m_info); } /* @@ -147,7 +147,7 @@ X509_DN PKCS10_Request::subject_dn() const */ std::vector<byte> PKCS10_Request::raw_public_key() const { - DataSource_Memory source(info.get1("X509.Certificate.public_key")); + DataSource_Memory source(m_info.get1("X509.Certificate.public_key")); return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); } @@ -156,7 +156,7 @@ std::vector<byte> PKCS10_Request::raw_public_key() const */ Public_Key* PKCS10_Request::subject_public_key() const { - DataSource_Memory source(info.get1("X509.Certificate.public_key")); + DataSource_Memory source(m_info.get1("X509.Certificate.public_key")); return X509::load_key(source); } @@ -165,7 +165,7 @@ Public_Key* PKCS10_Request::subject_public_key() const */ AlternativeName PKCS10_Request::subject_alt_name() const { - return create_alt_name(info); + return create_alt_name(m_info); } /* @@ -173,7 +173,7 @@ AlternativeName PKCS10_Request::subject_alt_name() const */ Key_Constraints PKCS10_Request::constraints() const { - return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); + return Key_Constraints(m_info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); } /* @@ -181,7 +181,7 @@ Key_Constraints PKCS10_Request::constraints() const */ std::vector<OID> PKCS10_Request::ex_constraints() const { - std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage"); + std::vector<std::string> oids = m_info.get("X509v3.ExtendedKeyUsage"); std::vector<OID> result; for(size_t i = 0; i != oids.size(); ++i) @@ -194,7 +194,7 @@ std::vector<OID> PKCS10_Request::ex_constraints() const */ bool PKCS10_Request::is_CA() const { - return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0); + return (m_info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0); } /* @@ -202,7 +202,7 @@ bool PKCS10_Request::is_CA() const */ u32bit PKCS10_Request::path_limit() const { - return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); + return m_info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); } } diff --git a/src/lib/cert/x509/pkcs10.h b/src/lib/cert/x509/pkcs10.h index 6aa66fbfd..8c9f49d84 100644 --- a/src/lib/cert/x509/pkcs10.h +++ b/src/lib/cert/x509/pkcs10.h @@ -21,7 +21,7 @@ namespace Botan { /** * PKCS #10 Certificate Request. */ -class BOTAN_DLL PKCS10_Request : public X509_Object +class BOTAN_DLL PKCS10_Request final : public X509_Object { public: /** @@ -84,25 +84,25 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * Create a PKCS#10 Request from a data source. * @param source the data source providing the DER encoded request */ - PKCS10_Request(DataSource& source); + explicit PKCS10_Request(DataSource& source); /** * Create a PKCS#10 Request from a file. * @param filename the name of the file containing the DER or PEM * encoded request file */ - PKCS10_Request(const std::string& filename); + explicit PKCS10_Request(const std::string& filename); /** * Create a PKCS#10 Request from binary data. * @param vec a std::vector containing the DER value */ - PKCS10_Request(const std::vector<byte>& vec); + explicit PKCS10_Request(const std::vector<byte>& vec); private: void force_decode() override; void handle_attribute(const Attribute&); - Data_Store info; + Data_Store m_info; }; } diff --git a/src/lib/cert/x509/x509_ca.cpp b/src/lib/cert/x509/x509_ca.cpp index d329bfdd8..46c8c65f2 100644 --- a/src/lib/cert/x509/x509_ca.cpp +++ b/src/lib/cert/x509/x509_ca.cpp @@ -26,12 +26,12 @@ namespace Botan { */ X509_CA::X509_CA(const X509_Certificate& c, const Private_Key& key, - const std::string& hash_fn) : cert(c) + const std::string& hash_fn) : m_cert(c) { - if(!cert.is_CA_cert()) + if(!m_cert.is_CA_cert()) throw Invalid_Argument("X509_CA: This certificate is not for a CA"); - signer = choose_sig_format(key, hash_fn, ca_sig_algo); + m_signer = choose_sig_format(key, hash_fn, m_ca_sig_algo); } /* @@ -39,7 +39,7 @@ X509_CA::X509_CA(const X509_Certificate& c, */ X509_CA::~X509_CA() { - delete signer; + delete m_signer; } /* @@ -67,7 +67,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.add(new Cert_Extension::Key_Usage(constraints), true); - extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); + extensions.add(new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id())); extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.add( @@ -76,10 +76,10 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.add( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); - return make_cert(signer, rng, ca_sig_algo, + return make_cert(m_signer, rng, m_ca_sig_algo, req.raw_public_key(), not_before, not_after, - cert.subject_dn(), req.subject_dn(), + m_cert.subject_dn(), req.subject_dn(), extensions); } @@ -177,16 +177,16 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, Extensions extensions; extensions.add( - new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); + new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); // clang-format off const std::vector<byte> crl = X509_Object::make_signed( - signer, rng, ca_sig_algo, + m_signer, rng, m_ca_sig_algo, DER_Encoder().start_cons(SEQUENCE) .encode(X509_CRL_VERSION-1) - .encode(ca_sig_algo) - .encode(cert.issuer_dn()) + .encode(m_ca_sig_algo) + .encode(m_cert.issuer_dn()) .encode(X509_Time(current_time)) .encode(X509_Time(expire_time)) .encode_if(revoked.size() > 0, @@ -212,7 +212,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, */ X509_Certificate X509_CA::ca_certificate() const { - return cert; + return m_cert; } /* diff --git a/src/lib/cert/x509/x509_ca.h b/src/lib/cert/x509/x509_ca.h index 2e05258e3..6ea51cd06 100644 --- a/src/lib/cert/x509/x509_ca.h +++ b/src/lib/cert/x509/x509_ca.h @@ -107,9 +107,9 @@ class BOTAN_DLL X509_CA u32bit crl_number, u32bit next_update, RandomNumberGenerator& rng) const; - AlgorithmIdentifier ca_sig_algo; - X509_Certificate cert; - PK_Signer* signer; + AlgorithmIdentifier m_ca_sig_algo; + X509_Certificate m_cert; + PK_Signer* m_signer; }; /** diff --git a/src/lib/cert/x509/x509_crl.cpp b/src/lib/cert/x509/x509_crl.cpp index 8b6d1522b..64cb1b308 100644 --- a/src/lib/cert/x509/x509_crl.cpp +++ b/src/lib/cert/x509/x509_crl.cpp @@ -19,7 +19,7 @@ namespace Botan { * Load a X.509 CRL */ X509_CRL::X509_CRL(DataSource& in, bool touc) : - X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc) + X509_Object(in, "X509 CRL/CRL"), m_throw_on_unknown_critical(touc) { do_decode(); } @@ -28,13 +28,13 @@ X509_CRL::X509_CRL(DataSource& in, bool touc) : * Load a X.509 CRL */ X509_CRL::X509_CRL(const std::string& in, bool touc) : - X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) + X509_Object(in, "CRL/X509 CRL"), m_throw_on_unknown_critical(touc) { do_decode(); } X509_CRL::X509_CRL(const std::vector<byte>& in, bool touc) : - X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) + X509_Object(in, "CRL/X509 CRL"), m_throw_on_unknown_critical(touc) { do_decode(); } @@ -62,11 +62,11 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const bool is_revoked = false; - for(size_t i = 0; i != revoked.size(); ++i) + for(size_t i = 0; i != m_revoked.size(); ++i) { - if(cert_serial == revoked[i].serial_number()) + if(cert_serial == m_revoked[i].serial_number()) { - if(revoked[i].reason_code() == REMOVE_FROM_CRL) + if(m_revoked[i].reason_code() == REMOVE_FROM_CRL) is_revoked = false; else is_revoked = true; @@ -81,7 +81,7 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const */ void X509_CRL::force_decode() { - BER_Decoder tbs_crl(tbs_bits); + BER_Decoder tbs_crl(m_tbs_bits); size_t version; tbs_crl.decode_optional(version, INTEGER, UNIVERSAL); @@ -93,17 +93,17 @@ void X509_CRL::force_decode() AlgorithmIdentifier sig_algo_inner; tbs_crl.decode(sig_algo_inner); - if(sig_algo != sig_algo_inner) + if(m_sig_algo != sig_algo_inner) throw X509_CRL_Error("Algorithm identifier mismatch"); X509_DN dn_issuer; tbs_crl.decode(dn_issuer); - info.add(dn_issuer.contents()); + m_info.add(dn_issuer.contents()); X509_Time start, end; tbs_crl.decode(start).decode(end); - info.add("X509.CRL.start", start.to_string()); - info.add("X509.CRL.end", end.to_string()); + m_info.add("X509.CRL.start", start.to_string()); + m_info.add("X509.CRL.end", end.to_string()); BER_Object next = tbs_crl.get_next_object(); @@ -113,9 +113,9 @@ void X509_CRL::force_decode() while(cert_list.more_items()) { - CRL_Entry entry(throw_on_unknown_critical); + CRL_Entry entry(m_throw_on_unknown_critical); cert_list.decode(entry); - revoked.push_back(entry); + m_revoked.push_back(entry); } next = tbs_crl.get_next_object(); } @@ -125,11 +125,11 @@ void X509_CRL::force_decode() { BER_Decoder crl_options(next.value); - Extensions extensions(throw_on_unknown_critical); + Extensions extensions(m_throw_on_unknown_critical); crl_options.decode(extensions).verify_end(); - extensions.contents_to(info, info); + extensions.contents_to(m_info, m_info); next = tbs_crl.get_next_object(); } @@ -145,7 +145,7 @@ void X509_CRL::force_decode() */ std::vector<CRL_Entry> X509_CRL::get_revoked() const { - return revoked; + return m_revoked; } /* @@ -153,7 +153,7 @@ std::vector<CRL_Entry> X509_CRL::get_revoked() const */ X509_DN X509_CRL::issuer_dn() const { - return create_dn(info); + return create_dn(m_info); } /* @@ -161,7 +161,7 @@ X509_DN X509_CRL::issuer_dn() const */ std::vector<byte> X509_CRL::authority_key_id() const { - return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); + return m_info.get1_memvec("X509v3.AuthorityKeyIdentifier"); } /* @@ -169,7 +169,7 @@ std::vector<byte> X509_CRL::authority_key_id() const */ u32bit X509_CRL::crl_number() const { - return info.get1_u32bit("X509v3.CRLNumber"); + return m_info.get1_u32bit("X509v3.CRLNumber"); } /* @@ -177,7 +177,7 @@ u32bit X509_CRL::crl_number() const */ X509_Time X509_CRL::this_update() const { - return X509_Time(info.get1("X509.CRL.start"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); + return X509_Time(m_info.get1("X509.CRL.start"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); } /* @@ -185,7 +185,7 @@ X509_Time X509_CRL::this_update() const */ X509_Time X509_CRL::next_update() const { - return X509_Time(info.get1("X509.CRL.end"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); + return X509_Time(m_info.get1("X509.CRL.end"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); } } diff --git a/src/lib/cert/x509/x509_crl.h b/src/lib/cert/x509/x509_crl.h index a9a8e80cf..29057e944 100644 --- a/src/lib/cert/x509/x509_crl.h +++ b/src/lib/cert/x509/x509_crl.h @@ -19,7 +19,7 @@ class X509_Certificate; /** * This class represents X.509 Certificate Revocation Lists (CRLs). */ -class BOTAN_DLL X509_CRL : public X509_Object +class BOTAN_DLL X509_CRL final : public X509_Object { public: /** @@ -27,7 +27,7 @@ class BOTAN_DLL X509_CRL : public X509_Object */ struct BOTAN_DLL X509_CRL_Error : public Exception { - X509_CRL_Error(const std::string& error) : + explicit X509_CRL_Error(const std::string& error) : Exception("X509_CRL: " + error) {} }; @@ -101,9 +101,9 @@ class BOTAN_DLL X509_CRL : public X509_Object private: void force_decode() override; - bool throw_on_unknown_critical; - std::vector<CRL_Entry> revoked; - Data_Store info; + bool m_throw_on_unknown_critical; + std::vector<CRL_Entry> m_revoked; + Data_Store m_info; }; } diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index f752500c0..f8f9adb2b 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -53,15 +53,13 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object() * Extensions Assignment Operator */ Extensions& Extensions::operator=(const Extensions& other) - { - for(size_t i = 0; i != extensions.size(); ++i) - delete extensions[i].first; - extensions.clear(); + { + m_extensions.clear(); - for(size_t i = 0; i != other.extensions.size(); ++i) - extensions.push_back( - std::make_pair(other.extensions[i].first->copy(), - other.extensions[i].second)); + for(size_t i = 0; i != other.m_extensions.size(); ++i) + m_extensions.push_back( + std::make_pair(std::unique_ptr<Certificate_Extension>(other.m_extensions[i].first->copy()), + other.m_extensions[i].second)); m_throw_on_unknown_critical = other.m_throw_on_unknown_critical; @@ -78,7 +76,14 @@ OID Certificate_Extension::oid_of() const void Extensions::add(Certificate_Extension* extn, bool critical) { - extensions.push_back(std::make_pair(extn, critical)); + m_extensions.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(extn), critical)); + m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical)); + } + + +std::map<OID, std::pair<std::vector<byte>, bool>> Extensions::extensions_raw() const + { + return m_extensions_raw; } /* @@ -86,10 +91,10 @@ void Extensions::add(Certificate_Extension* extn, bool critical) */ void Extensions::encode_into(DER_Encoder& to_object) const { - for(size_t i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != m_extensions.size(); ++i) { - const Certificate_Extension* ext = extensions[i].first; - const bool is_critical = extensions[i].second; + const Certificate_Extension* ext = m_extensions[i].first.get(); + const bool is_critical = m_extensions[i].second; const bool should_encode = ext->should_encode(); @@ -109,9 +114,8 @@ void Extensions::encode_into(DER_Encoder& to_object) const */ void Extensions::decode_from(BER_Decoder& from_source) { - for(size_t i = 0; i != extensions.size(); ++i) - delete extensions[i].first; - extensions.clear(); + m_extensions.clear(); + m_extensions_raw.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); @@ -128,7 +132,9 @@ void Extensions::decode_from(BER_Decoder& from_source) .verify_end() .end_cons(); - Certificate_Extension* ext = get_extension(oid); + m_extensions_raw.emplace(oid, std::make_pair(value, critical)); + + std::unique_ptr<Certificate_Extension> ext(get_extension(oid)); if(!ext && critical && m_throw_on_unknown_critical) throw Decoding_Error("Encountered unknown X.509 extension marked " @@ -146,7 +152,7 @@ void Extensions::decode_from(BER_Decoder& from_source) oid.as_string() + ": " + e.what()); } - extensions.push_back(std::make_pair(ext, critical)); + m_extensions.push_back(std::make_pair(std::move(ext), critical)); } } @@ -159,18 +165,10 @@ void Extensions::decode_from(BER_Decoder& from_source) void Extensions::contents_to(Data_Store& subject_info, Data_Store& issuer_info) const { - for(size_t i = 0; i != extensions.size(); ++i) - extensions[i].first->contents_to(subject_info, issuer_info); + for(size_t i = 0; i != m_extensions.size(); ++i) + m_extensions[i].first->contents_to(subject_info, issuer_info); } -/* -* Delete an Extensions list -*/ -Extensions::~Extensions() - { - for(size_t i = 0; i != extensions.size(); ++i) - delete extensions[i].first; - } namespace Cert_Extension { @@ -179,9 +177,9 @@ namespace Cert_Extension { */ size_t Basic_Constraints::get_path_limit() const { - if(!is_ca) + if(!m_is_ca) throw Invalid_State("Basic_Constraints::get_path_limit: Not a CA"); - return path_limit; + return m_path_limit; } /* @@ -191,10 +189,10 @@ std::vector<byte> Basic_Constraints::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) - .encode_if(is_ca, + .encode_if(m_is_ca, DER_Encoder() - .encode(is_ca) - .encode_optional(path_limit, NO_CERT_PATH_LIMIT) + .encode(m_is_ca) + .encode_optional(m_path_limit, NO_CERT_PATH_LIMIT) ) .end_cons() .get_contents_unlocked(); @@ -207,13 +205,13 @@ void Basic_Constraints::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) - .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false) - .decode_optional(path_limit, INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT) + .decode_optional(m_is_ca, BOOLEAN, UNIVERSAL, false) + .decode_optional(m_path_limit, INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT) .verify_end() .end_cons(); - if(is_ca == false) - path_limit = 0; + if(m_is_ca == false) + m_path_limit = 0; } /* @@ -221,8 +219,8 @@ void Basic_Constraints::decode_inner(const std::vector<byte>& in) */ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const { - subject.add("X509v3.BasicConstraints.is_ca", (is_ca ? 1 : 0)); - subject.add("X509v3.BasicConstraints.path_constraint", path_limit); + subject.add("X509v3.BasicConstraints.is_ca", (m_is_ca ? 1 : 0)); + subject.add("X509v3.BasicConstraints.path_constraint", m_path_limit); } /* @@ -230,18 +228,18 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const */ std::vector<byte> Key_Usage::encode_inner() const { - if(constraints == NO_CONSTRAINTS) + if(m_constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); - const size_t unused_bits = low_bit(constraints) - 1; + const size_t unused_bits = low_bit(m_constraints) - 1; std::vector<byte> der; der.push_back(BIT_STRING); der.push_back(2 + ((unused_bits < 8) ? 1 : 0)); der.push_back(unused_bits % 8); - der.push_back((constraints >> 8) & 0xFF); - if(constraints & 0xFF) - der.push_back(constraints & 0xFF); + der.push_back((m_constraints >> 8) & 0xFF); + if(m_constraints & 0xFF) + der.push_back(m_constraints & 0xFF); return der; } @@ -271,7 +269,7 @@ void Key_Usage::decode_inner(const std::vector<byte>& in) for(size_t i = 1; i != obj.value.size(); ++i) usage = (obj.value[i] << 8) | usage; - constraints = Key_Constraints(usage); + m_constraints = Key_Constraints(usage); } /* @@ -279,7 +277,7 @@ void Key_Usage::decode_inner(const std::vector<byte>& in) */ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const { - subject.add("X509v3.KeyUsage", constraints); + subject.add("X509v3.KeyUsage", m_constraints); } /* @@ -287,7 +285,7 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const */ std::vector<byte> Subject_Key_ID::encode_inner() const { - return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked(); + return DER_Encoder().encode(m_key_id, OCTET_STRING).get_contents_unlocked(); } /* @@ -295,7 +293,7 @@ std::vector<byte> Subject_Key_ID::encode_inner() const */ void Subject_Key_ID::decode_inner(const std::vector<byte>& in) { - BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); + BER_Decoder(in).decode(m_key_id, OCTET_STRING).verify_end(); } /* @@ -303,17 +301,14 @@ void Subject_Key_ID::decode_inner(const std::vector<byte>& in) */ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const { - subject.add("X509v3.SubjectKeyIdentifier", key_id); + subject.add("X509v3.SubjectKeyIdentifier", m_key_id); } /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) - { - SHA_160 hash; - key_id = unlock(hash.process(pub_key)); - } +Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) : m_key_id(unlock(SHA_160().process(pub_key))) + {} /* * Encode the extension @@ -322,7 +317,7 @@ std::vector<byte> Authority_Key_ID::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) + .encode(m_key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) .end_cons() .get_contents_unlocked(); } @@ -334,7 +329,7 @@ void Authority_Key_ID::decode_inner(const std::vector<byte>& in) { BER_Decoder(in) .start_cons(SEQUENCE) - .decode_optional_string(key_id, OCTET_STRING, 0); + .decode_optional_string(m_key_id, OCTET_STRING, 0); } /* @@ -342,8 +337,8 @@ void Authority_Key_ID::decode_inner(const std::vector<byte>& in) */ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const { - if(key_id.size()) - issuer.add("X509v3.AuthorityKeyIdentifier", key_id); + if(m_key_id.size()) + issuer.add("X509v3.AuthorityKeyIdentifier", m_key_id); } /* @@ -351,7 +346,7 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const */ std::vector<byte> Alternative_Name::encode_inner() const { - return DER_Encoder().encode(alt_name).get_contents_unlocked(); + return DER_Encoder().encode(m_alt_name).get_contents_unlocked(); } /* @@ -359,7 +354,7 @@ std::vector<byte> Alternative_Name::encode_inner() const */ void Alternative_Name::decode_inner(const std::vector<byte>& in) { - BER_Decoder(in).decode(alt_name); + BER_Decoder(in).decode(m_alt_name); } /* @@ -371,24 +366,21 @@ void Alternative_Name::contents_to(Data_Store& subject_info, std::multimap<std::string, std::string> contents = get_alt_name().contents(); - if(oid_name_str == "X509v3.SubjectAlternativeName") + if(m_oid_name_str == "X509v3.SubjectAlternativeName") subject_info.add(contents); - else if(oid_name_str == "X509v3.IssuerAlternativeName") + else if(m_oid_name_str == "X509v3.IssuerAlternativeName") issuer_info.add(contents); else throw Internal_Error("In Alternative_Name, unknown type " + - oid_name_str); + m_oid_name_str); } /* * Alternative_Name Constructor */ Alternative_Name::Alternative_Name(const AlternativeName& alt_name, - const std::string& oid_name_str) - { - this->alt_name = alt_name; - this->oid_name_str = oid_name_str; - } + const std::string& oid_name_str) : m_alt_name(alt_name), m_oid_name_str(oid_name_str) + {} /* * Subject_Alternative_Name Constructor @@ -414,7 +406,7 @@ std::vector<byte> Extended_Key_Usage::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) - .encode_list(oids) + .encode_list(m_oids) .end_cons() .get_contents_unlocked(); } @@ -424,7 +416,7 @@ std::vector<byte> Extended_Key_Usage::encode_inner() const */ void Extended_Key_Usage::decode_inner(const std::vector<byte>& in) { - BER_Decoder(in).decode_list(oids); + BER_Decoder(in).decode_list(m_oids); } /* @@ -432,8 +424,8 @@ void Extended_Key_Usage::decode_inner(const std::vector<byte>& in) */ void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const { - for(size_t i = 0; i != oids.size(); ++i) - subject.add("X509v3.ExtendedKeyUsage", oids[i].as_string()); + for(size_t i = 0; i != m_oids.size(); ++i) + subject.add("X509v3.ExtendedKeyUsage", m_oids[i].as_string()); } namespace { @@ -444,10 +436,11 @@ namespace { class Policy_Information : public ASN1_Object { public: + // public member variable: OID oid; Policy_Information() {} - Policy_Information(const OID& oid) : oid(oid) {} + explicit Policy_Information(const OID& oid) : oid(oid) {} void encode_into(DER_Encoder& codec) const override { @@ -474,8 +467,8 @@ std::vector<byte> Certificate_Policies::encode_inner() const { std::vector<Policy_Information> policies; - for(size_t i = 0; i != oids.size(); ++i) - policies.push_back(oids[i]); + for(size_t i = 0; i != m_oids.size(); ++i) + policies.push_back(Policy_Information(m_oids[i])); return DER_Encoder() .start_cons(SEQUENCE) @@ -493,9 +486,9 @@ void Certificate_Policies::decode_inner(const std::vector<byte>& in) BER_Decoder(in).decode_list(policies); - oids.clear(); + m_oids.clear(); for(size_t i = 0; i != policies.size(); ++i) - oids.push_back(policies[i].oid); + m_oids.push_back(policies[i].oid); } /* @@ -503,8 +496,8 @@ void Certificate_Policies::decode_inner(const std::vector<byte>& in) */ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const { - for(size_t i = 0; i != oids.size(); ++i) - info.add("X509v3.CertificatePolicies", oids[i].as_string()); + for(size_t i = 0; i != m_oids.size(); ++i) + info.add("X509v3.CertificatePolicies", m_oids[i].as_string()); } std::vector<byte> Authority_Information_Access::encode_inner() const @@ -549,7 +542,7 @@ void Authority_Information_Access::decode_inner(const std::vector<byte>& in) void Authority_Information_Access::contents_to(Data_Store& subject, Data_Store&) const { - if(m_ocsp_responder != "") + if(!m_ocsp_responder.empty()) subject.add("OCSP.responder", m_ocsp_responder); } @@ -558,9 +551,9 @@ void Authority_Information_Access::contents_to(Data_Store& subject, Data_Store&) */ size_t CRL_Number::get_crl_number() const { - if(!has_value) + if(!m_has_value) throw Invalid_State("CRL_Number::get_crl_number: Not set"); - return crl_number; + return m_crl_number; } /* @@ -568,9 +561,9 @@ size_t CRL_Number::get_crl_number() const */ CRL_Number* CRL_Number::copy() const { - if(!has_value) + if(!m_has_value) throw Invalid_State("CRL_Number::copy: Not set"); - return new CRL_Number(crl_number); + return new CRL_Number(m_crl_number); } /* @@ -578,7 +571,7 @@ CRL_Number* CRL_Number::copy() const */ std::vector<byte> CRL_Number::encode_inner() const { - return DER_Encoder().encode(crl_number).get_contents_unlocked(); + return DER_Encoder().encode(m_crl_number).get_contents_unlocked(); } /* @@ -586,7 +579,7 @@ std::vector<byte> CRL_Number::encode_inner() const */ void CRL_Number::decode_inner(const std::vector<byte>& in) { - BER_Decoder(in).decode(crl_number); + BER_Decoder(in).decode(m_crl_number); } /* @@ -594,7 +587,7 @@ void CRL_Number::decode_inner(const std::vector<byte>& in) */ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const { - info.add("X509v3.CRLNumber", crl_number); + info.add("X509v3.CRLNumber", m_crl_number); } /* @@ -603,7 +596,7 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const std::vector<byte> CRL_ReasonCode::encode_inner() const { return DER_Encoder() - .encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL) + .encode(static_cast<size_t>(m_reason), ENUMERATED, UNIVERSAL) .get_contents_unlocked(); } @@ -614,7 +607,7 @@ void CRL_ReasonCode::decode_inner(const std::vector<byte>& in) { size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); - reason = static_cast<CRL_Code>(reason_code); + m_reason = static_cast<CRL_Code>(reason_code); } /* @@ -622,7 +615,7 @@ void CRL_ReasonCode::decode_inner(const std::vector<byte>& in) */ void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const { - info.add("X509v3.CRLReasonCode", reason); + info.add("X509v3.CRLReasonCode", m_reason); } std::vector<byte> CRL_Distribution_Points::encode_inner() const diff --git a/src/lib/cert/x509/x509_ext.h b/src/lib/cert/x509/x509_ext.h index 2ed892055..8d2dcb52b 100644 --- a/src/lib/cert/x509/x509_ext.h +++ b/src/lib/cert/x509/x509_ext.h @@ -67,16 +67,20 @@ class BOTAN_DLL Extensions : public ASN1_Object void add(Certificate_Extension* extn, bool critical = false); + std::map<OID, std::pair<std::vector<byte>, bool>> extensions_raw() const; + Extensions& operator=(const Extensions&); Extensions(const Extensions&); - Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} - ~Extensions(); + + explicit Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} + private: static Certificate_Extension* get_extension(const OID&); - std::vector<std::pair<Certificate_Extension*, bool> > extensions; + std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> m_extensions; bool m_throw_on_unknown_critical; + std::map<OID, std::pair<std::vector<byte>, bool>> m_extensions_raw; }; namespace Cert_Extension { @@ -86,16 +90,16 @@ static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0; /** * Basic Constraints Extension */ -class BOTAN_DLL Basic_Constraints : public Certificate_Extension +class BOTAN_DLL Basic_Constraints final : public Certificate_Extension { public: Basic_Constraints* copy() const override - { return new Basic_Constraints(is_ca, path_limit); } + { return new Basic_Constraints(m_is_ca, m_path_limit); } Basic_Constraints(bool ca = false, size_t limit = 0) : - is_ca(ca), path_limit(limit) {} + m_is_ca(ca), m_path_limit(limit) {} - bool get_is_ca() const { return is_ca; } + bool get_is_ca() const { return m_is_ca; } size_t get_path_limit() const; private: std::string oid_name() const override @@ -105,81 +109,81 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - bool is_ca; - size_t path_limit; + bool m_is_ca; + size_t m_path_limit; }; /** * Key Usage Constraints Extension */ -class BOTAN_DLL Key_Usage : public Certificate_Extension +class BOTAN_DLL Key_Usage final : public Certificate_Extension { public: - Key_Usage* copy() const override { return new Key_Usage(constraints); } + Key_Usage* copy() const override { return new Key_Usage(m_constraints); } - Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {} + explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {} - Key_Constraints get_constraints() const { return constraints; } + Key_Constraints get_constraints() const { return m_constraints; } private: std::string oid_name() const override { return "X509v3.KeyUsage"; } bool should_encode() const override - { return (constraints != NO_CONSTRAINTS); } + { return (m_constraints != NO_CONSTRAINTS); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - Key_Constraints constraints; + Key_Constraints m_constraints; }; /** * Subject Key Identifier Extension */ -class BOTAN_DLL Subject_Key_ID : public Certificate_Extension +class BOTAN_DLL Subject_Key_ID final : public Certificate_Extension { public: Subject_Key_ID* copy() const override - { return new Subject_Key_ID(key_id); } + { return new Subject_Key_ID(m_key_id); } Subject_Key_ID() {} - Subject_Key_ID(const std::vector<byte>&); + explicit Subject_Key_ID(const std::vector<byte>&); - std::vector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return m_key_id; } private: std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } - bool should_encode() const override { return (key_id.size() > 0); } + bool should_encode() const override { return (m_key_id.size() > 0); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::vector<byte> key_id; + std::vector<byte> m_key_id; }; /** * Authority Key Identifier Extension */ -class BOTAN_DLL Authority_Key_ID : public Certificate_Extension +class BOTAN_DLL Authority_Key_ID final : public Certificate_Extension { public: Authority_Key_ID* copy() const override - { return new Authority_Key_ID(key_id); } + { return new Authority_Key_ID(m_key_id); } Authority_Key_ID() {} - Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {} + explicit Authority_Key_ID(const std::vector<byte>& k) : m_key_id(k) {} - std::vector<byte> get_key_id() const { return key_id; } + std::vector<byte> get_key_id() const { return m_key_id; } private: std::string oid_name() const override { return "X509v3.AuthorityKeyIdentifier"; } - bool should_encode() const override { return (key_id.size() > 0); } + bool should_encode() const override { return (m_key_id.size() > 0); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::vector<byte> key_id; + std::vector<byte> m_key_id; }; /** @@ -188,22 +192,22 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension class BOTAN_DLL Alternative_Name : public Certificate_Extension { public: - AlternativeName get_alt_name() const { return alt_name; } + AlternativeName get_alt_name() const { return m_alt_name; } protected: Alternative_Name(const AlternativeName&, const std::string& oid_name); Alternative_Name(const std::string&, const std::string&); private: - std::string oid_name() const override { return oid_name_str; } + std::string oid_name() const override { return m_oid_name_str; } - bool should_encode() const override { return alt_name.has_items(); } + bool should_encode() const override { return m_alt_name.has_items(); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::string oid_name_str; - AlternativeName alt_name; + std::string m_oid_name_str; + AlternativeName m_alt_name; }; /** @@ -215,7 +219,7 @@ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name Subject_Alternative_Name* copy() const override { return new Subject_Alternative_Name(get_alt_name()); } - Subject_Alternative_Name(const AlternativeName& = AlternativeName()); + explicit Subject_Alternative_Name(const AlternativeName& = AlternativeName()); }; /** @@ -227,60 +231,60 @@ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name Issuer_Alternative_Name* copy() const override { return new Issuer_Alternative_Name(get_alt_name()); } - Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); + explicit Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); }; /** * Extended Key Usage Extension */ -class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension +class BOTAN_DLL Extended_Key_Usage final : public Certificate_Extension { public: Extended_Key_Usage* copy() const override - { return new Extended_Key_Usage(oids); } + { return new Extended_Key_Usage(m_oids); } Extended_Key_Usage() {} - Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {} + explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {} - std::vector<OID> get_oids() const { return oids; } + std::vector<OID> get_oids() const { return m_oids; } private: std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; } - bool should_encode() const override { return (oids.size() > 0); } + bool should_encode() const override { return (m_oids.size() > 0); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::vector<OID> oids; + std::vector<OID> m_oids; }; /** * Certificate Policies Extension */ -class BOTAN_DLL Certificate_Policies : public Certificate_Extension +class BOTAN_DLL Certificate_Policies final : public Certificate_Extension { public: Certificate_Policies* copy() const override - { return new Certificate_Policies(oids); } + { return new Certificate_Policies(m_oids); } Certificate_Policies() {} - Certificate_Policies(const std::vector<OID>& o) : oids(o) {} + explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {} - std::vector<OID> get_oids() const { return oids; } + std::vector<OID> get_oids() const { return m_oids; } private: std::string oid_name() const override { return "X509v3.CertificatePolicies"; } - bool should_encode() const override { return (oids.size() > 0); } + bool should_encode() const override { return (m_oids.size() > 0); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::vector<OID> oids; + std::vector<OID> m_oids; }; -class BOTAN_DLL Authority_Information_Access : public Certificate_Extension +class BOTAN_DLL Authority_Information_Access final : public Certificate_Extension { public: Authority_Information_Access* copy() const override @@ -288,14 +292,14 @@ class BOTAN_DLL Authority_Information_Access : public Certificate_Extension Authority_Information_Access() {} - Authority_Information_Access(const std::string& ocsp) : + explicit Authority_Information_Access(const std::string& ocsp) : m_ocsp_responder(ocsp) {} private: std::string oid_name() const override { return "PKIX.AuthorityInformationAccess"; } - bool should_encode() const override { return (m_ocsp_responder != ""); } + bool should_encode() const override { return (!m_ocsp_responder.empty()); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; @@ -308,57 +312,57 @@ class BOTAN_DLL Authority_Information_Access : public Certificate_Extension /** * CRL Number Extension */ -class BOTAN_DLL CRL_Number : public Certificate_Extension +class BOTAN_DLL CRL_Number final : public Certificate_Extension { public: CRL_Number* copy() const override; - CRL_Number() : has_value(false), crl_number(0) {} - CRL_Number(size_t n) : has_value(true), crl_number(n) {} + CRL_Number() : m_has_value(false), m_crl_number(0) {} + CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {} size_t get_crl_number() const; private: std::string oid_name() const override { return "X509v3.CRLNumber"; } - bool should_encode() const override { return has_value; } + bool should_encode() const override { return m_has_value; } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - bool has_value; - size_t crl_number; + bool m_has_value; + size_t m_crl_number; }; /** * CRL Entry Reason Code Extension */ -class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension +class BOTAN_DLL CRL_ReasonCode final : public Certificate_Extension { public: CRL_ReasonCode* copy() const override - { return new CRL_ReasonCode(reason); } + { return new CRL_ReasonCode(m_reason); } - CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {} + explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {} - CRL_Code get_reason() const { return reason; } + CRL_Code get_reason() const { return m_reason; } private: std::string oid_name() const override { return "X509v3.ReasonCode"; } - bool should_encode() const override { return (reason != UNSPECIFIED); } + bool should_encode() const override { return (m_reason != UNSPECIFIED); } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; - CRL_Code reason; + CRL_Code m_reason; }; /** * CRL Distribution Points Extension */ -class BOTAN_DLL CRL_Distribution_Points : public Certificate_Extension +class BOTAN_DLL CRL_Distribution_Points final : public Certificate_Extension { public: - class BOTAN_DLL Distribution_Point : public ASN1_Object + class BOTAN_DLL Distribution_Point final : public ASN1_Object { public: void encode_into(class DER_Encoder&) const override; @@ -374,7 +378,7 @@ class BOTAN_DLL CRL_Distribution_Points : public Certificate_Extension CRL_Distribution_Points() {} - CRL_Distribution_Points(const std::vector<Distribution_Point>& points) : + explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) : m_distribution_points(points) {} std::vector<Distribution_Point> distribution_points() const diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp index 4dae68607..983be40b2 100644 --- a/src/lib/cert/x509/x509_obj.cpp +++ b/src/lib/cert/x509/x509_obj.cpp @@ -48,12 +48,12 @@ X509_Object::X509_Object(const std::vector<byte>& vec, const std::string& labels */ void X509_Object::init(DataSource& in, const std::string& labels) { - PEM_labels_allowed = split_on(labels, '/'); - if(PEM_labels_allowed.size() < 1) + m_PEM_labels_allowed = split_on(labels, '/'); + if(m_PEM_labels_allowed.size() < 1) throw Invalid_Argument("Bad labels argument to X509_Object"); - PEM_label_pref = PEM_labels_allowed[0]; - std::sort(PEM_labels_allowed.begin(), PEM_labels_allowed.end()); + m_PEM_label_pref = m_PEM_labels_allowed[0]; + std::sort(m_PEM_labels_allowed.begin(), m_PEM_labels_allowed.end()); try { if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) @@ -66,8 +66,8 @@ void X509_Object::init(DataSource& in, const std::string& labels) std::string got_label; DataSource_Memory ber(PEM_Code::decode(in, got_label)); - if(!std::binary_search(PEM_labels_allowed.begin(), - PEM_labels_allowed.end(), got_label)) + if(!std::binary_search(m_PEM_labels_allowed.begin(), + m_PEM_labels_allowed.end(), got_label)) throw Decoding_Error("Invalid PEM label: " + got_label); BER_Decoder dec(ber); @@ -76,7 +76,7 @@ void X509_Object::init(DataSource& in, const std::string& labels) } catch(Decoding_Error& e) { - throw Decoding_Error(PEM_label_pref + " decoding failed: " + e.what()); + throw Decoding_Error(m_PEM_label_pref + " decoding failed: " + e.what()); } } @@ -85,10 +85,10 @@ void X509_Object::encode_into(DER_Encoder& to) const { to.start_cons(SEQUENCE) .start_cons(SEQUENCE) - .raw_bytes(tbs_bits) + .raw_bytes(m_tbs_bits) .end_cons() - .encode(sig_algo) - .encode(sig, BIT_STRING) + .encode(m_sig_algo) + .encode(m_sig, BIT_STRING) .end_cons(); } @@ -99,10 +99,10 @@ void X509_Object::decode_from(BER_Decoder& from) { from.start_cons(SEQUENCE) .start_cons(SEQUENCE) - .raw_bytes(tbs_bits) + .raw_bytes(m_tbs_bits) .end_cons() - .decode(sig_algo) - .decode(sig, BIT_STRING) + .decode(m_sig_algo) + .decode(m_sig, BIT_STRING) .verify_end() .end_cons(); } @@ -122,7 +122,7 @@ std::vector<byte> X509_Object::BER_encode() const */ std::string X509_Object::PEM_encode() const { - return PEM_Code::encode(BER_encode(), PEM_label_pref); + return PEM_Code::encode(BER_encode(), m_PEM_label_pref); } /* @@ -130,7 +130,7 @@ std::string X509_Object::PEM_encode() const */ std::vector<byte> X509_Object::tbs_data() const { - return ASN1::put_in_sequence(tbs_bits); + return ASN1::put_in_sequence(m_tbs_bits); } /* @@ -138,7 +138,7 @@ std::vector<byte> X509_Object::tbs_data() const */ std::vector<byte> X509_Object::signature() const { - return sig; + return m_sig; } /* @@ -146,7 +146,7 @@ std::vector<byte> X509_Object::signature() const */ AlgorithmIdentifier X509_Object::signature_algorithm() const { - return sig_algo; + return m_sig_algo; } /* @@ -155,11 +155,11 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const std::string X509_Object::hash_used_for_signature() const { std::vector<std::string> sig_info = - split_on(OIDS::lookup(sig_algo.oid), '/'); + split_on(OIDS::lookup(m_sig_algo.oid), '/'); if(sig_info.size() != 2) throw Internal_Error("Invalid name format found for " + - sig_algo.oid.as_string()); + m_sig_algo.oid.as_string()); std::vector<std::string> pad_and_hash = parse_algorithm_name(sig_info[1]); @@ -176,10 +176,10 @@ std::string X509_Object::hash_used_for_signature() const bool X509_Object::check_signature(const Public_Key* pub_key) const { if(!pub_key) - throw Exception("No key provided for " + PEM_label_pref + " signature check"); + throw Exception("No key provided for " + m_PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); - } +} /* * Check the signature on an object @@ -188,7 +188,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const { try { std::vector<std::string> sig_info = - split_on(OIDS::lookup(sig_algo.oid), '/'); + split_on(OIDS::lookup(m_sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) return false; @@ -201,7 +201,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const return verifier.verify_message(tbs_data(), signature()); } - catch(std::exception& e) + catch(std::exception&) { return false; } @@ -234,12 +234,12 @@ void X509_Object::do_decode() } catch(Decoding_Error& e) { - throw Decoding_Error(PEM_label_pref + " decoding failed (" + + throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + e.what() + ")"); } catch(Invalid_Argument& e) { - throw Decoding_Error(PEM_label_pref + " decoding failed (" + + throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + e.what() + ")"); } } diff --git a/src/lib/cert/x509/x509_obj.h b/src/lib/cert/x509/x509_obj.h index ec6bd530c..eb929451c 100644 --- a/src/lib/cert/x509/x509_obj.h +++ b/src/lib/cert/x509/x509_obj.h @@ -93,14 +93,14 @@ class BOTAN_DLL X509_Object : public ASN1_Object void do_decode(); X509_Object() {} - AlgorithmIdentifier sig_algo; - std::vector<byte> tbs_bits, sig; + AlgorithmIdentifier m_sig_algo; + std::vector<byte> m_tbs_bits, m_sig; private: virtual void force_decode() = 0; void init(DataSource&, const std::string&); - std::vector<std::string> PEM_labels_allowed; - std::string PEM_label_pref; + std::vector<std::string> m_PEM_labels_allowed; + std::string m_PEM_label_pref; }; } diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index 3d1ebbbad..8d6d9a70a 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -44,7 +44,7 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in) X509_Certificate::X509_Certificate(DataSource& in) : X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - self_signed = false; + m_self_signed = false; do_decode(); } @@ -54,7 +54,7 @@ X509_Certificate::X509_Certificate(DataSource& in) : X509_Certificate::X509_Certificate(const std::string& in) : X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - self_signed = false; + m_self_signed = false; do_decode(); } @@ -64,7 +64,7 @@ X509_Certificate::X509_Certificate(const std::string& in) : X509_Certificate::X509_Certificate(const std::vector<byte>& in) : X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - self_signed = false; + m_self_signed = false; do_decode(); } @@ -79,7 +79,7 @@ void X509_Certificate::force_decode() X509_DN dn_issuer, dn_subject; X509_Time start, end; - BER_Decoder tbs_cert(tbs_bits); + BER_Decoder tbs_cert(m_tbs_bits); tbs_cert.decode_optional(version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) @@ -95,16 +95,16 @@ void X509_Certificate::force_decode() if(version > 2) throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version)); - if(sig_algo != sig_algo_inner) + if(m_sig_algo != sig_algo_inner) throw Decoding_Error("Algorithm identifier mismatch"); - self_signed = (dn_subject == dn_issuer); + m_self_signed = (dn_subject == dn_issuer); - subject.add(dn_subject.contents()); - issuer.add(dn_issuer.contents()); + m_subject.add(dn_subject.contents()); + m_issuer.add(dn_issuer.contents()); - subject.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_subject.get_bits())); - issuer.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_issuer.get_bits())); + m_subject.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_subject.get_bits())); + m_issuer.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_issuer.get_bits())); BER_Object public_key = tbs_cert.get_next_object(); if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) @@ -124,7 +124,8 @@ void X509_Certificate::force_decode() BER_Decoder(v3_exts_data.value).decode(extensions).verify_end(); - extensions.contents_to(subject, issuer); + m_v3_extensions = extensions.extensions_raw(); + extensions.contents_to(m_subject, m_issuer); } else if(v3_exts_data.type_tag != NO_OBJECT) throw BER_Bad_Tag("Unknown tag in X.509 cert", @@ -133,30 +134,30 @@ void X509_Certificate::force_decode() if(tbs_cert.more_items()) throw Decoding_Error("TBSCertificate has more items that expected"); - subject.add("X509.Certificate.version", version); - subject.add("X509.Certificate.serial", BigInt::encode(serial_bn)); - subject.add("X509.Certificate.start", start.to_string()); - subject.add("X509.Certificate.end", end.to_string()); + m_subject.add("X509.Certificate.version", version); + m_subject.add("X509.Certificate.serial", BigInt::encode(serial_bn)); + m_subject.add("X509.Certificate.start", start.to_string()); + m_subject.add("X509.Certificate.end", end.to_string()); - issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id); - subject.add("X509.Certificate.v2.key_id", v2_subject_key_id); + m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id); + m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id); - subject.add("X509.Certificate.public_key", + m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value)); - if(self_signed && version == 0) + if(m_self_signed && version == 0) { - subject.add("X509v3.BasicConstraints.is_ca", 1); - subject.add("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT); + m_subject.add("X509v3.BasicConstraints.is_ca", 1); + m_subject.add("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT); } if(is_CA_cert() && - !subject.has_value("X509v3.BasicConstraints.path_constraint")) + !m_subject.has_value("X509v3.BasicConstraints.path_constraint")) { const size_t limit = (x509_version() < 3) ? Cert_Extension::NO_CERT_PATH_LIMIT : 0; - subject.add("X509v3.BasicConstraints.path_constraint", limit); + m_subject.add("X509v3.BasicConstraints.path_constraint", limit); } } @@ -165,7 +166,7 @@ void X509_Certificate::force_decode() */ u32bit X509_Certificate::x509_version() const { - return (subject.get1_u32bit("X509.Certificate.version") + 1); + return (m_subject.get1_u32bit("X509.Certificate.version") + 1); } /* @@ -173,7 +174,7 @@ u32bit X509_Certificate::x509_version() const */ std::string X509_Certificate::start_time() const { - return subject.get1("X509.Certificate.start"); + return m_subject.get1("X509.Certificate.start"); } /* @@ -181,7 +182,7 @@ std::string X509_Certificate::start_time() const */ std::string X509_Certificate::end_time() const { - return subject.get1("X509.Certificate.end"); + return m_subject.get1("X509.Certificate.end"); } /* @@ -190,7 +191,7 @@ std::string X509_Certificate::end_time() const std::vector<std::string> X509_Certificate::subject_info(const std::string& what) const { - return subject.get(X509_DN::deref_info_field(what)); + return m_subject.get(X509_DN::deref_info_field(what)); } /* @@ -199,7 +200,7 @@ X509_Certificate::subject_info(const std::string& what) const std::vector<std::string> X509_Certificate::issuer_info(const std::string& what) const { - return issuer.get(X509_DN::deref_info_field(what)); + return m_issuer.get(X509_DN::deref_info_field(what)); } /* @@ -213,7 +214,7 @@ Public_Key* X509_Certificate::subject_public_key() const std::vector<byte> X509_Certificate::subject_public_key_bits() const { - return hex_decode(subject.get1("X509.Certificate.public_key")); + return hex_decode(m_subject.get1("X509.Certificate.public_key")); } /* @@ -221,7 +222,7 @@ std::vector<byte> X509_Certificate::subject_public_key_bits() const */ bool X509_Certificate::is_CA_cert() const { - if(!subject.get1_u32bit("X509v3.BasicConstraints.is_ca")) + if(!m_subject.get1_u32bit("X509v3.BasicConstraints.is_ca")) return false; return allowed_usage(Key_Constraints(KEY_CERT_SIGN)); @@ -275,7 +276,7 @@ bool X509_Certificate::allowed_usage(Usage_Type usage) const */ u32bit X509_Certificate::path_limit() const { - return subject.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); + return m_subject.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); } /* @@ -283,7 +284,7 @@ u32bit X509_Certificate::path_limit() const */ Key_Constraints X509_Certificate::constraints() const { - return Key_Constraints(subject.get1_u32bit("X509v3.KeyUsage", + return Key_Constraints(m_subject.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); } @@ -292,7 +293,7 @@ Key_Constraints X509_Certificate::constraints() const */ std::vector<std::string> X509_Certificate::ex_constraints() const { - return lookup_oids(subject.get("X509v3.ExtendedKeyUsage")); + return lookup_oids(m_subject.get("X509v3.ExtendedKeyUsage")); } /* @@ -300,17 +301,22 @@ std::vector<std::string> X509_Certificate::ex_constraints() const */ std::vector<std::string> X509_Certificate::policies() const { - return lookup_oids(subject.get("X509v3.CertificatePolicies")); + return lookup_oids(m_subject.get("X509v3.CertificatePolicies")); + } + +std::map<OID, std::pair<std::vector<byte>, bool>> X509_Certificate::v3_extensions() const + { + return m_v3_extensions; } std::string X509_Certificate::ocsp_responder() const { - return subject.get1("OCSP.responder", ""); + return m_subject.get1("OCSP.responder", ""); } std::string X509_Certificate::crl_distribution_point() const { - return subject.get1("CRL.DistributionPoint", ""); + return m_subject.get1("CRL.DistributionPoint", ""); } /* @@ -318,7 +324,7 @@ std::string X509_Certificate::crl_distribution_point() const */ std::vector<byte> X509_Certificate::authority_key_id() const { - return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); + return m_issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); } /* @@ -326,7 +332,7 @@ std::vector<byte> X509_Certificate::authority_key_id() const */ std::vector<byte> X509_Certificate::subject_key_id() const { - return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); + return m_subject.get1_memvec("X509v3.SubjectKeyIdentifier"); } /* @@ -334,27 +340,27 @@ std::vector<byte> X509_Certificate::subject_key_id() const */ std::vector<byte> X509_Certificate::serial_number() const { - return subject.get1_memvec("X509.Certificate.serial"); + return m_subject.get1_memvec("X509.Certificate.serial"); } X509_DN X509_Certificate::issuer_dn() const { - return create_dn(issuer); + return create_dn(m_issuer); } std::vector<byte> X509_Certificate::raw_issuer_dn() const { - return issuer.get1_memvec("X509.Certificate.dn_bits"); + return m_issuer.get1_memvec("X509.Certificate.dn_bits"); } X509_DN X509_Certificate::subject_dn() const { - return create_dn(subject); + return create_dn(m_subject); } std::vector<byte> X509_Certificate::raw_subject_dn() const { - return subject.get1_memvec("X509.Certificate.dn_bits"); + return m_subject.get1_memvec("X509.Certificate.dn_bits"); } std::string X509_Certificate::fingerprint(const std::string& hash_name) const @@ -379,7 +385,7 @@ std::string X509_Certificate::fingerprint(const std::string& hash_name) const bool X509_Certificate::matches_dns_name(const std::string& name) const { - if(name == "") + if(name.empty()) return false; std::vector<std::string> issued_names = subject_info("DNS"); @@ -402,25 +408,25 @@ bool X509_Certificate::matches_dns_name(const std::string& name) const */ bool X509_Certificate::operator==(const X509_Certificate& other) const { - return (sig == other.sig && - sig_algo == other.sig_algo && - self_signed == other.self_signed && - issuer == other.issuer && - subject == other.subject); + return (m_sig == other.m_sig && + m_sig_algo == other.m_sig_algo && + m_self_signed == other.m_self_signed && + m_issuer == other.m_issuer && + m_subject == other.m_subject); } bool X509_Certificate::operator<(const X509_Certificate& other) const { /* If signature values are not equal, sort by lexicographic ordering of that */ - if(sig != other.sig) + if(m_sig != other.m_sig) { - if(sig < other.sig) + if(m_sig < other.m_sig) return true; return false; } // Then compare the signed contents - return tbs_bits < other.tbs_bits; + return m_tbs_bits < other.m_tbs_bits; } /* @@ -508,9 +514,9 @@ std::string X509_Certificate::to_string() const out << " " << ex_constraints[i] << "\n"; } - if(ocsp_responder() != "") + if(!ocsp_responder().empty()) out << "OCSP responder " << ocsp_responder() << "\n"; - if(crl_distribution_point() != "") + if(!crl_distribution_point().empty()) out << "CRL " << crl_distribution_point() << "\n"; out << "Signature algorithm: " << diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h index 578360a80..32f2bba9f 100644 --- a/src/lib/cert/x509/x509cert.h +++ b/src/lib/cert/x509/x509cert.h @@ -30,7 +30,7 @@ enum class Usage_Type /** * This class represents X.509 Certificate */ -class BOTAN_DLL X509_Certificate : public X509_Object +class BOTAN_DLL X509_Certificate final : public X509_Object { public: /** @@ -129,7 +129,7 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Check whether this certificate is self signed. * @return true if this certificate is self signed */ - bool is_self_signed() const { return self_signed; } + bool is_self_signed() const { return m_self_signed; } /** * Check whether this certificate is a CA certificate. @@ -178,6 +178,12 @@ class BOTAN_DLL X509_Certificate : public X509_Object std::vector<std::string> policies() const; /** + * Get all extensions of this certificate indexed by oid. + * @return extension values and critical flag + */ + std::map<OID, std::pair<std::vector<byte>, bool>> v3_extensions() const; + + /** * Return the listed address of an OCSP responder, or empty if not set */ std::string ocsp_responder() const; @@ -220,16 +226,16 @@ class BOTAN_DLL X509_Certificate : public X509_Object * PEM encoded certificate. * @param source the data source */ - X509_Certificate(DataSource& source); + explicit X509_Certificate(DataSource& source); /** * Create a certificate from a file containing the DER or PEM * encoded certificate. * @param filename the name of the certificate file */ - X509_Certificate(const std::string& filename); + explicit X509_Certificate(const std::string& filename); - X509_Certificate(const std::vector<byte>& in); + explicit X509_Certificate(const std::vector<byte>& in); private: void force_decode() override; @@ -238,8 +244,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object X509_Certificate() {} - Data_Store subject, issuer; - bool self_signed; + Data_Store m_subject, m_issuer; + bool m_self_signed; + std::map<OID, std::pair<std::vector<byte>, bool>> m_v3_extensions; }; /** diff --git a/src/lib/cert/x509/x509opt.cpp b/src/lib/cert/x509/x509opt.cpp index 52845658f..158f4c779 100644 --- a/src/lib/cert/x509/x509opt.cpp +++ b/src/lib/cert/x509/x509opt.cpp @@ -66,7 +66,7 @@ void X509_Cert_Options::CA_key(size_t limit) */ void X509_Cert_Options::sanity_check() const { - if(common_name == "" || country == "") + if(common_name.empty() || country.empty()) throw Encoding_Error("X.509 certificate: name and country MUST be set"); if(country.size() != 2) throw Encoding_Error("Invalid ISO country code: " + country); @@ -89,7 +89,7 @@ X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, start = X509_Time(now); end = X509_Time(now + std::chrono::seconds(expiration_time)); - if(initial_opts == "") + if(initial_opts.empty()) return; std::vector<std::string> parsed = split_on(initial_opts, '/'); diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index 7e54ad9f9..71c025280 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -170,7 +170,7 @@ check_chain(const std::vector<X509_Certificate>& cert_path, else if(ocsp_status == Certificate_Status_Code::OCSP_RESPONSE_GOOD) continue; } - catch(std::exception& e) + catch(std::exception&) { //std::cout << "OCSP error: " << e.what() << "\n"; } @@ -249,7 +249,7 @@ Path_Validation_Result x509_path_validate( std::vector<std::set<Certificate_Status_Code>> res = check_chain(cert_path, restrictions, certstores); - if(hostname != "" && !cert_path[0].matches_dns_name(hostname)) + if(!hostname.empty() && !cert_path[0].matches_dns_name(hostname)) res[0].insert(Certificate_Status_Code::CERT_NAME_NOMATCH); if(!cert_path[0].allowed_usage(usage)) diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h index 08d92915d..b7061685a 100644 --- a/src/lib/cert/x509/x509path.h +++ b/src/lib/cert/x509/x509path.h @@ -120,7 +120,7 @@ class BOTAN_DLL Path_Validation_Result Path_Validation_Result(std::vector<std::set<Certificate_Status_Code>> status, std::vector<X509_Certificate>&& cert_chain); - Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {} + explicit Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {} private: friend Path_Validation_Result BOTAN_DLL x509_path_validate( diff --git a/src/lib/cert/x509/x509self.cpp b/src/lib/cert/x509/x509self.cpp index 2f2f6a59f..7d1c01c37 100644 --- a/src/lib/cert/x509/x509self.cpp +++ b/src/lib/cert/x509/x509self.cpp @@ -126,7 +126,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .raw_bytes(pub_key) .start_explicit(0); - if(opts.challenge != "") + if(!opts.challenge.empty()) { ASN1_String challenge(opts.challenge, DIRECTORY_STRING); diff --git a/src/lib/compression/bzip2/bzip2.cpp b/src/lib/compression/bzip2/bzip2.cpp index 09cd05919..d9ada84f6 100644 --- a/src/lib/compression/bzip2/bzip2.cpp +++ b/src/lib/compression/bzip2/bzip2.cpp @@ -37,7 +37,7 @@ class Bzip2_Stream : public Zlib_Style_Stream<bz_stream, char> class Bzip2_Compression_Stream : public Bzip2_Stream { public: - Bzip2_Compression_Stream(size_t block_size) + explicit Bzip2_Compression_Stream(size_t block_size) { int rc = BZ2_bzCompressInit(streamp(), block_size, 0, 0); diff --git a/src/lib/compression/bzip2/bzip2.h b/src/lib/compression/bzip2/bzip2.h index ca0ac529b..06c80cb8e 100644 --- a/src/lib/compression/bzip2/bzip2.h +++ b/src/lib/compression/bzip2/bzip2.h @@ -16,7 +16,7 @@ namespace Botan { /** * Bzip2 Compression */ -class BOTAN_DLL Bzip2_Compression : public Stream_Compression +class BOTAN_DLL Bzip2_Compression final : public Stream_Compression { public: /** @@ -39,7 +39,7 @@ class BOTAN_DLL Bzip2_Compression : public Stream_Compression /** * Bzip2 Deccompression */ -class BOTAN_DLL Bzip2_Decompression : public Stream_Decompression +class BOTAN_DLL Bzip2_Decompression final : public Stream_Decompression { public: std::string name() const override { return "Bzip2_Decompression"; } diff --git a/src/lib/compression/compression.cpp b/src/lib/compression/compression.cpp index fc2c6192a..54faec7b8 100644 --- a/src/lib/compression/compression.cpp +++ b/src/lib/compression/compression.cpp @@ -14,10 +14,28 @@ namespace Botan { void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) { - const size_t total_sz = n * size; + const size_t total_size = n * size; + + BOTAN_ASSERT_EQUAL(total_size / size, n, "Overflow check"); + + // TODO maximum length check here? + + void* ptr = std::malloc(total_size); + + /* + * Return null rather than throwing here as we are being called by a + * C library and it may not be possible for an exception to unwind + * the call stack from here. The compression library is expecting a + * function written in C and a null return on error, which it will + * send upwards to the compression wrappers. + */ + + if(ptr) + { + std::memset(ptr, 0, total_size); + m_current_allocs[ptr] = total_size; + } - void* ptr = std::malloc(total_sz); - m_current_allocs[ptr] = total_sz; return ptr; } @@ -38,7 +56,7 @@ void Compression_Alloc_Info::do_free(void* ptr) namespace { -Compressor_Transform* do_make_compressor(const std::string& type, const std::string suffix) +Compressor_Transform* do_make_compressor(const std::string& type, const std::string& suffix) { const std::map<std::string, std::string> trans{ {"zlib", "Zlib"}, diff --git a/src/lib/compression/compression.h b/src/lib/compression/compression.h index 0a8079de8..66aaacdc4 100644 --- a/src/lib/compression/compression.h +++ b/src/lib/compression/compression.h @@ -58,16 +58,16 @@ class Compression_Stream class BOTAN_DLL Stream_Compression : public Compressor_Transform { public: - void update(secure_vector<byte>& buf, size_t offset = 0) override; + void update(secure_vector<byte>& buf, size_t offset = 0) final override; - void flush(secure_vector<byte>& buf, size_t offset = 0) override; + void flush(secure_vector<byte>& buf, size_t offset = 0) final override; - void finish(secure_vector<byte>& buf, size_t offset = 0) override; + void finish(secure_vector<byte>& buf, size_t offset = 0) final override; - void clear() override; + void clear() final override; private: - secure_vector<byte> start_raw(const byte[], size_t) override; + secure_vector<byte> start_raw(const byte[], size_t) final override; void process(secure_vector<byte>& buf, size_t offset, u32bit flags); @@ -80,14 +80,14 @@ class BOTAN_DLL Stream_Compression : public Compressor_Transform class BOTAN_DLL Stream_Decompression : public Compressor_Transform { public: - void update(secure_vector<byte>& buf, size_t offset = 0) override; + void update(secure_vector<byte>& buf, size_t offset = 0) final override; - void finish(secure_vector<byte>& buf, size_t offset = 0) override; + void finish(secure_vector<byte>& buf, size_t offset = 0) final override; - void clear() override; + void clear() final override; private: - secure_vector<byte> start_raw(const byte[], size_t) override; + secure_vector<byte> start_raw(const byte[], size_t) final override; void process(secure_vector<byte>& buf, size_t offset, u32bit flags); diff --git a/src/lib/compression/lzma/lzma.cpp b/src/lib/compression/lzma/lzma.cpp index 5998d1c8c..3cc03a098 100644 --- a/src/lib/compression/lzma/lzma.cpp +++ b/src/lib/compression/lzma/lzma.cpp @@ -56,7 +56,7 @@ class LZMA_Stream : public Zlib_Style_Stream<lzma_stream, byte> class LZMA_Compression_Stream : public LZMA_Stream { public: - LZMA_Compression_Stream(size_t level) + explicit LZMA_Compression_Stream(size_t level) { lzma_ret rc = ::lzma_easy_encoder(streamp(), level, LZMA_CHECK_CRC64); diff --git a/src/lib/compression/lzma/lzma.h b/src/lib/compression/lzma/lzma.h index 5f19c4b97..d9ea10091 100644 --- a/src/lib/compression/lzma/lzma.h +++ b/src/lib/compression/lzma/lzma.h @@ -17,7 +17,7 @@ namespace Botan { /** * LZMA Compression */ -class BOTAN_DLL LZMA_Compression : public Stream_Compression +class BOTAN_DLL LZMA_Compression final : public Stream_Compression { public: /** @@ -38,7 +38,7 @@ class BOTAN_DLL LZMA_Compression : public Stream_Compression /** * LZMA Deccompression */ -class BOTAN_DLL LZMA_Decompression : public Stream_Decompression +class BOTAN_DLL LZMA_Decompression final : public Stream_Decompression { public: std::string name() const override { return "LZMA_Decompression"; } diff --git a/src/lib/compression/zlib/zlib.cpp b/src/lib/compression/zlib/zlib.cpp index 8e1928826..6df5ee931 100644 --- a/src/lib/compression/zlib/zlib.cpp +++ b/src/lib/compression/zlib/zlib.cpp @@ -115,7 +115,7 @@ class Deflate_Compression_Stream : public Zlib_Compression_Stream class Deflate_Decompression_Stream : public Zlib_Decompression_Stream { public: - Deflate_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, -1) {} + explicit Deflate_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, -1) {} }; class Gzip_Compression_Stream : public Zlib_Compression_Stream @@ -140,7 +140,7 @@ class Gzip_Compression_Stream : public Zlib_Compression_Stream class Gzip_Decompression_Stream : public Zlib_Decompression_Stream { public: - Gzip_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, 16) {} + explicit Gzip_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, 16) {} }; } diff --git a/src/lib/compression/zlib/zlib.h b/src/lib/compression/zlib/zlib.h index 2437e6133..6a8cead14 100644 --- a/src/lib/compression/zlib/zlib.h +++ b/src/lib/compression/zlib/zlib.h @@ -16,7 +16,7 @@ namespace Botan { /** * Zlib Compression */ -class BOTAN_DLL Zlib_Compression : public Stream_Compression +class BOTAN_DLL Zlib_Compression final : public Stream_Compression { public: /** @@ -38,7 +38,7 @@ class BOTAN_DLL Zlib_Compression : public Stream_Compression /** * Zlib Decompression */ -class BOTAN_DLL Zlib_Decompression : public Stream_Decompression +class BOTAN_DLL Zlib_Decompression final : public Stream_Decompression { public: std::string name() const override { return "Zlib_Decompression"; } @@ -50,7 +50,7 @@ class BOTAN_DLL Zlib_Decompression : public Stream_Decompression /** * Deflate Compression */ -class BOTAN_DLL Deflate_Compression : public Stream_Compression +class BOTAN_DLL Deflate_Compression final : public Stream_Compression { public: /** @@ -71,7 +71,7 @@ class BOTAN_DLL Deflate_Compression : public Stream_Compression /** * Deflate Decompression */ -class BOTAN_DLL Deflate_Decompression : public Stream_Decompression +class BOTAN_DLL Deflate_Decompression final : public Stream_Decompression { public: std::string name() const override { return "Deflate_Decompression"; } @@ -83,7 +83,7 @@ class BOTAN_DLL Deflate_Decompression : public Stream_Decompression /** * Gzip Compression */ -class BOTAN_DLL Gzip_Compression : public Stream_Compression +class BOTAN_DLL Gzip_Compression final : public Stream_Compression { public: /** @@ -106,7 +106,7 @@ class BOTAN_DLL Gzip_Compression : public Stream_Compression /** * Gzip Decompression */ -class BOTAN_DLL Gzip_Decompression : public Stream_Decompression +class BOTAN_DLL Gzip_Decompression final : public Stream_Decompression { public: std::string name() const override { return "Gzip_Decompression"; } diff --git a/src/lib/entropy/beos_stats/es_beos.h b/src/lib/entropy/beos_stats/es_beos.h index db5824f6f..a5b90a607 100644 --- a/src/lib/entropy/beos_stats/es_beos.h +++ b/src/lib/entropy/beos_stats/es_beos.h @@ -15,7 +15,7 @@ namespace Botan { /** * BeOS Entropy Source */ -class BeOS_EntropySource : public Entropy_Source +class BeOS_EntropySource final : public Entropy_Source { private: std::string name() const override { return "system_stats"; } diff --git a/src/lib/entropy/cryptoapi_rng/es_capi.cpp b/src/lib/entropy/cryptoapi_rng/es_capi.cpp index 88c8488ad..c9d8fb7c4 100644 --- a/src/lib/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/lib/entropy/cryptoapi_rng/es_capi.cpp @@ -19,35 +19,35 @@ namespace { class CSP_Handle { public: - CSP_Handle(u64bit capi_provider) + explicit CSP_Handle(u64bit capi_provider) { - valid = false; + m_valid = false; DWORD prov_type = (DWORD)capi_provider; - if(CryptAcquireContext(&handle, 0, 0, + if(CryptAcquireContext(&m_handle, 0, 0, prov_type, CRYPT_VERIFYCONTEXT)) - valid = true; + m_valid = true; } ~CSP_Handle() { if(is_valid()) - CryptReleaseContext(handle, 0); + CryptReleaseContext(m_handle, 0); } size_t gen_random(byte out[], size_t n) const { - if(is_valid() && CryptGenRandom(handle, static_cast<DWORD>(n), out)) + if(is_valid() && CryptGenRandom(m_handle, static_cast<DWORD>(n), out)) return n; return 0; } - bool is_valid() const { return valid; } + bool is_valid() const { return m_valid; } - HCRYPTPROV get_handle() const { return handle; } + HCRYPTPROV get_handle() const { return m_handle; } private: - HCRYPTPROV handle; - bool valid; + HCRYPTPROV m_handle; + bool m_valid; }; } @@ -59,9 +59,9 @@ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) { secure_vector<byte>& buf = accum.get_io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); - for(size_t i = 0; i != prov_types.size(); ++i) + for(size_t i = 0; i != m_prov_types.size(); ++i) { - CSP_Handle csp(prov_types[i]); + CSP_Handle csp(m_prov_types[i]); if(size_t got = csp.gen_random(buf.data(), buf.size())) { @@ -80,14 +80,14 @@ Win32_CAPI_EntropySource::Win32_CAPI_EntropySource(const std::string& provs) for(size_t i = 0; i != capi_provs.size(); ++i) { - if(capi_provs[i] == "RSA_FULL") prov_types.push_back(PROV_RSA_FULL); - if(capi_provs[i] == "INTEL_SEC") prov_types.push_back(PROV_INTEL_SEC); - if(capi_provs[i] == "FORTEZZA") prov_types.push_back(PROV_FORTEZZA); - if(capi_provs[i] == "RNG") prov_types.push_back(PROV_RNG); + if(capi_provs[i] == "RSA_FULL") m_prov_types.push_back(PROV_RSA_FULL); + if(capi_provs[i] == "INTEL_SEC") m_prov_types.push_back(PROV_INTEL_SEC); + if(capi_provs[i] == "FORTEZZA") m_prov_types.push_back(PROV_FORTEZZA); + if(capi_provs[i] == "RNG") m_prov_types.push_back(PROV_RNG); } - if(prov_types.size() == 0) - prov_types.push_back(PROV_RSA_FULL); + if(m_prov_types.size() == 0) + m_prov_types.push_back(PROV_RSA_FULL); } } diff --git a/src/lib/entropy/cryptoapi_rng/es_capi.h b/src/lib/entropy/cryptoapi_rng/es_capi.h index eb63183e9..b1c60bfa1 100644 --- a/src/lib/entropy/cryptoapi_rng/es_capi.h +++ b/src/lib/entropy/cryptoapi_rng/es_capi.h @@ -16,7 +16,7 @@ namespace Botan { /** * Win32 CAPI Entropy Source */ -class Win32_CAPI_EntropySource : public Entropy_Source +class Win32_CAPI_EntropySource final : public Entropy_Source { public: std::string name() const override { return "win32_cryptoapi"; } @@ -27,9 +27,9 @@ class Win32_CAPI_EntropySource : public Entropy_Source * Win32_Capi_Entropysource Constructor * @param provs list of providers, separated by ':' */ - Win32_CAPI_EntropySource(const std::string& provs = ""); + explicit Win32_CAPI_EntropySource(const std::string& provs = ""); private: - std::vector<u64bit> prov_types; + std::vector<u64bit> m_prov_types; }; } diff --git a/src/lib/entropy/darwin_secrandom/darwin_secrandom.h b/src/lib/entropy/darwin_secrandom/darwin_secrandom.h index 970cd7941..09cdc208d 100644 --- a/src/lib/entropy/darwin_secrandom/darwin_secrandom.h +++ b/src/lib/entropy/darwin_secrandom/darwin_secrandom.h @@ -15,7 +15,7 @@ namespace Botan { /** * Entropy source using SecRandomCopyBytes from Darwin's Security.framework */ -class Darwin_SecRandom : public Entropy_Source +class Darwin_SecRandom final : public Entropy_Source { public: std::string name() const override { return "darwin_secrandom"; } diff --git a/src/lib/entropy/dev_random/dev_random.h b/src/lib/entropy/dev_random/dev_random.h index f634cf16c..1f29b2f64 100644 --- a/src/lib/entropy/dev_random/dev_random.h +++ b/src/lib/entropy/dev_random/dev_random.h @@ -17,7 +17,7 @@ namespace Botan { /** * Entropy source reading from kernel devices like /dev/random */ -class Device_EntropySource : public Entropy_Source +class Device_EntropySource final : public Entropy_Source { public: std::string name() const override { return "dev_random"; } diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp index ba43cc86d..9bc6de6fe 100644 --- a/src/lib/entropy/egd/es_egd.cpp +++ b/src/lib/entropy/egd/es_egd.cpp @@ -25,7 +25,7 @@ namespace Botan { EGD_EntropySource::EGD_Socket::EGD_Socket(const std::string& path) : - socket_path(path), m_fd(-1) + m_socket_path(path), m_fd(-1) { } @@ -69,7 +69,7 @@ size_t EGD_EntropySource::EGD_Socket::read(byte outbuf[], size_t length) if(m_fd < 0) { - m_fd = open_socket(socket_path); + m_fd = open_socket(m_socket_path); if(m_fd < 0) return 0; } @@ -121,14 +121,14 @@ void EGD_EntropySource::EGD_Socket::close() EGD_EntropySource::EGD_EntropySource(const std::vector<std::string>& paths) { for(size_t i = 0; i != paths.size(); ++i) - sockets.push_back(EGD_Socket(paths[i])); + m_sockets.push_back(EGD_Socket(paths[i])); } EGD_EntropySource::~EGD_EntropySource() { - for(size_t i = 0; i != sockets.size(); ++i) - sockets[i].close(); - sockets.clear(); + for(size_t i = 0; i != m_sockets.size(); ++i) + m_sockets[i].close(); + m_sockets.clear(); } /** @@ -140,9 +140,9 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) secure_vector<byte>& buf = accum.get_io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); - for(size_t i = 0; i != sockets.size(); ++i) + for(size_t i = 0; i != m_sockets.size(); ++i) { - size_t got = sockets[i].read(buf.data(), buf.size()); + size_t got = m_sockets[i].read(buf.data(), buf.size()); if(got) { diff --git a/src/lib/entropy/egd/es_egd.h b/src/lib/entropy/egd/es_egd.h index 0b497a8bd..1a624713a 100644 --- a/src/lib/entropy/egd/es_egd.h +++ b/src/lib/entropy/egd/es_egd.h @@ -18,7 +18,7 @@ namespace Botan { /** * EGD Entropy Source */ -class EGD_EntropySource : public Entropy_Source +class EGD_EntropySource final : public Entropy_Source { public: std::string name() const override { return "egd"; } @@ -38,12 +38,12 @@ class EGD_EntropySource : public Entropy_Source private: static int open_socket(const std::string& path); - std::string socket_path; + std::string m_socket_path; int m_fd; // cached fd }; std::mutex m_mutex; - std::vector<EGD_Socket> sockets; + std::vector<EGD_Socket> m_sockets; }; } diff --git a/src/lib/entropy/entropy_src.h b/src/lib/entropy/entropy_src.h index 0f4c38358..539df809a 100644 --- a/src/lib/entropy/entropy_src.h +++ b/src/lib/entropy/entropy_src.h @@ -17,7 +17,7 @@ namespace Botan { /** * Class used to accumulate the poll results of EntropySources */ -class BOTAN_DLL Entropy_Accumulator +class BOTAN_DLL Entropy_Accumulator final { public: /** @@ -30,11 +30,9 @@ class BOTAN_DLL Entropy_Accumulator * still be called again a few more times, and should be careful to return * true then as well. */ - Entropy_Accumulator(std::function<bool (const byte[], size_t, double)> accum) : + explicit Entropy_Accumulator(std::function<bool (const byte[], size_t, double)> accum) : m_accum_fn(accum) {} - virtual ~Entropy_Accumulator() {} - /** * @return if our polling goal has been achieved */ @@ -102,7 +100,7 @@ class BOTAN_DLL Entropy_Source virtual ~Entropy_Source() {} }; -class BOTAN_DLL Entropy_Sources +class BOTAN_DLL Entropy_Sources final { public: static Entropy_Sources& global_sources(); @@ -115,7 +113,7 @@ class BOTAN_DLL Entropy_Sources bool poll_just(Entropy_Accumulator& accum, const std::string& src); Entropy_Sources() {} - Entropy_Sources(const std::vector<std::string>& sources); + explicit Entropy_Sources(const std::vector<std::string>& sources); ~Entropy_Sources(); private: diff --git a/src/lib/entropy/hres_timer/hres_timer.cpp b/src/lib/entropy/hres_timer/hres_timer.cpp index 0b39c935a..e2a5ddbef 100644 --- a/src/lib/entropy/hres_timer/hres_timer.cpp +++ b/src/lib/entropy/hres_timer/hres_timer.cpp @@ -1,19 +1,12 @@ /* * High Resolution Timestamp Entropy Source -* (C) 1999-2009,2011,2014 Jack Lloyd +* (C) 1999-2009,2011,2014,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/internal/hres_timer.h> -#include <botan/cpuid.h> -#include <chrono> - -#if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER) - #include <windows.h> - #undef min - #undef max -#endif +#include <botan/internal/os_utils.h> #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) #include <time.h> @@ -26,6 +19,10 @@ namespace Botan { */ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) { + accum.add(OS::get_processor_timestamp(), BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); + + accum.add(OS::get_system_timestamp_ns(), BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); + #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) #define CLOCK_GETTIME_POLL(src) \ @@ -57,65 +54,6 @@ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) #undef CLOCK_GETTIME_POLL -#else - -#define STD_CHRONO_POLL(clock) \ - do { \ - auto timestamp = clock::now().time_since_epoch().count(); \ - accum.add(timestamp, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); \ - } while(0) - - STD_CHRONO_POLL(std::chrono::high_resolution_clock); - STD_CHRONO_POLL(std::chrono::system_clock); - -#undef STD_CHRONO_POLL - -#endif - -#if defined(BOTAN_USE_GCC_INLINE_ASM) - - u64bit rtc = 0; - -#if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) - if(CPUID::has_rdtsc()) // not availble on all x86 CPUs - { - u32bit rtc_low = 0, rtc_high = 0; - asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); - rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; - } - -#elif defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) - u32bit rtc_low = 0, rtc_high = 0; - asm volatile("mftbu %0; mftb %1" : "=r" (rtc_high), "=r" (rtc_low)); - rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; - -#elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) - asm volatile("rpcc %0" : "=r" (rtc)); - -#elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) - asm volatile("rd %%tick, %0" : "=r" (rtc)); - -#elif defined(BOTAN_TARGET_ARCH_IS_IA64) - asm volatile("mov %0=ar.itc" : "=r" (rtc)); - -#elif defined(BOTAN_TARGET_ARCH_IS_S390X) - asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); - -#elif defined(BOTAN_TARGET_ARCH_IS_HPPA) - asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? - -#endif - - accum.add(rtc, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); - -#endif - -#if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER) - { - LARGE_INTEGER tv; - ::QueryPerformanceCounter(&tv); - accum.add(tv.QuadPart, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); - } #endif } diff --git a/src/lib/entropy/hres_timer/hres_timer.h b/src/lib/entropy/hres_timer/hres_timer.h index 93ced283a..d297a87b1 100644 --- a/src/lib/entropy/hres_timer/hres_timer.h +++ b/src/lib/entropy/hres_timer/hres_timer.h @@ -18,7 +18,7 @@ namespace Botan { * @note Any results from timers are marked as not contributing entropy * to the poll, as a local attacker could observe them directly. */ -class High_Resolution_Timestamp : public Entropy_Source +class High_Resolution_Timestamp final : public Entropy_Source { public: std::string name() const override { return "timestamp"; } diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp index 7ef6a8e26..c59a8227b 100644 --- a/src/lib/entropy/proc_walk/proc_walk.cpp +++ b/src/lib/entropy/proc_walk/proc_walk.cpp @@ -28,7 +28,7 @@ namespace { class Directory_Walker : public File_Descriptor_Source { public: - Directory_Walker(const std::string& root) : + explicit Directory_Walker(const std::string& root) : m_cur_dir(std::make_pair<DIR*, std::string>(nullptr, "")) { if(DIR* root_dir = ::opendir(root.c_str())) diff --git a/src/lib/entropy/proc_walk/proc_walk.h b/src/lib/entropy/proc_walk/proc_walk.h index b67f71111..f6db8185a 100644 --- a/src/lib/entropy/proc_walk/proc_walk.h +++ b/src/lib/entropy/proc_walk/proc_walk.h @@ -23,7 +23,7 @@ class File_Descriptor_Source /** * File Tree Walking Entropy Source */ -class ProcWalking_EntropySource : public Entropy_Source +class ProcWalking_EntropySource final : public Entropy_Source { public: std::string name() const override { return "proc_walk"; } diff --git a/src/lib/entropy/rdrand/rdrand.h b/src/lib/entropy/rdrand/rdrand.h index 1fa928641..48d090775 100644 --- a/src/lib/entropy/rdrand/rdrand.h +++ b/src/lib/entropy/rdrand/rdrand.h @@ -16,7 +16,7 @@ namespace Botan { * Entropy source using the rdrand instruction first introduced on * Intel's Ivy Bridge architecture. */ -class Intel_Rdrand : public Entropy_Source +class Intel_Rdrand final : public Entropy_Source { public: std::string name() const override { return "rdrand"; } diff --git a/src/lib/entropy/rdseed/rdseed.h b/src/lib/entropy/rdseed/rdseed.h index 0f39250a1..f86c32768 100644 --- a/src/lib/entropy/rdseed/rdseed.h +++ b/src/lib/entropy/rdseed/rdseed.h @@ -16,7 +16,7 @@ namespace Botan { * Entropy source using the rdseed instruction first introduced on * Intel's Broadwell architecture. */ -class Intel_Rdseed : public Entropy_Source +class Intel_Rdseed final : public Entropy_Source { public: std::string name() const override { return "rdseed"; } diff --git a/src/lib/entropy/unix_procs/unix_procs.h b/src/lib/entropy/unix_procs/unix_procs.h index bc2fd87d1..e1749af5f 100644 --- a/src/lib/entropy/unix_procs/unix_procs.h +++ b/src/lib/entropy/unix_procs/unix_procs.h @@ -20,7 +20,7 @@ namespace Botan { * effective against local attackers as they can sample from the same * distribution. */ -class Unix_EntropySource : public Entropy_Source +class Unix_EntropySource final : public Entropy_Source { public: std::string name() const override { return "unix_procs"; } @@ -78,7 +78,7 @@ class Unix_EntropySource : public Entropy_Source secure_vector<byte> m_buf; }; -class UnixProcessInfo_EntropySource : public Entropy_Source +class UnixProcessInfo_EntropySource final : public Entropy_Source { public: std::string name() const override { return "proc_info"; } diff --git a/src/lib/entropy/win32_stats/es_win32.cpp b/src/lib/entropy/win32_stats/es_win32.cpp index 52bb24136..ce0edea83 100644 --- a/src/lib/entropy/win32_stats/es_win32.cpp +++ b/src/lib/entropy/win32_stats/es_win32.cpp @@ -32,8 +32,8 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) GetSystemInfo(&sys_info); accum.add(sys_info, BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); - MEMORYSTATUS mem_info; - GlobalMemoryStatus(&mem_info); + MEMORYSTATUSEX mem_info; + GlobalMemoryStatusEx(&mem_info); accum.add(mem_info, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); POINT point; @@ -43,10 +43,6 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) GetCaretPos(&point); accum.add(point, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); - LARGE_INTEGER perf_counter; - QueryPerformanceCounter(&perf_counter); - accum.add(perf_counter, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); - /* Now use the Tooltip library to iterate throug various objects on the system, including processes, threads, and heap objects. @@ -76,7 +72,6 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(!accum.polling_finished()) { - size_t heap_lists_found = 0; HEAPLIST32 heap_list; heap_list.dwSize = sizeof(HEAPLIST32); @@ -85,6 +80,7 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(Heap32ListFirst(snapshot, &heap_list)) { + size_t heap_lists_found = 0; do { accum.add(heap_list, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); @@ -92,12 +88,12 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(++heap_lists_found > HEAP_LISTS_MAX) break; - size_t heap_objs_found = 0; HEAPENTRY32 heap_entry; heap_entry.dwSize = sizeof(HEAPENTRY32); if(Heap32First(&heap_entry, heap_list.th32ProcessID, heap_list.th32HeapID)) { + size_t heap_objs_found = 0; do { if(heap_objs_found++ > HEAP_OBJS_PER_LIST) diff --git a/src/lib/entropy/win32_stats/es_win32.h b/src/lib/entropy/win32_stats/es_win32.h index 958a79e19..5dc3f7f17 100644 --- a/src/lib/entropy/win32_stats/es_win32.h +++ b/src/lib/entropy/win32_stats/es_win32.h @@ -15,7 +15,7 @@ namespace Botan { /** * Win32 Entropy Source */ -class Win32_EntropySource : public Entropy_Source +class Win32_EntropySource final : public Entropy_Source { public: std::string name() const override { return "system_stats"; } diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index 48591a774..11084ae50 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -65,7 +65,7 @@ namespace { class FFI_Error : public Botan::Exception { public: - FFI_Error(const std::string& what) : Exception("FFI error", what) {} + explicit FFI_Error(const std::string& what) : Exception("FFI error", what) {} }; template<typename T, uint32_t MAGIC> @@ -167,7 +167,7 @@ inline int write_str_output(char out[], size_t* out_len, const std::string& str) return write_str_output(reinterpret_cast<uint8_t*>(out), out_len, str); } -#define BOTAN_FFI_DO(T, obj, block) apply_fn(obj, BOTAN_CURRENT_FUNCTION, [=](T& obj) { do { block } while(0); return 0; }) +#define BOTAN_FFI_DO(T, obj, param, block) apply_fn(obj, BOTAN_CURRENT_FUNCTION, [=](T& param) { do { block } while(0); return 0; }) } @@ -282,12 +282,12 @@ int botan_rng_destroy(botan_rng_t rng) int botan_rng_get(botan_rng_t rng, uint8_t* out, size_t out_len) { - return BOTAN_FFI_DO(Botan::RandomNumberGenerator, rng, { rng.randomize(out, out_len); }); + return BOTAN_FFI_DO(Botan::RandomNumberGenerator, rng, r, { r.randomize(out, out_len); }); } int botan_rng_reseed(botan_rng_t rng, size_t bits) { - return BOTAN_FFI_DO(Botan::RandomNumberGenerator, rng, { rng.reseed(bits); }); + return BOTAN_FFI_DO(Botan::RandomNumberGenerator, rng, r, { r.reseed(bits); }); } int botan_hash_init(botan_hash_t* hash, const char* hash_name, uint32_t flags) @@ -326,22 +326,22 @@ int botan_hash_destroy(botan_hash_t hash) int botan_hash_output_length(botan_hash_t hash, size_t* out) { - return BOTAN_FFI_DO(Botan::HashFunction, hash, { *out = hash.output_length(); }); + return BOTAN_FFI_DO(Botan::HashFunction, hash, h, { *out = h.output_length(); }); } int botan_hash_clear(botan_hash_t hash) { - return BOTAN_FFI_DO(Botan::HashFunction, hash, { hash.clear(); }); + return BOTAN_FFI_DO(Botan::HashFunction, hash, h, { h.clear(); }); } int botan_hash_update(botan_hash_t hash, const uint8_t* buf, size_t len) { - return BOTAN_FFI_DO(Botan::HashFunction, hash, { hash.update(buf, len); }); + return BOTAN_FFI_DO(Botan::HashFunction, hash, h, { h.update(buf, len); }); } int botan_hash_final(botan_hash_t hash, uint8_t out[]) { - return BOTAN_FFI_DO(Botan::HashFunction, hash, { hash.final(out); }); + return BOTAN_FFI_DO(Botan::HashFunction, hash, h, { h.final(out); }); } int botan_mac_init(botan_mac_t* mac, const char* mac_name, uint32_t flags) @@ -378,27 +378,27 @@ int botan_mac_destroy(botan_mac_t mac) int botan_mac_set_key(botan_mac_t mac, const uint8_t* key, size_t key_len) { - return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, { mac.set_key(key, key_len); }); + return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, m, { m.set_key(key, key_len); }); } int botan_mac_output_length(botan_mac_t mac, size_t* out) { - return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, { *out = mac.output_length(); }); + return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, m, { *out = m.output_length(); }); } int botan_mac_clear(botan_mac_t mac) { - return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, { mac.clear(); }); + return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, m, { m.clear(); }); } int botan_mac_update(botan_mac_t mac, const uint8_t* buf, size_t len) { - return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, { mac.update(buf, len); }); + return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, m, { m.update(buf, len); }); } int botan_mac_final(botan_mac_t mac, uint8_t out[]) { - return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, { mac.final(out); }); + return BOTAN_FFI_DO(Botan::MessageAuthenticationCode, mac, m, { m.final(out); }); } int botan_cipher_init(botan_cipher_t* cipher, const char* cipher_name, uint32_t flags) @@ -433,23 +433,23 @@ int botan_cipher_destroy(botan_cipher_t cipher) int botan_cipher_clear(botan_cipher_t cipher) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { cipher.clear(); }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { c.clear(); }); } int botan_cipher_query_keylen(botan_cipher_t cipher, size_t* out_minimum_keylength, size_t* out_maximum_keylength) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { - *out_minimum_keylength = cipher.key_spec().minimum_keylength(); - *out_maximum_keylength = cipher.key_spec().maximum_keylength(); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { + *out_minimum_keylength = c.key_spec().minimum_keylength(); + *out_maximum_keylength = c.key_spec().maximum_keylength(); }); } int botan_cipher_set_key(botan_cipher_t cipher, const uint8_t* key, size_t key_len) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { cipher.set_key(key, key_len); }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { c.set_key(key, key_len); }); } int botan_cipher_start(botan_cipher_t cipher_obj, @@ -579,8 +579,8 @@ int botan_cipher_set_associated_data(botan_cipher_t cipher, const uint8_t* ad, size_t ad_len) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { - if(Botan::AEAD_Mode* aead = dynamic_cast<Botan::AEAD_Mode*>(&cipher)) + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { + if(Botan::AEAD_Mode* aead = dynamic_cast<Botan::AEAD_Mode*>(&c)) { aead->set_associated_data(ad, ad_len); return 0; @@ -591,22 +591,22 @@ int botan_cipher_set_associated_data(botan_cipher_t cipher, int botan_cipher_valid_nonce_length(botan_cipher_t cipher, size_t nl) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { return cipher.valid_nonce_length(nl) ? 1 : 0; }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { return c.valid_nonce_length(nl) ? 1 : 0; }); } int botan_cipher_get_default_nonce_length(botan_cipher_t cipher, size_t* nl) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { *nl = cipher.default_nonce_length(); }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { *nl = c.default_nonce_length(); }); } int botan_cipher_get_update_granularity(botan_cipher_t cipher, size_t* ug) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { *ug = cipher.update_granularity(); }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { *ug = c.update_granularity(); }); } int botan_cipher_get_tag_length(botan_cipher_t cipher, size_t* tl) { - return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, { *tl = cipher.tag_size(); }); + return BOTAN_FFI_DO(Botan::Cipher_Mode, cipher, c, { *tl = c.tag_size(); }); } int botan_pbkdf(const char* pbkdf_algo, uint8_t out[], size_t out_len, @@ -909,16 +909,16 @@ int botan_privkey_export_pubkey(botan_pubkey_t* pubout, botan_privkey_t key_obj) int botan_pubkey_algo_name(botan_pubkey_t key, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::Public_Key, key, { return write_str_output(out, out_len, key.algo_name()); }); + return BOTAN_FFI_DO(Botan::Public_Key, key, k, { return write_str_output(out, out_len, k.algo_name()); }); } int botan_pubkey_export(botan_pubkey_t key, uint8_t out[], size_t* out_len, uint32_t flags) { - return BOTAN_FFI_DO(Botan::Public_Key, key, { + return BOTAN_FFI_DO(Botan::Public_Key, key, k, { if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER) - return write_vec_output(out, out_len, Botan::X509::BER_encode(key)); + return write_vec_output(out, out_len, Botan::X509::BER_encode(k)); else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM) - return write_str_output(out, out_len, Botan::X509::PEM_encode(key)); + return write_str_output(out, out_len, Botan::X509::PEM_encode(k)); else return -2; }); @@ -926,11 +926,11 @@ int botan_pubkey_export(botan_pubkey_t key, uint8_t out[], size_t* out_len, uint int botan_privkey_export(botan_privkey_t key, uint8_t out[], size_t* out_len, uint32_t flags) { - return BOTAN_FFI_DO(Botan::Private_Key, key, { + return BOTAN_FFI_DO(Botan::Private_Key, key, k, { if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER) - return write_vec_output(out, out_len, Botan::PKCS8::BER_encode(key)); + return write_vec_output(out, out_len, Botan::PKCS8::BER_encode(k)); else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM) - return write_str_output(out, out_len, Botan::PKCS8::PEM_encode(key)); + return write_str_output(out, out_len, Botan::PKCS8::PEM_encode(k)); else return -2; }); @@ -943,14 +943,14 @@ int botan_privkey_export_encrypted(botan_privkey_t key, const char* pbe, uint32_t flags) { - return BOTAN_FFI_DO(Botan::Private_Key, key, { + return BOTAN_FFI_DO(Botan::Private_Key, key, k, { auto pbkdf_time = std::chrono::milliseconds(300); Botan::RandomNumberGenerator& rng = safe_get(rng_obj); if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER) - return write_vec_output(out, out_len, Botan::PKCS8::BER_encode(key, rng, pass, pbkdf_time, pbe)); + return write_vec_output(out, out_len, Botan::PKCS8::BER_encode(k, rng, pass, pbkdf_time, pbe)); else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM) - return write_str_output(out, out_len, Botan::PKCS8::PEM_encode(key, rng, pass, pbkdf_time, pbe)); + return write_str_output(out, out_len, Botan::PKCS8::PEM_encode(k, rng, pass, pbkdf_time, pbe)); else return -2; }); @@ -958,15 +958,15 @@ int botan_privkey_export_encrypted(botan_privkey_t key, int botan_pubkey_estimated_strength(botan_pubkey_t key, size_t* estimate) { - return BOTAN_FFI_DO(Botan::Public_Key, key, { *estimate = key.estimated_strength(); }); + return BOTAN_FFI_DO(Botan::Public_Key, key, k, { *estimate = k.estimated_strength(); }); } int botan_pubkey_fingerprint(botan_pubkey_t key, const char* hash_fn, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::Public_Key, key, { + return BOTAN_FFI_DO(Botan::Public_Key, key, k, { std::unique_ptr<Botan::HashFunction> h(Botan::HashFunction::create(hash_fn)); - return write_vec_output(out, out_len, h->process(key.x509_subject_public_key())); + return write_vec_output(out, out_len, h->process(k.x509_subject_public_key())); }); } @@ -1007,8 +1007,8 @@ int botan_pk_op_encrypt(botan_pk_op_encrypt_t op, uint8_t out[], size_t* out_len, const uint8_t plaintext[], size_t plaintext_len) { - return BOTAN_FFI_DO(Botan::PK_Encryptor, op, { - return write_vec_output(out, out_len, op.encrypt(plaintext, plaintext_len, safe_get(rng_obj))); + return BOTAN_FFI_DO(Botan::PK_Encryptor, op, o, { + return write_vec_output(out, out_len, o.encrypt(plaintext, plaintext_len, safe_get(rng_obj))); }); } @@ -1051,8 +1051,8 @@ int botan_pk_op_decrypt(botan_pk_op_decrypt_t op, uint8_t out[], size_t* out_len, uint8_t ciphertext[], size_t ciphertext_len) { - return BOTAN_FFI_DO(Botan::PK_Decryptor, op, { - return write_vec_output(out, out_len, op.decrypt(ciphertext, ciphertext_len)); + return BOTAN_FFI_DO(Botan::PK_Decryptor, op, o, { + return write_vec_output(out, out_len, o.decrypt(ciphertext, ciphertext_len)); }); } @@ -1093,13 +1093,13 @@ int botan_pk_op_sign_destroy(botan_pk_op_sign_t op) int botan_pk_op_sign_update(botan_pk_op_sign_t op, const uint8_t in[], size_t in_len) { - return BOTAN_FFI_DO(Botan::PK_Signer, op, { op.update(in, in_len); }); + return BOTAN_FFI_DO(Botan::PK_Signer, op, o, { o.update(in, in_len); }); } int botan_pk_op_sign_finish(botan_pk_op_sign_t op, botan_rng_t rng_obj, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::PK_Signer, op, { - return write_vec_output(out, out_len, op.signature(safe_get(rng_obj))); + return BOTAN_FFI_DO(Botan::PK_Signer, op, o, { + return write_vec_output(out, out_len, o.signature(safe_get(rng_obj))); }); } @@ -1135,13 +1135,13 @@ int botan_pk_op_verify_destroy(botan_pk_op_verify_t op) int botan_pk_op_verify_update(botan_pk_op_verify_t op, const uint8_t in[], size_t in_len) { - return BOTAN_FFI_DO(Botan::PK_Verifier, op, { op.update(in, in_len); }); + return BOTAN_FFI_DO(Botan::PK_Verifier, op, o, { o.update(in, in_len); }); } int botan_pk_op_verify_finish(botan_pk_op_verify_t op, const uint8_t sig[], size_t sig_len) { - return BOTAN_FFI_DO(Botan::PK_Verifier, op, { - const bool legit = op.check_signature(sig, sig_len); + return BOTAN_FFI_DO(Botan::PK_Verifier, op, o, { + const bool legit = o.check_signature(sig, sig_len); if(legit) return 0; @@ -1185,8 +1185,8 @@ int botan_pk_op_key_agreement_destroy(botan_pk_op_ka_t op) int botan_pk_op_key_agreement_export_public(botan_privkey_t key, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::Private_Key, key, { - if(auto kak = dynamic_cast<const Botan::PK_Key_Agreement_Key*>(&key)) + return BOTAN_FFI_DO(Botan::Private_Key, key, k, { + if(auto kak = dynamic_cast<const Botan::PK_Key_Agreement_Key*>(&k)) return write_vec_output(out, out_len, kak->public_value()); return -2; }); @@ -1197,8 +1197,8 @@ int botan_pk_op_key_agreement(botan_pk_op_ka_t op, const uint8_t other_key[], size_t other_key_len, const uint8_t salt[], size_t salt_len) { - return BOTAN_FFI_DO(Botan::PK_Key_Agreement, op, { - auto k = op.derive_key(*out_len, other_key, other_key_len, salt, salt_len).bits_of(); + return BOTAN_FFI_DO(Botan::PK_Key_Agreement, op, o, { + auto k = o.derive_key(*out_len, other_key, other_key_len, salt, salt_len).bits_of(); return write_vec_output(out, out_len, k); }); } @@ -1268,37 +1268,37 @@ int botan_x509_cert_destroy(botan_x509_cert_t cert) int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.start_time()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.start_time()); }); } int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.end_time()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.end_time()); }); } int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.serial_number()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.serial_number()); }); } int botan_x509_cert_get_fingerprint(botan_x509_cert_t cert, const char* hash, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.fingerprint(hash)); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.fingerprint(hash)); }); } int botan_x509_cert_get_authority_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.authority_key_id()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.authority_key_id()); }); } int botan_x509_cert_get_subject_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.subject_key_id()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_key_id()); }); } int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.subject_public_key_bits()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_public_key_bits()); }); } @@ -1310,34 +1310,53 @@ int botan_x509_cert_path_verify(botan_x509_cert_t cert, const char* dir) int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key) { + try + { + if(key == nullptr) + return -1; + + *key = nullptr; + +#if defined(BOTAN_HAS_RSA) + std::unique_ptr<Botan::Public_Key> publicKey(safe_get(cert).subject_public_key()); + *key = new botan_pubkey_struct(publicKey.release()); + return 0; +#else return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; - //return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.subject_public_key_bits()); }); +#endif + } + catch(std::exception& e) + { + log_exception(BOTAN_CURRENT_FUNCTION, e.what()); + } + + return BOTAN_FFI_ERROR_EXCEPTION_THROWN; } int botan_x509_cert_get_issuer_dn(botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.issuer_info(key).at(index)); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.issuer_info(key).at(index)); }); } int botan_x509_cert_get_subject_dn(botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.subject_info(key).at(index)); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.subject_info(key).at(index)); }); } int botan_x509_cert_to_string(botan_x509_cert_t cert, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_str_output(out, out_len, cert.to_string()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.to_string()); }); } int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage); - if(cert.allowed_usage(k)) + if(c.allowed_usage(k)) return 0; return 1; }); diff --git a/src/lib/filters/basefilt.h b/src/lib/filters/basefilt.h index 36c5201a1..c065fae0e 100644 --- a/src/lib/filters/basefilt.h +++ b/src/lib/filters/basefilt.h @@ -17,7 +17,7 @@ namespace Botan { /** * BitBucket is a filter which simply discards all inputs */ -struct BOTAN_DLL BitBucket : public Filter +struct BOTAN_DLL BitBucket final : public Filter { void write(const byte[], size_t) override {} diff --git a/src/lib/filters/buf_filt.cpp b/src/lib/filters/buf_filt.cpp index 6fb367e5f..9306c1ef8 100644 --- a/src/lib/filters/buf_filt.cpp +++ b/src/lib/filters/buf_filt.cpp @@ -16,16 +16,16 @@ namespace Botan { * Buffered_Filter Constructor */ Buffered_Filter::Buffered_Filter(size_t b, size_t f) : - main_block_mod(b), final_minimum(f) + m_main_block_mod(b), m_final_minimum(f) { - if(main_block_mod == 0) - throw Invalid_Argument("main_block_mod == 0"); + if(m_main_block_mod == 0) + throw Invalid_Argument("m_main_block_mod == 0"); - if(final_minimum > main_block_mod) - throw Invalid_Argument("final_minimum > main_block_mod"); + if(m_final_minimum > m_main_block_mod) + throw Invalid_Argument("m_final_minimum > m_main_block_mod"); - buffer.resize(2 * main_block_mod); - buffer_pos = 0; + m_buffer.resize(2 * m_main_block_mod); + m_buffer_pos = 0; } /* @@ -36,32 +36,32 @@ void Buffered_Filter::write(const byte input[], size_t input_size) if(!input_size) return; - if(buffer_pos + input_size >= main_block_mod + final_minimum) + if(m_buffer_pos + input_size >= m_main_block_mod + m_final_minimum) { - size_t to_copy = std::min<size_t>(buffer.size() - buffer_pos, input_size); + size_t to_copy = std::min<size_t>(m_buffer.size() - m_buffer_pos, input_size); - copy_mem(&buffer[buffer_pos], input, to_copy); - buffer_pos += to_copy; + copy_mem(&m_buffer[m_buffer_pos], input, to_copy); + m_buffer_pos += to_copy; input += to_copy; input_size -= to_copy; size_t total_to_consume = - round_down(std::min(buffer_pos, - buffer_pos + input_size - final_minimum), - main_block_mod); + round_down(std::min(m_buffer_pos, + m_buffer_pos + input_size - m_final_minimum), + m_main_block_mod); - buffered_block(buffer.data(), total_to_consume); + buffered_block(m_buffer.data(), total_to_consume); - buffer_pos -= total_to_consume; + m_buffer_pos -= total_to_consume; - copy_mem(buffer.data(), buffer.data() + total_to_consume, buffer_pos); + copy_mem(m_buffer.data(), m_buffer.data() + total_to_consume, m_buffer_pos); } - if(input_size >= final_minimum) + if(input_size >= m_final_minimum) { - size_t full_blocks = (input_size - final_minimum) / main_block_mod; - size_t to_copy = full_blocks * main_block_mod; + size_t full_blocks = (input_size - m_final_minimum) / m_main_block_mod; + size_t to_copy = full_blocks * m_main_block_mod; if(to_copy) { @@ -72,8 +72,8 @@ void Buffered_Filter::write(const byte input[], size_t input_size) } } - copy_mem(&buffer[buffer_pos], input, input_size); - buffer_pos += input_size; + copy_mem(&m_buffer[m_buffer_pos], input, input_size); + m_buffer_pos += input_size; } /* @@ -81,23 +81,23 @@ void Buffered_Filter::write(const byte input[], size_t input_size) */ void Buffered_Filter::end_msg() { - if(buffer_pos < final_minimum) + if(m_buffer_pos < m_final_minimum) throw Exception("Buffered filter end_msg without enough input"); - size_t spare_blocks = (buffer_pos - final_minimum) / main_block_mod; + size_t spare_blocks = (m_buffer_pos - m_final_minimum) / m_main_block_mod; if(spare_blocks) { - size_t spare_bytes = main_block_mod * spare_blocks; - buffered_block(buffer.data(), spare_bytes); - buffered_final(&buffer[spare_bytes], buffer_pos - spare_bytes); + size_t spare_bytes = m_main_block_mod * spare_blocks; + buffered_block(m_buffer.data(), spare_bytes); + buffered_final(&m_buffer[spare_bytes], m_buffer_pos - spare_bytes); } else { - buffered_final(buffer.data(), buffer_pos); + buffered_final(m_buffer.data(), m_buffer_pos); } - buffer_pos = 0; + m_buffer_pos = 0; } } diff --git a/src/lib/filters/buf_filt.h b/src/lib/filters/buf_filt.h index f9d996ab0..2ec7c4d30 100644 --- a/src/lib/filters/buf_filt.h +++ b/src/lib/filters/buf_filt.h @@ -70,22 +70,22 @@ class BOTAN_DLL Buffered_Filter /** * @return block size of inputs */ - size_t buffered_block_size() const { return main_block_mod; } + size_t buffered_block_size() const { return m_main_block_mod; } /** * @return current position in the buffer */ - size_t current_position() const { return buffer_pos; } + size_t current_position() const { return m_buffer_pos; } /** * Reset the buffer position */ - void buffer_reset() { buffer_pos = 0; } + void buffer_reset() { m_buffer_pos = 0; } private: - size_t main_block_mod, final_minimum; + size_t m_main_block_mod, m_final_minimum; - secure_vector<byte> buffer; - size_t buffer_pos; + secure_vector<byte> m_buffer; + size_t m_buffer_pos; }; } diff --git a/src/lib/filters/codec_filt/b64_filt.cpp b/src/lib/filters/codec_filt/b64_filt.cpp index a4656dbe6..fe6314d52 100644 --- a/src/lib/filters/codec_filt/b64_filt.cpp +++ b/src/lib/filters/codec_filt/b64_filt.cpp @@ -17,12 +17,12 @@ namespace Botan { * Base64_Encoder Constructor */ Base64_Encoder::Base64_Encoder(bool breaks, size_t length, bool t_n) : - line_length(breaks ? length : 0), - trailing_newline(t_n && breaks), - in(48), - out(64), - position(0), - out_position(0) + m_line_length(breaks ? length : 0), + m_trailing_newline(t_n && breaks), + m_in(48), + m_out(64), + m_position(0), + m_out_position(0) { } @@ -34,13 +34,13 @@ void Base64_Encoder::encode_and_send(const byte input[], size_t length, { while(length) { - const size_t proc = std::min(length, in.size()); + const size_t proc = std::min(length, m_in.size()); size_t consumed = 0; - size_t produced = base64_encode(reinterpret_cast<char*>(out.data()), input, + size_t produced = base64_encode(reinterpret_cast<char*>(m_out.data()), input, proc, consumed, final_inputs); - do_output(out.data(), produced); + do_output(m_out.data(), produced); // FIXME: s/proc/consumed/? input += proc; @@ -53,22 +53,22 @@ void Base64_Encoder::encode_and_send(const byte input[], size_t length, */ void Base64_Encoder::do_output(const byte input[], size_t length) { - if(line_length == 0) + if(m_line_length == 0) send(input, length); else { size_t remaining = length, offset = 0; while(remaining) { - size_t sent = std::min(line_length - out_position, remaining); + size_t sent = std::min(m_line_length - m_out_position, remaining); send(input + offset, sent); - out_position += sent; + m_out_position += sent; remaining -= sent; offset += sent; - if(out_position == line_length) + if(m_out_position == m_line_length) { send('\n'); - out_position = 0; + m_out_position = 0; } } } @@ -79,22 +79,22 @@ void Base64_Encoder::do_output(const byte input[], size_t length) */ void Base64_Encoder::write(const byte input[], size_t length) { - buffer_insert(in, position, input, length); - if(position + length >= in.size()) + buffer_insert(m_in, m_position, input, length); + if(m_position + length >= m_in.size()) { - encode_and_send(in.data(), in.size()); - input += (in.size() - position); - length -= (in.size() - position); - while(length >= in.size()) + encode_and_send(m_in.data(), m_in.size()); + input += (m_in.size() - m_position); + length -= (m_in.size() - m_position); + while(length >= m_in.size()) { - encode_and_send(input, in.size()); - input += in.size(); - length -= in.size(); + encode_and_send(input, m_in.size()); + input += m_in.size(); + length -= m_in.size(); } - copy_mem(in.data(), input, length); - position = 0; + copy_mem(m_in.data(), input, length); + m_position = 0; } - position += length; + m_position += length; } /* @@ -102,19 +102,19 @@ void Base64_Encoder::write(const byte input[], size_t length) */ void Base64_Encoder::end_msg() { - encode_and_send(in.data(), position, true); + encode_and_send(m_in.data(), m_position, true); - if(trailing_newline || (out_position && line_length)) + if(m_trailing_newline || (m_out_position && m_line_length)) send('\n'); - out_position = position = 0; + m_out_position = m_position = 0; } /* * Base64_Decoder Constructor */ Base64_Decoder::Base64_Decoder(Decoder_Checking c) : - checking(c), in(64), out(48), position(0) + m_checking(c), m_in(64), m_out(48), m_position(0) { } @@ -125,32 +125,32 @@ void Base64_Decoder::write(const byte input[], size_t length) { while(length) { - size_t to_copy = std::min<size_t>(length, in.size() - position); + size_t to_copy = std::min<size_t>(length, m_in.size() - m_position); if(to_copy == 0) { - in.resize(in.size()*2); - out.resize(out.size()*2); + m_in.resize(m_in.size()*2); + m_out.resize(m_out.size()*2); } - copy_mem(&in[position], input, to_copy); - position += to_copy; + copy_mem(&m_in[m_position], input, to_copy); + m_position += to_copy; size_t consumed = 0; - size_t written = base64_decode(out.data(), - reinterpret_cast<const char*>(in.data()), - position, + size_t written = base64_decode(m_out.data(), + reinterpret_cast<const char*>(m_in.data()), + m_position, consumed, false, - checking != FULL_CHECK); + m_checking != FULL_CHECK); - send(out, written); + send(m_out, written); - if(consumed != position) + if(consumed != m_position) { - copy_mem(in.data(), in.data() + consumed, position - consumed); - position = position - consumed; + copy_mem(m_in.data(), m_in.data() + consumed, m_position - consumed); + m_position = m_position - consumed; } else - position = 0; + m_position = 0; length -= to_copy; input += to_copy; @@ -163,18 +163,18 @@ void Base64_Decoder::write(const byte input[], size_t length) void Base64_Decoder::end_msg() { size_t consumed = 0; - size_t written = base64_decode(out.data(), - reinterpret_cast<const char*>(in.data()), - position, + size_t written = base64_decode(m_out.data(), + reinterpret_cast<const char*>(m_in.data()), + m_position, consumed, true, - checking != FULL_CHECK); + m_checking != FULL_CHECK); - send(out, written); + send(m_out, written); - const bool not_full_bytes = consumed != position; + const bool not_full_bytes = consumed != m_position; - position = 0; + m_position = 0; if(not_full_bytes) throw Invalid_Argument("Base64_Decoder: Input not full bytes"); diff --git a/src/lib/filters/codec_filt/b64_filt.h b/src/lib/filters/codec_filt/b64_filt.h index 8ab428076..f1879fb71 100644 --- a/src/lib/filters/codec_filt/b64_filt.h +++ b/src/lib/filters/codec_filt/b64_filt.h @@ -15,7 +15,7 @@ namespace Botan { /** * This class represents a Base64 encoder. */ -class BOTAN_DLL Base64_Encoder : public Filter +class BOTAN_DLL Base64_Encoder final : public Filter { public: std::string name() const override { return "Base64_Encoder"; } @@ -45,16 +45,16 @@ class BOTAN_DLL Base64_Encoder : public Filter bool final_inputs = false); void do_output(const byte output[], size_t length); - const size_t line_length; - const bool trailing_newline; - std::vector<byte> in, out; - size_t position, out_position; + const size_t m_line_length; + const bool m_trailing_newline; + std::vector<byte> m_in, m_out; + size_t m_position, m_out_position; }; /** * This object represents a Base64 decoder. */ -class BOTAN_DLL Base64_Decoder : public Filter +class BOTAN_DLL Base64_Decoder final : public Filter { public: std::string name() const override { return "Base64_Decoder"; } @@ -76,11 +76,11 @@ class BOTAN_DLL Base64_Decoder : public Filter * @param checking the type of checking that shall be performed by * the decoder */ - Base64_Decoder(Decoder_Checking checking = NONE); + explicit Base64_Decoder(Decoder_Checking checking = NONE); private: - const Decoder_Checking checking; - std::vector<byte> in, out; - size_t position; + const Decoder_Checking m_checking; + std::vector<byte> m_in, m_out; + size_t m_position; }; } diff --git a/src/lib/filters/codec_filt/hex_filt.cpp b/src/lib/filters/codec_filt/hex_filt.cpp index e1a7dc9a5..2003055b4 100644 --- a/src/lib/filters/codec_filt/hex_filt.cpp +++ b/src/lib/filters/codec_filt/hex_filt.cpp @@ -23,21 +23,21 @@ const size_t HEX_CODEC_BUFFER_SIZE = 256; * Hex_Encoder Constructor */ Hex_Encoder::Hex_Encoder(bool breaks, size_t length, Case c) : - casing(c), line_length(breaks ? length : 0) + m_casing(c), m_line_length(breaks ? length : 0) { - in.resize(HEX_CODEC_BUFFER_SIZE); - out.resize(2*in.size()); - counter = position = 0; + m_in.resize(HEX_CODEC_BUFFER_SIZE); + m_out.resize(2*m_in.size()); + m_counter = m_position = 0; } /* * Hex_Encoder Constructor */ -Hex_Encoder::Hex_Encoder(Case c) : casing(c), line_length(0) +Hex_Encoder::Hex_Encoder(Case c) : m_casing(c), m_line_length(0) { - in.resize(HEX_CODEC_BUFFER_SIZE); - out.resize(2*in.size()); - counter = position = 0; + m_in.resize(HEX_CODEC_BUFFER_SIZE); + m_out.resize(2*m_in.size()); + m_counter = m_position = 0; } /* @@ -45,26 +45,26 @@ Hex_Encoder::Hex_Encoder(Case c) : casing(c), line_length(0) */ void Hex_Encoder::encode_and_send(const byte block[], size_t length) { - hex_encode(reinterpret_cast<char*>(out.data()), + hex_encode(reinterpret_cast<char*>(m_out.data()), block, length, - casing == Uppercase); + m_casing == Uppercase); - if(line_length == 0) - send(out, 2*length); + if(m_line_length == 0) + send(m_out, 2*length); else { size_t remaining = 2*length, offset = 0; while(remaining) { - size_t sent = std::min(line_length - counter, remaining); - send(&out[offset], sent); - counter += sent; + size_t sent = std::min(m_line_length - m_counter, remaining); + send(&m_out[offset], sent); + m_counter += sent; remaining -= sent; offset += sent; - if(counter == line_length) + if(m_counter == m_line_length) { send('\n'); - counter = 0; + m_counter = 0; } } } @@ -75,22 +75,22 @@ void Hex_Encoder::encode_and_send(const byte block[], size_t length) */ void Hex_Encoder::write(const byte input[], size_t length) { - buffer_insert(in, position, input, length); - if(position + length >= in.size()) + buffer_insert(m_in, m_position, input, length); + if(m_position + length >= m_in.size()) { - encode_and_send(in.data(), in.size()); - input += (in.size() - position); - length -= (in.size() - position); - while(length >= in.size()) + encode_and_send(m_in.data(), m_in.size()); + input += (m_in.size() - m_position); + length -= (m_in.size() - m_position); + while(length >= m_in.size()) { - encode_and_send(input, in.size()); - input += in.size(); - length -= in.size(); + encode_and_send(input, m_in.size()); + input += m_in.size(); + length -= m_in.size(); } - copy_mem(in.data(), input, length); - position = 0; + copy_mem(m_in.data(), input, length); + m_position = 0; } - position += length; + m_position += length; } /* @@ -98,20 +98,20 @@ void Hex_Encoder::write(const byte input[], size_t length) */ void Hex_Encoder::end_msg() { - encode_and_send(in.data(), position); - if(counter && line_length) + encode_and_send(m_in.data(), m_position); + if(m_counter && m_line_length) send('\n'); - counter = position = 0; + m_counter = m_position = 0; } /* * Hex_Decoder Constructor */ -Hex_Decoder::Hex_Decoder(Decoder_Checking c) : checking(c) +Hex_Decoder::Hex_Decoder(Decoder_Checking c) : m_checking(c) { - in.resize(HEX_CODEC_BUFFER_SIZE); - out.resize(in.size() / 2); - position = 0; + m_in.resize(HEX_CODEC_BUFFER_SIZE); + m_out.resize(m_in.size() / 2); + m_position = 0; } /* @@ -121,26 +121,26 @@ void Hex_Decoder::write(const byte input[], size_t length) { while(length) { - size_t to_copy = std::min<size_t>(length, in.size() - position); - copy_mem(&in[position], input, to_copy); - position += to_copy; + size_t to_copy = std::min<size_t>(length, m_in.size() - m_position); + copy_mem(&m_in[m_position], input, to_copy); + m_position += to_copy; size_t consumed = 0; - size_t written = hex_decode(out.data(), - reinterpret_cast<const char*>(in.data()), - position, + size_t written = hex_decode(m_out.data(), + reinterpret_cast<const char*>(m_in.data()), + m_position, consumed, - checking != FULL_CHECK); + m_checking != FULL_CHECK); - send(out, written); + send(m_out, written); - if(consumed != position) + if(consumed != m_position) { - copy_mem(in.data(), in.data() + consumed, position - consumed); - position = position - consumed; + copy_mem(m_in.data(), m_in.data() + consumed, m_position - consumed); + m_position = m_position - consumed; } else - position = 0; + m_position = 0; length -= to_copy; input += to_copy; @@ -153,17 +153,17 @@ void Hex_Decoder::write(const byte input[], size_t length) void Hex_Decoder::end_msg() { size_t consumed = 0; - size_t written = hex_decode(out.data(), - reinterpret_cast<const char*>(in.data()), - position, + size_t written = hex_decode(m_out.data(), + reinterpret_cast<const char*>(m_in.data()), + m_position, consumed, - checking != FULL_CHECK); + m_checking != FULL_CHECK); - send(out, written); + send(m_out, written); - const bool not_full_bytes = consumed != position; + const bool not_full_bytes = consumed != m_position; - position = 0; + m_position = 0; if(not_full_bytes) throw Invalid_Argument("Hex_Decoder: Input not full bytes"); diff --git a/src/lib/filters/codec_filt/hex_filt.h b/src/lib/filters/codec_filt/hex_filt.h index 6130e729c..f8a35b8b9 100644 --- a/src/lib/filters/codec_filt/hex_filt.h +++ b/src/lib/filters/codec_filt/hex_filt.h @@ -16,7 +16,7 @@ namespace Botan { * Converts arbitrary binary data to hex strings, optionally with * newlines inserted */ -class BOTAN_DLL Hex_Encoder : public Filter +class BOTAN_DLL Hex_Encoder final : public Filter { public: /** @@ -33,7 +33,7 @@ class BOTAN_DLL Hex_Encoder : public Filter * Create a hex encoder. * @param the_case the case to use in the encoded strings. */ - Hex_Encoder(Case the_case); + explicit Hex_Encoder(Case the_case); /** * Create a hex encoder. @@ -47,16 +47,16 @@ class BOTAN_DLL Hex_Encoder : public Filter private: void encode_and_send(const byte[], size_t); - const Case casing; - const size_t line_length; - std::vector<byte> in, out; - size_t position, counter; + const Case m_casing; + const size_t m_line_length; + std::vector<byte> m_in, m_out; + size_t m_position, m_counter; }; /** * Converts hex strings to bytes */ -class BOTAN_DLL Hex_Decoder : public Filter +class BOTAN_DLL Hex_Decoder final : public Filter { public: std::string name() const override { return "Hex_Decoder"; } @@ -69,11 +69,11 @@ class BOTAN_DLL Hex_Decoder : public Filter * character checking. * @param checking the checking to use during decoding. */ - Hex_Decoder(Decoder_Checking checking = NONE); + explicit Hex_Decoder(Decoder_Checking checking = NONE); private: - const Decoder_Checking checking; - std::vector<byte> in, out; - size_t position; + const Decoder_Checking m_checking; + std::vector<byte> m_in, m_out; + size_t m_position; }; } diff --git a/src/lib/filters/data_snk.cpp b/src/lib/filters/data_snk.cpp index f56c2d869..df35b12bf 100644 --- a/src/lib/filters/data_snk.cpp +++ b/src/lib/filters/data_snk.cpp @@ -17,10 +17,10 @@ namespace Botan { */ void DataSink_Stream::write(const byte out[], size_t length) { - sink.write(reinterpret_cast<const char*>(out), length); - if(!sink.good()) + m_sink.write(reinterpret_cast<const char*>(out), length); + if(!m_sink.good()) throw Stream_IO_Error("DataSink_Stream: Failure writing to " + - identifier); + m_identifier); } /* @@ -28,9 +28,9 @@ void DataSink_Stream::write(const byte out[], size_t length) */ DataSink_Stream::DataSink_Stream(std::ostream& out, const std::string& name) : - identifier(name), - sink_p(nullptr), - sink(out) + m_identifier(name), + m_sink_p(nullptr), + m_sink(out) { } @@ -39,14 +39,14 @@ DataSink_Stream::DataSink_Stream(std::ostream& out, */ DataSink_Stream::DataSink_Stream(const std::string& path, bool use_binary) : - identifier(path), - sink_p(new std::ofstream(path, + m_identifier(path), + m_sink_p(new std::ofstream(path, use_binary ? std::ios::binary : std::ios::out)), - sink(*sink_p) + m_sink(*m_sink_p) { - if(!sink.good()) + if(!m_sink.good()) { - delete sink_p; + delete m_sink_p; throw Stream_IO_Error("DataSink_Stream: Failure opening " + path); } } @@ -56,7 +56,7 @@ DataSink_Stream::DataSink_Stream(const std::string& path, */ DataSink_Stream::~DataSink_Stream() { - delete sink_p; + delete m_sink_p; } } diff --git a/src/lib/filters/data_snk.h b/src/lib/filters/data_snk.h index 15e2de6ef..56b292e46 100644 --- a/src/lib/filters/data_snk.h +++ b/src/lib/filters/data_snk.h @@ -33,7 +33,7 @@ class BOTAN_DLL DataSink : public Filter class BOTAN_DLL DataSink_Stream : public DataSink { public: - std::string name() const override { return identifier; } + std::string name() const override { return m_identifier; } void write(const byte[], size_t) override; @@ -56,10 +56,10 @@ class BOTAN_DLL DataSink_Stream : public DataSink ~DataSink_Stream(); private: - const std::string identifier; + const std::string m_identifier; - std::ostream* sink_p; - std::ostream& sink; + std::ostream* m_sink_p; + std::ostream& m_sink; }; } diff --git a/src/lib/filters/filter.cpp b/src/lib/filters/filter.cpp index 0bbde2853..6ae713314 100644 --- a/src/lib/filters/filter.cpp +++ b/src/lib/filters/filter.cpp @@ -6,7 +6,6 @@ */ #include <botan/filter.h> -#include <botan/secqueue.h> #include <botan/exceptn.h> namespace Botan { @@ -16,10 +15,10 @@ namespace Botan { */ Filter::Filter() { - next.resize(1); - port_num = 0; - filter_owns = 0; - owned = false; + m_next.resize(1); + m_port_num = 0; + m_filter_owns = 0; + m_owned = false; } /* @@ -32,18 +31,18 @@ void Filter::send(const byte input[], size_t length) bool nothing_attached = true; for(size_t j = 0; j != total_ports(); ++j) - if(next[j]) + if(m_next[j]) { - if(write_queue.size()) - next[j]->write(write_queue.data(), write_queue.size()); - next[j]->write(input, length); + if(m_write_queue.size()) + m_next[j]->write(m_write_queue.data(), m_write_queue.size()); + m_next[j]->write(input, length); nothing_attached = false; } if(nothing_attached) - write_queue += std::make_pair(input, length); + m_write_queue += std::make_pair(input, length); else - write_queue.clear(); + m_write_queue.clear(); } /* @@ -53,8 +52,8 @@ void Filter::new_msg() { start_msg(); for(size_t j = 0; j != total_ports(); ++j) - if(next[j]) - next[j]->new_msg(); + if(m_next[j]) + m_next[j]->new_msg(); } /* @@ -64,8 +63,8 @@ void Filter::finish_msg() { end_msg(); for(size_t j = 0; j != total_ports(); ++j) - if(next[j]) - next[j]->finish_msg(); + if(m_next[j]) + m_next[j]->finish_msg(); } /* @@ -78,7 +77,7 @@ void Filter::attach(Filter* new_filter) Filter* last = this; while(last->get_next()) last = last->get_next(); - last->next[last->current_port()] = new_filter; + last->m_next[last->current_port()] = new_filter; } } @@ -89,7 +88,7 @@ void Filter::set_port(size_t new_port) { if(new_port >= total_ports()) throw Invalid_Argument("Filter: Invalid port number"); - port_num = new_port; + m_port_num = new_port; } /* @@ -97,8 +96,8 @@ void Filter::set_port(size_t new_port) */ Filter* Filter::get_next() const { - if(port_num < next.size()) - return next[port_num]; + if(m_port_num < m_next.size()) + return m_next[m_port_num]; return nullptr; } @@ -107,16 +106,16 @@ Filter* Filter::get_next() const */ void Filter::set_next(Filter* filters[], size_t size) { - next.clear(); + m_next.clear(); - port_num = 0; - filter_owns = 0; + m_port_num = 0; + m_filter_owns = 0; while(size && filters && (filters[size-1] == nullptr)) --size; if(filters && size) - next.assign(filters, filters + size); + m_next.assign(filters, filters + size); } /* @@ -124,7 +123,7 @@ void Filter::set_next(Filter* filters[], size_t size) */ size_t Filter::total_ports() const { - return next.size(); + return m_next.size(); } } diff --git a/src/lib/filters/filter.h b/src/lib/filters/filter.h index 9e28655c2..359a76ac0 100644 --- a/src/lib/filters/filter.h +++ b/src/lib/filters/filter.h @@ -115,7 +115,7 @@ class BOTAN_DLL Filter friend class Fanout_Filter; size_t total_ports() const; - size_t current_port() const { return port_num; } + size_t current_port() const { return m_port_num; } /** * Set the active port @@ -123,7 +123,7 @@ class BOTAN_DLL Filter */ void set_port(size_t new_port); - size_t owns() const { return filter_owns; } + size_t owns() const { return m_filter_owns; } /** * Attach another filter to this one @@ -138,12 +138,12 @@ class BOTAN_DLL Filter void set_next(Filter* filters[], size_t count); Filter* get_next() const; - secure_vector<byte> write_queue; - std::vector<Filter*> next; - size_t port_num, filter_owns; + secure_vector<byte> m_write_queue; + std::vector<Filter*> m_next; + size_t m_port_num, m_filter_owns; // true if filter belongs to a pipe --> prohibit filter sharing! - bool owned; + bool m_owned; }; /** @@ -155,7 +155,7 @@ class BOTAN_DLL Fanout_Filter : public Filter /** * Increment the number of filters past us that we own */ - void incr_owns() { ++filter_owns; } + void incr_owns() { ++m_filter_owns; } void set_port(size_t n) { Filter::set_port(n); } @@ -165,9 +165,9 @@ class BOTAN_DLL Fanout_Filter : public Filter private: friend class Threaded_Fork; - using Filter::write_queue; + using Filter::m_write_queue; using Filter::total_ports; - using Filter::next; + using Filter::m_next; }; /** diff --git a/src/lib/filters/filters.h b/src/lib/filters/filters.h index 7a527dde0..4f559587f 100644 --- a/src/lib/filters/filters.h +++ b/src/lib/filters/filters.h @@ -67,7 +67,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter * Construct a stream cipher filter. * @param cipher a cipher object to use */ - StreamCipher_Filter(StreamCipher* cipher); + explicit StreamCipher_Filter(StreamCipher* cipher); /** * Construct a stream cipher filter. @@ -80,7 +80,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter * Construct a stream cipher filter. * @param cipher the name of the desired cipher */ - StreamCipher_Filter(const std::string& cipher); + explicit StreamCipher_Filter(const std::string& cipher); /** * Construct a stream cipher filter. diff --git a/src/lib/filters/out_buf.cpp b/src/lib/filters/out_buf.cpp index 34fbd84ed..e0d649a5b 100644 --- a/src/lib/filters/out_buf.cpp +++ b/src/lib/filters/out_buf.cpp @@ -65,10 +65,10 @@ void Output_Buffers::add(SecureQueue* queue) { BOTAN_ASSERT(queue, "queue was provided"); - BOTAN_ASSERT(buffers.size() < buffers.max_size(), + BOTAN_ASSERT(m_buffers.size() < m_buffers.max_size(), "Room was available in container"); - buffers.push_back(queue); + m_buffers.push_back(queue); } /* @@ -76,17 +76,17 @@ void Output_Buffers::add(SecureQueue* queue) */ void Output_Buffers::retire() { - for(size_t i = 0; i != buffers.size(); ++i) - if(buffers[i] && buffers[i]->size() == 0) + for(size_t i = 0; i != m_buffers.size(); ++i) + if(m_buffers[i] && m_buffers[i]->size() == 0) { - delete buffers[i]; - buffers[i] = nullptr; + delete m_buffers[i]; + m_buffers[i] = nullptr; } - while(buffers.size() && !buffers[0]) + while(m_buffers.size() && !m_buffers[0]) { - buffers.pop_front(); - offset = offset + Pipe::message_id(1); + m_buffers.pop_front(); + m_offset = m_offset + Pipe::message_id(1); } } @@ -95,12 +95,12 @@ void Output_Buffers::retire() */ SecureQueue* Output_Buffers::get(Pipe::message_id msg) const { - if(msg < offset) + if(msg < m_offset) return nullptr; BOTAN_ASSERT(msg < message_count(), "Message number is in range"); - return buffers[msg-offset]; + return m_buffers[msg-m_offset]; } /* @@ -108,7 +108,7 @@ SecureQueue* Output_Buffers::get(Pipe::message_id msg) const */ Pipe::message_id Output_Buffers::message_count() const { - return (offset + buffers.size()); + return (m_offset + m_buffers.size()); } /* @@ -116,7 +116,7 @@ Pipe::message_id Output_Buffers::message_count() const */ Output_Buffers::Output_Buffers() { - offset = 0; + m_offset = 0; } /* @@ -124,8 +124,8 @@ Output_Buffers::Output_Buffers() */ Output_Buffers::~Output_Buffers() { - for(size_t j = 0; j != buffers.size(); ++j) - delete buffers[j]; + for(size_t j = 0; j != m_buffers.size(); ++j) + delete m_buffers[j]; } } diff --git a/src/lib/filters/out_buf.h b/src/lib/filters/out_buf.h index 4617d9464..4898ca105 100644 --- a/src/lib/filters/out_buf.h +++ b/src/lib/filters/out_buf.h @@ -36,8 +36,8 @@ class Output_Buffers private: class SecureQueue* get(Pipe::message_id) const; - std::deque<SecureQueue*> buffers; - Pipe::message_id offset; + std::deque<SecureQueue*> m_buffers; + Pipe::message_id m_offset; }; } diff --git a/src/lib/filters/pipe.cpp b/src/lib/filters/pipe.cpp index 15ace9ffc..a4962f891 100644 --- a/src/lib/filters/pipe.cpp +++ b/src/lib/filters/pipe.cpp @@ -56,8 +56,8 @@ Pipe::Pipe(std::initializer_list<Filter*> args) */ Pipe::~Pipe() { - destruct(pipe); - delete outputs; + destruct(m_pipe); + delete m_outputs; } /* @@ -65,10 +65,10 @@ Pipe::~Pipe() */ void Pipe::init() { - outputs = new Output_Buffers; - pipe = nullptr; - default_read = 0; - inside_msg = false; + m_outputs = new Output_Buffers; + m_pipe = nullptr; + m_default_read = 0; + m_inside_msg = false; } /* @@ -76,9 +76,9 @@ void Pipe::init() */ void Pipe::reset() { - destruct(pipe); - pipe = nullptr; - inside_msg = false; + destruct(m_pipe); + m_pipe = nullptr; + m_inside_msg = false; } /* @@ -89,7 +89,7 @@ void Pipe::destruct(Filter* to_kill) if(!to_kill || dynamic_cast<SecureQueue*>(to_kill)) return; for(size_t j = 0; j != to_kill->total_ports(); ++j) - destruct(to_kill->next[j]); + destruct(to_kill->m_next[j]); delete to_kill; } @@ -108,7 +108,7 @@ void Pipe::set_default_msg(message_id msg) { if(msg >= message_count()) throw Invalid_Argument("Pipe::set_default_msg: msg number is too high"); - default_read = msg; + m_default_read = msg; } /* @@ -157,13 +157,13 @@ void Pipe::process_msg(DataSource& input) */ void Pipe::start_msg() { - if(inside_msg) + if(m_inside_msg) throw Invalid_State("Pipe::start_msg: Message was already started"); - if(pipe == nullptr) - pipe = new Null_Filter; - find_endpoints(pipe); - pipe->new_msg(); - inside_msg = true; + if(m_pipe == nullptr) + m_pipe = new Null_Filter; + find_endpoints(m_pipe); + m_pipe->new_msg(); + m_inside_msg = true; } /* @@ -171,18 +171,18 @@ void Pipe::start_msg() */ void Pipe::end_msg() { - if(!inside_msg) + if(!m_inside_msg) throw Invalid_State("Pipe::end_msg: Message was already ended"); - pipe->finish_msg(); - clear_endpoints(pipe); - if(dynamic_cast<Null_Filter*>(pipe)) + m_pipe->finish_msg(); + clear_endpoints(m_pipe); + if(dynamic_cast<Null_Filter*>(m_pipe)) { - delete pipe; - pipe = nullptr; + delete m_pipe; + m_pipe = nullptr; } - inside_msg = false; + m_inside_msg = false; - outputs->retire(); + m_outputs->retire(); } /* @@ -191,13 +191,13 @@ void Pipe::end_msg() void Pipe::find_endpoints(Filter* f) { for(size_t j = 0; j != f->total_ports(); ++j) - if(f->next[j] && !dynamic_cast<SecureQueue*>(f->next[j])) - find_endpoints(f->next[j]); + if(f->m_next[j] && !dynamic_cast<SecureQueue*>(f->m_next[j])) + find_endpoints(f->m_next[j]); else { SecureQueue* q = new SecureQueue; - f->next[j] = q; - outputs->add(q); + f->m_next[j] = q; + m_outputs->add(q); } } @@ -209,9 +209,9 @@ void Pipe::clear_endpoints(Filter* f) if(!f) return; for(size_t j = 0; j != f->total_ports(); ++j) { - if(f->next[j] && dynamic_cast<SecureQueue*>(f->next[j])) - f->next[j] = nullptr; - clear_endpoints(f->next[j]); + if(f->m_next[j] && dynamic_cast<SecureQueue*>(f->m_next[j])) + f->m_next[j] = nullptr; + clear_endpoints(f->m_next[j]); } } @@ -220,19 +220,19 @@ void Pipe::clear_endpoints(Filter* f) */ void Pipe::append(Filter* filter) { - if(inside_msg) + if(m_inside_msg) throw Invalid_State("Cannot append to a Pipe while it is processing"); if(!filter) return; if(dynamic_cast<SecureQueue*>(filter)) throw Invalid_Argument("Pipe::append: SecureQueue cannot be used"); - if(filter->owned) + if(filter->m_owned) throw Invalid_Argument("Filters cannot be shared among multiple Pipes"); - filter->owned = true; + filter->m_owned = true; - if(!pipe) pipe = filter; - else pipe->attach(filter); + if(!m_pipe) m_pipe = filter; + else m_pipe->attach(filter); } /* @@ -240,19 +240,19 @@ void Pipe::append(Filter* filter) */ void Pipe::prepend(Filter* filter) { - if(inside_msg) + if(m_inside_msg) throw Invalid_State("Cannot prepend to a Pipe while it is processing"); if(!filter) return; if(dynamic_cast<SecureQueue*>(filter)) throw Invalid_Argument("Pipe::prepend: SecureQueue cannot be used"); - if(filter->owned) + if(filter->m_owned) throw Invalid_Argument("Filters cannot be shared among multiple Pipes"); - filter->owned = true; + filter->m_owned = true; - if(pipe) filter->attach(pipe); - pipe = filter; + if(m_pipe) filter->attach(m_pipe); + m_pipe = filter; } /* @@ -260,24 +260,24 @@ void Pipe::prepend(Filter* filter) */ void Pipe::pop() { - if(inside_msg) + if(m_inside_msg) throw Invalid_State("Cannot pop off a Pipe while it is processing"); - if(!pipe) + if(!m_pipe) return; - if(pipe->total_ports() > 1) + if(m_pipe->total_ports() > 1) throw Invalid_State("Cannot pop off a Filter with multiple ports"); - Filter* f = pipe; + Filter* f = m_pipe; size_t owns = f->owns(); - pipe = pipe->next[0]; + m_pipe = m_pipe->m_next[0]; delete f; while(owns--) { - f = pipe; - pipe = pipe->next[0]; + f = m_pipe; + m_pipe = m_pipe->m_next[0]; delete f; } } @@ -287,7 +287,7 @@ void Pipe::pop() */ Pipe::message_id Pipe::message_count() const { - return outputs->message_count(); + return m_outputs->message_count(); } /* diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h index 3f8d4d04c..286484a81 100644 --- a/src/lib/filters/pipe.h +++ b/src/lib/filters/pipe.h @@ -24,7 +24,7 @@ namespace Botan { * collected for retrieval. If you're familiar with the Unix shell * environment, this design will sound quite familiar. */ -class BOTAN_DLL Pipe : public DataSource +class BOTAN_DLL Pipe final : public DataSource { public: /** @@ -232,7 +232,7 @@ class BOTAN_DLL Pipe : public DataSource /** * @return currently set default message */ - size_t default_msg() const { return default_read; } + size_t default_msg() const { return m_default_read; } /** * Set the default message @@ -297,7 +297,7 @@ class BOTAN_DLL Pipe : public DataSource * Construct a Pipe from a list of filters * @param filters the set of filters to use */ - Pipe(std::initializer_list<Filter*> filters); + explicit Pipe(std::initializer_list<Filter*> filters); Pipe(const Pipe&) = delete; Pipe& operator=(const Pipe&) = delete; @@ -311,10 +311,10 @@ class BOTAN_DLL Pipe : public DataSource message_id get_message_no(const std::string&, message_id) const; - Filter* pipe; - class Output_Buffers* outputs; - message_id default_read; - bool inside_msg; + Filter* m_pipe; + class Output_Buffers* m_outputs; + message_id m_default_read; + bool m_inside_msg; }; /** diff --git a/src/lib/filters/pipe_rw.cpp b/src/lib/filters/pipe_rw.cpp index 796f9100e..646752e7c 100644 --- a/src/lib/filters/pipe_rw.cpp +++ b/src/lib/filters/pipe_rw.cpp @@ -8,7 +8,6 @@ #include <botan/pipe.h> #include <botan/internal/out_buf.h> -#include <botan/secqueue.h> namespace Botan { @@ -34,9 +33,9 @@ Pipe::message_id Pipe::get_message_no(const std::string& func_name, */ void Pipe::write(const byte input[], size_t length) { - if(!inside_msg) + if(!m_inside_msg) throw Invalid_State("Cannot write to a Pipe while it is not processing"); - pipe->write(input, length); + m_pipe->write(input, length); } /* @@ -73,7 +72,7 @@ void Pipe::write(DataSource& source) */ size_t Pipe::read(byte output[], size_t length, message_id msg) { - return outputs->read(output, length, get_message_no("read", msg)); + return m_outputs->read(output, length, get_message_no("read", msg)); } /* @@ -130,7 +129,7 @@ std::string Pipe::read_all_as_string(message_id msg) */ size_t Pipe::remaining(message_id msg) const { - return outputs->remaining(get_message_no("remaining", msg)); + return m_outputs->remaining(get_message_no("remaining", msg)); } /* @@ -139,7 +138,7 @@ size_t Pipe::remaining(message_id msg) const size_t Pipe::peek(byte output[], size_t length, size_t offset, message_id msg) const { - return outputs->peek(output, length, offset, get_message_no("peek", msg)); + return m_outputs->peek(output, length, offset, get_message_no("peek", msg)); } /* @@ -160,12 +159,12 @@ size_t Pipe::peek(byte& out, size_t offset, message_id msg) const size_t Pipe::get_bytes_read() const { - return outputs->get_bytes_read(DEFAULT_MESSAGE); + return m_outputs->get_bytes_read(DEFAULT_MESSAGE); } size_t Pipe::get_bytes_read(message_id msg) const { - return outputs->get_bytes_read(msg); + return m_outputs->get_bytes_read(msg); } bool Pipe::check_available(size_t n) diff --git a/src/lib/filters/secqueue.cpp b/src/lib/filters/secqueue.cpp index 120e8dd0d..6f4070813 100644 --- a/src/lib/filters/secqueue.cpp +++ b/src/lib/filters/secqueue.cpp @@ -17,42 +17,42 @@ namespace Botan { class SecureQueueNode { public: - SecureQueueNode() : buffer(DEFAULT_BUFFERSIZE) - { next = nullptr; start = end = 0; } + SecureQueueNode() : m_buffer(DEFAULT_BUFFERSIZE) + { m_next = nullptr; m_start = m_end = 0; } - ~SecureQueueNode() { next = nullptr; start = end = 0; } + ~SecureQueueNode() { m_next = nullptr; m_start = m_end = 0; } size_t write(const byte input[], size_t length) { - size_t copied = std::min<size_t>(length, buffer.size() - end); - copy_mem(buffer.data() + end, input, copied); - end += copied; + size_t copied = std::min<size_t>(length, m_buffer.size() - m_end); + copy_mem(m_buffer.data() + m_end, input, copied); + m_end += copied; return copied; } size_t read(byte output[], size_t length) { - size_t copied = std::min(length, end - start); - copy_mem(output, buffer.data() + start, copied); - start += copied; + size_t copied = std::min(length, m_end - m_start); + copy_mem(output, m_buffer.data() + m_start, copied); + m_start += copied; return copied; } size_t peek(byte output[], size_t length, size_t offset = 0) { - const size_t left = end - start; + const size_t left = m_end - m_start; if(offset >= left) return 0; size_t copied = std::min(length, left - offset); - copy_mem(output, buffer.data() + start + offset, copied); + copy_mem(output, m_buffer.data() + m_start + offset, copied); return copied; } - size_t size() const { return (end - start); } + size_t size() const { return (m_end - m_start); } private: friend class SecureQueue; - SecureQueueNode* next; - secure_vector<byte> buffer; - size_t start, end; + SecureQueueNode* m_next; + secure_vector<byte> m_buffer; + size_t m_start, m_end; }; /* @@ -78,8 +78,8 @@ SecureQueue::SecureQueue(const SecureQueue& input) : SecureQueueNode* temp = input.m_head; while(temp) { - write(&temp->buffer[temp->start], temp->end - temp->start); - temp = temp->next; + write(&temp->m_buffer[temp->m_start], temp->m_end - temp->m_start); + temp = temp->m_next; } } @@ -91,7 +91,7 @@ void SecureQueue::destroy() SecureQueueNode* temp = m_head; while(temp) { - SecureQueueNode* holder = temp->next; + SecureQueueNode* holder = temp->m_next; delete temp; temp = holder; } @@ -104,12 +104,13 @@ void SecureQueue::destroy() SecureQueue& SecureQueue::operator=(const SecureQueue& input) { destroy(); + m_bytes_read = input.get_bytes_read(); m_head = m_tail = new SecureQueueNode; SecureQueueNode* temp = input.m_head; while(temp) { - write(&temp->buffer[temp->start], temp->end - temp->start); - temp = temp->next; + write(&temp->m_buffer[temp->m_start], temp->m_end - temp->m_start); + temp = temp->m_next; } return (*this); } @@ -128,8 +129,8 @@ void SecureQueue::write(const byte input[], size_t length) length -= n; if(length) { - m_tail->next = new SecureQueueNode; - m_tail = m_tail->next; + m_tail->m_next = new SecureQueueNode; + m_tail = m_tail->m_next; } } } @@ -148,7 +149,7 @@ size_t SecureQueue::read(byte output[], size_t length) length -= n; if(m_head->size() == 0) { - SecureQueueNode* holder = m_head->next; + SecureQueueNode* holder = m_head->m_next; delete m_head; m_head = holder; } @@ -169,7 +170,7 @@ size_t SecureQueue::peek(byte output[], size_t length, size_t offset) const if(offset >= current->size()) { offset -= current->size(); - current = current->next; + current = current->m_next; } else break; @@ -183,7 +184,7 @@ size_t SecureQueue::peek(byte output[], size_t length, size_t offset) const output += n; got += n; length -= n; - current = current->next; + current = current->m_next; } return got; } @@ -207,7 +208,7 @@ size_t SecureQueue::size() const while(current) { count += current->size(); - current = current->next; + current = current->m_next; } return count; } diff --git a/src/lib/filters/threaded_fork.cpp b/src/lib/filters/threaded_fork.cpp index a6bb4c713..5ee802593 100644 --- a/src/lib/filters/threaded_fork.cpp +++ b/src/lib/filters/threaded_fork.cpp @@ -77,7 +77,7 @@ std::string Threaded_Fork::name() const void Threaded_Fork::set_next(Filter* f[], size_t n) { Fork::set_next(f, n); - n = next.size(); + n = m_next.size(); if(n < m_threads.size()) m_threads.resize(n); @@ -89,26 +89,26 @@ void Threaded_Fork::set_next(Filter* f[], size_t n) m_threads.push_back( std::shared_ptr<std::thread>( new std::thread( - std::bind(&Threaded_Fork::thread_entry, this, next[i])))); + std::bind(&Threaded_Fork::thread_entry, this, m_next[i])))); } } } void Threaded_Fork::send(const byte input[], size_t length) { - if(write_queue.size()) - thread_delegate_work(write_queue.data(), write_queue.size()); + if(m_write_queue.size()) + thread_delegate_work(m_write_queue.data(), m_write_queue.size()); thread_delegate_work(input, length); bool nothing_attached = true; for(size_t j = 0; j != total_ports(); ++j) - if(next[j]) + if(m_next[j]) nothing_attached = false; if(nothing_attached) - write_queue += std::make_pair(input, length); + m_write_queue += std::make_pair(input, length); else - write_queue.clear(); + m_write_queue.clear(); } void Threaded_Fork::thread_delegate_work(const byte input[], size_t length) diff --git a/src/lib/filters/transform_filter.h b/src/lib/filters/transform_filter.h index 3dd68405b..2ecc5cecb 100644 --- a/src/lib/filters/transform_filter.h +++ b/src/lib/filters/transform_filter.h @@ -21,7 +21,7 @@ class BOTAN_DLL Transform_Filter : public Keyed_Filter, private Buffered_Filter { public: - Transform_Filter(Transform* t); + explicit Transform_Filter(Transform* t); void set_iv(const InitializationVector& iv) override; @@ -49,7 +49,7 @@ class BOTAN_DLL Transform_Filter : public Keyed_Filter, class Nonce_State { public: - Nonce_State(bool allow_null_nonce) : m_fresh_nonce(allow_null_nonce) {} + explicit Nonce_State(bool allow_null_nonce) : m_fresh_nonce(allow_null_nonce) {} void update(const InitializationVector& iv); std::vector<byte> get(); diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp new file mode 100644 index 000000000..10ccbf5c0 --- /dev/null +++ b/src/lib/hash/blake2/blake2b.cpp @@ -0,0 +1,224 @@ +/* +* Blake2b +* (C) 2016 cynecx +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/blake2b.h> +#include <botan/exceptn.h> +#include <botan/mem_ops.h> +#include <botan/loadstor.h> +#include <botan/rotate.h> +#include <algorithm> + +namespace Botan { + +namespace { + +const u64bit blake2b_IV[BLAKE2B_IVU64COUNT] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +const u64bit blake2b_sigma[12][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +}; +} + +Blake2b* Blake2b::make(const Spec& spec) + { + return new Blake2b(spec.arg_as_integer(0, 512)); + } + +Blake2b::Blake2b(size_t output_bits) : + m_output_bits(output_bits), + m_buffer(BLAKE2B_BLOCKBYTES), + m_buflen(0), + m_H(BLAKE2B_IVU64COUNT) + { + if(output_bits == 0 || output_bits % 8 != 0 + || output_bits / 8 > BLAKE2B_OUTBYTES) + { + throw Invalid_Argument("Bad output bits size for Blake2b"); + } + + state_init(); + } + +void Blake2b::state_init() + { + std::copy(std::begin(blake2b_IV), std::end(blake2b_IV), m_H.begin()); + m_H[0] ^= 0x01010000 ^ static_cast<byte>(output_length()); + m_T[0] = m_T[1] = 0; + m_F[0] = m_F[1] = 0; + } + +void Blake2b::compress(bool lastblock) + { + u64bit m[16]; + u64bit v[16]; + u64bit* const H = m_H.data(); + const byte* const block = m_buffer.data(); + + if(lastblock) + { + m_F[0] = ~0ULL; + } + + for(int i = 0; i < 16; i++) + { + m[i] = load_le<u64bit>(block, i); + } + + for(int i = 0; i < 8; i++) + { + v[i] = H[i]; + v[i + 8] = blake2b_IV[i]; + } + + v[12] ^= m_T[0]; + v[13] ^= m_T[1]; + v[14] ^= m_F[0]; + v[15] ^= m_F[1]; + +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotate_right<u64bit>(d ^ a, 32); \ + c = c + d; \ + b = rotate_right<u64bit>(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotate_right<u64bit>(d ^ a, 16); \ + c = c + d; \ + b = rotate_right<u64bit>(b ^ c, 63); \ + } while(0) + +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while(0) + + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); + + for(int i = 0; i < 8; i++) + { + H[i] ^= v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND + } + +void Blake2b::increment_counter(const u64bit inc) + { + m_T[0] += inc; + if(m_T[0] < inc) + { + m_T[1]++; + } + } + +void Blake2b::add_data(const byte input[], size_t length) + { + if(!input || length == 0) + { + return; + } + + byte* const buffer = m_buffer.data(); + + while(length > 0) + { + size_t fill = BLAKE2B_BLOCKBYTES - m_buflen; + + if(length <= fill) + { + std::memcpy(buffer + m_buflen, input, length); + m_buflen += length; + return; + } + + std::memcpy(buffer + m_buflen, input, fill); + increment_counter(BLAKE2B_BLOCKBYTES); + compress(); + + m_buflen = 0; + input += fill; + length -= fill; + } + } + +void Blake2b::final_result(byte output[]) + { + if(!output) + { + return; + } + + byte* const buffer = m_buffer.data(); + const u64bit* const H = static_cast<const u64bit*>(m_H.data()); + u16bit outlen = static_cast<u16bit>(output_length()); + + std::memset(buffer + m_buflen, 0, BLAKE2B_BLOCKBYTES - m_buflen); + increment_counter(m_buflen); + compress(true); + + for (u16bit i = 0; i < outlen; i++) + { + output[i] = (H[i >> 3] >> (8 * (i & 7))) & 0xFF; + } + + clear(); + } + +std::string Blake2b::name() const + { + return "Blake2b(" + std::to_string(m_output_bits) + ")"; + } + +HashFunction* Blake2b::clone() const + { + return new Blake2b(m_output_bits); + } + +void Blake2b::clear() + { + zeroise(m_H); + zeroise(m_buffer); + m_buflen = 0; + state_init(); + } + +} diff --git a/src/lib/hash/blake2/blake2b.h b/src/lib/hash/blake2/blake2b.h new file mode 100644 index 000000000..290db10f0 --- /dev/null +++ b/src/lib/hash/blake2/blake2b.h @@ -0,0 +1,63 @@ +/* +* Blake2b +* (C) 2016 cynecx +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_BLAKE2B_H__ +#define BOTAN_BLAKE2B_H__ + +#include <botan/hash.h> +#include <string> +#include <memory> + +namespace Botan { + +enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_IVU64COUNT = 8 +}; + +/** +* BLAKE2B +*/ +class BOTAN_DLL Blake2b final : public HashFunction + { + public: + /** + * @param output_bits the output size of Blake2b in bits + */ + explicit Blake2b(size_t output_bits = 512); + + size_t hash_block_size() const override { return BLAKE2B_BLOCKBYTES; } + size_t output_length() const override { return m_output_bits / 8; } + + static Blake2b* make(const Spec& spec); + + HashFunction* clone() const override; + std::string name() const override; + void clear() override; + + private: + void add_data(const byte input[], size_t length) override; + void final_result(byte out[]) override; + + inline void state_init(); + inline void increment_counter(const u64bit inc); + void compress(bool lastblock = false); + + size_t m_output_bits; + + secure_vector<byte> m_buffer; + size_t m_buflen; + + secure_vector<u64bit> m_H; + u64bit m_T[2]; + u64bit m_F[2]; + }; + +} + +#endif diff --git a/src/lib/hash/blake2/info.txt b/src/lib/hash/blake2/info.txt new file mode 100644 index 000000000..6c6d88afe --- /dev/null +++ b/src/lib/hash/blake2/info.txt @@ -0,0 +1 @@ +define BLAKE2B 20130131 diff --git a/src/lib/hash/checksum/adler32/adler32.cpp b/src/lib/hash/checksum/adler32/adler32.cpp index f368b627c..304c664dd 100644 --- a/src/lib/hash/checksum/adler32/adler32.cpp +++ b/src/lib/hash/checksum/adler32/adler32.cpp @@ -61,12 +61,12 @@ void Adler32::add_data(const byte input[], size_t length) while(length >= PROCESS_AMOUNT) { - adler32_update(input, PROCESS_AMOUNT, S1, S2); + adler32_update(input, PROCESS_AMOUNT, m_S1, m_S2); input += PROCESS_AMOUNT; length -= PROCESS_AMOUNT; } - adler32_update(input, length, S1, S2); + adler32_update(input, length, m_S1, m_S2); } /* @@ -74,7 +74,7 @@ void Adler32::add_data(const byte input[], size_t length) */ void Adler32::final_result(byte output[]) { - store_be(output, S2, S1); + store_be(output, m_S2, m_S1); clear(); } diff --git a/src/lib/hash/checksum/adler32/adler32.h b/src/lib/hash/checksum/adler32/adler32.h index 307236d6d..73df6134a 100644 --- a/src/lib/hash/checksum/adler32/adler32.h +++ b/src/lib/hash/checksum/adler32/adler32.h @@ -15,21 +15,21 @@ namespace Botan { /** * The Adler32 checksum, used in zlib */ -class BOTAN_DLL Adler32 : public HashFunction +class BOTAN_DLL Adler32 final : public HashFunction { public: std::string name() const override { return "Adler32"; } size_t output_length() const override { return 4; } HashFunction* clone() const override { return new Adler32; } - void clear() override { S1 = 1; S2 = 0; } + void clear() override { m_S1 = 1; m_S2 = 0; } Adler32() { clear(); } ~Adler32() { clear(); } private: void add_data(const byte[], size_t) override; void final_result(byte[]) override; - u16bit S1, S2; + u16bit m_S1, m_S2; }; } diff --git a/src/lib/hash/checksum/crc24/crc24.cpp b/src/lib/hash/checksum/crc24/crc24.cpp index 1484f643d..6f1eea453 100644 --- a/src/lib/hash/checksum/crc24/crc24.cpp +++ b/src/lib/hash/checksum/crc24/crc24.cpp @@ -60,7 +60,7 @@ void CRC24::add_data(const byte input[], size_t length) 0x00FA48FA, 0x007C0401, 0x0042FA2F, 0x00C4B6D4, 0x00C82F22, 0x004E63D9, 0x00D11CCE, 0x00575035, 0x005BC9C3, 0x00DD8538 }; - u32bit tmp = crc; + u32bit tmp = m_crc; while(length >= 16) { tmp = TABLE[((tmp >> 16) ^ input[ 0]) & 0xFF] ^ (tmp << 8); @@ -86,7 +86,7 @@ void CRC24::add_data(const byte input[], size_t length) for(size_t i = 0; i != length; ++i) tmp = TABLE[((tmp >> 16) ^ input[i]) & 0xFF] ^ (tmp << 8); - crc = tmp; + m_crc = tmp; } /* @@ -95,7 +95,7 @@ void CRC24::add_data(const byte input[], size_t length) void CRC24::final_result(byte output[]) { for(size_t i = 0; i != 3; ++i) - output[i] = get_byte(i+1, crc); + output[i] = get_byte(i+1, m_crc); clear(); } diff --git a/src/lib/hash/checksum/crc24/crc24.h b/src/lib/hash/checksum/crc24/crc24.h index 8df8bd727..f80ee1c2a 100644 --- a/src/lib/hash/checksum/crc24/crc24.h +++ b/src/lib/hash/checksum/crc24/crc24.h @@ -15,21 +15,21 @@ namespace Botan { /** * 24-bit cyclic redundancy check */ -class BOTAN_DLL CRC24 : public HashFunction +class BOTAN_DLL CRC24 final : public HashFunction { public: std::string name() const override { return "CRC24"; } size_t output_length() const override { return 3; } HashFunction* clone() const override { return new CRC24; } - void clear() override { crc = 0xB704CE; } + void clear() override { m_crc = 0xB704CE; } CRC24() { clear(); } ~CRC24() { clear(); } private: void add_data(const byte[], size_t) override; void final_result(byte[]) override; - u32bit crc; + u32bit m_crc; }; } diff --git a/src/lib/hash/checksum/crc32/crc32.cpp b/src/lib/hash/checksum/crc32/crc32.cpp index 10d989cc6..ca8c87c5f 100644 --- a/src/lib/hash/checksum/crc32/crc32.cpp +++ b/src/lib/hash/checksum/crc32/crc32.cpp @@ -60,7 +60,7 @@ void CRC32::add_data(const byte input[], size_t length) 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D }; - u32bit tmp = crc; + u32bit tmp = m_crc; while(length >= 16) { tmp = TABLE[(tmp ^ input[ 0]) & 0xFF] ^ (tmp >> 8); @@ -86,7 +86,7 @@ void CRC32::add_data(const byte input[], size_t length) for(size_t i = 0; i != length; ++i) tmp = TABLE[(tmp ^ input[i]) & 0xFF] ^ (tmp >> 8); - crc = tmp; + m_crc = tmp; } /* @@ -94,8 +94,8 @@ void CRC32::add_data(const byte input[], size_t length) */ void CRC32::final_result(byte output[]) { - crc ^= 0xFFFFFFFF; - store_be(crc, output); + m_crc ^= 0xFFFFFFFF; + store_be(m_crc, output); clear(); } diff --git a/src/lib/hash/checksum/crc32/crc32.h b/src/lib/hash/checksum/crc32/crc32.h index 8ae95d42a..987f34608 100644 --- a/src/lib/hash/checksum/crc32/crc32.h +++ b/src/lib/hash/checksum/crc32/crc32.h @@ -15,21 +15,21 @@ namespace Botan { /** * 32-bit cyclic redundancy check */ -class BOTAN_DLL CRC32 : public HashFunction +class BOTAN_DLL CRC32 final : public HashFunction { public: std::string name() const override { return "CRC32"; } size_t output_length() const override { return 4; } HashFunction* clone() const override { return new CRC32; } - void clear() override { crc = 0xFFFFFFFF; } + void clear() override { m_crc = 0xFFFFFFFF; } CRC32() { clear(); } ~CRC32() { clear(); } private: void add_data(const byte[], size_t) override; void final_result(byte[]) override; - u32bit crc; + u32bit m_crc; }; } diff --git a/src/lib/hash/comb4p/comb4p.h b/src/lib/hash/comb4p/comb4p.h index 1a99934a2..c05953ea5 100644 --- a/src/lib/hash/comb4p/comb4p.h +++ b/src/lib/hash/comb4p/comb4p.h @@ -16,7 +16,7 @@ namespace Botan { * Combines two hash functions using a Feistel scheme. Described in * "On the Security of Hash Function Combiners", Anja Lehmann */ -class BOTAN_DLL Comb4P : public HashFunction +class BOTAN_DLL Comb4P final : public HashFunction { public: /** diff --git a/src/lib/hash/gost_3411/gost_3411.cpp b/src/lib/hash/gost_3411/gost_3411.cpp index f8c9c0069..17c590a5c 100644 --- a/src/lib/hash/gost_3411/gost_3411.cpp +++ b/src/lib/hash/gost_3411/gost_3411.cpp @@ -13,22 +13,22 @@ namespace Botan { * GOST 34.11 Constructor */ GOST_34_11::GOST_34_11() : - cipher(GOST_28147_89_Params("R3411_CryptoPro")), - buffer(32), - sum(32), - hash(32) + m_cipher(GOST_28147_89_Params("R3411_CryptoPro")), + m_buffer(32), + m_sum(32), + m_hash(32) { - count = 0; - position = 0; + m_count = 0; + m_position = 0; } void GOST_34_11::clear() { - cipher.clear(); - zeroise(sum); - zeroise(hash); - count = 0; - position = 0; + m_cipher.clear(); + zeroise(m_sum); + zeroise(m_hash); + m_count = 0; + m_position = 0; } /** @@ -36,18 +36,18 @@ void GOST_34_11::clear() */ void GOST_34_11::add_data(const byte input[], size_t length) { - count += length; + m_count += length; - if(position) + if(m_position) { - buffer_insert(buffer, position, input, length); + buffer_insert(m_buffer, m_position, input, length); - if(position + length >= hash_block_size()) + if(m_position + length >= hash_block_size()) { - compress_n(buffer.data(), 1); - input += (hash_block_size() - position); - length -= (hash_block_size() - position); - position = 0; + compress_n(m_buffer.data(), 1); + input += (hash_block_size() - m_position); + length -= (hash_block_size() - m_position); + m_position = 0; } } @@ -57,8 +57,8 @@ void GOST_34_11::add_data(const byte input[], size_t length) if(full_blocks) compress_n(input, full_blocks); - buffer_insert(buffer, position, input + full_blocks * hash_block_size(), remaining); - position += remaining; + buffer_insert(m_buffer, m_position, input + full_blocks * hash_block_size(), remaining); + m_position += remaining; } /** @@ -70,15 +70,15 @@ void GOST_34_11::compress_n(const byte input[], size_t blocks) { for(u16bit j = 0, carry = 0; j != 32; ++j) { - u16bit s = sum[j] + input[32*i+j] + carry; + u16bit s = m_sum[j] + input[32*i+j] + carry; carry = get_byte(0, s); - sum[j] = get_byte(1, s); + m_sum[j] = get_byte(1, s); } byte S[32] = { 0 }; u64bit U[4], V[4]; - load_be(U, hash.data(), 4); + load_be(U, m_hash.data(), 4); load_be(V, input + 32*i, 4); for(size_t j = 0; j != 4; ++j) @@ -90,8 +90,8 @@ void GOST_34_11::compress_n(const byte input[], size_t blocks) for(size_t l = 0; l != 8; ++l) key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]); - cipher.set_key(key, 32); - cipher.encrypt(&hash[8*j], S + 8*j); + m_cipher.set_key(key, 32); + m_cipher.encrypt(&m_hash[8*j], S + 8*j); if(j == 3) break; @@ -165,7 +165,7 @@ void GOST_34_11::compress_n(const byte input[], size_t blocks) S[30] = S2[0]; S[31] = S2[1]; - xor_buf(S, hash.data(), 32); + xor_buf(S, m_hash.data(), 32); // 61 rounds of psi S2[ 0] = S[ 2] ^ S[ 6] ^ S[14] ^ S[20] ^ S[22] ^ S[26] ^ S[28] ^ S[30]; @@ -207,7 +207,7 @@ void GOST_34_11::compress_n(const byte input[], size_t blocks) S2[30] = S[ 2] ^ S[ 4] ^ S[ 8] ^ S[14] ^ S[16] ^ S[18] ^ S[22] ^ S[24] ^ S[28] ^ S[30]; S2[31] = S[ 3] ^ S[ 5] ^ S[ 9] ^ S[15] ^ S[17] ^ S[19] ^ S[23] ^ S[25] ^ S[29] ^ S[31]; - copy_mem(hash.data(), S2, 32); + copy_mem(m_hash.data(), S2, 32); } } @@ -216,22 +216,22 @@ void GOST_34_11::compress_n(const byte input[], size_t blocks) */ void GOST_34_11::final_result(byte out[]) { - if(position) + if(m_position) { - clear_mem(buffer.data() + position, buffer.size() - position); - compress_n(buffer.data(), 1); + clear_mem(m_buffer.data() + m_position, m_buffer.size() - m_position); + compress_n(m_buffer.data(), 1); } secure_vector<byte> length_buf(32); - const u64bit bit_count = count * 8; + const u64bit bit_count = m_count * 8; store_le(bit_count, length_buf.data()); - secure_vector<byte> sum_buf = sum; + secure_vector<byte> sum_buf = m_sum; compress_n(length_buf.data(), 1); compress_n(sum_buf.data(), 1); - copy_mem(out, hash.data(), 32); + copy_mem(out, m_hash.data(), 32); clear(); } diff --git a/src/lib/hash/gost_3411/gost_3411.h b/src/lib/hash/gost_3411/gost_3411.h index 2ad96dbdb..16f6a4954 100644 --- a/src/lib/hash/gost_3411/gost_3411.h +++ b/src/lib/hash/gost_3411/gost_3411.h @@ -16,7 +16,7 @@ namespace Botan { /** * GOST 34.11 */ -class BOTAN_DLL GOST_34_11 : public HashFunction +class BOTAN_DLL GOST_34_11 final : public HashFunction { public: std::string name() const override { return "GOST-R-34.11-94" ; } @@ -33,10 +33,10 @@ class BOTAN_DLL GOST_34_11 : public HashFunction void add_data(const byte[], size_t) override; void final_result(byte[]) override; - GOST_28147_89 cipher; - secure_vector<byte> buffer, sum, hash; - size_t position; - u64bit count; + GOST_28147_89 m_cipher; + secure_vector<byte> m_buffer, m_sum, m_hash; + size_t m_position; + u64bit m_count; }; } diff --git a/src/lib/hash/has160/has160.cpp b/src/lib/hash/has160/has160.cpp index 6b12e10ad..114b5f8b5 100644 --- a/src/lib/hash/has160/has160.cpp +++ b/src/lib/hash/has160/has160.cpp @@ -60,78 +60,78 @@ void HAS_160::compress_n(const byte input[], size_t blocks) { using namespace HAS_160_F; - u32bit A = digest[0], B = digest[1], C = digest[2], - D = digest[3], E = digest[4]; + u32bit A = m_digest[0], B = m_digest[1], C = m_digest[2], + D = m_digest[3], E = m_digest[4]; for(size_t i = 0; i != blocks; ++i) { - load_le(X.data(), input, 16); - - X[16] = X[ 0] ^ X[ 1] ^ X[ 2] ^ X[ 3]; - X[17] = X[ 4] ^ X[ 5] ^ X[ 6] ^ X[ 7]; - X[18] = X[ 8] ^ X[ 9] ^ X[10] ^ X[11]; - X[19] = X[12] ^ X[13] ^ X[14] ^ X[15]; - F1(A,B,C,D,E,X[18], 5); F1(E,A,B,C,D,X[ 0],11); - F1(D,E,A,B,C,X[ 1], 7); F1(C,D,E,A,B,X[ 2],15); - F1(B,C,D,E,A,X[ 3], 6); F1(A,B,C,D,E,X[19],13); - F1(E,A,B,C,D,X[ 4], 8); F1(D,E,A,B,C,X[ 5],14); - F1(C,D,E,A,B,X[ 6], 7); F1(B,C,D,E,A,X[ 7],12); - F1(A,B,C,D,E,X[16], 9); F1(E,A,B,C,D,X[ 8],11); - F1(D,E,A,B,C,X[ 9], 8); F1(C,D,E,A,B,X[10],15); - F1(B,C,D,E,A,X[11], 6); F1(A,B,C,D,E,X[17],12); - F1(E,A,B,C,D,X[12], 9); F1(D,E,A,B,C,X[13],14); - F1(C,D,E,A,B,X[14], 5); F1(B,C,D,E,A,X[15],13); - - X[16] = X[ 3] ^ X[ 6] ^ X[ 9] ^ X[12]; - X[17] = X[ 2] ^ X[ 5] ^ X[ 8] ^ X[15]; - X[18] = X[ 1] ^ X[ 4] ^ X[11] ^ X[14]; - X[19] = X[ 0] ^ X[ 7] ^ X[10] ^ X[13]; - F2(A,B,C,D,E,X[18], 5); F2(E,A,B,C,D,X[ 3],11); - F2(D,E,A,B,C,X[ 6], 7); F2(C,D,E,A,B,X[ 9],15); - F2(B,C,D,E,A,X[12], 6); F2(A,B,C,D,E,X[19],13); - F2(E,A,B,C,D,X[15], 8); F2(D,E,A,B,C,X[ 2],14); - F2(C,D,E,A,B,X[ 5], 7); F2(B,C,D,E,A,X[ 8],12); - F2(A,B,C,D,E,X[16], 9); F2(E,A,B,C,D,X[11],11); - F2(D,E,A,B,C,X[14], 8); F2(C,D,E,A,B,X[ 1],15); - F2(B,C,D,E,A,X[ 4], 6); F2(A,B,C,D,E,X[17],12); - F2(E,A,B,C,D,X[ 7], 9); F2(D,E,A,B,C,X[10],14); - F2(C,D,E,A,B,X[13], 5); F2(B,C,D,E,A,X[ 0],13); - - X[16] = X[ 5] ^ X[ 7] ^ X[12] ^ X[14]; - X[17] = X[ 0] ^ X[ 2] ^ X[ 9] ^ X[11]; - X[18] = X[ 4] ^ X[ 6] ^ X[13] ^ X[15]; - X[19] = X[ 1] ^ X[ 3] ^ X[ 8] ^ X[10]; - F3(A,B,C,D,E,X[18], 5); F3(E,A,B,C,D,X[12],11); - F3(D,E,A,B,C,X[ 5], 7); F3(C,D,E,A,B,X[14],15); - F3(B,C,D,E,A,X[ 7], 6); F3(A,B,C,D,E,X[19],13); - F3(E,A,B,C,D,X[ 0], 8); F3(D,E,A,B,C,X[ 9],14); - F3(C,D,E,A,B,X[ 2], 7); F3(B,C,D,E,A,X[11],12); - F3(A,B,C,D,E,X[16], 9); F3(E,A,B,C,D,X[ 4],11); - F3(D,E,A,B,C,X[13], 8); F3(C,D,E,A,B,X[ 6],15); - F3(B,C,D,E,A,X[15], 6); F3(A,B,C,D,E,X[17],12); - F3(E,A,B,C,D,X[ 8], 9); F3(D,E,A,B,C,X[ 1],14); - F3(C,D,E,A,B,X[10], 5); F3(B,C,D,E,A,X[ 3],13); - - X[16] = X[ 2] ^ X[ 7] ^ X[ 8] ^ X[13]; - X[17] = X[ 3] ^ X[ 4] ^ X[ 9] ^ X[14]; - X[18] = X[ 0] ^ X[ 5] ^ X[10] ^ X[15]; - X[19] = X[ 1] ^ X[ 6] ^ X[11] ^ X[12]; - F4(A,B,C,D,E,X[18], 5); F4(E,A,B,C,D,X[ 7],11); - F4(D,E,A,B,C,X[ 2], 7); F4(C,D,E,A,B,X[13],15); - F4(B,C,D,E,A,X[ 8], 6); F4(A,B,C,D,E,X[19],13); - F4(E,A,B,C,D,X[ 3], 8); F4(D,E,A,B,C,X[14],14); - F4(C,D,E,A,B,X[ 9], 7); F4(B,C,D,E,A,X[ 4],12); - F4(A,B,C,D,E,X[16], 9); F4(E,A,B,C,D,X[15],11); - F4(D,E,A,B,C,X[10], 8); F4(C,D,E,A,B,X[ 5],15); - F4(B,C,D,E,A,X[ 0], 6); F4(A,B,C,D,E,X[17],12); - F4(E,A,B,C,D,X[11], 9); F4(D,E,A,B,C,X[ 6],14); - F4(C,D,E,A,B,X[ 1], 5); F4(B,C,D,E,A,X[12],13); - - A = (digest[0] += A); - B = (digest[1] += B); - C = (digest[2] += C); - D = (digest[3] += D); - E = (digest[4] += E); + load_le(m_X.data(), input, 16); + + m_X[16] = m_X[ 0] ^ m_X[ 1] ^ m_X[ 2] ^ m_X[ 3]; + m_X[17] = m_X[ 4] ^ m_X[ 5] ^ m_X[ 6] ^ m_X[ 7]; + m_X[18] = m_X[ 8] ^ m_X[ 9] ^ m_X[10] ^ m_X[11]; + m_X[19] = m_X[12] ^ m_X[13] ^ m_X[14] ^ m_X[15]; + F1(A,B,C,D,E,m_X[18], 5); F1(E,A,B,C,D,m_X[ 0],11); + F1(D,E,A,B,C,m_X[ 1], 7); F1(C,D,E,A,B,m_X[ 2],15); + F1(B,C,D,E,A,m_X[ 3], 6); F1(A,B,C,D,E,m_X[19],13); + F1(E,A,B,C,D,m_X[ 4], 8); F1(D,E,A,B,C,m_X[ 5],14); + F1(C,D,E,A,B,m_X[ 6], 7); F1(B,C,D,E,A,m_X[ 7],12); + F1(A,B,C,D,E,m_X[16], 9); F1(E,A,B,C,D,m_X[ 8],11); + F1(D,E,A,B,C,m_X[ 9], 8); F1(C,D,E,A,B,m_X[10],15); + F1(B,C,D,E,A,m_X[11], 6); F1(A,B,C,D,E,m_X[17],12); + F1(E,A,B,C,D,m_X[12], 9); F1(D,E,A,B,C,m_X[13],14); + F1(C,D,E,A,B,m_X[14], 5); F1(B,C,D,E,A,m_X[15],13); + + m_X[16] = m_X[ 3] ^ m_X[ 6] ^ m_X[ 9] ^ m_X[12]; + m_X[17] = m_X[ 2] ^ m_X[ 5] ^ m_X[ 8] ^ m_X[15]; + m_X[18] = m_X[ 1] ^ m_X[ 4] ^ m_X[11] ^ m_X[14]; + m_X[19] = m_X[ 0] ^ m_X[ 7] ^ m_X[10] ^ m_X[13]; + F2(A,B,C,D,E,m_X[18], 5); F2(E,A,B,C,D,m_X[ 3],11); + F2(D,E,A,B,C,m_X[ 6], 7); F2(C,D,E,A,B,m_X[ 9],15); + F2(B,C,D,E,A,m_X[12], 6); F2(A,B,C,D,E,m_X[19],13); + F2(E,A,B,C,D,m_X[15], 8); F2(D,E,A,B,C,m_X[ 2],14); + F2(C,D,E,A,B,m_X[ 5], 7); F2(B,C,D,E,A,m_X[ 8],12); + F2(A,B,C,D,E,m_X[16], 9); F2(E,A,B,C,D,m_X[11],11); + F2(D,E,A,B,C,m_X[14], 8); F2(C,D,E,A,B,m_X[ 1],15); + F2(B,C,D,E,A,m_X[ 4], 6); F2(A,B,C,D,E,m_X[17],12); + F2(E,A,B,C,D,m_X[ 7], 9); F2(D,E,A,B,C,m_X[10],14); + F2(C,D,E,A,B,m_X[13], 5); F2(B,C,D,E,A,m_X[ 0],13); + + m_X[16] = m_X[ 5] ^ m_X[ 7] ^ m_X[12] ^ m_X[14]; + m_X[17] = m_X[ 0] ^ m_X[ 2] ^ m_X[ 9] ^ m_X[11]; + m_X[18] = m_X[ 4] ^ m_X[ 6] ^ m_X[13] ^ m_X[15]; + m_X[19] = m_X[ 1] ^ m_X[ 3] ^ m_X[ 8] ^ m_X[10]; + F3(A,B,C,D,E,m_X[18], 5); F3(E,A,B,C,D,m_X[12],11); + F3(D,E,A,B,C,m_X[ 5], 7); F3(C,D,E,A,B,m_X[14],15); + F3(B,C,D,E,A,m_X[ 7], 6); F3(A,B,C,D,E,m_X[19],13); + F3(E,A,B,C,D,m_X[ 0], 8); F3(D,E,A,B,C,m_X[ 9],14); + F3(C,D,E,A,B,m_X[ 2], 7); F3(B,C,D,E,A,m_X[11],12); + F3(A,B,C,D,E,m_X[16], 9); F3(E,A,B,C,D,m_X[ 4],11); + F3(D,E,A,B,C,m_X[13], 8); F3(C,D,E,A,B,m_X[ 6],15); + F3(B,C,D,E,A,m_X[15], 6); F3(A,B,C,D,E,m_X[17],12); + F3(E,A,B,C,D,m_X[ 8], 9); F3(D,E,A,B,C,m_X[ 1],14); + F3(C,D,E,A,B,m_X[10], 5); F3(B,C,D,E,A,m_X[ 3],13); + + m_X[16] = m_X[ 2] ^ m_X[ 7] ^ m_X[ 8] ^ m_X[13]; + m_X[17] = m_X[ 3] ^ m_X[ 4] ^ m_X[ 9] ^ m_X[14]; + m_X[18] = m_X[ 0] ^ m_X[ 5] ^ m_X[10] ^ m_X[15]; + m_X[19] = m_X[ 1] ^ m_X[ 6] ^ m_X[11] ^ m_X[12]; + F4(A,B,C,D,E,m_X[18], 5); F4(E,A,B,C,D,m_X[ 7],11); + F4(D,E,A,B,C,m_X[ 2], 7); F4(C,D,E,A,B,m_X[13],15); + F4(B,C,D,E,A,m_X[ 8], 6); F4(A,B,C,D,E,m_X[19],13); + F4(E,A,B,C,D,m_X[ 3], 8); F4(D,E,A,B,C,m_X[14],14); + F4(C,D,E,A,B,m_X[ 9], 7); F4(B,C,D,E,A,m_X[ 4],12); + F4(A,B,C,D,E,m_X[16], 9); F4(E,A,B,C,D,m_X[15],11); + F4(D,E,A,B,C,m_X[10], 8); F4(C,D,E,A,B,m_X[ 5],15); + F4(B,C,D,E,A,m_X[ 0], 6); F4(A,B,C,D,E,m_X[17],12); + F4(E,A,B,C,D,m_X[11], 9); F4(D,E,A,B,C,m_X[ 6],14); + F4(C,D,E,A,B,m_X[ 1], 5); F4(B,C,D,E,A,m_X[12],13); + + A = (m_digest[0] += A); + B = (m_digest[1] += B); + C = (m_digest[2] += C); + D = (m_digest[3] += D); + E = (m_digest[4] += E); input += hash_block_size(); } @@ -142,7 +142,7 @@ void HAS_160::compress_n(const byte input[], size_t blocks) */ void HAS_160::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -151,12 +151,12 @@ void HAS_160::copy_out(byte output[]) void HAS_160::clear() { MDx_HashFunction::clear(); - zeroise(X); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; - digest[4] = 0xC3D2E1F0; + zeroise(m_X); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; + m_digest[4] = 0xC3D2E1F0; } } diff --git a/src/lib/hash/has160/has160.h b/src/lib/hash/has160/has160.h index 75d0bda90..7ef090eb7 100644 --- a/src/lib/hash/has160/has160.h +++ b/src/lib/hash/has160/has160.h @@ -16,7 +16,7 @@ namespace Botan { * HAS-160, a Korean hash function standardized in * TTAS.KO-12.0011/R1. Used in conjunction with KCDSA */ -class BOTAN_DLL HAS_160 : public MDx_HashFunction +class BOTAN_DLL HAS_160 final : public MDx_HashFunction { public: std::string name() const override { return "HAS-160"; } @@ -25,13 +25,13 @@ class BOTAN_DLL HAS_160 : public MDx_HashFunction void clear() override; - HAS_160() : MDx_HashFunction(64, false, true), X(20), digest(5) + HAS_160() : MDx_HashFunction(64, false, true), m_X(20), m_digest(5) { clear(); } private: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; - secure_vector<u32bit> X, digest; + secure_vector<u32bit> m_X, m_digest; }; } diff --git a/src/lib/hash/hash.cpp b/src/lib/hash/hash.cpp index fe210705e..9a15c7998 100644 --- a/src/lib/hash/hash.cpp +++ b/src/lib/hash/hash.cpp @@ -89,12 +89,16 @@ #include <botan/comb4p.h> #endif +#if defined(BOTAN_HAS_BLAKE2B) + #include <botan/blake2b.h> +#endif + namespace Botan { std::unique_ptr<HashFunction> HashFunction::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<HashFunction>(make_a<HashFunction>(algo_spec, provider)); + return std::unique_ptr<HashFunction>(make_a<HashFunction>(Botan::HashFunction::Spec(algo_spec), provider)); } std::vector<std::string> HashFunction::providers(const std::string& algo_spec) @@ -203,4 +207,8 @@ BOTAN_REGISTER_NAMED_T(HashFunction, "Skein-512", Skein_512, Skein_512::make); BOTAN_REGISTER_HASH_NOARGS(Whirlpool); #endif +#if defined(BOTAN_HAS_BLAKE2B) +BOTAN_REGISTER_NAMED_T(HashFunction, "Blake2b", Blake2b, Blake2b::make); +#endif + } diff --git a/src/lib/hash/keccak/keccak.cpp b/src/lib/hash/keccak/keccak.cpp index 39d0c822b..44297dcef 100644 --- a/src/lib/hash/keccak/keccak.cpp +++ b/src/lib/hash/keccak/keccak.cpp @@ -41,30 +41,30 @@ void keccak_f_1600(u64bit A[25]) const u64bit D4 = rotate_left(C4, 1) ^ C2; const u64bit B00 = A[ 0] ^ D1; - const u64bit B01 = rotate_left(A[ 6] ^ D2, 44); - const u64bit B02 = rotate_left(A[12] ^ D3, 43); - const u64bit B03 = rotate_left(A[18] ^ D4, 21); - const u64bit B04 = rotate_left(A[24] ^ D0, 14); - const u64bit B05 = rotate_left(A[ 3] ^ D4, 28); - const u64bit B06 = rotate_left(A[ 9] ^ D0, 20); - const u64bit B07 = rotate_left(A[10] ^ D1, 3); - const u64bit B08 = rotate_left(A[16] ^ D2, 45); - const u64bit B09 = rotate_left(A[22] ^ D3, 61); const u64bit B10 = rotate_left(A[ 1] ^ D2, 1); - const u64bit B11 = rotate_left(A[ 7] ^ D3, 6); - const u64bit B12 = rotate_left(A[13] ^ D4, 25); - const u64bit B13 = rotate_left(A[19] ^ D0, 8); - const u64bit B14 = rotate_left(A[20] ^ D1, 18); + const u64bit B20 = rotate_left(A[ 2] ^ D3, 62); + const u64bit B05 = rotate_left(A[ 3] ^ D4, 28); const u64bit B15 = rotate_left(A[ 4] ^ D0, 27); const u64bit B16 = rotate_left(A[ 5] ^ D1, 36); - const u64bit B17 = rotate_left(A[11] ^ D2, 10); - const u64bit B18 = rotate_left(A[17] ^ D3, 15); - const u64bit B19 = rotate_left(A[23] ^ D4, 56); - const u64bit B20 = rotate_left(A[ 2] ^ D3, 62); + const u64bit B01 = rotate_left(A[ 6] ^ D2, 44); + const u64bit B11 = rotate_left(A[ 7] ^ D3, 6); const u64bit B21 = rotate_left(A[ 8] ^ D4, 55); + const u64bit B06 = rotate_left(A[ 9] ^ D0, 20); + const u64bit B07 = rotate_left(A[10] ^ D1, 3); + const u64bit B17 = rotate_left(A[11] ^ D2, 10); + const u64bit B02 = rotate_left(A[12] ^ D3, 43); + const u64bit B12 = rotate_left(A[13] ^ D4, 25); const u64bit B22 = rotate_left(A[14] ^ D0, 39); const u64bit B23 = rotate_left(A[15] ^ D1, 41); + const u64bit B08 = rotate_left(A[16] ^ D2, 45); + const u64bit B18 = rotate_left(A[17] ^ D3, 15); + const u64bit B03 = rotate_left(A[18] ^ D4, 21); + const u64bit B13 = rotate_left(A[19] ^ D0, 8); + const u64bit B14 = rotate_left(A[20] ^ D1, 18); const u64bit B24 = rotate_left(A[21] ^ D2, 2); + const u64bit B09 = rotate_left(A[22] ^ D3, 61); + const u64bit B19 = rotate_left(A[23] ^ D4, 56); + const u64bit B04 = rotate_left(A[24] ^ D0, 14); A[ 0] = B00 ^ (~B01 & B02); A[ 1] = B01 ^ (~B02 & B03); @@ -99,10 +99,10 @@ void keccak_f_1600(u64bit A[25]) } Keccak_1600::Keccak_1600(size_t output_bits) : - output_bits(output_bits), - bitrate(1600 - 2*output_bits), - S(25), - S_pos(0) + m_output_bits(output_bits), + m_bitrate(1600 - 2*output_bits), + m_S(25), + m_S_pos(0) { // We only support the parameters for the SHA-3 proposal @@ -114,18 +114,18 @@ Keccak_1600::Keccak_1600(size_t output_bits) : std::string Keccak_1600::name() const { - return "Keccak-1600(" + std::to_string(output_bits) + ")"; + return "Keccak-1600(" + std::to_string(m_output_bits) + ")"; } HashFunction* Keccak_1600::clone() const { - return new Keccak_1600(output_bits); + return new Keccak_1600(m_output_bits); } void Keccak_1600::clear() { - zeroise(S); - S_pos = 0; + zeroise(m_S); + m_S_pos = 0; } void Keccak_1600::add_data(const byte input[], size_t length) @@ -135,47 +135,47 @@ void Keccak_1600::add_data(const byte input[], size_t length) while(length) { - size_t to_take = std::min(length, bitrate / 8 - S_pos); + size_t to_take = std::min(length, m_bitrate / 8 - m_S_pos); length -= to_take; - while(to_take && S_pos % 8) + while(to_take && m_S_pos % 8) { - S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8)); + m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); - ++S_pos; + ++m_S_pos; ++input; --to_take; } while(to_take && to_take % 8 == 0) { - S[S_pos / 8] ^= load_le<u64bit>(input, 0); - S_pos += 8; + m_S[m_S_pos / 8] ^= load_le<u64bit>(input, 0); + m_S_pos += 8; input += 8; to_take -= 8; } while(to_take) { - S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8)); + m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); - ++S_pos; + ++m_S_pos; ++input; --to_take; } - if(S_pos == bitrate / 8) + if(m_S_pos == m_bitrate / 8) { - keccak_f_1600(S.data()); - S_pos = 0; + keccak_f_1600(m_S.data()); + m_S_pos = 0; } } } void Keccak_1600::final_result(byte output[]) { - std::vector<byte> padding(bitrate / 8 - S_pos); + std::vector<byte> padding(m_bitrate / 8 - m_S_pos); padding[0] = 0x01; padding[padding.size()-1] |= 0x80; @@ -186,8 +186,8 @@ void Keccak_1600::final_result(byte output[]) * We never have to run the permutation again because we only support * limited output lengths */ - for(size_t i = 0; i != output_bits/8; ++i) - output[i] = get_byte(7 - (i % 8), S[i/8]); + for(size_t i = 0; i != m_output_bits/8; ++i) + output[i] = get_byte(7 - (i % 8), m_S[i/8]); clear(); } diff --git a/src/lib/hash/keccak/keccak.h b/src/lib/hash/keccak/keccak.h index 0e7d3d5d1..a73595d6a 100644 --- a/src/lib/hash/keccak/keccak.h +++ b/src/lib/hash/keccak/keccak.h @@ -17,7 +17,7 @@ namespace Botan { /** * Keccak[1600], a SHA-3 candidate */ -class BOTAN_DLL Keccak_1600 : public HashFunction +class BOTAN_DLL Keccak_1600 final : public HashFunction { public: @@ -25,10 +25,10 @@ class BOTAN_DLL Keccak_1600 : public HashFunction * @param output_bits the size of the hash output; must be one of * 224, 256, 384, or 512 */ - Keccak_1600(size_t output_bits = 512); + explicit Keccak_1600(size_t output_bits = 512); - size_t hash_block_size() const override { return bitrate / 8; } - size_t output_length() const override { return output_bits / 8; } + size_t hash_block_size() const override { return m_bitrate / 8; } + size_t output_length() const override { return m_output_bits / 8; } HashFunction* clone() const override; std::string name() const override; @@ -37,9 +37,9 @@ class BOTAN_DLL Keccak_1600 : public HashFunction void add_data(const byte input[], size_t length) override; void final_result(byte out[]) override; - size_t output_bits, bitrate; - secure_vector<u64bit> S; - size_t S_pos; + size_t m_output_bits, m_bitrate; + secure_vector<u64bit> m_S; + size_t m_S_pos; }; } diff --git a/src/lib/hash/md2/md2.cpp b/src/lib/hash/md2/md2.cpp index 8fe016962..f5e222610 100644 --- a/src/lib/hash/md2/md2.cpp +++ b/src/lib/hash/md2/md2.cpp @@ -38,26 +38,26 @@ void MD2::hash(const byte input[]) 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 }; - buffer_insert(X, 16, input, hash_block_size()); - xor_buf(&X[32], X.data(), &X[16], hash_block_size()); + buffer_insert(m_X, 16, input, hash_block_size()); + xor_buf(&m_X[32], m_X.data(), &m_X[16], hash_block_size()); byte T = 0; for(size_t i = 0; i != 18; ++i) { for(size_t k = 0; k != 48; k += 8) { - T = X[k ] ^= SBOX[T]; T = X[k+1] ^= SBOX[T]; - T = X[k+2] ^= SBOX[T]; T = X[k+3] ^= SBOX[T]; - T = X[k+4] ^= SBOX[T]; T = X[k+5] ^= SBOX[T]; - T = X[k+6] ^= SBOX[T]; T = X[k+7] ^= SBOX[T]; + T = m_X[k ] ^= SBOX[T]; T = m_X[k+1] ^= SBOX[T]; + T = m_X[k+2] ^= SBOX[T]; T = m_X[k+3] ^= SBOX[T]; + T = m_X[k+4] ^= SBOX[T]; T = m_X[k+5] ^= SBOX[T]; + T = m_X[k+6] ^= SBOX[T]; T = m_X[k+7] ^= SBOX[T]; } T += static_cast<byte>(i); } - T = checksum[15]; + T = m_checksum[15]; for(size_t i = 0; i != hash_block_size(); ++i) - T = checksum[i] ^= SBOX[input[i] ^ T]; + T = m_checksum[i] ^= SBOX[input[i] ^ T]; } /** @@ -65,23 +65,23 @@ void MD2::hash(const byte input[]) */ void MD2::add_data(const byte input[], size_t length) { - buffer_insert(buffer, position, input, length); + buffer_insert(m_buffer, m_position, input, length); - if(position + length >= hash_block_size()) + if(m_position + length >= hash_block_size()) { - hash(buffer.data()); - input += (hash_block_size() - position); - length -= (hash_block_size() - position); + hash(m_buffer.data()); + input += (hash_block_size() - m_position); + length -= (hash_block_size() - m_position); while(length >= hash_block_size()) { hash(input); input += hash_block_size(); length -= hash_block_size(); } - copy_mem(buffer.data(), input, length); - position = 0; + copy_mem(m_buffer.data(), input, length); + m_position = 0; } - position += length; + m_position += length; } /** @@ -89,12 +89,12 @@ void MD2::add_data(const byte input[], size_t length) */ void MD2::final_result(byte output[]) { - for(size_t i = position; i != hash_block_size(); ++i) - buffer[i] = static_cast<byte>(hash_block_size() - position); + for(size_t i = m_position; i != hash_block_size(); ++i) + m_buffer[i] = static_cast<byte>(hash_block_size() - m_position); - hash(buffer.data()); - hash(checksum.data()); - copy_mem(output, X.data(), output_length()); + hash(m_buffer.data()); + hash(m_checksum.data()); + copy_mem(output, m_X.data(), output_length()); clear(); } @@ -103,10 +103,10 @@ void MD2::final_result(byte output[]) */ void MD2::clear() { - zeroise(X); - zeroise(checksum); - zeroise(buffer); - position = 0; + zeroise(m_X); + zeroise(m_checksum); + zeroise(m_buffer); + m_position = 0; } } diff --git a/src/lib/hash/md2/md2.h b/src/lib/hash/md2/md2.h index 62f1b8a9f..58629495a 100644 --- a/src/lib/hash/md2/md2.h +++ b/src/lib/hash/md2/md2.h @@ -15,7 +15,7 @@ namespace Botan { /** * MD2 */ -class BOTAN_DLL MD2 : public HashFunction +class BOTAN_DLL MD2 final : public HashFunction { public: std::string name() const override { return "MD2"; } @@ -25,15 +25,15 @@ class BOTAN_DLL MD2 : public HashFunction void clear() override; - MD2() : X(48), checksum(16), buffer(16) + MD2() : m_X(48), m_checksum(16), m_buffer(16), m_position(0) { clear(); } private: void add_data(const byte[], size_t) override; void hash(const byte[]); void final_result(byte[]) override; - secure_vector<byte> X, checksum, buffer; - size_t position; + secure_vector<byte> m_X, m_checksum, m_buffer; + size_t m_position; }; } diff --git a/src/lib/hash/md4/md4.cpp b/src/lib/hash/md4/md4.cpp index 6f4503ac0..d22f2d1ac 100644 --- a/src/lib/hash/md4/md4.cpp +++ b/src/lib/hash/md4/md4.cpp @@ -45,43 +45,43 @@ inline void HH(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S) */ void MD4::compress_n(const byte input[], size_t blocks) { - u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3]; + u32bit A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3]; for(size_t i = 0; i != blocks; ++i) { - load_le(M.data(), input, M.size()); - - FF(A,B,C,D,M[ 0], 3); FF(D,A,B,C,M[ 1], 7); - FF(C,D,A,B,M[ 2],11); FF(B,C,D,A,M[ 3],19); - FF(A,B,C,D,M[ 4], 3); FF(D,A,B,C,M[ 5], 7); - FF(C,D,A,B,M[ 6],11); FF(B,C,D,A,M[ 7],19); - FF(A,B,C,D,M[ 8], 3); FF(D,A,B,C,M[ 9], 7); - FF(C,D,A,B,M[10],11); FF(B,C,D,A,M[11],19); - FF(A,B,C,D,M[12], 3); FF(D,A,B,C,M[13], 7); - FF(C,D,A,B,M[14],11); FF(B,C,D,A,M[15],19); - - GG(A,B,C,D,M[ 0], 3); GG(D,A,B,C,M[ 4], 5); - GG(C,D,A,B,M[ 8], 9); GG(B,C,D,A,M[12],13); - GG(A,B,C,D,M[ 1], 3); GG(D,A,B,C,M[ 5], 5); - GG(C,D,A,B,M[ 9], 9); GG(B,C,D,A,M[13],13); - GG(A,B,C,D,M[ 2], 3); GG(D,A,B,C,M[ 6], 5); - GG(C,D,A,B,M[10], 9); GG(B,C,D,A,M[14],13); - GG(A,B,C,D,M[ 3], 3); GG(D,A,B,C,M[ 7], 5); - GG(C,D,A,B,M[11], 9); GG(B,C,D,A,M[15],13); - - HH(A,B,C,D,M[ 0], 3); HH(D,A,B,C,M[ 8], 9); - HH(C,D,A,B,M[ 4],11); HH(B,C,D,A,M[12],15); - HH(A,B,C,D,M[ 2], 3); HH(D,A,B,C,M[10], 9); - HH(C,D,A,B,M[ 6],11); HH(B,C,D,A,M[14],15); - HH(A,B,C,D,M[ 1], 3); HH(D,A,B,C,M[ 9], 9); - HH(C,D,A,B,M[ 5],11); HH(B,C,D,A,M[13],15); - HH(A,B,C,D,M[ 3], 3); HH(D,A,B,C,M[11], 9); - HH(C,D,A,B,M[ 7],11); HH(B,C,D,A,M[15],15); - - A = (digest[0] += A); - B = (digest[1] += B); - C = (digest[2] += C); - D = (digest[3] += D); + load_le(m_M.data(), input, m_M.size()); + + FF(A,B,C,D,m_M[ 0], 3); FF(D,A,B,C,m_M[ 1], 7); + FF(C,D,A,B,m_M[ 2],11); FF(B,C,D,A,m_M[ 3],19); + FF(A,B,C,D,m_M[ 4], 3); FF(D,A,B,C,m_M[ 5], 7); + FF(C,D,A,B,m_M[ 6],11); FF(B,C,D,A,m_M[ 7],19); + FF(A,B,C,D,m_M[ 8], 3); FF(D,A,B,C,m_M[ 9], 7); + FF(C,D,A,B,m_M[10],11); FF(B,C,D,A,m_M[11],19); + FF(A,B,C,D,m_M[12], 3); FF(D,A,B,C,m_M[13], 7); + FF(C,D,A,B,m_M[14],11); FF(B,C,D,A,m_M[15],19); + + GG(A,B,C,D,m_M[ 0], 3); GG(D,A,B,C,m_M[ 4], 5); + GG(C,D,A,B,m_M[ 8], 9); GG(B,C,D,A,m_M[12],13); + GG(A,B,C,D,m_M[ 1], 3); GG(D,A,B,C,m_M[ 5], 5); + GG(C,D,A,B,m_M[ 9], 9); GG(B,C,D,A,m_M[13],13); + GG(A,B,C,D,m_M[ 2], 3); GG(D,A,B,C,m_M[ 6], 5); + GG(C,D,A,B,m_M[10], 9); GG(B,C,D,A,m_M[14],13); + GG(A,B,C,D,m_M[ 3], 3); GG(D,A,B,C,m_M[ 7], 5); + GG(C,D,A,B,m_M[11], 9); GG(B,C,D,A,m_M[15],13); + + HH(A,B,C,D,m_M[ 0], 3); HH(D,A,B,C,m_M[ 8], 9); + HH(C,D,A,B,m_M[ 4],11); HH(B,C,D,A,m_M[12],15); + HH(A,B,C,D,m_M[ 2], 3); HH(D,A,B,C,m_M[10], 9); + HH(C,D,A,B,m_M[ 6],11); HH(B,C,D,A,m_M[14],15); + HH(A,B,C,D,m_M[ 1], 3); HH(D,A,B,C,m_M[ 9], 9); + HH(C,D,A,B,m_M[ 5],11); HH(B,C,D,A,m_M[13],15); + HH(A,B,C,D,m_M[ 3], 3); HH(D,A,B,C,m_M[11], 9); + HH(C,D,A,B,m_M[ 7],11); HH(B,C,D,A,m_M[15],15); + + A = (m_digest[0] += A); + B = (m_digest[1] += B); + C = (m_digest[2] += C); + D = (m_digest[3] += D); input += hash_block_size(); } @@ -92,7 +92,7 @@ void MD4::compress_n(const byte input[], size_t blocks) */ void MD4::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -101,11 +101,11 @@ void MD4::copy_out(byte output[]) void MD4::clear() { MDx_HashFunction::clear(); - zeroise(M); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; + zeroise(m_M); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; } } diff --git a/src/lib/hash/md4/md4.h b/src/lib/hash/md4/md4.h index 182da4ab2..8b7ab5d70 100644 --- a/src/lib/hash/md4/md4.h +++ b/src/lib/hash/md4/md4.h @@ -15,7 +15,7 @@ namespace Botan { /** * MD4 */ -class BOTAN_DLL MD4 : public MDx_HashFunction +class BOTAN_DLL MD4 final : public MDx_HashFunction { public: std::string name() const override { return "MD4"; } @@ -24,21 +24,22 @@ class BOTAN_DLL MD4 : public MDx_HashFunction void clear() override; - MD4() : MDx_HashFunction(64, false, true), M(16), digest(4) + MD4() : MDx_HashFunction(64, false, true), m_M(16), m_digest(4) { clear(); } protected: void compress_n(const byte input[], size_t blocks) override; void copy_out(byte[]) override; + private: /** - * The message buffer, exposed for use by subclasses (x86 asm) + * The message buffer */ - secure_vector<u32bit> M; + secure_vector<u32bit> m_M; /** - * The digest value, exposed for use by subclasses (x86 asm) + * The digest value */ - secure_vector<u32bit> digest; + secure_vector<u32bit> m_digest; }; } diff --git a/src/lib/hash/md5/md5.cpp b/src/lib/hash/md5/md5.cpp index 89ca52419..439dbde7b 100644 --- a/src/lib/hash/md5/md5.cpp +++ b/src/lib/hash/md5/md5.cpp @@ -58,52 +58,52 @@ inline void II(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg, */ void MD5::compress_n(const byte input[], size_t blocks) { - u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3]; + u32bit A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3]; for(size_t i = 0; i != blocks; ++i) { - load_le(M.data(), input, M.size()); - - FF(A,B,C,D,M[ 0], 7,0xD76AA478); FF(D,A,B,C,M[ 1],12,0xE8C7B756); - FF(C,D,A,B,M[ 2],17,0x242070DB); FF(B,C,D,A,M[ 3],22,0xC1BDCEEE); - FF(A,B,C,D,M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,M[ 5],12,0x4787C62A); - FF(C,D,A,B,M[ 6],17,0xA8304613); FF(B,C,D,A,M[ 7],22,0xFD469501); - FF(A,B,C,D,M[ 8], 7,0x698098D8); FF(D,A,B,C,M[ 9],12,0x8B44F7AF); - FF(C,D,A,B,M[10],17,0xFFFF5BB1); FF(B,C,D,A,M[11],22,0x895CD7BE); - FF(A,B,C,D,M[12], 7,0x6B901122); FF(D,A,B,C,M[13],12,0xFD987193); - FF(C,D,A,B,M[14],17,0xA679438E); FF(B,C,D,A,M[15],22,0x49B40821); - - GG(A,B,C,D,M[ 1], 5,0xF61E2562); GG(D,A,B,C,M[ 6], 9,0xC040B340); - GG(C,D,A,B,M[11],14,0x265E5A51); GG(B,C,D,A,M[ 0],20,0xE9B6C7AA); - GG(A,B,C,D,M[ 5], 5,0xD62F105D); GG(D,A,B,C,M[10], 9,0x02441453); - GG(C,D,A,B,M[15],14,0xD8A1E681); GG(B,C,D,A,M[ 4],20,0xE7D3FBC8); - GG(A,B,C,D,M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,M[14], 9,0xC33707D6); - GG(C,D,A,B,M[ 3],14,0xF4D50D87); GG(B,C,D,A,M[ 8],20,0x455A14ED); - GG(A,B,C,D,M[13], 5,0xA9E3E905); GG(D,A,B,C,M[ 2], 9,0xFCEFA3F8); - GG(C,D,A,B,M[ 7],14,0x676F02D9); GG(B,C,D,A,M[12],20,0x8D2A4C8A); - - HH(A,B,C,D,M[ 5], 4,0xFFFA3942); HH(D,A,B,C,M[ 8],11,0x8771F681); - HH(C,D,A,B,M[11],16,0x6D9D6122); HH(B,C,D,A,M[14],23,0xFDE5380C); - HH(A,B,C,D,M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,M[ 4],11,0x4BDECFA9); - HH(C,D,A,B,M[ 7],16,0xF6BB4B60); HH(B,C,D,A,M[10],23,0xBEBFBC70); - HH(A,B,C,D,M[13], 4,0x289B7EC6); HH(D,A,B,C,M[ 0],11,0xEAA127FA); - HH(C,D,A,B,M[ 3],16,0xD4EF3085); HH(B,C,D,A,M[ 6],23,0x04881D05); - HH(A,B,C,D,M[ 9], 4,0xD9D4D039); HH(D,A,B,C,M[12],11,0xE6DB99E5); - HH(C,D,A,B,M[15],16,0x1FA27CF8); HH(B,C,D,A,M[ 2],23,0xC4AC5665); - - II(A,B,C,D,M[ 0], 6,0xF4292244); II(D,A,B,C,M[ 7],10,0x432AFF97); - II(C,D,A,B,M[14],15,0xAB9423A7); II(B,C,D,A,M[ 5],21,0xFC93A039); - II(A,B,C,D,M[12], 6,0x655B59C3); II(D,A,B,C,M[ 3],10,0x8F0CCC92); - II(C,D,A,B,M[10],15,0xFFEFF47D); II(B,C,D,A,M[ 1],21,0x85845DD1); - II(A,B,C,D,M[ 8], 6,0x6FA87E4F); II(D,A,B,C,M[15],10,0xFE2CE6E0); - II(C,D,A,B,M[ 6],15,0xA3014314); II(B,C,D,A,M[13],21,0x4E0811A1); - II(A,B,C,D,M[ 4], 6,0xF7537E82); II(D,A,B,C,M[11],10,0xBD3AF235); - II(C,D,A,B,M[ 2],15,0x2AD7D2BB); II(B,C,D,A,M[ 9],21,0xEB86D391); - - A = (digest[0] += A); - B = (digest[1] += B); - C = (digest[2] += C); - D = (digest[3] += D); + load_le(m_M.data(), input, m_M.size()); + + FF(A,B,C,D,m_M[ 0], 7,0xD76AA478); FF(D,A,B,C,m_M[ 1],12,0xE8C7B756); + FF(C,D,A,B,m_M[ 2],17,0x242070DB); FF(B,C,D,A,m_M[ 3],22,0xC1BDCEEE); + FF(A,B,C,D,m_M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,m_M[ 5],12,0x4787C62A); + FF(C,D,A,B,m_M[ 6],17,0xA8304613); FF(B,C,D,A,m_M[ 7],22,0xFD469501); + FF(A,B,C,D,m_M[ 8], 7,0x698098D8); FF(D,A,B,C,m_M[ 9],12,0x8B44F7AF); + FF(C,D,A,B,m_M[10],17,0xFFFF5BB1); FF(B,C,D,A,m_M[11],22,0x895CD7BE); + FF(A,B,C,D,m_M[12], 7,0x6B901122); FF(D,A,B,C,m_M[13],12,0xFD987193); + FF(C,D,A,B,m_M[14],17,0xA679438E); FF(B,C,D,A,m_M[15],22,0x49B40821); + + GG(A,B,C,D,m_M[ 1], 5,0xF61E2562); GG(D,A,B,C,m_M[ 6], 9,0xC040B340); + GG(C,D,A,B,m_M[11],14,0x265E5A51); GG(B,C,D,A,m_M[ 0],20,0xE9B6C7AA); + GG(A,B,C,D,m_M[ 5], 5,0xD62F105D); GG(D,A,B,C,m_M[10], 9,0x02441453); + GG(C,D,A,B,m_M[15],14,0xD8A1E681); GG(B,C,D,A,m_M[ 4],20,0xE7D3FBC8); + GG(A,B,C,D,m_M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,m_M[14], 9,0xC33707D6); + GG(C,D,A,B,m_M[ 3],14,0xF4D50D87); GG(B,C,D,A,m_M[ 8],20,0x455A14ED); + GG(A,B,C,D,m_M[13], 5,0xA9E3E905); GG(D,A,B,C,m_M[ 2], 9,0xFCEFA3F8); + GG(C,D,A,B,m_M[ 7],14,0x676F02D9); GG(B,C,D,A,m_M[12],20,0x8D2A4C8A); + + HH(A,B,C,D,m_M[ 5], 4,0xFFFA3942); HH(D,A,B,C,m_M[ 8],11,0x8771F681); + HH(C,D,A,B,m_M[11],16,0x6D9D6122); HH(B,C,D,A,m_M[14],23,0xFDE5380C); + HH(A,B,C,D,m_M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,m_M[ 4],11,0x4BDECFA9); + HH(C,D,A,B,m_M[ 7],16,0xF6BB4B60); HH(B,C,D,A,m_M[10],23,0xBEBFBC70); + HH(A,B,C,D,m_M[13], 4,0x289B7EC6); HH(D,A,B,C,m_M[ 0],11,0xEAA127FA); + HH(C,D,A,B,m_M[ 3],16,0xD4EF3085); HH(B,C,D,A,m_M[ 6],23,0x04881D05); + HH(A,B,C,D,m_M[ 9], 4,0xD9D4D039); HH(D,A,B,C,m_M[12],11,0xE6DB99E5); + HH(C,D,A,B,m_M[15],16,0x1FA27CF8); HH(B,C,D,A,m_M[ 2],23,0xC4AC5665); + + II(A,B,C,D,m_M[ 0], 6,0xF4292244); II(D,A,B,C,m_M[ 7],10,0x432AFF97); + II(C,D,A,B,m_M[14],15,0xAB9423A7); II(B,C,D,A,m_M[ 5],21,0xFC93A039); + II(A,B,C,D,m_M[12], 6,0x655B59C3); II(D,A,B,C,m_M[ 3],10,0x8F0CCC92); + II(C,D,A,B,m_M[10],15,0xFFEFF47D); II(B,C,D,A,m_M[ 1],21,0x85845DD1); + II(A,B,C,D,m_M[ 8], 6,0x6FA87E4F); II(D,A,B,C,m_M[15],10,0xFE2CE6E0); + II(C,D,A,B,m_M[ 6],15,0xA3014314); II(B,C,D,A,m_M[13],21,0x4E0811A1); + II(A,B,C,D,m_M[ 4], 6,0xF7537E82); II(D,A,B,C,m_M[11],10,0xBD3AF235); + II(C,D,A,B,m_M[ 2],15,0x2AD7D2BB); II(B,C,D,A,m_M[ 9],21,0xEB86D391); + + A = (m_digest[0] += A); + B = (m_digest[1] += B); + C = (m_digest[2] += C); + D = (m_digest[3] += D); input += hash_block_size(); } @@ -114,7 +114,7 @@ void MD5::compress_n(const byte input[], size_t blocks) */ void MD5::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -123,11 +123,11 @@ void MD5::copy_out(byte output[]) void MD5::clear() { MDx_HashFunction::clear(); - zeroise(M); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; + zeroise(m_M); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; } } diff --git a/src/lib/hash/md5/md5.h b/src/lib/hash/md5/md5.h index 9c5e548c0..bbeffee50 100644 --- a/src/lib/hash/md5/md5.h +++ b/src/lib/hash/md5/md5.h @@ -15,7 +15,7 @@ namespace Botan { /** * MD5 */ -class BOTAN_DLL MD5 : public MDx_HashFunction +class BOTAN_DLL MD5 final : public MDx_HashFunction { public: std::string name() const override { return "MD5"; } @@ -24,21 +24,22 @@ class BOTAN_DLL MD5 : public MDx_HashFunction void clear() override; - MD5() : MDx_HashFunction(64, false, true), M(16), digest(4) + MD5() : MDx_HashFunction(64, false, true), m_M(16), m_digest(4) { clear(); } protected: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; + private: /** - * The message buffer, exposed for use by subclasses (x86 asm) + * The message buffer */ - secure_vector<u32bit> M; + secure_vector<u32bit> m_M; /** - * The digest value, exposed for use by subclasses (x86 asm) + * The digest value */ - secure_vector<u32bit> digest; + secure_vector<u32bit> m_digest; }; } diff --git a/src/lib/hash/mdx_hash/mdx_hash.cpp b/src/lib/hash/mdx_hash/mdx_hash.cpp index bd754d3cc..f21b4ac34 100644 --- a/src/lib/hash/mdx_hash/mdx_hash.cpp +++ b/src/lib/hash/mdx_hash/mdx_hash.cpp @@ -18,12 +18,12 @@ MDx_HashFunction::MDx_HashFunction(size_t block_len, bool byte_end, bool bit_end, size_t cnt_size) : - buffer(block_len), + m_buffer(block_len), BIG_BYTE_ENDIAN(byte_end), BIG_BIT_ENDIAN(bit_end), COUNT_SIZE(cnt_size) { - count = position = 0; + m_count = m_position = 0; } /* @@ -31,8 +31,8 @@ MDx_HashFunction::MDx_HashFunction(size_t block_len, */ void MDx_HashFunction::clear() { - zeroise(buffer); - count = position = 0; + zeroise(m_buffer); + m_count = m_position = 0; } /* @@ -40,29 +40,29 @@ void MDx_HashFunction::clear() */ void MDx_HashFunction::add_data(const byte input[], size_t length) { - count += length; + m_count += length; - if(position) + if(m_position) { - buffer_insert(buffer, position, input, length); + buffer_insert(m_buffer, m_position, input, length); - if(position + length >= buffer.size()) + if(m_position + length >= m_buffer.size()) { - compress_n(buffer.data(), 1); - input += (buffer.size() - position); - length -= (buffer.size() - position); - position = 0; + compress_n(m_buffer.data(), 1); + input += (m_buffer.size() - m_position); + length -= (m_buffer.size() - m_position); + m_position = 0; } } - const size_t full_blocks = length / buffer.size(); - const size_t remaining = length % buffer.size(); + const size_t full_blocks = length / m_buffer.size(); + const size_t remaining = length % m_buffer.size(); if(full_blocks) compress_n(input, full_blocks); - buffer_insert(buffer, position, input + full_blocks * buffer.size(), remaining); - position += remaining; + buffer_insert(m_buffer, m_position, input + full_blocks * m_buffer.size(), remaining); + m_position += remaining; } /* @@ -70,19 +70,19 @@ void MDx_HashFunction::add_data(const byte input[], size_t length) */ void MDx_HashFunction::final_result(byte output[]) { - buffer[position] = (BIG_BIT_ENDIAN ? 0x80 : 0x01); - for(size_t i = position+1; i != buffer.size(); ++i) - buffer[i] = 0; + m_buffer[m_position] = (BIG_BIT_ENDIAN ? 0x80 : 0x01); + for(size_t i = m_position+1; i != m_buffer.size(); ++i) + m_buffer[i] = 0; - if(position >= buffer.size() - COUNT_SIZE) + if(m_position >= m_buffer.size() - COUNT_SIZE) { - compress_n(buffer.data(), 1); - zeroise(buffer); + compress_n(m_buffer.data(), 1); + zeroise(m_buffer); } - write_count(&buffer[buffer.size() - COUNT_SIZE]); + write_count(&m_buffer[m_buffer.size() - COUNT_SIZE]); - compress_n(buffer.data(), 1); + compress_n(m_buffer.data(), 1); copy_out(output); clear(); } @@ -97,7 +97,7 @@ void MDx_HashFunction::write_count(byte out[]) if(COUNT_SIZE >= output_length() || COUNT_SIZE >= hash_block_size()) throw Invalid_Argument("MDx_HashFunction: COUNT_SIZE is too big"); - const u64bit bit_count = count * 8; + const u64bit bit_count = m_count * 8; if(BIG_BYTE_ENDIAN) store_be(bit_count, out + COUNT_SIZE - 8); diff --git a/src/lib/hash/mdx_hash/mdx_hash.h b/src/lib/hash/mdx_hash/mdx_hash.h index 2652d9ea6..4b2f9bad0 100644 --- a/src/lib/hash/mdx_hash/mdx_hash.h +++ b/src/lib/hash/mdx_hash/mdx_hash.h @@ -29,7 +29,7 @@ class BOTAN_DLL MDx_HashFunction : public HashFunction bool big_bit_endian, size_t counter_size = 8); - size_t hash_block_size() const override { return buffer.size(); } + size_t hash_block_size() const override { return m_buffer.size(); } protected: void add_data(const byte input[], size_t length) override; void final_result(byte output[]) override; @@ -55,9 +55,9 @@ class BOTAN_DLL MDx_HashFunction : public HashFunction */ virtual void write_count(byte out[]); private: - secure_vector<byte> buffer; - u64bit count; - size_t position; + secure_vector<byte> m_buffer; + u64bit m_count; + size_t m_position; const bool BIG_BYTE_ENDIAN, BIG_BIT_ENDIAN; const size_t COUNT_SIZE; diff --git a/src/lib/hash/par_hash/par_hash.cpp b/src/lib/hash/par_hash/par_hash.cpp index 5e970ab13..5645a99c7 100644 --- a/src/lib/hash/par_hash/par_hash.cpp +++ b/src/lib/hash/par_hash/par_hash.cpp @@ -12,24 +12,24 @@ namespace Botan { Parallel* Parallel::make(const Spec& spec) { - std::vector<std::unique_ptr<HashFunction>> hashes; + std::vector<std::unique_ptr<HashFunction>> m_hashes; for(size_t i = 0; i != spec.arg_count(); ++i) { auto h = HashFunction::create(spec.arg(i)); if(!h) return nullptr; - hashes.push_back(std::move(h)); + m_hashes.push_back(std::move(h)); } Parallel* p = new Parallel; - std::swap(p->hashes, hashes); + std::swap(p->m_hashes, m_hashes); return p; } void Parallel::add_data(const byte input[], size_t length) { - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) hash->update(input, length); } @@ -37,7 +37,7 @@ void Parallel::final_result(byte out[]) { u32bit offset = 0; - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) { hash->final(out + offset); offset += hash->output_length(); @@ -48,7 +48,7 @@ size_t Parallel::output_length() const { size_t sum = 0; - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) sum += hash->output_length(); return sum; } @@ -57,7 +57,7 @@ std::string Parallel::name() const { std::vector<std::string> names; - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) names.push_back(hash->name()); return "Parallel(" + string_join(names, ',') + ")"; @@ -67,7 +67,7 @@ HashFunction* Parallel::clone() const { std::vector<HashFunction*> hash_copies; - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) hash_copies.push_back(hash->clone()); return new Parallel(hash_copies); @@ -75,7 +75,7 @@ HashFunction* Parallel::clone() const void Parallel::clear() { - for(auto&& hash : hashes) + for(auto&& hash : m_hashes) hash->clear(); } @@ -84,7 +84,7 @@ Parallel::Parallel(const std::vector<HashFunction*>& in) for(size_t i = 0; i != in.size(); ++i) { std::unique_ptr<HashFunction> h(in[i]->clone()); - hashes.push_back(std::move(h)); + m_hashes.push_back(std::move(h)); } } diff --git a/src/lib/hash/par_hash/par_hash.h b/src/lib/hash/par_hash/par_hash.h index 0410e6826..3a93f4e8e 100644 --- a/src/lib/hash/par_hash/par_hash.h +++ b/src/lib/hash/par_hash/par_hash.h @@ -16,7 +16,7 @@ namespace Botan { /** * Parallel Hashes */ -class BOTAN_DLL Parallel : public HashFunction +class BOTAN_DLL Parallel final : public HashFunction { public: void clear() override; @@ -28,7 +28,7 @@ class BOTAN_DLL Parallel : public HashFunction /** * @param hashes a set of hashes to compute in parallel */ - Parallel(const std::vector<HashFunction*>& hashes); + explicit Parallel(const std::vector<HashFunction*>& hashes); Parallel(const Parallel&) = delete; Parallel& operator=(const Parallel&) = delete; @@ -40,7 +40,7 @@ class BOTAN_DLL Parallel : public HashFunction void add_data(const byte[], size_t) override; void final_result(byte[]) override; - std::vector<std::unique_ptr<HashFunction>> hashes; + std::vector<std::unique_ptr<HashFunction>> m_hashes; }; } diff --git a/src/lib/hash/rmd128/rmd128.cpp b/src/lib/hash/rmd128/rmd128.cpp index 394bf2acf..e520fa0c3 100644 --- a/src/lib/hash/rmd128/rmd128.cpp +++ b/src/lib/hash/rmd128/rmd128.cpp @@ -66,84 +66,84 @@ void RIPEMD_128::compress_n(const byte input[], size_t blocks) for(size_t i = 0; i != blocks; ++i) { - load_le(M.data(), input, M.size()); - - u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1, - C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1; - - F1(A1,B1,C1,D1,M[ 0],11 ); F4(A2,B2,C2,D2,M[ 5], 8,MAGIC5); - F1(D1,A1,B1,C1,M[ 1],14 ); F4(D2,A2,B2,C2,M[14], 9,MAGIC5); - F1(C1,D1,A1,B1,M[ 2],15 ); F4(C2,D2,A2,B2,M[ 7], 9,MAGIC5); - F1(B1,C1,D1,A1,M[ 3],12 ); F4(B2,C2,D2,A2,M[ 0],11,MAGIC5); - F1(A1,B1,C1,D1,M[ 4], 5 ); F4(A2,B2,C2,D2,M[ 9],13,MAGIC5); - F1(D1,A1,B1,C1,M[ 5], 8 ); F4(D2,A2,B2,C2,M[ 2],15,MAGIC5); - F1(C1,D1,A1,B1,M[ 6], 7 ); F4(C2,D2,A2,B2,M[11],15,MAGIC5); - F1(B1,C1,D1,A1,M[ 7], 9 ); F4(B2,C2,D2,A2,M[ 4], 5,MAGIC5); - F1(A1,B1,C1,D1,M[ 8],11 ); F4(A2,B2,C2,D2,M[13], 7,MAGIC5); - F1(D1,A1,B1,C1,M[ 9],13 ); F4(D2,A2,B2,C2,M[ 6], 7,MAGIC5); - F1(C1,D1,A1,B1,M[10],14 ); F4(C2,D2,A2,B2,M[15], 8,MAGIC5); - F1(B1,C1,D1,A1,M[11],15 ); F4(B2,C2,D2,A2,M[ 8],11,MAGIC5); - F1(A1,B1,C1,D1,M[12], 6 ); F4(A2,B2,C2,D2,M[ 1],14,MAGIC5); - F1(D1,A1,B1,C1,M[13], 7 ); F4(D2,A2,B2,C2,M[10],14,MAGIC5); - F1(C1,D1,A1,B1,M[14], 9 ); F4(C2,D2,A2,B2,M[ 3],12,MAGIC5); - F1(B1,C1,D1,A1,M[15], 8 ); F4(B2,C2,D2,A2,M[12], 6,MAGIC5); - - F2(A1,B1,C1,D1,M[ 7], 7,MAGIC2); F3(A2,B2,C2,D2,M[ 6], 9,MAGIC6); - F2(D1,A1,B1,C1,M[ 4], 6,MAGIC2); F3(D2,A2,B2,C2,M[11],13,MAGIC6); - F2(C1,D1,A1,B1,M[13], 8,MAGIC2); F3(C2,D2,A2,B2,M[ 3],15,MAGIC6); - F2(B1,C1,D1,A1,M[ 1],13,MAGIC2); F3(B2,C2,D2,A2,M[ 7], 7,MAGIC6); - F2(A1,B1,C1,D1,M[10],11,MAGIC2); F3(A2,B2,C2,D2,M[ 0],12,MAGIC6); - F2(D1,A1,B1,C1,M[ 6], 9,MAGIC2); F3(D2,A2,B2,C2,M[13], 8,MAGIC6); - F2(C1,D1,A1,B1,M[15], 7,MAGIC2); F3(C2,D2,A2,B2,M[ 5], 9,MAGIC6); - F2(B1,C1,D1,A1,M[ 3],15,MAGIC2); F3(B2,C2,D2,A2,M[10],11,MAGIC6); - F2(A1,B1,C1,D1,M[12], 7,MAGIC2); F3(A2,B2,C2,D2,M[14], 7,MAGIC6); - F2(D1,A1,B1,C1,M[ 0],12,MAGIC2); F3(D2,A2,B2,C2,M[15], 7,MAGIC6); - F2(C1,D1,A1,B1,M[ 9],15,MAGIC2); F3(C2,D2,A2,B2,M[ 8],12,MAGIC6); - F2(B1,C1,D1,A1,M[ 5], 9,MAGIC2); F3(B2,C2,D2,A2,M[12], 7,MAGIC6); - F2(A1,B1,C1,D1,M[ 2],11,MAGIC2); F3(A2,B2,C2,D2,M[ 4], 6,MAGIC6); - F2(D1,A1,B1,C1,M[14], 7,MAGIC2); F3(D2,A2,B2,C2,M[ 9],15,MAGIC6); - F2(C1,D1,A1,B1,M[11],13,MAGIC2); F3(C2,D2,A2,B2,M[ 1],13,MAGIC6); - F2(B1,C1,D1,A1,M[ 8],12,MAGIC2); F3(B2,C2,D2,A2,M[ 2],11,MAGIC6); - - F3(A1,B1,C1,D1,M[ 3],11,MAGIC3); F2(A2,B2,C2,D2,M[15], 9,MAGIC7); - F3(D1,A1,B1,C1,M[10],13,MAGIC3); F2(D2,A2,B2,C2,M[ 5], 7,MAGIC7); - F3(C1,D1,A1,B1,M[14], 6,MAGIC3); F2(C2,D2,A2,B2,M[ 1],15,MAGIC7); - F3(B1,C1,D1,A1,M[ 4], 7,MAGIC3); F2(B2,C2,D2,A2,M[ 3],11,MAGIC7); - F3(A1,B1,C1,D1,M[ 9],14,MAGIC3); F2(A2,B2,C2,D2,M[ 7], 8,MAGIC7); - F3(D1,A1,B1,C1,M[15], 9,MAGIC3); F2(D2,A2,B2,C2,M[14], 6,MAGIC7); - F3(C1,D1,A1,B1,M[ 8],13,MAGIC3); F2(C2,D2,A2,B2,M[ 6], 6,MAGIC7); - F3(B1,C1,D1,A1,M[ 1],15,MAGIC3); F2(B2,C2,D2,A2,M[ 9],14,MAGIC7); - F3(A1,B1,C1,D1,M[ 2],14,MAGIC3); F2(A2,B2,C2,D2,M[11],12,MAGIC7); - F3(D1,A1,B1,C1,M[ 7], 8,MAGIC3); F2(D2,A2,B2,C2,M[ 8],13,MAGIC7); - F3(C1,D1,A1,B1,M[ 0],13,MAGIC3); F2(C2,D2,A2,B2,M[12], 5,MAGIC7); - F3(B1,C1,D1,A1,M[ 6], 6,MAGIC3); F2(B2,C2,D2,A2,M[ 2],14,MAGIC7); - F3(A1,B1,C1,D1,M[13], 5,MAGIC3); F2(A2,B2,C2,D2,M[10],13,MAGIC7); - F3(D1,A1,B1,C1,M[11],12,MAGIC3); F2(D2,A2,B2,C2,M[ 0],13,MAGIC7); - F3(C1,D1,A1,B1,M[ 5], 7,MAGIC3); F2(C2,D2,A2,B2,M[ 4], 7,MAGIC7); - F3(B1,C1,D1,A1,M[12], 5,MAGIC3); F2(B2,C2,D2,A2,M[13], 5,MAGIC7); - - F4(A1,B1,C1,D1,M[ 1],11,MAGIC4); F1(A2,B2,C2,D2,M[ 8],15 ); - F4(D1,A1,B1,C1,M[ 9],12,MAGIC4); F1(D2,A2,B2,C2,M[ 6], 5 ); - F4(C1,D1,A1,B1,M[11],14,MAGIC4); F1(C2,D2,A2,B2,M[ 4], 8 ); - F4(B1,C1,D1,A1,M[10],15,MAGIC4); F1(B2,C2,D2,A2,M[ 1],11 ); - F4(A1,B1,C1,D1,M[ 0],14,MAGIC4); F1(A2,B2,C2,D2,M[ 3],14 ); - F4(D1,A1,B1,C1,M[ 8],15,MAGIC4); F1(D2,A2,B2,C2,M[11],14 ); - F4(C1,D1,A1,B1,M[12], 9,MAGIC4); F1(C2,D2,A2,B2,M[15], 6 ); - F4(B1,C1,D1,A1,M[ 4], 8,MAGIC4); F1(B2,C2,D2,A2,M[ 0],14 ); - F4(A1,B1,C1,D1,M[13], 9,MAGIC4); F1(A2,B2,C2,D2,M[ 5], 6 ); - F4(D1,A1,B1,C1,M[ 3],14,MAGIC4); F1(D2,A2,B2,C2,M[12], 9 ); - F4(C1,D1,A1,B1,M[ 7], 5,MAGIC4); F1(C2,D2,A2,B2,M[ 2],12 ); - F4(B1,C1,D1,A1,M[15], 6,MAGIC4); F1(B2,C2,D2,A2,M[13], 9 ); - F4(A1,B1,C1,D1,M[14], 8,MAGIC4); F1(A2,B2,C2,D2,M[ 9],12 ); - F4(D1,A1,B1,C1,M[ 5], 6,MAGIC4); F1(D2,A2,B2,C2,M[ 7], 5 ); - F4(C1,D1,A1,B1,M[ 6], 5,MAGIC4); F1(C2,D2,A2,B2,M[10],15 ); - F4(B1,C1,D1,A1,M[ 2],12,MAGIC4); F1(B2,C2,D2,A2,M[14], 8 ); - - D2 = digest[1] + C1 + D2; - digest[1] = digest[2] + D1 + A2; - digest[2] = digest[3] + A1 + B2; - digest[3] = digest[0] + B1 + C2; - digest[0] = D2; + load_le(m_M.data(), input, m_M.size()); + + u32bit A1 = m_digest[0], A2 = A1, B1 = m_digest[1], B2 = B1, + C1 = m_digest[2], C2 = C1, D1 = m_digest[3], D2 = D1; + + F1(A1,B1,C1,D1,m_M[ 0],11 ); F4(A2,B2,C2,D2,m_M[ 5], 8,MAGIC5); + F1(D1,A1,B1,C1,m_M[ 1],14 ); F4(D2,A2,B2,C2,m_M[14], 9,MAGIC5); + F1(C1,D1,A1,B1,m_M[ 2],15 ); F4(C2,D2,A2,B2,m_M[ 7], 9,MAGIC5); + F1(B1,C1,D1,A1,m_M[ 3],12 ); F4(B2,C2,D2,A2,m_M[ 0],11,MAGIC5); + F1(A1,B1,C1,D1,m_M[ 4], 5 ); F4(A2,B2,C2,D2,m_M[ 9],13,MAGIC5); + F1(D1,A1,B1,C1,m_M[ 5], 8 ); F4(D2,A2,B2,C2,m_M[ 2],15,MAGIC5); + F1(C1,D1,A1,B1,m_M[ 6], 7 ); F4(C2,D2,A2,B2,m_M[11],15,MAGIC5); + F1(B1,C1,D1,A1,m_M[ 7], 9 ); F4(B2,C2,D2,A2,m_M[ 4], 5,MAGIC5); + F1(A1,B1,C1,D1,m_M[ 8],11 ); F4(A2,B2,C2,D2,m_M[13], 7,MAGIC5); + F1(D1,A1,B1,C1,m_M[ 9],13 ); F4(D2,A2,B2,C2,m_M[ 6], 7,MAGIC5); + F1(C1,D1,A1,B1,m_M[10],14 ); F4(C2,D2,A2,B2,m_M[15], 8,MAGIC5); + F1(B1,C1,D1,A1,m_M[11],15 ); F4(B2,C2,D2,A2,m_M[ 8],11,MAGIC5); + F1(A1,B1,C1,D1,m_M[12], 6 ); F4(A2,B2,C2,D2,m_M[ 1],14,MAGIC5); + F1(D1,A1,B1,C1,m_M[13], 7 ); F4(D2,A2,B2,C2,m_M[10],14,MAGIC5); + F1(C1,D1,A1,B1,m_M[14], 9 ); F4(C2,D2,A2,B2,m_M[ 3],12,MAGIC5); + F1(B1,C1,D1,A1,m_M[15], 8 ); F4(B2,C2,D2,A2,m_M[12], 6,MAGIC5); + + F2(A1,B1,C1,D1,m_M[ 7], 7,MAGIC2); F3(A2,B2,C2,D2,m_M[ 6], 9,MAGIC6); + F2(D1,A1,B1,C1,m_M[ 4], 6,MAGIC2); F3(D2,A2,B2,C2,m_M[11],13,MAGIC6); + F2(C1,D1,A1,B1,m_M[13], 8,MAGIC2); F3(C2,D2,A2,B2,m_M[ 3],15,MAGIC6); + F2(B1,C1,D1,A1,m_M[ 1],13,MAGIC2); F3(B2,C2,D2,A2,m_M[ 7], 7,MAGIC6); + F2(A1,B1,C1,D1,m_M[10],11,MAGIC2); F3(A2,B2,C2,D2,m_M[ 0],12,MAGIC6); + F2(D1,A1,B1,C1,m_M[ 6], 9,MAGIC2); F3(D2,A2,B2,C2,m_M[13], 8,MAGIC6); + F2(C1,D1,A1,B1,m_M[15], 7,MAGIC2); F3(C2,D2,A2,B2,m_M[ 5], 9,MAGIC6); + F2(B1,C1,D1,A1,m_M[ 3],15,MAGIC2); F3(B2,C2,D2,A2,m_M[10],11,MAGIC6); + F2(A1,B1,C1,D1,m_M[12], 7,MAGIC2); F3(A2,B2,C2,D2,m_M[14], 7,MAGIC6); + F2(D1,A1,B1,C1,m_M[ 0],12,MAGIC2); F3(D2,A2,B2,C2,m_M[15], 7,MAGIC6); + F2(C1,D1,A1,B1,m_M[ 9],15,MAGIC2); F3(C2,D2,A2,B2,m_M[ 8],12,MAGIC6); + F2(B1,C1,D1,A1,m_M[ 5], 9,MAGIC2); F3(B2,C2,D2,A2,m_M[12], 7,MAGIC6); + F2(A1,B1,C1,D1,m_M[ 2],11,MAGIC2); F3(A2,B2,C2,D2,m_M[ 4], 6,MAGIC6); + F2(D1,A1,B1,C1,m_M[14], 7,MAGIC2); F3(D2,A2,B2,C2,m_M[ 9],15,MAGIC6); + F2(C1,D1,A1,B1,m_M[11],13,MAGIC2); F3(C2,D2,A2,B2,m_M[ 1],13,MAGIC6); + F2(B1,C1,D1,A1,m_M[ 8],12,MAGIC2); F3(B2,C2,D2,A2,m_M[ 2],11,MAGIC6); + + F3(A1,B1,C1,D1,m_M[ 3],11,MAGIC3); F2(A2,B2,C2,D2,m_M[15], 9,MAGIC7); + F3(D1,A1,B1,C1,m_M[10],13,MAGIC3); F2(D2,A2,B2,C2,m_M[ 5], 7,MAGIC7); + F3(C1,D1,A1,B1,m_M[14], 6,MAGIC3); F2(C2,D2,A2,B2,m_M[ 1],15,MAGIC7); + F3(B1,C1,D1,A1,m_M[ 4], 7,MAGIC3); F2(B2,C2,D2,A2,m_M[ 3],11,MAGIC7); + F3(A1,B1,C1,D1,m_M[ 9],14,MAGIC3); F2(A2,B2,C2,D2,m_M[ 7], 8,MAGIC7); + F3(D1,A1,B1,C1,m_M[15], 9,MAGIC3); F2(D2,A2,B2,C2,m_M[14], 6,MAGIC7); + F3(C1,D1,A1,B1,m_M[ 8],13,MAGIC3); F2(C2,D2,A2,B2,m_M[ 6], 6,MAGIC7); + F3(B1,C1,D1,A1,m_M[ 1],15,MAGIC3); F2(B2,C2,D2,A2,m_M[ 9],14,MAGIC7); + F3(A1,B1,C1,D1,m_M[ 2],14,MAGIC3); F2(A2,B2,C2,D2,m_M[11],12,MAGIC7); + F3(D1,A1,B1,C1,m_M[ 7], 8,MAGIC3); F2(D2,A2,B2,C2,m_M[ 8],13,MAGIC7); + F3(C1,D1,A1,B1,m_M[ 0],13,MAGIC3); F2(C2,D2,A2,B2,m_M[12], 5,MAGIC7); + F3(B1,C1,D1,A1,m_M[ 6], 6,MAGIC3); F2(B2,C2,D2,A2,m_M[ 2],14,MAGIC7); + F3(A1,B1,C1,D1,m_M[13], 5,MAGIC3); F2(A2,B2,C2,D2,m_M[10],13,MAGIC7); + F3(D1,A1,B1,C1,m_M[11],12,MAGIC3); F2(D2,A2,B2,C2,m_M[ 0],13,MAGIC7); + F3(C1,D1,A1,B1,m_M[ 5], 7,MAGIC3); F2(C2,D2,A2,B2,m_M[ 4], 7,MAGIC7); + F3(B1,C1,D1,A1,m_M[12], 5,MAGIC3); F2(B2,C2,D2,A2,m_M[13], 5,MAGIC7); + + F4(A1,B1,C1,D1,m_M[ 1],11,MAGIC4); F1(A2,B2,C2,D2,m_M[ 8],15 ); + F4(D1,A1,B1,C1,m_M[ 9],12,MAGIC4); F1(D2,A2,B2,C2,m_M[ 6], 5 ); + F4(C1,D1,A1,B1,m_M[11],14,MAGIC4); F1(C2,D2,A2,B2,m_M[ 4], 8 ); + F4(B1,C1,D1,A1,m_M[10],15,MAGIC4); F1(B2,C2,D2,A2,m_M[ 1],11 ); + F4(A1,B1,C1,D1,m_M[ 0],14,MAGIC4); F1(A2,B2,C2,D2,m_M[ 3],14 ); + F4(D1,A1,B1,C1,m_M[ 8],15,MAGIC4); F1(D2,A2,B2,C2,m_M[11],14 ); + F4(C1,D1,A1,B1,m_M[12], 9,MAGIC4); F1(C2,D2,A2,B2,m_M[15], 6 ); + F4(B1,C1,D1,A1,m_M[ 4], 8,MAGIC4); F1(B2,C2,D2,A2,m_M[ 0],14 ); + F4(A1,B1,C1,D1,m_M[13], 9,MAGIC4); F1(A2,B2,C2,D2,m_M[ 5], 6 ); + F4(D1,A1,B1,C1,m_M[ 3],14,MAGIC4); F1(D2,A2,B2,C2,m_M[12], 9 ); + F4(C1,D1,A1,B1,m_M[ 7], 5,MAGIC4); F1(C2,D2,A2,B2,m_M[ 2],12 ); + F4(B1,C1,D1,A1,m_M[15], 6,MAGIC4); F1(B2,C2,D2,A2,m_M[13], 9 ); + F4(A1,B1,C1,D1,m_M[14], 8,MAGIC4); F1(A2,B2,C2,D2,m_M[ 9],12 ); + F4(D1,A1,B1,C1,m_M[ 5], 6,MAGIC4); F1(D2,A2,B2,C2,m_M[ 7], 5 ); + F4(C1,D1,A1,B1,m_M[ 6], 5,MAGIC4); F1(C2,D2,A2,B2,m_M[10],15 ); + F4(B1,C1,D1,A1,m_M[ 2],12,MAGIC4); F1(B2,C2,D2,A2,m_M[14], 8 ); + + D2 = m_digest[1] + C1 + D2; + m_digest[1] = m_digest[2] + D1 + A2; + m_digest[2] = m_digest[3] + A1 + B2; + m_digest[3] = m_digest[0] + B1 + C2; + m_digest[0] = D2; input += hash_block_size(); } @@ -154,7 +154,7 @@ void RIPEMD_128::compress_n(const byte input[], size_t blocks) */ void RIPEMD_128::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -163,11 +163,11 @@ void RIPEMD_128::copy_out(byte output[]) void RIPEMD_128::clear() { MDx_HashFunction::clear(); - zeroise(M); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; + zeroise(m_M); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; } } diff --git a/src/lib/hash/rmd128/rmd128.h b/src/lib/hash/rmd128/rmd128.h index ea1eb2286..ba36ab902 100644 --- a/src/lib/hash/rmd128/rmd128.h +++ b/src/lib/hash/rmd128/rmd128.h @@ -15,7 +15,7 @@ namespace Botan { /** * RIPEMD-128 */ -class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction +class BOTAN_DLL RIPEMD_128 final : public MDx_HashFunction { public: std::string name() const override { return "RIPEMD-128"; } @@ -24,13 +24,13 @@ class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction void clear() override; - RIPEMD_128() : MDx_HashFunction(64, false, true), M(16), digest(4) + RIPEMD_128() : MDx_HashFunction(64, false, true), m_M(16), m_digest(4) { clear(); } private: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; - secure_vector<u32bit> M, digest; + secure_vector<u32bit> m_M, m_digest; }; } diff --git a/src/lib/hash/rmd160/rmd160.cpp b/src/lib/hash/rmd160/rmd160.cpp index 56d063338..a48b97882 100644 --- a/src/lib/hash/rmd160/rmd160.cpp +++ b/src/lib/hash/rmd160/rmd160.cpp @@ -80,103 +80,103 @@ void RIPEMD_160::compress_n(const byte input[], size_t blocks) for(size_t i = 0; i != blocks; ++i) { - load_le(M.data(), input, M.size()); - - u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1, - C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1, - E1 = digest[4], E2 = E1; - - F1(A1,B1,C1,D1,E1,M[ 0],11 ); F5(A2,B2,C2,D2,E2,M[ 5], 8,MAGIC6); - F1(E1,A1,B1,C1,D1,M[ 1],14 ); F5(E2,A2,B2,C2,D2,M[14], 9,MAGIC6); - F1(D1,E1,A1,B1,C1,M[ 2],15 ); F5(D2,E2,A2,B2,C2,M[ 7], 9,MAGIC6); - F1(C1,D1,E1,A1,B1,M[ 3],12 ); F5(C2,D2,E2,A2,B2,M[ 0],11,MAGIC6); - F1(B1,C1,D1,E1,A1,M[ 4], 5 ); F5(B2,C2,D2,E2,A2,M[ 9],13,MAGIC6); - F1(A1,B1,C1,D1,E1,M[ 5], 8 ); F5(A2,B2,C2,D2,E2,M[ 2],15,MAGIC6); - F1(E1,A1,B1,C1,D1,M[ 6], 7 ); F5(E2,A2,B2,C2,D2,M[11],15,MAGIC6); - F1(D1,E1,A1,B1,C1,M[ 7], 9 ); F5(D2,E2,A2,B2,C2,M[ 4], 5,MAGIC6); - F1(C1,D1,E1,A1,B1,M[ 8],11 ); F5(C2,D2,E2,A2,B2,M[13], 7,MAGIC6); - F1(B1,C1,D1,E1,A1,M[ 9],13 ); F5(B2,C2,D2,E2,A2,M[ 6], 7,MAGIC6); - F1(A1,B1,C1,D1,E1,M[10],14 ); F5(A2,B2,C2,D2,E2,M[15], 8,MAGIC6); - F1(E1,A1,B1,C1,D1,M[11],15 ); F5(E2,A2,B2,C2,D2,M[ 8],11,MAGIC6); - F1(D1,E1,A1,B1,C1,M[12], 6 ); F5(D2,E2,A2,B2,C2,M[ 1],14,MAGIC6); - F1(C1,D1,E1,A1,B1,M[13], 7 ); F5(C2,D2,E2,A2,B2,M[10],14,MAGIC6); - F1(B1,C1,D1,E1,A1,M[14], 9 ); F5(B2,C2,D2,E2,A2,M[ 3],12,MAGIC6); - F1(A1,B1,C1,D1,E1,M[15], 8 ); F5(A2,B2,C2,D2,E2,M[12], 6,MAGIC6); - - F2(E1,A1,B1,C1,D1,M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 6], 9,MAGIC7); - F2(D1,E1,A1,B1,C1,M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,M[11],13,MAGIC7); - F2(C1,D1,E1,A1,B1,M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 3],15,MAGIC7); - F2(B1,C1,D1,E1,A1,M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 7], 7,MAGIC7); - F2(A1,B1,C1,D1,E1,M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 0],12,MAGIC7); - F2(E1,A1,B1,C1,D1,M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,M[13], 8,MAGIC7); - F2(D1,E1,A1,B1,C1,M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,M[ 5], 9,MAGIC7); - F2(C1,D1,E1,A1,B1,M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,M[10],11,MAGIC7); - F2(B1,C1,D1,E1,A1,M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[14], 7,MAGIC7); - F2(A1,B1,C1,D1,E1,M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,M[15], 7,MAGIC7); - F2(E1,A1,B1,C1,D1,M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 8],12,MAGIC7); - F2(D1,E1,A1,B1,C1,M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,M[12], 7,MAGIC7); - F2(C1,D1,E1,A1,B1,M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 4], 6,MAGIC7); - F2(B1,C1,D1,E1,A1,M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 9],15,MAGIC7); - F2(A1,B1,C1,D1,E1,M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 1],13,MAGIC7); - F2(E1,A1,B1,C1,D1,M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 2],11,MAGIC7); - - F3(D1,E1,A1,B1,C1,M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,M[15], 9,MAGIC8); - F3(C1,D1,E1,A1,B1,M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 5], 7,MAGIC8); - F3(B1,C1,D1,E1,A1,M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 1],15,MAGIC8); - F3(A1,B1,C1,D1,E1,M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 3],11,MAGIC8); - F3(E1,A1,B1,C1,D1,M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 7], 8,MAGIC8); - F3(D1,E1,A1,B1,C1,M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,M[14], 6,MAGIC8); - F3(C1,D1,E1,A1,B1,M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 6], 6,MAGIC8); - F3(B1,C1,D1,E1,A1,M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 9],14,MAGIC8); - F3(A1,B1,C1,D1,E1,M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,M[11],12,MAGIC8); - F3(E1,A1,B1,C1,D1,M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 8],13,MAGIC8); - F3(D1,E1,A1,B1,C1,M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,M[12], 5,MAGIC8); - F3(C1,D1,E1,A1,B1,M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 2],14,MAGIC8); - F3(B1,C1,D1,E1,A1,M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,M[10],13,MAGIC8); - F3(A1,B1,C1,D1,E1,M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 0],13,MAGIC8); - F3(E1,A1,B1,C1,D1,M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 4], 7,MAGIC8); - F3(D1,E1,A1,B1,C1,M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,M[13], 5,MAGIC8); - - F4(C1,D1,E1,A1,B1,M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 8],15,MAGIC9); - F4(B1,C1,D1,E1,A1,M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,M[ 6], 5,MAGIC9); - F4(A1,B1,C1,D1,E1,M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 4], 8,MAGIC9); - F4(E1,A1,B1,C1,D1,M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 1],11,MAGIC9); - F4(D1,E1,A1,B1,C1,M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[ 3],14,MAGIC9); - F4(C1,D1,E1,A1,B1,M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,M[11],14,MAGIC9); - F4(B1,C1,D1,E1,A1,M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,M[15], 6,MAGIC9); - F4(A1,B1,C1,D1,E1,M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 0],14,MAGIC9); - F4(E1,A1,B1,C1,D1,M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 5], 6,MAGIC9); - F4(D1,E1,A1,B1,C1,M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[12], 9,MAGIC9); - F4(C1,D1,E1,A1,B1,M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 2],12,MAGIC9); - F4(B1,C1,D1,E1,A1,M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,M[13], 9,MAGIC9); - F4(A1,B1,C1,D1,E1,M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 9],12,MAGIC9); - F4(E1,A1,B1,C1,D1,M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 7], 5,MAGIC9); - F4(D1,E1,A1,B1,C1,M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,M[10],15,MAGIC9); - F4(C1,D1,E1,A1,B1,M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,M[14], 8,MAGIC9); - - F5(B1,C1,D1,E1,A1,M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,M[12], 8 ); - F5(A1,B1,C1,D1,E1,M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,M[15], 5 ); - F5(E1,A1,B1,C1,D1,M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,M[10],12 ); - F5(D1,E1,A1,B1,C1,M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 4], 9 ); - F5(C1,D1,E1,A1,B1,M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 1],12 ); - F5(B1,C1,D1,E1,A1,M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,M[ 5], 5 ); - F5(A1,B1,C1,D1,E1,M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,M[ 8],14 ); - F5(E1,A1,B1,C1,D1,M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 7], 6 ); - F5(D1,E1,A1,B1,C1,M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 6], 8 ); - F5(C1,D1,E1,A1,B1,M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 2],13 ); - F5(B1,C1,D1,E1,A1,M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,M[13], 6 ); - F5(A1,B1,C1,D1,E1,M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,M[14], 5 ); - F5(E1,A1,B1,C1,D1,M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 0],15 ); - F5(D1,E1,A1,B1,C1,M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 3],13 ); - F5(C1,D1,E1,A1,B1,M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 9],11 ); - F5(B1,C1,D1,E1,A1,M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,M[11],11 ); - - C1 = digest[1] + C1 + D2; - digest[1] = digest[2] + D1 + E2; - digest[2] = digest[3] + E1 + A2; - digest[3] = digest[4] + A1 + B2; - digest[4] = digest[0] + B1 + C2; - digest[0] = C1; + load_le(m_M.data(), input, m_M.size()); + + u32bit A1 = m_digest[0], A2 = A1, B1 = m_digest[1], B2 = B1, + C1 = m_digest[2], C2 = C1, D1 = m_digest[3], D2 = D1, + E1 = m_digest[4], E2 = E1; + + F1(A1,B1,C1,D1,E1,m_M[ 0],11 ); F5(A2,B2,C2,D2,E2,m_M[ 5], 8,MAGIC6); + F1(E1,A1,B1,C1,D1,m_M[ 1],14 ); F5(E2,A2,B2,C2,D2,m_M[14], 9,MAGIC6); + F1(D1,E1,A1,B1,C1,m_M[ 2],15 ); F5(D2,E2,A2,B2,C2,m_M[ 7], 9,MAGIC6); + F1(C1,D1,E1,A1,B1,m_M[ 3],12 ); F5(C2,D2,E2,A2,B2,m_M[ 0],11,MAGIC6); + F1(B1,C1,D1,E1,A1,m_M[ 4], 5 ); F5(B2,C2,D2,E2,A2,m_M[ 9],13,MAGIC6); + F1(A1,B1,C1,D1,E1,m_M[ 5], 8 ); F5(A2,B2,C2,D2,E2,m_M[ 2],15,MAGIC6); + F1(E1,A1,B1,C1,D1,m_M[ 6], 7 ); F5(E2,A2,B2,C2,D2,m_M[11],15,MAGIC6); + F1(D1,E1,A1,B1,C1,m_M[ 7], 9 ); F5(D2,E2,A2,B2,C2,m_M[ 4], 5,MAGIC6); + F1(C1,D1,E1,A1,B1,m_M[ 8],11 ); F5(C2,D2,E2,A2,B2,m_M[13], 7,MAGIC6); + F1(B1,C1,D1,E1,A1,m_M[ 9],13 ); F5(B2,C2,D2,E2,A2,m_M[ 6], 7,MAGIC6); + F1(A1,B1,C1,D1,E1,m_M[10],14 ); F5(A2,B2,C2,D2,E2,m_M[15], 8,MAGIC6); + F1(E1,A1,B1,C1,D1,m_M[11],15 ); F5(E2,A2,B2,C2,D2,m_M[ 8],11,MAGIC6); + F1(D1,E1,A1,B1,C1,m_M[12], 6 ); F5(D2,E2,A2,B2,C2,m_M[ 1],14,MAGIC6); + F1(C1,D1,E1,A1,B1,m_M[13], 7 ); F5(C2,D2,E2,A2,B2,m_M[10],14,MAGIC6); + F1(B1,C1,D1,E1,A1,m_M[14], 9 ); F5(B2,C2,D2,E2,A2,m_M[ 3],12,MAGIC6); + F1(A1,B1,C1,D1,E1,m_M[15], 8 ); F5(A2,B2,C2,D2,E2,m_M[12], 6,MAGIC6); + + F2(E1,A1,B1,C1,D1,m_M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 6], 9,MAGIC7); + F2(D1,E1,A1,B1,C1,m_M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[11],13,MAGIC7); + F2(C1,D1,E1,A1,B1,m_M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 3],15,MAGIC7); + F2(B1,C1,D1,E1,A1,m_M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 7], 7,MAGIC7); + F2(A1,B1,C1,D1,E1,m_M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 0],12,MAGIC7); + F2(E1,A1,B1,C1,D1,m_M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[13], 8,MAGIC7); + F2(D1,E1,A1,B1,C1,m_M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[ 5], 9,MAGIC7); + F2(C1,D1,E1,A1,B1,m_M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[10],11,MAGIC7); + F2(B1,C1,D1,E1,A1,m_M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[14], 7,MAGIC7); + F2(A1,B1,C1,D1,E1,m_M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[15], 7,MAGIC7); + F2(E1,A1,B1,C1,D1,m_M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 8],12,MAGIC7); + F2(D1,E1,A1,B1,C1,m_M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[12], 7,MAGIC7); + F2(C1,D1,E1,A1,B1,m_M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 4], 6,MAGIC7); + F2(B1,C1,D1,E1,A1,m_M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 9],15,MAGIC7); + F2(A1,B1,C1,D1,E1,m_M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 1],13,MAGIC7); + F2(E1,A1,B1,C1,D1,m_M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 2],11,MAGIC7); + + F3(D1,E1,A1,B1,C1,m_M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[15], 9,MAGIC8); + F3(C1,D1,E1,A1,B1,m_M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 5], 7,MAGIC8); + F3(B1,C1,D1,E1,A1,m_M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 1],15,MAGIC8); + F3(A1,B1,C1,D1,E1,m_M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 3],11,MAGIC8); + F3(E1,A1,B1,C1,D1,m_M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 7], 8,MAGIC8); + F3(D1,E1,A1,B1,C1,m_M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[14], 6,MAGIC8); + F3(C1,D1,E1,A1,B1,m_M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 6], 6,MAGIC8); + F3(B1,C1,D1,E1,A1,m_M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 9],14,MAGIC8); + F3(A1,B1,C1,D1,E1,m_M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[11],12,MAGIC8); + F3(E1,A1,B1,C1,D1,m_M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 8],13,MAGIC8); + F3(D1,E1,A1,B1,C1,m_M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[12], 5,MAGIC8); + F3(C1,D1,E1,A1,B1,m_M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 2],14,MAGIC8); + F3(B1,C1,D1,E1,A1,m_M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[10],13,MAGIC8); + F3(A1,B1,C1,D1,E1,m_M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 0],13,MAGIC8); + F3(E1,A1,B1,C1,D1,m_M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 4], 7,MAGIC8); + F3(D1,E1,A1,B1,C1,m_M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[13], 5,MAGIC8); + + F4(C1,D1,E1,A1,B1,m_M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 8],15,MAGIC9); + F4(B1,C1,D1,E1,A1,m_M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[ 6], 5,MAGIC9); + F4(A1,B1,C1,D1,E1,m_M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 4], 8,MAGIC9); + F4(E1,A1,B1,C1,D1,m_M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 1],11,MAGIC9); + F4(D1,E1,A1,B1,C1,m_M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[ 3],14,MAGIC9); + F4(C1,D1,E1,A1,B1,m_M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[11],14,MAGIC9); + F4(B1,C1,D1,E1,A1,m_M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[15], 6,MAGIC9); + F4(A1,B1,C1,D1,E1,m_M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 0],14,MAGIC9); + F4(E1,A1,B1,C1,D1,m_M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 5], 6,MAGIC9); + F4(D1,E1,A1,B1,C1,m_M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[12], 9,MAGIC9); + F4(C1,D1,E1,A1,B1,m_M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 2],12,MAGIC9); + F4(B1,C1,D1,E1,A1,m_M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[13], 9,MAGIC9); + F4(A1,B1,C1,D1,E1,m_M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 9],12,MAGIC9); + F4(E1,A1,B1,C1,D1,m_M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 7], 5,MAGIC9); + F4(D1,E1,A1,B1,C1,m_M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[10],15,MAGIC9); + F4(C1,D1,E1,A1,B1,m_M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[14], 8,MAGIC9); + + F5(B1,C1,D1,E1,A1,m_M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[12], 8 ); + F5(A1,B1,C1,D1,E1,m_M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[15], 5 ); + F5(E1,A1,B1,C1,D1,m_M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[10],12 ); + F5(D1,E1,A1,B1,C1,m_M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 4], 9 ); + F5(C1,D1,E1,A1,B1,m_M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 1],12 ); + F5(B1,C1,D1,E1,A1,m_M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[ 5], 5 ); + F5(A1,B1,C1,D1,E1,m_M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[ 8],14 ); + F5(E1,A1,B1,C1,D1,m_M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 7], 6 ); + F5(D1,E1,A1,B1,C1,m_M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 6], 8 ); + F5(C1,D1,E1,A1,B1,m_M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 2],13 ); + F5(B1,C1,D1,E1,A1,m_M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[13], 6 ); + F5(A1,B1,C1,D1,E1,m_M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[14], 5 ); + F5(E1,A1,B1,C1,D1,m_M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 0],15 ); + F5(D1,E1,A1,B1,C1,m_M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 3],13 ); + F5(C1,D1,E1,A1,B1,m_M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 9],11 ); + F5(B1,C1,D1,E1,A1,m_M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[11],11 ); + + C1 = m_digest[1] + C1 + D2; + m_digest[1] = m_digest[2] + D1 + E2; + m_digest[2] = m_digest[3] + E1 + A2; + m_digest[3] = m_digest[4] + A1 + B2; + m_digest[4] = m_digest[0] + B1 + C2; + m_digest[0] = C1; input += hash_block_size(); } @@ -187,7 +187,7 @@ void RIPEMD_160::compress_n(const byte input[], size_t blocks) */ void RIPEMD_160::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -196,12 +196,12 @@ void RIPEMD_160::copy_out(byte output[]) void RIPEMD_160::clear() { MDx_HashFunction::clear(); - zeroise(M); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; - digest[4] = 0xC3D2E1F0; + zeroise(m_M); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; + m_digest[4] = 0xC3D2E1F0; } } diff --git a/src/lib/hash/rmd160/rmd160.h b/src/lib/hash/rmd160/rmd160.h index ad7182404..0e4103101 100644 --- a/src/lib/hash/rmd160/rmd160.h +++ b/src/lib/hash/rmd160/rmd160.h @@ -15,7 +15,7 @@ namespace Botan { /** * RIPEMD-160 */ -class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction +class BOTAN_DLL RIPEMD_160 final : public MDx_HashFunction { public: std::string name() const override { return "RIPEMD-160"; } @@ -24,13 +24,13 @@ class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction void clear() override; - RIPEMD_160() : MDx_HashFunction(64, false, true), M(16), digest(5) + RIPEMD_160() : MDx_HashFunction(64, false, true), m_M(16), m_digest(5) { clear(); } private: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; - secure_vector<u32bit> M, digest; + secure_vector<u32bit> m_M, m_digest; }; } diff --git a/src/lib/hash/sha1/sha160.cpp b/src/lib/hash/sha1/sha160.cpp index 39d14f486..21e87465a 100644 --- a/src/lib/hash/sha1/sha160.cpp +++ b/src/lib/hash/sha1/sha160.cpp @@ -60,74 +60,74 @@ void SHA_160::compress_n(const byte input[], size_t blocks) { using namespace SHA1_F; - u32bit A = digest[0], B = digest[1], C = digest[2], - D = digest[3], E = digest[4]; + u32bit A = m_digest[0], B = m_digest[1], C = m_digest[2], + D = m_digest[3], E = m_digest[4]; for(size_t i = 0; i != blocks; ++i) { - load_be(W.data(), input, 16); + load_be(m_W.data(), input, 16); for(size_t j = 16; j != 80; j += 8) { - W[j ] = rotate_left((W[j-3] ^ W[j-8] ^ W[j-14] ^ W[j-16]), 1); - W[j+1] = rotate_left((W[j-2] ^ W[j-7] ^ W[j-13] ^ W[j-15]), 1); - W[j+2] = rotate_left((W[j-1] ^ W[j-6] ^ W[j-12] ^ W[j-14]), 1); - W[j+3] = rotate_left((W[j ] ^ W[j-5] ^ W[j-11] ^ W[j-13]), 1); - W[j+4] = rotate_left((W[j+1] ^ W[j-4] ^ W[j-10] ^ W[j-12]), 1); - W[j+5] = rotate_left((W[j+2] ^ W[j-3] ^ W[j- 9] ^ W[j-11]), 1); - W[j+6] = rotate_left((W[j+3] ^ W[j-2] ^ W[j- 8] ^ W[j-10]), 1); - W[j+7] = rotate_left((W[j+4] ^ W[j-1] ^ W[j- 7] ^ W[j- 9]), 1); + m_W[j ] = rotate_left((m_W[j-3] ^ m_W[j-8] ^ m_W[j-14] ^ m_W[j-16]), 1); + m_W[j+1] = rotate_left((m_W[j-2] ^ m_W[j-7] ^ m_W[j-13] ^ m_W[j-15]), 1); + m_W[j+2] = rotate_left((m_W[j-1] ^ m_W[j-6] ^ m_W[j-12] ^ m_W[j-14]), 1); + m_W[j+3] = rotate_left((m_W[j ] ^ m_W[j-5] ^ m_W[j-11] ^ m_W[j-13]), 1); + m_W[j+4] = rotate_left((m_W[j+1] ^ m_W[j-4] ^ m_W[j-10] ^ m_W[j-12]), 1); + m_W[j+5] = rotate_left((m_W[j+2] ^ m_W[j-3] ^ m_W[j- 9] ^ m_W[j-11]), 1); + m_W[j+6] = rotate_left((m_W[j+3] ^ m_W[j-2] ^ m_W[j- 8] ^ m_W[j-10]), 1); + m_W[j+7] = rotate_left((m_W[j+4] ^ m_W[j-1] ^ m_W[j- 7] ^ m_W[j- 9]), 1); } - F1(A, B, C, D, E, W[ 0]); F1(E, A, B, C, D, W[ 1]); - F1(D, E, A, B, C, W[ 2]); F1(C, D, E, A, B, W[ 3]); - F1(B, C, D, E, A, W[ 4]); F1(A, B, C, D, E, W[ 5]); - F1(E, A, B, C, D, W[ 6]); F1(D, E, A, B, C, W[ 7]); - F1(C, D, E, A, B, W[ 8]); F1(B, C, D, E, A, W[ 9]); - F1(A, B, C, D, E, W[10]); F1(E, A, B, C, D, W[11]); - F1(D, E, A, B, C, W[12]); F1(C, D, E, A, B, W[13]); - F1(B, C, D, E, A, W[14]); F1(A, B, C, D, E, W[15]); - F1(E, A, B, C, D, W[16]); F1(D, E, A, B, C, W[17]); - F1(C, D, E, A, B, W[18]); F1(B, C, D, E, A, W[19]); - - F2(A, B, C, D, E, W[20]); F2(E, A, B, C, D, W[21]); - F2(D, E, A, B, C, W[22]); F2(C, D, E, A, B, W[23]); - F2(B, C, D, E, A, W[24]); F2(A, B, C, D, E, W[25]); - F2(E, A, B, C, D, W[26]); F2(D, E, A, B, C, W[27]); - F2(C, D, E, A, B, W[28]); F2(B, C, D, E, A, W[29]); - F2(A, B, C, D, E, W[30]); F2(E, A, B, C, D, W[31]); - F2(D, E, A, B, C, W[32]); F2(C, D, E, A, B, W[33]); - F2(B, C, D, E, A, W[34]); F2(A, B, C, D, E, W[35]); - F2(E, A, B, C, D, W[36]); F2(D, E, A, B, C, W[37]); - F2(C, D, E, A, B, W[38]); F2(B, C, D, E, A, W[39]); - - F3(A, B, C, D, E, W[40]); F3(E, A, B, C, D, W[41]); - F3(D, E, A, B, C, W[42]); F3(C, D, E, A, B, W[43]); - F3(B, C, D, E, A, W[44]); F3(A, B, C, D, E, W[45]); - F3(E, A, B, C, D, W[46]); F3(D, E, A, B, C, W[47]); - F3(C, D, E, A, B, W[48]); F3(B, C, D, E, A, W[49]); - F3(A, B, C, D, E, W[50]); F3(E, A, B, C, D, W[51]); - F3(D, E, A, B, C, W[52]); F3(C, D, E, A, B, W[53]); - F3(B, C, D, E, A, W[54]); F3(A, B, C, D, E, W[55]); - F3(E, A, B, C, D, W[56]); F3(D, E, A, B, C, W[57]); - F3(C, D, E, A, B, W[58]); F3(B, C, D, E, A, W[59]); - - F4(A, B, C, D, E, W[60]); F4(E, A, B, C, D, W[61]); - F4(D, E, A, B, C, W[62]); F4(C, D, E, A, B, W[63]); - F4(B, C, D, E, A, W[64]); F4(A, B, C, D, E, W[65]); - F4(E, A, B, C, D, W[66]); F4(D, E, A, B, C, W[67]); - F4(C, D, E, A, B, W[68]); F4(B, C, D, E, A, W[69]); - F4(A, B, C, D, E, W[70]); F4(E, A, B, C, D, W[71]); - F4(D, E, A, B, C, W[72]); F4(C, D, E, A, B, W[73]); - F4(B, C, D, E, A, W[74]); F4(A, B, C, D, E, W[75]); - F4(E, A, B, C, D, W[76]); F4(D, E, A, B, C, W[77]); - F4(C, D, E, A, B, W[78]); F4(B, C, D, E, A, W[79]); - - A = (digest[0] += A); - B = (digest[1] += B); - C = (digest[2] += C); - D = (digest[3] += D); - E = (digest[4] += E); + F1(A, B, C, D, E, m_W[ 0]); F1(E, A, B, C, D, m_W[ 1]); + F1(D, E, A, B, C, m_W[ 2]); F1(C, D, E, A, B, m_W[ 3]); + F1(B, C, D, E, A, m_W[ 4]); F1(A, B, C, D, E, m_W[ 5]); + F1(E, A, B, C, D, m_W[ 6]); F1(D, E, A, B, C, m_W[ 7]); + F1(C, D, E, A, B, m_W[ 8]); F1(B, C, D, E, A, m_W[ 9]); + F1(A, B, C, D, E, m_W[10]); F1(E, A, B, C, D, m_W[11]); + F1(D, E, A, B, C, m_W[12]); F1(C, D, E, A, B, m_W[13]); + F1(B, C, D, E, A, m_W[14]); F1(A, B, C, D, E, m_W[15]); + F1(E, A, B, C, D, m_W[16]); F1(D, E, A, B, C, m_W[17]); + F1(C, D, E, A, B, m_W[18]); F1(B, C, D, E, A, m_W[19]); + + F2(A, B, C, D, E, m_W[20]); F2(E, A, B, C, D, m_W[21]); + F2(D, E, A, B, C, m_W[22]); F2(C, D, E, A, B, m_W[23]); + F2(B, C, D, E, A, m_W[24]); F2(A, B, C, D, E, m_W[25]); + F2(E, A, B, C, D, m_W[26]); F2(D, E, A, B, C, m_W[27]); + F2(C, D, E, A, B, m_W[28]); F2(B, C, D, E, A, m_W[29]); + F2(A, B, C, D, E, m_W[30]); F2(E, A, B, C, D, m_W[31]); + F2(D, E, A, B, C, m_W[32]); F2(C, D, E, A, B, m_W[33]); + F2(B, C, D, E, A, m_W[34]); F2(A, B, C, D, E, m_W[35]); + F2(E, A, B, C, D, m_W[36]); F2(D, E, A, B, C, m_W[37]); + F2(C, D, E, A, B, m_W[38]); F2(B, C, D, E, A, m_W[39]); + + F3(A, B, C, D, E, m_W[40]); F3(E, A, B, C, D, m_W[41]); + F3(D, E, A, B, C, m_W[42]); F3(C, D, E, A, B, m_W[43]); + F3(B, C, D, E, A, m_W[44]); F3(A, B, C, D, E, m_W[45]); + F3(E, A, B, C, D, m_W[46]); F3(D, E, A, B, C, m_W[47]); + F3(C, D, E, A, B, m_W[48]); F3(B, C, D, E, A, m_W[49]); + F3(A, B, C, D, E, m_W[50]); F3(E, A, B, C, D, m_W[51]); + F3(D, E, A, B, C, m_W[52]); F3(C, D, E, A, B, m_W[53]); + F3(B, C, D, E, A, m_W[54]); F3(A, B, C, D, E, m_W[55]); + F3(E, A, B, C, D, m_W[56]); F3(D, E, A, B, C, m_W[57]); + F3(C, D, E, A, B, m_W[58]); F3(B, C, D, E, A, m_W[59]); + + F4(A, B, C, D, E, m_W[60]); F4(E, A, B, C, D, m_W[61]); + F4(D, E, A, B, C, m_W[62]); F4(C, D, E, A, B, m_W[63]); + F4(B, C, D, E, A, m_W[64]); F4(A, B, C, D, E, m_W[65]); + F4(E, A, B, C, D, m_W[66]); F4(D, E, A, B, C, m_W[67]); + F4(C, D, E, A, B, m_W[68]); F4(B, C, D, E, A, m_W[69]); + F4(A, B, C, D, E, m_W[70]); F4(E, A, B, C, D, m_W[71]); + F4(D, E, A, B, C, m_W[72]); F4(C, D, E, A, B, m_W[73]); + F4(B, C, D, E, A, m_W[74]); F4(A, B, C, D, E, m_W[75]); + F4(E, A, B, C, D, m_W[76]); F4(D, E, A, B, C, m_W[77]); + F4(C, D, E, A, B, m_W[78]); F4(B, C, D, E, A, m_W[79]); + + A = (m_digest[0] += A); + B = (m_digest[1] += B); + C = (m_digest[2] += C); + D = (m_digest[3] += D); + E = (m_digest[4] += E); input += hash_block_size(); } @@ -138,7 +138,7 @@ void SHA_160::compress_n(const byte input[], size_t blocks) */ void SHA_160::copy_out(byte output[]) { - copy_out_vec_be(output, output_length(), digest); + copy_out_vec_be(output, output_length(), m_digest); } /* @@ -147,12 +147,12 @@ void SHA_160::copy_out(byte output[]) void SHA_160::clear() { MDx_HashFunction::clear(); - zeroise(W); - digest[0] = 0x67452301; - digest[1] = 0xEFCDAB89; - digest[2] = 0x98BADCFE; - digest[3] = 0x10325476; - digest[4] = 0xC3D2E1F0; + zeroise(m_W); + m_digest[0] = 0x67452301; + m_digest[1] = 0xEFCDAB89; + m_digest[2] = 0x98BADCFE; + m_digest[3] = 0x10325476; + m_digest[4] = 0xC3D2E1F0; } } diff --git a/src/lib/hash/sha1/sha160.h b/src/lib/hash/sha1/sha160.h index 6328d74c4..b4a161c14 100644 --- a/src/lib/hash/sha1/sha160.h +++ b/src/lib/hash/sha1/sha160.h @@ -24,7 +24,7 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction void clear() override; - SHA_160() : MDx_HashFunction(64, true, true), digest(5), W(80) + SHA_160() : MDx_HashFunction(64, true, true), m_digest(5), m_W(80) { clear(); } @@ -35,8 +35,8 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction * constraints * @param W_size how big to make W */ - SHA_160(size_t W_size) : - MDx_HashFunction(64, true, true), digest(5), W(W_size) + explicit SHA_160(size_t W_size) : + MDx_HashFunction(64, true, true), m_digest(5), m_W(W_size) { clear(); } @@ -47,12 +47,12 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction /** * The digest value, exposed for use by subclasses (asm, SSE2) */ - secure_vector<u32bit> digest; + secure_vector<u32bit> m_digest; /** * The message buffer, exposed for use by subclasses (asm, SSE2) */ - secure_vector<u32bit> W; + secure_vector<u32bit> m_W; }; } diff --git a/src/lib/hash/sha1_sse2/sha1_sse2.cpp b/src/lib/hash/sha1_sse2/sha1_sse2.cpp index 2e0688185..14ad88bc4 100644 --- a/src/lib/hash/sha1_sse2/sha1_sse2.cpp +++ b/src/lib/hash/sha1_sse2/sha1_sse2.cpp @@ -161,11 +161,11 @@ void SHA_160_SSE2::compress_n(const byte input_bytes[], size_t blocks) const __m128i K40_59 = _mm_set1_epi32(0x8F1BBCDC); const __m128i K60_79 = _mm_set1_epi32(0xCA62C1D6); - u32bit A = digest[0], - B = digest[1], - C = digest[2], - D = digest[3], - E = digest[4]; + u32bit A = m_digest[0], + B = m_digest[1], + C = m_digest[2], + D = m_digest[3], + E = m_digest[4]; const __m128i* input = reinterpret_cast<const __m128i*>(input_bytes); @@ -316,11 +316,11 @@ void SHA_160_SSE2::compress_n(const byte input_bytes[], size_t blocks) F4(C, D, E, A, B, GET_P_32(P3, 2)); F4(B, C, D, E, A, GET_P_32(P3, 3)); - A = (digest[0] += A); - B = (digest[1] += B); - C = (digest[2] += C); - D = (digest[3] += D); - E = (digest[4] += E); + A = (m_digest[0] += A); + B = (m_digest[1] += B); + C = (m_digest[2] += C); + D = (m_digest[3] += D); + E = (m_digest[4] += E); input += (hash_block_size() / 16); } diff --git a/src/lib/hash/sha1_sse2/sha1_sse2.h b/src/lib/hash/sha1_sse2/sha1_sse2.h index 20bb63727..a38600762 100644 --- a/src/lib/hash/sha1_sse2/sha1_sse2.h +++ b/src/lib/hash/sha1_sse2/sha1_sse2.h @@ -15,7 +15,7 @@ namespace Botan { /** * SHA-160 using SSE2 for the message expansion */ -class BOTAN_DLL SHA_160_SSE2 : public SHA_160 +class BOTAN_DLL SHA_160_SSE2 final : public SHA_160 { public: HashFunction* clone() const override { return new SHA_160_SSE2; } diff --git a/src/lib/hash/sha2_32/sha2_32.cpp b/src/lib/hash/sha2_32/sha2_32.cpp index 5215164cf..46551431c 100644 --- a/src/lib/hash/sha2_32/sha2_32.cpp +++ b/src/lib/hash/sha2_32/sha2_32.cpp @@ -161,7 +161,7 @@ void compress(secure_vector<u32bit>& digest, */ void SHA_224::compress_n(const byte input[], size_t blocks) { - SHA2_32::compress(digest, input, blocks); + SHA2_32::compress(m_digest, input, blocks); } /* @@ -169,7 +169,7 @@ void SHA_224::compress_n(const byte input[], size_t blocks) */ void SHA_224::copy_out(byte output[]) { - copy_out_vec_be(output, output_length(), digest); + copy_out_vec_be(output, output_length(), m_digest); } /* @@ -178,14 +178,14 @@ void SHA_224::copy_out(byte output[]) void SHA_224::clear() { MDx_HashFunction::clear(); - digest[0] = 0xC1059ED8; - digest[1] = 0x367CD507; - digest[2] = 0x3070DD17; - digest[3] = 0xF70E5939; - digest[4] = 0xFFC00B31; - digest[5] = 0x68581511; - digest[6] = 0x64F98FA7; - digest[7] = 0xBEFA4FA4; + m_digest[0] = 0xC1059ED8; + m_digest[1] = 0x367CD507; + m_digest[2] = 0x3070DD17; + m_digest[3] = 0xF70E5939; + m_digest[4] = 0xFFC00B31; + m_digest[5] = 0x68581511; + m_digest[6] = 0x64F98FA7; + m_digest[7] = 0xBEFA4FA4; } /* @@ -193,7 +193,7 @@ void SHA_224::clear() */ void SHA_256::compress_n(const byte input[], size_t blocks) { - SHA2_32::compress(digest, input, blocks); + SHA2_32::compress(m_digest, input, blocks); } /* @@ -201,7 +201,7 @@ void SHA_256::compress_n(const byte input[], size_t blocks) */ void SHA_256::copy_out(byte output[]) { - copy_out_vec_be(output, output_length(), digest); + copy_out_vec_be(output, output_length(), m_digest); } /* @@ -210,14 +210,14 @@ void SHA_256::copy_out(byte output[]) void SHA_256::clear() { MDx_HashFunction::clear(); - digest[0] = 0x6A09E667; - digest[1] = 0xBB67AE85; - digest[2] = 0x3C6EF372; - digest[3] = 0xA54FF53A; - digest[4] = 0x510E527F; - digest[5] = 0x9B05688C; - digest[6] = 0x1F83D9AB; - digest[7] = 0x5BE0CD19; + m_digest[0] = 0x6A09E667; + m_digest[1] = 0xBB67AE85; + m_digest[2] = 0x3C6EF372; + m_digest[3] = 0xA54FF53A; + m_digest[4] = 0x510E527F; + m_digest[5] = 0x9B05688C; + m_digest[6] = 0x1F83D9AB; + m_digest[7] = 0x5BE0CD19; } } diff --git a/src/lib/hash/sha2_32/sha2_32.h b/src/lib/hash/sha2_32/sha2_32.h index e51087dc1..528fe9cfd 100644 --- a/src/lib/hash/sha2_32/sha2_32.h +++ b/src/lib/hash/sha2_32/sha2_32.h @@ -16,7 +16,7 @@ namespace Botan { /** * SHA-224 */ -class BOTAN_DLL SHA_224 : public MDx_HashFunction +class BOTAN_DLL SHA_224 final : public MDx_HashFunction { public: std::string name() const override { return "SHA-224"; } @@ -25,19 +25,19 @@ class BOTAN_DLL SHA_224 : public MDx_HashFunction void clear() override; - SHA_224() : MDx_HashFunction(64, true, true), digest(8) + SHA_224() : MDx_HashFunction(64, true, true), m_digest(8) { clear(); } private: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; - secure_vector<u32bit> digest; + secure_vector<u32bit> m_digest; }; /** * SHA-256 */ -class BOTAN_DLL SHA_256 : public MDx_HashFunction +class BOTAN_DLL SHA_256 final : public MDx_HashFunction { public: std::string name() const override { return "SHA-256"; } @@ -46,13 +46,13 @@ class BOTAN_DLL SHA_256 : public MDx_HashFunction void clear() override; - SHA_256() : MDx_HashFunction(64, true, true), digest(8) + SHA_256() : MDx_HashFunction(64, true, true), m_digest(8) { clear(); } private: void compress_n(const byte[], size_t blocks) override; void copy_out(byte[]) override; - secure_vector<u32bit> digest; + secure_vector<u32bit> m_digest; }; } diff --git a/src/lib/hash/sha2_64/sha2_64.h b/src/lib/hash/sha2_64/sha2_64.h index 736b33d12..a38f12dae 100644 --- a/src/lib/hash/sha2_64/sha2_64.h +++ b/src/lib/hash/sha2_64/sha2_64.h @@ -15,7 +15,7 @@ namespace Botan { /** * SHA-384 */ -class BOTAN_DLL SHA_384 : public MDx_HashFunction +class BOTAN_DLL SHA_384 final : public MDx_HashFunction { public: std::string name() const override { return "SHA-384"; } @@ -36,7 +36,7 @@ class BOTAN_DLL SHA_384 : public MDx_HashFunction /** * SHA-512 */ -class BOTAN_DLL SHA_512 : public MDx_HashFunction +class BOTAN_DLL SHA_512 final : public MDx_HashFunction { public: std::string name() const override { return "SHA-512"; } @@ -57,7 +57,7 @@ class BOTAN_DLL SHA_512 : public MDx_HashFunction /** * SHA-512/256 */ -class BOTAN_DLL SHA_512_256 : public MDx_HashFunction +class BOTAN_DLL SHA_512_256 final : public MDx_HashFunction { public: std::string name() const override { return "SHA-512-256"; } diff --git a/src/lib/hash/skein/skein_512.cpp b/src/lib/hash/skein/skein_512.cpp index fe95dd7a5..86ea9e75a 100644 --- a/src/lib/hash/skein/skein_512.cpp +++ b/src/lib/hash/skein/skein_512.cpp @@ -19,12 +19,12 @@ Skein_512* Skein_512::make(const Spec& spec) Skein_512::Skein_512(size_t arg_output_bits, const std::string& arg_personalization) : - personalization(arg_personalization), - output_bits(arg_output_bits), + m_personalization(arg_personalization), + m_output_bits(arg_output_bits), m_threefish(new Threefish_512), - T(2), buffer(64), buf_pos(0) + m_T(2), m_buffer(64), m_buf_pos(0) { - if(output_bits == 0 || output_bits % 8 != 0 || output_bits > 512) + if(m_output_bits == 0 || m_output_bits % 8 != 0 || m_output_bits > 512) throw Invalid_Argument("Bad output bits size for Skein-512"); initial_block(); @@ -32,32 +32,32 @@ Skein_512::Skein_512(size_t arg_output_bits, std::string Skein_512::name() const { - if(personalization != "") - return "Skein-512(" + std::to_string(output_bits) + "," + - personalization + ")"; - return "Skein-512(" + std::to_string(output_bits) + ")"; + if(m_personalization != "") + return "Skein-512(" + std::to_string(m_output_bits) + "," + + m_personalization + ")"; + return "Skein-512(" + std::to_string(m_output_bits) + ")"; } HashFunction* Skein_512::clone() const { - return new Skein_512(output_bits, personalization); + return new Skein_512(m_output_bits, m_personalization); } void Skein_512::clear() { - zeroise(buffer); - buf_pos = 0; + zeroise(m_buffer); + m_buf_pos = 0; initial_block(); } -void Skein_512::reset_tweak(type_code type, bool final) +void Skein_512::reset_tweak(type_code type, bool is_final) { - T[0] = 0; + m_T[0] = 0; - T[1] = (static_cast<u64bit>(type) << 56) | + m_T[1] = (static_cast<u64bit>(type) << 56) | (static_cast<u64bit>(1) << 62) | - (static_cast<u64bit>(final) << 63); + (static_cast<u64bit>(is_final) << 63); } void Skein_512::initial_block() @@ -68,24 +68,24 @@ void Skein_512::initial_block() // ASCII("SHA3") followed by version (0x0001) code byte config_str[32] = { 0x53, 0x48, 0x41, 0x33, 0x01, 0x00, 0 }; - store_le(u32bit(output_bits), config_str + 8); + store_le(u32bit(m_output_bits), config_str + 8); reset_tweak(SKEIN_CONFIG, true); ubi_512(config_str, sizeof(config_str)); - if(personalization != "") + if(m_personalization != "") { /* This is a limitation of this implementation, and not of the algorithm specification. Could be fixed relatively easily, but doesn't seem worth the trouble. */ - if(personalization.length() > 64) + if(m_personalization.length() > 64) throw Invalid_Argument("Skein personalization must be less than 64 bytes"); - const byte* bits = reinterpret_cast<const byte*>(personalization.data()); + const byte* bits = reinterpret_cast<const byte*>(m_personalization.data()); reset_tweak(SKEIN_PERSONALIZATION, true); - ubi_512(bits, personalization.length()); + ubi_512(bits, m_personalization.length()); } reset_tweak(SKEIN_MSG, false); @@ -98,7 +98,7 @@ void Skein_512::ubi_512(const byte msg[], size_t msg_len) do { const size_t to_proc = std::min<size_t>(msg_len, 64); - T[0] += to_proc; + m_T[0] += to_proc; load_le(M.data(), msg, to_proc / 8); @@ -108,10 +108,10 @@ void Skein_512::ubi_512(const byte msg[], size_t msg_len) M[to_proc/8] |= static_cast<u64bit>(msg[8*(to_proc/8)+j]) << (8*j); } - m_threefish->skein_feedfwd(M, T); + m_threefish->skein_feedfwd(M, m_T); // clear first flag if set - T[1] &= ~(static_cast<u64bit>(1) << 62); + m_T[1] &= ~(static_cast<u64bit>(1) << 62); msg_len -= to_proc; msg += to_proc; @@ -123,16 +123,16 @@ void Skein_512::add_data(const byte input[], size_t length) if(length == 0) return; - if(buf_pos) + if(m_buf_pos) { - buffer_insert(buffer, buf_pos, input, length); - if(buf_pos + length > 64) + buffer_insert(m_buffer, m_buf_pos, input, length); + if(m_buf_pos + length > 64) { - ubi_512(buffer.data(), buffer.size()); + ubi_512(m_buffer.data(), m_buffer.size()); - input += (64 - buf_pos); - length -= (64 - buf_pos); - buf_pos = 0; + input += (64 - m_buf_pos); + length -= (64 - m_buf_pos); + m_buf_pos = 0; } } @@ -143,27 +143,27 @@ void Skein_512::add_data(const byte input[], size_t length) length -= full_blocks * 64; - buffer_insert(buffer, buf_pos, input + full_blocks * 64, length); - buf_pos += length; + buffer_insert(m_buffer, m_buf_pos, input + full_blocks * 64, length); + m_buf_pos += length; } void Skein_512::final_result(byte out[]) { - T[1] |= (static_cast<u64bit>(1) << 63); // final block flag + m_T[1] |= (static_cast<u64bit>(1) << 63); // final block flag - for(size_t i = buf_pos; i != buffer.size(); ++i) - buffer[i] = 0; + for(size_t i = m_buf_pos; i != m_buffer.size(); ++i) + m_buffer[i] = 0; - ubi_512(buffer.data(), buf_pos); + ubi_512(m_buffer.data(), m_buf_pos); const byte counter[8] = { 0 }; reset_tweak(SKEIN_OUTPUT, true); ubi_512(counter, sizeof(counter)); - copy_out_vec_le(out, output_bits / 8, m_threefish->m_K); + copy_out_vec_le(out, m_output_bits / 8, m_threefish->m_K); - buf_pos = 0; + m_buf_pos = 0; initial_block(); } diff --git a/src/lib/hash/skein/skein_512.h b/src/lib/hash/skein/skein_512.h index dceb34854..001d9a991 100644 --- a/src/lib/hash/skein/skein_512.h +++ b/src/lib/hash/skein/skein_512.h @@ -18,7 +18,7 @@ namespace Botan { /** * Skein-512, a SHA-3 candidate */ -class BOTAN_DLL Skein_512 : public HashFunction +class BOTAN_DLL Skein_512 final : public HashFunction { public: /** @@ -30,7 +30,7 @@ class BOTAN_DLL Skein_512 : public HashFunction const std::string& personalization = ""); size_t hash_block_size() const override { return 64; } - size_t output_length() const override { return output_bits / 8; } + size_t output_length() const override { return m_output_bits / 8; } static Skein_512* make(const Spec& spec); @@ -55,15 +55,15 @@ class BOTAN_DLL Skein_512 : public HashFunction void ubi_512(const byte msg[], size_t msg_len); void initial_block(); - void reset_tweak(type_code type, bool final); + void reset_tweak(type_code type, bool is_final); - std::string personalization; - size_t output_bits; + std::string m_personalization; + size_t m_output_bits; std::unique_ptr<Threefish_512> m_threefish; - secure_vector<u64bit> T; - secure_vector<byte> buffer; - size_t buf_pos; + secure_vector<u64bit> m_T; + secure_vector<byte> m_buffer; + size_t m_buf_pos; }; } diff --git a/src/lib/hash/tiger/tiger.cpp b/src/lib/hash/tiger/tiger.cpp index 79708a902..1da38291c 100644 --- a/src/lib/hash/tiger/tiger.cpp +++ b/src/lib/hash/tiger/tiger.cpp @@ -44,26 +44,26 @@ inline void mix(secure_vector<u64bit>& X) */ void Tiger::compress_n(const byte input[], size_t blocks) { - u64bit A = digest[0], B = digest[1], C = digest[2]; + u64bit A = m_digest[0], B = m_digest[1], C = m_digest[2]; for(size_t i = 0; i != blocks; ++i) { - load_le(X.data(), input, X.size()); + load_le(m_X.data(), input, m_X.size()); - pass(A, B, C, X, 5); mix(X); - pass(C, A, B, X, 7); mix(X); - pass(B, C, A, X, 9); + pass(A, B, C, m_X, 5); mix(m_X); + pass(C, A, B, m_X, 7); mix(m_X); + pass(B, C, A, m_X, 9); - for(size_t j = 3; j != passes; ++j) + for(size_t j = 3; j != m_passes; ++j) { - mix(X); - pass(A, B, C, X, 9); + mix(m_X); + pass(A, B, C, m_X, 9); u64bit T = A; A = C; C = B; B = T; } - A = (digest[0] ^= A); - B = digest[1] = B - digest[1]; - C = (digest[2] += C); + A = (m_digest[0] ^= A); + B = m_digest[1] = B - m_digest[1]; + C = (m_digest[2] += C); input += hash_block_size(); } @@ -74,7 +74,7 @@ void Tiger::compress_n(const byte input[], size_t blocks) */ void Tiger::copy_out(byte output[]) { - copy_out_vec_le(output, output_length(), digest); + copy_out_vec_le(output, output_length(), m_digest); } /* @@ -147,10 +147,10 @@ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, void Tiger::clear() { MDx_HashFunction::clear(); - zeroise(X); - digest[0] = 0x0123456789ABCDEF; - digest[1] = 0xFEDCBA9876543210; - digest[2] = 0xF096A5B4C3B2E187; + zeroise(m_X); + m_digest[0] = 0x0123456789ABCDEF; + m_digest[1] = 0xFEDCBA9876543210; + m_digest[2] = 0xF096A5B4C3B2E187; } /* @@ -159,7 +159,7 @@ void Tiger::clear() std::string Tiger::name() const { return "Tiger(" + std::to_string(output_length()) + "," + - std::to_string(passes) + ")"; + std::to_string(m_passes) + ")"; } /* @@ -167,10 +167,10 @@ std::string Tiger::name() const */ Tiger::Tiger(size_t hash_len, size_t passes) : MDx_HashFunction(64, false, false), - X(8), - digest(3), - hash_len(hash_len), - passes(passes) + m_X(8), + m_digest(3), + m_hash_len(hash_len), + m_passes(passes) { if(output_length() != 16 && output_length() != 20 && output_length() != 24) throw Invalid_Argument("Tiger: Illegal hash output size: " + diff --git a/src/lib/hash/tiger/tiger.h b/src/lib/hash/tiger/tiger.h index 986186dda..fb0524d44 100644 --- a/src/lib/hash/tiger/tiger.h +++ b/src/lib/hash/tiger/tiger.h @@ -15,15 +15,15 @@ namespace Botan { /** * Tiger */ -class BOTAN_DLL Tiger : public MDx_HashFunction +class BOTAN_DLL Tiger final : public MDx_HashFunction { public: std::string name() const override; - size_t output_length() const override { return hash_len; } + size_t output_length() const override { return m_hash_len; } HashFunction* clone() const override { - return new Tiger(output_length(), passes); + return new Tiger(output_length(), m_passes); } void clear() override; @@ -46,8 +46,8 @@ class BOTAN_DLL Tiger : public MDx_HashFunction static const u64bit SBOX3[256]; static const u64bit SBOX4[256]; - secure_vector<u64bit> X, digest; - const size_t hash_len, passes; + secure_vector<u64bit> m_X, m_digest; + const size_t m_hash_len, m_passes; }; } diff --git a/src/lib/hash/whirlpool/whirlpool.cpp b/src/lib/hash/whirlpool/whirlpool.cpp index 9bebdfa7c..5bf4c5246 100644 --- a/src/lib/hash/whirlpool/whirlpool.cpp +++ b/src/lib/hash/whirlpool/whirlpool.cpp @@ -24,15 +24,15 @@ void Whirlpool::compress_n(const byte in[], size_t blocks) for(size_t i = 0; i != blocks; ++i) { - load_be(M.data(), in, M.size()); + load_be(m_M.data(), in, m_M.size()); u64bit K0, K1, K2, K3, K4, K5, K6, K7; - K0 = digest[0]; K1 = digest[1]; K2 = digest[2]; K3 = digest[3]; - K4 = digest[4]; K5 = digest[5]; K6 = digest[6]; K7 = digest[7]; + K0 = m_digest[0]; K1 = m_digest[1]; K2 = m_digest[2]; K3 = m_digest[3]; + K4 = m_digest[4]; K5 = m_digest[5]; K6 = m_digest[6]; K7 = m_digest[7]; u64bit B0, B1, B2, B3, B4, B5, B6, B7; - B0 = K0 ^ M[0]; B1 = K1 ^ M[1]; B2 = K2 ^ M[2]; B3 = K3 ^ M[3]; - B4 = K4 ^ M[4]; B5 = K5 ^ M[5]; B6 = K6 ^ M[6]; B7 = K7 ^ M[7]; + B0 = K0 ^ m_M[0]; B1 = K1 ^ m_M[1]; B2 = K2 ^ m_M[2]; B3 = K3 ^ m_M[3]; + B4 = K4 ^ m_M[4]; B5 = K5 ^ m_M[5]; B6 = K6 ^ m_M[6]; B7 = K7 ^ m_M[7]; for(size_t j = 0; j != 10; ++j) { @@ -110,14 +110,14 @@ void Whirlpool::compress_n(const byte in[], size_t blocks) B4 = T4; B5 = T5; B6 = T6; B7 = T7; } - digest[0] ^= B0 ^ M[0]; - digest[1] ^= B1 ^ M[1]; - digest[2] ^= B2 ^ M[2]; - digest[3] ^= B3 ^ M[3]; - digest[4] ^= B4 ^ M[4]; - digest[5] ^= B5 ^ M[5]; - digest[6] ^= B6 ^ M[6]; - digest[7] ^= B7 ^ M[7]; + m_digest[0] ^= B0 ^ m_M[0]; + m_digest[1] ^= B1 ^ m_M[1]; + m_digest[2] ^= B2 ^ m_M[2]; + m_digest[3] ^= B3 ^ m_M[3]; + m_digest[4] ^= B4 ^ m_M[4]; + m_digest[5] ^= B5 ^ m_M[5]; + m_digest[6] ^= B6 ^ m_M[6]; + m_digest[7] ^= B7 ^ m_M[7]; in += hash_block_size(); } @@ -128,7 +128,7 @@ void Whirlpool::compress_n(const byte in[], size_t blocks) */ void Whirlpool::copy_out(byte output[]) { - copy_out_vec_be(output, output_length(), digest); + copy_out_vec_be(output, output_length(), m_digest); } /* @@ -137,8 +137,8 @@ void Whirlpool::copy_out(byte output[]) void Whirlpool::clear() { MDx_HashFunction::clear(); - zeroise(M); - zeroise(digest); + zeroise(m_M); + zeroise(m_digest); } } diff --git a/src/lib/hash/whirlpool/whrlpool.h b/src/lib/hash/whirlpool/whrlpool.h index ba91da080..d7db1de28 100644 --- a/src/lib/hash/whirlpool/whrlpool.h +++ b/src/lib/hash/whirlpool/whrlpool.h @@ -15,7 +15,7 @@ namespace Botan { /** * Whirlpool */ -class BOTAN_DLL Whirlpool : public MDx_HashFunction +class BOTAN_DLL Whirlpool final : public MDx_HashFunction { public: std::string name() const override { return "Whirlpool"; } @@ -24,7 +24,7 @@ class BOTAN_DLL Whirlpool : public MDx_HashFunction void clear() override; - Whirlpool() : MDx_HashFunction(64, true, true, 32), M(8), digest(8) + Whirlpool() : MDx_HashFunction(64, true, true, 32), m_M(8), m_digest(8) { clear(); } private: void compress_n(const byte[], size_t blocks) override; @@ -39,7 +39,7 @@ class BOTAN_DLL Whirlpool : public MDx_HashFunction static const u64bit C6[256]; static const u64bit C7[256]; - secure_vector<u64bit> M, digest; + secure_vector<u64bit> m_M, m_digest; }; } diff --git a/src/lib/kdf/hkdf/hkdf.h b/src/lib/kdf/hkdf/hkdf.h index d8389a886..3e3e2b73a 100644 --- a/src/lib/kdf/hkdf/hkdf.h +++ b/src/lib/kdf/hkdf/hkdf.h @@ -18,10 +18,10 @@ namespace Botan { * HKDF, see @rfc 5869 for details * This is only the expansion portion of HKDF */ -class BOTAN_DLL HKDF : public KDF +class BOTAN_DLL HKDF final : public KDF { public: - HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {} + explicit HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {} static HKDF* make(const Spec& spec); diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index cf13c4803..45ee165e0 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -48,7 +48,7 @@ KDF::~KDF() {} std::unique_ptr<KDF> KDF::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<KDF>(make_a<KDF>(algo_spec, provider)); + return std::unique_ptr<KDF>(make_a<KDF>(Botan::KDF::Spec(algo_spec), provider)); } std::vector<std::string> KDF::providers(const std::string& algo_spec) diff --git a/src/lib/kdf/kdf1/kdf1.h b/src/lib/kdf/kdf1/kdf1.h index a22d19d97..adaa84894 100644 --- a/src/lib/kdf/kdf1/kdf1.h +++ b/src/lib/kdf/kdf1/kdf1.h @@ -16,7 +16,7 @@ namespace Botan { /** * KDF1, from IEEE 1363 */ -class BOTAN_DLL KDF1 : public KDF +class BOTAN_DLL KDF1 final : public KDF { public: std::string name() const override { return "KDF1(" + m_hash->name() + ")"; } @@ -27,7 +27,7 @@ class BOTAN_DLL KDF1 : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - KDF1(HashFunction* h) : m_hash(h) {} + explicit KDF1(HashFunction* h) : m_hash(h) {} private: std::unique_ptr<HashFunction> m_hash; }; diff --git a/src/lib/kdf/kdf2/kdf2.h b/src/lib/kdf/kdf2/kdf2.h index e8a8be1fa..7403df21c 100644 --- a/src/lib/kdf/kdf2/kdf2.h +++ b/src/lib/kdf/kdf2/kdf2.h @@ -16,7 +16,7 @@ namespace Botan { /** * KDF2, from IEEE 1363 */ -class BOTAN_DLL KDF2 : public KDF +class BOTAN_DLL KDF2 final : public KDF { public: std::string name() const override { return "KDF2(" + m_hash->name() + ")"; } @@ -27,7 +27,7 @@ class BOTAN_DLL KDF2 : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - KDF2(HashFunction* h) : m_hash(h) {} + explicit KDF2(HashFunction* h) : m_hash(h) {} private: std::unique_ptr<HashFunction> m_hash; }; diff --git a/src/lib/kdf/prf_tls/prf_tls.h b/src/lib/kdf/prf_tls/prf_tls.h index bb7cc2c4f..a51006d88 100644 --- a/src/lib/kdf/prf_tls/prf_tls.h +++ b/src/lib/kdf/prf_tls/prf_tls.h @@ -16,7 +16,7 @@ namespace Botan { /** * PRF used in TLS 1.0/1.1 */ -class BOTAN_DLL TLS_PRF : public KDF +class BOTAN_DLL TLS_PRF final : public KDF { public: std::string name() const override { return "TLS-PRF"; } @@ -36,7 +36,7 @@ class BOTAN_DLL TLS_PRF : public KDF /** * PRF used in TLS 1.2 */ -class BOTAN_DLL TLS_12_PRF : public KDF +class BOTAN_DLL TLS_12_PRF final : public KDF { public: std::string name() const override { return "TLS-12-PRF(" + m_mac->name() + ")"; } @@ -47,7 +47,7 @@ class BOTAN_DLL TLS_12_PRF : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - TLS_12_PRF(MessageAuthenticationCode* mac) : m_mac(mac) {} + explicit TLS_12_PRF(MessageAuthenticationCode* mac) : m_mac(mac) {} static TLS_12_PRF* make(const Spec& spec); private: diff --git a/src/lib/kdf/prf_x942/prf_x942.h b/src/lib/kdf/prf_x942/prf_x942.h index d0b23067c..c15be9845 100644 --- a/src/lib/kdf/prf_x942/prf_x942.h +++ b/src/lib/kdf/prf_x942/prf_x942.h @@ -15,7 +15,7 @@ namespace Botan { /** * PRF from ANSI X9.42 */ -class BOTAN_DLL X942_PRF : public KDF +class BOTAN_DLL X942_PRF final : public KDF { public: std::string name() const override { return "X942_PRF(" + m_key_wrap_oid + ")"; } @@ -26,7 +26,7 @@ class BOTAN_DLL X942_PRF : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - X942_PRF(const std::string& oid); + explicit X942_PRF(const std::string& oid); private: std::string m_key_wrap_oid; }; diff --git a/src/lib/mac/cbc_mac/cbc_mac.h b/src/lib/mac/cbc_mac/cbc_mac.h index f1c6d5230..cd2ebd18f 100644 --- a/src/lib/mac/cbc_mac/cbc_mac.h +++ b/src/lib/mac/cbc_mac/cbc_mac.h @@ -16,7 +16,7 @@ namespace Botan { /** * CBC-MAC */ -class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode +class BOTAN_DLL CBC_MAC final : public MessageAuthenticationCode { public: std::string name() const override; @@ -32,7 +32,7 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode /** * @param cipher the underlying block cipher to use */ - CBC_MAC(BlockCipher* cipher); + explicit CBC_MAC(BlockCipher* cipher); static CBC_MAC* make(const Spec& spec); private: diff --git a/src/lib/mac/cmac/cmac.h b/src/lib/mac/cmac/cmac.h index 4f8d22b76..0e973b79d 100644 --- a/src/lib/mac/cmac/cmac.h +++ b/src/lib/mac/cmac/cmac.h @@ -16,7 +16,7 @@ namespace Botan { /** * CMAC, also known as OMAC1 */ -class BOTAN_DLL CMAC : public MessageAuthenticationCode +class BOTAN_DLL CMAC final : public MessageAuthenticationCode { public: std::string name() const override; @@ -40,7 +40,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode /** * @param cipher the underlying block cipher to use */ - CMAC(BlockCipher* cipher); + explicit CMAC(BlockCipher* cipher); static CMAC* make(const Spec& spec); diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h index 3f5652352..654a167e7 100644 --- a/src/lib/mac/hmac/hmac.h +++ b/src/lib/mac/hmac/hmac.h @@ -16,7 +16,7 @@ namespace Botan { /** * HMAC */ -class BOTAN_DLL HMAC : public MessageAuthenticationCode +class BOTAN_DLL HMAC final : public MessageAuthenticationCode { public: void clear() override; @@ -34,7 +34,7 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode /** * @param hash the hash to use for HMACing */ - HMAC(HashFunction* hash); + explicit HMAC(HashFunction* hash); static HMAC* make(const Spec& spec); diff --git a/src/lib/mac/mac.cpp b/src/lib/mac/mac.cpp index 8c1185c55..a3917141d 100644 --- a/src/lib/mac/mac.cpp +++ b/src/lib/mac/mac.cpp @@ -38,7 +38,7 @@ namespace Botan { std::unique_ptr<MessageAuthenticationCode> MessageAuthenticationCode::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<MessageAuthenticationCode>(make_a<MessageAuthenticationCode>(algo_spec, provider)); + return std::unique_ptr<MessageAuthenticationCode>(make_a<MessageAuthenticationCode>(MessageAuthenticationCode::Spec(algo_spec), provider)); } std::vector<std::string> MessageAuthenticationCode::providers(const std::string& algo_spec) diff --git a/src/lib/mac/poly1305/poly1305.h b/src/lib/mac/poly1305/poly1305.h index 20bc9b5ad..740313122 100644 --- a/src/lib/mac/poly1305/poly1305.h +++ b/src/lib/mac/poly1305/poly1305.h @@ -17,7 +17,7 @@ namespace Botan { * DJB's Poly1305 * Important note: each key can only be used once */ -class BOTAN_DLL Poly1305 : public MessageAuthenticationCode +class BOTAN_DLL Poly1305 final : public MessageAuthenticationCode { public: std::string name() const override { return "Poly1305"; } diff --git a/src/lib/mac/siphash/siphash.h b/src/lib/mac/siphash/siphash.h index 574835ca4..d774fe5e7 100644 --- a/src/lib/mac/siphash/siphash.h +++ b/src/lib/mac/siphash/siphash.h @@ -12,7 +12,7 @@ namespace Botan { -class BOTAN_DLL SipHash : public MessageAuthenticationCode +class BOTAN_DLL SipHash final : public MessageAuthenticationCode { public: SipHash(size_t c = 2, size_t d = 4) : m_C(c), m_D(d) {} diff --git a/src/lib/mac/x919_mac/x919_mac.h b/src/lib/mac/x919_mac/x919_mac.h index 9cdcd1527..904931d20 100644 --- a/src/lib/mac/x919_mac/x919_mac.h +++ b/src/lib/mac/x919_mac/x919_mac.h @@ -16,7 +16,7 @@ namespace Botan { /** * DES/3DES-based MAC from ANSI X9.19 */ -class BOTAN_DLL ANSI_X919_MAC : public MessageAuthenticationCode +class BOTAN_DLL ANSI_X919_MAC final : public MessageAuthenticationCode { public: void clear() override; diff --git a/src/lib/math/ec_gfp/curve_gfp.cpp b/src/lib/math/ec_gfp/curve_gfp.cpp index 96fe873af..9bf2191c6 100644 --- a/src/lib/math/ec_gfp/curve_gfp.cpp +++ b/src/lib/math/ec_gfp/curve_gfp.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace { -class CurveGFp_Montgomery : public CurveGFp_Repr +class CurveGFp_Montgomery final : public CurveGFp_Repr { public: CurveGFp_Montgomery(const BigInt& p, const BigInt& a, const BigInt& b) : @@ -80,6 +80,9 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, return; } + const size_t x_sw = x.sig_words(); + const size_t y_sw = y.sig_words(); + const size_t output_size = 2*m_p_words + 1; ws.resize(2*(m_p_words+2)); @@ -87,8 +90,8 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, z.clear(); bigint_monty_mul(z.mutable_data(), output_size, - x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + x.data(), x.size(), x_sw, + y.data(), y.size(), y_sw, m_p.data(), m_p_words, m_p_dash, ws.data()); } @@ -102,6 +105,9 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, return; } + const size_t x_sw = x.sig_words(); + BOTAN_ASSERT(x_sw <= m_p_words, "Input in range"); + const size_t output_size = 2*m_p_words + 1; ws.resize(2*(m_p_words+2)); @@ -110,7 +116,7 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, z.clear(); bigint_monty_sqr(z.mutable_data(), output_size, - x.data(), x.size(), x.sig_words(), + x.data(), x.size(), x_sw, m_p.data(), m_p_words, m_p_dash, ws.data()); } @@ -203,7 +209,7 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, /** * The NIST P-192 curve */ -class CurveGFp_P192 : public CurveGFp_NIST +class CurveGFp_P192 final : public CurveGFp_NIST { public: CurveGFp_P192(const BigInt& a, const BigInt& b) : CurveGFp_NIST(192, a, b) {} @@ -215,7 +221,7 @@ class CurveGFp_P192 : public CurveGFp_NIST /** * The NIST P-224 curve */ -class CurveGFp_P224 : public CurveGFp_NIST +class CurveGFp_P224 final : public CurveGFp_NIST { public: CurveGFp_P224(const BigInt& a, const BigInt& b) : CurveGFp_NIST(224, a, b) {} @@ -227,7 +233,7 @@ class CurveGFp_P224 : public CurveGFp_NIST /** * The NIST P-256 curve */ -class CurveGFp_P256 : public CurveGFp_NIST +class CurveGFp_P256 final : public CurveGFp_NIST { public: CurveGFp_P256(const BigInt& a, const BigInt& b) : CurveGFp_NIST(256, a, b) {} @@ -239,7 +245,7 @@ class CurveGFp_P256 : public CurveGFp_NIST /** * The NIST P-384 curve */ -class CurveGFp_P384 : public CurveGFp_NIST +class CurveGFp_P384 final : public CurveGFp_NIST { public: CurveGFp_P384(const BigInt& a, const BigInt& b) : CurveGFp_NIST(384, a, b) {} @@ -253,7 +259,7 @@ class CurveGFp_P384 : public CurveGFp_NIST /** * The NIST P-521 curve */ -class CurveGFp_P521 : public CurveGFp_NIST +class CurveGFp_P521 final : public CurveGFp_NIST { public: CurveGFp_P521(const BigInt& a, const BigInt& b) : CurveGFp_NIST(521, a, b) {} diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index bbc11ff21..c153340e9 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -32,8 +32,11 @@ void normalize(const BigInt& p, BigInt& x, secure_vector<word>& ws, size_t bound const word* xd = x.data(); word borrow = 0; - for(size_t i = 0; i != p_words; ++i) - ws[i] = word_sub(xd[i], prime[i], &borrow); + for(size_t j = 0; j != p_words; ++j) + { + ws[j] = word_sub(xd[j], prime[j], &borrow); + } + ws[p_words] = word_sub(xd[p_words], 0, &borrow); if(borrow) @@ -72,7 +75,8 @@ void redc_p521(BigInt& x, secure_vector<word>& ws) x.mask_bits(521); - bigint_add3(x.mutable_data(), x.data(), p_words, ws.data(), p_words); + word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words); + BOTAN_ASSERT_EQUAL(carry, 0, "Final final carry in P-521 reduction"); normalize(prime_p521(), x, ws, 1); } diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 93508ba55..f15911db0 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -32,6 +32,11 @@ PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : m_coord_y(y), m_coord_z(1) { + if(x <= 0 || x >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp affine x"); + if(y <= 0 || y >= curve.get_p()) + throw Invalid_Argument("Invalid PointGFp affine y"); + m_curve.to_rep(m_coord_x, m_monty_ws); m_curve.to_rep(m_coord_y, m_monty_ws); m_curve.to_rep(m_coord_z, m_monty_ws); @@ -283,24 +288,6 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) std::vector<BigInt> ws(9); - if(scalar_bits <= 2) - { - const byte abs_val = scalar.byte_at(0); - - if(abs_val == 0) - return PointGFp::zero_of(curve); - - PointGFp result = point; - - if(abs_val == 2) - result.mult2(ws); - - if(scalar.is_negative()) - result.negate(); - - return result; - } - PointGFp R[2] = { PointGFp(curve), point }; for(size_t i = scalar_bits; i > 0; i--) @@ -434,8 +421,8 @@ PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar_in, for(size_t i = 0; i != m_h; ++i) R.mult2(m_ws); - const u32bit nibble = scalar.get_substring((windows-1)*m_h, m_h); - R.add(m_U[nibble], m_ws); + const u32bit inner_nibble = scalar.get_substring((windows-1)*m_h, m_h); + R.add(m_U[inner_nibble], m_ws); windows--; } } diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index 206e43155..c64963683 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -21,7 +21,7 @@ namespace Botan { */ struct BOTAN_DLL Illegal_Transformation : public Exception { - Illegal_Transformation(const std::string& err = + explicit Illegal_Transformation(const std::string& err = "Requested transformation is not possible") : Exception(err) {} }; @@ -31,7 +31,7 @@ struct BOTAN_DLL Illegal_Transformation : public Exception */ struct BOTAN_DLL Illegal_Point : public Exception { - Illegal_Point(const std::string& err = "Malformed ECP point detected") : + explicit Illegal_Point(const std::string& err = "Malformed ECP point detected") : Exception(err) {} }; @@ -56,7 +56,7 @@ class BOTAN_DLL PointGFp * Construct the zero point * @param curve The base curve */ - PointGFp(const CurveGFp& curve); + explicit PointGFp(const CurveGFp& curve); static PointGFp zero_of(const CurveGFp& curve) { diff --git a/src/lib/math/mp/info.txt b/src/lib/math/mp/info.txt index a47475f7b..6aa0142f3 100644 --- a/src/lib/math/mp/info.txt +++ b/src/lib/math/mp/info.txt @@ -1,11 +1,10 @@ -define BIGINT_MP 20131128 +define BIGINT_MP 20151225 <source> mp_asm.cpp mp_comba.cpp mp_karat.cpp mp_monty.cpp -mp_mulop.cpp mp_misc.cpp mp_shift.cpp </source> diff --git a/src/lib/math/mp/mp_asm.cpp b/src/lib/math/mp/mp_asm.cpp index cc573a792..cfbb027d7 100644 --- a/src/lib/math/mp/mp_asm.cpp +++ b/src/lib/math/mp/mp_asm.cpp @@ -1,6 +1,6 @@ /* -* Lowest Level MPI Algorithms -* (C) 1999-2010 Jack Lloyd +* MPI Add, Subtract, Word Multiply +* (C) 1999-2010,2016 Jack Lloyd * 2006 Luca Piccarreta * * Botan is released under the Simplified BSD License (see license.txt) @@ -9,12 +9,83 @@ #include <botan/internal/mp_core.h> #include <botan/internal/mp_asmi.h> #include <botan/internal/mp_core.h> +#include <botan/internal/ct_utils.h> #include <botan/exceptn.h> #include <botan/mem_ops.h> namespace Botan { /* +* If cond == 0, does nothing. +* If cond > 0, swaps x[0:size] with y[0:size] +* Runs in constant time +*/ +void bigint_cnd_swap(word cnd, word x[], word y[], size_t size) + { + const word mask = CT::expand_mask(cnd); + + for(size_t i = 0; i != size; ++i) + { + word a = x[i]; + word b = y[i]; + x[i] = CT::select(mask, b, a); + y[i] = CT::select(mask, a, b); + } + } + +/* +* If cond > 0 adds x[0:size] to y[0:size] and returns carry +* Runs in constant time +*/ +word bigint_cnd_add(word cnd, word x[], const word y[], size_t size) + { + const word mask = CT::expand_mask(cnd); + + word carry = 0; + for(size_t i = 0; i != size; ++i) + { + /* + Here we are relying on asm version of word_add being + a single addcl or equivalent. Fix this. + */ + const word z = word_add(x[i], y[i], &carry); + x[i] = CT::select(mask, z, x[i]); + } + + return carry & mask; + } + +/* +* If cond > 0 subs x[0:size] to y[0:size] and returns borrow +* Runs in constant time +*/ +word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size) + { + const word mask = CT::expand_mask(cnd); + + word carry = 0; + for(size_t i = 0; i != size; ++i) + { + const word z = word_sub(x[i], y[i], &carry); + x[i] = CT::select(mask, z, x[i]); + } + + return carry & mask; + } + +void bigint_cnd_abs(word cnd, word x[], size_t size) + { + const word mask = CT::expand_mask(cnd); + + word carry = mask & 1; + for(size_t i = 0; i != size; ++i) + { + const word z = word_add(~x[i], 0, &carry); + x[i] = CT::select(mask, z, x[i]); + } + } + +/* * Two Operand Addition, No Carry */ word bigint_add2_nc(word x[], size_t x_size, const word y[], size_t y_size) diff --git a/src/lib/math/mp/mp_comba.cpp b/src/lib/math/mp/mp_comba.cpp index 0170c9fcd..647cb68cd 100644 --- a/src/lib/math/mp/mp_comba.cpp +++ b/src/lib/math/mp/mp_comba.cpp @@ -1,6 +1,7 @@ /* * Comba Multiplication and Squaring -* (C) 1999-2007,2011,2014 Jack Lloyd +* +* This file was automatically generated by ./src/scripts/comba.py on 2016-01-01 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -17,14 +18,14 @@ void bigint_comba_sqr4(word z[8], const word x[4]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]); z[ 0] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); z[ 1] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); - word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]); z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); @@ -32,13 +33,13 @@ void bigint_comba_sqr4(word z[8], const word x[4]) z[ 3] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); - word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]); z[ 4] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]); z[ 5] = w2; w2 = 0; - word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]); z[ 6] = w0; z[ 7] = w1; } @@ -89,14 +90,14 @@ void bigint_comba_sqr6(word z[12], const word x[6]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]); z[ 0] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); z[ 1] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); - word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]); z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); @@ -105,7 +106,7 @@ void bigint_comba_sqr6(word z[12], const word x[6]) word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); - word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]); z[ 4] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); @@ -115,7 +116,7 @@ void bigint_comba_sqr6(word z[12], const word x[6]) word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]); z[ 6] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]); @@ -123,13 +124,13 @@ void bigint_comba_sqr6(word z[12], const word x[6]) z[ 7] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); - word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]); z[ 8] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]); z[ 9] = w0; w0 = 0; - word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]); z[10] = w1; z[11] = w2; } @@ -208,14 +209,14 @@ void bigint_comba_sqr8(word z[16], const word x[8]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]); z[ 0] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); z[ 1] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); - word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]); z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); @@ -224,7 +225,7 @@ void bigint_comba_sqr8(word z[16], const word x[8]) word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); - word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]); z[ 4] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); @@ -235,7 +236,7 @@ void bigint_comba_sqr8(word z[16], const word x[8]) word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]); z[ 6] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]); @@ -247,7 +248,7 @@ void bigint_comba_sqr8(word z[16], const word x[8]) word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]); word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]); word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); - word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]); z[ 8] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]); @@ -257,7 +258,7 @@ void bigint_comba_sqr8(word z[16], const word x[8]) word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]); word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]); - word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]); z[10] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]); @@ -265,13 +266,13 @@ void bigint_comba_sqr8(word z[16], const word x[8]) z[11] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]); + word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]); z[12] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]); z[13] = w1; w1 = 0; - word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]); + word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]); z[14] = w2; z[15] = w0; } @@ -386,14 +387,14 @@ void bigint_comba_sqr9(word z[18], const word x[9]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]); z[ 0] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); z[ 1] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); - word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]); z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); @@ -402,7 +403,7 @@ void bigint_comba_sqr9(word z[18], const word x[9]) word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); - word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]); z[ 4] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); @@ -413,7 +414,7 @@ void bigint_comba_sqr9(word z[18], const word x[9]) word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]); z[ 6] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]); @@ -426,7 +427,7 @@ void bigint_comba_sqr9(word z[18], const word x[9]) word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]); word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]); word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); - word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]); z[ 8] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]); @@ -438,7 +439,7 @@ void bigint_comba_sqr9(word z[18], const word x[9]) word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]); word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]); word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]); - word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]); z[10] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]); @@ -448,7 +449,7 @@ void bigint_comba_sqr9(word z[18], const word x[9]) word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]); word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]); + word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]); z[12] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]); @@ -456,13 +457,13 @@ void bigint_comba_sqr9(word z[18], const word x[9]) z[13] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]); - word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]); + word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]); z[14] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]); z[15] = w0; w0 = 0; - word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]); + word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]); z[16] = w1; z[17] = w2; } @@ -598,14 +599,14 @@ void bigint_comba_sqr16(word z[32], const word x[16]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + word3_muladd (&w2, &w1, &w0, x[ 0], x[ 0]); z[ 0] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); z[ 1] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); - word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + word3_muladd (&w1, &w0, &w2, x[ 1], x[ 1]); z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); @@ -614,7 +615,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); - word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + word3_muladd (&w0, &w2, &w1, x[ 2], x[ 2]); z[ 4] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); @@ -625,7 +626,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + word3_muladd (&w2, &w1, &w0, x[ 3], x[ 3]); z[ 6] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]); @@ -638,7 +639,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]); word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]); word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); - word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + word3_muladd (&w1, &w0, &w2, x[ 4], x[ 4]); z[ 8] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]); @@ -653,7 +654,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]); word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]); word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]); - word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + word3_muladd (&w0, &w2, &w1, x[ 5], x[ 5]); z[10] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]); @@ -670,7 +671,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 9]); word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]); word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]); + word3_muladd (&w2, &w1, &w0, x[ 6], x[ 6]); z[12] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]); @@ -689,7 +690,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]); word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]); word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]); - word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]); + word3_muladd (&w1, &w0, &w2, x[ 7], x[ 7]); z[14] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]); @@ -709,7 +710,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]); word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]); word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]); - word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]); + word3_muladd (&w0, &w2, &w1, x[ 8], x[ 8]); z[16] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]); @@ -727,7 +728,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 6], x[12]); word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]); word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]); - word3_muladd(&w2, &w1, &w0, x[ 9], x[ 9]); + word3_muladd (&w2, &w1, &w0, x[ 9], x[ 9]); z[18] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]); @@ -743,7 +744,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]); word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]); word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]); - word3_muladd(&w1, &w0, &w2, x[10], x[10]); + word3_muladd (&w1, &w0, &w2, x[10], x[10]); z[20] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]); @@ -757,7 +758,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]); word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]); word3_muladd_2(&w0, &w2, &w1, x[10], x[12]); - word3_muladd(&w0, &w2, &w1, x[11], x[11]); + word3_muladd (&w0, &w2, &w1, x[11], x[11]); z[22] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]); @@ -769,7 +770,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]); word3_muladd_2(&w2, &w1, &w0, x[10], x[14]); word3_muladd_2(&w2, &w1, &w0, x[11], x[13]); - word3_muladd(&w2, &w1, &w0, x[12], x[12]); + word3_muladd (&w2, &w1, &w0, x[12], x[12]); z[24] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[10], x[15]); @@ -779,7 +780,7 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w1, &w0, &w2, x[11], x[15]); word3_muladd_2(&w1, &w0, &w2, x[12], x[14]); - word3_muladd(&w1, &w0, &w2, x[13], x[13]); + word3_muladd (&w1, &w0, &w2, x[13], x[13]); z[26] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[12], x[15]); @@ -787,13 +788,13 @@ void bigint_comba_sqr16(word z[32], const word x[16]) z[27] = w0; w0 = 0; word3_muladd_2(&w0, &w2, &w1, x[13], x[15]); - word3_muladd(&w0, &w2, &w1, x[14], x[14]); + word3_muladd (&w0, &w2, &w1, x[14], x[14]); z[28] = w1; w1 = 0; word3_muladd_2(&w1, &w0, &w2, x[14], x[15]); z[29] = w2; w2 = 0; - word3_muladd(&w2, &w1, &w0, x[15], x[15]); + word3_muladd (&w2, &w1, &w0, x[15], x[15]); z[30] = w0; z[31] = w1; } diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index b97384d18..73f13742c 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -18,6 +18,36 @@ namespace Botan { */ const size_t MP_WORD_BITS = BOTAN_MP_WORD_BITS; +/* +* If cond == 0, does nothing. +* If cond > 0, swaps x[0:size] with y[0:size] +* Runs in constant time +*/ +BOTAN_DLL +void bigint_cnd_swap(word cnd, word x[], word y[], size_t size); + +/* +* If cond > 0 adds x[0:size] to y[0:size] and returns carry +* Runs in constant time +*/ +BOTAN_DLL +word bigint_cnd_add(word cnd, word x[], const word y[], size_t size); + +/* +* If cond > 0 subs x[0:size] to y[0:size] and returns borrow +* Runs in constant time +*/ +BOTAN_DLL +word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size); + +/* +* 2s complement absolute value +* If cond > 0 sets x to ~x + 1 +* Runs in constant time +*/ +BOTAN_DLL +void bigint_cnd_abs(word cnd, word x[], size_t size); + /** * Two operand addition * @param x the first operand (and output) @@ -81,15 +111,6 @@ void bigint_shr2(word y[], const word x[], size_t x_size, size_t word_shift, size_t bit_shift); /* -* Simple O(N^2) Multiplication and Squaring -*/ -void bigint_simple_mul(word z[], - const word x[], size_t x_size, - const word y[], size_t y_size); - -void bigint_simple_sqr(word z[], const word x[], size_t x_size); - -/* * Linear Multiply */ void bigint_linmul2(word x[], size_t x_size, word y); diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 96d9adae2..9135fdd6a 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -1,5 +1,5 @@ /* -* Karatsuba Multiplication/Squaring +* Multiplication and Squaring * (C) 1999-2010 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) @@ -16,6 +16,37 @@ namespace { const size_t KARATSUBA_MULTIPLY_THRESHOLD = 32; const size_t KARATSUBA_SQUARE_THRESHOLD = 32; +namespace { + +/* +* Simple O(N^2) Multiplication +*/ +void basecase_mul(word z[], + const word x[], size_t x_size, + const word y[], size_t y_size) + { + const size_t x_size_8 = x_size - (x_size % 8); + + clear_mem(z, x_size + y_size); + + for(size_t i = 0; i != y_size; ++i) + { + const word y_i = y[i]; + + word carry = 0; + + for(size_t j = 0; j != x_size_8; j += 8) + carry = word8_madd3(z + i + j, x + j, y_i, carry); + + for(size_t j = x_size_8; j != x_size; ++j) + z[i+j] = word_madd3(x[j], y_i, z[i+j], &carry); + + z[x_size+i] = carry; + } + } + +} + /* * Karatsuba Multiplication Operation */ @@ -31,7 +62,7 @@ void karatsuba_mul(word z[], const word x[], const word y[], size_t N, else if(N == 16) return bigint_comba_mul16(z, x, y); else - return bigint_simple_mul(z, x, N, y, N); + return basecase_mul(z, x, N, y, N); } const size_t N2 = N / 2; @@ -101,7 +132,7 @@ void karatsuba_sqr(word z[], const word x[], size_t N, word workspace[]) else if(N == 16) return bigint_comba_sqr16(z, x); else - return bigint_simple_sqr(z, x, N); + return basecase_mul(z, x, N, x, N); } const size_t N2 = N / 2; @@ -225,6 +256,9 @@ void bigint_mul(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw) { + // checking that z_size >= x_sw + y_sw without overflow + BOTAN_ASSERT(z_size > x_sw && z_size > y_sw && z_size-x_sw >= y_sw, "Output size is sufficient"); + if(x_sw == 1) { bigint_linmul3(z, y, y_sw, x[0]); @@ -262,7 +296,7 @@ void bigint_mul(word z[], size_t z_size, word workspace[], y_sw < KARATSUBA_MULTIPLY_THRESHOLD || !workspace) { - bigint_simple_mul(z, x, x_sw, y, y_sw); + basecase_mul(z, x, x_sw, y, y_sw); } else { @@ -271,7 +305,7 @@ void bigint_mul(word z[], size_t z_size, word workspace[], if(N) karatsuba_mul(z, x, y, N, workspace); else - bigint_simple_mul(z, x, x_sw, y, y_sw); + basecase_mul(z, x, x_sw, y, y_sw); } } @@ -281,6 +315,8 @@ void bigint_mul(word z[], size_t z_size, word workspace[], void bigint_sqr(word z[], size_t z_size, word workspace[], const word x[], size_t x_size, size_t x_sw) { + BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient"); + if(x_sw == 1) { bigint_linmul3(z, x, x_sw, x[0]); @@ -307,7 +343,7 @@ void bigint_sqr(word z[], size_t z_size, word workspace[], } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace) { - bigint_simple_sqr(z, x, x_sw); + basecase_mul(z, x, x_sw, x, x_sw); } else { @@ -316,7 +352,7 @@ void bigint_sqr(word z[], size_t z_size, word workspace[], if(N) karatsuba_sqr(z, x, N, workspace); else - bigint_simple_sqr(z, x, x_sw); + basecase_mul(z, x, x_sw, x, x_sw); } } diff --git a/src/lib/math/mp/mp_mulop.cpp b/src/lib/math/mp/mp_mulop.cpp deleted file mode 100644 index 432c7ef53..000000000 --- a/src/lib/math/mp/mp_mulop.cpp +++ /dev/null @@ -1,73 +0,0 @@ -/* -* Simple O(N^2) Multiplication and Squaring -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/mp_core.h> -#include <botan/internal/mp_madd.h> -#include <botan/internal/mp_asmi.h> -#include <botan/mem_ops.h> - -namespace Botan { - -/* -* Simple O(N^2) Multiplication -*/ -void bigint_simple_mul(word z[], const word x[], size_t x_size, - const word y[], size_t y_size) - { - const size_t x_size_8 = x_size - (x_size % 8); - - clear_mem(z, x_size + y_size); - - for(size_t i = 0; i != y_size; ++i) - { - const word y_i = y[i]; - - word carry = 0; - - for(size_t j = 0; j != x_size_8; j += 8) - carry = word8_madd3(z + i + j, x + j, y_i, carry); - - for(size_t j = x_size_8; j != x_size; ++j) - z[i+j] = word_madd3(x[j], y_i, z[i+j], &carry); - - z[x_size+i] = carry; - } - } - -/* -* Simple O(N^2) Squaring -* -* This is exactly the same algorithm as bigint_simple_mul, however -* because C/C++ compilers suck at alias analysis it is good to have -* the version where the compiler knows that x == y -* -* There is an O(n^1.5) squaring algorithm specified in Handbook of -* Applied Cryptography, chapter 14 -* -*/ -void bigint_simple_sqr(word z[], const word x[], size_t x_size) - { - const size_t x_size_8 = x_size - (x_size % 8); - - clear_mem(z, 2*x_size); - - for(size_t i = 0; i != x_size; ++i) - { - const word x_i = x[i]; - word carry = 0; - - for(size_t j = 0; j != x_size_8; j += 8) - carry = word8_madd3(z + i + j, x + j, x_i, carry); - - for(size_t j = x_size_8; j != x_size; ++j) - z[i+j] = word_madd3(x[j], x_i, z[i+j], &carry); - - z[x_size+i] = carry; - } - } - -} diff --git a/src/lib/math/numbertheory/def_powm.h b/src/lib/math/numbertheory/def_powm.h index ef5d6e39b..d60ca8173 100644 --- a/src/lib/math/numbertheory/def_powm.h +++ b/src/lib/math/numbertheory/def_powm.h @@ -29,11 +29,11 @@ class Fixed_Window_Exponentiator : public Modular_Exponentiator Fixed_Window_Exponentiator(const BigInt&, Power_Mod::Usage_Hints); private: - Modular_Reducer reducer; - BigInt exp; - size_t window_bits; - std::vector<BigInt> g; - Power_Mod::Usage_Hints hints; + Modular_Reducer m_reducer; + BigInt m_exp; + size_t m_window_bits; + std::vector<BigInt> m_g; + Power_Mod::Usage_Hints m_hints; }; /** diff --git a/src/lib/math/numbertheory/dsa_gen.cpp b/src/lib/math/numbertheory/dsa_gen.cpp index 60151355a..42bfeb4c1 100644 --- a/src/lib/math/numbertheory/dsa_gen.cpp +++ b/src/lib/math/numbertheory/dsa_gen.cpp @@ -61,19 +61,19 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, class Seed { public: - Seed(const std::vector<byte>& s) : seed(s) {} + explicit Seed(const std::vector<byte>& s) : m_seed(s) {} - operator std::vector<byte>& () { return seed; } + operator std::vector<byte>& () { return m_seed; } Seed& operator++() { - for(size_t j = seed.size(); j > 0; --j) - if(++seed[j-1]) + for(size_t j = m_seed.size(); j > 0; --j) + if(++m_seed[j-1]) break; return (*this); } private: - std::vector<byte> seed; + std::vector<byte> m_seed; }; Seed seed(seed_c); diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index 31dd72feb..ae2d33524 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -1,6 +1,6 @@ /* * Number Theory Functions -* (C) 1999-2011 Jack Lloyd +* (C) 1999-2011,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -9,6 +9,7 @@ #include <botan/reducer.h> #include <botan/internal/bit_ops.h> #include <botan/internal/mp_core.h> +#include <botan/internal/ct_utils.h> #include <algorithm> namespace Botan { @@ -74,53 +75,200 @@ BigInt lcm(const BigInt& a, const BigInt& b) return ((a * b) / gcd(a, b)); } -namespace { - /* -* If the modulus is odd, then we can avoid computing A and C. This is -* a critical path algorithm in some instances and an odd modulus is -* the common case for crypto, so worth special casing. See note 14.64 -* in Handbook of Applied Cryptography for more details. +Sets result to a^-1 * 2^k mod a +with n <= k <= 2n +Returns k + +"The Montgomery Modular Inverse - Revisited" Çetin Koç, E. Savas +http://citeseerx.ist.psu.edu/viewdoc/citations?doi=10.1.1.75.8377 + +A const time implementation of this algorithm is described in +"Constant Time Modular Inversion" Joppe W. Bos +http://www.joppebos.com/files/CTInversion.pdf */ -BigInt inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod) +size_t almost_montgomery_inverse(BigInt& result, + const BigInt& a, + const BigInt& p) { - BigInt u = mod, v = n; - BigInt B = 0, D = 1; + size_t k = 0; - while(u.is_nonzero()) + BigInt u = p, v = a, r = 0, s = 1; + + while(v > 0) { - const size_t u_zero_bits = low_zero_bits(u); - u >>= u_zero_bits; - for(size_t i = 0; i != u_zero_bits; ++i) + if(u.is_even()) { - if(B.is_odd()) - { B -= mod; } - B >>= 1; + u >>= 1; + s <<= 1; } - - const size_t v_zero_bits = low_zero_bits(v); - v >>= v_zero_bits; - for(size_t i = 0; i != v_zero_bits; ++i) + else if(v.is_even()) + { + v >>= 1; + r <<= 1; + } + else if(u > v) + { + u -= v; + u >>= 1; + r += s; + s <<= 1; + } + else { - if(D.is_odd()) - { D -= mod; } - D >>= 1; + v -= u; + v >>= 1; + s += r; + r <<= 1; } - if(u >= v) { u -= v; B -= D; } - else { v -= u; D -= B; } + ++k; } - if(v != 1) - return 0; // no modular inverse + if(r >= p) + { + r = r - p; + } - while(D.is_negative()) D += mod; - while(D >= mod) D -= mod; + result = p - r; - return D; + return k; } -} +BigInt normalized_montgomery_inverse(const BigInt& a, const BigInt& p) + { + BigInt r; + size_t k = almost_montgomery_inverse(r, a, p); + + for(size_t i = 0; i != k; ++i) + { + if(r.is_odd()) + r += p; + r >>= 1; + } + + return r; + } + +BigInt ct_inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod) + { + if(n.is_negative() || mod.is_negative()) + throw Invalid_Argument("ct_inverse_mod_odd_modulus: arguments must be non-negative"); + if(mod < 3 || mod.is_even()) + throw Invalid_Argument("Bad modulus to ct_inverse_mod_odd_modulus"); + + /* + This uses a modular inversion algorithm designed by Niels Möller + and implemented in Nettle. The same algorithm was later also + adapted to GMP in mpn_sec_invert. + + It can be easily implemented in a way that does not depend on + secret branches or memory lookups, providing resistance against + some forms of side channel attack. + + There is also a description of the algorithm in Appendix 5 of "Fast + Software Polynomial Multiplication on ARM Processors using the NEON Engine" + by Danilo Câmara, Conrado P. L. Gouvêa, Julio López, and Ricardo + Dahab in LNCS 8182 + http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf + + Thanks to Niels for creating the algorithm, explaining some things + about it, and the reference to the paper. + */ + + // todo allow this to be pre-calculated and passed in as arg + BigInt mp1o2 = (mod + 1) >> 1; + + const size_t mod_words = mod.sig_words(); + BOTAN_ASSERT(mod_words > 0, "Not empty"); + + BigInt a = n; + BigInt b = mod; + BigInt u = 1, v = 0; + + a.grow_to(mod_words); + u.grow_to(mod_words); + v.grow_to(mod_words); + mp1o2.grow_to(mod_words); + + secure_vector<word>& a_w = a.get_word_vector(); + secure_vector<word>& b_w = b.get_word_vector(); + secure_vector<word>& u_w = u.get_word_vector(); + secure_vector<word>& v_w = v.get_word_vector(); + + CT::poison(a_w.data(), a_w.size()); + CT::poison(b_w.data(), b_w.size()); + CT::poison(u_w.data(), u_w.size()); + CT::poison(v_w.data(), v_w.size()); + + // Only n.bits() + mod.bits() iterations are required, but avoid leaking the size of n + size_t bits = 2 * mod.bits(); + + while(bits--) + { + /* + const word odd = a.is_odd(); + a -= odd * b; + const word underflow = a.is_negative(); + b += a * underflow; + a.set_sign(BigInt::Positive); + + a >>= 1; + + if(underflow) + { + std::swap(u, v); + } + + u -= odd * v; + u += u.is_negative() * mod; + + const word odd_u = u.is_odd(); + + u >>= 1; + u += mp1o2 * odd_u; + */ + + const word odd_a = a_w[0] & 1; + + //if(odd_a) a -= b + word underflow = bigint_cnd_sub(odd_a, a_w.data(), b_w.data(), mod_words); + + //if(underflow) { b -= a; a = abs(a); swap(u, v); } + bigint_cnd_add(underflow, b_w.data(), a_w.data(), mod_words); + bigint_cnd_abs(underflow, a_w.data(), mod_words); + bigint_cnd_swap(underflow, u_w.data(), v_w.data(), mod_words); + + // a >>= 1 + bigint_shr1(a_w.data(), mod_words, 0, 1); + + //if(odd_a) u -= v; + word borrow = bigint_cnd_sub(odd_a, u_w.data(), v_w.data(), mod_words); + + // if(borrow) u += p + bigint_cnd_add(borrow, u_w.data(), mod.data(), mod_words); + + const word odd_u = u_w[0] & 1; + + // u >>= 1 + bigint_shr1(u_w.data(), mod_words, 0, 1); + + //if(odd_u) u += mp1o2; + bigint_cnd_add(odd_u, u_w.data(), mp1o2.data(), mod_words); + } + + CT::unpoison(a_w.data(), a_w.size()); + CT::unpoison(b_w.data(), b_w.size()); + CT::unpoison(u_w.data(), u_w.size()); + CT::unpoison(v_w.data(), v_w.size()); + + BOTAN_ASSERT(a.is_zero(), "A is zero"); + + if(b != 1) + return 0; + + return v; + } /* * Find the Modular Inverse @@ -136,7 +284,7 @@ BigInt inverse_mod(const BigInt& n, const BigInt& mod) return 0; // fast fail checks if(mod.is_odd()) - return inverse_mod_odd_modulus(n, mod); + return ct_inverse_mod_odd_modulus(n, mod); BigInt u = mod, v = n; BigInt A = 1, B = 0, C = 0, D = 1; diff --git a/src/lib/math/numbertheory/numthry.h b/src/lib/math/numbertheory/numthry.h index 5df0858ee..e1e6c65f6 100644 --- a/src/lib/math/numbertheory/numthry.h +++ b/src/lib/math/numbertheory/numthry.h @@ -69,12 +69,34 @@ BigInt BOTAN_DLL square(const BigInt& x); * Modular inversion * @param x a positive integer * @param modulus a positive integer -* @return y st (x*y) % modulus == 1 +* @return y st (x*y) % modulus == 1 or 0 if no such value +* Not const time */ BigInt BOTAN_DLL inverse_mod(const BigInt& x, const BigInt& modulus); /** +* Const time modular inversion +* Requires the modulus be odd +*/ +BigInt BOTAN_DLL ct_inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod); + +/** +* Return a^-1 * 2^k mod b +* Returns k, between n and 2n +* Not const time +*/ +size_t BOTAN_DLL almost_montgomery_inverse(BigInt& result, + const BigInt& a, + const BigInt& b); + +/** +* Call almost_montgomery_inverse and correct the result to a^-1 mod b +*/ +BigInt BOTAN_DLL normalized_montgomery_inverse(const BigInt& a, const BigInt& b); + + +/** * Compute the Jacobi symbol. If n is prime, this is equivalent * to the Legendre symbol. * @see http://mathworld.wolfram.com/JacobiSymbol.html diff --git a/src/lib/math/numbertheory/pow_mod.cpp b/src/lib/math/numbertheory/pow_mod.cpp index 49ff6cca2..5503f313c 100644 --- a/src/lib/math/numbertheory/pow_mod.cpp +++ b/src/lib/math/numbertheory/pow_mod.cpp @@ -34,10 +34,15 @@ Power_Mod::Power_Mod(const Power_Mod& other) */ Power_Mod& Power_Mod::operator=(const Power_Mod& other) { - delete m_core; - m_core = nullptr; - if(other.m_core) - m_core = other.m_core->copy(); + if(this != &other) + { + delete m_core; + m_core = nullptr; + if(other.m_core) + { + m_core = other.m_core->copy(); + } + } return (*this); } diff --git a/src/lib/math/numbertheory/powm_fw.cpp b/src/lib/math/numbertheory/powm_fw.cpp index 14474104e..7369959a9 100644 --- a/src/lib/math/numbertheory/powm_fw.cpp +++ b/src/lib/math/numbertheory/powm_fw.cpp @@ -16,7 +16,7 @@ namespace Botan { */ void Fixed_Window_Exponentiator::set_exponent(const BigInt& e) { - exp = e; + m_exp = e; } /* @@ -24,14 +24,14 @@ void Fixed_Window_Exponentiator::set_exponent(const BigInt& e) */ void Fixed_Window_Exponentiator::set_base(const BigInt& base) { - window_bits = Power_Mod::window_bits(exp.bits(), base.bits(), hints); + m_window_bits = Power_Mod::window_bits(m_exp.bits(), base.bits(), m_hints); - g.resize((1 << window_bits)); - g[0] = 1; - g[1] = base; + m_g.resize((1 << m_window_bits)); + m_g[0] = 1; + m_g[1] = base; - for(size_t i = 2; i != g.size(); ++i) - g[i] = reducer.multiply(g[i-1], g[0]); + for(size_t i = 2; i != m_g.size(); ++i) + m_g[i] = m_reducer.multiply(m_g[i-1], m_g[0]); } /* @@ -39,18 +39,18 @@ void Fixed_Window_Exponentiator::set_base(const BigInt& base) */ BigInt Fixed_Window_Exponentiator::execute() const { - const size_t exp_nibbles = (exp.bits() + window_bits - 1) / window_bits; + const size_t exp_nibbles = (m_exp.bits() + m_window_bits - 1) / m_window_bits; BigInt x = 1; for(size_t i = exp_nibbles; i > 0; --i) { - for(size_t j = 0; j != window_bits; ++j) - x = reducer.square(x); + for(size_t j = 0; j != m_window_bits; ++j) + x = m_reducer.square(x); - const u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits); + const u32bit nibble = m_exp.get_substring(m_window_bits*(i-1), m_window_bits); - x = reducer.multiply(x, g[nibble]); + x = m_reducer.multiply(x, m_g[nibble]); } return x; } @@ -60,10 +60,7 @@ BigInt Fixed_Window_Exponentiator::execute() const */ Fixed_Window_Exponentiator::Fixed_Window_Exponentiator(const BigInt& n, Power_Mod::Usage_Hints hints) - { - reducer = Modular_Reducer(n); - this->hints = hints; - window_bits = 0; - } + : m_reducer{Modular_Reducer(n)}, m_exp{}, m_window_bits{}, m_g{}, m_hints{hints} + {} } diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp index 332895d63..d5f1666e1 100644 --- a/src/lib/math/numbertheory/reducer.cpp +++ b/src/lib/math/numbertheory/reducer.cpp @@ -18,12 +18,12 @@ Modular_Reducer::Modular_Reducer(const BigInt& mod) if(mod <= 0) throw Invalid_Argument("Modular_Reducer: modulus must be positive"); - modulus = mod; - mod_words = modulus.sig_words(); + m_modulus = mod; + m_mod_words = m_modulus.sig_words(); - modulus_2 = Botan::square(modulus); + m_modulus_2 = Botan::square(m_modulus); - mu = BigInt::power_of_2(2 * MP_WORD_BITS * mod_words) / modulus; + m_mu = BigInt::power_of_2(2 * MP_WORD_BITS * m_mod_words) / m_modulus; } /* @@ -31,50 +31,50 @@ Modular_Reducer::Modular_Reducer(const BigInt& mod) */ BigInt Modular_Reducer::reduce(const BigInt& x) const { - if(mod_words == 0) + if(m_mod_words == 0) throw Invalid_State("Modular_Reducer: Never initalized"); - if(x.cmp(modulus, false) < 0) + if(x.cmp(m_modulus, false) < 0) { if(x.is_negative()) - return x + modulus; // make positive + return x + m_modulus; // make positive return x; } - else if(x.cmp(modulus_2, false) < 0) + else if(x.cmp(m_modulus_2, false) < 0) { BigInt t1 = x; t1.set_sign(BigInt::Positive); - t1 >>= (MP_WORD_BITS * (mod_words - 1)); - t1 *= mu; + t1 >>= (MP_WORD_BITS * (m_mod_words - 1)); + t1 *= m_mu; - t1 >>= (MP_WORD_BITS * (mod_words + 1)); - t1 *= modulus; + t1 >>= (MP_WORD_BITS * (m_mod_words + 1)); + t1 *= m_modulus; - t1.mask_bits(MP_WORD_BITS * (mod_words + 1)); + t1.mask_bits(MP_WORD_BITS * (m_mod_words + 1)); BigInt t2 = x; t2.set_sign(BigInt::Positive); - t2.mask_bits(MP_WORD_BITS * (mod_words + 1)); + t2.mask_bits(MP_WORD_BITS * (m_mod_words + 1)); t2 -= t1; if(t2.is_negative()) { - t2 += BigInt::power_of_2(MP_WORD_BITS * (mod_words + 1)); + t2 += BigInt::power_of_2(MP_WORD_BITS * (m_mod_words + 1)); } - while(t2 >= modulus) - t2 -= modulus; + while(t2 >= m_modulus) + t2 -= m_modulus; if(x.is_positive()) return t2; else - return (modulus - t2); + return (m_modulus - t2); } else { // too big, fall back to normal division - return (x % modulus); + return (x % m_modulus); } } diff --git a/src/lib/math/numbertheory/reducer.h b/src/lib/math/numbertheory/reducer.h index b45e0e186..36808f00f 100644 --- a/src/lib/math/numbertheory/reducer.h +++ b/src/lib/math/numbertheory/reducer.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL Modular_Reducer { public: - const BigInt& get_modulus() const { return modulus; } + const BigInt& get_modulus() const { return m_modulus; } BigInt reduce(const BigInt& x) const; @@ -47,13 +47,13 @@ class BOTAN_DLL Modular_Reducer BigInt cube(const BigInt& x) const { return multiply(x, this->square(x)); } - bool initialized() const { return (mod_words != 0); } + bool initialized() const { return (m_mod_words != 0); } - Modular_Reducer() { mod_words = 0; } - Modular_Reducer(const BigInt& mod); + Modular_Reducer() { m_mod_words = 0; } + explicit Modular_Reducer(const BigInt& mod); private: - BigInt modulus, modulus_2, mu; - size_t mod_words; + BigInt m_modulus, m_modulus_2, m_mu; + size_t m_mod_words; }; } diff --git a/src/lib/math/numbertheory/ressol.cpp b/src/lib/math/numbertheory/ressol.cpp index 834dd94ce..127dc899e 100644 --- a/src/lib/math/numbertheory/ressol.cpp +++ b/src/lib/math/numbertheory/ressol.cpp @@ -16,15 +16,17 @@ namespace Botan { */ BigInt ressol(const BigInt& a, const BigInt& p) { - if(a < 0) - throw Invalid_Argument("ressol(): a to solve for must be positive"); - if(p <= 1) - throw Invalid_Argument("ressol(): prime must be > 1"); - if(a == 0) return 0; + else if(a < 0) + throw Invalid_Argument("ressol(): a to solve for must be positive"); + if(p == 2) return a; + else if(p <= 1) + throw Invalid_Argument("ressol(): prime must be > 1 a"); + else if(p.is_even()) + throw Invalid_Argument("ressol(): invalid prime"); if(jacobi(a, p) != 1) // not a quadratic residue return -BigInt(1); @@ -63,10 +65,12 @@ BigInt ressol(const BigInt& a, const BigInt& p) { q = mod_p.square(q); ++i; - } - if(s <= i) - return -BigInt(1); + if(i > s) + { + return -BigInt(1); + } + } c = power_mod(c, BigInt::power_of_2(s-i-1), p); r = mod_p.multiply(r, c); diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.cpp b/src/lib/misc/fpe_fe1/fpe_fe1.cpp index 197dbb21a..c59e41e78 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.cpp +++ b/src/lib/misc/fpe_fe1/fpe_fe1.cpp @@ -85,42 +85,42 @@ class FPE_Encryptor BigInt operator()(size_t i, const BigInt& R); private: - std::unique_ptr<MessageAuthenticationCode> mac; - std::vector<byte> mac_n_t; + std::unique_ptr<MessageAuthenticationCode> m_mac; + std::vector<byte> m_mac_n_t; }; FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, const BigInt& n, const std::vector<byte>& tweak) { - mac.reset(new HMAC(new SHA_256)); - mac->set_key(key); + m_mac.reset(new HMAC(new SHA_256)); + m_mac->set_key(key); std::vector<byte> n_bin = BigInt::encode(n); if(n_bin.size() > MAX_N_BYTES) throw Exception("N is too large for FPE encryption"); - mac->update_be(static_cast<u32bit>(n_bin.size())); - mac->update(n_bin.data(), n_bin.size()); + m_mac->update_be(static_cast<u32bit>(n_bin.size())); + m_mac->update(n_bin.data(), n_bin.size()); - mac->update_be(static_cast<u32bit>(tweak.size())); - mac->update(tweak.data(), tweak.size()); + m_mac->update_be(static_cast<u32bit>(tweak.size())); + m_mac->update(tweak.data(), tweak.size()); - mac_n_t = unlock(mac->final()); + m_mac_n_t = unlock(m_mac->final()); } BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { secure_vector<byte> r_bin = BigInt::encode_locked(R); - mac->update(mac_n_t); - mac->update_be(static_cast<u32bit>(round_no)); + m_mac->update(m_mac_n_t); + m_mac->update_be(static_cast<u32bit>(round_no)); - mac->update_be(static_cast<u32bit>(r_bin.size())); - mac->update(r_bin.data(), r_bin.size()); + m_mac->update_be(static_cast<u32bit>(r_bin.size())); + m_mac->update(r_bin.data(), r_bin.size()); - secure_vector<byte> X = mac->final(); + secure_vector<byte> X = m_mac->final(); return BigInt(X.data(), X.size()); } diff --git a/src/lib/misc/openpgp/openpgp.cpp b/src/lib/misc/openpgp/openpgp.cpp index f42ce875e..7a08a93ef 100644 --- a/src/lib/misc/openpgp/openpgp.cpp +++ b/src/lib/misc/openpgp/openpgp.cpp @@ -177,7 +177,7 @@ secure_vector<byte> PGP_decode(DataSource& source, } base64.end_msg(); - if(crc != "" && crc != base64.read_all_as_string(1)) + if(!crc.empty() && crc != base64.read_all_as_string(1)) throw Decoding_Error("PGP: Corrupt CRC"); return base64.read_all(); diff --git a/src/lib/misc/srp6/srp6_files.cpp b/src/lib/misc/srp6/srp6_files.cpp index c028767ad..14ab1ac61 100644 --- a/src/lib/misc/srp6/srp6_files.cpp +++ b/src/lib/misc/srp6/srp6_files.cpp @@ -45,7 +45,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) else continue; // unknown group, ignored - entries[username] = SRP6_Data(v, salt, group_id); + m_entries[username] = SRP6_Data(v, salt, group_id); } } @@ -54,9 +54,9 @@ bool SRP6_Authenticator_File::lookup_user(const std::string& username, std::vector<byte>& salt, std::string& group_id) const { - std::map<std::string, SRP6_Data>::const_iterator i = entries.find(username); + std::map<std::string, SRP6_Data>::const_iterator i = m_entries.find(username); - if(i == entries.end()) + if(i == m_entries.end()) return false; v = i->second.v; diff --git a/src/lib/misc/srp6/srp6_files.h b/src/lib/misc/srp6/srp6_files.h index 45c3b0bfe..2b20de7a3 100644 --- a/src/lib/misc/srp6/srp6_files.h +++ b/src/lib/misc/srp6/srp6_files.h @@ -24,7 +24,7 @@ class BOTAN_DLL SRP6_Authenticator_File * @param filename will be opened and processed as a SRP * authenticator file */ - SRP6_Authenticator_File(const std::string& filename); + explicit SRP6_Authenticator_File(const std::string& filename); bool lookup_user(const std::string& username, BigInt& v, @@ -35,17 +35,22 @@ class BOTAN_DLL SRP6_Authenticator_File { SRP6_Data() {} - SRP6_Data(const BigInt& v, - const std::vector<byte>& salt, - const std::string& group_id) : - v(v), salt(salt), group_id(group_id) {} + SRP6_Data(const BigInt& v_, + const std::vector<byte>& salt_, + const std::string& group_id_) : + v(v_), salt(salt_), group_id(group_id_) {} + // public member variable: BigInt v; + + // public member variable: std::vector<byte> salt; + + // public member variable: std::string group_id; }; - std::map<std::string, SRP6_Data> entries; + std::map<std::string, SRP6_Data> m_entries; }; } diff --git a/src/lib/misc/tss/tss.cpp b/src/lib/misc/tss/tss.cpp index 6904f9f0a..e1727dc33 100644 --- a/src/lib/misc/tss/tss.cpp +++ b/src/lib/misc/tss/tss.cpp @@ -105,7 +105,7 @@ HashFunction* get_rtss_hash_by_id(byte id) RTSS_Share::RTSS_Share(const std::string& hex_input) { - contents = hex_decode_locked(hex_input); + m_contents = hex_decode_locked(hex_input); } byte RTSS_Share::share_id() const @@ -113,12 +113,12 @@ byte RTSS_Share::share_id() const if(!initialized()) throw Invalid_State("RTSS_Share::share_id not initialized"); - return contents[20]; + return m_contents[20]; } std::string RTSS_Share::to_string() const { - return hex_encode(contents.data(), contents.size()); + return hex_encode(m_contents.data(), m_contents.size()); } std::vector<RTSS_Share> @@ -137,16 +137,16 @@ RTSS_Share::split(byte M, byte N, // Create RTSS header in each share for(byte i = 0; i != N; ++i) { - shares[i].contents += std::make_pair(identifier, 16); - shares[i].contents += rtss_hash_id(hash.name()); - shares[i].contents += M; - shares[i].contents += get_byte(0, S_len); - shares[i].contents += get_byte(1, S_len); + shares[i].m_contents += std::make_pair(identifier, 16); + shares[i].m_contents += rtss_hash_id(hash.name()); + shares[i].m_contents += M; + shares[i].m_contents += get_byte(0, S_len); + shares[i].m_contents += get_byte(1, S_len); } // Choose sequential values for X starting from 1 for(byte i = 0; i != N; ++i) - shares[i].contents.push_back(i+1); + shares[i].m_contents.push_back(i+1); // secret = S || H(S) secure_vector<byte> secret(S, S + S_len); @@ -170,7 +170,7 @@ RTSS_Share::split(byte M, byte N, X_i = gfp_mul(X_i, X); } - shares[j].contents.push_back(sum); + shares[j].m_contents.push_back(sum); } } @@ -191,18 +191,18 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) if(shares[i].size() < RTSS_HEADER_SIZE) throw Decoding_Error("Missing or malformed RTSS header"); - if(!same_mem(&shares[0].contents[0], - &shares[i].contents[0], RTSS_HEADER_SIZE)) + if(!same_mem(&shares[0].m_contents[0], + &shares[i].m_contents[0], RTSS_HEADER_SIZE)) throw Decoding_Error("Different RTSS headers detected"); } - if(shares.size() < shares[0].contents[17]) + if(shares.size() < shares[0].m_contents[17]) throw Decoding_Error("Insufficient shares to do TSS reconstruction"); - u16bit secret_len = make_u16bit(shares[0].contents[18], - shares[0].contents[19]); + u16bit secret_len = make_u16bit(shares[0].m_contents[18], + shares[0].m_contents[19]); - byte hash_id = shares[0].contents[16]; + byte hash_id = shares[0].m_contents[16]; std::unique_ptr<HashFunction> hash(get_rtss_hash_by_id(hash_id)); @@ -215,7 +215,7 @@ RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i) { for(size_t j = 0; j != V.size(); ++j) - V[j] = shares[j].contents[i]; + V[j] = shares[j].m_contents[i]; byte r = 0; for(size_t k = 0; k != shares.size(); ++k) diff --git a/src/lib/misc/tss/tss.h b/src/lib/misc/tss/tss.h index 09a5dbe19..6ff47a0cc 100644 --- a/src/lib/misc/tss/tss.h +++ b/src/lib/misc/tss/tss.h @@ -46,7 +46,7 @@ class BOTAN_DLL RTSS_Share /** * @param hex_input the share encoded in hexadecimal */ - RTSS_Share(const std::string& hex_input); + explicit RTSS_Share(const std::string& hex_input); /** * @return hex representation @@ -61,14 +61,14 @@ class BOTAN_DLL RTSS_Share /** * @return size of this share in bytes */ - size_t size() const { return contents.size(); } + size_t size() const { return m_contents.size(); } /** * @return if this TSS share was initialized or not */ - bool initialized() const { return (contents.size() > 0); } + bool initialized() const { return (m_contents.size() > 0); } private: - secure_vector<byte> contents; + secure_vector<byte> m_contents; }; } diff --git a/src/lib/modes/aead/ccm/ccm.h b/src/lib/modes/aead/ccm/ccm.h index 58ca447e8..8277a8f93 100644 --- a/src/lib/modes/aead/ccm/ccm.h +++ b/src/lib/modes/aead/ccm/ccm.h @@ -74,7 +74,7 @@ class BOTAN_DLL CCM_Mode : public AEAD_Mode /** * CCM Encryption */ -class BOTAN_DLL CCM_Encryption : public CCM_Mode +class BOTAN_DLL CCM_Encryption final : public CCM_Mode { public: /** @@ -98,7 +98,7 @@ class BOTAN_DLL CCM_Encryption : public CCM_Mode /** * CCM Decryption */ -class BOTAN_DLL CCM_Decryption : public CCM_Mode +class BOTAN_DLL CCM_Decryption final : public CCM_Mode { public: /** diff --git a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h index f496590af..5aa2dc010 100644 --- a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h +++ b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h @@ -58,7 +58,7 @@ class BOTAN_DLL ChaCha20Poly1305_Mode : public AEAD_Mode /** * ChaCha20Poly1305 Encryption */ -class BOTAN_DLL ChaCha20Poly1305_Encryption : public ChaCha20Poly1305_Mode +class BOTAN_DLL ChaCha20Poly1305_Encryption final : public ChaCha20Poly1305_Mode { public: size_t output_length(size_t input_length) const override @@ -74,7 +74,7 @@ class BOTAN_DLL ChaCha20Poly1305_Encryption : public ChaCha20Poly1305_Mode /** * ChaCha20Poly1305 Decryption */ -class BOTAN_DLL ChaCha20Poly1305_Decryption : public ChaCha20Poly1305_Mode +class BOTAN_DLL ChaCha20Poly1305_Decryption final : public ChaCha20Poly1305_Mode { public: size_t output_length(size_t input_length) const override diff --git a/src/lib/modes/aead/eax/eax.h b/src/lib/modes/aead/eax/eax.h index 970bb9d43..e3d942d5e 100644 --- a/src/lib/modes/aead/eax/eax.h +++ b/src/lib/modes/aead/eax/eax.h @@ -62,7 +62,7 @@ class BOTAN_DLL EAX_Mode : public AEAD_Mode /** * EAX Encryption */ -class BOTAN_DLL EAX_Encryption : public EAX_Mode +class BOTAN_DLL EAX_Encryption final : public EAX_Mode { public: /** @@ -85,7 +85,7 @@ class BOTAN_DLL EAX_Encryption : public EAX_Mode /** * EAX Decryption */ -class BOTAN_DLL EAX_Decryption : public EAX_Mode +class BOTAN_DLL EAX_Decryption final : public EAX_Mode { public: /** diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index a77c3e4d4..1dc5efe4f 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -162,7 +162,7 @@ GCM_Mode::GCM_Mode(BlockCipher* cipher, size_t tag_size) : m_tag_size(tag_size), m_cipher_name(cipher->name()) { - if(cipher->block_size() != BS) + if(cipher->block_size() != m_BS) throw Invalid_Argument("GCM requires a 128 bit cipher so cannot be used with " + cipher->name()); @@ -187,7 +187,7 @@ std::string GCM_Mode::name() const size_t GCM_Mode::update_granularity() const { - return BS; + return m_BS; } Key_Length_Specification GCM_Mode::key_spec() const @@ -199,10 +199,10 @@ void GCM_Mode::key_schedule(const byte key[], size_t keylen) { m_ctr->set_key(key, keylen); - const std::vector<byte> zeros(BS); + const std::vector<byte> zeros(m_BS); m_ctr->set_iv(zeros.data(), zeros.size()); - secure_vector<byte> H(BS); + secure_vector<byte> H(m_BS); m_ctr->encipher(H); m_ghash->set_key(H); } @@ -217,7 +217,7 @@ secure_vector<byte> GCM_Mode::start_raw(const byte nonce[], size_t nonce_len) if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); - secure_vector<byte> y0(BS); + secure_vector<byte> y0(m_BS); if(nonce_len == 12) { @@ -231,7 +231,7 @@ secure_vector<byte> GCM_Mode::start_raw(const byte nonce[], size_t nonce_len) m_ctr->set_iv(y0.data(), y0.size()); - secure_vector<byte> m_enc_y0(BS); + secure_vector<byte> m_enc_y0(m_BS); m_ctr->encipher(m_enc_y0); m_ghash->start(m_enc_y0.data(), m_enc_y0.size()); diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h index 8e7ae8b7f..ba0d6cad8 100644 --- a/src/lib/modes/aead/gcm/gcm.h +++ b/src/lib/modes/aead/gcm/gcm.h @@ -39,7 +39,7 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode protected: GCM_Mode(BlockCipher* cipher, size_t tag_size); - const size_t BS = 16; + const size_t m_BS = 16; const size_t m_tag_size; const std::string m_cipher_name; @@ -55,7 +55,7 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode /** * GCM Encryption */ -class BOTAN_DLL GCM_Encryption : public GCM_Mode +class BOTAN_DLL GCM_Encryption final : public GCM_Mode { public: /** @@ -78,7 +78,7 @@ class BOTAN_DLL GCM_Encryption : public GCM_Mode /** * GCM Decryption */ -class BOTAN_DLL GCM_Decryption : public GCM_Mode +class BOTAN_DLL GCM_Decryption final : public GCM_Mode { public: /** diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 08157cd47..77126ec7a 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -15,7 +15,7 @@ namespace Botan { class L_computer { public: - L_computer(const BlockCipher& cipher) + explicit L_computer(const BlockCipher& cipher) { m_L_star.resize(cipher.block_size()); cipher.encrypt(m_L_star); diff --git a/src/lib/modes/aead/ocb/ocb.h b/src/lib/modes/aead/ocb/ocb.h index 53723a730..92edce970 100644 --- a/src/lib/modes/aead/ocb/ocb.h +++ b/src/lib/modes/aead/ocb/ocb.h @@ -73,7 +73,7 @@ class BOTAN_DLL OCB_Mode : public AEAD_Mode secure_vector<byte> m_stretch; }; -class BOTAN_DLL OCB_Encryption : public OCB_Mode +class BOTAN_DLL OCB_Encryption final : public OCB_Mode { public: /** @@ -95,7 +95,7 @@ class BOTAN_DLL OCB_Encryption : public OCB_Mode void encrypt(byte input[], size_t blocks); }; -class BOTAN_DLL OCB_Decryption : public OCB_Mode +class BOTAN_DLL OCB_Decryption final : public OCB_Mode { public: /** diff --git a/src/lib/modes/aead/siv/siv.h b/src/lib/modes/aead/siv/siv.h index 8336026cb..d3e4c5270 100644 --- a/src/lib/modes/aead/siv/siv.h +++ b/src/lib/modes/aead/siv/siv.h @@ -43,7 +43,7 @@ class BOTAN_DLL SIV_Mode : public AEAD_Mode size_t tag_size() const override { return 16; } protected: - SIV_Mode(BlockCipher* cipher); + explicit SIV_Mode(BlockCipher* cipher); StreamCipher& ctr() { return *m_ctr; } @@ -67,13 +67,13 @@ class BOTAN_DLL SIV_Mode : public AEAD_Mode /** * SIV Encryption */ -class BOTAN_DLL SIV_Encryption : public SIV_Mode +class BOTAN_DLL SIV_Encryption final : public SIV_Mode { public: /** * @param cipher a block cipher */ - SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {} + explicit SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; @@ -86,13 +86,13 @@ class BOTAN_DLL SIV_Encryption : public SIV_Mode /** * SIV Decryption */ -class BOTAN_DLL SIV_Decryption : public SIV_Mode +class BOTAN_DLL SIV_Decryption final : public SIV_Mode { public: /** * @param cipher a 128-bit block cipher */ - SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {} + explicit SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; diff --git a/src/lib/modes/cbc/cbc.h b/src/lib/modes/cbc/cbc.h index 7fbcc8837..961991d4a 100644 --- a/src/lib/modes/cbc/cbc.h +++ b/src/lib/modes/cbc/cbc.h @@ -77,10 +77,10 @@ class BOTAN_DLL CBC_Encryption : public CBC_Mode /** * CBC Encryption with ciphertext stealing (CBC-CS3 variant) */ -class BOTAN_DLL CTS_Encryption : public CBC_Encryption +class BOTAN_DLL CTS_Encryption final : public CBC_Encryption { public: - CTS_Encryption(BlockCipher* cipher) : CBC_Encryption(cipher, nullptr) {} + explicit CTS_Encryption(BlockCipher* cipher) : CBC_Encryption(cipher, nullptr) {} size_t output_length(size_t input_length) const override; @@ -114,10 +114,10 @@ class BOTAN_DLL CBC_Decryption : public CBC_Mode /** * CBC Decryption with ciphertext stealing (CBC-CS3 variant) */ -class BOTAN_DLL CTS_Decryption : public CBC_Decryption +class BOTAN_DLL CTS_Decryption final : public CBC_Decryption { public: - CTS_Decryption(BlockCipher* cipher) : CBC_Decryption(cipher, nullptr) {} + explicit CTS_Decryption(BlockCipher* cipher) : CBC_Decryption(cipher, nullptr) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; diff --git a/src/lib/modes/cfb/cfb.h b/src/lib/modes/cfb/cfb.h index 25c42e4b0..49321a1c9 100644 --- a/src/lib/modes/cfb/cfb.h +++ b/src/lib/modes/cfb/cfb.h @@ -58,7 +58,7 @@ class BOTAN_DLL CFB_Mode : public Cipher_Mode /** * CFB Encryption */ -class BOTAN_DLL CFB_Encryption : public CFB_Mode +class BOTAN_DLL CFB_Encryption final : public CFB_Mode { public: CFB_Encryption(BlockCipher* cipher, size_t feedback_bits) : @@ -72,7 +72,7 @@ class BOTAN_DLL CFB_Encryption : public CFB_Mode /** * CFB Decryption */ -class BOTAN_DLL CFB_Decryption : public CFB_Mode +class BOTAN_DLL CFB_Decryption final : public CFB_Mode { public: CFB_Decryption(BlockCipher* cipher, size_t feedback_bits) : diff --git a/src/lib/modes/ecb/ecb.h b/src/lib/modes/ecb/ecb.h index e885e8890..aebd4c1a5 100644 --- a/src/lib/modes/ecb/ecb.h +++ b/src/lib/modes/ecb/ecb.h @@ -49,7 +49,7 @@ class BOTAN_DLL ECB_Mode : public Cipher_Mode /** * ECB Encryption */ -class BOTAN_DLL ECB_Encryption : public ECB_Mode +class BOTAN_DLL ECB_Encryption final : public ECB_Mode { public: ECB_Encryption(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : @@ -67,7 +67,7 @@ class BOTAN_DLL ECB_Encryption : public ECB_Mode /** * ECB Decryption */ -class BOTAN_DLL ECB_Decryption : public ECB_Mode +class BOTAN_DLL ECB_Decryption final : public ECB_Mode { public: ECB_Decryption(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : diff --git a/src/lib/modes/mode_pad/mode_pad.h b/src/lib/modes/mode_pad/mode_pad.h index 91102c66c..0a775b1ea 100644 --- a/src/lib/modes/mode_pad/mode_pad.h +++ b/src/lib/modes/mode_pad/mode_pad.h @@ -56,7 +56,7 @@ class BOTAN_DLL BlockCipherModePaddingMethod /** * PKCS#7 Padding */ -class BOTAN_DLL PKCS7_Padding : public BlockCipherModePaddingMethod +class BOTAN_DLL PKCS7_Padding final : public BlockCipherModePaddingMethod { public: void add_padding(secure_vector<byte>& buffer, @@ -73,7 +73,7 @@ class BOTAN_DLL PKCS7_Padding : public BlockCipherModePaddingMethod /** * ANSI X9.23 Padding */ -class BOTAN_DLL ANSI_X923_Padding : public BlockCipherModePaddingMethod +class BOTAN_DLL ANSI_X923_Padding final : public BlockCipherModePaddingMethod { public: void add_padding(secure_vector<byte>& buffer, @@ -90,7 +90,7 @@ class BOTAN_DLL ANSI_X923_Padding : public BlockCipherModePaddingMethod /** * One And Zeros Padding */ -class BOTAN_DLL OneAndZeros_Padding : public BlockCipherModePaddingMethod +class BOTAN_DLL OneAndZeros_Padding final : public BlockCipherModePaddingMethod { public: void add_padding(secure_vector<byte>& buffer, @@ -107,7 +107,7 @@ class BOTAN_DLL OneAndZeros_Padding : public BlockCipherModePaddingMethod /** * Null Padding */ -class BOTAN_DLL Null_Padding : public BlockCipherModePaddingMethod +class BOTAN_DLL Null_Padding final : public BlockCipherModePaddingMethod { public: void add_padding(secure_vector<byte>&, size_t, size_t) const override {} diff --git a/src/lib/modes/stream_mode.h b/src/lib/modes/stream_mode.h index 5450bc37d..f5f1aa33a 100644 --- a/src/lib/modes/stream_mode.h +++ b/src/lib/modes/stream_mode.h @@ -15,7 +15,7 @@ namespace Botan { class BOTAN_DLL Stream_Cipher_Mode : public Cipher_Mode { public: - Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} + explicit Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} void update(secure_vector<byte>& buf, size_t offset) override { diff --git a/src/lib/modes/xts/xts.h b/src/lib/modes/xts/xts.h index b0a46144f..e751b1644 100644 --- a/src/lib/modes/xts/xts.h +++ b/src/lib/modes/xts/xts.h @@ -33,7 +33,7 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode void clear() override; protected: - XTS_Mode(BlockCipher* cipher); + explicit XTS_Mode(BlockCipher* cipher); const byte* tweak() const { return m_tweak.data(); } @@ -52,10 +52,10 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode /** * IEEE P1619 XTS Encryption */ -class BOTAN_DLL XTS_Encryption : public XTS_Mode +class BOTAN_DLL XTS_Encryption final : public XTS_Mode { public: - XTS_Encryption(BlockCipher* cipher) : XTS_Mode(cipher) {} + explicit XTS_Encryption(BlockCipher* cipher) : XTS_Mode(cipher) {} void update(secure_vector<byte>& blocks, size_t offset = 0) override; @@ -67,10 +67,10 @@ class BOTAN_DLL XTS_Encryption : public XTS_Mode /** * IEEE P1619 XTS Decryption */ -class BOTAN_DLL XTS_Decryption : public XTS_Mode +class BOTAN_DLL XTS_Decryption final : public XTS_Mode { public: - XTS_Decryption(BlockCipher* cipher) : XTS_Mode(cipher) {} + explicit XTS_Decryption(BlockCipher* cipher) : XTS_Mode(cipher) {} void update(secure_vector<byte>& blocks, size_t offset = 0) override; diff --git a/src/lib/pbkdf/pbkdf.cpp b/src/lib/pbkdf/pbkdf.cpp index 98722fcc6..01f52853a 100644 --- a/src/lib/pbkdf/pbkdf.cpp +++ b/src/lib/pbkdf/pbkdf.cpp @@ -34,7 +34,7 @@ PBKDF::~PBKDF() {} std::unique_ptr<PBKDF> PBKDF::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<PBKDF>(make_a<PBKDF>(algo_spec, provider)); + return std::unique_ptr<PBKDF>(make_a<PBKDF>(Botan::PBKDF::Spec(algo_spec), provider)); } std::vector<std::string> PBKDF::providers(const std::string& algo_spec) diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.h b/src/lib/pbkdf/pbkdf1/pbkdf1.h index 3296f8887..cd10b3112 100644 --- a/src/lib/pbkdf/pbkdf1/pbkdf1.h +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.h @@ -18,14 +18,14 @@ namespace Botan { * Can only generate a key up to the size of the hash output. * Unless needed for backwards compatibility, use PKCS5_PBKDF2 */ -class BOTAN_DLL PKCS5_PBKDF1 : public PBKDF +class BOTAN_DLL PKCS5_PBKDF1 final : public PBKDF { public: /** * Create a PKCS #5 instance using the specified hash function. * @param hash pointer to a hash function object to use */ - PKCS5_PBKDF1(HashFunction* hash) : m_hash(hash) {} + explicit PKCS5_PBKDF1(HashFunction* hash) : m_hash(hash) {} std::string name() const override { diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp index 30cf7cbdf..5a8f529c6 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp @@ -40,7 +40,7 @@ pbkdf2(MessageAuthenticationCode& prf, { prf.set_key(reinterpret_cast<const byte*>(passphrase.data()), passphrase.size()); } - catch(Invalid_Key_Length) + catch(Invalid_Key_Length&) { throw Exception("PBKDF2 with " + prf.name() + " cannot accept passphrases of length " + @@ -122,7 +122,7 @@ PKCS5_PBKDF2::pbkdf(byte key[], size_t key_len, size_t iterations, std::chrono::milliseconds msec) const { - return pbkdf2(*mac.get(), key, key_len, passphrase, salt, salt_len, iterations, msec); + return pbkdf2(*m_mac.get(), key, key_len, passphrase, salt, salt_len, iterations, msec); } diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.h b/src/lib/pbkdf/pbkdf2/pbkdf2.h index d74410b89..4f77f338b 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.h +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.h @@ -25,17 +25,17 @@ BOTAN_DLL size_t pbkdf2(MessageAuthenticationCode& prf, /** * PKCS #5 PBKDF2 */ -class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF +class BOTAN_DLL PKCS5_PBKDF2 final : public PBKDF { public: std::string name() const override { - return "PBKDF2(" + mac->name() + ")"; + return "PBKDF2(" + m_mac->name() + ")"; } PBKDF* clone() const override { - return new PKCS5_PBKDF2(mac->clone()); + return new PKCS5_PBKDF2(m_mac->clone()); } size_t pbkdf(byte output_buf[], size_t output_len, @@ -48,11 +48,11 @@ class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF * Create a PKCS #5 instance using the specified message auth code * @param mac_fn the MAC object to use as PRF */ - PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : mac(mac_fn) {} + explicit PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : m_mac(mac_fn) {} static PKCS5_PBKDF2* make(const Spec& spec); private: - std::unique_ptr<MessageAuthenticationCode> mac; + std::unique_ptr<MessageAuthenticationCode> m_mac; }; } diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp index 4804a8a81..623c3777e 100644 --- a/src/lib/pk_pad/eme.cpp +++ b/src/lib/pk_pad/eme.cpp @@ -44,7 +44,7 @@ EME* get_eme(const std::string& algo_spec) { SCAN_Name request(algo_spec); - if(EME* eme = make_a<EME>(algo_spec)) + if(EME* eme = make_a<EME>(Botan::EME::Spec(algo_spec))) return eme; if(request.algo_name() == "Raw") diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h index 13e6efeec..22d009f5f 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.h +++ b/src/lib/pk_pad/eme_oaep/oaep.h @@ -16,7 +16,7 @@ namespace Botan { /** * OAEP (called EME1 in IEEE 1363 and in earlier versions of the library) */ -class BOTAN_DLL OAEP : public EME +class BOTAN_DLL OAEP final : public EME { public: size_t maximum_input_size(size_t) const override; diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h index 83c99e61b..148ab7e20 100644 --- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h +++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h @@ -15,7 +15,7 @@ namespace Botan { /** * EME from PKCS #1 v1.5 */ -class BOTAN_DLL EME_PKCS1v15 : public EME +class BOTAN_DLL EME_PKCS1v15 final : public EME { public: size_t maximum_input_size(size_t) const override; diff --git a/src/lib/pk_pad/eme_raw/eme_raw.h b/src/lib/pk_pad/eme_raw/eme_raw.h index 04604c72d..ae57587a3 100644 --- a/src/lib/pk_pad/eme_raw/eme_raw.h +++ b/src/lib/pk_pad/eme_raw/eme_raw.h @@ -11,7 +11,7 @@ namespace Botan { -class BOTAN_DLL EME_Raw : public EME +class BOTAN_DLL EME_Raw final : public EME { public: size_t maximum_input_size(size_t i) const override; diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp index e20286a7d..3b8641357 100644 --- a/src/lib/pk_pad/emsa.cpp +++ b/src/lib/pk_pad/emsa.cpp @@ -39,7 +39,7 @@ EMSA* get_emsa(const std::string& algo_spec) { SCAN_Name request(algo_spec); - if(EMSA* emsa = make_a<EMSA>(algo_spec)) + if(EMSA* emsa = make_a<EMSA>(Botan::EMSA::Spec(algo_spec))) return emsa; throw Algorithm_Not_Found(algo_spec); diff --git a/src/lib/pk_pad/emsa1/emsa1.h b/src/lib/pk_pad/emsa1/emsa1.h index 3e10162b2..e346167da 100644 --- a/src/lib/pk_pad/emsa1/emsa1.h +++ b/src/lib/pk_pad/emsa1/emsa1.h @@ -23,7 +23,7 @@ class BOTAN_DLL EMSA1 : public EMSA /** * @param hash the hash function to use */ - EMSA1(HashFunction* hash) : m_hash(hash) {} + explicit EMSA1(HashFunction* hash) : m_hash(hash) {} protected: size_t hash_output_length() const { return m_hash->output_length(); } diff --git a/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h b/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h index 24d8b99e2..a7fae6c23 100644 --- a/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h +++ b/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -18,13 +18,13 @@ namespace Botan { * only hash values which are less or equal than the maximum key * length. The implementation comes from InSiTo */ -class BOTAN_DLL EMSA1_BSI : public EMSA1 +class BOTAN_DLL EMSA1_BSI final : public EMSA1 { public: /** * @param hash the hash object to use */ - EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} + explicit EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} private: secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng) override; diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp index 940f91c9a..e990ef8af 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp @@ -93,13 +93,13 @@ EMSA_PKCS1v15::EMSA_PKCS1v15(HashFunction* hash) : m_hash(hash) void EMSA_PKCS1v15_Raw::update(const byte input[], size_t length) { - message += std::make_pair(input, length); + m_message += std::make_pair(input, length); } secure_vector<byte> EMSA_PKCS1v15_Raw::raw_data() { secure_vector<byte> ret; - std::swap(ret, message); + std::swap(ret, m_message); return ret; } diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h index 19886f80c..9d5bc7829 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h @@ -18,7 +18,7 @@ namespace Botan { * aka PKCS #1 block type 1 * aka EMSA3 from IEEE 1363 */ -class BOTAN_DLL EMSA_PKCS1v15 : public EMSA +class BOTAN_DLL EMSA_PKCS1v15 final : public EMSA { public: static EMSA* make(const EMSA::Spec& spec); @@ -26,7 +26,7 @@ class BOTAN_DLL EMSA_PKCS1v15 : public EMSA /** * @param hash the hash object to use */ - EMSA_PKCS1v15(HashFunction* hash); + explicit EMSA_PKCS1v15(HashFunction* hash); void update(const byte[], size_t) override; @@ -47,7 +47,7 @@ class BOTAN_DLL EMSA_PKCS1v15 : public EMSA * (which according to QCA docs is "identical to PKCS#11's CKM_RSA_PKCS * mechanism", something I have not confirmed) */ -class BOTAN_DLL EMSA_PKCS1v15_Raw : public EMSA +class BOTAN_DLL EMSA_PKCS1v15_Raw final : public EMSA { public: void update(const byte[], size_t) override; @@ -61,7 +61,7 @@ class BOTAN_DLL EMSA_PKCS1v15_Raw : public EMSA size_t) override; private: - secure_vector<byte> message; + secure_vector<byte> m_message; }; } diff --git a/src/lib/pk_pad/emsa_pssr/pssr.cpp b/src/lib/pk_pad/emsa_pssr/pssr.cpp index 36b0ab64c..ddd8c5f0b 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.cpp +++ b/src/lib/pk_pad/emsa_pssr/pssr.cpp @@ -30,7 +30,7 @@ PSSR* PSSR::make(const Spec& request) */ void PSSR::update(const byte input[], size_t length) { - hash->update(input, length); + m_hash->update(input, length); } /* @@ -38,7 +38,7 @@ void PSSR::update(const byte input[], size_t length) */ secure_vector<byte> PSSR::raw_data() { - return hash->final(); + return m_hash->final(); } /* @@ -48,28 +48,28 @@ secure_vector<byte> PSSR::encoding_of(const secure_vector<byte>& msg, size_t output_bits, RandomNumberGenerator& rng) { - const size_t HASH_SIZE = hash->output_length(); + const size_t HASH_SIZE = m_hash->output_length(); if(msg.size() != HASH_SIZE) throw Encoding_Error("PSSR::encoding_of: Bad input length"); - if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9) + if(output_bits < 8*HASH_SIZE + 8*m_SALT_SIZE + 9) throw Encoding_Error("PSSR::encoding_of: Output length is too small"); const size_t output_length = (output_bits + 7) / 8; - secure_vector<byte> salt = rng.random_vec(SALT_SIZE); + secure_vector<byte> salt = rng.random_vec(m_SALT_SIZE); for(size_t j = 0; j != 8; ++j) - hash->update(0); - hash->update(msg); - hash->update(salt); - secure_vector<byte> H = hash->final(); + m_hash->update(0); + m_hash->update(msg); + m_hash->update(salt); + secure_vector<byte> H = m_hash->final(); secure_vector<byte> EM(output_length); - EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; - buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); - mgf1_mask(*hash, H.data(), HASH_SIZE, EM.data(), output_length - HASH_SIZE - 1); + EM[output_length - HASH_SIZE - m_SALT_SIZE - 2] = 0x01; + buffer_insert(EM, output_length - 1 - HASH_SIZE - m_SALT_SIZE, salt); + mgf1_mask(*m_hash, H.data(), HASH_SIZE, EM.data(), output_length - HASH_SIZE - 1); EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); buffer_insert(EM, output_length - 1 - HASH_SIZE, H); EM[output_length-1] = 0xBC; @@ -83,7 +83,7 @@ secure_vector<byte> PSSR::encoding_of(const secure_vector<byte>& msg, bool PSSR::verify(const secure_vector<byte>& const_coded, const secure_vector<byte>& raw, size_t key_bits) { - const size_t HASH_SIZE = hash->output_length(); + const size_t HASH_SIZE = m_hash->output_length(); const size_t KEY_BYTES = (key_bits + 7) / 8; if(key_bits < 8*HASH_SIZE + 9) @@ -116,7 +116,7 @@ bool PSSR::verify(const secure_vector<byte>& const_coded, const byte* H = &coded[DB_size]; const size_t H_size = HASH_SIZE; - mgf1_mask(*hash, H, H_size, DB, DB_size); + mgf1_mask(*m_hash, H, H_size, DB, DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; @@ -131,21 +131,21 @@ bool PSSR::verify(const secure_vector<byte>& const_coded, return false; for(size_t j = 0; j != 8; ++j) - hash->update(0); - hash->update(raw); - hash->update(&DB[salt_offset], DB_size - salt_offset); - secure_vector<byte> H2 = hash->final(); + m_hash->update(0); + m_hash->update(raw); + m_hash->update(&DB[salt_offset], DB_size - salt_offset); + secure_vector<byte> H2 = m_hash->final(); return same_mem(H, H2.data(), HASH_SIZE); } PSSR::PSSR(HashFunction* h) : - SALT_SIZE(h->output_length()), hash(h) + m_SALT_SIZE(h->output_length()), m_hash(h) { } PSSR::PSSR(HashFunction* h, size_t salt_size) : - SALT_SIZE(salt_size), hash(h) + m_SALT_SIZE(salt_size), m_hash(h) { } diff --git a/src/lib/pk_pad/emsa_pssr/pssr.h b/src/lib/pk_pad/emsa_pssr/pssr.h index 066c580d8..ee234b0b6 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.h +++ b/src/lib/pk_pad/emsa_pssr/pssr.h @@ -16,14 +16,14 @@ namespace Botan { /** * PSSR (called EMSA4 in IEEE 1363 and in old versions of the library) */ -class BOTAN_DLL PSSR : public EMSA +class BOTAN_DLL PSSR final : public EMSA { public: /** * @param hash the hash object to use */ - PSSR(HashFunction* hash); + explicit PSSR(HashFunction* hash); /** * @param hash the hash object to use @@ -45,8 +45,8 @@ class BOTAN_DLL PSSR : public EMSA const secure_vector<byte>& raw, size_t key_bits) override; - size_t SALT_SIZE; - std::unique_ptr<HashFunction> hash; + size_t m_SALT_SIZE; + std::unique_ptr<HashFunction> m_hash; }; } diff --git a/src/lib/pk_pad/emsa_raw/emsa_raw.cpp b/src/lib/pk_pad/emsa_raw/emsa_raw.cpp index 4560bd3c3..8d3bbdbc3 100644 --- a/src/lib/pk_pad/emsa_raw/emsa_raw.cpp +++ b/src/lib/pk_pad/emsa_raw/emsa_raw.cpp @@ -14,7 +14,7 @@ namespace Botan { */ void EMSA_Raw::update(const byte input[], size_t length) { - message += std::make_pair(input, length); + m_message += std::make_pair(input, length); } /* @@ -23,7 +23,7 @@ void EMSA_Raw::update(const byte input[], size_t length) secure_vector<byte> EMSA_Raw::raw_data() { secure_vector<byte> output; - std::swap(message, output); + std::swap(m_message, output); return output; } diff --git a/src/lib/pk_pad/emsa_raw/emsa_raw.h b/src/lib/pk_pad/emsa_raw/emsa_raw.h index d1d6ac912..272d34b0e 100644 --- a/src/lib/pk_pad/emsa_raw/emsa_raw.h +++ b/src/lib/pk_pad/emsa_raw/emsa_raw.h @@ -16,7 +16,7 @@ namespace Botan { * EMSA-Raw - sign inputs directly * Don't use this unless you know what you are doing. */ -class BOTAN_DLL EMSA_Raw : public EMSA +class BOTAN_DLL EMSA_Raw final : public EMSA { private: void update(const byte[], size_t) override; @@ -27,7 +27,7 @@ class BOTAN_DLL EMSA_Raw : public EMSA bool verify(const secure_vector<byte>&, const secure_vector<byte>&, size_t) override; - secure_vector<byte> message; + secure_vector<byte> m_message; }; } diff --git a/src/lib/pk_pad/emsa_x931/emsa_x931.h b/src/lib/pk_pad/emsa_x931/emsa_x931.h index 29bad4a4a..400042a86 100644 --- a/src/lib/pk_pad/emsa_x931/emsa_x931.h +++ b/src/lib/pk_pad/emsa_x931/emsa_x931.h @@ -18,13 +18,13 @@ namespace Botan { * Useful for Rabin-Williams, also sometimes used with RSA in * odd protocols. */ -class BOTAN_DLL EMSA_X931 : public EMSA +class BOTAN_DLL EMSA_X931 final : public EMSA { public: /** * @param hash the hash object to use */ - EMSA_X931(HashFunction* hash); + explicit EMSA_X931(HashFunction* hash); private: void update(const byte[], size_t) override; secure_vector<byte> raw_data() override; diff --git a/src/lib/pk_pad/mgf1/mgf1.h b/src/lib/pk_pad/mgf1/mgf1.h index ed2f1d023..bddb8bba8 100644 --- a/src/lib/pk_pad/mgf1/mgf1.h +++ b/src/lib/pk_pad/mgf1/mgf1.h @@ -15,9 +15,9 @@ namespace Botan { /** * MGF1 from PKCS #1 v2.0 */ -void mgf1_mask(HashFunction& hash, - const byte in[], size_t in_len, - byte out[], size_t out_len); +void BOTAN_DLL mgf1_mask(HashFunction& hash, + const byte in[], size_t in_len, + byte out[], size_t out_len); } diff --git a/src/lib/prov/openssl/openssl.h b/src/lib/prov/openssl/openssl.h index 05d3e953f..ebaa2b756 100644 --- a/src/lib/prov/openssl/openssl.h +++ b/src/lib/prov/openssl/openssl.h @@ -29,6 +29,7 @@ class OpenSSL_Error : public Exception #define BOTAN_OPENSSL_RSA_PRIO 90 #define BOTAN_OPENSSL_ECDSA_PRIO 90 +#define BOTAN_OPENSSL_ECDH_PRIO 90 } diff --git a/src/lib/prov/openssl/openssl_block.cpp b/src/lib/prov/openssl/openssl_block.cpp index a35919e3a..c868e8977 100644 --- a/src/lib/prov/openssl/openssl_block.cpp +++ b/src/lib/prov/openssl/openssl_block.cpp @@ -17,85 +17,85 @@ namespace { class OpenSSL_BlockCipher : public BlockCipher { public: - void clear(); - std::string name() const { return cipher_name; } - BlockCipher* clone() const; - - size_t block_size() const { return block_sz; } - OpenSSL_BlockCipher(const EVP_CIPHER*, const std::string&); OpenSSL_BlockCipher(const EVP_CIPHER*, const std::string&, size_t, size_t, size_t); - Key_Length_Specification key_spec() const { return cipher_key_spec; } - ~OpenSSL_BlockCipher(); - private: - void encrypt_n(const byte in[], byte out[], size_t blocks) const + + void clear() override; + std::string name() const override { return m_cipher_name; } + BlockCipher* clone() const override; + + size_t block_size() const override { return m_block_sz; } + + Key_Length_Specification key_spec() const override { return m_cipher_key_spec; } + + void encrypt_n(const byte in[], byte out[], size_t blocks) const override { int out_len = 0; - EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz); + EVP_EncryptUpdate(&m_encrypt, out, &out_len, in, blocks * m_block_sz); } - void decrypt_n(const byte in[], byte out[], size_t blocks) const + void decrypt_n(const byte in[], byte out[], size_t blocks) const override { int out_len = 0; - EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz); + EVP_DecryptUpdate(&m_decrypt, out, &out_len, in, blocks * m_block_sz); } - void key_schedule(const byte[], size_t); + void key_schedule(const byte key[], size_t key_len) override; - size_t block_sz; - Key_Length_Specification cipher_key_spec; - std::string cipher_name; - mutable EVP_CIPHER_CTX encrypt, decrypt; + size_t m_block_sz; + Key_Length_Specification m_cipher_key_spec; + std::string m_cipher_name; + mutable EVP_CIPHER_CTX m_encrypt, m_decrypt; }; OpenSSL_BlockCipher::OpenSSL_BlockCipher(const EVP_CIPHER* algo, const std::string& algo_name) : - block_sz(EVP_CIPHER_block_size(algo)), - cipher_key_spec(EVP_CIPHER_key_length(algo)), - cipher_name(algo_name) + m_block_sz(EVP_CIPHER_block_size(algo)), + m_cipher_key_spec(EVP_CIPHER_key_length(algo)), + m_cipher_name(algo_name) { if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); + EVP_CIPHER_CTX_init(&m_encrypt); + EVP_CIPHER_CTX_init(&m_decrypt); - EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr); - EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr); + EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr); + EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr); - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); + EVP_CIPHER_CTX_set_padding(&m_encrypt, 0); + EVP_CIPHER_CTX_set_padding(&m_decrypt, 0); } OpenSSL_BlockCipher::OpenSSL_BlockCipher(const EVP_CIPHER* algo, const std::string& algo_name, size_t key_min, size_t key_max, size_t key_mod) : - block_sz(EVP_CIPHER_block_size(algo)), - cipher_key_spec(key_min, key_max, key_mod), - cipher_name(algo_name) + m_block_sz(EVP_CIPHER_block_size(algo)), + m_cipher_key_spec(key_min, key_max, key_mod), + m_cipher_name(algo_name) { if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); + EVP_CIPHER_CTX_init(&m_encrypt); + EVP_CIPHER_CTX_init(&m_decrypt); - EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr); - EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr); + EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr); + EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr); - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); + EVP_CIPHER_CTX_set_padding(&m_encrypt, 0); + EVP_CIPHER_CTX_set_padding(&m_decrypt, 0); } OpenSSL_BlockCipher::~OpenSSL_BlockCipher() { - EVP_CIPHER_CTX_cleanup(&encrypt); - EVP_CIPHER_CTX_cleanup(&decrypt); + EVP_CIPHER_CTX_cleanup(&m_encrypt); + EVP_CIPHER_CTX_cleanup(&m_decrypt); } /* @@ -105,18 +105,18 @@ void OpenSSL_BlockCipher::key_schedule(const byte key[], size_t length) { secure_vector<byte> full_key(key, key + length); - if(cipher_name == "TripleDES" && length == 16) + if(m_cipher_name == "TripleDES" && length == 16) { full_key += std::make_pair(key, 8); } else - if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 || - EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0) + if(EVP_CIPHER_CTX_set_key_length(&m_encrypt, length) == 0 || + EVP_CIPHER_CTX_set_key_length(&m_decrypt, length) == 0) throw Invalid_Argument("OpenSSL_BlockCipher: Bad key length for " + - cipher_name); + m_cipher_name); - EVP_EncryptInit_ex(&encrypt, nullptr, nullptr, full_key.data(), nullptr); - EVP_DecryptInit_ex(&decrypt, nullptr, nullptr, full_key.data(), nullptr); + EVP_EncryptInit_ex(&m_encrypt, nullptr, nullptr, full_key.data(), nullptr); + EVP_DecryptInit_ex(&m_decrypt, nullptr, nullptr, full_key.data(), nullptr); } /* @@ -124,11 +124,11 @@ void OpenSSL_BlockCipher::key_schedule(const byte key[], size_t length) */ BlockCipher* OpenSSL_BlockCipher::clone() const { - return new OpenSSL_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt), - cipher_name, - cipher_key_spec.minimum_keylength(), - cipher_key_spec.maximum_keylength(), - cipher_key_spec.keylength_multiple()); + return new OpenSSL_BlockCipher(EVP_CIPHER_CTX_cipher(&m_encrypt), + m_cipher_name, + m_cipher_key_spec.minimum_keylength(), + m_cipher_key_spec.maximum_keylength(), + m_cipher_key_spec.keylength_multiple()); } /* @@ -136,16 +136,16 @@ BlockCipher* OpenSSL_BlockCipher::clone() const */ void OpenSSL_BlockCipher::clear() { - const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt); - - EVP_CIPHER_CTX_cleanup(&encrypt); - EVP_CIPHER_CTX_cleanup(&decrypt); - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); - EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr); - EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr); - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); + const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&m_encrypt); + + EVP_CIPHER_CTX_cleanup(&m_encrypt); + EVP_CIPHER_CTX_cleanup(&m_decrypt); + EVP_CIPHER_CTX_init(&m_encrypt); + EVP_CIPHER_CTX_init(&m_decrypt); + EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr); + EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr); + EVP_CIPHER_CTX_set_padding(&m_encrypt, 0); + EVP_CIPHER_CTX_set_padding(&m_decrypt, 0); } std::function<BlockCipher* (const BlockCipher::Spec&)> @@ -169,12 +169,12 @@ make_evp_block_maker_keylen(const EVP_CIPHER* cipher, const char* algo, #define BOTAN_REGISTER_OPENSSL_EVP_BLOCK(NAME, EVP) \ BOTAN_REGISTER_TYPE(BlockCipher, EVP_BlockCipher ## EVP, NAME, \ - make_evp_block_maker(EVP(), NAME), "openssl", BOTAN_OPENSSL_BLOCK_PRIO); + make_evp_block_maker(EVP(), NAME), "openssl", BOTAN_OPENSSL_BLOCK_PRIO) #define BOTAN_REGISTER_OPENSSL_EVP_BLOCK_KEYLEN(NAME, EVP, KMIN, KMAX, KMOD) \ BOTAN_REGISTER_TYPE(BlockCipher, OpenSSL_BlockCipher ## EVP, NAME, \ make_evp_block_maker_keylen(EVP(), NAME, KMIN, KMAX, KMOD), \ - "openssl", BOTAN_OPENSSL_BLOCK_PRIO); + "openssl", BOTAN_OPENSSL_BLOCK_PRIO) #if !defined(OPENSSL_NO_AES) BOTAN_REGISTER_OPENSSL_EVP_BLOCK("AES-128", EVP_aes_128_ecb); diff --git a/src/lib/prov/openssl/openssl_ecdsa.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 8b1af24db..74d8f744a 100644 --- a/src/lib/prov/openssl/openssl_ecdsa.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -1,29 +1,49 @@ /* -* ECDSA via OpenSSL -* (C) 2015 Jack Lloyd +* ECDSA and ECDH via OpenSSL +* (C) 2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ +#include <iostream> #include <botan/internal/openssl.h> -#include <openssl/x509.h> -#if defined(BOTAN_HAS_ECDSA) && !defined(OPENSSL_NO_ECDSA) +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + #include <botan/der_enc.h> + #include <botan/pkcs8.h> + #include <botan/oids.h> + #include <botan/internal/pk_utils.h> +#endif + +#if defined(BOTAN_HAS_ECDSA) + #include <botan/ecdsa.h> +#endif -#include <botan/der_enc.h> -#include <botan/ecdsa.h> -#include <botan/pkcs8.h> -#include <botan/oids.h> -#include <botan/internal/pk_utils.h> +#if defined(BOTAN_HAS_ECDH) + #include <botan/ecdh.h> +#endif -#include <openssl/ecdsa.h> -#include <openssl/ec.h> +#include <openssl/x509.h> #include <openssl/objects.h> +#if !defined(OPENSSL_NO_EC) + #include <openssl/ec.h> +#endif + +#if !defined(OPENSSL_NO_ECDSA) + #include <openssl/ecdsa.h> +#endif + +#if !defined(OPENSSL_NO_ECDH) + #include <openssl/ecdh.h> +#endif + namespace Botan { namespace { +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + secure_vector<byte> PKCS8_for_openssl(const EC_PrivateKey& ec) { const PointGFp& pub_key = ec.public_point(); @@ -49,13 +69,11 @@ int OpenSSL_EC_nid_for(const OID& oid) return -1; static const std::map<std::string, int> nid_map = { - //{ "secp160r1", NID_secp160r1 }, - //{ "secp160r2", NID_secp160r2 }, { "secp192r1", NID_X9_62_prime192v1 }, { "secp224r1", NID_secp224r1 }, { "secp256r1", NID_X9_62_prime256v1 }, { "secp384r1", NID_secp384r1 }, - { "secp521r1", NID_secp521r1 } + { "secp521r1", NID_secp521r1 }, // TODO: OpenSSL 1.0.2 added brainpool curves }; @@ -67,6 +85,10 @@ int OpenSSL_EC_nid_for(const OID& oid) return -1; } +#endif + +#if defined(BOTAN_HAS_ECDSA) && !defined(OPENSSL_NO_ECDSA) + class OpenSSL_ECDSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: @@ -200,8 +222,83 @@ BOTAN_REGISTER_TYPE(PK_Ops::Signature, OpenSSL_ECDSA_Signing_Operation, "ECDSA", OpenSSL_ECDSA_Signing_Operation::make, "openssl", BOTAN_OPENSSL_ECDSA_PRIO); +#endif + +#if defined(BOTAN_HAS_ECDH) && !defined(OPENSSL_NO_ECDH) + +class OpenSSL_ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF + { + public: + typedef ECDH_PrivateKey Key_Type; + + static OpenSSL_ECDH_KA_Operation* make(const Spec& spec) + { + if(const ECDH_PrivateKey* ecdh = dynamic_cast<const ECDH_PrivateKey*>(&spec.key())) + { + const int nid = OpenSSL_EC_nid_for(ecdh->domain().get_oid()); + if(nid > 0) + return new OpenSSL_ECDH_KA_Operation(*ecdh, spec.padding()); + } + + return nullptr; + } + + OpenSSL_ECDH_KA_Operation(const ECDH_PrivateKey& ecdh, const std::string& kdf) : + PK_Ops::Key_Agreement_with_KDF(kdf), m_ossl_ec(::EC_KEY_new(), ::EC_KEY_free) + { + const secure_vector<byte> der = PKCS8_for_openssl(ecdh); + const byte* der_ptr = der.data(); + m_ossl_ec.reset(d2i_ECPrivateKey(nullptr, &der_ptr, der.size())); + if(!m_ossl_ec) + throw OpenSSL_Error("d2i_ECPrivateKey"); + } + + secure_vector<byte> raw_agree(const byte w[], size_t w_len) override + { + const EC_GROUP* group = ::EC_KEY_get0_group(m_ossl_ec.get()); + const size_t out_len = (::EC_GROUP_get_degree(group) + 7) / 8; + secure_vector<byte> out(out_len); + EC_POINT* pub_key = ::EC_POINT_new(group); + + if(!pub_key) + throw OpenSSL_Error("EC_POINT_new"); + + const int os2ecp_rc = + ::EC_POINT_oct2point(group, pub_key, w, w_len, nullptr); + + if(os2ecp_rc != 1) + throw OpenSSL_Error("EC_POINT_oct2point"); + + const int ecdh_rc = ::ECDH_compute_key(out.data(), + out.size(), + pub_key, + m_ossl_ec.get(), + /*KDF*/nullptr); + + if(ecdh_rc <= 0) + throw OpenSSL_Error("ECDH_compute_key"); + + const size_t ecdh_sz = static_cast<size_t>(ecdh_rc); + + if(ecdh_sz > out.size()) + throw Internal_Error("OpenSSL ECDH returned more than requested"); + + out.resize(ecdh_sz); + return out; + } + + private: + std::unique_ptr<EC_KEY, std::function<void (EC_KEY*)>> m_ossl_ec; + size_t m_order_bits = 0; + }; + +BOTAN_REGISTER_TYPE(PK_Ops::Key_Agreement, OpenSSL_ECDH_KA_Operation, "ECDH", + OpenSSL_ECDH_KA_Operation::make, + "openssl", BOTAN_OPENSSL_ECDH_PRIO); + +#endif + } } -#endif diff --git a/src/lib/prov/openssl/openssl_hash.cpp b/src/lib/prov/openssl/openssl_hash.cpp index c89dd777d..574cfed91 100644 --- a/src/lib/prov/openssl/openssl_hash.cpp +++ b/src/lib/prov/openssl/openssl_hash.cpp @@ -17,26 +17,26 @@ namespace { class OpenSSL_HashFunction : public HashFunction { public: - void clear() + void clear() override { const EVP_MD* algo = EVP_MD_CTX_md(&m_md); EVP_DigestInit_ex(&m_md, algo, nullptr); } - std::string name() const { return m_name; } + std::string name() const override { return m_name; } - HashFunction* clone() const + HashFunction* clone() const override { const EVP_MD* algo = EVP_MD_CTX_md(&m_md); return new OpenSSL_HashFunction(algo, name()); } - size_t output_length() const + size_t output_length() const override { return EVP_MD_size(EVP_MD_CTX_md(&m_md)); } - size_t hash_block_size() const + size_t hash_block_size() const override { return EVP_MD_block_size(EVP_MD_CTX_md(&m_md)); } @@ -53,12 +53,12 @@ class OpenSSL_HashFunction : public HashFunction } private: - void add_data(const byte input[], size_t length) + void add_data(const byte input[], size_t length) override { EVP_DigestUpdate(&m_md, input, length); } - void final_result(byte output[]) + void final_result(byte output[]) override { EVP_DigestFinal_ex(&m_md, output, nullptr); const EVP_MD* algo = EVP_MD_CTX_md(&m_md); @@ -80,7 +80,7 @@ make_evp_hash_maker(const EVP_MD* md, const char* algo) #define BOTAN_REGISTER_OPENSSL_EVP_HASH(NAME, EVP) \ BOTAN_REGISTER_TYPE(HashFunction, OpenSSL_HashFunction ## EVP, NAME, \ - make_evp_hash_maker(EVP(), NAME), "openssl", BOTAN_OPENSSL_HASH_PRIO); + make_evp_hash_maker(EVP(), NAME), "openssl", BOTAN_OPENSSL_HASH_PRIO) #if !defined(OPENSSL_NO_SHA) BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-160", EVP_sha1); diff --git a/src/lib/prov/openssl/openssl_rc4.cpp b/src/lib/prov/openssl/openssl_rc4.cpp index 84d739c91..e36535e08 100644 --- a/src/lib/prov/openssl/openssl_rc4.cpp +++ b/src/lib/prov/openssl/openssl_rc4.cpp @@ -21,9 +21,9 @@ namespace { class OpenSSL_RC4 : public StreamCipher { public: - void clear() { clear_mem(&m_rc4, 1); } + void clear() override { clear_mem(&m_rc4, 1); } - std::string name() const + std::string name() const override { switch(m_skip) { @@ -36,22 +36,22 @@ class OpenSSL_RC4 : public StreamCipher } } - StreamCipher* clone() const { return new OpenSSL_RC4; } + StreamCipher* clone() const override { return new OpenSSL_RC4; } - Key_Length_Specification key_spec() const + Key_Length_Specification key_spec() const override { return Key_Length_Specification(1, 32); } - OpenSSL_RC4(size_t skip = 0) : m_skip(skip) { clear(); } + explicit OpenSSL_RC4(size_t skip = 0) : m_skip(skip) { clear(); } ~OpenSSL_RC4() { clear(); } private: - void cipher(const byte in[], byte out[], size_t length) + void cipher(const byte in[], byte out[], size_t length) override { ::RC4(&m_rc4, length, in, out); } - void key_schedule(const byte key[], size_t length) + void key_schedule(const byte key[], size_t length) override { ::RC4_set_key(&m_rc4, length, key); byte d = 0; diff --git a/src/lib/prov/tpm/tpm.h b/src/lib/prov/tpm/tpm.h index ce5eabe1c..7df232be3 100644 --- a/src/lib/prov/tpm/tpm.h +++ b/src/lib/prov/tpm/tpm.h @@ -5,6 +5,9 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#ifndef BOTAN_TPM_H__ +#define BOTAN_TPM_H__ + #include <botan/exceptn.h> #include <botan/pk_keys.h> #include <botan/bigint.h> @@ -180,3 +183,5 @@ class BOTAN_DLL TPM_PrivateKey : public Private_Key // TODO: PCR measurement, writing, key locking } + +#endif diff --git a/src/lib/prov/tpm/uuid.h b/src/lib/prov/tpm/uuid.h index 3c35da1f4..0094f4f83 100644 --- a/src/lib/prov/tpm/uuid.h +++ b/src/lib/prov/tpm/uuid.h @@ -5,6 +5,9 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#ifndef BOTAN_UUID_H__ +#define BOTAN_UUID_H__ + #include <botan/secmem.h> #include <botan/hex.h> #include <sstream> @@ -99,3 +102,5 @@ class UUID }; } + +#endif diff --git a/src/lib/pubkey/blinding.cpp b/src/lib/pubkey/blinding.cpp index 4a5c5acff..b20a30fa1 100644 --- a/src/lib/pubkey/blinding.cpp +++ b/src/lib/pubkey/blinding.cpp @@ -19,11 +19,8 @@ namespace Botan { Blinder::Blinder(const BigInt& modulus, std::function<BigInt (const BigInt&)> fwd, std::function<BigInt (const BigInt&)> inv) : - m_fwd_fn(fwd), m_inv_fn(inv) + m_reducer{Modular_Reducer(modulus)}, m_rng{}, m_fwd_fn(fwd), m_inv_fn(inv), m_modulus_bits{modulus.bits()}, m_e{}, m_d{}, m_counter{} { - m_reducer = Modular_Reducer(modulus); - m_modulus_bits = modulus.bits(); - #if defined(BOTAN_HAS_SYSTEM_RNG) m_rng.reset(new System_RNG); #else diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h index c3e3d4e60..9d2868d6d 100644 --- a/src/lib/pubkey/curve25519/curve25519.h +++ b/src/lib/pubkey/curve25519/curve25519.h @@ -32,7 +32,7 @@ class BOTAN_DLL Curve25519_PublicKey : public virtual Public_Key Curve25519_PublicKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits); - Curve25519_PublicKey(const secure_vector<byte>& pub) : m_public(pub) {} + explicit Curve25519_PublicKey(const secure_vector<byte>& pub) : m_public(pub) {} protected: Curve25519_PublicKey() {} secure_vector<byte> m_public; @@ -47,9 +47,9 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey, const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); - Curve25519_PrivateKey(RandomNumberGenerator& rng); + explicit Curve25519_PrivateKey(RandomNumberGenerator& rng); - Curve25519_PrivateKey(const secure_vector<byte>& secret_key); + explicit Curve25519_PrivateKey(const secure_vector<byte>& secret_key); std::vector<byte> public_value() const override { return Curve25519_PublicKey::public_value(); } diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 78966f745..9b28e412c 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -350,9 +350,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { copy_mem(nqpqx, q, 5); for (i = 0; i < 32; ++i) { - u8 byte = n[31 - i]; + u8 byteval = n[31 - i]; for (j = 0; j < 8; ++j) { - const limb bit = byte >> 7; + const limb bit = byteval >> 7; swap_conditional(nqx, nqpqx, bit); swap_conditional(nqz, nqpqz, bit); @@ -377,7 +377,7 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { nqpqz = nqpqz2; nqpqz2 = t; - byte <<= 1; + byteval <<= 1; } } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 3888166bb..9eb4e5cd0 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -18,8 +18,8 @@ namespace Botan { */ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -27,7 +27,7 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) */ std::vector<byte> DH_PublicKey::public_value() const { - return unlock(BigInt::encode_1363(y, group_p().bytes())); + return unlock(BigInt::encode_1363(m_y, group_p().bytes())); } /* @@ -37,19 +37,19 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) + if(m_x == 0) { const BigInt& p = group_p(); - x.randomize(rng, dl_exponent_size(p.bits())); + m_x.randomize(rng, dl_exponent_size(p.bits())); } - if(y == 0) - y = power_mod(group_g(), x, group_p()); + if(m_y == 0) + m_y = power_mod(group_g(), m_x, group_p()); - if(x == 0) + if(m_x == 0) gen_check(rng); else load_check(rng); @@ -63,8 +63,8 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - if(y == 0) - y = power_mod(group_g(), x, group_p()); + if(m_y == 0) + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index 4d179fe50..d85249750 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -15,41 +15,41 @@ namespace Botan { size_t DL_Scheme_PublicKey::estimated_strength() const { - return dl_work_factor(group.get_p().bits()); + return dl_work_factor(m_group.get_p().bits()); } AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const { return AlgorithmIdentifier(get_oid(), - group.DER_encode(group_format())); + m_group.DER_encode(group_format())); } std::vector<byte> DL_Scheme_PublicKey::x509_subject_public_key() const { - return DER_Encoder().encode(y).get_contents_unlocked(); + return DER_Encoder().encode(m_y).get_contents_unlocked(); } DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits, DL_Group::Format format) { - group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.parameters, format); - BER_Decoder(key_bits).decode(y); + BER_Decoder(key_bits).decode(m_y); } secure_vector<byte> DL_Scheme_PrivateKey::pkcs8_private_key() const { - return DER_Encoder().encode(x).get_contents(); + return DER_Encoder().encode(m_x).get_contents(); } DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits, DL_Group::Format format) { - group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.parameters, format); - BER_Decoder(key_bits).decode(x); + BER_Decoder(key_bits).decode(m_x); } /* @@ -58,9 +58,9 @@ DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(y < 2 || y >= group_p()) + if(m_y < 2 || m_y >= group_p()) return false; - if(!group.verify_group(rng, strong)) + if(!m_group.verify_group(rng, strong)) return false; return true; } @@ -74,15 +74,15 @@ bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, const BigInt& p = group_p(); const BigInt& g = group_g(); - if(y < 2 || y >= p || x < 2 || x >= p) + if(m_y < 2 || m_y >= p || m_x < 2 || m_x >= p) return false; - if(!group.verify_group(rng, strong)) + if(!m_group.verify_group(rng, strong)) return false; if(!strong) return true; - if(y != power_mod(g, x, p)) + if(m_y != power_mod(g, m_x, p)) return false; return true; diff --git a/src/lib/pubkey/dl_algo/dl_algo.h b/src/lib/pubkey/dl_algo/dl_algo.h index 18886e5dc..705cce8b3 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.h +++ b/src/lib/pubkey/dl_algo/dl_algo.h @@ -29,30 +29,30 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key * Get the DL domain parameters of this key. * @return DL domain parameters of this key */ - const DL_Group& get_domain() const { return group; } + const DL_Group& get_domain() const { return m_group; } /** * Get the public value y with y = g^x mod p where x is the secret key. */ - const BigInt& get_y() const { return y; } + const BigInt& get_y() const { return m_y; } /** * Get the prime p of the underlying DL group. * @return prime p */ - const BigInt& group_p() const { return group.get_p(); } + const BigInt& group_p() const { return m_group.get_p(); } /** * Get the prime q of the underlying DL group. * @return prime q */ - const BigInt& group_q() const { return group.get_q(); } + const BigInt& group_q() const { return m_group.get_q(); } /** * Get the generator g of the underlying DL group. * @return generator g */ - const BigInt& group_g() const { return group.get_g(); } + const BigInt& group_g() const { return m_group.get_g(); } /** * Get the underlying groups encoding format. @@ -72,12 +72,12 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key /** * The DL public key */ - BigInt y; + BigInt m_y; /** * The DL group */ - DL_Group group; + DL_Group m_group; }; /** @@ -93,7 +93,7 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, * Get the secret key x. * @return secret key */ - const BigInt& get_x() const { return x; } + const BigInt& get_x() const { return m_x; } secure_vector<byte> pkcs8_private_key() const override; @@ -107,7 +107,7 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, /** * The DL private key */ - BigInt x; + BigInt m_x; }; } diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index ed9b60c7c..40660e62a 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -20,7 +20,7 @@ namespace Botan { */ DL_Group::DL_Group() { - initialized = false; + m_initialized = false; } /* @@ -48,35 +48,35 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, if(type == Strong) { - p = random_safe_prime(rng, pbits); - q = (p - 1) / 2; - g = 2; + m_p = random_safe_prime(rng, pbits); + m_q = (m_p - 1) / 2; + m_g = 2; } else if(type == Prime_Subgroup) { if(!qbits) qbits = dl_exponent_size(pbits); - q = random_prime(rng, qbits); + m_q = random_prime(rng, qbits); BigInt X; - while(p.bits() != pbits || !is_prime(p, rng)) + while(m_p.bits() != pbits || !is_prime(m_p, rng)) { X.randomize(rng, pbits); - p = X - (X % (2*q) - 1); + m_p = X - (X % (2*m_q) - 1); } - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); } else if(type == DSA_Kosherizer) { qbits = qbits ? qbits : ((pbits <= 1024) ? 160 : 256); - generate_dsa_primes(rng, p, q, pbits, qbits); + generate_dsa_primes(rng, m_p, m_q, pbits, qbits); - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); } - initialized = true; + m_initialized = true; } /* @@ -86,13 +86,13 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, const std::vector<byte>& seed, size_t pbits, size_t qbits) { - if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) + if(!generate_dsa_primes(rng, m_p, m_q, pbits, qbits, seed)) throw Invalid_Argument("DL_Group: The seed given does not " "generate a DSA group"); - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); - initialized = true; + m_initialized = true; } /* @@ -123,11 +123,11 @@ void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1) if(q1 < 0 || q1 >= p1) throw Invalid_Argument("DL_Group: Subgroup invalid"); - p = p1; - g = g1; - q = q1; + m_p = p1; + m_g = g1; + m_q = q1; - initialized = true; + m_initialized = true; } /* @@ -135,7 +135,7 @@ void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1) */ void DL_Group::init_check() const { - if(!initialized) + if(!m_initialized) throw Invalid_State("DLP group cannot be used uninitialized"); } @@ -147,16 +147,16 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, { init_check(); - if(g < 2 || p < 3 || q < 0) + if(m_g < 2 || m_p < 3 || m_q < 0) return false; - if((q != 0) && ((p - 1) % q != 0)) + if((m_q != 0) && ((m_p - 1) % m_q != 0)) return false; const size_t prob = (strong) ? 56 : 10; - if(!is_prime(p, rng, prob)) + if(!is_prime(m_p, rng, prob)) return false; - if((q > 0) && !is_prime(q, rng, prob)) + if((m_q > 0) && !is_prime(m_q, rng, prob)) return false; return true; } @@ -167,7 +167,7 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, const BigInt& DL_Group::get_p() const { init_check(); - return p; + return m_p; } /* @@ -176,7 +176,7 @@ const BigInt& DL_Group::get_p() const const BigInt& DL_Group::get_g() const { init_check(); - return g; + return m_g; } /* @@ -185,9 +185,9 @@ const BigInt& DL_Group::get_g() const const BigInt& DL_Group::get_q() const { init_check(); - if(q == 0) + if(m_q == 0) throw Invalid_State("DLP group has no q prime specified"); - return q; + return m_q; } /* @@ -197,16 +197,16 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { init_check(); - if((q == 0) && (format != PKCS_3)) + if((m_q == 0) && (format != PKCS_3)) throw Encoding_Error("The ANSI DL parameter formats require a subgroup"); if(format == ANSI_X9_57) { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(q) - .encode(g) + .encode(m_p) + .encode(m_q) + .encode(m_g) .end_cons() .get_contents_unlocked(); } @@ -214,9 +214,9 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(g) - .encode(q) + .encode(m_p) + .encode(m_g) + .encode(m_q) .end_cons() .get_contents_unlocked(); } @@ -224,8 +224,8 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(g) + .encode(m_p) + .encode(m_g) .end_cons() .get_contents_unlocked(); } diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 7201054f2..8bdd205da 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -161,8 +161,8 @@ class BOTAN_DLL DL_Group void init_check() const; void initialize(const BigInt&, const BigInt&, const BigInt&); - bool initialized; - BigInt p, q, g; + bool m_initialized; + BigInt m_p, m_q, m_g; }; } diff --git a/src/lib/pubkey/dlies/dlies.cpp b/src/lib/pubkey/dlies/dlies.cpp index 708064d27..86cd51e19 100644 --- a/src/lib/pubkey/dlies/dlies.cpp +++ b/src/lib/pubkey/dlies/dlies.cpp @@ -16,12 +16,12 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, size_t mac_kl) : - ka(key, "Raw"), - kdf(kdf_obj), - mac(mac_obj), - mac_keylen(mac_kl) + m_ka(key, "Raw"), + m_kdf(kdf_obj), + m_mac(mac_obj), + m_mac_keylen(mac_kl) { - my_key = key.public_value(); + m_my_key = key.public_value(); } /* @@ -32,31 +32,31 @@ std::vector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, { if(length > maximum_input_size()) throw Invalid_Argument("DLIES: Plaintext too large"); - if(other_key.empty()) + if(m_other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - secure_vector<byte> out(my_key.size() + length + mac->output_length()); - buffer_insert(out, 0, my_key); - buffer_insert(out, my_key.size(), in, length); + secure_vector<byte> out(m_my_key.size() + length + m_mac->output_length()); + buffer_insert(out, 0, m_my_key); + buffer_insert(out, m_my_key.size(), in, length); - secure_vector<byte> vz(my_key.begin(), my_key.end()); - vz += ka.derive_key(0, other_key).bits_of(); + secure_vector<byte> vz(m_my_key.begin(), m_my_key.end()); + vz += m_ka.derive_key(0, m_other_key).bits_of(); - const size_t K_LENGTH = length + mac_keylen; - secure_vector<byte> K = kdf->derive_key(K_LENGTH, vz); + const size_t K_LENGTH = length + m_mac_keylen; + secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); if(K.size() != K_LENGTH) throw Encoding_Error("DLIES: KDF did not provide sufficient output"); - byte* C = &out[my_key.size()]; + byte* C = &out[m_my_key.size()]; - mac->set_key(K.data(), mac_keylen); - xor_buf(C, &K[mac_keylen], length); + m_mac->set_key(K.data(), m_mac_keylen); + xor_buf(C, &K[m_mac_keylen], length); - mac->update(C, length); + m_mac->update(C, length); for(size_t j = 0; j != 8; ++j) - mac->update(0); + m_mac->update(0); - mac->final(C + length); + m_mac->final(C + length); return unlock(out); } @@ -66,7 +66,7 @@ std::vector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, */ void DLIES_Encryptor::set_other_key(const std::vector<byte>& ok) { - other_key = ok; + m_other_key = ok; } /* @@ -84,12 +84,12 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, size_t mac_kl) : - ka(key, "Raw"), - kdf(kdf_obj), - mac(mac_obj), - mac_keylen(mac_kl) + m_ka(key, "Raw"), + m_kdf(kdf_obj), + m_mac(mac_obj), + m_mac_keylen(mac_kl) { - my_key = key.public_value(); + m_my_key = key.public_value(); } /* @@ -97,35 +97,35 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, */ secure_vector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const { - if(length < my_key.size() + mac->output_length()) + if(length < m_my_key.size() + m_mac->output_length()) throw Decoding_Error("DLIES decryption: ciphertext is too short"); - const size_t CIPHER_LEN = length - my_key.size() - mac->output_length(); + const size_t CIPHER_LEN = length - m_my_key.size() - m_mac->output_length(); - std::vector<byte> v(msg, msg + my_key.size()); + std::vector<byte> v(msg, msg + m_my_key.size()); - secure_vector<byte> C(msg + my_key.size(), msg + my_key.size() + CIPHER_LEN); + secure_vector<byte> C(msg + m_my_key.size(), msg + m_my_key.size() + CIPHER_LEN); - secure_vector<byte> T(msg + my_key.size() + CIPHER_LEN, - msg + my_key.size() + CIPHER_LEN + mac->output_length()); + secure_vector<byte> T(msg + m_my_key.size() + CIPHER_LEN, + msg + m_my_key.size() + CIPHER_LEN + m_mac->output_length()); - secure_vector<byte> vz(msg, msg + my_key.size()); - vz += ka.derive_key(0, v).bits_of(); + secure_vector<byte> vz(msg, msg + m_my_key.size()); + vz += m_ka.derive_key(0, v).bits_of(); - const size_t K_LENGTH = C.size() + mac_keylen; - secure_vector<byte> K = kdf->derive_key(K_LENGTH, vz); + const size_t K_LENGTH = C.size() + m_mac_keylen; + secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); if(K.size() != K_LENGTH) throw Encoding_Error("DLIES: KDF did not provide sufficient output"); - mac->set_key(K.data(), mac_keylen); - mac->update(C); + m_mac->set_key(K.data(), m_mac_keylen); + m_mac->update(C); for(size_t j = 0; j != 8; ++j) - mac->update(0); - secure_vector<byte> T2 = mac->final(); + m_mac->update(0); + secure_vector<byte> T2 = m_mac->final(); if(T != T2) throw Decoding_Error("DLIES: message authentication failed"); - xor_buf(C, K.data() + mac_keylen, C.size()); + xor_buf(C, K.data() + m_mac_keylen, C.size()); return C; } diff --git a/src/lib/pubkey/dlies/dlies.h b/src/lib/pubkey/dlies/dlies.h index ed5928080..dd8838a28 100644 --- a/src/lib/pubkey/dlies/dlies.h +++ b/src/lib/pubkey/dlies/dlies.h @@ -32,12 +32,12 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor size_t maximum_input_size() const override; - std::vector<byte> other_key, my_key; + std::vector<byte> m_other_key, m_my_key; - PK_Key_Agreement ka; - std::unique_ptr<KDF> kdf; - std::unique_ptr<MessageAuthenticationCode> mac; - size_t mac_keylen; + PK_Key_Agreement m_ka; + std::unique_ptr<KDF> m_kdf; + std::unique_ptr<MessageAuthenticationCode> m_mac; + size_t m_mac_keylen; }; /** @@ -54,12 +54,12 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor private: secure_vector<byte> dec(const byte[], size_t) const override; - std::vector<byte> my_key; + std::vector<byte> m_my_key; - PK_Key_Agreement ka; - std::unique_ptr<KDF> kdf; - std::unique_ptr<MessageAuthenticationCode> mac; - size_t mac_keylen; + PK_Key_Agreement m_ka; + std::unique_ptr<KDF> m_kdf; + std::unique_ptr<MessageAuthenticationCode> m_mac; + size_t m_mac_keylen; }; } diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index ec0830533..471189cd8 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -20,8 +20,8 @@ namespace Botan { */ DSA_PublicKey::DSA_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -31,13 +31,13 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x = BigInt::random_integer(rng, 2, group_q() - 1); + if(m_x == 0) + m_x = BigInt::random_integer(rng, 2, group_q() - 1); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -50,7 +50,7 @@ DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -60,7 +60,7 @@ DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, */ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q()) + if(!DL_Scheme_PrivateKey::check_key(rng, strong) || m_x >= group_q()) return false; if(!strong) @@ -80,25 +80,25 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA typedef DSA_PrivateKey Key_Type; DSA_Signature_Operation(const DSA_PrivateKey& dsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - q(dsa.group_q()), - x(dsa.get_x()), - powermod_g_p(dsa.group_g(), dsa.group_p()), - mod_q(dsa.group_q()), + m_q(dsa.group_q()), + m_x(dsa.get_x()), + m_powermod_g_p(dsa.group_g(), dsa.group_p()), + m_mod_q(dsa.group_q()), m_hash(hash_for_deterministic_signature(emsa)) { } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return q.bits(); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return m_q.bits(); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& q; - const BigInt& x; - Fixed_Base_Power_Mod powermod_g_p; - Modular_Reducer mod_q; + const BigInt& m_q; + const BigInt& m_x; + Fixed_Base_Power_Mod m_powermod_g_p; + Modular_Reducer m_mod_q; std::string m_hash; }; @@ -108,23 +108,23 @@ DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt i(msg, msg_len); - while(i >= q) - i -= q; + while(i >= m_q) + i -= m_q; - const BigInt k = generate_rfc6979_nonce(x, q, i, m_hash); + const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_hash); auto future_r = std::async(std::launch::async, - [&]() { return mod_q.reduce(powermod_g_p(k)); }); + [&]() { return m_mod_q.reduce(m_powermod_g_p(k)); }); - BigInt s = inverse_mod(k, q); + BigInt s = inverse_mod(k, m_q); const BigInt r = future_r.get(); - s = mod_q.multiply(s, mul_add(x, r, i)); + s = m_mod_q.multiply(s, mul_add(m_x, r, i)); // With overwhelming probability, a bug rather than actual zero r/s BOTAN_ASSERT(s != 0, "invalid s"); BOTAN_ASSERT(r != 0, "invalid r"); - secure_vector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*m_q.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; @@ -140,54 +140,51 @@ class DSA_Verification_Operation : public PK_Ops::Verification_with_EMSA DSA_Verification_Operation(const DSA_PublicKey& dsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - q(dsa.group_q()), y(dsa.get_y()) - { - powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p()); - powermod_y_p = Fixed_Base_Power_Mod(y, dsa.group_p()); - mod_p = Modular_Reducer(dsa.group_p()); - mod_q = Modular_Reducer(dsa.group_q()); - } + m_q(dsa.group_q()), m_y(dsa.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p())}, + m_powermod_y_p{Fixed_Base_Power_Mod(m_y, dsa.group_p())}, m_mod_p{Modular_Reducer(dsa.group_p())}, + m_mod_q{Modular_Reducer(dsa.group_q())} + {} size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return q.bits(); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return m_q.bits(); } bool with_recovery() const override { return false; } bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) override; private: - const BigInt& q; - const BigInt& y; + const BigInt& m_q; + const BigInt& m_y; - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p, mod_q; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p, m_mod_q; }; bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) { - if(sig_len != 2*q.bytes() || msg_len > q.bytes()) + if(sig_len != 2*m_q.bytes() || msg_len > m_q.bytes()) return false; - BigInt r(sig, q.bytes()); - BigInt s(sig + q.bytes(), q.bytes()); + BigInt r(sig, m_q.bytes()); + BigInt s(sig + m_q.bytes(), m_q.bytes()); BigInt i(msg, msg_len); - if(r <= 0 || r >= q || s <= 0 || s >= q) + if(r <= 0 || r >= m_q || s <= 0 || s >= m_q) return false; - s = inverse_mod(s, q); + s = inverse_mod(s, m_q); auto future_s_i = std::async(std::launch::async, - [&]() { return powermod_g_p(mod_q.multiply(s, i)); }); + [&]() { return m_powermod_g_p(m_mod_q.multiply(s, i)); }); - BigInt s_r = powermod_y_p(mod_q.multiply(s, r)); + BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); BigInt s_i = future_s_i.get(); - s = mod_p.multiply(s_i, s_r); + s = m_mod_p.multiply(s_i, s_r); - return (mod_q.reduce(s) == r); + return (m_mod_q.reduce(s) == r); } BOTAN_REGISTER_PK_SIGNATURE_OP("DSA", DSA_Signature_Operation); diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index fc46675bd..c264d7314 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -23,7 +23,7 @@ EC_Group::EC_Group(const OID& domain_oid) throw Lookup_Error("No ECC domain data for " + domain_oid.as_string()); *this = EC_Group(pem); - oid = domain_oid.as_string(); + m_oid = domain_oid.as_string(); } EC_Group::EC_Group(const std::string& str) @@ -75,13 +75,13 @@ EC_Group::EC_Group(const std::vector<byte>& ber_data) .decode_octet_string_bigint(b) .end_cons() .decode(sv_base_point, OCTET_STRING) - .decode(order) - .decode(cofactor) + .decode(m_order) + .decode(m_cofactor) .end_cons() .verify_end(); - curve = CurveGFp(p, a, b); - base_point = OS2ECP(sv_base_point, curve); + m_curve = CurveGFp(p, a, b); + m_base_point = OS2ECP(sv_base_point, m_curve); } else throw Decoding_Error("Unexpected tag while decoding ECC domain params"); @@ -95,24 +95,24 @@ EC_Group::DER_encode(EC_Group_Encoding form) const const size_t ecpVers1 = 1; OID curve_type("1.2.840.10045.1.1"); - const size_t p_bytes = curve.get_p().bytes(); + const size_t p_bytes = m_curve.get_p().bytes(); return DER_Encoder() .start_cons(SEQUENCE) .encode(ecpVers1) .start_cons(SEQUENCE) .encode(curve_type) - .encode(curve.get_p()) + .encode(m_curve.get_p()) .end_cons() .start_cons(SEQUENCE) - .encode(BigInt::encode_1363(curve.get_a(), p_bytes), + .encode(BigInt::encode_1363(m_curve.get_a(), p_bytes), OCTET_STRING) - .encode(BigInt::encode_1363(curve.get_b(), p_bytes), + .encode(BigInt::encode_1363(m_curve.get_b(), p_bytes), OCTET_STRING) .end_cons() - .encode(EC2OSP(base_point, PointGFp::UNCOMPRESSED), OCTET_STRING) - .encode(order) - .encode(cofactor) + .encode(EC2OSP(m_base_point, PointGFp::UNCOMPRESSED), OCTET_STRING) + .encode(m_order) + .encode(m_cofactor) .end_cons() .get_contents_unlocked(); } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 67ade0c65..a03b97a68 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -43,24 +43,24 @@ class BOTAN_DLL EC_Group const PointGFp& base_point, const BigInt& order, const BigInt& cofactor) : - curve(curve), - base_point(base_point), - order(order), - cofactor(cofactor), - oid("") + m_curve(curve), + m_base_point(base_point), + m_order(order), + m_cofactor(cofactor), + m_oid("") {} /** * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding */ - EC_Group(const std::vector<byte>& ber_encoding); + explicit EC_Group(const std::vector<byte>& ber_encoding); /** * Create an EC domain by OID (or throw if unknown) * @param oid the OID of the EC domain to create */ - EC_Group(const OID& oid); + explicit EC_Group(const OID& oid); /** * Create an EC domain from PEM encoding (as from PEM_encode), or @@ -86,33 +86,33 @@ class BOTAN_DLL EC_Group * Return domain parameter curve * @result domain parameter curve */ - const CurveGFp& get_curve() const { return curve; } + const CurveGFp& get_curve() const { return m_curve; } /** * Return group base point * @result base point */ - const PointGFp& get_base_point() const { return base_point; } + const PointGFp& get_base_point() const { return m_base_point; } /** * Return the order of the base point * @result order of the base point */ - const BigInt& get_order() const { return order; } + const BigInt& get_order() const { return m_order; } /** * Return the cofactor * @result the cofactor */ - const BigInt& get_cofactor() const { return cofactor; } + const BigInt& get_cofactor() const { return m_cofactor; } - bool initialized() const { return !base_point.is_zero(); } + bool initialized() const { return !m_base_point.is_zero(); } /** * Return the OID of these domain parameters * @result the OID */ - std::string get_oid() const { return oid; } + std::string get_oid() const { return m_oid; } bool operator==(const EC_Group& other) const { @@ -128,10 +128,10 @@ class BOTAN_DLL EC_Group static const char* PEM_for_named_group(const std::string& name); private: - CurveGFp curve; - PointGFp base_point; - BigInt order, cofactor; - std::string oid; + CurveGFp m_curve; + PointGFp m_base_point; + BigInt m_order, m_cofactor; + std::string m_oid; }; inline bool operator!=(const EC_Group& lhs, diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index b0c053688..2dca20725 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -25,21 +25,16 @@ size_t EC_PublicKey::estimated_strength() const EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, const PointGFp& pub_point) : - domain_params(dom_par), public_key(pub_point), - domain_encoding(EC_DOMPAR_ENC_EXPLICIT) + m_domain_params(dom_par), m_public_key(pub_point), + m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) { if(domain().get_curve() != public_point().get_curve()) throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor"); } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits) - { - domain_params = EC_Group(alg_id.parameters); - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; - - public_key = OS2ECP(key_bits, domain().get_curve()); - } + const secure_vector<byte>& key_bits) : m_domain_params{EC_Group(alg_id.parameters)}, m_public_key{OS2ECP(key_bits, domain().get_curve())}, m_domain_encoding{EC_DOMPAR_ENC_EXPLICIT} + {} bool EC_PublicKey::check_key(RandomNumberGenerator&, bool) const @@ -64,20 +59,20 @@ void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) form != EC_DOMPAR_ENC_OID) throw Invalid_Argument("Invalid encoding form for EC-key object specified"); - if((form == EC_DOMPAR_ENC_OID) && (domain_params.get_oid() == "")) + if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_oid() == "")) throw Invalid_Argument("Invalid encoding form OID specified for " "EC-key object whose corresponding domain " "parameters are without oid"); - domain_encoding = form; + m_domain_encoding = form; } const BigInt& EC_PrivateKey::private_value() const { - if(private_key == 0) + if(m_private_key == 0) throw Invalid_State("EC_PrivateKey::private_value - uninitialized"); - return private_key; + return m_private_key; } /** @@ -87,17 +82,17 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, const EC_Group& ec_group, const BigInt& x) { - domain_params = ec_group; - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_params = ec_group; + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; if(x == 0) - private_key = BigInt::random_integer(rng, 1, domain().get_order()); + m_private_key = BigInt::random_integer(rng, 1, domain().get_order()); else - private_key = x; + m_private_key = x; - public_key = domain().get_base_point() * private_key; + m_public_key = domain().get_base_point() * m_private_key; - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Generated public key point was on the curve"); } @@ -106,7 +101,7 @@ secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast<size_t>(1)) - .encode(BigInt::encode_1363(private_key, private_key.bytes()), + .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), OCTET_STRING) .end_cons() .get_contents(); @@ -115,8 +110,8 @@ secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits) { - domain_params = EC_Group(alg_id.parameters); - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_params = EC_Group(alg_id.parameters); + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; OID key_parameters; secure_vector<byte> public_key_bits; @@ -124,7 +119,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits) .start_cons(SEQUENCE) .decode_and_check<size_t>(1, "Unknown version code for ECC key") - .decode_octet_string_bigint(private_key) + .decode_octet_string_bigint(m_private_key) .decode_optional(key_parameters, ASN1_Tag(0), PRIVATE) .decode_optional_string(public_key_bits, BIT_STRING, 1, PRIVATE) .end_cons(); @@ -134,14 +129,14 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, if(public_key_bits.empty()) { - public_key = domain().get_base_point() * private_key; + m_public_key = domain().get_base_point() * m_private_key; - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Public point derived from loaded key was on the curve"); } else { - public_key = OS2ECP(public_key_bits, domain().get_curve()); + m_public_key = OS2ECP(public_key_bits, domain().get_curve()); // OS2ECP verifies that the point is on the curve } } diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index 6764df0f0..3f93a908c 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -41,7 +41,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * domain parameters of this point are not set * @result the public point of this key */ - const PointGFp& public_point() const { return public_key; } + const PointGFp& public_point() const { return m_public_key; } AlgorithmIdentifier algorithm_identifier() const override; @@ -56,7 +56,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * domain parameters of this point are not set * @result the domain parameters of this key */ - const EC_Group& domain() const { return domain_params; } + const EC_Group& domain() const { return m_domain_params; } /** * Set the domain parameter encoding to be used when encoding this key. @@ -76,16 +76,17 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * @result the encoding to use */ EC_Group_Encoding domain_format() const - { return domain_encoding; } + { return m_domain_encoding; } size_t estimated_strength() const override; protected: - EC_PublicKey() : domain_encoding(EC_DOMPAR_ENC_EXPLICIT) {} + EC_PublicKey() : m_domain_params{}, m_public_key{}, m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) + {} - EC_Group domain_params; - PointGFp public_key; - EC_Group_Encoding domain_encoding; + EC_Group m_domain_params; + PointGFp m_public_key; + EC_Group_Encoding m_domain_encoding; }; /** @@ -112,7 +113,7 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, protected: EC_PrivateKey() {} - BigInt private_key; + BigInt m_private_key; }; } diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 6b589df9b..55e215bc1 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -26,23 +26,23 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), - curve(key.domain().get_curve()), - cofactor(key.domain().get_cofactor()) + m_curve(key.domain().get_curve()), + m_cofactor(key.domain().get_cofactor()) { - l_times_priv = inverse_mod(cofactor, key.domain().get_order()) * key.private_value(); + m_l_times_priv = inverse_mod(m_cofactor, key.domain().get_order()) * key.private_value(); } secure_vector<byte> raw_agree(const byte w[], size_t w_len) override { - PointGFp point = OS2ECP(w, w_len, curve); - PointGFp S = (cofactor * point) * l_times_priv; + PointGFp point = OS2ECP(w, w_len, m_curve); + PointGFp S = (m_cofactor * point) * m_l_times_priv; BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), curve.get_p().bytes()); + return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes()); } private: - const CurveGFp& curve; - const BigInt& cofactor; - BigInt l_times_priv; + const CurveGFp& m_curve; + const BigInt& m_cofactor; + BigInt m_l_times_priv; }; } diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index 4ff3cc47a..10dc195a8 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -19,8 +19,8 @@ namespace Botan { */ ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -30,13 +30,13 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x.randomize(rng, dl_exponent_size(group_p().bits())); + if(m_x == 0) + m_x.randomize(rng, dl_exponent_size(group_p().bits())); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -49,7 +49,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -78,7 +78,7 @@ class ElGamal_Encryption_Operation : public PK_Ops::Encryption_with_EME public: typedef ElGamal_PublicKey Key_Type; - size_t max_raw_input_bits() const override { return mod_p.get_modulus().bits() - 1; } + size_t max_raw_input_bits() const override { return m_mod_p.get_modulus().bits() - 1; } ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme); @@ -86,8 +86,8 @@ class ElGamal_Encryption_Operation : public PK_Ops::Encryption_with_EME RandomNumberGenerator& rng) override; private: - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p; }; ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, @@ -96,16 +96,16 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK { const BigInt& p = key.group_p(); - powermod_g_p = Fixed_Base_Power_Mod(key.group_g(), p); - powermod_y_p = Fixed_Base_Power_Mod(key.get_y(), p); - mod_p = Modular_Reducer(p); + m_powermod_g_p = Fixed_Base_Power_Mod(key.group_g(), p); + m_powermod_y_p = Fixed_Base_Power_Mod(key.get_y(), p); + m_mod_p = Modular_Reducer(p); } secure_vector<byte> ElGamal_Encryption_Operation::raw_encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { - const BigInt& p = mod_p.get_modulus(); + const BigInt& p = m_mod_p.get_modulus(); BigInt m(msg, msg_len); @@ -114,8 +114,8 @@ ElGamal_Encryption_Operation::raw_encrypt(const byte msg[], size_t msg_len, BigInt k(rng, dl_exponent_size(p.bits())); - BigInt a = powermod_g_p(k); - BigInt b = mod_p.multiply(m, powermod_y_p(k)); + BigInt a = m_powermod_g_p(k); + BigInt b = m_mod_p.multiply(m, m_powermod_y_p(k)); secure_vector<byte> output(2*p.bytes()); a.binary_encode(&output[p.bytes() - a.bytes()]); @@ -132,32 +132,32 @@ class ElGamal_Decryption_Operation : public PK_Ops::Decryption_with_EME typedef ElGamal_PrivateKey Key_Type; size_t max_raw_input_bits() const override - { return mod_p.get_modulus().bits() - 1; } + { return m_mod_p.get_modulus().bits() - 1; } ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme); secure_vector<byte> raw_decrypt(const byte msg[], size_t msg_len) override; private: - Fixed_Exponent_Power_Mod powermod_x_p; - Modular_Reducer mod_p; - Blinder blinder; + Fixed_Exponent_Power_Mod m_powermod_x_p; + Modular_Reducer m_mod_p; + Blinder m_blinder; }; ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme) : PK_Ops::Decryption_with_EME(eme), - powermod_x_p(Fixed_Exponent_Power_Mod(key.get_x(), key.group_p())), - mod_p(Modular_Reducer(key.group_p())), - blinder(key.group_p(), + m_powermod_x_p(Fixed_Exponent_Power_Mod(key.get_x(), key.group_p())), + m_mod_p(Modular_Reducer(key.group_p())), + m_blinder(key.group_p(), [](const BigInt& k) { return k; }, - [this](const BigInt& k) { return powermod_x_p(k); }) + [this](const BigInt& k) { return m_powermod_x_p(k); }) { } secure_vector<byte> ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) { - const BigInt& p = mod_p.get_modulus(); + const BigInt& p = m_mod_p.get_modulus(); const size_t p_bytes = p.bytes(); @@ -170,11 +170,11 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) if(a >= p || b >= p) throw Invalid_Argument("ElGamal decryption: Invalid message"); - a = blinder.blind(a); + a = m_blinder.blind(a); - BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)); + BigInt r = m_mod_p.multiply(b, inverse_mod(m_powermod_x_p(a), p)); - return BigInt::encode_locked(blinder.unblind(r)); + return BigInt::encode_locked(m_blinder.unblind(r)); } BOTAN_REGISTER_PK_ENCRYPTION_OP("ElGamal", ElGamal_Encryption_Operation); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index f04692d12..51db47619 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -55,7 +55,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, // The parameters also includes hash and cipher OIDs BER_Decoder(alg_id.parameters).start_cons(SEQUENCE).decode(ecc_param_id); - domain_params = EC_Group(ecc_param_id); + m_domain_params = EC_Group(ecc_param_id); secure_vector<byte> bits; BER_Decoder(key_bits).decode(bits, OCTET_STRING); @@ -72,9 +72,9 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, BigInt x(bits.data(), part_size); BigInt y(&bits[part_size], part_size); - public_key = PointGFp(domain().get_curve(), x, y); + m_public_key = PointGFp(domain().get_curve(), x, y); - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Loaded GOST 34.10 public key is on the curve"); } @@ -160,28 +160,28 @@ class GOST_3410_Verification_Operation : public PK_Ops::Verification_with_EMSA GOST_3410_Verification_Operation(const GOST_3410_PublicKey& gost, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - base_point(gost.domain().get_base_point()), - public_point(gost.public_point()), - order(gost.domain().get_order()) {} + m_base_point(gost.domain().get_base_point()), + m_public_point(gost.public_point()), + m_order(gost.domain().get_order()) {} size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return order.bytes(); } - size_t max_input_bits() const override { return order.bits(); } + size_t message_part_size() const override { return m_order.bytes(); } + size_t max_input_bits() const override { return m_order.bits(); } bool with_recovery() const override { return false; } bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) override; private: - const PointGFp& base_point; - const PointGFp& public_point; - const BigInt& order; + const PointGFp& m_base_point; + const PointGFp& m_public_point; + const BigInt& m_order; }; bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) { - if(sig_len != order.bytes()*2) + if(sig_len != m_order.bytes()*2) return false; BigInt e = decode_le(msg, msg_len); @@ -189,20 +189,20 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, BigInt s(sig, sig_len / 2); BigInt r(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= order || s <= 0 || s >= order) + if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) return false; - e %= order; + e %= m_order; if(e == 0) e = 1; - BigInt v = inverse_mod(e, order); + BigInt v = inverse_mod(e, m_order); - BigInt z1 = (s*v) % order; - BigInt z2 = (-r*v) % order; + BigInt z1 = (s*v) % m_order; + BigInt z2 = (-r*v) % m_order; - PointGFp R = multi_exponentiate(base_point, z1, - public_point, z2); + PointGFp R = multi_exponentiate(m_base_point, z1, + m_public_point, z2); if(R.is_zero()) return false; diff --git a/src/lib/pubkey/if_algo/if_algo.cpp b/src/lib/pubkey/if_algo/if_algo.cpp index 9c49b8dd4..e5f3ae20f 100644 --- a/src/lib/pubkey/if_algo/if_algo.cpp +++ b/src/lib/pubkey/if_algo/if_algo.cpp @@ -15,7 +15,7 @@ namespace Botan { size_t IF_Scheme_PublicKey::estimated_strength() const { - return if_work_factor(n.bits()); + return if_work_factor(m_n.bits()); } AlgorithmIdentifier IF_Scheme_PublicKey::algorithm_identifier() const @@ -28,8 +28,8 @@ std::vector<byte> IF_Scheme_PublicKey::x509_subject_public_key() const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(n) - .encode(e) + .encode(m_n) + .encode(m_e) .end_cons() .get_contents_unlocked(); } @@ -39,8 +39,8 @@ IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, { BER_Decoder(key_bits) .start_cons(SEQUENCE) - .decode(n) - .decode(e) + .decode(m_n) + .decode(m_e) .verify_end() .end_cons(); } @@ -50,7 +50,7 @@ IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, */ bool IF_Scheme_PublicKey::check_key(RandomNumberGenerator&, bool) const { - if(n < 35 || n.is_even() || e < 2) + if(m_n < 35 || m_n.is_even() || m_e < 2) return false; return true; } @@ -60,14 +60,14 @@ secure_vector<byte> IF_Scheme_PrivateKey::pkcs8_private_key() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast<size_t>(0)) - .encode(n) - .encode(e) - .encode(d) - .encode(p) - .encode(q) - .encode(d1) - .encode(d2) - .encode(c) + .encode(m_n) + .encode(m_e) + .encode(m_d) + .encode(m_p) + .encode(m_q) + .encode(m_d1) + .encode(m_d2) + .encode(m_c) .end_cons() .get_contents(); } @@ -79,14 +79,14 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, BER_Decoder(key_bits) .start_cons(SEQUENCE) .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version") - .decode(n) - .decode(e) - .decode(d) - .decode(p) - .decode(q) - .decode(d1) - .decode(d2) - .decode(c) + .decode(m_n) + .decode(m_e) + .decode(m_d) + .decode(m_p) + .decode(m_q) + .decode(m_d1) + .decode(m_d2) + .decode(m_c) .end_cons(); load_check(rng); @@ -97,26 +97,23 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const BigInt& prime2, const BigInt& exp, const BigInt& d_exp, - const BigInt& mod) + const BigInt& mod) : + m_d{ d_exp }, m_p{ prime1 }, m_q{ prime2 }, m_d1{}, m_d2{}, m_c{ inverse_mod( m_q, m_p ) } { - p = prime1; - q = prime2; - e = exp; - d = d_exp; - n = mod.is_nonzero() ? mod : p * q; + m_n = mod.is_nonzero() ? mod : m_p * m_q; + m_e = exp; - if(d == 0) + if(m_d == 0) { - BigInt inv_for_d = lcm(p - 1, q - 1); - if(e.is_even()) + BigInt inv_for_d = lcm(m_p - 1, m_q - 1); + if(m_e.is_even()) inv_for_d >>= 1; - d = inverse_mod(e, inv_for_d); + m_d = inverse_mod(m_e, inv_for_d); } - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); load_check(rng); } @@ -127,15 +124,15 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, bool IF_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(n < 35 || n.is_even() || e < 2 || d < 2 || p < 3 || q < 3 || p*q != n) + if(m_n < 35 || m_n.is_even() || m_e < 2 || m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n) return false; - if(d1 != d % (p - 1) || d2 != d % (q - 1) || c != inverse_mod(q, p)) + if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p)) return false; const size_t prob = (strong) ? 56 : 12; - if(!is_prime(p, rng, prob) || !is_prime(q, rng, prob)) + if(!is_prime(m_p, rng, prob) || !is_prime(m_q, rng, prob)) return false; return true; } diff --git a/src/lib/pubkey/if_algo/if_algo.h b/src/lib/pubkey/if_algo/if_algo.h index dec731af3..46dbd51a9 100644 --- a/src/lib/pubkey/if_algo/if_algo.h +++ b/src/lib/pubkey/if_algo/if_algo.h @@ -24,7 +24,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key const secure_vector<byte>& key_bits); IF_Scheme_PublicKey(const BigInt& n, const BigInt& e) : - n(n), e(e) {} + m_n(n), m_e(e) {} bool check_key(RandomNumberGenerator& rng, bool) const override; @@ -35,21 +35,21 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key /** * @return public modulus */ - const BigInt& get_n() const { return n; } + const BigInt& get_n() const { return m_n; } /** * @return public exponent */ - const BigInt& get_e() const { return e; } + const BigInt& get_e() const { return m_e; } - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } size_t estimated_strength() const override; protected: IF_Scheme_PublicKey() {} - BigInt n, e; + BigInt m_n, m_e; }; /** @@ -76,30 +76,30 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, * Get the first prime p. * @return prime p */ - const BigInt& get_p() const { return p; } + const BigInt& get_p() const { return m_p; } /** * Get the second prime q. * @return prime q */ - const BigInt& get_q() const { return q; } + const BigInt& get_q() const { return m_q; } /** * Get d with exp * d = 1 mod (p - 1, q - 1). * @return d */ - const BigInt& get_d() const { return d; } + const BigInt& get_d() const { return m_d; } - const BigInt& get_c() const { return c; } - const BigInt& get_d1() const { return d1; } - const BigInt& get_d2() const { return d2; } + const BigInt& get_c() const { return m_c; } + const BigInt& get_d1() const { return m_d1; } + const BigInt& get_d2() const { return m_d2; } secure_vector<byte> pkcs8_private_key() const override; protected: IF_Scheme_PrivateKey() {} - BigInt d, p, q, d1, d2, c; + BigInt m_d, m_p, m_q, m_d1, m_d2, m_c; }; } diff --git a/src/lib/pubkey/keypair/keypair.cpp b/src/lib/pubkey/keypair/keypair.cpp index ef211ffd4..0f5a48541 100644 --- a/src/lib/pubkey/keypair/keypair.cpp +++ b/src/lib/pubkey/keypair/keypair.cpp @@ -59,7 +59,7 @@ bool signature_consistency_check(RandomNumberGenerator& rng, { signature = signer.sign_message(message, rng); } - catch(Encoding_Error) + catch(Encoding_Error&) { return false; } diff --git a/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp b/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp index 3a377a447..acae036db 100644 --- a/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp +++ b/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp @@ -95,7 +95,7 @@ secure_vector<gf2m> find_roots_gf2m_decomp(const polyn_gf2m & polyn, u32bit code } gf2m_decomp_rootfind_state::gf2m_decomp_rootfind_state(const polyn_gf2m & polyn, u32bit the_code_length) : - code_length(the_code_length) + code_length(the_code_length), m_j(0), m_j_gray(0) { gf2m coeff_3; gf2m coeff_head; @@ -105,7 +105,7 @@ gf2m_decomp_rootfind_state::gf2m_decomp_rootfind_state(const polyn_gf2m & polyn, { throw Internal_Error("Unexpected degree in gf2m_decomp_rootfind_state"); } - this->m_j = 0; + coeff_3 = polyn.get_coef( 3); coeff_head = polyn.get_coef( deg_sigma); /* dummy value for SCA CM */ if(coeff_3 != 0) @@ -238,10 +238,9 @@ gf2m gf2m_decomp_rootfind_state::calc_Fxj_j_neq_0( const polyn_gf2m & sigma, gf2 gf2m sum = 0; u32bit i; std::shared_ptr<GF2m_Field> sp_field = sigma.get_sp_field(); - gf2m xl_j_tt_5i, xl_j_tt_5, xl_gray_tt_3; const gf2m jl_gray = sp_field->gf_l_from_n(j_gray); - xl_j_tt_5 = sp_field->gf_square_rr(jl_gray); - xl_gray_tt_3 = sp_field->gf_mul_rrr(xl_j_tt_5, jl_gray); + gf2m xl_j_tt_5 = sp_field->gf_square_rr(jl_gray); + gf2m xl_gray_tt_3 = sp_field->gf_mul_rrr(xl_j_tt_5, jl_gray); xl_j_tt_5 = sp_field->gf_mul_rrr(xl_j_tt_5, xl_gray_tt_3); @@ -253,13 +252,16 @@ gf2m gf2m_decomp_rootfind_state::calc_Fxj_j_neq_0( const polyn_gf2m & sigma, gf2 /* treat i = 0 special: */ sum ^= this->m_Aij[0]; /* treat i = 1 special also */ + if(this->m_outer_summands > 1) { gf2m x; - xl_j_tt_5i = xl_j_tt_5; x = sp_field->gf_mul_zrz(xl_j_tt_5, this->m_Aij[1]); /* x_j^{5i} A_i^j */ sum ^= x; } + + gf2m xl_j_tt_5i = xl_j_tt_5; + for(i = 2; i < this->m_outer_summands; i++) { gf2m x; @@ -273,7 +275,9 @@ gf2m gf2m_decomp_rootfind_state::calc_Fxj_j_neq_0( const polyn_gf2m & sigma, gf2 secure_vector<gf2m> gf2m_decomp_rootfind_state::find_roots(const polyn_gf2m & sigma) { - secure_vector<gf2m> result(sigma.get_degree()); + const int sigma_degree = sigma.get_degree(); + BOTAN_ASSERT(sigma_degree > 0, "Valid sigma"); + secure_vector<gf2m> result(sigma_degree); u32bit root_pos = 0; this->calc_Ai_zero(sigma); diff --git a/src/lib/pubkey/mce/gf2m_small_m.h b/src/lib/pubkey/mce/gf2m_small_m.h index 6a8de4424..0b27a82e3 100644 --- a/src/lib/pubkey/mce/gf2m_small_m.h +++ b/src/lib/pubkey/mce/gf2m_small_m.h @@ -25,7 +25,7 @@ typedef u16bit gf2m; class BOTAN_DLL GF2m_Field { public: - GF2m_Field(size_t extdeg); + explicit GF2m_Field(size_t extdeg); gf2m gf_mul(gf2m x, gf2m y) const { diff --git a/src/lib/pubkey/mce/goppa_code.cpp b/src/lib/pubkey/mce/goppa_code.cpp index 02908aa4f..2657beee9 100644 --- a/src/lib/pubkey/mce/goppa_code.cpp +++ b/src/lib/pubkey/mce/goppa_code.cpp @@ -96,8 +96,9 @@ secure_vector<gf2m> goppa_decode(const polyn_gf2m & syndrom_polyn, sigma.set_coef(2*i, sp_field->gf_square(u.get_coef(i))); } - const size_t v_deg = v.get_degree(); - for(size_t i = 0; i <= v_deg; ++i) + const int v_deg = v.get_degree(); + BOTAN_ASSERT(v_deg > 0, "Valid degree"); + for(int i = 0; i <= v_deg; ++i) { sigma.set_coef(2*i+1, sp_field->gf_square(v.get_coef(i))); } diff --git a/src/lib/pubkey/mce/info.txt b/src/lib/pubkey/mce/info.txt index 1e9b848dd..bb0f06764 100644 --- a/src/lib/pubkey/mce/info.txt +++ b/src/lib/pubkey/mce/info.txt @@ -1,7 +1,6 @@ define MCELIECE 20150922 <header:public> -mce_kem.h mceliece.h polyn_gf2m.h gf2m_small_m.h diff --git a/src/lib/pubkey/mce/mce_kem.cpp b/src/lib/pubkey/mce/mce_kem.cpp deleted file mode 100644 index dede67731..000000000 --- a/src/lib/pubkey/mce/mce_kem.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/** - * (C) 2014 cryptosource GmbH - * (C) 2014 Falko Strenzke [email protected] - * - * Botan is released under the Simplified BSD License (see license.txt) - * - */ - -#include <botan/mce_kem.h> -#include <botan/internal/mce_internal.h> -#include <botan/sha2_64.h> - -namespace Botan { - -McEliece_KEM_Encryptor::McEliece_KEM_Encryptor(const McEliece_PublicKey& public_key) : - m_key(public_key) - { - } - -std::pair<secure_vector<byte>, secure_vector<byte>> -McEliece_KEM_Encryptor::encrypt(RandomNumberGenerator& rng) - { - const secure_vector<byte> plaintext = m_key.random_plaintext_element(rng); - - secure_vector<byte> ciphertext, error_mask; - mceliece_encrypt(ciphertext, error_mask, plaintext, m_key, rng); - - SHA_512 hash; - hash.update(plaintext); - hash.update(error_mask); - secure_vector<byte> sym_key = hash.final(); - - return std::make_pair(ciphertext, sym_key); - } - -McEliece_KEM_Decryptor::McEliece_KEM_Decryptor(const McEliece_PrivateKey& key) : m_key(key) { } - -secure_vector<Botan::byte> McEliece_KEM_Decryptor::decrypt(const byte msg[], size_t msg_len) - { - secure_vector<byte> plaintext, error_mask; - mceliece_decrypt(plaintext, error_mask, msg, msg_len, m_key); - - SHA_512 hash; - hash.update(plaintext); - hash.update(error_mask); - - secure_vector<byte> sym_key = hash.final(); - return sym_key; - } - -} diff --git a/src/lib/pubkey/mce/mce_kem.h b/src/lib/pubkey/mce/mce_kem.h deleted file mode 100644 index cd899d568..000000000 --- a/src/lib/pubkey/mce/mce_kem.h +++ /dev/null @@ -1,55 +0,0 @@ -/** - * (C) 2014 cryptosource GmbH - * (C) 2014 Falko Strenzke [email protected] - * - * Botan is released under the Simplified BSD License (see license.txt) - * - */ - -#ifndef BOTAN_MCE_KEM_H__ -#define BOTAN_MCE_KEM_H__ - -#include <botan/mceliece.h> -#include <utility> - -namespace Botan { - -class BOTAN_DLL McEliece_KEM_Encryptor - { - public: - McEliece_KEM_Encryptor(const McEliece_PublicKey& public_key); - - /** - * returns the pair (mceliece ciphertext, symmetric key) - */ - std::pair<secure_vector<byte>, secure_vector<byte>> encrypt(RandomNumberGenerator& rng); - - private: - const McEliece_PublicKey& m_key; - }; - -class BOTAN_DLL McEliece_KEM_Decryptor - { - public: - McEliece_KEM_Decryptor(const McEliece_PrivateKey& mce_key); - - /** - * returns the derived 512-bit symmetric key - */ - secure_vector<Botan::byte> decrypt(const byte msg[], size_t msg_len); - - /** - * returns the derived 512-bit symmetric key - */ - template<typename Alloc> - secure_vector<Botan::byte> decrypt_vec(const std::vector<byte, Alloc>& v) - { - return decrypt(v.data(), v.size()); - } - - private: - const McEliece_PrivateKey& m_key; - }; -} - -#endif diff --git a/src/lib/pubkey/mce/mceliece.h b/src/lib/pubkey/mce/mceliece.h index ead326230..311f0f253 100644 --- a/src/lib/pubkey/mce/mceliece.h +++ b/src/lib/pubkey/mce/mceliece.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_DLL McEliece_PublicKey : public virtual Public_Key { public: - McEliece_PublicKey(const std::vector<byte>& key_bits); + explicit McEliece_PublicKey(const std::vector<byte>& key_bits); McEliece_PublicKey(std::vector<byte> const& pub_matrix, u32bit the_t, u32bit the_code_length) : m_public_matrix(pub_matrix), @@ -59,7 +59,7 @@ class BOTAN_DLL McEliece_PublicKey : public virtual Public_Key bool operator!=(const McEliece_PublicKey& other) const { return !(*this == other); } protected: - McEliece_PublicKey() {} + McEliece_PublicKey() : m_t(0), m_code_length(0) {} std::vector<byte> m_public_matrix; u32bit m_t; @@ -90,7 +90,7 @@ class BOTAN_DLL McEliece_PrivateKey : public virtual McEliece_PublicKey, */ McEliece_PrivateKey(RandomNumberGenerator& rng, size_t code_length, size_t t); - McEliece_PrivateKey(const secure_vector<byte>& key_bits); + explicit McEliece_PrivateKey(const secure_vector<byte>& key_bits); McEliece_PrivateKey(polyn_gf2m const& goppa_polyn, std::vector<u32bit> const& parity_check_matrix_coeffs, diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index 8edbbf88a..455d1f381 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -4,6 +4,7 @@ * * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] + * (C) 2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) * @@ -13,6 +14,8 @@ #include <botan/internal/mce_internal.h> #include <botan/internal/bit_ops.h> #include <botan/internal/code_based_util.h> +#include <botan/internal/pk_ops_impl.h> +#include <botan/internal/pk_utils.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -292,6 +295,68 @@ bool McEliece_PublicKey::operator==(const McEliece_PublicKey& other) const return true; } +namespace { + +class MCE_KEM_Encryptor : public PK_Ops::KEM_Encryption_with_KDF + { + public: + typedef McEliece_PublicKey Key_Type; + + MCE_KEM_Encryptor(const McEliece_PublicKey& key, + const std::string& kdf) : + KEM_Encryption_with_KDF(kdf), m_key(key) {} + + private: + void raw_kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& raw_shared_key, + Botan::RandomNumberGenerator& rng) override + { + secure_vector<byte> plaintext = m_key.random_plaintext_element(rng); + + secure_vector<byte> ciphertext, error_mask; + mceliece_encrypt(ciphertext, error_mask, plaintext, m_key, rng); + + raw_shared_key.clear(); + raw_shared_key += plaintext; + raw_shared_key += error_mask; + + out_encapsulated_key.swap(ciphertext); + } + + const McEliece_PublicKey& m_key; + }; + +class MCE_KEM_Decryptor : public PK_Ops::KEM_Decryption_with_KDF + { + public: + typedef McEliece_PrivateKey Key_Type; + + MCE_KEM_Decryptor(const McEliece_PrivateKey& key, + const std::string& kdf) : + KEM_Decryption_with_KDF(kdf), m_key(key) {} + + private: + secure_vector<byte> + raw_kem_decrypt(const byte encap_key[], size_t len) override + { + secure_vector<byte> plaintext, error_mask; + mceliece_decrypt(plaintext, error_mask, encap_key, len, m_key); + + secure_vector<byte> output; + output.reserve(plaintext.size() + error_mask.size()); + output.insert(output.end(), plaintext.begin(), plaintext.end()); + output.insert(output.end(), error_mask.begin(), error_mask.end()); + return output; + } + + const McEliece_PrivateKey& m_key; + }; + +BOTAN_REGISTER_PK_KEM_ENCRYPTION_OP("McEliece", MCE_KEM_Encryptor); +BOTAN_REGISTER_PK_KEM_DECRYPTION_OP("McEliece", MCE_KEM_Decryptor); + +} + } diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index ec60213db..e0d1c5a65 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -268,7 +268,11 @@ void polyn_gf2m::remainder(polyn_gf2m &p, const polyn_gf2m & g) if (d >= 0) { gf2m la = msp_field->gf_inv_rn(g.get_lead_coef()); - for (i = p.get_degree(); d >= 0; --i, --d) { + const int p_degree = p.get_degree(); + + BOTAN_ASSERT(p_degree > 0, "Valid polynomial"); + + for (i = p_degree; d >= 0; --i, --d) { if (p[i] != 0) { gf2m lb = msp_field->gf_mul_rrn(la, p[i]); for (j = 0; j < g.get_degree(); ++j) @@ -455,6 +459,8 @@ std::pair<polyn_gf2m, polyn_gf2m> polyn_gf2m::eea_with_coefficients( const polyn // r0 <- g, r1 <- p, u0 <- 0, u1 <- 1 dr = g.get_degree(); + BOTAN_ASSERT(dr > 3, "Valid polynomial"); + polyn_gf2m r0(dr, g.msp_field); polyn_gf2m r1(dr - 1, g.msp_field); polyn_gf2m u0(dr - 1, g.msp_field); @@ -638,40 +644,35 @@ polyn_gf2m::polyn_gf2m(int t, Botan::RandomNumberGenerator& rng, std::shared_ptr coeff(t+1), msp_field(sp_field) { - int i; (*this).set_coef( t, 1); - i = 0; - int m_deg; + int degree = 0; do { - for (i = 0; i < t; ++i) + for (int i = 0; i < t; ++i) { (*this).set_coef( i, random_code_element(sp_field->get_cardinality(), rng)); } - polyn_gf2m::degppf(*this, &m_deg); + polyn_gf2m::degppf(*this, °ree); } - while (m_deg < t); + while (degree < t); } void polyn_gf2m::poly_shiftmod( const polyn_gf2m & g) { - int i, t; - gf2m a; - - if(g.get_degree() <= 0) + if(g.get_degree() <= 1) { - throw Invalid_Argument("shiftmod cannot be called on polynomials of degree 0 or less"); + throw Invalid_Argument("shiftmod cannot be called on polynomials of degree 1 or less"); } - std::shared_ptr<GF2m_Field> msp_field = g.msp_field; + std::shared_ptr<GF2m_Field> field = g.msp_field; - t = g.get_degree(); - a = msp_field->gf_div(this->coeff[t-1], g.coeff[t]); - for (i = t - 1; i > 0; --i) + int t = g.get_degree(); + gf2m a = field->gf_div(this->coeff[t-1], g.coeff[t]); + for (int i = t - 1; i > 0; --i) { this->coeff[i] = this->coeff[i - 1] ^ this->msp_field->gf_mul(a, g.coeff[i]); } - this->coeff[0] = msp_field->gf_mul(a, g.coeff[0]); + this->coeff[0] = field->gf_mul(a, g.coeff[0]); } std::vector<polyn_gf2m> polyn_gf2m::sqrt_mod_init(const polyn_gf2m & g) diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 5d012f27b..62264e480 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -27,7 +27,7 @@ struct polyn_gf2m /** * create a zero polynomial: */ - polyn_gf2m( std::shared_ptr<GF2m_Field> sp_field ); + explicit polyn_gf2m( std::shared_ptr<GF2m_Field> sp_field ); polyn_gf2m() :m_deg(-1) @@ -147,8 +147,13 @@ struct polyn_gf2m static polyn_gf2m gcd_aux(polyn_gf2m& p1, polyn_gf2m& p2); public: + // public member variable: int m_deg; + + // public member variable: secure_vector<gf2m> coeff; + + // public member variable: std::shared_ptr<GF2m_Field> msp_field; }; diff --git a/src/lib/pubkey/mceies/info.txt b/src/lib/pubkey/mceies/info.txt index 547e4a47a..56363fe4f 100644 --- a/src/lib/pubkey/mceies/info.txt +++ b/src/lib/pubkey/mceies/info.txt @@ -4,4 +4,5 @@ define MCEIES 20150706 aes mce ocb +kdf1 </requires> diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp index e83fa257e..95042e529 100644 --- a/src/lib/pubkey/mceies/mceies.cpp +++ b/src/lib/pubkey/mceies/mceies.cpp @@ -8,7 +8,7 @@ #include <botan/mceies.h> #include <botan/aead.h> #include <botan/mceliece.h> -#include <botan/mce_kem.h> +#include <botan/pubkey.h> namespace Botan { @@ -36,11 +36,10 @@ mceies_encrypt(const McEliece_PublicKey& pubkey, RandomNumberGenerator& rng, const std::string& algo) { - McEliece_KEM_Encryptor kem_op(pubkey); + PK_KEM_Encryptor kem_op(pubkey, "KDF1(SHA-512)"); - const std::pair<secure_vector<byte>,secure_vector<byte>> mce_ciphertext__key = kem_op.encrypt(rng); - const secure_vector<byte>& mce_ciphertext = mce_ciphertext__key.first; - const secure_vector<byte>& mce_key = mce_ciphertext__key.second; + secure_vector<byte> mce_ciphertext, mce_key; + kem_op.encrypt(mce_ciphertext, mce_key, 64, rng); const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8; @@ -75,7 +74,7 @@ mceies_decrypt(const McEliece_PrivateKey& privkey, { try { - McEliece_KEM_Decryptor kem_op(privkey); + PK_KEM_Decryptor kem_op(privkey, "KDF1(SHA-512)"); const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8; @@ -88,7 +87,7 @@ mceies_decrypt(const McEliece_PrivateKey& privkey, if(ct_len < mce_code_bytes + nonce_len + aead->tag_size()) throw Exception("Input message too small to be valid"); - const secure_vector<byte> mce_key = kem_op.decrypt(ct, mce_code_bytes); + const secure_vector<byte> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64); aead->set_key(aead_key(mce_key, *aead)); aead->set_associated_data(ad, ad_len); @@ -99,7 +98,7 @@ mceies_decrypt(const McEliece_PrivateKey& privkey, aead->finish(pt, 0); return pt; } - catch(Integrity_Failure) + catch(Integrity_Failure&) { throw; } diff --git a/src/lib/pubkey/nr/nr.cpp b/src/lib/pubkey/nr/nr.cpp index ed90c2345..5e2cb1be5 100644 --- a/src/lib/pubkey/nr/nr.cpp +++ b/src/lib/pubkey/nr/nr.cpp @@ -24,8 +24,8 @@ NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, */ NR_PublicKey::NR_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -35,13 +35,13 @@ NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x = BigInt::random_integer(rng, 2, group_q() - 1); + if(m_x == 0) + m_x = BigInt::random_integer(rng, 2, group_q() - 1); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -54,7 +54,7 @@ NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -64,7 +64,7 @@ NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, */ bool NR_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q()) + if(!DL_Scheme_PrivateKey::check_key(rng, strong) || m_x >= group_q()) return false; if(!strong) @@ -84,24 +84,24 @@ class NR_Signature_Operation : public PK_Ops::Signature_with_EMSA typedef NR_PrivateKey Key_Type; NR_Signature_Operation(const NR_PrivateKey& nr, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - q(nr.group_q()), - x(nr.get_x()), - powermod_g_p(nr.group_g(), nr.group_p()), - mod_q(nr.group_q()) + m_q(nr.group_q()), + m_x(nr.get_x()), + m_powermod_g_p(nr.group_g(), nr.group_p()), + m_mod_q(nr.group_q()) { } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return (q.bits() - 1); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return (m_q.bits() - 1); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& q; - const BigInt& x; - Fixed_Base_Power_Mod powermod_g_p; - Modular_Reducer mod_q; + const BigInt& m_q; + const BigInt& m_x; + Fixed_Base_Power_Mod m_powermod_g_p; + Modular_Reducer m_mod_q; }; secure_vector<byte> @@ -112,7 +112,7 @@ NR_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, BigInt f(msg, msg_len); - if(f >= q) + if(f >= m_q) throw Invalid_Argument("NR_Signature_Operation: Input is out of range"); BigInt c, d; @@ -121,14 +121,14 @@ NR_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt k; do - k.randomize(rng, q.bits()); - while(k >= q); + k.randomize(rng, m_q.bits()); + while(k >= m_q); - c = mod_q.reduce(powermod_g_p(k) + f); - d = mod_q.reduce(k - x * c); + c = m_mod_q.reduce(m_powermod_g_p(k) + f); + d = m_mod_q.reduce(k - m_x * c); } - secure_vector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*m_q.bytes()); c.binary_encode(&output[output.size() / 2 - c.bytes()]); d.binary_encode(&output[output.size() - d.bytes()]); return output; @@ -144,33 +144,30 @@ class NR_Verification_Operation : public PK_Ops::Verification_with_EMSA typedef NR_PublicKey Key_Type; NR_Verification_Operation(const NR_PublicKey& nr, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - q(nr.group_q()), y(nr.get_y()) - { - powermod_g_p = Fixed_Base_Power_Mod(nr.group_g(), nr.group_p()); - powermod_y_p = Fixed_Base_Power_Mod(y, nr.group_p()); - mod_p = Modular_Reducer(nr.group_p()); - mod_q = Modular_Reducer(nr.group_q()); - } + m_q(nr.group_q()), m_y(nr.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(nr.group_g(), nr.group_p())}, + m_powermod_y_p{Fixed_Base_Power_Mod(m_y, nr.group_p())}, m_mod_p{Modular_Reducer(nr.group_p())}, + m_mod_q{Modular_Reducer(nr.group_q())} + {} size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return (q.bits() - 1); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return (m_q.bits() - 1); } bool with_recovery() const override { return true; } secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; private: - const BigInt& q; - const BigInt& y; + const BigInt& m_q; + const BigInt& m_y; - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p, mod_q; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p, m_mod_q; }; secure_vector<byte> NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { - const BigInt& q = mod_q.get_modulus(); + const BigInt& q = m_mod_q.get_modulus(); if(msg_len != 2*q.bytes()) throw Invalid_Argument("NR verification: Invalid signature"); @@ -181,11 +178,11 @@ NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) if(c.is_zero() || c >= q || d >= q) throw Invalid_Argument("NR verification: Invalid signature"); - auto future_y_c = std::async(std::launch::async, powermod_y_p, c); - BigInt g_d = powermod_g_p(d); + auto future_y_c = std::async(std::launch::async, m_powermod_y_p, c); + BigInt g_d = m_powermod_g_p(d); - BigInt i = mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode_locked(mod_q.reduce(c - i)); + BigInt i = m_mod_p.multiply(g_d, future_y_c.get()); + return BigInt::encode_locked(m_mod_q.reduce(c - i)); } } diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index 635934037..ebaa0eb69 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -19,7 +19,7 @@ OID Public_Key::get_oid() const try { return OIDS::lookup(algo_name()); } - catch(Lookup_Error) + catch(Lookup_Error&) { throw Lookup_Error("PK algo " + algo_name() + " has no defined OIDs"); } diff --git a/src/lib/pubkey/pk_ops.cpp b/src/lib/pubkey/pk_ops.cpp index bc421eb90..81b087894 100644 --- a/src/lib/pubkey/pk_ops.cpp +++ b/src/lib/pubkey/pk_ops.cpp @@ -129,4 +129,47 @@ bool PK_Ops::Verification_with_EMSA::is_valid_signature(const byte sig[], size_t } } +void PK_Ops::KEM_Encryption_with_KDF::kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const uint8_t salt[], + size_t salt_len) + { + secure_vector<byte> raw_shared; + this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng); + + out_shared_key = m_kdf->derive_key(desired_shared_key_len, + raw_shared.data(), raw_shared.size(), + salt, salt_len); + } + +PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(const std::string& kdf) + { + m_kdf.reset(get_kdf(kdf)); + } + +PK_Ops::KEM_Encryption_with_KDF::~KEM_Encryption_with_KDF() {} + +secure_vector<byte> +PK_Ops::KEM_Decryption_with_KDF::kem_decrypt(const byte encap_key[], + size_t len, + size_t desired_shared_key_len, + const uint8_t salt[], + size_t salt_len) + { + secure_vector<byte> raw_shared = this->raw_kem_decrypt(encap_key, len); + + return m_kdf->derive_key(desired_shared_key_len, + raw_shared.data(), raw_shared.size(), + salt, salt_len); + } + +PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(const std::string& kdf) + { + m_kdf.reset(get_kdf(kdf)); + } + +PK_Ops::KEM_Decryption_with_KDF::~KEM_Decryption_with_KDF() {} + } diff --git a/src/lib/pubkey/pk_ops.h b/src/lib/pubkey/pk_ops.h index 3a2a8bdb5..6fc21ea4a 100644 --- a/src/lib/pubkey/pk_ops.h +++ b/src/lib/pubkey/pk_ops.h @@ -47,11 +47,13 @@ typedef PK_Spec<Private_Key> PK_Spec_Private_Key; class BOTAN_DLL Encryption { public: + typedef PK_Spec_Public_Key Spec; + virtual size_t max_input_bits() const = 0; - virtual secure_vector<byte> encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; - - typedef PK_Spec_Public_Key Spec; + virtual secure_vector<byte> encrypt(const byte msg[], + size_t msg_len, + RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} }; @@ -164,6 +166,38 @@ class BOTAN_DLL Key_Agreement virtual ~Key_Agreement() {} }; +/** +* KEM (key encapsulation) +*/ +class BOTAN_DLL KEM_Encryption + { + public: + typedef PK_Spec_Public_Key Spec; + + virtual void kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const uint8_t salt[], + size_t salt_len) = 0; + + virtual ~KEM_Encryption() {} + }; + +class BOTAN_DLL KEM_Decryption + { + public: + typedef PK_Spec_Private_Key Spec; + + virtual secure_vector<byte> kem_decrypt(const byte encap_key[], + size_t len, + size_t desired_shared_key_len, + const uint8_t salt[], + size_t salt_len) = 0; + + virtual ~KEM_Decryption() {} + }; + } } diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h index f27de4af4..9be65cf21 100644 --- a/src/lib/pubkey/pk_ops_impl.h +++ b/src/lib/pubkey/pk_ops_impl.h @@ -23,7 +23,7 @@ class Encryption_with_EME : public Encryption ~Encryption_with_EME(); protected: - Encryption_with_EME(const std::string& eme); + explicit Encryption_with_EME(const std::string& eme); private: virtual size_t max_raw_input_bits() const = 0; @@ -41,7 +41,7 @@ class Decryption_with_EME : public Decryption ~Decryption_with_EME(); protected: - Decryption_with_EME(const std::string& eme); + explicit Decryption_with_EME(const std::string& eme); private: virtual size_t max_raw_input_bits() const = 0; virtual secure_vector<byte> raw_decrypt(const byte msg[], size_t len) = 0; @@ -59,7 +59,7 @@ class Verification_with_EMSA : public Verification protected: - Verification_with_EMSA(const std::string& emsa); + explicit Verification_with_EMSA(const std::string& emsa); ~Verification_with_EMSA(); /** @@ -105,7 +105,7 @@ class Signature_with_EMSA : public Signature secure_vector<byte> sign(RandomNumberGenerator& rng) override; protected: - Signature_with_EMSA(const std::string& emsa); + explicit Signature_with_EMSA(const std::string& emsa); ~Signature_with_EMSA(); private: @@ -132,13 +132,53 @@ class Key_Agreement_with_KDF : public Key_Agreement const byte salt[], size_t salt_len) override; protected: - Key_Agreement_with_KDF(const std::string& kdf); + explicit Key_Agreement_with_KDF(const std::string& kdf); ~Key_Agreement_with_KDF(); private: virtual secure_vector<byte> raw_agree(const byte w[], size_t w_len) = 0; std::unique_ptr<KDF> m_kdf; }; +class KEM_Encryption_with_KDF : public KEM_Encryption + { + public: + void kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const uint8_t salt[], + size_t salt_len) override; + + protected: + virtual void raw_kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& raw_shared_key, + Botan::RandomNumberGenerator& rng) = 0; + + explicit KEM_Encryption_with_KDF(const std::string& kdf); + ~KEM_Encryption_with_KDF(); + private: + std::unique_ptr<KDF> m_kdf; + }; + +class KEM_Decryption_with_KDF : public KEM_Decryption + { + public: + secure_vector<byte> kem_decrypt(const byte encap_key[], + size_t len, + size_t desired_shared_key_len, + const uint8_t salt[], + size_t salt_len) override; + + protected: + virtual secure_vector<byte> + raw_kem_decrypt(const byte encap_key[], size_t len) = 0; + + explicit KEM_Decryption_with_KDF(const std::string& kdf); + ~KEM_Decryption_with_KDF(); + private: + std::unique_ptr<KDF> m_kdf; + }; + } } diff --git a/src/lib/pubkey/pk_utils.h b/src/lib/pubkey/pk_utils.h index 326a6ea68..04a0bf5ca 100644 --- a/src/lib/pubkey/pk_utils.h +++ b/src/lib/pubkey/pk_utils.h @@ -32,6 +32,9 @@ OP* make_pk_op(const typename T::Spec& spec) #define BOTAN_REGISTER_PK_VERIFY_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Verification, NAME, TYPE) #define BOTAN_REGISTER_PK_KEY_AGREE_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Key_Agreement, NAME, TYPE) +#define BOTAN_REGISTER_PK_KEM_ENCRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::KEM_Encryption, NAME, TYPE) +#define BOTAN_REGISTER_PK_KEM_DECRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::KEM_Decryption, NAME, TYPE) + } #endif diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 92157a196..ddf9be2f0 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -44,19 +44,39 @@ secure_vector<byte> PKCS8_extract(DataSource& source, secure_vector<byte> PKCS8_decode( DataSource& source, std::function<std::string ()> get_passphrase, - AlgorithmIdentifier& pk_alg_id) + AlgorithmIdentifier& pk_alg_id, + bool is_encrypted) { AlgorithmIdentifier pbe_alg_id; secure_vector<byte> key_data, key; - bool is_encrypted = true; try { if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) - key_data = PKCS8_extract(source, pbe_alg_id); + { + if ( is_encrypted ) + { + key_data = PKCS8_extract(source, pbe_alg_id); + } + else + { + // todo read more efficiently + while ( !source.end_of_data() ) + { + byte b; + size_t read = source.read_byte( b ); + if ( read ) + { + key_data.push_back( b ); + } + } + } + } else { std::string label; key_data = PEM_Code::decode(source, label); + + // todo remove autodetect for pem as well? if(label == "PRIVATE KEY") is_encrypted = false; else if(label == "ENCRYPTED PRIVATE KEY") @@ -133,7 +153,7 @@ namespace { std::pair<std::string, std::string> choose_pbe_params(const std::string& pbe_algo, const std::string& key_algo) { - if(pbe_algo == "") + if(pbe_algo.empty()) { // Defaults: if(key_algo == "Curve25519" || key_algo == "McEliece") @@ -182,54 +202,79 @@ std::string PEM_encode(const Private_Key& key, std::chrono::milliseconds msec, const std::string& pbe_algo) { - if(pass == "") + if(pass.empty()) return PEM_encode(key); return PEM_Code::encode(PKCS8::BER_encode(key, rng, pass, msec, pbe_algo), "ENCRYPTED PRIVATE KEY"); } +namespace { + /* -* Extract a private key and return it +* Extract a private key (encrypted/unencrypted) and return it */ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, - std::function<std::string ()> get_pass) + std::function<std::string ()> get_pass, + bool is_encrypted) { AlgorithmIdentifier alg_id; - secure_vector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id); + secure_vector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); const std::string alg_name = OIDS::lookup(alg_id.oid); - if(alg_name == "" || alg_name == alg_id.oid.as_string()) + if(alg_name.empty() || alg_name == alg_id.oid.as_string()) throw PKCS8_Exception("Unknown algorithm OID: " + alg_id.oid.as_string()); return make_private_key(alg_id, pkcs8_key, rng); } +} + /* -* Extract a private key and return it +* Extract an encrypted private key and return it */ -Private_Key* load_key(const std::string& fsname, +Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, std::function<std::string ()> get_pass) { - DataSource_Stream source(fsname, true); - return PKCS8::load_key(source, rng, get_pass); + return load_key(source, rng, get_pass, true); } /* -* Extract a private key and return it +* Extract an encrypted private key and return it */ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(source, rng, [pass]() { return pass; }); + return load_key(source, rng, [pass]() { return pass; }, true); + } + +/* +* Extract an unencrypted private key and return it +*/ +Private_Key* load_key(DataSource& source, + RandomNumberGenerator& rng) + { + return load_key(source, rng, []() -> std::string { + throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false); + } + +/* +* Extract an encrypted private key and return it +*/ +Private_Key* load_key(const std::string& fsname, + RandomNumberGenerator& rng, + std::function<std::string ()> get_pass) + { + DataSource_Stream source(fsname, true); + return load_key(source, rng, get_pass, true); } /* -* Extract a private key and return it +* Extract an encrypted private key and return it */ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, @@ -239,6 +284,17 @@ Private_Key* load_key(const std::string& fsname, } /* +* Extract an unencrypted private key and return it +*/ +Private_Key* load_key(const std::string& fsname, + RandomNumberGenerator& rng) + { + DataSource_Stream source(fsname, true); + return load_key(source, rng, []() -> std::string { + throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false); + } + +/* * Make a copy of this private key */ Private_Key* copy_key(const Private_Key& key, diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h index ac037407e..791a612df 100644 --- a/src/lib/pubkey/pkcs8.h +++ b/src/lib/pubkey/pkcs8.h @@ -19,7 +19,7 @@ namespace Botan { */ struct BOTAN_DLL PKCS8_Exception : public Decoding_Error { - PKCS8_Exception(const std::string& error) : + explicit PKCS8_Exception(const std::string& error) : Decoding_Error("PKCS #8: " + error) {} }; @@ -80,50 +80,62 @@ PEM_encode(const Private_Key& key, const std::string& pbe_algo = ""); /** -* Load a key from a data source. +* Load an encrypted key from a data source. * @param source the data source providing the encoded key * @param rng the rng to use * @param get_passphrase a function that returns passphrases * @return loaded private key object */ -BOTAN_DLL Private_Key* load_key( - DataSource& source, - RandomNumberGenerator& rng, - std::function<std::string ()> get_passphrase); +BOTAN_DLL Private_Key* load_key(DataSource& source, + RandomNumberGenerator& rng, + std::function<std::string ()> get_passphrase); -/** Load a key from a data source. +/** Load an encrypted key from a data source. * @param source the data source providing the encoded key * @param rng the rng to use -* @param pass the passphrase to decrypt the key. Provide an empty -* string if the key is not encrypted +* @param pass the passphrase to decrypt the key * @return loaded private key object */ BOTAN_DLL Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, - const std::string& pass = ""); + const std::string& pass); + +/** Load an unencrypted key from a data source. +* @param source the data source providing the encoded key +* @param rng the rng to use +* @return loaded private key object +*/ +BOTAN_DLL Private_Key* load_key(DataSource& source, + RandomNumberGenerator& rng); /** -* Load a key from a file. +* Load an encrypted key from a file. * @param filename the path to the file containing the encoded key * @param rng the rng to use * @param get_passphrase a function that returns passphrases * @return loaded private key object */ -BOTAN_DLL Private_Key* load_key( - const std::string& filename, - RandomNumberGenerator& rng, - std::function<std::string ()> get_passphrase); +BOTAN_DLL Private_Key* load_key(const std::string& filename, + RandomNumberGenerator& rng, + std::function<std::string ()> get_passphrase); -/** Load a key from a file. +/** Load an encrypted key from a file. * @param filename the path to the file containing the encoded key * @param rng the rng to use -* @param pass the passphrase to decrypt the key. Provide an empty -* string if the key is not encrypted +* @param pass the passphrase to decrypt the key * @return loaded private key object */ BOTAN_DLL Private_Key* load_key(const std::string& filename, RandomNumberGenerator& rng, - const std::string& pass = ""); + const std::string& pass); + +/** Load an unencrypted key from a file. +* @param filename the path to the file containing the encoded key +* @param rng the rng to use +* @return loaded private key object +*/ +BOTAN_DLL Private_Key* load_key(const std::string& filename, + RandomNumberGenerator& rng); /** * Copy an existing encoded key object. diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index b9923f54b..d3b711f1e 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -22,7 +22,7 @@ T* get_pk_op(const std::string& what, const Key& key, const std::string& pad, return p; const std::string err = what + " with " + key.algo_name() + "/" + pad + " not supported"; - if(provider != "") + if(!provider.empty()) throw Lookup_Error(err + " with provider " + provider); else throw Lookup_Error(err); @@ -59,9 +59,51 @@ secure_vector<byte> PK_Decryptor_EME::dec(const byte msg[], size_t length) const return m_op->decrypt(msg, length); } -PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key, const std::string& kdf) +PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key, + const std::string& param, + const std::string& provider) + { + m_op.reset(get_pk_op<PK_Ops::KEM_Encryption>("KEM", key, param, provider)); + } + +void PK_KEM_Encryptor::encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const uint8_t salt[], + size_t salt_len) + { + m_op->kem_encrypt(out_encapsulated_key, + out_shared_key, + desired_shared_key_len, + rng, + salt, + salt_len); + } + +PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key, + const std::string& param, + const std::string& provider) + { + m_op.reset(get_pk_op<PK_Ops::KEM_Decryption>("KEM", key, param, provider)); + } + +secure_vector<byte> PK_KEM_Decryptor::decrypt(const byte encap_key[], + size_t encap_key_len, + size_t desired_shared_key_len, + const uint8_t salt[], + size_t salt_len) + { + return m_op->kem_decrypt(encap_key, encap_key_len, + desired_shared_key_len, + salt, salt_len); + } + +PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key, + const std::string& kdf, + const std::string& provider) { - m_op.reset(get_pk_op<PK_Ops::Key_Agreement>("Key agreement", key, kdf)); + m_op.reset(get_pk_op<PK_Ops::Key_Agreement>("Key agreement", key, kdf, provider)); } SymmetricKey PK_Key_Agreement::derive_key(size_t key_len, @@ -189,7 +231,7 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) throw Decoding_Error("PK_Verifier: Unknown signature format " + std::to_string(m_sig_format)); } - catch(Invalid_Argument) { return false; } + catch(Invalid_Argument&) { return false; } } } diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h index 637e522e4..bfcde2190 100644 --- a/src/lib/pubkey/pubkey.h +++ b/src/lib/pubkey/pubkey.h @@ -325,8 +325,11 @@ class BOTAN_DLL PK_Key_Agreement * Construct a PK Key Agreement. * @param key the key to use * @param kdf name of the KDF to use (or 'Raw' for no KDF) + * @param provider the algo provider to use (or empty for default) */ - PK_Key_Agreement(const Private_Key& key, const std::string& kdf); + PK_Key_Agreement(const Private_Key& key, + const std::string& kdf, + const std::string& provider = ""); /* * Perform Key Agreement Operation @@ -438,6 +441,87 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor std::unique_ptr<PK_Ops::Decryption> m_op; }; +class BOTAN_DLL PK_KEM_Encryptor + { + public: + PK_KEM_Encryptor(const Public_Key& key, + const std::string& kem_param = "", + const std::string& provider = ""); + + void encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const uint8_t salt[], + size_t salt_len); + + template<typename Alloc> + void encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng, + const std::vector<uint8_t, Alloc>& salt) + { + this->encrypt(out_encapsulated_key, + out_shared_key, + desired_shared_key_len, + rng, + salt.data(), salt.size()); + } + + void encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& out_shared_key, + size_t desired_shared_key_len, + Botan::RandomNumberGenerator& rng) + { + this->encrypt(out_encapsulated_key, + out_shared_key, + desired_shared_key_len, + rng, + nullptr, + 0); + } + + private: + std::unique_ptr<PK_Ops::KEM_Encryption> m_op; + }; + +class BOTAN_DLL PK_KEM_Decryptor + { + public: + PK_KEM_Decryptor(const Private_Key& key, + const std::string& kem_param = "", + const std::string& provider = ""); + + secure_vector<byte> decrypt(const byte encap_key[], + size_t encap_key_len, + size_t desired_shared_key_len, + const uint8_t salt[], + size_t salt_len); + + secure_vector<byte> decrypt(const byte encap_key[], + size_t encap_key_len, + size_t desired_shared_key_len) + { + return this->decrypt(encap_key, encap_key_len, + desired_shared_key_len, + nullptr, 0); + } + + template<typename Alloc1, typename Alloc2> + secure_vector<byte> decrypt(const std::vector<byte, Alloc1>& encap_key, + size_t desired_shared_key_len, + const std::vector<byte, Alloc2>& salt) + { + return this->decrypt(encap_key.data(), encap_key.size(), + desired_shared_key_len, + salt.data(), salt.size()); + } + + private: + std::unique_ptr<PK_Ops::KEM_Decryption> m_op; + }; + } #endif diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 5804d0034..eb9fc2892 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -1,6 +1,6 @@ /* * RSA -* (C) 1999-2010 Jack Lloyd +* (C) 1999-2010,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -27,19 +27,19 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, if(exp < 3 || exp % 2 == 0) throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); - e = exp; + m_e = exp; do { - p = random_prime(rng, (bits + 1) / 2, e); - q = random_prime(rng, bits - p.bits(), e); - n = p * q; - } while(n.bits() != bits); + m_p = random_prime(rng, (bits + 1) / 2, m_e); + m_q = random_prime(rng, bits - m_p.bits(), m_e); + m_n = m_p * m_q; + } while(m_n.bits() != bits); - d = inverse_mod(e, lcm(p - 1, q - 1)); - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1)); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); + m_c = inverse_mod(m_q, m_p); gen_check(rng); } @@ -55,7 +55,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(!strong) return true; - if((e * d) % lcm(p - 1, q - 1) != 1) + if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1) return false; return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)"); @@ -69,25 +69,25 @@ namespace { class RSA_Private_Operation { protected: - size_t get_max_input_bits() const { return (n.bits() - 1); } + size_t get_max_input_bits() const { return (m_n.bits() - 1); } - RSA_Private_Operation(const RSA_PrivateKey& rsa) : - n(rsa.get_n()), - q(rsa.get_q()), - c(rsa.get_c()), + explicit RSA_Private_Operation(const RSA_PrivateKey& rsa) : + m_n(rsa.get_n()), + m_q(rsa.get_q()), + m_c(rsa.get_c()), m_powermod_e_n(rsa.get_e(), rsa.get_n()), m_powermod_d1_p(rsa.get_d1(), rsa.get_p()), m_powermod_d2_q(rsa.get_d2(), rsa.get_q()), m_mod_p(rsa.get_p()), - m_blinder(n, + m_blinder(m_n, [this](const BigInt& k) { return m_powermod_e_n(k); }, - [this](const BigInt& k) { return inverse_mod(k, n); }) + [this](const BigInt& k) { return inverse_mod(k, m_n); }) { } BigInt blinded_private_op(const BigInt& m) const { - if(m >= n) + if(m >= m_n) throw Invalid_Argument("RSA private op - input is too large"); return m_blinder.unblind(private_op(m_blinder.blind(m))); @@ -99,14 +99,14 @@ class RSA_Private_Operation BigInt j2 = m_powermod_d2_q(m); BigInt j1 = future_j1.get(); - j1 = m_mod_p.reduce(sub_mul(j1, j2, c)); + j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); - return mul_add(j1, q, j2); + return mul_add(j1, m_q, j2); } - const BigInt& n; - const BigInt& q; - const BigInt& c; + const BigInt& m_n; + const BigInt& m_q; + const BigInt& m_c; Fixed_Exponent_Power_Mod m_powermod_e_n, m_powermod_d1_p, m_powermod_d2_q; Modular_Reducer m_mod_p; Blinder m_blinder; @@ -133,7 +133,7 @@ class RSA_Signature_Operation : public PK_Ops::Signature_with_EMSA, const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA sign consistency check"); - return BigInt::encode_1363(x, n.bytes()); + return BigInt::encode_1363(x, m_n.bytes()); } }; @@ -156,33 +156,58 @@ class RSA_Decryption_Operation : public PK_Ops::Decryption_with_EME, const BigInt m(msg, msg_len); const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); - BOTAN_ASSERT(m == c, "RSA sign consistency check"); + BOTAN_ASSERT(m == c, "RSA decrypt consistency check"); return BigInt::encode_locked(x); } }; +class RSA_KEM_Decryption_Operation : public PK_Ops::KEM_Decryption_with_KDF, + private RSA_Private_Operation + { + public: + typedef RSA_PrivateKey Key_Type; + + RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key, + const std::string& kdf) : + PK_Ops::KEM_Decryption_with_KDF(kdf), + RSA_Private_Operation(key) + {} + + secure_vector<byte> + raw_kem_decrypt(const byte encap_key[], size_t len) override + { + const BigInt m(encap_key, len); + const BigInt x = blinded_private_op(m); + const BigInt c = m_powermod_e_n(x); + BOTAN_ASSERT(m == c, "RSA KEM consistency check"); + return BigInt::encode_1363(x, m_n.bytes()); + } + }; + /** * RSA public (encrypt/verify) operation */ class RSA_Public_Operation { public: - RSA_Public_Operation(const RSA_PublicKey& rsa) : - n(rsa.get_n()), powermod_e_n(rsa.get_e(), rsa.get_n()) + explicit RSA_Public_Operation(const RSA_PublicKey& rsa) : + m_n(rsa.get_n()), m_powermod_e_n(rsa.get_e(), rsa.get_n()) {} - size_t get_max_input_bits() const { return (n.bits() - 1); } + size_t get_max_input_bits() const { return (m_n.bits() - 1); } protected: BigInt public_op(const BigInt& m) const { - if(m >= n) + if(m >= m_n) throw Invalid_Argument("RSA public op - input is too large"); - return powermod_e_n(m); + return m_powermod_e_n(m); } - const BigInt& n; - Fixed_Exponent_Power_Mod powermod_e_n; + const BigInt& get_n() const { return m_n; } + + const BigInt& m_n; + Fixed_Exponent_Power_Mod m_powermod_e_n; }; class RSA_Encryption_Operation : public PK_Ops::Encryption_with_EME, @@ -203,7 +228,7 @@ class RSA_Encryption_Operation : public PK_Ops::Encryption_with_EME, RandomNumberGenerator&) override { BigInt m(msg, msg_len); - return BigInt::encode_1363(public_op(m), n.bytes()); + return BigInt::encode_1363(public_op(m), m_n.bytes()); } }; @@ -230,11 +255,40 @@ class RSA_Verify_Operation : public PK_Ops::Verification_with_EMSA, } }; +class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF, + private RSA_Public_Operation + { + public: + typedef RSA_PublicKey Key_Type; + + RSA_KEM_Encryption_Operation(const RSA_PublicKey& key, + const std::string& kdf) : + PK_Ops::KEM_Encryption_with_KDF(kdf), + RSA_Public_Operation(key) {} + + private: + void raw_kem_encrypt(secure_vector<byte>& out_encapsulated_key, + secure_vector<byte>& raw_shared_key, + Botan::RandomNumberGenerator& rng) override + { + const BigInt r = BigInt::random_integer(rng, 1, get_n()); + const BigInt c = public_op(r); + + out_encapsulated_key = BigInt::encode_locked(c); + raw_shared_key = BigInt::encode_locked(r); + } + }; + + BOTAN_REGISTER_PK_ENCRYPTION_OP("RSA", RSA_Encryption_Operation); BOTAN_REGISTER_PK_DECRYPTION_OP("RSA", RSA_Decryption_Operation); + BOTAN_REGISTER_PK_SIGNATURE_OP("RSA", RSA_Signature_Operation); BOTAN_REGISTER_PK_VERIFY_OP("RSA", RSA_Verify_Operation); +BOTAN_REGISTER_PK_KEM_ENCRYPTION_OP("RSA", RSA_KEM_Encryption_Operation); +BOTAN_REGISTER_PK_KEM_DECRYPTION_OP("RSA", RSA_KEM_Decryption_Operation); + } } diff --git a/src/lib/pubkey/rw/rw.cpp b/src/lib/pubkey/rw/rw.cpp index aa92578af..bf6b647a1 100644 --- a/src/lib/pubkey/rw/rw.cpp +++ b/src/lib/pubkey/rw/rw.cpp @@ -28,19 +28,19 @@ RW_PrivateKey::RW_PrivateKey(RandomNumberGenerator& rng, if(exp < 2 || exp % 2 == 1) throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); - e = exp; + m_e = exp; do { - p = random_prime(rng, (bits + 1) / 2, e / 2, 3, 4); - q = random_prime(rng, bits - p.bits(), e / 2, ((p % 8 == 3) ? 7 : 3), 8); - n = p * q; - } while(n.bits() != bits); + m_p = random_prime(rng, (bits + 1) / 2, m_e / 2, 3, 4); + m_q = random_prime(rng, bits - m_p.bits(), m_e / 2, ((m_p % 8 == 3) ? 7 : 3), 8); + m_n = m_p * m_q; + } while(m_n.bits() != bits); - d = inverse_mod(e, lcm(p - 1, q - 1) >> 1); - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1) >> 1); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); + m_c = inverse_mod(m_q, m_p); gen_check(rng); } @@ -56,7 +56,7 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(!strong) return true; - if((e * d) % (lcm(p - 1, q - 1) / 2) != 1) + if((m_e * m_d) % (lcm(m_p - 1, m_q - 1) / 2) != 1) return false; return KeyPair::signature_consistency_check(rng, *this, "EMSA2(SHA-1)"); @@ -75,32 +75,32 @@ class RW_Signature_Operation : public PK_Ops::Signature_with_EMSA RW_Signature_Operation(const RW_PrivateKey& rw, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - n(rw.get_n()), - e(rw.get_e()), - q(rw.get_q()), - c(rw.get_c()), - powermod_d1_p(rw.get_d1(), rw.get_p()), - powermod_d2_q(rw.get_d2(), rw.get_q()), - mod_p(rw.get_p()), - blinder(n, - [this](const BigInt& k) { return power_mod(k, e, n); }, - [this](const BigInt& k) { return inverse_mod(k, n); }) + m_n(rw.get_n()), + m_e(rw.get_e()), + m_q(rw.get_q()), + m_c(rw.get_c()), + m_powermod_d1_p(rw.get_d1(), rw.get_p()), + m_powermod_d2_q(rw.get_d2(), rw.get_q()), + m_mod_p(rw.get_p()), + m_blinder(m_n, + [this](const BigInt& k) { return power_mod(k, m_e, m_n); }, + [this](const BigInt& k) { return inverse_mod(k, m_n); }) { } - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& n; - const BigInt& e; - const BigInt& q; - const BigInt& c; - - Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; - Modular_Reducer mod_p; - Blinder blinder; + const BigInt& m_n; + const BigInt& m_e; + const BigInt& m_q; + const BigInt& m_c; + + Fixed_Exponent_Power_Mod m_powermod_d1_p, m_powermod_d2_q; + Modular_Reducer m_mod_p; + Blinder m_blinder; }; secure_vector<byte> @@ -109,23 +109,23 @@ RW_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt i(msg, msg_len); - if(i >= n || i % 16 != 12) + if(i >= m_n || i % 16 != 12) throw Invalid_Argument("Rabin-Williams: invalid input"); - if(jacobi(i, n) != 1) + if(jacobi(i, m_n) != 1) i >>= 1; - i = blinder.blind(i); + i = m_blinder.blind(i); - auto future_j1 = std::async(std::launch::async, powermod_d1_p, i); - const BigInt j2 = powermod_d2_q(i); + auto future_j1 = std::async(std::launch::async, m_powermod_d1_p, i); + const BigInt j2 = m_powermod_d2_q(i); BigInt j1 = future_j1.get(); - j1 = mod_p.reduce(sub_mul(j1, j2, c)); + j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); - const BigInt r = blinder.unblind(mul_add(j1, q, j2)); + const BigInt r = m_blinder.unblind(mul_add(j1, m_q, j2)); - return BigInt::encode_1363(std::min(r, n - r), n.bytes()); + return BigInt::encode_1363(std::min(r, m_n - r), m_n.bytes()); } /** @@ -138,17 +138,17 @@ class RW_Verification_Operation : public PK_Ops::Verification_with_EMSA RW_Verification_Operation(const RW_PublicKey& rw, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - n(rw.get_n()), powermod_e_n(rw.get_e(), rw.get_n()) + m_n(rw.get_n()), m_powermod_e_n(rw.get_e(), rw.get_n()) {} - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } bool with_recovery() const override { return true; } secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; private: - const BigInt& n; - Fixed_Exponent_Power_Mod powermod_e_n; + const BigInt& m_n; + Fixed_Exponent_Power_Mod m_powermod_e_n; }; secure_vector<byte> @@ -156,16 +156,16 @@ RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - if((m > (n >> 1)) || m.is_negative()) + if((m > (m_n >> 1)) || m.is_negative()) throw Invalid_Argument("RW signature verification: m > n / 2 || m < 0"); - BigInt r = powermod_e_n(m); + BigInt r = m_powermod_e_n(m); if(r % 16 == 12) return BigInt::encode_locked(r); if(r % 8 == 6) return BigInt::encode_locked(2*r); - r = n - r; + r = m_n - r; if(r % 16 == 12) return BigInt::encode_locked(r); if(r % 8 == 6) diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp index f5a782526..0b80de7bd 100644 --- a/src/lib/rng/hmac_rng/hmac_rng.cpp +++ b/src/lib/rng/hmac_rng/hmac_rng.cpp @@ -1,12 +1,13 @@ /* * HMAC_RNG -* (C) 2008,2009,2013,2015 Jack Lloyd +* (C) 2008,2009,2013,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/hmac_rng.h> #include <botan/entropy_src.h> +#include <botan/internal/os_utils.h> #include <algorithm> #include <chrono> @@ -69,10 +70,10 @@ void HMAC_RNG::clear() void HMAC_RNG::new_K_value(byte label) { - typedef std::chrono::high_resolution_clock clock; - m_prf->update(m_K); - m_prf->update_be(clock::now().time_since_epoch().count()); + m_prf->update_be(m_pid); + m_prf->update_be(OS::get_processor_timestamp()); + m_prf->update_be(OS::get_system_timestamp_ns()); m_prf->update_be(m_counter++); m_prf->update(label); m_prf->final(m_K.data()); @@ -83,7 +84,7 @@ void HMAC_RNG::new_K_value(byte label) */ void HMAC_RNG::randomize(byte out[], size_t length) { - if(!is_seeded()) + if(!is_seeded() || m_pid != OS::get_process_id()) { reseed(256); if(!is_seeded()) @@ -168,6 +169,7 @@ size_t HMAC_RNG::reseed_with_sources(Entropy_Sources& srcs, m_extractor->output_length() * 8); m_output_since_reseed = 0; + m_pid = OS::get_process_id(); return static_cast<size_t>(bits_collected); } diff --git a/src/lib/rng/hmac_rng/hmac_rng.h b/src/lib/rng/hmac_rng/hmac_rng.h index 1e38daa08..95ae25e39 100644 --- a/src/lib/rng/hmac_rng/hmac_rng.h +++ b/src/lib/rng/hmac_rng/hmac_rng.h @@ -60,6 +60,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator secure_vector<byte> m_K; u32bit m_counter = 0; + u32bit m_pid = 0; }; } diff --git a/src/lib/rng/rng.h b/src/lib/rng/rng.h index 23e974b92..2e29a713c 100644 --- a/src/lib/rng/rng.h +++ b/src/lib/rng/rng.h @@ -61,18 +61,6 @@ class BOTAN_DLL RandomNumberGenerator } /** - * Return a value in range [0,2^bits) - */ - u64bit gen_mask(size_t bits) - { - if(bits == 0 || bits > 64) - throw Invalid_Argument("RandomNumberGenerator::gen_mask invalid argument"); - - const u64bit mask = ((1 << bits) - 1); - return this->get_random<u64bit>() & mask; - } - - /** * Return a random byte * @return random byte */ @@ -211,7 +199,7 @@ class BOTAN_DLL Serialized_RNG : public RandomNumberGenerator } Serialized_RNG() : m_rng(RandomNumberGenerator::make_rng()) {} - Serialized_RNG(RandomNumberGenerator* rng) : m_rng(rng) {} + explicit Serialized_RNG(RandomNumberGenerator* rng) : m_rng(rng) {} private: mutable std::mutex m_mutex; std::unique_ptr<RandomNumberGenerator> m_rng; diff --git a/src/lib/stream/chacha/chacha.h b/src/lib/stream/chacha/chacha.h index df6e1c9c0..92f8ef035 100644 --- a/src/lib/stream/chacha/chacha.h +++ b/src/lib/stream/chacha/chacha.h @@ -15,7 +15,7 @@ namespace Botan { /** * DJB's ChaCha (http://cr.yp.to/chacha.html) */ -class BOTAN_DLL ChaCha : public StreamCipher +class BOTAN_DLL ChaCha final : public StreamCipher { public: void cipher(const byte in[], byte out[], size_t length) override; diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index f59f06d5f..8e931605c 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -16,7 +16,7 @@ namespace Botan { /** * CTR-BE (Counter mode, big-endian) */ -class BOTAN_DLL CTR_BE : public StreamCipher +class BOTAN_DLL CTR_BE final : public StreamCipher { public: void cipher(const byte in[], byte out[], size_t length) override; @@ -43,7 +43,7 @@ class BOTAN_DLL CTR_BE : public StreamCipher /** * @param cipher the underlying block cipher to use */ - CTR_BE(BlockCipher* cipher); + explicit CTR_BE(BlockCipher* cipher); private: void key_schedule(const byte key[], size_t key_len) override; void increment_counter(); diff --git a/src/lib/stream/ofb/ofb.h b/src/lib/stream/ofb/ofb.h index 32dc199bc..fecd47d9d 100644 --- a/src/lib/stream/ofb/ofb.h +++ b/src/lib/stream/ofb/ofb.h @@ -16,7 +16,7 @@ namespace Botan { /** * Output Feedback Mode */ -class BOTAN_DLL OFB : public StreamCipher +class BOTAN_DLL OFB final : public StreamCipher { public: void cipher(const byte in[], byte out[], size_t length) override; @@ -43,7 +43,7 @@ class BOTAN_DLL OFB : public StreamCipher /** * @param cipher the underlying block cipher to use */ - OFB(BlockCipher* cipher); + explicit OFB(BlockCipher* cipher); private: void key_schedule(const byte key[], size_t key_len) override; diff --git a/src/lib/stream/rc4/rc4.cpp b/src/lib/stream/rc4/rc4.cpp index 6146e2818..895f38091 100644 --- a/src/lib/stream/rc4/rc4.cpp +++ b/src/lib/stream/rc4/rc4.cpp @@ -23,16 +23,16 @@ RC4* RC4::make(const Spec& spec) */ void RC4::cipher(const byte in[], byte out[], size_t length) { - while(length >= buffer.size() - position) + while(length >= m_buffer.size() - m_position) { - xor_buf(out, in, &buffer[position], buffer.size() - position); - length -= (buffer.size() - position); - in += (buffer.size() - position); - out += (buffer.size() - position); + xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position); + length -= (m_buffer.size() - m_position); + in += (m_buffer.size() - m_position); + out += (m_buffer.size() - m_position); generate(); } - xor_buf(out, in, &buffer[position], length); - position += length; + xor_buf(out, in, &m_buffer[m_position], length); + m_position += length; } /* @@ -41,26 +41,26 @@ void RC4::cipher(const byte in[], byte out[], size_t length) void RC4::generate() { byte SX, SY; - for(size_t i = 0; i != buffer.size(); i += 4) + for(size_t i = 0; i != m_buffer.size(); i += 4) { - SX = state[X+1]; Y = (Y + SX) % 256; SY = state[Y]; - state[X+1] = SY; state[Y] = SX; - buffer[i] = state[(SX + SY) % 256]; - - SX = state[X+2]; Y = (Y + SX) % 256; SY = state[Y]; - state[X+2] = SY; state[Y] = SX; - buffer[i+1] = state[(SX + SY) % 256]; - - SX = state[X+3]; Y = (Y + SX) % 256; SY = state[Y]; - state[X+3] = SY; state[Y] = SX; - buffer[i+2] = state[(SX + SY) % 256]; - - X = (X + 4) % 256; - SX = state[X]; Y = (Y + SX) % 256; SY = state[Y]; - state[X] = SY; state[Y] = SX; - buffer[i+3] = state[(SX + SY) % 256]; + SX = m_state[m_X+1]; m_Y = (m_Y + SX) % 256; SY = m_state[m_Y]; + m_state[m_X+1] = SY; m_state[m_Y] = SX; + m_buffer[i] = m_state[(SX + SY) % 256]; + + SX = m_state[m_X+2]; m_Y = (m_Y + SX) % 256; SY = m_state[m_Y]; + m_state[m_X+2] = SY; m_state[m_Y] = SX; + m_buffer[i+1] = m_state[(SX + SY) % 256]; + + SX = m_state[m_X+3]; m_Y = (m_Y + SX) % 256; SY = m_state[m_Y]; + m_state[m_X+3] = SY; m_state[m_Y] = SX; + m_buffer[i+2] = m_state[(SX + SY) % 256]; + + m_X = (m_X + 4) % 256; + SX = m_state[m_X]; m_Y = (m_Y + SX) % 256; SY = m_state[m_Y]; + m_state[m_X] = SY; m_state[m_Y] = SX; + m_buffer[i+3] = m_state[(SX + SY) % 256]; } - position = 0; + m_position = 0; } /* @@ -68,24 +68,24 @@ void RC4::generate() */ void RC4::key_schedule(const byte key[], size_t length) { - state.resize(256); - buffer.resize(256); + m_state.resize(256); + m_buffer.resize(256); - position = X = Y = 0; + m_position = m_X = m_Y = 0; for(size_t i = 0; i != 256; ++i) - state[i] = static_cast<byte>(i); + m_state[i] = static_cast<byte>(i); for(size_t i = 0, state_index = 0; i != 256; ++i) { - state_index = (state_index + key[i % length] + state[i]) % 256; - std::swap(state[i], state[state_index]); + state_index = (state_index + key[i % length] + m_state[i]) % 256; + std::swap(m_state[i], m_state[state_index]); } - for(size_t i = 0; i <= SKIP; i += buffer.size()) + for(size_t i = 0; i <= m_SKIP; i += m_buffer.size()) generate(); - position += (SKIP % buffer.size()); + m_position += (m_SKIP % m_buffer.size()); } /* @@ -93,9 +93,9 @@ void RC4::key_schedule(const byte key[], size_t length) */ std::string RC4::name() const { - if(SKIP == 0) return "RC4"; - if(SKIP == 256) return "MARK-4"; - else return "RC4_skip(" + std::to_string(SKIP) + ")"; + if(m_SKIP == 0) return "RC4"; + if(m_SKIP == 256) return "MARK-4"; + else return "RC4_skip(" + std::to_string(m_SKIP) + ")"; } /* @@ -103,14 +103,14 @@ std::string RC4::name() const */ void RC4::clear() { - zap(state); - zap(buffer); - position = X = Y = 0; + zap(m_state); + zap(m_buffer); + m_position = m_X = m_Y = 0; } /* * RC4 Constructor */ -RC4::RC4(size_t s) : SKIP(s), X(0), Y(0) {} +RC4::RC4(size_t s) : m_SKIP(s) {} } diff --git a/src/lib/stream/rc4/rc4.h b/src/lib/stream/rc4/rc4.h index 60c9450b4..f166a2772 100644 --- a/src/lib/stream/rc4/rc4.h +++ b/src/lib/stream/rc4/rc4.h @@ -16,7 +16,7 @@ namespace Botan { /** * RC4 stream cipher */ -class BOTAN_DLL RC4 : public StreamCipher +class BOTAN_DLL RC4 final : public StreamCipher { public: void cipher(const byte in[], byte out[], size_t length) override; @@ -24,7 +24,7 @@ class BOTAN_DLL RC4 : public StreamCipher void clear() override; std::string name() const override; - StreamCipher* clone() const override { return new RC4(SKIP); } + StreamCipher* clone() const override { return new RC4(m_SKIP); } Key_Length_Specification key_spec() const override { @@ -36,20 +36,19 @@ class BOTAN_DLL RC4 : public StreamCipher /** * @param skip skip this many initial bytes in the keystream */ - RC4(size_t skip = 0); + explicit RC4(size_t skip = 0); ~RC4() { clear(); } private: void key_schedule(const byte[], size_t) override; void generate(); - const size_t SKIP; - - byte X, Y; - secure_vector<byte> state; - - secure_vector<byte> buffer; - size_t position; + const size_t m_SKIP; + byte m_X = 0; + byte m_Y = 0; + secure_vector<byte> m_state; + secure_vector<byte> m_buffer; + size_t m_position = 0; }; } diff --git a/src/lib/stream/salsa20/salsa20.h b/src/lib/stream/salsa20/salsa20.h index a5e7a1f14..7e75470da 100644 --- a/src/lib/stream/salsa20/salsa20.h +++ b/src/lib/stream/salsa20/salsa20.h @@ -15,7 +15,7 @@ namespace Botan { /** * DJB's Salsa20 (and XSalsa20) */ -class BOTAN_DLL Salsa20 : public StreamCipher +class BOTAN_DLL Salsa20 final : public StreamCipher { public: void cipher(const byte in[], byte out[], size_t length) override; diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp index 060e65d86..03ef5e329 100644 --- a/src/lib/stream/stream_cipher.cpp +++ b/src/lib/stream/stream_cipher.cpp @@ -33,7 +33,7 @@ namespace Botan { std::unique_ptr<StreamCipher> StreamCipher::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<StreamCipher>(make_a<StreamCipher>(algo_spec, provider)); + return std::unique_ptr<StreamCipher>(make_a<StreamCipher>(Botan::StreamCipher::Spec(algo_spec), provider)); } std::vector<std::string> StreamCipher::providers(const std::string& algo_spec) diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index 1b0cf1415..a43d5619a 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -25,7 +25,6 @@ tls_extensions.h tls_handshake_hash.h tls_handshake_io.h tls_handshake_state.h -tls_heartbeats.h tls_messages.h tls_reader.h tls_record.h @@ -51,6 +50,5 @@ rng rsa sha1 sha2_32 -srp6 x509 </requires> diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp index aaaf754c8..4fd528148 100644 --- a/src/lib/tls/msg_cert_req.cpp +++ b/src/lib/tls/msg_cert_req.cpp @@ -89,7 +89,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, { const std::string cert_type_name = cert_type_code_to_name(cert_type_codes[i]); - if(cert_type_name == "") // something we don't know + if(cert_type_name.empty()) // something we don't know continue; m_cert_key_types.push_back(cert_type_name); diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 74565e29b..0d157dc57 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -59,7 +59,7 @@ std::vector<byte> Certificate_Verify::serialize() const { std::vector<byte> buf; - if(m_hash_algo != "" && m_sig_algo != "") + if(!m_hash_algo.empty() && !m_sig_algo.empty()) { buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo)); buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); @@ -77,12 +77,14 @@ std::vector<byte> Certificate_Verify::serialize() const * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, - const Handshake_State& state) const + const Handshake_State& state, + const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); std::pair<std::string, Signature_Format> format = - state.understand_sig_format(*key.get(), m_hash_algo, m_sig_algo); + state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, + true, policy); PK_Verifier verifier(*key, format.first, format.second); diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp index f0ccc5328..5be9379bd 100644 --- a/src/lib/tls/msg_certificate.cpp +++ b/src/lib/tls/msg_certificate.cpp @@ -71,8 +71,10 @@ std::vector<byte> Certificate::serialize() const { std::vector<byte> raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); - for(size_t i = 0; i != 3; ++i) - buf.push_back(get_byte<u32bit>(i+1, cert_size)); + for(size_t j = 0; j != 3; ++j) + { + buf.push_back(get_byte<u32bit>(j+1, cert_size)); + } buf += raw_cert; } diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index ce20d6781..23807215f 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -1,6 +1,6 @@ /* * TLS Hello Request and Client Hello Messages -* (C) 2004-2011,2015 Jack Lloyd +* (C) 2004-2011,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -80,15 +80,13 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))), m_comp_methods(policy.compression()) { + m_extensions.add(new Extended_Master_Secret); m_extensions.add(new Renegotiation_Extension(reneg_info)); - m_extensions.add(new SRP_Identifier(srp_identifier)); + m_extensions.add(new Server_Name_Indicator(hostname)); m_extensions.add(new Session_Ticket()); m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(policy.negotiate_heartbeat_support()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - if(m_version.supports_negotiable_signature_algorithms()) m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), policy.allowed_signature_methods())); @@ -99,6 +97,15 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); +#if defined(BOTAN_HAS_SRP6) + m_extensions.add(new SRP_Identifier(srp_identifier)); +#else + if(!srp_identifier.empty()) + { + throw Invalid_State("Attempting to initiate SRP session but TLS-SRP support disabled"); + } +#endif + BOTAN_ASSERT(policy.acceptable_protocol_version(version), "Our policy accepts the version we are offering"); @@ -130,18 +137,18 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(!value_exists(m_comp_methods, session.compression_method())) m_comp_methods.push_back(session.compression_method()); + /* + We always add the EMS extension, even if not used in the original session. + If the server understands it and follows the RFC it should reject our resume + attempt and upgrade us to a new session with the EMS protection. + */ + m_extensions.add(new Extended_Master_Secret); + m_extensions.add(new Renegotiation_Extension(reneg_info)); - m_extensions.add(new SRP_Identifier(session.srp_identifier())); m_extensions.add(new Server_Name_Indicator(session.server_info().hostname())); m_extensions.add(new Session_Ticket(session.session_ticket())); m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(policy.negotiate_heartbeat_support()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - - if(session.fragment_size() != 0) - m_extensions.add(new Maximum_Fragment_Length(session.fragment_size())); - if(m_version.supports_negotiable_signature_algorithms()) m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), policy.allowed_signature_methods())); @@ -149,6 +156,15 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); +#if defined(BOTAN_HAS_SRP6) + m_extensions.add(new SRP_Identifier(session.srp_identifier())); +#else + if(!session.srp_identifier().empty()) + { + throw Invalid_State("Attempting to resume SRP session but TLS-SRP support disabled"); + } +#endif + hash.update(io.send(*this)); } diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 7ce9b9df2..4bec9f3be 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -10,14 +10,19 @@ #include <botan/internal/tls_extensions.h> #include <botan/internal/tls_handshake_io.h> #include <botan/credentials_manager.h> +#include <botan/rng.h> +#include <botan/loadstor.h> +#include <botan/internal/ct_utils.h> + #include <botan/pubkey.h> + #include <botan/dh.h> #include <botan/ecdh.h> #include <botan/rsa.h> + +#if defined(BOTAN_HAS_SRP6) #include <botan/srp6.h> -#include <botan/rng.h> -#include <botan/loadstor.h> -#include <botan/internal/ct_utils.h> +#endif namespace Botan { @@ -166,6 +171,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_key_material, priv_key.public_value(), 1); } +#if defined(BOTAN_HAS_SRP6) else if(kex_algo == "SRP_SHA") { const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); @@ -193,6 +199,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_key_material, BigInt::encode(srp_vals.first), 2); m_pre_master = srp_vals.second.bits_of(); } +#endif else { throw Internal_Error("Client_Key_Exchange: Unknown kex " + @@ -323,12 +330,14 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, append_tls_length_value(m_pre_master, zeros, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } +#if defined(BOTAN_HAS_SRP6) else if(kex_algo == "SRP_SHA") { SRP6_Server_Session& srp = state.server_kex()->server_srp_params(); m_pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of(); } +#endif else if(kex_algo == "DH" || kex_algo == "DHE_PSK" || kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") { @@ -365,7 +374,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, else m_pre_master = shared_secret; } - catch(std::exception &e) + catch(std::exception &) { /* * Something failed in the DH computation. To avoid possible diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp index b837172b6..2d6b11995 100644 --- a/src/lib/tls/msg_finished.cpp +++ b/src/lib/tls/msg_finished.cpp @@ -48,9 +48,8 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state, */ Finished::Finished(Handshake_IO& io, Handshake_State& state, - Connection_Side side) + Connection_Side side) : m_verification_data(finished_compute_verify( state, side )) { - m_verification_data = finished_compute_verify(state, side); state.hash().update(io.send(*this)); } @@ -65,10 +64,8 @@ std::vector<byte> Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const std::vector<byte>& buf) - { - m_verification_data = buf; - } +Finished::Finished(const std::vector<byte>& buf) : m_verification_data(buf) + {} /* * Verify a Finished message diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index ba7eee3d9..f8d0c63c7 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -1,6 +1,6 @@ /* * TLS Server Hello and Server Hello Done -* (C) 2004-2011,2015 Jack Lloyd +* (C) 2004-2011,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -28,26 +28,23 @@ Server_Hello::Server_Hello(Handshake_IO& io, u16bit ciphersuite, byte compression, bool offer_session_ticket, - const std::string next_protocol) : + const std::string& next_protocol) : m_version(new_session_version), m_session_id(new_session_id), m_random(make_hello_random(rng, policy)), m_ciphersuite(ciphersuite), m_comp_method(compression) { + if(client_hello.supports_extended_master_secret()) + m_extensions.add(new Extended_Master_Secret); + if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); if(client_hello.supports_session_ticket() && offer_session_ticket) m_extensions.add(new Session_Ticket()); - if(size_t max_fragment_size = client_hello.fragment_size()) - m_extensions.add(new Maximum_Fragment_Length(max_fragment_size)); - - if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - - if(next_protocol != "" && client_hello.supports_alpn()) + if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); if(m_version.is_datagram_protocol()) @@ -90,19 +87,16 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_ciphersuite(resumed_session.ciphersuite_code()), m_comp_method(resumed_session.compression_method()) { + if(client_hello.supports_extended_master_secret()) + m_extensions.add(new Extended_Master_Secret); + if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); if(client_hello.supports_session_ticket() && offer_session_ticket) m_extensions.add(new Session_Ticket()); - if(size_t max_fragment_size = resumed_session.fragment_size()) - m_extensions.add(new Maximum_Fragment_Length(max_fragment_size)); - - if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - - if(next_protocol != "" && client_hello.supports_alpn()) + if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); hash.update(io.send(*this)); diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 0c3b5c704..98e3ad1f0 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -12,11 +12,14 @@ #include <botan/credentials_manager.h> #include <botan/loadstor.h> #include <botan/pubkey.h> +#include <botan/oids.h> + #include <botan/dh.h> #include <botan/ecdh.h> -#include <botan/rsa.h> + +#if defined(BOTAN_HAS_SRP6) #include <botan/srp6.h> -#include <botan/oids.h> +#endif namespace Botan { @@ -45,7 +48,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, DL_Group(policy.dh_group()))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -86,6 +89,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, m_kex_key.reset(ecdh.release()); } +#if defined(BOTAN_HAS_SRP6) else if(kex_algo == "SRP_SHA") { const std::string srp_identifier = state.client_hello()->srp_identifier(); @@ -115,6 +119,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, salt, 1); append_tls_length_value(m_params, BigInt::encode(B), 2); } +#endif else if(kex_algo != "PSK") throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_algo); @@ -142,8 +147,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, const std::string& kex_algo, const std::string& sig_algo, - Protocol_Version version) : - m_kex_key(nullptr), m_srp_params(nullptr) + Protocol_Version version) { TLS_Data_Reader reader("ServerKeyExchange", buf); @@ -229,10 +233,12 @@ std::vector<byte> Server_Key_Exchange::serialize() const * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const Public_Key& server_key, - const Handshake_State& state) const + const Handshake_State& state, + const Policy& policy) const { std::pair<std::string, Signature_Format> format = - state.understand_sig_format(server_key, m_hash_algo, m_sig_algo); + state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, + false, policy); PK_Verifier verifier(server_key, format.first, format.second); @@ -249,12 +255,6 @@ const Private_Key& Server_Key_Exchange::server_kex_key() const return *m_kex_key; } -// Only valid for SRP negotiation -SRP6_Server_Session& Server_Key_Exchange::server_srp_params() const - { - BOTAN_ASSERT_NONNULL(m_srp_params); - return *m_srp_params; - } } } diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index e13401c1d..049c12df1 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -88,7 +88,6 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, std::chrono::milliseconds(100), iterations); - printf("pbkdf iter %d\n", iterations); size_t check_val = make_u16bit(x[0], x[1]); m_session_key.assign(x.begin() + 2, x.end()); diff --git a/src/lib/tls/tls_alert.cpp b/src/lib/tls/tls_alert.cpp index 5cfb1b0b1..6cecb3bbe 100644 --- a/src/lib/tls/tls_alert.cpp +++ b/src/lib/tls/tls_alert.cpp @@ -108,9 +108,6 @@ std::string Alert::type_string() const case NULL_ALERT: return "none"; - - case HEARTBEAT_PAYLOAD: - return "heartbeat_payload"; } /* diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h index 81946d9db..1184c6260 100644 --- a/src/lib/tls/tls_alert.h +++ b/src/lib/tls/tls_alert.h @@ -60,8 +60,7 @@ class BOTAN_DLL Alert NO_APPLICATION_PROTOCOL = 120, // RFC 7301 // pseudo alert values - NULL_ALERT = 256, - HEARTBEAT_PAYLOAD = 257 + NULL_ALERT = 256 }; /** @@ -93,7 +92,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const secure_vector<byte>& buf); + explicit Alert(const secure_vector<byte>& buf); /** * Create a new Alert diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index f88b7896c..a1867b6b5 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -20,7 +20,7 @@ Blocking_Client::Blocking_Client(read_fn reader, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next) : m_read(reader), m_channel(writer, @@ -42,7 +42,7 @@ bool Blocking_Client::handshake_cb(const Session& session) return this->handshake_complete(session); } -void Blocking_Client::alert_cb(const Alert alert, const byte[], size_t) +void Blocking_Client::alert_cb(const Alert& alert, const byte[], size_t) { this->alert_notification(alert); } diff --git a/src/lib/tls/tls_blocking.h b/src/lib/tls/tls_blocking.h index 89421f5f5..00e65cbaf 100644 --- a/src/lib/tls/tls_blocking.h +++ b/src/lib/tls/tls_blocking.h @@ -39,7 +39,7 @@ class BOTAN_DLL Blocking_Client const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protos = {}); /** @@ -89,7 +89,7 @@ class BOTAN_DLL Blocking_Client void data_cb(const byte data[], size_t data_len); - void alert_cb(const Alert alert, const byte data[], size_t data_len); + void alert_cb(const Alert& alert, const byte data[], size_t data_len); read_fn m_read; TLS::Client m_channel; diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index c7adc18cd..2cf351c80 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -8,7 +8,6 @@ #include <botan/tls_channel.h> #include <botan/internal/tls_handshake_state.h> #include <botan/internal/tls_messages.h> -#include <botan/internal/tls_heartbeats.h> #include <botan/internal/tls_record.h> #include <botan/internal/tls_seq_numbers.h> #include <botan/internal/rounding.h> @@ -161,22 +160,6 @@ void Channel::renegotiate(bool force_full_renegotiation) throw Exception("Cannot renegotiate on inactive connection"); } -size_t Channel::maximum_fragment_size() const - { - // should we be caching this value? - - if(auto pending = pending_state()) - if(auto server_hello = pending->server_hello()) - if(size_t frag = server_hello->fragment_size()) - return frag; - - if(auto active = active_state()) - if(size_t frag = active->server_hello()->fragment_size()) - return frag; - - return MAX_PLAINTEXT_SIZE; - } - void Channel::change_cipher_spec_reader(Connection_Side side) { auto pending = pending_state(); @@ -269,20 +252,6 @@ void Channel::activate_session() } } -bool Channel::peer_supports_heartbeats() const - { - if(auto active = active_state()) - return active->server_hello()->supports_heartbeats(); - return false; - } - -bool Channel::heartbeat_sending_allowed() const - { - if(auto active = active_state()) - return active->server_hello()->peer_can_send_heartbeats(); - return false; - } - size_t Channel::received_data(const std::vector<byte>& buf) { return this->received_data(buf.data(), buf.size()); @@ -290,8 +259,6 @@ size_t Channel::received_data(const std::vector<byte>& buf) size_t Channel::received_data(const byte input[], size_t input_size) { - const size_t max_fragment_size = maximum_fragment_size(); - try { while(!is_closed() && input_size) @@ -331,9 +298,9 @@ size_t Channel::received_data(const byte input[], size_t input_size) if(input_size == 0 && needed != 0) return needed; // need more data to complete record - if(record.size() > max_fragment_size) + if(record.size() > MAX_PLAINTEXT_SIZE) throw TLS_Exception(Alert::RECORD_OVERFLOW, - "TLS input record is larger than allowed maximum"); + "TLS plaintext record is larger than allowed maximum"); if(record_type == HANDSHAKE || record_type == CHANGE_CIPHER_SPEC) { @@ -394,31 +361,6 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } } - else if(record_type == HEARTBEAT && peer_supports_heartbeats()) - { - if(!active_state()) - throw Unexpected_Message("Heartbeat sent before handshake done"); - - Heartbeat_Message heartbeat(unlock(record)); - - const std::vector<byte>& payload = heartbeat.payload(); - - if(heartbeat.is_request()) - { - if(!pending_state()) - { - const std::vector<byte> padding = unlock(rng().random_vec(16)); - Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload.data(), payload.size(), padding); - - send_record(HEARTBEAT, response.contents()); - } - } - else - { - m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size()); - } - } else if(record_type == APPLICATION_DATA) { if(!active_state()) @@ -486,18 +428,6 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } -void Channel::heartbeat(const byte payload[], size_t payload_size, size_t pad_size) - { - if(heartbeat_sending_allowed()) - { - const std::vector<byte> padding = unlock(rng().random_vec(pad_size + 16)); - Heartbeat_Message heartbeat(Heartbeat_Message::REQUEST, - payload, payload_size, padding); - - send_record(HEARTBEAT, heartbeat.contents()); - } - } - void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch, byte record_type, const byte input[], size_t length) { @@ -544,11 +474,9 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz length -= 1; } - const size_t max_fragment_size = maximum_fragment_size(); - while(length) { - const size_t sending = std::min(length, max_fragment_size); + const size_t sending = std::min<size_t>(length, MAX_PLAINTEXT_SIZE); write_record(cipher_state.get(), epoch, type, input, sending); input += sending; diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 9ef2d17c4..e0219c242 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -161,28 +161,6 @@ class BOTAN_DLL Channel */ bool timeout_check(); - /** - * @return true iff the peer supports heartbeat messages - */ - bool peer_supports_heartbeats() const; - - /** - * @return true iff we are allowed to send heartbeat messages - */ - bool heartbeat_sending_allowed() const; - - /** - * Attempt to send a heartbeat message (if negotiated with counterparty) - * @param payload will be echoed back - * @param payload_size size of payload in bytes - * @param pad_bytes include 16 + pad_bytes extra bytes in the message (not echoed) - */ - void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0); - - /** - * Attempt to send a heartbeat message (if negotiated with counterparty) - */ - void heartbeat() { heartbeat(nullptr, 0); } protected: virtual void process_handshake_msg(const Handshake_State* active_state, @@ -226,8 +204,6 @@ class BOTAN_DLL Channel handshake_msg_cb get_handshake_msg_cb() const { return m_handshake_msg_cb; } private: - size_t maximum_fragment_size() const; - void send_record(byte record_type, const std::vector<byte>& record); void send_record_under_epoch(u16bit epoch, byte record_type, diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 76c4e2416..20142adc5 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -27,9 +27,11 @@ std::vector<Ciphersuite> gather_known_ciphersuites() { std::vector<Ciphersuite> ciphersuites; - for(size_t i = 0; i <= 0xFFFF; ++i) + std::vector<u16bit> all_ids = Ciphersuite::all_known_ciphersuite_ids(); + + for(auto id : all_ids) { - Ciphersuite suite = Ciphersuite::by_id(i); + Ciphersuite suite = Ciphersuite::by_id(id); if(suite.valid()) ciphersuites.push_back(suite); diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h index 26faca11b..355dd5a8f 100644 --- a/src/lib/tls/tls_ciphersuite.h +++ b/src/lib/tls/tls_ciphersuite.h @@ -29,6 +29,8 @@ class BOTAN_DLL Ciphersuite */ static Ciphersuite by_id(u16bit suite); + static std::vector<u16bit> all_known_ciphersuite_ids(); + /** * Returns true iff this suite is a known SCSV */ @@ -91,7 +93,7 @@ class BOTAN_DLL Ciphersuite const std::string& prf_algo() const { - return (m_prf_algo != "") ? m_prf_algo : m_mac_algo; + return (!m_prf_algo.empty()) ? m_prf_algo : m_mac_algo; } /** diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 82630b7fa..301c77c6b 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -1,6 +1,6 @@ /* * TLS Client -* (C) 2004-2011,2012,2015 Jack Lloyd +* (C) 2004-2011,2012,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -51,7 +51,7 @@ Client::Client(output_fn output_fn, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next_protos, size_t io_buf_sz) : Channel(output_fn, proc_cb, alert_cb, handshake_cb, Channel::handshake_msg_cb(), @@ -75,7 +75,7 @@ Client::Client(output_fn output_fn, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next_protos) : Channel(output_fn, proc_cb, alert_cb, handshake_cb, hs_msg_cb, session_manager, rng, policy, offer_version.is_datagram_protocol()), @@ -394,7 +394,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { const Public_Key& server_key = state.get_server_public_Key(); - if(!state.server_kex()->verify(server_key, state)) + if(!state.server_kex()->verify(server_key, state, policy())) { throw TLS_Exception(Alert::DECRYPT_ERROR, "Bad signature on server key exchange"); @@ -509,7 +509,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.server_hello()->ciphersuite(), state.server_hello()->compression_method(), CLIENT, - state.server_hello()->fragment_size(), + state.server_hello()->supports_extended_master_secret(), get_peer_cert_chain(state), session_ticket, m_info, diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index b835c013e..45a741878 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -19,7 +19,7 @@ namespace TLS { /** * SSL/TLS Client */ -class BOTAN_DLL Client : public Channel +class BOTAN_DLL Client final : public Channel { public: /** @@ -62,7 +62,7 @@ class BOTAN_DLL Client : public Channel const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protocols = {}, size_t reserved_io_buffer_size = 16*1024 ); @@ -77,7 +77,7 @@ class BOTAN_DLL Client : public Channel const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protocols = {} ); diff --git a/src/lib/tls/tls_exceptn.h b/src/lib/tls/tls_exceptn.h index 509226094..2ed5b685c 100644 --- a/src/lib/tls/tls_exceptn.h +++ b/src/lib/tls/tls_exceptn.h @@ -36,7 +36,7 @@ class BOTAN_DLL TLS_Exception : public Exception */ struct BOTAN_DLL Unexpected_Message : public TLS_Exception { - Unexpected_Message(const std::string& err) : + explicit Unexpected_Message(const std::string& err) : TLS_Exception(Alert::UNEXPECTED_MESSAGE, err) {} }; diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 06efebb4b..4acf9a6fe 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -1,6 +1,6 @@ /* * TLS Extensions -* (C) 2011,2012,2015 Jack Lloyd +* (C) 2011,2012,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -24,11 +24,10 @@ Extension* make_extension(TLS_Data_Reader& reader, case TLSEXT_SERVER_NAME_INDICATION: return new Server_Name_Indicator(reader, size); - case TLSEXT_MAX_FRAGMENT_LENGTH: - return new Maximum_Fragment_Length(reader, size); - +#if defined(BOTAN_HAS_SRP6) case TLSEXT_SRP_IDENTIFIER: return new SRP_Identifier(reader, size); +#endif case TLSEXT_USABLE_ELLIPTIC_CURVES: return new Supported_Elliptic_Curves(reader, size); @@ -39,14 +38,14 @@ Extension* make_extension(TLS_Data_Reader& reader, case TLSEXT_SIGNATURE_ALGORITHMS: return new Signature_Algorithms(reader, size); - case TLSEXT_USE_SRTP: + case TLSEXT_USE_SRTP: return new SRTP_Protection_Profiles(reader, size); case TLSEXT_ALPN: return new Application_Layer_Protocol_Notification(reader, size); - case TLSEXT_HEARTBEAT_SUPPORT: - return new Heartbeat_Support_Indicator(reader, size); + case TLSEXT_EXTENDED_MASTER_SECRET: + return new Extended_Master_Secret(reader, size); case TLSEXT_SESSION_TICKET: return new Session_Ticket(reader, size); @@ -88,7 +87,7 @@ std::vector<byte> Extensions::serialize() const { std::vector<byte> buf(2); // 2 bytes for length field - for(auto& extn : extensions) + for(auto& extn : m_extensions) { if(extn.second->empty()) continue; @@ -121,7 +120,7 @@ std::vector<byte> Extensions::serialize() const std::set<Handshake_Extension_Type> Extensions::extension_types() const { std::set<Handshake_Extension_Type> offers; - for(auto i = extensions.begin(); i != extensions.end(); ++i) + for(auto i = m_extensions.begin(); i != m_extensions.end(); ++i) offers.insert(i->first); return offers; } @@ -147,8 +146,8 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, if(name_type == 0) // DNS { - sni_host_name = reader.get_string(2, 1, 65535); - name_bytes -= (2 + sni_host_name.size()); + m_sni_host_name = reader.get_string(2, 1, 65535); + name_bytes -= (2 + m_sni_host_name.size()); } else // some other unknown name type { @@ -162,7 +161,7 @@ std::vector<byte> Server_Name_Indicator::serialize() const { std::vector<byte> buf; - size_t name_len = sni_host_name.size(); + size_t name_len = m_sni_host_name.size(); buf.push_back(get_byte<u16bit>(0, name_len+3)); buf.push_back(get_byte<u16bit>(1, name_len+3)); @@ -172,18 +171,18 @@ std::vector<byte> Server_Name_Indicator::serialize() const buf.push_back(get_byte<u16bit>(1, name_len)); buf += std::make_pair( - reinterpret_cast<const byte*>(sni_host_name.data()), - sni_host_name.size()); + reinterpret_cast<const byte*>(m_sni_host_name.data()), + m_sni_host_name.size()); return buf; } +#if defined(BOTAN_HAS_SRP6) + SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_srp_identifier(reader.get_string(1, 1, 255)) { - srp_identifier = reader.get_string(1, 1, 255); - - if(srp_identifier.size() + 1 != extension_size) + if(m_srp_identifier.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for SRP identifier extension"); } @@ -192,76 +191,29 @@ std::vector<byte> SRP_Identifier::serialize() const std::vector<byte> buf; const byte* srp_bytes = - reinterpret_cast<const byte*>(srp_identifier.data()); + reinterpret_cast<const byte*>(m_srp_identifier.data()); - append_tls_length_value(buf, srp_bytes, srp_identifier.size(), 1); + append_tls_length_value(buf, srp_bytes, m_srp_identifier.size(), 1); return buf; } +#endif + Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_reneg_data(reader.get_range<byte>(1, 0, 255)) { - reneg_data = reader.get_range<byte>(1, 0, 255); - - if(reneg_data.size() + 1 != extension_size) + if(m_reneg_data.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for secure renegotiation extn"); } std::vector<byte> Renegotiation_Extension::serialize() const { std::vector<byte> buf; - append_tls_length_value(buf, reneg_data, 1); + append_tls_length_value(buf, m_reneg_data, 1); return buf; } -std::vector<byte> Maximum_Fragment_Length::serialize() const - { - switch(m_max_fragment) - { - case 512: - return std::vector<byte>(1, 1); - case 1024: - return std::vector<byte>(1, 2); - case 2048: - return std::vector<byte>(1, 3); - case 4096: - return std::vector<byte>(1, 4); - default: - throw Invalid_Argument("Bad setting " + - std::to_string(m_max_fragment) + - " for maximum fragment size"); - } - } - -Maximum_Fragment_Length::Maximum_Fragment_Length(TLS_Data_Reader& reader, - u16bit extension_size) - { - if(extension_size != 1) - throw Decoding_Error("Bad size for maximum fragment extension"); - - const byte val = reader.get_byte(); - - switch(val) - { - case 1: - m_max_fragment = 512; - break; - case 2: - m_max_fragment = 1024; - break; - case 3: - m_max_fragment = 2048; - break; - case 4: - m_max_fragment = 4096; - break; - default: - throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Bad value " + std::to_string(val) + " for max fragment len"); - } - } - Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, u16bit extension_size) { @@ -424,7 +376,7 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, const u16bit id = reader.get_u16bit(); const std::string name = curve_id_to_name(id); - if(name != "") + if(!name.empty()) m_curves.push_back(name); } } @@ -552,7 +504,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, len -= 2; // If not something we know, ignore it completely - if(hash_code == "" || sig_code == "") + if(hash_code.empty() || sig_code.empty()) continue; m_supported_algos.push_back(std::make_pair(hash_code, sig_code)); @@ -560,16 +512,12 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, } Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, - u16bit extension_size) - { - m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size); - } + u16bit extension_size) : m_ticket(reader.get_elem<byte, std::vector<byte>>(extension_size)) + {} SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_pp(reader.get_range<u16bit>(2, 0, 65535)) { - m_pp = reader.get_range<u16bit>(2, 0, 65535); - const std::vector<byte> mki = reader.get_range<byte>(1, 0, 255); if(m_pp.size() * 2 + mki.size() + 3 != extension_size) @@ -598,6 +546,18 @@ std::vector<byte> SRTP_Protection_Profiles::serialize() const return buf; } +Extended_Master_Secret::Extended_Master_Secret(TLS_Data_Reader&, + u16bit extension_size) + { + if(extension_size != 0) + throw Decoding_Error("Invalid extended_master_secret extension"); + } + +std::vector<byte> Extended_Master_Secret::serialize() const + { + return std::vector<byte>(); + } + } } diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 7527b5cdd..a5aac0020 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -1,6 +1,6 @@ /* * TLS Extensions -* (C) 2011-2012 Jack Lloyd +* (C) 2011,2012,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -23,7 +23,7 @@ class TLS_Data_Reader; enum Handshake_Extension_Type { TLSEXT_SERVER_NAME_INDICATION = 0, - TLSEXT_MAX_FRAGMENT_LENGTH = 1, + // 1 is maximum fragment length TLSEXT_CLIENT_CERT_URL = 2, TLSEXT_TRUSTED_CA_KEYS = 3, TLSEXT_TRUNCATED_HMAC = 4, @@ -37,6 +37,8 @@ enum Handshake_Extension_Type { TLSEXT_HEARTBEAT_SUPPORT = 15, TLSEXT_ALPN = 16, + TLSEXT_EXTENDED_MASTER_SECRET = 23, + TLSEXT_SESSION_TICKET = 35, TLSEXT_SAFE_RENEGOTIATION = 65281, @@ -69,7 +71,7 @@ class Extension /** * Server Name Indicator extension (RFC 3546) */ -class Server_Name_Indicator : public Extension +class Server_Name_Indicator final : public Extension { public: static Handshake_Extension_Type static_type() @@ -77,25 +79,26 @@ class Server_Name_Indicator : public Extension Handshake_Extension_Type type() const override { return static_type(); } - Server_Name_Indicator(const std::string& host_name) : - sni_host_name(host_name) {} + explicit Server_Name_Indicator(const std::string& host_name) : + m_sni_host_name(host_name) {} Server_Name_Indicator(TLS_Data_Reader& reader, u16bit extension_size); - std::string host_name() const { return sni_host_name; } + std::string host_name() const { return m_sni_host_name; } std::vector<byte> serialize() const override; - bool empty() const override { return sni_host_name == ""; } + bool empty() const override { return m_sni_host_name.empty(); } private: - std::string sni_host_name; + std::string m_sni_host_name; }; +#if defined(BOTAN_HAS_SRP6) /** * SRP identifier extension (RFC 5054) */ -class SRP_Identifier : public Extension +class SRP_Identifier final : public Extension { public: static Handshake_Extension_Type static_type() @@ -103,25 +106,26 @@ class SRP_Identifier : public Extension Handshake_Extension_Type type() const override { return static_type(); } - SRP_Identifier(const std::string& identifier) : - srp_identifier(identifier) {} + explicit SRP_Identifier(const std::string& identifier) : + m_srp_identifier(identifier) {} SRP_Identifier(TLS_Data_Reader& reader, u16bit extension_size); - std::string identifier() const { return srp_identifier; } + std::string identifier() const { return m_srp_identifier; } std::vector<byte> serialize() const override; - bool empty() const override { return srp_identifier == ""; } + bool empty() const override { return m_srp_identifier.empty(); } private: - std::string srp_identifier; + std::string m_srp_identifier; }; +#endif /** * Renegotiation Indication Extension (RFC 5746) */ -class Renegotiation_Extension : public Extension +class Renegotiation_Extension final : public Extension { public: static Handshake_Extension_Type static_type() @@ -131,58 +135,26 @@ class Renegotiation_Extension : public Extension Renegotiation_Extension() {} - Renegotiation_Extension(const std::vector<byte>& bits) : - reneg_data(bits) {} + explicit Renegotiation_Extension(const std::vector<byte>& bits) : + m_reneg_data(bits) {} Renegotiation_Extension(TLS_Data_Reader& reader, u16bit extension_size); const std::vector<byte>& renegotiation_info() const - { return reneg_data; } + { return m_reneg_data; } std::vector<byte> serialize() const override; bool empty() const override { return false; } // always send this private: - std::vector<byte> reneg_data; - }; - -/** -* Maximum Fragment Length Negotiation Extension (RFC 4366 sec 3.2) -*/ -class Maximum_Fragment_Length : public Extension - { - public: - static Handshake_Extension_Type static_type() - { return TLSEXT_MAX_FRAGMENT_LENGTH; } - - Handshake_Extension_Type type() const override { return static_type(); } - - bool empty() const override { return false; } - - size_t fragment_size() const { return m_max_fragment; } - - std::vector<byte> serialize() const override; - - /** - * @param max_fragment specifies what maximum fragment size to - * advertise. Currently must be one of 512, 1024, 2048, or - * 4096. - */ - Maximum_Fragment_Length(size_t max_fragment) : - m_max_fragment(max_fragment) {} - - Maximum_Fragment_Length(TLS_Data_Reader& reader, - u16bit extension_size); - - private: - size_t m_max_fragment; + std::vector<byte> m_reneg_data; }; /** * ALPN (RFC 7301) */ -class Application_Layer_Protocol_Notification : public Extension +class Application_Layer_Protocol_Notification final : public Extension { public: static Handshake_Extension_Type static_type() { return TLSEXT_ALPN; } @@ -196,13 +168,13 @@ class Application_Layer_Protocol_Notification : public Extension /** * Single protocol, used by server */ - Application_Layer_Protocol_Notification(const std::string& protocol) : + explicit Application_Layer_Protocol_Notification(const std::string& protocol) : m_protocols(1, protocol) {} /** * List of protocols, used by client */ - Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) : + explicit Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) : m_protocols(protocols) {} Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, @@ -218,7 +190,7 @@ class Application_Layer_Protocol_Notification : public Extension /** * Session Ticket Extension (RFC 5077) */ -class Session_Ticket : public Extension +class Session_Ticket final : public Extension { public: static Handshake_Extension_Type static_type() @@ -239,7 +211,7 @@ class Session_Ticket : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const std::vector<byte>& session_ticket) : + explicit Session_Ticket(const std::vector<byte>& session_ticket) : m_ticket(session_ticket) {} /** @@ -257,7 +229,7 @@ class Session_Ticket : public Extension /** * Supported Elliptic Curves Extension (RFC 4492) */ -class Supported_Elliptic_Curves : public Extension +class Supported_Elliptic_Curves final : public Extension { public: static Handshake_Extension_Type static_type() @@ -272,7 +244,7 @@ class Supported_Elliptic_Curves : public Extension std::vector<byte> serialize() const override; - Supported_Elliptic_Curves(const std::vector<std::string>& curves) : + explicit Supported_Elliptic_Curves(const std::vector<std::string>& curves) : m_curves(curves) {} Supported_Elliptic_Curves(TLS_Data_Reader& reader, @@ -286,7 +258,7 @@ class Supported_Elliptic_Curves : public Extension /** * Signature Algorithms Extension for TLS 1.2 (RFC 5246) */ -class Signature_Algorithms : public Extension +class Signature_Algorithms final : public Extension { public: static Handshake_Extension_Type static_type() @@ -313,7 +285,7 @@ class Signature_Algorithms : public Extension Signature_Algorithms(const std::vector<std::string>& hashes, const std::vector<std::string>& sig_algos); - Signature_Algorithms(const std::vector<std::pair<std::string, std::string> >& algos) : + explicit Signature_Algorithms(const std::vector<std::pair<std::string, std::string> >& algos) : m_supported_algos(algos) {} Signature_Algorithms(TLS_Data_Reader& reader, @@ -323,55 +295,49 @@ class Signature_Algorithms : public Extension }; /** -* Heartbeat Extension (RFC 6520) +* Used to indicate SRTP algorithms for DTLS (RFC 5764) */ -class Heartbeat_Support_Indicator : public Extension +class SRTP_Protection_Profiles final : public Extension { public: static Handshake_Extension_Type static_type() - { return TLSEXT_HEARTBEAT_SUPPORT; } + { return TLSEXT_USE_SRTP; } Handshake_Extension_Type type() const override { return static_type(); } - bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } + const std::vector<u16bit>& profiles() const { return m_pp; } std::vector<byte> serialize() const override; - bool empty() const override { return false; } + bool empty() const override { return m_pp.empty(); } - Heartbeat_Support_Indicator(bool peer_allowed_to_send) : - m_peer_allowed_to_send(peer_allowed_to_send) {} + explicit SRTP_Protection_Profiles(const std::vector<u16bit>& pp) : m_pp(pp) {} - Heartbeat_Support_Indicator(TLS_Data_Reader& reader, u16bit extension_size); + explicit SRTP_Protection_Profiles(u16bit pp) : m_pp(1, pp) {} + SRTP_Protection_Profiles(TLS_Data_Reader& reader, u16bit extension_size); private: - bool m_peer_allowed_to_send; + std::vector<u16bit> m_pp; }; /** -* Used to indicate SRTP algorithms for DTLS (RFC 5764) +* Extended Master Secret Extension (RFC 7627) */ -class SRTP_Protection_Profiles : public Extension +class Extended_Master_Secret final : public Extension { public: static Handshake_Extension_Type static_type() - { return TLSEXT_USE_SRTP; } + { return TLSEXT_EXTENDED_MASTER_SECRET; } Handshake_Extension_Type type() const override { return static_type(); } - const std::vector<u16bit>& profiles() const { return m_pp; } - std::vector<byte> serialize() const override; - bool empty() const override { return m_pp.empty(); } - - SRTP_Protection_Profiles(const std::vector<u16bit>& pp) : m_pp(pp) {} + bool empty() const override { return false; } - SRTP_Protection_Profiles(u16bit pp) : m_pp(1, pp) {} + Extended_Master_Secret() {} - SRTP_Protection_Profiles(TLS_Data_Reader& reader, u16bit extension_size); - private: - std::vector<u16bit> m_pp; + Extended_Master_Secret(TLS_Data_Reader& reader, u16bit extension_size); }; /** @@ -387,9 +353,9 @@ class Extensions { Handshake_Extension_Type type = T::static_type(); - auto i = extensions.find(type); + auto i = m_extensions.find(type); - if(i != extensions.end()) + if(i != m_extensions.end()) return dynamic_cast<T*>(i->second.get()); return nullptr; } @@ -402,7 +368,7 @@ class Extensions void add(Extension* extn) { - extensions[extn->type()].reset(extn); + m_extensions[extn->type()].reset(extn); } std::vector<byte> serialize() const; @@ -411,13 +377,13 @@ class Extensions Extensions() {} - Extensions(TLS_Data_Reader& reader) { deserialize(reader); } + explicit Extensions(TLS_Data_Reader& reader) { deserialize(reader); } private: Extensions(const Extensions&) {} Extensions& operator=(const Extensions&) { return (*this); } - std::map<Handshake_Extension_Type, std::unique_ptr<Extension>> extensions; + std::map<Handshake_Extension_Type, std::unique_ptr<Extension>> m_extensions; }; } diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index 615767cc2..00b8d744c 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -29,7 +29,7 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version, }; std::unique_ptr<HashFunction> hash(HashFunction::create(choose_hash())); - hash->update(data); + hash->update(m_data); return hash->final(); } diff --git a/src/lib/tls/tls_handshake_hash.h b/src/lib/tls/tls_handshake_hash.h index 050f3a454..d0f5c882f 100644 --- a/src/lib/tls/tls_handshake_hash.h +++ b/src/lib/tls/tls_handshake_hash.h @@ -23,19 +23,19 @@ class Handshake_Hash { public: void update(const byte in[], size_t length) - { data += std::make_pair(in, length); } + { m_data += std::make_pair(in, length); } void update(const std::vector<byte>& in) - { data += in; } + { m_data += in; } secure_vector<byte> final(Protocol_Version version, const std::string& mac_algo) const; - const std::vector<byte>& get_contents() const { return data; } + const std::vector<byte>& get_contents() const { return m_data; } - void reset() { data.clear(); } + void reset() { m_data.clear(); } private: - std::vector<byte> data; + std::vector<byte> m_data; }; } diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index a1c1c5ce3..601ac41d9 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -62,12 +62,12 @@ class Handshake_IO /** * Handshake IO for stream-based handshakes */ -class Stream_Handshake_IO : public Handshake_IO +class Stream_Handshake_IO final : public Handshake_IO { public: typedef std::function<void (byte, const std::vector<byte>&)> writer_fn; - Stream_Handshake_IO(writer_fn writer) : m_send_hs(writer) {} + explicit Stream_Handshake_IO(writer_fn writer) : m_send_hs(writer) {} Protocol_Version initial_record_version() const override; @@ -93,7 +93,7 @@ class Stream_Handshake_IO : public Handshake_IO /** * Handshake IO for datagram-based handshakes */ -class Datagram_Handshake_IO : public Handshake_IO +class Datagram_Handshake_IO final : public Handshake_IO { public: typedef std::function<void (u16bit, byte, const std::vector<byte>&)> writer_fn; diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index f885d3b08..67ba43265 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -1,6 +1,6 @@ /* * TLS Handshaking -* (C) 2004-2006,2011,2012,2015 Jack Lloyd +* (C) 2004-2006,2011,2012,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -325,12 +325,16 @@ Handshake_State::get_next_handshake_msg() std::string Handshake_State::srp_identifier() const { +#if defined(BOTAN_HAS_SRP6) + // Authenticated via the successful key exchange if(ciphersuite().valid() && ciphersuite().kex_algo() == "SRP_SHA") return client_hello()->srp_identifier(); +#endif return ""; } + std::vector<byte> Handshake_State::session_ticket() const { if(new_session_ticket() && !new_session_ticket()->ticket().empty()) @@ -445,58 +449,111 @@ Handshake_State::choose_sig_format(const Private_Key& key, throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures"); } +namespace { + +bool supported_algos_include( + const std::vector<std::pair<std::string, std::string>>& algos, + const std::string& key_type, + const std::string& hash_type) + { + for(auto&& algo : algos) + { + if(algo.first == hash_type && algo.second == key_type) + { + return true; + } + } + + return false; + } + +} + std::pair<std::string, Signature_Format> -Handshake_State::understand_sig_format(const Public_Key& key, - std::string hash_algo, - std::string sig_algo) const +Handshake_State::parse_sig_format(const Public_Key& key, + const std::string& input_hash_algo, + const std::string& input_sig_algo, + bool for_client_auth, + const Policy& policy) const { - const std::string algo_name = key.algo_name(); + const std::string key_type = key.algo_name(); - /* - FIXME: This should check what was sent against the client hello - preferences, or the certificate request, to ensure it was allowed - by those restrictions. + if(!policy.allowed_signature_method(key_type)) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Rejecting " + key_type + " signature"); + } - Or not? - */ + std::string hash_algo; if(this->version().supports_negotiable_signature_algorithms()) { - if(hash_algo == "") + if(input_sig_algo != key_type) + throw Decoding_Error("Counterparty sent inconsistent key and sig types"); + + if(input_hash_algo == "") throw Decoding_Error("Counterparty did not send hash/sig IDS"); - if(sig_algo != algo_name) - throw Decoding_Error("Counterparty sent inconsistent key and sig types"); + hash_algo = input_hash_algo; + + if(for_client_auth && !cert_req()) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "No certificate verify set"); + } + + /* + Confirm the signature type we just received against the + supported_algos list that we sent; it better be there. + */ + + const auto supported_algos = + for_client_auth ? cert_req()->supported_algos() : + client_hello()->supported_algos(); + + if(!supported_algos_include(supported_algos, key_type, hash_algo)) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "TLS signature extension did not allow for " + + key_type + "/" + hash_algo + " signature"); + } } else { - if(hash_algo != "" || sig_algo != "") + if(input_hash_algo != "" || input_sig_algo != "") throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); - } - if(algo_name == "RSA") - { - if(!this->version().supports_negotiable_signature_algorithms()) + if(key_type == "RSA") { hash_algo = "Parallel(MD5,SHA-160)"; } + else if(key_type == "DSA" || key_type == "ECDSA") + { + hash_algo = "SHA-1"; + } + else + { + throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); + } + + /* + There is no check on the acceptability of a v1.0/v1.1 hash type, + since it's implicit with use of the protocol + */ + } + if(key_type == "RSA") + { const std::string padding = "EMSA3(" + hash_algo + ")"; return std::make_pair(padding, IEEE_1363); } - else if(algo_name == "DSA" || algo_name == "ECDSA") + else if(key_type == "DSA" || key_type == "ECDSA") { - if(!this->version().supports_negotiable_signature_algorithms()) - { - hash_algo = "SHA-1"; - } - const std::string padding = "EMSA1(" + hash_algo + ")"; - return std::make_pair(padding, DER_SEQUENCE); } - throw Invalid_Argument(algo_name + " is invalid/unknown for TLS signatures"); + throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); } } diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 6260b090f..2943a8637 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -80,9 +80,11 @@ class Handshake_State std::vector<byte> session_ticket() const; std::pair<std::string, Signature_Format> - understand_sig_format(const Public_Key& key, - std::string hash_algo, - std::string sig_algo) const; + parse_sig_format(const Public_Key& key, + const std::string& hash_algo, + const std::string& sig_algo, + bool for_client_auth, + const Policy& policy) const; std::pair<std::string, Signature_Format> choose_sig_format(const Private_Key& key, diff --git a/src/lib/tls/tls_heartbeats.cpp b/src/lib/tls/tls_heartbeats.cpp deleted file mode 100644 index 14f7db51c..000000000 --- a/src/lib/tls/tls_heartbeats.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* -* TLS Heartbeats -* (C) 2012,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/tls_heartbeats.h> -#include <botan/internal/tls_extensions.h> -#include <botan/internal/tls_reader.h> -#include <botan/tls_exceptn.h> - -namespace Botan { - -namespace TLS { - -Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf) - { - TLS_Data_Reader reader("Heartbeat", buf); - - const byte type = reader.get_byte(); - - if(type != 1 && type != 2) - throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat message type"); - - m_type = static_cast<Type>(type); - - m_payload = reader.get_range<byte>(2, 0, 16*1024); - - m_padding = reader.get_remaining(); - - if(m_padding.size() < 16) - throw Decoding_Error("Invalid heartbeat padding"); - } - -Heartbeat_Message::Heartbeat_Message(Type type, - const byte payload[], - size_t payload_len, - const std::vector<byte>& padding) : - m_type(type), - m_payload(payload, payload + payload_len), - m_padding(padding) - { - if(payload_len >= 64*1024) - throw Exception("Heartbeat payload too long"); - if(m_padding.size() < 16) - throw Exception("Invalid heartbeat padding length"); - } - -std::vector<byte> Heartbeat_Message::contents() const - { - //std::vector<byte> send_buf(3 + m_payload.size() + 16); - std::vector<byte> send_buf; - send_buf.reserve(3 + m_payload.size() + m_padding.size()); - - send_buf.push_back(m_type); - send_buf.push_back(get_byte<u16bit>(0, m_payload.size())); - send_buf.push_back(get_byte<u16bit>(1, m_payload.size())); - send_buf += m_payload; - send_buf += m_padding; - - return send_buf; - } - -std::vector<byte> Heartbeat_Support_Indicator::serialize() const - { - std::vector<byte> heartbeat(1); - heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); - return heartbeat; - } - -Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader, - u16bit extension_size) - { - if(extension_size != 1) - throw Decoding_Error("Strange size for heartbeat extension"); - - const byte code = reader.get_byte(); - - if(code != 1 && code != 2) - throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat code " + std::to_string(code)); - - m_peer_allowed_to_send = (code == 1); - } - -} - -} diff --git a/src/lib/tls/tls_heartbeats.h b/src/lib/tls/tls_heartbeats.h deleted file mode 100644 index dcb63babe..000000000 --- a/src/lib/tls/tls_heartbeats.h +++ /dev/null @@ -1,44 +0,0 @@ -/* -* TLS Heartbeats -* (C) 2012,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_TLS_HEARTBEATS_H__ -#define BOTAN_TLS_HEARTBEATS_H__ - -#include <botan/secmem.h> - -namespace Botan { - -namespace TLS { - -/** -* TLS Heartbeat message -*/ -class Heartbeat_Message - { - public: - enum Type { REQUEST = 1, RESPONSE = 2 }; - - std::vector<byte> contents() const; - - const std::vector<byte>& payload() const { return m_payload; } - - bool is_request() const { return m_type == REQUEST; } - - Heartbeat_Message(const std::vector<byte>& buf); - - Heartbeat_Message(Type type, const byte payload[], size_t payload_len, - const std::vector<byte>& padding); - private: - Type m_type; - std::vector<byte> m_payload, m_padding; - }; - -} - -} - -#endif diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h index 6db908b08..798e428ff 100644 --- a/src/lib/tls/tls_magic.h +++ b/src/lib/tls/tls_magic.h @@ -31,7 +31,6 @@ enum Record_Type { ALERT = 21, HANDSHAKE = 22, APPLICATION_DATA = 23, - HEARTBEAT = 24, NO_RECORD = 256 }; diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 7a556a61c..3bee89e13 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -22,7 +22,10 @@ namespace Botan { class Credentials_Manager; + +#if defined(BOTAN_HAS_SRP6) class SRP6_Server_Session; +#endif namespace TLS { @@ -35,7 +38,7 @@ std::vector<byte> make_hello_random(RandomNumberGenerator& rng, /** * DTLS Hello Verify Request */ -class Hello_Verify_Request : public Handshake_Message +class Hello_Verify_Request final : public Handshake_Message { public: std::vector<byte> serialize() const override; @@ -43,7 +46,7 @@ class Hello_Verify_Request : public Handshake_Message std::vector<byte> cookie() const { return m_cookie; } - Hello_Verify_Request(const std::vector<byte>& buf); + explicit Hello_Verify_Request(const std::vector<byte>& buf); Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, @@ -55,7 +58,7 @@ class Hello_Verify_Request : public Handshake_Message /** * Client Hello Message */ -class Client_Hello : public Handshake_Message +class Client_Hello final : public Handshake_Message { public: Handshake_Type type() const override { return CLIENT_HELLO; } @@ -95,12 +98,14 @@ class Client_Hello : public Handshake_Message return ""; } +#if defined(BOTAN_HAS_SRP6) std::string srp_identifier() const { if(SRP_Identifier* srp = m_extensions.get<SRP_Identifier>()) return srp->identifier(); return ""; } +#endif bool secure_renegotiation() const { @@ -114,13 +119,6 @@ class Client_Hello : public Handshake_Message return std::vector<byte>(); } - size_t fragment_size() const - { - if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>()) - return frag->fragment_size(); - return 0; - } - bool supports_session_ticket() const { return m_extensions.has<Session_Ticket>(); @@ -138,6 +136,11 @@ class Client_Hello : public Handshake_Message return m_extensions.has<Application_Layer_Protocol_Notification>(); } + bool supports_extended_master_secret() const + { + return m_extensions.has<Extended_Master_Secret>(); + } + std::vector<std::string> next_protocols() const { if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>()) @@ -145,18 +148,6 @@ class Client_Hello : public Handshake_Message return std::vector<std::string>(); } - bool supports_heartbeats() const - { - return m_extensions.has<Heartbeat_Support_Indicator>(); - } - - bool peer_can_send_heartbeats() const - { - if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>()) - return hb->peer_allowed_to_send(); - return false; - } - std::vector<u16bit> srtp_profiles() const { if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>()) @@ -187,7 +178,7 @@ class Client_Hello : public Handshake_Message const Session& resumed_session, const std::vector<std::string>& next_protocols); - Client_Hello(const std::vector<byte>& buf); + explicit Client_Hello(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -205,7 +196,7 @@ class Client_Hello : public Handshake_Message /** * Server Hello Message */ -class Server_Hello : public Handshake_Message +class Server_Hello final : public Handshake_Message { public: Handshake_Type type() const override { return SERVER_HELLO; } @@ -232,11 +223,9 @@ class Server_Hello : public Handshake_Message return std::vector<byte>(); } - size_t fragment_size() const + bool supports_extended_master_secret() const { - if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>()) - return frag->fragment_size(); - return 0; + return m_extensions.has<Extended_Master_Secret>(); } bool supports_session_ticket() const @@ -244,18 +233,6 @@ class Server_Hello : public Handshake_Message return m_extensions.has<Session_Ticket>(); } - bool supports_heartbeats() const - { - return m_extensions.has<Heartbeat_Support_Indicator>(); - } - - bool peer_can_send_heartbeats() const - { - if(auto hb = m_extensions.get<Heartbeat_Support_Indicator>()) - return hb->peer_allowed_to_send(); - return false; - } - u16bit srtp_profile() const { if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>()) @@ -290,7 +267,7 @@ class Server_Hello : public Handshake_Message u16bit ciphersuite, byte compression, bool offer_session_ticket, - const std::string next_protocol); + const std::string& next_protocol); Server_Hello(Handshake_IO& io, Handshake_Hash& hash, @@ -302,7 +279,7 @@ class Server_Hello : public Handshake_Message bool offer_session_ticket, const std::string& next_protocol); - Server_Hello(const std::vector<byte>& buf); + explicit Server_Hello(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -317,7 +294,7 @@ class Server_Hello : public Handshake_Message /** * Client Key Exchange Message */ -class Client_Key_Exchange : public Handshake_Message +class Client_Key_Exchange final : public Handshake_Message { public: Handshake_Type type() const override { return CLIENT_KEX; } @@ -351,7 +328,7 @@ class Client_Key_Exchange : public Handshake_Message /** * Certificate Message */ -class Certificate : public Handshake_Message +class Certificate final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE; } @@ -364,7 +341,7 @@ class Certificate : public Handshake_Message Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); - Certificate(const std::vector<byte>& buf); + explicit Certificate(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -374,7 +351,7 @@ class Certificate : public Handshake_Message /** * Certificate Request Message */ -class Certificate_Req : public Handshake_Message +class Certificate_Req final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE_REQUEST; } @@ -407,7 +384,7 @@ class Certificate_Req : public Handshake_Message /** * Certificate Verify Message */ -class Certificate_Verify : public Handshake_Message +class Certificate_Verify final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE_VERIFY; } @@ -418,7 +395,8 @@ class Certificate_Verify : public Handshake_Message * @param state the handshake state */ bool verify(const X509_Certificate& cert, - const Handshake_State& state) const; + const Handshake_State& state, + const Policy& policy) const; Certificate_Verify(Handshake_IO& io, Handshake_State& state, @@ -439,7 +417,7 @@ class Certificate_Verify : public Handshake_Message /** * Finished Message */ -class Finished : public Handshake_Message +class Finished final : public Handshake_Message { public: Handshake_Type type() const override { return FINISHED; } @@ -454,7 +432,7 @@ class Finished : public Handshake_Message Handshake_State& state, Connection_Side side); - Finished(const std::vector<byte>& buf); + explicit Finished(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -464,13 +442,13 @@ class Finished : public Handshake_Message /** * Hello Request Message */ -class Hello_Request : public Handshake_Message +class Hello_Request final : public Handshake_Message { public: Handshake_Type type() const override { return HELLO_REQUEST; } - Hello_Request(Handshake_IO& io); - Hello_Request(const std::vector<byte>& buf); + explicit Hello_Request(Handshake_IO& io); + explicit Hello_Request(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; }; @@ -478,7 +456,7 @@ class Hello_Request : public Handshake_Message /** * Server Key Exchange Message */ -class Server_Key_Exchange : public Handshake_Message +class Server_Key_Exchange final : public Handshake_Message { public: Handshake_Type type() const override { return SERVER_KEX; } @@ -486,13 +464,20 @@ class Server_Key_Exchange : public Handshake_Message const std::vector<byte>& params() const { return m_params; } bool verify(const Public_Key& server_key, - const Handshake_State& state) const; + const Handshake_State& state, + const Policy& policy) const; // Only valid for certain kex types const Private_Key& server_kex_key() const; +#if defined(BOTAN_HAS_SRP6) // Only valid for SRP negotiation - SRP6_Server_Session& server_srp_params() const; + SRP6_Server_Session& server_srp_params() const + { + BOTAN_ASSERT_NONNULL(m_srp_params); + return *m_srp_params; + } +#endif Server_Key_Exchange(Handshake_IO& io, Handshake_State& state, @@ -510,8 +495,10 @@ class Server_Key_Exchange : public Handshake_Message private: std::vector<byte> serialize() const override; - std::unique_ptr<Private_Key> m_kex_key; +#if defined(BOTAN_HAS_SRP6) std::unique_ptr<SRP6_Server_Session> m_srp_params; +#endif + std::unique_ptr<Private_Key> m_kex_key; std::vector<byte> m_params; @@ -523,13 +510,13 @@ class Server_Key_Exchange : public Handshake_Message /** * Server Hello Done Message */ -class Server_Hello_Done : public Handshake_Message +class Server_Hello_Done final : public Handshake_Message { public: Handshake_Type type() const override { return SERVER_HELLO_DONE; } Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash); - Server_Hello_Done(const std::vector<byte>& buf); + explicit Server_Hello_Done(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; }; @@ -537,7 +524,7 @@ class Server_Hello_Done : public Handshake_Message /** * New Session Ticket Message */ -class New_Session_Ticket : public Handshake_Message +class New_Session_Ticket final : public Handshake_Message { public: Handshake_Type type() const override { return NEW_SESSION_TICKET; } @@ -553,7 +540,7 @@ class New_Session_Ticket : public Handshake_Message New_Session_Ticket(Handshake_IO& io, Handshake_Hash& hash); - New_Session_Ticket(const std::vector<byte>& buf); + explicit New_Session_Ticket(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -564,7 +551,7 @@ class New_Session_Ticket : public Handshake_Message /** * Change Cipher Spec */ -class Change_Cipher_Spec : public Handshake_Message +class Change_Cipher_Spec final : public Handshake_Message { public: Handshake_Type type() const override { return HANDSHAKE_CCS; } diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 374c5f12b..be4c61b16 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -1,6 +1,6 @@ /* * Policies for TLS -* (C) 2004-2010,2012,2015 Jack Lloyd +* (C) 2004-2010,2012,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -64,7 +64,7 @@ std::vector<std::string> Policy::allowed_macs() const std::vector<std::string> Policy::allowed_key_exchange_methods() const { return { - "SRP_SHA", + //"SRP_SHA", //"ECDHE_PSK", //"DHE_PSK", //"PSK", @@ -80,10 +80,15 @@ std::vector<std::string> Policy::allowed_signature_methods() const "ECDSA", "RSA", "DSA", - //"" + //"" (anon) }; } +bool Policy::allowed_signature_method(const std::string& sig_method) const + { + return value_exists(allowed_signature_methods(), sig_method); + } + std::vector<std::string> Policy::allowed_ecc_curves() const { return { @@ -167,7 +172,6 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const return true; } -bool Policy::negotiate_heartbeat_support() const { return false; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } bool Policy::include_time_in_hello_random() const { return true; } @@ -270,9 +274,7 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, const std::vector<std::string> kex = allowed_key_exchange_methods(); const std::vector<std::string> sigs = allowed_signature_methods(); - Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs); - - std::set<Ciphersuite, Ciphersuite_Preference_Ordering> ciphersuites(order); + std::vector<Ciphersuite> ciphersuites; for(auto&& suite : Ciphersuite::all_known_ciphersuites()) { @@ -301,13 +303,16 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, continue; } - // OK, allow it: - ciphersuites.insert(suite); + // OK, consider it + ciphersuites.push_back(suite); } if(ciphersuites.empty()) throw Exception("Policy does not allow any available cipher suite"); + Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs); + std::sort(ciphersuites.begin(), ciphersuites.end(), order); + std::vector<u16bit> ciphersuite_codes; for(auto i : ciphersuites) ciphersuite_codes.push_back(i.ciphersuite_code()); @@ -347,7 +352,6 @@ void Policy::print(std::ostream& o) const print_vec(o, "key_exchange_methods", allowed_key_exchange_methods()); print_vec(o, "ecc_curves", allowed_ecc_curves()); - print_bool(o, "negotiate_heartbeat_support", negotiate_heartbeat_support()); print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation()); print_bool(o, "include_time_in_hello_random", include_time_in_hello_random()); print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation()); diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 4d496cc7d..67388b115 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -57,6 +57,8 @@ class BOTAN_DLL Policy */ virtual std::vector<std::string> allowed_signature_methods() const; + bool allowed_signature_method(const std::string& sig_method) const; + /** * Return list of ECC curves we are willing to use in order of preference */ @@ -77,11 +79,6 @@ class BOTAN_DLL Policy virtual std::string choose_curve(const std::vector<std::string>& curve_names) const; /** - * Attempt to negotiate the use of the heartbeat extension - */ - virtual bool negotiate_heartbeat_support() const; - - /** * Allow renegotiation even if the counterparty doesn't * support the secure renegotiation extension. * @@ -269,9 +266,6 @@ class BOTAN_DLL Text_Policy : public Policy std::vector<std::string> allowed_ecc_curves() const override { return get_list("ecc_curves", Policy::allowed_ecc_curves()); } - bool negotiate_heartbeat_support() const override - { return get_bool("negotiate_heartbeat_support", Policy::negotiate_heartbeat_support()); } - bool allow_insecure_renegotiation() const override { return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); } @@ -308,16 +302,14 @@ class BOTAN_DLL Text_Policy : public Policy void set(const std::string& k, const std::string& v) { m_kv[k] = v; } - Text_Policy(const std::string& s) + explicit Text_Policy(const std::string& s) { std::istringstream iss(s); m_kv = read_cfg(iss); } - Text_Policy(std::istream& in) - { - m_kv = read_cfg(in); - } + explicit Text_Policy(std::istream& in) : m_kv(read_cfg(in)) + {} private: @@ -326,7 +318,7 @@ class BOTAN_DLL Text_Policy : public Policy { const std::string v = get_str(key); - if(v == "") + if(v.empty()) return def; return split_on(v, ' '); @@ -336,7 +328,7 @@ class BOTAN_DLL Text_Policy : public Policy { const std::string v = get_str(key); - if(v == "") + if(v.empty()) return def; return to_u32bit(v); @@ -346,7 +338,7 @@ class BOTAN_DLL Text_Policy : public Policy { const std::string v = get_str(key); - if(v == "") + if(v.empty()) return def; if(v == "true" || v == "True") diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index e38b26547..bdb37baad 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -456,7 +456,11 @@ size_t read_tls_record(secure_vector<byte>& readbuf, if(record_len > MAX_CIPHERTEXT_SIZE) throw TLS_Exception(Alert::RECORD_OVERFLOW, - "Got message that exceeds maximum size"); + "Received a record that exceeds maximum size"); + + if(record_len == 0) + throw TLS_Exception(Alert::DECODE_ERROR, + "Received a completely empty record"); if(size_t needed = fill_buffer_to(readbuf, input, input_sz, consumed, @@ -543,9 +547,12 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, const size_t record_len = make_u16bit(readbuf[DTLS_HEADER_SIZE-2], readbuf[DTLS_HEADER_SIZE-1]); - if(record_len > MAX_CIPHERTEXT_SIZE) - throw TLS_Exception(Alert::RECORD_OVERFLOW, - "Got message that exceeds maximum size"); + // Invalid packet: + if(record_len == 0 || record_len > MAX_CIPHERTEXT_SIZE) + { + readbuf.clear(); + return 0; + } if(fill_buffer_to(readbuf, input, input_sz, consumed, DTLS_HEADER_SIZE + record_len)) { diff --git a/src/lib/tls/tls_seq_numbers.h b/src/lib/tls/tls_seq_numbers.h index 09962075e..aa0cfe1f4 100644 --- a/src/lib/tls/tls_seq_numbers.h +++ b/src/lib/tls/tls_seq_numbers.h @@ -32,7 +32,7 @@ class Connection_Sequence_Numbers virtual void read_accept(u64bit seq) = 0; }; -class Stream_Sequence_Numbers : public Connection_Sequence_Numbers +class Stream_Sequence_Numbers final : public Connection_Sequence_Numbers { public: void new_read_cipher_state() override { m_read_seq_no = 0; m_read_epoch += 1; } @@ -53,7 +53,7 @@ class Stream_Sequence_Numbers : public Connection_Sequence_Numbers u16bit m_write_epoch = 0; }; -class Datagram_Sequence_Numbers : public Connection_Sequence_Numbers +class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers { public: Datagram_Sequence_Numbers() { m_write_seqs[0] = 0; } diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 774827346..41b14ae08 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -1,6 +1,6 @@ /* * TLS Server -* (C) 2004-2011,2012 Jack Lloyd +* (C) 2004-2011,2012,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -84,12 +84,14 @@ bool check_for_resume(Session& session_info, session_info.compression_method())) return false; +#if defined(BOTAN_HAS_SRP6) // client sent a different SRP identity if(client_hello->srp_identifier() != "") { if(client_hello->srp_identifier() != session_info.srp_identifier()) return false; } +#endif // client sent a different SNI hostname if(client_hello->sni_hostname() != "") @@ -98,6 +100,24 @@ bool check_for_resume(Session& session_info, return false; } + // Checking extended_master_secret on resume (RFC 7627 section 5.3) + if(client_hello->supports_extended_master_secret() != session_info.supports_extended_master_secret()) + { + if(!session_info.supports_extended_master_secret()) + { + return false; // force new handshake with extended master secret + } + else + { + /* + Client previously negotiated session with extended master secret, + but has now attempted to resume without the extension: abort + */ + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Client resumed extended ms session without sending extension"); + } + } + return true; } @@ -142,6 +162,7 @@ u16bit choose_ciphersuite( if(suite.sig_algo() != "" && cert_chains.count(suite.sig_algo()) == 0) continue; +#if defined(BOTAN_HAS_SRP6) /* The client may offer SRP cipher suites in the hello message but omit the SRP extension. If the server would like to select an @@ -153,6 +174,7 @@ u16bit choose_ciphersuite( if(suite.kex_algo() == "SRP_SHA" && client_hello->srp_identifier() == "") throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY, "Client wanted SRP but did not send username"); +#endif return suite_id; } @@ -596,7 +618,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.client_certs()->cert_chain(); const bool sig_valid = - state.client_verify()->verify(client_certs[0], state); + state.client_verify()->verify(client_certs[0], state, policy()); state.hash().update(state.handshake_io().format(contents, type)); @@ -647,7 +669,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.server_hello()->ciphersuite(), state.server_hello()->compression_method(), SERVER, - state.server_hello()->fragment_size(), + state.server_hello()->supports_extended_master_secret(), get_peer_cert_chain(state), std::vector<byte>(), Server_Information(state.client_hello()->sni_hostname()), diff --git a/src/lib/tls/tls_server.h b/src/lib/tls/tls_server.h index ffe1111bc..5ea2a1318 100644 --- a/src/lib/tls/tls_server.h +++ b/src/lib/tls/tls_server.h @@ -19,7 +19,7 @@ namespace TLS { /** * TLS Server */ -class BOTAN_DLL Server : public Channel +class BOTAN_DLL Server final : public Channel { public: typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index 7089a70f0..6d5fc1a7b 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -23,7 +23,7 @@ Session::Session(const std::vector<byte>& session_identifier, u16bit ciphersuite, byte compression_method, Connection_Side side, - size_t fragment_size, + bool extended_master_secret, const std::vector<X509_Certificate>& certs, const std::vector<byte>& ticket, const Server_Information& server_info, @@ -38,7 +38,7 @@ Session::Session(const std::vector<byte>& session_identifier, m_compression_method(compression_method), m_connection_side(side), m_srtp_profile(srtp_profile), - m_fragment_size(fragment_size), + m_extended_master_secret(extended_master_secret), m_peer_certs(certs), m_server_info(server_info), m_srp_identifier(srp_identifier) @@ -67,6 +67,7 @@ Session::Session(const byte ber[], size_t ber_len) size_t start_time = 0; size_t srtp_profile = 0; + size_t fragment_size = 0; BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) @@ -80,7 +81,8 @@ Session::Session(const byte ber[], size_t ber_len) .decode_integer_type(m_ciphersuite) .decode_integer_type(m_compression_method) .decode_integer_type(side_code) - .decode_integer_type(m_fragment_size) + .decode_integer_type(fragment_size) + .decode(m_extended_master_secret) .decode(m_master_secret, OCTET_STRING) .decode(peer_cert_bits, OCTET_STRING) .decode(server_hostname) @@ -91,6 +93,16 @@ Session::Session(const byte ber[], size_t ber_len) .end_cons() .verify_end(); + /* + Fragment size is not supported anymore, but the field is still + set in the session object. + */ + if(fragment_size != 0) + { + throw Decoding_Error("Serialized TLS session used maximum fragment length which is " + " no longer supported"); + } + m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast<Connection_Side>(side_code); @@ -128,7 +140,8 @@ secure_vector<byte> Session::DER_encode() const .encode(static_cast<size_t>(m_ciphersuite)) .encode(static_cast<size_t>(m_compression_method)) .encode(static_cast<size_t>(m_connection_side)) - .encode(static_cast<size_t>(m_fragment_size)) + .encode(static_cast<size_t>(/*old fragment size*/0)) + .encode(m_extended_master_secret) .encode(m_master_secret, OCTET_STRING) .encode(peer_cert_bits, OCTET_STRING) .encode(ASN1_String(m_server_info.hostname(), UTF8_STRING)) diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 81c662507..8ca646cf2 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -38,7 +38,7 @@ class BOTAN_DLL Session m_compression_method(0), m_connection_side(static_cast<Connection_Side>(0)), m_srtp_profile(0), - m_fragment_size(0) + m_extended_master_secret(false) {} /** @@ -50,7 +50,7 @@ class BOTAN_DLL Session u16bit ciphersuite, byte compression_method, Connection_Side side, - size_t fragment_size, + bool supports_extended_master_secret, const std::vector<X509_Certificate>& peer_certs, const std::vector<byte>& session_ticket, const Server_Information& server_info, @@ -65,7 +65,7 @@ class BOTAN_DLL Session /** * Load a session from PEM representation (created by PEM_encode) */ - Session(const std::string& pem); + explicit Session(const std::string& pem); /** * Encode this session data for storage @@ -151,15 +151,12 @@ class BOTAN_DLL Session const std::vector<byte>& session_id() const { return m_identifier; } /** - * Get the negotiated maximum fragment size (or 0 if default) - */ - size_t fragment_size() const { return m_fragment_size; } - - /** * Get the negotiated DTLS-SRTP algorithm (RFC 5764) */ u16bit dtls_srtp_profile() const { return m_srtp_profile; } + bool supports_extended_master_secret() const { return m_extended_master_secret; } + /** * Return the certificate chain of the peer (possibly empty) */ @@ -183,7 +180,7 @@ class BOTAN_DLL Session const Server_Information& server_info() const { return m_server_info; } private: - enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20150104 }; + enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160103 }; std::chrono::system_clock::time_point m_start_time; @@ -196,8 +193,7 @@ class BOTAN_DLL Session byte m_compression_method; Connection_Side m_connection_side; u16bit m_srtp_profile; - - size_t m_fragment_size; + bool m_extended_master_secret; std::vector<X509_Certificate> m_peer_certs; Server_Information m_server_info; // optional diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp index 574b6940b..0e796aa23 100644 --- a/src/lib/tls/tls_session_key.cpp +++ b/src/lib/tls/tls_session_key.cpp @@ -1,6 +1,6 @@ /* * TLS Session Key -* (C) 2004-2006,2011 Jack Lloyd +* (C) 2004-2006,2011,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -24,11 +24,17 @@ Session_Keys::Session_Keys(const Handshake_State* state, const size_t mac_keylen = state->ciphersuite().mac_keylen(); const size_t cipher_nonce_bytes = state->ciphersuite().nonce_bytes_from_handshake(); + const bool extended_master_secret = state->server_hello()->supports_extended_master_secret(); + const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); const byte MASTER_SECRET_MAGIC[] = { 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; + const byte EXT_MASTER_SECRET_MAGIC[] = { + 0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20, + 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; + const byte KEY_GEN_MAGIC[] = { 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; @@ -36,16 +42,26 @@ Session_Keys::Session_Keys(const Handshake_State* state, if(resuming) { - master_sec = pre_master_secret; + // This is actually the master secret saved as part of the session + m_master_sec = pre_master_secret; } else { secure_vector<byte> salt; - salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); - salt += state->client_hello()->random(); - salt += state->server_hello()->random(); - - master_sec = prf->derive_key(48, pre_master_secret, salt); + if(extended_master_secret) + { + salt += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC)); + salt += state->hash().final(state->version(), + state->ciphersuite().prf_algo()); + } + else + { + salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); + salt += state->client_hello()->random(); + salt += state->server_hello()->random(); + } + + m_master_sec = prf->derive_key(48, pre_master_secret, salt); } secure_vector<byte> salt; @@ -53,26 +69,26 @@ Session_Keys::Session_Keys(const Handshake_State* state, salt += state->server_hello()->random(); salt += state->client_hello()->random(); - SymmetricKey keyblock = prf->derive_key(prf_gen, master_sec, salt); + SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt); const byte* key_data = keyblock.begin(); - c_mac = SymmetricKey(key_data, mac_keylen); + m_c_mac = SymmetricKey(key_data, mac_keylen); key_data += mac_keylen; - s_mac = SymmetricKey(key_data, mac_keylen); + m_s_mac = SymmetricKey(key_data, mac_keylen); key_data += mac_keylen; - c_cipher = SymmetricKey(key_data, cipher_keylen); + m_c_cipher = SymmetricKey(key_data, cipher_keylen); key_data += cipher_keylen; - s_cipher = SymmetricKey(key_data, cipher_keylen); + m_s_cipher = SymmetricKey(key_data, cipher_keylen); key_data += cipher_keylen; - c_iv = InitializationVector(key_data, cipher_nonce_bytes); + m_c_iv = InitializationVector(key_data, cipher_nonce_bytes); key_data += cipher_nonce_bytes; - s_iv = InitializationVector(key_data, cipher_nonce_bytes); + m_s_iv = InitializationVector(key_data, cipher_nonce_bytes); } } diff --git a/src/lib/tls/tls_session_key.h b/src/lib/tls/tls_session_key.h index 6b74f907d..23c4a78fb 100644 --- a/src/lib/tls/tls_session_key.h +++ b/src/lib/tls/tls_session_key.h @@ -20,16 +20,16 @@ namespace TLS { class Session_Keys { public: - SymmetricKey client_cipher_key() const { return c_cipher; } - SymmetricKey server_cipher_key() const { return s_cipher; } + SymmetricKey client_cipher_key() const { return m_c_cipher; } + SymmetricKey server_cipher_key() const { return m_s_cipher; } - SymmetricKey client_mac_key() const { return c_mac; } - SymmetricKey server_mac_key() const { return s_mac; } + SymmetricKey client_mac_key() const { return m_c_mac; } + SymmetricKey server_mac_key() const { return m_s_mac; } - InitializationVector client_iv() const { return c_iv; } - InitializationVector server_iv() const { return s_iv; } + InitializationVector client_iv() const { return m_c_iv; } + InitializationVector server_iv() const { return m_s_iv; } - const secure_vector<byte>& master_secret() const { return master_sec; } + const secure_vector<byte>& master_secret() const { return m_master_sec; } Session_Keys() {} @@ -38,9 +38,9 @@ class Session_Keys bool resuming); private: - secure_vector<byte> master_sec; - SymmetricKey c_cipher, s_cipher, c_mac, s_mac; - InitializationVector c_iv, s_iv; + secure_vector<byte> m_master_sec; + SymmetricKey m_c_cipher, m_s_cipher, m_c_mac, m_s_mac; + InitializationVector m_c_iv, m_s_iv; }; } diff --git a/src/lib/tls/tls_session_manager.h b/src/lib/tls/tls_session_manager.h index 5ab151c26..e01462f66 100644 --- a/src/lib/tls/tls_session_manager.h +++ b/src/lib/tls/tls_session_manager.h @@ -127,7 +127,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager void remove_entry(const std::vector<byte>& session_id) override; - size_t remove_all(); + size_t remove_all() override; void save(const Session& session_data) override; diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 5aff035b9..0bebecb82 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash 6a934405ed41aa4d6113dad17f815867741430ac) -* by ./src/scripts/tls_suite_info.py on 2015-11-13 +* by ./src/scripts/tls_suite_info.py on 2016-01-06 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -14,51 +14,262 @@ namespace Botan { namespace TLS { +std::vector<u16bit> Ciphersuite::all_known_ciphersuite_ids() + { + return std::vector<u16bit>{ + 0x000A, + 0x0013, + 0x0016, + 0x001B, + 0x002F, + 0x0032, + 0x0033, + 0x0034, + 0x0035, + 0x0038, + 0x0039, + 0x003A, + 0x003C, + 0x003D, + 0x0040, + 0x0041, + 0x0044, + 0x0045, + 0x0046, + 0x0067, + 0x006A, + 0x006B, + 0x006C, + 0x006D, + 0x0084, + 0x0087, + 0x0088, + 0x0089, + 0x008B, + 0x008C, + 0x008D, + 0x008F, + 0x0090, + 0x0091, + 0x0096, + 0x0099, + 0x009A, + 0x009B, + 0x009C, + 0x009D, + 0x009E, + 0x009F, + 0x00A2, + 0x00A3, + 0x00A6, + 0x00A7, + 0x00A8, + 0x00A9, + 0x00AA, + 0x00AB, + 0x00AE, + 0x00AF, + 0x00B2, + 0x00B3, + 0x00BA, + 0x00BD, + 0x00BE, + 0x00BF, + 0x00C0, + 0x00C3, + 0x00C4, + 0x00C5, + 0xC008, + 0xC009, + 0xC00A, + 0xC012, + 0xC013, + 0xC014, + 0xC017, + 0xC018, + 0xC019, + 0xC01A, + 0xC01B, + 0xC01C, + 0xC01D, + 0xC01E, + 0xC01F, + 0xC020, + 0xC021, + 0xC022, + 0xC023, + 0xC024, + 0xC027, + 0xC028, + 0xC02B, + 0xC02C, + 0xC02F, + 0xC030, + 0xC034, + 0xC035, + 0xC036, + 0xC037, + 0xC038, + 0xC072, + 0xC073, + 0xC076, + 0xC077, + 0xC07A, + 0xC07B, + 0xC07C, + 0xC07D, + 0xC080, + 0xC081, + 0xC084, + 0xC085, + 0xC086, + 0xC087, + 0xC08A, + 0xC08B, + 0xC08E, + 0xC08F, + 0xC090, + 0xC091, + 0xC094, + 0xC095, + 0xC096, + 0xC097, + 0xC09A, + 0xC09B, + 0xC09C, + 0xC09D, + 0xC09E, + 0xC09F, + 0xC0A0, + 0xC0A1, + 0xC0A2, + 0xC0A3, + 0xC0A4, + 0xC0A5, + 0xC0A6, + 0xC0A7, + 0xC0A8, + 0xC0A9, + 0xC0AA, + 0xC0AB, + 0xC0AC, + 0xC0AD, + 0xC0AE, + 0xC0AF, + 0xCC13, + 0xCC14, + 0xCC15, + 0xFFF0, + 0xFFF1, + 0xFFF2, + 0xFFF3, + 0xFFF4, + 0xFFF5, + 0xFFF6, + 0xFFF7, + 0xFFF8, + 0xFFF9, + 0xFFFA, + 0xFFFB, + }; +} + Ciphersuite Ciphersuite::by_id(u16bit suite) { switch(suite) { + case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20); + case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); + case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); + + case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, 0, "SHA-1", 20); + + case 0x002F: // RSA_WITH_AES_128_CBC_SHA + return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x00A2: // DHE_DSS_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA + return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); + + case 0x0035: // RSA_WITH_AES_256_CBC_SHA + return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x00A3: // DHE_DSS_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA + return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); + + case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32); + + case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 + return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32); + + case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + + case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); - case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); - case 0xC080: // DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); + + case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + + case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 + return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + + case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 + return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + + case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + + case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256 + return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + + case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); - case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); + case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); - case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); - case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA - return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); + case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20); + + case 0x008C: // PSK_WITH_AES_128_CBC_SHA + return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20); + + case 0x008D: // PSK_WITH_AES_256_CBC_SHA + return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); @@ -66,203 +277,170 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); - - case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xFFFA: // DHE_PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFFA, "", "DHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); + case 0x0096: // RSA_WITH_SEED_CBC_SHA + return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20); - case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA + return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); - case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA + return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); - case 0xFFFB: // DHE_PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFFB, "", "DHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0x009B: // DH_anon_WITH_SEED_CBC_SHA + return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20); - case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0x009C: // RSA_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC090: // DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x009D: // RSA_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); + case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); + case 0x00A2: // DHE_DSS_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0x00A3: // DHE_DSS_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0x00A6: // DH_anon_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC09E: // DHE_RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00A7: // DH_anon_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xFFF4: // DHE_RSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF4, "RSA", "DH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32); - case 0xC09F: // DHE_RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 + return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48); - case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); - case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 + return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); - case 0xFFF5: // DHE_RSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF5, "RSA", "DH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); + case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0xC07C: // DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); + case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32); + + case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); - case 0xC07D: // DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); - case 0xCC15: // DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - return Ciphersuite(0xCC15, "RSA", "DH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); + case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); - case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); + case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); - case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x00A6: // DH_anon_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); - case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); + case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x00A7: // DH_anon_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); + case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); - case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); - case 0xC084: // DH_anon_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA + return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); - case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); + case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); + case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA + return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0x009B: // DH_anon_WITH_SEED_CBC_SHA - return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20); + case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA + return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); - case 0xC0AC: // ECDHE_ECDSA_WITH_AES_128_CCM - return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xFFF2: // ECDHE_ECDSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF2, "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - - case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); - case 0xC0AD: // ECDHE_ECDSA_WITH_AES_256_CCM - return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); - case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 + return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); + + case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xFFF3: // ECDHE_ECDSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF3, "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - - case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); - - case 0xC086: // ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); - - case 0xC087: // ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC02F: // ECDHE_RSA_WITH_AES_128_GCM_SHA256 + return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xCC14: // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - return Ciphersuite(0xCC14, "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); + case 0xC030: // ECDHE_RSA_WITH_AES_256_GCM_SHA384 + return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); @@ -270,215 +448,197 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); - case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); - - case 0xFFF8: // ECDHE_PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF8, "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384 return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); - case 0xFFF9: // ECDHE_PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF9, "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); + case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xC07A: // RSA_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC02F: // ECDHE_RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC07C: // DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xFFF0: // ECDHE_RSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF0, "RSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xC07D: // DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xC080: // DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); + case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC030: // ECDHE_RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC084: // DH_anon_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xFFF1: // ECDHE_RSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF1, "RSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0xC086: // ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + + case 0xC087: // ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC08A: // ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0xC08B: // ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xCC13: // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - return Ciphersuite(0xCC13, "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - - case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); - - case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); - - case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - - case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - - case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC08E: // PSK_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x008C: // PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xC090: // DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0xC0A4: // PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0xC0A8: // PSK_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0xFFF6: // PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF6, "", "PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0x008D: // PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); - case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48); + case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0xC0A5: // PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC09C: // RSA_WITH_AES_128_CCM + return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC0A9: // PSK_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC09D: // RSA_WITH_AES_256_CCM + return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC09E: // DHE_RSA_WITH_AES_128_CCM + return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xFFF7: // PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF7, "", "PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xC09F: // DHE_RSA_WITH_AES_256_CCM + return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0xC0A0: // RSA_WITH_AES_128_CCM_8 + return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC08E: // PSK_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0A1: // RSA_WITH_AES_256_CCM_8 + return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); + case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8 + return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8 + return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xC0A4: // PSK_WITH_AES_128_CCM + return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x002F: // RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xC0A5: // PSK_WITH_AES_256_CCM + return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32); + case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM + return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC09C: // RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM + return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC0A0: // RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0A8: // PSK_WITH_AES_128_CCM_8 + return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x009C: // RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0A9: // PSK_WITH_AES_256_CCM_8 + return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x0035: // RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 + return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32); + case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8 + return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC09D: // RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0AC: // ECDHE_ECDSA_WITH_AES_128_CCM + return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0xC0A1: // RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); + case 0xC0AD: // ECDHE_ECDSA_WITH_AES_256_CCM + return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x009D: // RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8 + return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); - case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20); + case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8 + return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); - case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32); + case 0xCC13: // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + return Ciphersuite(0xCC13, "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - case 0xC07A: // RSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); + case 0xCC14: // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + return Ciphersuite(0xCC14, "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20); + case 0xCC15: // DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + return Ciphersuite(0xCC15, "RSA", "DH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32); + case 0xFFF0: // ECDHE_RSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFF0, "RSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); + case 0xFFF1: // ECDHE_RSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFF1, "RSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - case 0x0096: // RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20); + case 0xFFF2: // ECDHE_ECDSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFF2, "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xFFF3: // ECDHE_ECDSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFF3, "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xFFF4: // DHE_RSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFF4, "RSA", "DH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xFFF5: // DHE_RSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFF5, "RSA", "DH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xFFF6: // PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFF6, "", "PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xFFF7: // PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFF7, "", "PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xFFF8: // ECDHE_PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFF8, "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); + case 0xFFF9: // ECDHE_PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFF9, "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); + case 0xFFFA: // DHE_PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFFA, "", "DHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); - case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); + case 0xFFFB: // DHE_PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFFB, "", "DHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); } diff --git a/src/lib/utils/assert.h b/src/lib/utils/assert.h index 97924174e..f80f9b170 100644 --- a/src/lib/utils/assert.h +++ b/src/lib/utils/assert.h @@ -15,7 +15,7 @@ namespace Botan { /** * Called when an assertion fails */ -void BOTAN_DLL assertion_failure(const char* expr_str, +BOTAN_NORETURN void BOTAN_DLL assertion_failure(const char* expr_str, const char* assertion_made, const char* func, const char* file, diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h index 2307dd587..401a53e86 100644 --- a/src/lib/utils/ct_utils.h +++ b/src/lib/utils/ct_utils.h @@ -1,12 +1,12 @@ /* * Functions for constant time operations on data and testing of -* constant time annotations using ctgrind. +* constant time annotations using valgrind. * * For more information about constant time programming see * Wagner, Molnar, et al "The Program Counter Security Model" * * (C) 2010 Falko Strenzke -* (C) 2015 Jack Lloyd +* (C) 2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -17,23 +17,36 @@ #include <botan/secmem.h> #include <vector> -#if defined(BOTAN_USE_CTGRIND) - -// These are external symbols from libctgrind.so -extern "C" void ct_poison(const void* address, size_t length); -extern "C" void ct_unpoison(const void* address, size_t length); - +#if defined(BOTAN_HAS_VALGRIND) + #include <valgrind/memcheck.h> #endif namespace Botan { namespace CT { +/** +* Use valgrind to mark the contents of memory as being undefined. +* Valgrind will accept operations which manipulate undefined values, +* but will warn if an undefined value is used to decided a conditional +* jump or a load/store address. So if we poison all of our inputs we +* can confirm that the operations in question are truly const time +* when compiled by whatever compiler is in use. +* +* Even better, the VALGRIND_MAKE_MEM_* macros work even when the +* program is not run under valgrind (though with a few cycles of +* overhead, which is unfortunate in final binaries as these +* annotations tend to be used in fairly important loops). +* +* This approach was first used in ctgrind (https://github.com/agl/ctgrind) +* but calling the valgrind mecheck API directly works just as well and +* doesn't require a custom patched valgrind. +*/ template<typename T> -inline void poison(T* p, size_t n) +inline void poison(const T* p, size_t n) { -#if defined(BOTAN_USE_CTGRIND) - ct_poison(p, sizeof(T)*n); +#if defined(BOTAN_HAS_VALGRIND) + VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); #else BOTAN_UNUSED(p); BOTAN_UNUSED(n); @@ -41,10 +54,10 @@ inline void poison(T* p, size_t n) } template<typename T> -inline void unpoison(T* p, size_t n) +inline void unpoison(const T* p, size_t n) { -#if defined(BOTAN_USE_CTGRIND) - ct_unpoison(p, sizeof(T)*n); +#if defined(BOTAN_HAS_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); #else BOTAN_UNUSED(p); BOTAN_UNUSED(n); @@ -54,7 +67,11 @@ inline void unpoison(T* p, size_t n) template<typename T> inline void unpoison(T& p) { - unpoison(&p, 1); +#if defined(BOTAN_HAS_VALGRIND) + VALGRIND_MAKE_MEM_DEFINED(&p, sizeof(T)); +#else + BOTAN_UNUSED(p); +#endif } /* diff --git a/src/lib/utils/data_src.cpp b/src/lib/utils/data_src.cpp index 4e0725943..0c06f2fe4 100644 --- a/src/lib/utils/data_src.cpp +++ b/src/lib/utils/data_src.cpp @@ -41,6 +41,7 @@ size_t DataSource::discard_next(size_t n) { const size_t got = this->read(buf, std::min(n, sizeof(buf))); discarded += got; + n -= got; if(got == 0) break; @@ -54,15 +55,15 @@ size_t DataSource::discard_next(size_t n) */ size_t DataSource_Memory::read(byte out[], size_t length) { - size_t got = std::min<size_t>(source.size() - offset, length); - copy_mem(out, source.data() + offset, got); - offset += got; + size_t got = std::min<size_t>(m_source.size() - m_offset, length); + copy_mem(out, m_source.data() + m_offset, got); + m_offset += got; return got; } bool DataSource_Memory::check_available(size_t n) { - return (n <= (source.size() - offset)); + return (n <= (m_source.size() - m_offset)); } /* @@ -71,11 +72,11 @@ bool DataSource_Memory::check_available(size_t n) size_t DataSource_Memory::peek(byte out[], size_t length, size_t peek_offset) const { - const size_t bytes_left = source.size() - offset; + const size_t bytes_left = m_source.size() - m_offset; if(peek_offset >= bytes_left) return 0; size_t got = std::min(bytes_left - peek_offset, length); - copy_mem(out, &source[offset + peek_offset], got); + copy_mem(out, &m_source[m_offset + peek_offset], got); return got; } @@ -84,18 +85,17 @@ size_t DataSource_Memory::peek(byte out[], size_t length, */ bool DataSource_Memory::end_of_data() const { - return (offset == source.size()); + return (m_offset == m_source.size()); } /* * DataSource_Memory Constructor */ DataSource_Memory::DataSource_Memory(const std::string& in) : - source(reinterpret_cast<const byte*>(in.data()), + m_source(reinterpret_cast<const byte*>(in.data()), reinterpret_cast<const byte*>(in.data()) + in.length()), - offset(0) + m_offset(0) { - offset = 0; } /* @@ -103,21 +103,21 @@ DataSource_Memory::DataSource_Memory(const std::string& in) : */ size_t DataSource_Stream::read(byte out[], size_t length) { - source.read(reinterpret_cast<char*>(out), length); - if(source.bad()) + m_source.read(reinterpret_cast<char*>(out), length); + if(m_source.bad()) throw Stream_IO_Error("DataSource_Stream::read: Source failure"); - size_t got = source.gcount(); - total_read += got; + size_t got = m_source.gcount(); + m_total_read += got; return got; } bool DataSource_Stream::check_available(size_t n) { - const std::streampos orig_pos = source.tellg(); - source.seekg(0, std::ios::end); - const size_t avail = source.tellg() - orig_pos; - source.seekg(orig_pos); + const std::streampos orig_pos = m_source.tellg(); + m_source.seekg(0, std::ios::end); + const size_t avail = m_source.tellg() - orig_pos; + m_source.seekg(orig_pos); return (avail >= n); } @@ -134,23 +134,23 @@ size_t DataSource_Stream::peek(byte out[], size_t length, size_t offset) const if(offset) { secure_vector<byte> buf(offset); - source.read(reinterpret_cast<char*>(buf.data()), buf.size()); - if(source.bad()) + m_source.read(reinterpret_cast<char*>(buf.data()), buf.size()); + if(m_source.bad()) throw Stream_IO_Error("DataSource_Stream::peek: Source failure"); - got = source.gcount(); + got = m_source.gcount(); } if(got == offset) { - source.read(reinterpret_cast<char*>(out), length); - if(source.bad()) + m_source.read(reinterpret_cast<char*>(out), length); + if(m_source.bad()) throw Stream_IO_Error("DataSource_Stream::peek: Source failure"); - got = source.gcount(); + got = m_source.gcount(); } - if(source.eof()) - source.clear(); - source.seekg(total_read, std::ios::beg); + if(m_source.eof()) + m_source.clear(); + m_source.seekg(m_total_read, std::ios::beg); return got; } @@ -160,7 +160,7 @@ size_t DataSource_Stream::peek(byte out[], size_t length, size_t offset) const */ bool DataSource_Stream::end_of_data() const { - return (!source.good()); + return (!m_source.good()); } /* @@ -168,7 +168,7 @@ bool DataSource_Stream::end_of_data() const */ std::string DataSource_Stream::id() const { - return identifier; + return m_identifier; } /* @@ -176,15 +176,15 @@ std::string DataSource_Stream::id() const */ DataSource_Stream::DataSource_Stream(const std::string& path, bool use_binary) : - identifier(path), - source_p(new std::ifstream(path, + m_identifier(path), + m_source_p(new std::ifstream(path, use_binary ? std::ios::binary : std::ios::in)), - source(*source_p), - total_read(0) + m_source(*m_source_p), + m_total_read(0) { - if(!source.good()) + if(!m_source.good()) { - delete source_p; + delete m_source_p; throw Stream_IO_Error("DataSource: Failure opening file " + path); } } @@ -194,10 +194,10 @@ DataSource_Stream::DataSource_Stream(const std::string& path, */ DataSource_Stream::DataSource_Stream(std::istream& in, const std::string& name) : - identifier(name), - source_p(nullptr), - source(in), - total_read(0) + m_identifier(name), + m_source_p(nullptr), + m_source(in), + m_total_read(0) { } @@ -206,7 +206,7 @@ DataSource_Stream::DataSource_Stream(std::istream& in, */ DataSource_Stream::~DataSource_Stream() { - delete source_p; + delete m_source_p; } } diff --git a/src/lib/utils/data_src.h b/src/lib/utils/data_src.h index 2b6998448..6a100ce63 100644 --- a/src/lib/utils/data_src.h +++ b/src/lib/utils/data_src.h @@ -108,7 +108,7 @@ class BOTAN_DLL DataSource_Memory : public DataSource * Construct a memory source that reads from a string * @param in the string to read from */ - DataSource_Memory(const std::string& in); + explicit DataSource_Memory(const std::string& in); /** * Construct a memory source that reads from a byte array @@ -116,26 +116,26 @@ class BOTAN_DLL DataSource_Memory : public DataSource * @param length the length of the byte array */ DataSource_Memory(const byte in[], size_t length) : - source(in, in + length), offset(0) {} + m_source(in, in + length), m_offset(0) {} /** * Construct a memory source that reads from a secure_vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const secure_vector<byte>& in) : - source(in), offset(0) {} + explicit DataSource_Memory(const secure_vector<byte>& in) : + m_source(in), m_offset(0) {} /** * Construct a memory source that reads from a std::vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const std::vector<byte>& in) : - source(in.begin(), in.end()), offset(0) {} + explicit DataSource_Memory(const std::vector<byte>& in) : + m_source(in.begin(), in.end()), m_offset(0) {} - size_t get_bytes_read() const override { return offset; } + size_t get_bytes_read() const override { return m_offset; } private: - secure_vector<byte> source; - size_t offset; + secure_vector<byte> m_source; + size_t m_offset; }; /** @@ -166,13 +166,13 @@ class BOTAN_DLL DataSource_Stream : public DataSource ~DataSource_Stream(); - size_t get_bytes_read() const override { return total_read; } + size_t get_bytes_read() const override { return m_total_read; } private: - const std::string identifier; + const std::string m_identifier; - std::istream* source_p; - std::istream& source; - size_t total_read; + std::istream* m_source_p; + std::istream& m_source; + size_t m_total_read; }; } diff --git a/src/lib/utils/database.h b/src/lib/utils/database.h index 4d8b90d0c..4cc0989b1 100644 --- a/src/lib/utils/database.h +++ b/src/lib/utils/database.h @@ -23,7 +23,7 @@ class BOTAN_DLL SQL_Database class BOTAN_DLL SQL_DB_Error : public Exception { public: - SQL_DB_Error(const std::string& what) : Exception("SQL database", what) {} + explicit SQL_DB_Error(const std::string& what) : Exception("SQL database", what) {} }; class BOTAN_DLL Statement diff --git a/src/lib/utils/datastor/datastor.cpp b/src/lib/utils/datastor/datastor.cpp index 69c1bf453..6f1b71082 100644 --- a/src/lib/utils/datastor/datastor.cpp +++ b/src/lib/utils/datastor/datastor.cpp @@ -18,7 +18,7 @@ namespace Botan { */ bool Data_Store::operator==(const Data_Store& other) const { - return (contents == other.contents); + return (m_contents == other.m_contents); } /* @@ -26,7 +26,7 @@ bool Data_Store::operator==(const Data_Store& other) const */ bool Data_Store::has_value(const std::string& key) const { - return (contents.lower_bound(key) != contents.end()); + return (m_contents.lower_bound(key) != m_contents.end()); } /* @@ -37,7 +37,7 @@ std::multimap<std::string, std::string> Data_Store::search_for( { std::multimap<std::string, std::string> out; - for(auto i = contents.begin(); i != contents.end(); ++i) + for(auto i = m_contents.begin(); i != m_contents.end(); ++i) if(predicate(i->first, i->second)) out.insert(std::make_pair(i->first, i->second)); @@ -50,7 +50,7 @@ std::multimap<std::string, std::string> Data_Store::search_for( std::vector<std::string> Data_Store::get(const std::string& looking_for) const { std::vector<std::string> out; - auto range = contents.equal_range(looking_for); + auto range = m_contents.equal_range(looking_for); for(auto i = range.first; i != range.second; ++i) out.push_back(i->second); return out; @@ -125,7 +125,7 @@ u32bit Data_Store::get1_u32bit(const std::string& key, */ void Data_Store::add(const std::string& key, const std::string& val) { - multimap_insert(contents, key, val); + multimap_insert(m_contents, key, val); } /* @@ -157,7 +157,7 @@ void Data_Store::add(const std::multimap<std::string, std::string>& in) std::multimap<std::string, std::string>::const_iterator i = in.begin(); while(i != in.end()) { - contents.insert(*i); + m_contents.insert(*i); ++i; } } diff --git a/src/lib/utils/datastor/datastor.h b/src/lib/utils/datastor/datastor.h index 66bb0e650..3b25e1fe4 100644 --- a/src/lib/utils/datastor/datastor.h +++ b/src/lib/utils/datastor/datastor.h @@ -49,7 +49,7 @@ class BOTAN_DLL Data_Store void add(const std::string&, const secure_vector<byte>&); void add(const std::string&, const std::vector<byte>&); private: - std::multimap<std::string, std::string> contents; + std::multimap<std::string, std::string> m_contents; }; } diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h index c72ccb55c..c2a3e0d2e 100644 --- a/src/lib/utils/donna128.h +++ b/src/lib/utils/donna128.h @@ -104,8 +104,8 @@ inline u64bit carry_shift(const donna128& a, size_t shift) return (a >> shift).lo(); } -inline u64bit combine_lower(const donna128 a, size_t s1, - const donna128 b, size_t s2) +inline u64bit combine_lower(const donna128& a, size_t s1, + const donna128& b, size_t s2) { donna128 z = (a >> s1) | (b << s2); return z.lo(); diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp index 3448acf6a..c0795942b 100644 --- a/src/lib/utils/dyn_load/dyn_load.cpp +++ b/src/lib/utils/dyn_load/dyn_load.cpp @@ -30,31 +30,31 @@ void raise_runtime_loader_exception(const std::string& lib_name, Dynamically_Loaded_Library::Dynamically_Loaded_Library( const std::string& library) : - lib_name(library), lib(nullptr) + m_lib_name(library), m_lib(nullptr) { #if defined(BOTAN_TARGET_OS_HAS_DLOPEN) - lib = ::dlopen(lib_name.c_str(), RTLD_LAZY); + m_lib = ::dlopen(m_lib_name.c_str(), RTLD_LAZY); - if(!lib) - raise_runtime_loader_exception(lib_name, dlerror()); + if(!m_lib) + raise_runtime_loader_exception(m_lib_name, dlerror()); #elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - lib = ::LoadLibraryA(lib_name.c_str()); + m_lib = ::LoadLibraryA(m_lib_name.c_str()); - if(!lib) - raise_runtime_loader_exception(lib_name, "LoadLibrary failed"); + if(!m_lib) + raise_runtime_loader_exception(m_lib_name, "LoadLibrary failed"); #endif - if(!lib) - raise_runtime_loader_exception(lib_name, "Dynamic load not supported"); + if(!m_lib) + raise_runtime_loader_exception(m_lib_name, "Dynamic load not supported"); } Dynamically_Loaded_Library::~Dynamically_Loaded_Library() { #if defined(BOTAN_TARGET_OS_HAS_DLOPEN) - ::dlclose(lib); + ::dlclose(m_lib); #elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - ::FreeLibrary((HMODULE)lib); + ::FreeLibrary((HMODULE)m_lib); #endif } @@ -63,15 +63,15 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol) void* addr = nullptr; #if defined(BOTAN_TARGET_OS_HAS_DLOPEN) - addr = ::dlsym(lib, symbol.c_str()); + addr = ::dlsym(m_lib, symbol.c_str()); #elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - addr = reinterpret_cast<void*>(::GetProcAddress((HMODULE)lib, + addr = reinterpret_cast<void*>(::GetProcAddress((HMODULE)m_lib, symbol.c_str())); #endif if(!addr) throw Exception("Failed to resolve symbol " + symbol + - " in " + lib_name); + " in " + m_lib_name); return addr; } diff --git a/src/lib/utils/dyn_load/dyn_load.h b/src/lib/utils/dyn_load/dyn_load.h index 32227f76f..7a9f4a83c 100644 --- a/src/lib/utils/dyn_load/dyn_load.h +++ b/src/lib/utils/dyn_load/dyn_load.h @@ -58,8 +58,8 @@ class Dynamically_Loaded_Library Dynamically_Loaded_Library(const Dynamically_Loaded_Library&); Dynamically_Loaded_Library& operator=(const Dynamically_Loaded_Library&); - std::string lib_name; - void* lib; + std::string m_lib_name; + void* m_lib; }; } diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 7ac32288d..b6797f0f6 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -21,12 +21,11 @@ namespace Botan { class BOTAN_DLL Exception : public std::exception { public: - Exception(const std::string& what) : m_what(what) {} - Exception(const char* prefix, const std::string& what) : m_what(std::string(prefix) + " " + what) {} - //const char* what() const override BOTAN_NOEXCEPT { return m_what.c_str(); } - const char* what() const BOTAN_NOEXCEPT override { return m_what.c_str(); } + explicit Exception(const std::string& msg) : m_msg(msg) {} + Exception(const char* prefix, const std::string& msg) : m_msg(std::string(prefix) + " " + msg) {} + const char* what() const BOTAN_NOEXCEPT override { return m_msg.c_str(); } private: - std::string m_what; + std::string m_msg; }; /** @@ -35,8 +34,8 @@ class BOTAN_DLL Exception : public std::exception class BOTAN_DLL Invalid_Argument : public Exception { public: - Invalid_Argument(const std::string& what) : - Exception("Invalid argument", what) {} + explicit Invalid_Argument(const std::string& msg) : + Exception("Invalid argument", msg) {} }; /** @@ -47,7 +46,7 @@ class BOTAN_DLL Invalid_Argument : public Exception */ struct BOTAN_DLL Unsupported_Argument : public Invalid_Argument { - Unsupported_Argument(const std::string& msg) : Invalid_Argument(msg) {} + explicit Unsupported_Argument(const std::string& msg) : Invalid_Argument(msg) {} }; /** @@ -55,7 +54,7 @@ struct BOTAN_DLL Unsupported_Argument : public Invalid_Argument */ struct BOTAN_DLL Invalid_State : public Exception { - Invalid_State(const std::string& err) : + explicit Invalid_State(const std::string& err) : Exception(err) {} }; @@ -65,7 +64,7 @@ struct BOTAN_DLL Invalid_State : public Exception */ struct BOTAN_DLL Lookup_Error : public Exception { - Lookup_Error(const std::string& err) : + explicit Lookup_Error(const std::string& err) : Exception(err) {} }; @@ -75,7 +74,7 @@ struct BOTAN_DLL Lookup_Error : public Exception */ struct BOTAN_DLL Internal_Error : public Exception { - Internal_Error(const std::string& err) : + explicit Internal_Error(const std::string& err) : Exception("Internal error: " + err) {} }; @@ -107,7 +106,7 @@ struct BOTAN_DLL Invalid_IV_Length : public Invalid_Argument */ struct BOTAN_DLL PRNG_Unseeded : public Invalid_State { - PRNG_Unseeded(const std::string& algo) : + explicit PRNG_Unseeded(const std::string& algo) : Invalid_State("PRNG not seeded: " + algo) {} }; @@ -117,7 +116,7 @@ struct BOTAN_DLL PRNG_Unseeded : public Invalid_State */ struct BOTAN_DLL Policy_Violation : public Invalid_State { - Policy_Violation(const std::string& err) : + explicit Policy_Violation(const std::string& err) : Invalid_State("Policy violation: " + err) {} }; @@ -127,7 +126,7 @@ struct BOTAN_DLL Policy_Violation : public Invalid_State */ struct BOTAN_DLL Algorithm_Not_Found : public Lookup_Error { - Algorithm_Not_Found(const std::string& name) : + explicit Algorithm_Not_Found(const std::string& name) : Lookup_Error("Could not find any algorithm named \"" + name + "\"") {} }; @@ -137,7 +136,7 @@ struct BOTAN_DLL Algorithm_Not_Found : public Lookup_Error */ struct BOTAN_DLL No_Provider_Found : public Exception { - No_Provider_Found(const std::string& name) : + explicit No_Provider_Found(const std::string& name) : Exception("Could not find any provider for algorithm named \"" + name + "\"") {} }; @@ -147,7 +146,7 @@ struct BOTAN_DLL No_Provider_Found : public Exception */ struct BOTAN_DLL Invalid_Algorithm_Name : public Invalid_Argument { - Invalid_Algorithm_Name(const std::string& name): + explicit Invalid_Algorithm_Name(const std::string& name): Invalid_Argument("Invalid algorithm name: " + name) {} }; @@ -157,7 +156,7 @@ struct BOTAN_DLL Invalid_Algorithm_Name : public Invalid_Argument */ struct BOTAN_DLL Encoding_Error : public Invalid_Argument { - Encoding_Error(const std::string& name) : + explicit Encoding_Error(const std::string& name) : Invalid_Argument("Encoding error: " + name) {} }; @@ -166,7 +165,7 @@ struct BOTAN_DLL Encoding_Error : public Invalid_Argument */ struct BOTAN_DLL Decoding_Error : public Invalid_Argument { - Decoding_Error(const std::string& name) : + explicit Decoding_Error(const std::string& name) : Invalid_Argument("Decoding error: " + name) {} }; @@ -175,7 +174,7 @@ struct BOTAN_DLL Decoding_Error : public Invalid_Argument */ struct BOTAN_DLL Integrity_Failure : public Exception { - Integrity_Failure(const std::string& msg) : + explicit Integrity_Failure(const std::string& msg) : Exception("Integrity failure: " + msg) {} }; @@ -184,7 +183,7 @@ struct BOTAN_DLL Integrity_Failure : public Exception */ struct BOTAN_DLL Invalid_OID : public Decoding_Error { - Invalid_OID(const std::string& oid) : + explicit Invalid_OID(const std::string& oid) : Decoding_Error("Invalid ASN.1 OID: " + oid) {} }; @@ -193,7 +192,7 @@ struct BOTAN_DLL Invalid_OID : public Decoding_Error */ struct BOTAN_DLL Stream_IO_Error : public Exception { - Stream_IO_Error(const std::string& err) : + explicit Stream_IO_Error(const std::string& err) : Exception("I/O error: " + err) {} }; @@ -211,7 +210,7 @@ struct BOTAN_DLL No_Filesystem_Access : public Exception */ struct BOTAN_DLL Self_Test_Failure : public Internal_Error { - Self_Test_Failure(const std::string& err) : + explicit Self_Test_Failure(const std::string& err) : Internal_Error("Self test failed: " + err) {} }; diff --git a/src/lib/utils/http_util/http_util.cpp b/src/lib/utils/http_util/http_util.cpp index 1f67c0b4b..1286e4026 100644 --- a/src/lib/utils/http_util/http_util.cpp +++ b/src/lib/utils/http_util/http_util.cpp @@ -98,7 +98,6 @@ Response http_sync(http_exch_fn http_transact, const auto protocol_host_sep = url.find("://"); if(protocol_host_sep == std::string::npos) throw Exception("Invalid URL " + url); - const std::string protocol = url.substr(0, protocol_host_sep); const auto host_loc_sep = url.find('/', protocol_host_sep + 3); @@ -128,7 +127,7 @@ Response http_sync(http_exch_fn http_transact, else if(verb == "POST") outbuf << "Content-Length: " << body.size() << "\r\n"; - if(content_type != "") + if(!content_type.empty()) outbuf << "Content-Type: " << content_type << "\r\n"; outbuf << "Connection: close\r\n\r\n"; outbuf.write(reinterpret_cast<const char*>(body.data()), body.size()); @@ -185,7 +184,7 @@ Response http_sync(http_exch_fn http_transact, const std::string header_size = search_map(headers, std::string("Content-Length")); - if(header_size != "") + if(!header_size.empty()) { if(resp_body.size() != to_u32bit(header_size)) throw Exception("Content-Length disagreement, header says " + diff --git a/src/lib/utils/info.txt b/src/lib/utils/info.txt index 348992ddf..511e6b0e8 100644 --- a/src/lib/utils/info.txt +++ b/src/lib/utils/info.txt @@ -31,3 +31,7 @@ rounding.h semaphore.h stl_util.h </header:internal> + +<libs> +linux -> rt +</libs> diff --git a/src/lib/utils/loadstor.h b/src/lib/utils/loadstor.h index 53700fc86..a6c2b7969 100644 --- a/src/lib/utils/loadstor.h +++ b/src/lib/utils/loadstor.h @@ -1,6 +1,6 @@ /* * Load/Store Operators -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2015 Jack Lloyd * 2007 Yves Jerschow * * Botan is released under the Simplified BSD License (see license.txt) @@ -144,10 +144,13 @@ inline T load_le(const byte in[], size_t off) template<> inline u16bit load_be<u16bit>(const byte in[], size_t off) { + in += off * sizeof(u16bit); + #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u16bit*>(in) + off)); + u16bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2B(x); #else - in += off * sizeof(u16bit); return make_u16bit(in[0], in[1]); #endif } @@ -161,10 +164,13 @@ inline u16bit load_be<u16bit>(const byte in[], size_t off) template<> inline u16bit load_le<u16bit>(const byte in[], size_t off) { + in += off * sizeof(u16bit); + #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u16bit*>(in) + off)); + u16bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2L(x); #else - in += off * sizeof(u16bit); return make_u16bit(in[1], in[0]); #endif } @@ -178,10 +184,12 @@ inline u16bit load_le<u16bit>(const byte in[], size_t off) template<> inline u32bit load_be<u32bit>(const byte in[], size_t off) { + in += off * sizeof(u32bit); #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u32bit*>(in) + off)); + u32bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2B(x); #else - in += off * sizeof(u32bit); return make_u32bit(in[0], in[1], in[2], in[3]); #endif } @@ -195,10 +203,12 @@ inline u32bit load_be<u32bit>(const byte in[], size_t off) template<> inline u32bit load_le<u32bit>(const byte in[], size_t off) { + in += off * sizeof(u32bit); #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u32bit*>(in) + off)); + u32bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2L(x); #else - in += off * sizeof(u32bit); return make_u32bit(in[3], in[2], in[1], in[0]); #endif } @@ -212,10 +222,12 @@ inline u32bit load_le<u32bit>(const byte in[], size_t off) template<> inline u64bit load_be<u64bit>(const byte in[], size_t off) { + in += off * sizeof(u64bit); #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u64bit*>(in) + off)); + u64bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2B(x); #else - in += off * sizeof(u64bit); return make_u64bit(in[0], in[1], in[2], in[3], in[4], in[5], in[6], in[7]); #endif @@ -230,10 +242,12 @@ inline u64bit load_be<u64bit>(const byte in[], size_t off) template<> inline u64bit load_le<u64bit>(const byte in[], size_t off) { + in += off * sizeof(u64bit); #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u64bit*>(in) + off)); + u64bit x; + std::memcpy(&x, in, sizeof(x)); + return BOTAN_ENDIAN_N2L(x); #else - in += off * sizeof(u64bit); return make_u64bit(in[7], in[6], in[5], in[4], in[3], in[2], in[1], in[0]); #endif @@ -308,24 +322,27 @@ inline void load_le(T out[], const byte in[], size_t count) { + if(count > 0) + { #if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS) - std::memcpy(out, in, sizeof(T)*count); + std::memcpy(out, in, sizeof(T)*count); #if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN) - const size_t blocks = count - (count % 4); - const size_t left = count - blocks; + const size_t blocks = count - (count % 4); + const size_t left = count - blocks; - for(size_t i = 0; i != blocks; i += 4) - bswap_4(out + i); + for(size_t i = 0; i != blocks; i += 4) + bswap_4(out + i); - for(size_t i = 0; i != left; ++i) - out[blocks+i] = reverse_bytes(out[blocks+i]); + for(size_t i = 0; i != left; ++i) + out[blocks+i] = reverse_bytes(out[blocks+i]); #endif #else - for(size_t i = 0; i != count; ++i) - out[i] = load_le<T>(in, i); + for(size_t i = 0; i != count; ++i) + out[i] = load_le<T>(in, i); #endif + } } /** @@ -397,24 +414,27 @@ inline void load_be(T out[], const byte in[], size_t count) { + if(count > 0) + { #if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS) - std::memcpy(out, in, sizeof(T)*count); + std::memcpy(out, in, sizeof(T)*count); #if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN) - const size_t blocks = count - (count % 4); - const size_t left = count - blocks; + const size_t blocks = count - (count % 4); + const size_t left = count - blocks; - for(size_t i = 0; i != blocks; i += 4) - bswap_4(out + i); + for(size_t i = 0; i != blocks; i += 4) + bswap_4(out + i); - for(size_t i = 0; i != left; ++i) - out[blocks+i] = reverse_bytes(out[blocks+i]); + for(size_t i = 0; i != left; ++i) + out[blocks+i] = reverse_bytes(out[blocks+i]); #endif #else - for(size_t i = 0; i != count; ++i) - out[i] = load_be<T>(in, i); + for(size_t i = 0; i != count; ++i) + out[i] = load_be<T>(in, i); #endif + } } /** @@ -425,7 +445,8 @@ inline void load_be(T out[], inline void store_be(u16bit in, byte out[2]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u16bit*>(out) = BOTAN_ENDIAN_B2N(in); + u16bit o = BOTAN_ENDIAN_N2B(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(0, in); out[1] = get_byte(1, in); @@ -440,7 +461,8 @@ inline void store_be(u16bit in, byte out[2]) inline void store_le(u16bit in, byte out[2]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u16bit*>(out) = BOTAN_ENDIAN_L2N(in); + u16bit o = BOTAN_ENDIAN_N2L(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(1, in); out[1] = get_byte(0, in); @@ -455,7 +477,8 @@ inline void store_le(u16bit in, byte out[2]) inline void store_be(u32bit in, byte out[4]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u32bit*>(out) = BOTAN_ENDIAN_B2N(in); + u32bit o = BOTAN_ENDIAN_B2N(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(0, in); out[1] = get_byte(1, in); @@ -472,7 +495,8 @@ inline void store_be(u32bit in, byte out[4]) inline void store_le(u32bit in, byte out[4]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u32bit*>(out) = BOTAN_ENDIAN_L2N(in); + u32bit o = BOTAN_ENDIAN_L2N(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(3, in); out[1] = get_byte(2, in); @@ -489,7 +513,8 @@ inline void store_le(u32bit in, byte out[4]) inline void store_be(u64bit in, byte out[8]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u64bit*>(out) = BOTAN_ENDIAN_B2N(in); + u64bit o = BOTAN_ENDIAN_B2N(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(0, in); out[1] = get_byte(1, in); @@ -510,7 +535,8 @@ inline void store_be(u64bit in, byte out[8]) inline void store_le(u64bit in, byte out[8]) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - *reinterpret_cast<u64bit*>(out) = BOTAN_ENDIAN_L2N(in); + u64bit o = BOTAN_ENDIAN_L2N(in); + std::memcpy(out, &o, sizeof(o)); #else out[0] = get_byte(7, in); out[1] = get_byte(6, in); diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index 6ea7bdafe..0d2d0dab0 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -1,6 +1,6 @@ /* * Memory Operations -* (C) 1999-2009,2012 Jack Lloyd +* (C) 1999-2009,2012,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -28,7 +28,10 @@ BOTAN_DLL void zero_mem(void* ptr, size_t n); */ template<typename T> inline void clear_mem(T* ptr, size_t n) { - std::memset(ptr, 0, sizeof(T)*n); + if(n > 0) + { + std::memset(ptr, 0, sizeof(T)*n); + } } /** @@ -39,7 +42,10 @@ template<typename T> inline void clear_mem(T* ptr, size_t n) */ template<typename T> inline void copy_mem(T* out, const T* in, size_t n) { - std::memmove(out, in, sizeof(T)*n); + if(n > 0) + { + std::memmove(out, in, sizeof(T)*n); + } } /** @@ -51,7 +57,10 @@ template<typename T> inline void copy_mem(T* out, const T* in, size_t n) template<typename T> inline void set_mem(T* ptr, size_t n, byte val) { - std::memset(ptr, val, sizeof(T)*n); + if(n > 0) + { + std::memset(ptr, val, sizeof(T)*n); + } } /** @@ -72,7 +81,7 @@ template<typename T> inline bool same_mem(const T* p1, const T* p2, size_t n) } /** -* XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length +* XOR_ arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length * @param out the input/output buffer * @param in the read-only input buffer * @param length the length of the buffers @@ -80,18 +89,10 @@ template<typename T> inline bool same_mem(const T* p1, const T* p2, size_t n) template<typename T> void xor_buf(T out[], const T in[], size_t length) { - while(length >= 8) - { - out[0] ^= in[0]; out[1] ^= in[1]; - out[2] ^= in[2]; out[3] ^= in[3]; - out[4] ^= in[4]; out[5] ^= in[5]; - out[6] ^= in[6]; out[7] ^= in[7]; - - out += 8; in += 8; length -= 8; - } - for(size_t i = 0; i != length; ++i) + { out[i] ^= in[i]; + } } /** @@ -106,60 +107,12 @@ template<typename T> void xor_buf(T out[], const T in2[], size_t length) { - while(length >= 8) - { - out[0] = in[0] ^ in2[0]; - out[1] = in[1] ^ in2[1]; - out[2] = in[2] ^ in2[2]; - out[3] = in[3] ^ in2[3]; - out[4] = in[4] ^ in2[4]; - out[5] = in[5] ^ in2[5]; - out[6] = in[6] ^ in2[6]; - out[7] = in[7] ^ in2[7]; - - in += 8; in2 += 8; out += 8; length -= 8; - } - for(size_t i = 0; i != length; ++i) - out[i] = in[i] ^ in2[i]; - } - -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - -template<> -inline void xor_buf<byte>(byte out[], const byte in[], size_t length) - { - while(length >= 8) { - *reinterpret_cast<u64bit*>(out) ^= *reinterpret_cast<const u64bit*>(in); - out += 8; in += 8; length -= 8; - } - - for(size_t i = 0; i != length; ++i) - out[i] ^= in[i]; - } - -template<> -inline void xor_buf<byte>(byte out[], - const byte in[], - const byte in2[], - size_t length) - { - while(length >= 8) - { - *reinterpret_cast<u64bit*>(out) = - *reinterpret_cast<const u64bit*>(in) ^ - *reinterpret_cast<const u64bit*>(in2); - - in += 8; in2 += 8; out += 8; length -= 8; - } - - for(size_t i = 0; i != length; ++i) out[i] = in[i] ^ in2[i]; + } } -#endif - template<typename Alloc, typename Alloc2> void xor_buf(std::vector<byte, Alloc>& out, const std::vector<byte, Alloc2>& in, diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index ae93d58d7..8fa099bc6 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -1,27 +1,103 @@ /* * OS and machine specific utility functions -* (C) 2015 Jack Lloyd +* (C) 2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/internal/os_utils.h> +#include <botan/cpuid.h> #include <botan/exceptn.h> #include <botan/mem_ops.h> +#include <chrono> -//TODO: defined(BOTAN_TARGET_OS_TYPE_IS_POSIX) - -#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) +#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) #include <sys/types.h> #include <sys/mman.h> #include <sys/resource.h> #include <unistd.h> #endif +#if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) + #include <windows.h> +#endif + namespace Botan { namespace OS { +uint32_t get_process_id() + { +#if defined(BOTAN_TARGET_OS_IS_UNIX) + return ::getpid(); +#elif defined(BOTAN_TARGET_OS_IS_WINDOWS) + return ::GetCurrentProcessId(); +#else + return 0; +#endif + } + +uint64_t get_processor_timestamp() + { + uint64_t rtc = 0; + +#if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER) + LARGE_INTEGER tv; + ::QueryPerformanceCounter(&tv); + rtc = tv.QuadPart; +#endif + +#if defined(BOTAN_USE_GCC_INLINE_ASM) + +#if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) + if(CPUID::has_rdtsc()) // not availble on all x86 CPUs + { + uint32_t rtc_low = 0, rtc_high = 0; + asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); + rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; + } + +#elif defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) + uint32_t rtc_low = 0, rtc_high = 0; + asm volatile("mftbu %0; mftb %1" : "=r" (rtc_high), "=r" (rtc_low)); + rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; + +#elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) + asm volatile("rpcc %0" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) + // OpenBSD does not trap access to the %tick register + asm volatile("rd %%tick, %0" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_IA64) + asm volatile("mov %0=ar.itc" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_S390X) + asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); + +#elif defined(BOTAN_TARGET_ARCH_IS_HPPA) + asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? +#endif + +#endif + + return rtc; + } + +uint64_t get_system_timestamp_ns() + { +#if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) + struct timespec ts; + if(::clock_gettime(CLOCK_REALTIME, &ts) == 0) + { + return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); + } +#endif + + auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); + return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); + } + size_t get_memory_locking_limit() { #if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h index 0030f88c9..3335463f7 100644 --- a/src/lib/utils/os_utils.h +++ b/src/lib/utils/os_utils.h @@ -1,6 +1,6 @@ /* * OS specific utility functions -* (C) 2015 Jack Lloyd +* (C) 2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -14,6 +14,26 @@ namespace Botan { namespace OS { +/** +* Returns the OS assigned process ID, if available. Otherwise returns 0. +*/ +uint32_t get_process_id(); + +/** +* Returns the value of the hardware cycle counter, if available. +* Returns 0 if not available. On Windows uses QueryPerformanceCounter. +* On other platforms reads the native cycle counter directly. +* The epoch and update rate are arbitrary and may not be constant +* (depending on the hardware). +*/ +uint64_t get_processor_timestamp(); + +/** +* Returns the value of the system clock with best resolution available, +* normalized to nanoseconds resolution. +*/ +uint64_t get_system_timestamp_ns(); + /* * Returns the maximum amount of memory (in bytes) we could/should * hyptothetically allocate. Reads "BOTAN_MLOCK_POOL_SIZE" from @@ -22,9 +42,9 @@ namespace OS { size_t get_memory_locking_limit(); /* -* Request so many bytes of page-aligned RAM locked into memory OS -* calls (mlock, VirtualLock, or similar). Returns null on failure. The -* memory returned is zeroed. Free it with free_locked_pages. +* Request so many bytes of page-aligned RAM locked into memory using +* mlock, VirtualLock, or similar. Returns null on failure. The memory +* returned is zeroed. Free it with free_locked_pages. */ void* allocate_locked_pages(size_t length); diff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp index 2bf41f260..e5c8562b5 100644 --- a/src/lib/utils/parsing.cpp +++ b/src/lib/utils/parsing.cpp @@ -53,7 +53,7 @@ u32bit to_u32bit(const std::string& str) */ u32bit timespec_to_u32bit(const std::string& timespec) { - if(timespec == "") + if(timespec.empty()) return 0; const char suffix = timespec[timespec.size()-1]; @@ -129,7 +129,7 @@ std::vector<std::string> parse_algorithm_name(const std::string& namex) substring += c; } - if(substring != "") + if(!substring.empty()) throw Invalid_Algorithm_Name(namex); return elems; @@ -144,14 +144,14 @@ std::vector<std::string> split_on_pred(const std::string& str, std::function<bool (char)> pred) { std::vector<std::string> elems; - if(str == "") return elems; + if(str.empty()) return elems; std::string substr; for(auto i = str.begin(); i != str.end(); ++i) { if(pred(*i)) { - if(substr != "") + if(!substr.empty()) elems.push_back(substr); substr.clear(); } @@ -159,7 +159,7 @@ std::vector<std::string> split_on_pred(const std::string& str, substr += *i; } - if(substr == "") + if(substr.empty()) throw Invalid_Argument("Unable to split string: " + str); elems.push_back(substr); @@ -197,7 +197,7 @@ std::vector<u32bit> parse_asn1_oid(const std::string& oid) if(c == '.') { - if(substring == "") + if(substring.empty()) throw Invalid_OID(oid); oid_elems.push_back(to_u32bit(substring)); substring.clear(); @@ -206,7 +206,7 @@ std::vector<u32bit> parse_asn1_oid(const std::string& oid) substring += c; } - if(substring == "") + if(substring.empty()) throw Invalid_OID(oid); oid_elems.push_back(to_u32bit(substring)); diff --git a/src/lib/utils/read_cfg.cpp b/src/lib/utils/read_cfg.cpp index 1a15f2e63..bf68c0479 100644 --- a/src/lib/utils/read_cfg.cpp +++ b/src/lib/utils/read_cfg.cpp @@ -38,12 +38,12 @@ std::map<std::string, std::string> read_cfg(std::istream& is) ++line; - if(s == "" || s[0] == '#') + if(s.empty() || s[0] == '#') continue; s = clean_ws(s.substr(0, s.find('#'))); - if(s == "") + if(s.empty()) continue; auto eq = s.find("="); diff --git a/src/lib/utils/semaphore.h b/src/lib/utils/semaphore.h index 3495043e5..994a15f21 100644 --- a/src/lib/utils/semaphore.h +++ b/src/lib/utils/semaphore.h @@ -16,7 +16,7 @@ namespace Botan { class Semaphore { public: - Semaphore(int value = 0) : m_value(value), m_wakeups(0) {} + explicit Semaphore(int value = 0) : m_value(value), m_wakeups(0) {} void acquire(); diff --git a/src/lib/utils/simd/simd_sse2/simd_sse2.h b/src/lib/utils/simd/simd_sse2/simd_sse2.h index 9e85bd45b..551e9189c 100644 --- a/src/lib/utils/simd/simd_sse2/simd_sse2.h +++ b/src/lib/utils/simd/simd_sse2/simd_sse2.h @@ -18,24 +18,24 @@ namespace Botan { class SIMD_SSE2 { public: - SIMD_SSE2(const u32bit B[4]) + explicit SIMD_SSE2(const u32bit B[4]) { - reg = _mm_loadu_si128(reinterpret_cast<const __m128i*>(B)); + m_reg = _mm_loadu_si128(reinterpret_cast<const __m128i*>(B)); } SIMD_SSE2(u32bit B0, u32bit B1, u32bit B2, u32bit B3) { - reg = _mm_set_epi32(B0, B1, B2, B3); + m_reg = _mm_set_epi32(B0, B1, B2, B3); } - SIMD_SSE2(u32bit B) + explicit SIMD_SSE2(u32bit B) { - reg = _mm_set1_epi32(B); + m_reg = _mm_set1_epi32(B); } static SIMD_SSE2 load_le(const void* in) { - return _mm_loadu_si128(reinterpret_cast<const __m128i*>(in)); + return SIMD_SSE2(_mm_loadu_si128(reinterpret_cast<const __m128i*>(in))); } static SIMD_SSE2 load_be(const void* in) @@ -45,7 +45,7 @@ class SIMD_SSE2 void store_le(byte out[]) const { - _mm_storeu_si128(reinterpret_cast<__m128i*>(out), reg); + _mm_storeu_si128(reinterpret_cast<__m128i*>(out), m_reg); } void store_be(byte out[]) const @@ -55,8 +55,8 @@ class SIMD_SSE2 void rotate_left(size_t rot) { - reg = _mm_or_si128(_mm_slli_epi32(reg, static_cast<int>(rot)), - _mm_srli_epi32(reg, static_cast<int>(32-rot))); + m_reg = _mm_or_si128(_mm_slli_epi32(m_reg, static_cast<int>(rot)), + _mm_srli_epi32(m_reg, static_cast<int>(32-rot))); } void rotate_right(size_t rot) @@ -66,98 +66,98 @@ class SIMD_SSE2 void operator+=(const SIMD_SSE2& other) { - reg = _mm_add_epi32(reg, other.reg); + m_reg = _mm_add_epi32(m_reg, other.m_reg); } SIMD_SSE2 operator+(const SIMD_SSE2& other) const { - return _mm_add_epi32(reg, other.reg); + return SIMD_SSE2(_mm_add_epi32(m_reg, other.m_reg)); } void operator-=(const SIMD_SSE2& other) { - reg = _mm_sub_epi32(reg, other.reg); + m_reg = _mm_sub_epi32(m_reg, other.m_reg); } SIMD_SSE2 operator-(const SIMD_SSE2& other) const { - return _mm_sub_epi32(reg, other.reg); + return SIMD_SSE2(_mm_sub_epi32(m_reg, other.m_reg)); } void operator^=(const SIMD_SSE2& other) { - reg = _mm_xor_si128(reg, other.reg); + m_reg = _mm_xor_si128(m_reg, other.m_reg); } SIMD_SSE2 operator^(const SIMD_SSE2& other) const { - return _mm_xor_si128(reg, other.reg); + return SIMD_SSE2(_mm_xor_si128(m_reg, other.m_reg)); } void operator|=(const SIMD_SSE2& other) { - reg = _mm_or_si128(reg, other.reg); + m_reg = _mm_or_si128(m_reg, other.m_reg); } SIMD_SSE2 operator&(const SIMD_SSE2& other) { - return _mm_and_si128(reg, other.reg); + return SIMD_SSE2(_mm_and_si128(m_reg, other.m_reg)); } void operator&=(const SIMD_SSE2& other) { - reg = _mm_and_si128(reg, other.reg); + m_reg = _mm_and_si128(m_reg, other.m_reg); } SIMD_SSE2 operator<<(size_t shift) const { - return _mm_slli_epi32(reg, static_cast<int>(shift)); + return SIMD_SSE2(_mm_slli_epi32(m_reg, static_cast<int>(shift))); } SIMD_SSE2 operator>>(size_t shift) const { - return _mm_srli_epi32(reg, static_cast<int>(shift)); + return SIMD_SSE2(_mm_srli_epi32(m_reg, static_cast<int>(shift))); } SIMD_SSE2 operator~() const { - return _mm_xor_si128(reg, _mm_set1_epi32(0xFFFFFFFF)); + return SIMD_SSE2(_mm_xor_si128(m_reg, _mm_set1_epi32(0xFFFFFFFF))); } // (~reg) & other SIMD_SSE2 andc(const SIMD_SSE2& other) { - return _mm_andnot_si128(reg, other.reg); + return SIMD_SSE2(_mm_andnot_si128(m_reg, other.m_reg)); } SIMD_SSE2 bswap() const { - __m128i T = reg; + __m128i T = m_reg; T = _mm_shufflehi_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); T = _mm_shufflelo_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); - return _mm_or_si128(_mm_srli_epi16(T, 8), - _mm_slli_epi16(T, 8)); + return SIMD_SSE2(_mm_or_si128(_mm_srli_epi16(T, 8), + _mm_slli_epi16(T, 8))); } static void transpose(SIMD_SSE2& B0, SIMD_SSE2& B1, SIMD_SSE2& B2, SIMD_SSE2& B3) { - __m128i T0 = _mm_unpacklo_epi32(B0.reg, B1.reg); - __m128i T1 = _mm_unpacklo_epi32(B2.reg, B3.reg); - __m128i T2 = _mm_unpackhi_epi32(B0.reg, B1.reg); - __m128i T3 = _mm_unpackhi_epi32(B2.reg, B3.reg); - B0.reg = _mm_unpacklo_epi64(T0, T1); - B1.reg = _mm_unpackhi_epi64(T0, T1); - B2.reg = _mm_unpacklo_epi64(T2, T3); - B3.reg = _mm_unpackhi_epi64(T2, T3); + __m128i T0 = _mm_unpacklo_epi32(B0.m_reg, B1.m_reg); + __m128i T1 = _mm_unpacklo_epi32(B2.m_reg, B3.m_reg); + __m128i T2 = _mm_unpackhi_epi32(B0.m_reg, B1.m_reg); + __m128i T3 = _mm_unpackhi_epi32(B2.m_reg, B3.m_reg); + B0.m_reg = _mm_unpacklo_epi64(T0, T1); + B1.m_reg = _mm_unpackhi_epi64(T0, T1); + B2.m_reg = _mm_unpacklo_epi64(T2, T3); + B3.m_reg = _mm_unpackhi_epi64(T2, T3); } private: - SIMD_SSE2(__m128i in) { reg = in; } + explicit SIMD_SSE2(__m128i in) { m_reg = in; } - __m128i reg; + __m128i m_reg; }; } |