diff options
Diffstat (limited to 'src/lib')
194 files changed, 1142 insertions, 3242 deletions
diff --git a/src/lib/algo_base/algo_registry.cpp b/src/lib/algo_base/algo_registry.cpp deleted file mode 100644 index c33b1b3c7..000000000 --- a/src/lib/algo_base/algo_registry.cpp +++ /dev/null @@ -1,20 +0,0 @@ -/* -* (C) 2014,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/transform.h> -#include <botan/algo_registry.h> - -namespace Botan { - -Transform* get_transform(const std::string& specstr, - const std::string& provider, - const std::string& dirstr) - { - Algo_Registry<Transform>::Spec spec(specstr, dirstr); - return Algo_Registry<Transform>::global_registry().make(spec, provider); - } - -} diff --git a/src/lib/algo_base/info.txt b/src/lib/algo_base/info.txt deleted file mode 100644 index dcc744d25..000000000 --- a/src/lib/algo_base/info.txt +++ /dev/null @@ -1,7 +0,0 @@ -define TRANSFORM 20131209 - -<requires> -alloc -hex -rng -</requires> diff --git a/src/lib/algo_factory/algo_cache.h b/src/lib/algo_factory/algo_cache.h deleted file mode 100644 index 66c62da67..000000000 --- a/src/lib/algo_factory/algo_cache.h +++ /dev/null @@ -1,239 +0,0 @@ -/* -* An algorithm cache (used by Algorithm_Factory) -* (C) 2008-2009,2011 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ALGORITHM_CACHE_TEMPLATE_H__ -#define BOTAN_ALGORITHM_CACHE_TEMPLATE_H__ - -#include <botan/types.h> -#include <botan/internal/stl_util.h> -#include <mutex> -#include <string> -#include <vector> -#include <map> - -namespace Botan { - -/** -* @param prov_name a provider name -* @return weight for this provider -*/ -size_t static_provider_weight(const std::string& prov_name); - -/** -* Algorithm_Cache (used by Algorithm_Factory) -*/ -template<typename T> -class Algorithm_Cache - { - public: - /** - * @param algo_spec names the requested algorithm - * @param pref_provider suggests a preferred provider - * @return prototype object, or NULL - */ - const T* get(const std::string& algo_spec, - const std::string& pref_provider); - - /** - * Add a new algorithm implementation to the cache - * @param algo the algorithm prototype object - * @param requested_name how this name will be requested - * @param provider_name is the name of the provider of this prototype - */ - void add(T* algo, - const std::string& requested_name, - const std::string& provider_name); - - /** - * Set the preferred provider - * @param algo_spec names the algorithm - * @param provider names the preferred provider - */ - void set_preferred_provider(const std::string& algo_spec, - const std::string& provider); - - /** - * Return the list of providers of this algorithm - * @param algo_name names the algorithm - * @return list of providers of this algorithm - */ - std::vector<std::string> providers_of(const std::string& algo_name); - - /** - * Clear the cache - */ - void clear_cache(); - - ~Algorithm_Cache() { clear_cache(); } - private: - typename std::map<std::string, std::map<std::string, T*> >::const_iterator - find_algorithm(const std::string& algo_spec); - - std::mutex mutex; - std::map<std::string, std::string> aliases; - std::map<std::string, std::string> pref_providers; - std::map<std::string, std::map<std::string, T*> > algorithms; - }; - -/* -* Look for an algorithm implementation in the cache, also checking aliases -* Assumes object lock is held -*/ -template<typename T> -typename std::map<std::string, std::map<std::string, T*> >::const_iterator -Algorithm_Cache<T>::find_algorithm(const std::string& algo_spec) - { - auto algo = algorithms.find(algo_spec); - - // Not found? Check if a known alias - if(algo == algorithms.end()) - { - auto alias = aliases.find(algo_spec); - - if(alias != aliases.end()) - algo = algorithms.find(alias->second); - } - - return algo; - } - -/* -* Look for an algorithm implementation by a particular provider -*/ -template<typename T> -const T* Algorithm_Cache<T>::get(const std::string& algo_spec, - const std::string& requested_provider) - { - std::lock_guard<std::mutex> lock(mutex); - - auto algo = find_algorithm(algo_spec); - if(algo == algorithms.end()) // algo not found at all (no providers) - return nullptr; - - // If a provider is requested specifically, return it or fail entirely - if(requested_provider != "") - { - auto prov = algo->second.find(requested_provider); - if(prov != algo->second.end()) - return prov->second; - return nullptr; - } - - const T* prototype = nullptr; - std::string prototype_provider; - size_t prototype_prov_weight = 0; - - const std::string pref_provider = search_map(pref_providers, algo_spec); - - for(auto i = algo->second.begin(); i != algo->second.end(); ++i) - { - // preferred prov exists, return immediately - if(i->first == pref_provider) - return i->second; - - const size_t prov_weight = static_provider_weight(i->first); - - if(prototype == nullptr || prov_weight > prototype_prov_weight) - { - prototype = i->second; - prototype_provider = i->first; - prototype_prov_weight = prov_weight; - } - } - - return prototype; - } - -/* -* Add an implementation to the cache -*/ -template<typename T> -void Algorithm_Cache<T>::add(T* algo, - const std::string& requested_name, - const std::string& provider) - { - if(!algo) - return; - - std::lock_guard<std::mutex> lock(mutex); - - if(algo->name() != requested_name && - aliases.find(requested_name) == aliases.end()) - { - aliases[requested_name] = algo->name(); - } - - if(!algorithms[algo->name()][provider]) - algorithms[algo->name()][provider] = algo; - else - delete algo; - } - -/* -* Find the providers of this algo (if any) -*/ -template<typename T> std::vector<std::string> -Algorithm_Cache<T>::providers_of(const std::string& algo_name) - { - std::lock_guard<std::mutex> lock(mutex); - - std::vector<std::string> providers; - - auto algo = find_algorithm(algo_name); - if(algo != algorithms.end()) - { - auto provider = algo->second.begin(); - - while(provider != algo->second.end()) - { - providers.push_back(provider->first); - ++provider; - } - } - - return providers; - } - -/* -* Set the preferred provider for an algorithm -*/ -template<typename T> -void Algorithm_Cache<T>::set_preferred_provider(const std::string& algo_spec, - const std::string& provider) - { - std::lock_guard<std::mutex> lock(mutex); - - pref_providers[algo_spec] = provider; - } - -/* -* Clear out the cache -*/ -template<typename T> -void Algorithm_Cache<T>::clear_cache() - { - auto algo = algorithms.begin(); - - while(algo != algorithms.end()) - { - auto provider = algo->second.begin(); - - while(provider != algo->second.end()) - { - delete provider->second; - ++provider; - } - - ++algo; - } - - algorithms.clear(); - } - -} - -#endif diff --git a/src/lib/algo_factory/algo_factory.cpp b/src/lib/algo_factory/algo_factory.cpp deleted file mode 100644 index 9c805f67a..000000000 --- a/src/lib/algo_factory/algo_factory.cpp +++ /dev/null @@ -1,291 +0,0 @@ -/* -* Algorithm Factory -* (C) 2008-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/algo_factory.h> -#include <botan/internal/algo_cache.h> -#include <botan/internal/stl_util.h> -#include <botan/engine.h> -#include <botan/exceptn.h> - -#include <botan/block_cipher.h> -#include <botan/stream_cipher.h> -#include <botan/hash.h> -#include <botan/mac.h> -#include <botan/pbkdf.h> - -#include <algorithm> - -namespace Botan { - -namespace { - -/* -* Template functions for the factory prototype/search algorithm -*/ -template<typename T> -T* engine_get_algo(Engine*, - const SCAN_Name&, - Algorithm_Factory&) - { return nullptr; } - -template<> -BlockCipher* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_block_cipher(request, af); } - -template<> -StreamCipher* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_stream_cipher(request, af); } - -template<> -HashFunction* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_hash(request, af); } - -template<> -MessageAuthenticationCode* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_mac(request, af); } - -template<> -PBKDF* engine_get_algo(Engine* engine, - const SCAN_Name& request, - Algorithm_Factory& af) - { return engine->find_pbkdf(request, af); } - -template<typename T> -const T* factory_prototype(const std::string& algo_spec, - const std::string& provider, - const std::vector<Engine*>& engines, - Algorithm_Factory& af, - Algorithm_Cache<T>& cache) - { - if(const T* cache_hit = cache.get(algo_spec, provider)) - return cache_hit; - - SCAN_Name scan_name(algo_spec); - - if(scan_name.cipher_mode() != "") - return nullptr; - - for(size_t i = 0; i != engines.size(); ++i) - { - if(provider == "" || engines[i]->provider_name() == provider) - { - if(T* impl = engine_get_algo<T>(engines[i], scan_name, af)) - cache.add(impl, algo_spec, engines[i]->provider_name()); - } - } - - return cache.get(algo_spec, provider); - } - -} - -/* -* Setup caches -*/ -Algorithm_Factory::Algorithm_Factory() - { - block_cipher_cache.reset(new Algorithm_Cache<BlockCipher>()); - stream_cipher_cache.reset(new Algorithm_Cache<StreamCipher>()); - hash_cache.reset(new Algorithm_Cache<HashFunction>()); - mac_cache.reset(new Algorithm_Cache<MessageAuthenticationCode>()); - pbkdf_cache.reset(new Algorithm_Cache<PBKDF>()); - } - -/* -* Delete all engines -*/ -Algorithm_Factory::~Algorithm_Factory() - { - for(auto i = engines.begin(); i != engines.end(); ++i) - delete *i; - } - -void Algorithm_Factory::clear_caches() - { - block_cipher_cache->clear_cache(); - stream_cipher_cache->clear_cache(); - hash_cache->clear_cache(); - mac_cache->clear_cache(); - pbkdf_cache->clear_cache(); - } - -void Algorithm_Factory::add_engine(Engine* engine) - { - clear_caches(); - engines.push_back(engine); - } - -/* -* Set the preferred provider for an algorithm -*/ -void Algorithm_Factory::set_preferred_provider(const std::string& algo_spec, - const std::string& provider) - { - if(prototype_block_cipher(algo_spec)) - block_cipher_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_stream_cipher(algo_spec)) - stream_cipher_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_hash_function(algo_spec)) - hash_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_mac(algo_spec)) - mac_cache->set_preferred_provider(algo_spec, provider); - else if(prototype_pbkdf(algo_spec)) - pbkdf_cache->set_preferred_provider(algo_spec, provider); - } - -/* -* Return the possible providers of a request -* Note: assumes you don't have different types by the same name -*/ -std::vector<std::string> -Algorithm_Factory::providers_of(const std::string& algo_spec) - { - /* The checks with if(prototype_X(algo_spec)) have the effect of - forcing a full search, since otherwise there might not be any - providers at all in the cache. - */ - - if(prototype_block_cipher(algo_spec)) - return block_cipher_cache->providers_of(algo_spec); - else if(prototype_stream_cipher(algo_spec)) - return stream_cipher_cache->providers_of(algo_spec); - else if(prototype_hash_function(algo_spec)) - return hash_cache->providers_of(algo_spec); - else if(prototype_mac(algo_spec)) - return mac_cache->providers_of(algo_spec); - else if(prototype_pbkdf(algo_spec)) - return pbkdf_cache->providers_of(algo_spec); - else - return std::vector<std::string>(); - } - -/* -* Return the prototypical block cipher corresponding to this request -*/ -const BlockCipher* -Algorithm_Factory::prototype_block_cipher(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<BlockCipher>(algo_spec, provider, engines, - *this, *block_cipher_cache); - } - -/* -* Return the prototypical stream cipher corresponding to this request -*/ -const StreamCipher* -Algorithm_Factory::prototype_stream_cipher(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<StreamCipher>(algo_spec, provider, engines, - *this, *stream_cipher_cache); - } - -/* -* Return the prototypical object corresponding to this request (if found) -*/ -const HashFunction* -Algorithm_Factory::prototype_hash_function(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<HashFunction>(algo_spec, provider, engines, - *this, *hash_cache); - } - -/* -* Return the prototypical object corresponding to this request -*/ -const MessageAuthenticationCode* -Algorithm_Factory::prototype_mac(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<MessageAuthenticationCode>(algo_spec, provider, - engines, - *this, *mac_cache); - } - -/* -* Return the prototypical object corresponding to this request -*/ -const PBKDF* -Algorithm_Factory::prototype_pbkdf(const std::string& algo_spec, - const std::string& provider) - { - return factory_prototype<PBKDF>(algo_spec, provider, - engines, - *this, *pbkdf_cache); - } - -/* -* Return a new block cipher corresponding to this request -*/ -BlockCipher* -Algorithm_Factory::make_block_cipher(const std::string& algo_spec, - const std::string& provider) - { - if(const BlockCipher* proto = prototype_block_cipher(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new stream cipher corresponding to this request -*/ -StreamCipher* -Algorithm_Factory::make_stream_cipher(const std::string& algo_spec, - const std::string& provider) - { - if(const StreamCipher* proto = prototype_stream_cipher(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -HashFunction* -Algorithm_Factory::make_hash_function(const std::string& algo_spec, - const std::string& provider) - { - if(const HashFunction* proto = prototype_hash_function(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -MessageAuthenticationCode* -Algorithm_Factory::make_mac(const std::string& algo_spec, - const std::string& provider) - { - if(const MessageAuthenticationCode* proto = prototype_mac(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Return a new object corresponding to this request -*/ -PBKDF* -Algorithm_Factory::make_pbkdf(const std::string& algo_spec, - const std::string& provider) - { - if(const PBKDF* proto = prototype_pbkdf(algo_spec, provider)) - return proto->clone(); - throw Algorithm_Not_Found(algo_spec); - } - -} diff --git a/src/lib/algo_factory/algo_factory.h b/src/lib/algo_factory/algo_factory.h deleted file mode 100644 index 6d4084f53..000000000 --- a/src/lib/algo_factory/algo_factory.h +++ /dev/null @@ -1,165 +0,0 @@ -/* -* Algorithm Factory -* (C) 2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ALGORITHM_FACTORY_H__ -#define BOTAN_ALGORITHM_FACTORY_H__ - -#include <botan/types.h> -#include <string> -#include <vector> - -namespace Botan { - -/** -* Forward declarations (don't need full definitions here) -*/ -class BlockCipher; -class StreamCipher; -class HashFunction; -class MessageAuthenticationCode; -class PBKDF; - -template<typename T> class Algorithm_Cache; - -class Engine; - -/** -* Algorithm Factory -*/ -class BOTAN_DLL Algorithm_Factory - { - public: - /** - * Constructor - */ - Algorithm_Factory(); - - /** - * Destructor - */ - ~Algorithm_Factory(); - - /** - * @param engine to add (Algorithm_Factory takes ownership) - */ - void add_engine(Engine* engine); - - /** - * Clear out any cached objects - */ - void clear_caches(); - - /** - * @param algo_spec the algorithm we are querying - * @returns list of providers of this algorithm - */ - std::vector<std::string> providers_of(const std::string& algo_spec); - - /** - * @param algo_spec the algorithm we are setting a provider for - * @param provider the provider we would like to use - */ - void set_preferred_provider(const std::string& algo_spec, - const std::string& provider); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const BlockCipher* - prototype_block_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - BlockCipher* make_block_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const StreamCipher* - prototype_stream_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - StreamCipher* make_stream_cipher(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const HashFunction* - prototype_hash_function(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - HashFunction* make_hash_function(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const MessageAuthenticationCode* - prototype_mac(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - MessageAuthenticationCode* make_mac(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to const prototype object, ready to clone(), or NULL - */ - const PBKDF* prototype_pbkdf(const std::string& algo_spec, - const std::string& provider = ""); - - /** - * @param algo_spec the algorithm we want - * @param provider the provider we would like to use - * @returns pointer to freshly created instance of the request algorithm - */ - PBKDF* make_pbkdf(const std::string& algo_spec, - const std::string& provider = ""); - - private: - std::vector<Engine*> engines; - - std::unique_ptr<Algorithm_Cache<BlockCipher>> block_cipher_cache; - std::unique_ptr<Algorithm_Cache<StreamCipher>> stream_cipher_cache; - std::unique_ptr<Algorithm_Cache<HashFunction>> hash_cache; - std::unique_ptr<Algorithm_Cache<MessageAuthenticationCode>> mac_cache; - std::unique_ptr<Algorithm_Cache<PBKDF>> pbkdf_cache; - }; - -} - -#endif diff --git a/src/lib/algo_factory/info.txt b/src/lib/algo_factory/info.txt deleted file mode 100644 index 837ced1d0..000000000 --- a/src/lib/algo_factory/info.txt +++ /dev/null @@ -1,24 +0,0 @@ -load_on auto - -define ALGORITHM_FACTORY 20131128 - -<header:public> -algo_factory.h -</header:public> - -<header:internal> -algo_cache.h -</header:internal> - -<source> -algo_factory.cpp -prov_weight.cpp -</source> - -<requires> -block -engine -hash -mac -stream -</requires> diff --git a/src/lib/algo_factory/prov_weight.cpp b/src/lib/algo_factory/prov_weight.cpp deleted file mode 100644 index 3c793a299..000000000 --- a/src/lib/algo_factory/prov_weight.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* -* Default provider weights for Algorithm_Cache -* (C) 2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/algo_cache.h> - -namespace Botan { - -/** -* Return a static provider weighing -*/ -size_t static_provider_weight(const std::string& prov_name) - { - /* - * Prefer asm over C++, but prefer anything over OpenSSL or GNU MP; to use - * them, set the provider explicitly for the algorithms you want - */ - - if(prov_name == "aes_isa") return 9; - if(prov_name == "simd") return 8; - if(prov_name == "asm") return 7; - - if(prov_name == "core") return 5; - - if(prov_name == "openssl") return 2; - if(prov_name == "gmp") return 1; - - return 0; // other/unknown - } - -} diff --git a/src/lib/asn1/oid_lookup/default.cpp b/src/lib/asn1/oid_lookup/default.cpp index 161607ad2..de04f542a 100644 --- a/src/lib/asn1/oid_lookup/default.cpp +++ b/src/lib/asn1/oid_lookup/default.cpp @@ -11,243 +11,232 @@ namespace Botan { namespace OIDS { -/* -* Load all of the default OIDs -*/ -void set_defaults() +const char* default_oid_list() { - /* Public key types */ - OIDS::add_oidstr("1.2.840.113549.1.1.1", "RSA"); - OIDS::add_oidstr("2.5.8.1.1", "RSA"); // RSA alternate - OIDS::add_oidstr("1.2.840.10040.4.1", "DSA"); - OIDS::add_oidstr("1.2.840.10046.2.1", "DH"); - OIDS::add_oidstr("1.3.6.1.4.1.3029.1.2.1", "ElGamal"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.1", "RW"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.2", "NR"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.3", "McEliece"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.1.4", "Curve25519"); - - // X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5) - OIDS::add_oidstr("1.2.840.10045.2.1", "ECDSA"); - - /* - * This is an OID defined for ECDH keys though rarely used for such. - * In this configuration it is accepted on decoding, but not used for - * encoding. You can enable it for encoding by calling - * OIDS::add_str2oid("ECDH", "1.3.132.1.12") - * from your application code. - */ - OIDS::add_oid2str(OID("1.3.132.1.12"), "ECDH"); - - OIDS::add_oidstr("1.2.643.2.2.19", "GOST-34.10"); // RFC 4491 - - /* Ciphers */ - OIDS::add_oidstr("1.3.14.3.2.7", "DES/CBC"); - OIDS::add_oidstr("1.2.840.113549.3.7", "TripleDES/CBC"); - OIDS::add_oidstr("1.2.840.113549.3.2", "RC2/CBC"); - OIDS::add_oidstr("1.2.840.113533.7.66.10", "CAST-128/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.2", "AES-128/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.22", "AES-192/CBC"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.42", "AES-256/CBC"); - OIDS::add_oidstr("1.2.410.200004.1.4", "SEED/CBC"); // RFC 4010 - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.1", "Serpent/CBC"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2", "Threefish-512/CBC"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.3", "Twofish/CBC"); - - OIDS::add_oidstr("2.16.840.1.101.3.4.1.6", "AES-128/GCM"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.26", "AES-192/GCM"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.46", "AES-256/GCM"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.101", "Serpent/GCM"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.102", "Twofish/GCM"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.1", "AES-128/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.2", "AES-192/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.3", "AES-256/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.4", "Serpent/OCB"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.5", "Twofish/OCB"); - - /* Hash Functions */ - OIDS::add_oidstr("1.2.840.113549.2.5", "MD5"); - OIDS::add_oidstr("1.3.6.1.4.1.11591.12.2", "Tiger(24,3)"); - - OIDS::add_oidstr("1.3.14.3.2.26", "SHA-160"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.4", "SHA-224"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.1", "SHA-256"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.2", "SHA-384"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.3", "SHA-512"); - OIDS::add_oidstr("2.16.840.1.101.3.4.2.6", "SHA-512-256"); - - /* MACs */ - OIDS::add_oidstr("1.2.840.113549.2.7", "HMAC(SHA-160)"); - OIDS::add_oidstr("1.2.840.113549.2.8", "HMAC(SHA-224)"); - OIDS::add_oidstr("1.2.840.113549.2.9", "HMAC(SHA-256)"); - OIDS::add_oidstr("1.2.840.113549.2.10", "HMAC(SHA-384)"); - OIDS::add_oidstr("1.2.840.113549.2.11", "HMAC(SHA-512)"); - - /* Key Wrap */ - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2"); - OIDS::add_oidstr("1.2.840.113533.7.66.15", "KeyWrap.CAST-128"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192"); - OIDS::add_oidstr("2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256"); - - /* Compression */ - OIDS::add_oidstr("1.2.840.113549.1.9.16.3.8", "Compression.Zlib"); - - /* Public key signature schemes */ - OIDS::add_oidstr("1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5"); - OIDS::add_oidstr("1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)"); - OIDS::add_oidstr("1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)"); - OIDS::add_oidstr("1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)"); - OIDS::add_oidstr("1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)"); - OIDS::add_oidstr("1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)"); - OIDS::add_oidstr("1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)"); - OIDS::add_oidstr("1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)"); - - OIDS::add_oidstr("1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)"); - OIDS::add_oidstr("2.16.840.1.101.3.4.3.1", "DSA/EMSA1(SHA-224)"); - OIDS::add_oidstr("2.16.840.1.101.3.4.3.2", "DSA/EMSA1(SHA-256)"); - - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.1", "ECDSA/EMSA1_BSI(SHA-160)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.2", "ECDSA/EMSA1_BSI(SHA-224)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.3", "ECDSA/EMSA1_BSI(SHA-256)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.4", "ECDSA/EMSA1_BSI(SHA-384)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.5", "ECDSA/EMSA1_BSI(SHA-512)"); - OIDS::add_oidstr("0.4.0.127.0.7.1.1.4.1.6", "ECDSA/EMSA1_BSI(RIPEMD-160)"); - - OIDS::add_oidstr("1.2.840.10045.4.1", "ECDSA/EMSA1(SHA-160)"); - OIDS::add_oidstr("1.2.840.10045.4.3.1", "ECDSA/EMSA1(SHA-224)"); - OIDS::add_oidstr("1.2.840.10045.4.3.2", "ECDSA/EMSA1(SHA-256)"); - OIDS::add_oidstr("1.2.840.10045.4.3.3", "ECDSA/EMSA1(SHA-384)"); - OIDS::add_oidstr("1.2.840.10045.4.3.4", "ECDSA/EMSA1(SHA-512)"); - - OIDS::add_oidstr("1.2.643.2.2.3", "GOST-34.10/EMSA1(GOST-R-34.11-94)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.1", "RW/EMSA2(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.2", "RW/EMSA2(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.3", "RW/EMSA2(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.4", "RW/EMSA2(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.5", "RW/EMSA2(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.1.6", "RW/EMSA2(SHA-512)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.1", "RW/EMSA4(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.2", "RW/EMSA4(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.3", "RW/EMSA4(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.4", "RW/EMSA4(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.5", "RW/EMSA4(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.1.2.6", "RW/EMSA4(SHA-512)"); - - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.1", "NR/EMSA2(RIPEMD-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.2", "NR/EMSA2(SHA-160)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.3", "NR/EMSA2(SHA-224)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.4", "NR/EMSA2(SHA-256)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.5", "NR/EMSA2(SHA-384)"); - OIDS::add_oidstr("1.3.6.1.4.1.25258.2.2.1.6", "NR/EMSA2(SHA-512)"); - - OIDS::add_oidstr("2.5.4.3", "X520.CommonName"); - OIDS::add_oidstr("2.5.4.4", "X520.Surname"); - OIDS::add_oidstr("2.5.4.5", "X520.SerialNumber"); - OIDS::add_oidstr("2.5.4.6", "X520.Country"); - OIDS::add_oidstr("2.5.4.7", "X520.Locality"); - OIDS::add_oidstr("2.5.4.8", "X520.State"); - OIDS::add_oidstr("2.5.4.10", "X520.Organization"); - OIDS::add_oidstr("2.5.4.11", "X520.OrganizationalUnit"); - OIDS::add_oidstr("2.5.4.12", "X520.Title"); - OIDS::add_oidstr("2.5.4.42", "X520.GivenName"); - OIDS::add_oidstr("2.5.4.43", "X520.Initials"); - OIDS::add_oidstr("2.5.4.44", "X520.GenerationalQualifier"); - OIDS::add_oidstr("2.5.4.46", "X520.DNQualifier"); - OIDS::add_oidstr("2.5.4.65", "X520.Pseudonym"); - - OIDS::add_oidstr("1.2.840.113549.1.5.12", "PKCS5.PBKDF2"); - OIDS::add_oidstr("1.2.840.113549.1.5.13", "PBE-PKCS5v20"); - - OIDS::add_oidstr("1.2.840.113549.1.9.1", "PKCS9.EmailAddress"); - OIDS::add_oidstr("1.2.840.113549.1.9.2", "PKCS9.UnstructuredName"); - OIDS::add_oidstr("1.2.840.113549.1.9.3", "PKCS9.ContentType"); - OIDS::add_oidstr("1.2.840.113549.1.9.4", "PKCS9.MessageDigest"); - OIDS::add_oidstr("1.2.840.113549.1.9.7", "PKCS9.ChallengePassword"); - OIDS::add_oidstr("1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest"); - - OIDS::add_oidstr("1.2.840.113549.1.7.1", "CMS.DataContent"); - OIDS::add_oidstr("1.2.840.113549.1.7.2", "CMS.SignedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.3", "CMS.EnvelopedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.5", "CMS.DigestedData"); - OIDS::add_oidstr("1.2.840.113549.1.7.6", "CMS.EncryptedData"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData"); - OIDS::add_oidstr("1.2.840.113549.1.9.16.1.9", "CMS.CompressedData"); - - OIDS::add_oidstr("2.5.29.14", "X509v3.SubjectKeyIdentifier"); - OIDS::add_oidstr("2.5.29.15", "X509v3.KeyUsage"); - OIDS::add_oidstr("2.5.29.17", "X509v3.SubjectAlternativeName"); - OIDS::add_oidstr("2.5.29.18", "X509v3.IssuerAlternativeName"); - OIDS::add_oidstr("2.5.29.19", "X509v3.BasicConstraints"); - OIDS::add_oidstr("2.5.29.20", "X509v3.CRLNumber"); - OIDS::add_oidstr("2.5.29.21", "X509v3.ReasonCode"); - OIDS::add_oidstr("2.5.29.23", "X509v3.HoldInstructionCode"); - OIDS::add_oidstr("2.5.29.24", "X509v3.InvalidityDate"); - OIDS::add_oidstr("2.5.29.31", "X509v3.CRLDistributionPoints"); - OIDS::add_oidstr("2.5.29.32", "X509v3.CertificatePolicies"); - OIDS::add_oidstr("2.5.29.35", "X509v3.AuthorityKeyIdentifier"); - OIDS::add_oidstr("2.5.29.36", "X509v3.PolicyConstraints"); - OIDS::add_oidstr("2.5.29.37", "X509v3.ExtendedKeyUsage"); - OIDS::add_oidstr("1.3.6.1.5.5.7.1.1", "PKIX.AuthorityInformationAccess"); - - OIDS::add_oidstr("2.5.29.32.0", "X509v3.AnyPolicy"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping"); - OIDS::add_oidstr("1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr"); - - OIDS::add_oidstr("1.3.6.1.5.5.7.48.1", "PKIX.OCSP"); - OIDS::add_oidstr("1.3.6.1.5.5.7.48.1.1", "PKIX.OCSP.BasicResponse"); - - /* ECC domain parameters */ - OIDS::add_oidstr("1.3.132.0.6", "secp112r1"); - OIDS::add_oidstr("1.3.132.0.7", "secp112r2"); - OIDS::add_oidstr("1.3.132.0.8", "secp160r1"); - OIDS::add_oidstr("1.3.132.0.9", "secp160k1"); - OIDS::add_oidstr("1.3.132.0.10", "secp256k1"); - OIDS::add_oidstr("1.3.132.0.28", "secp128r1"); - OIDS::add_oidstr("1.3.132.0.29", "secp128r2"); - OIDS::add_oidstr("1.3.132.0.30", "secp160r2"); - OIDS::add_oidstr("1.3.132.0.31", "secp192k1"); - OIDS::add_oidstr("1.3.132.0.32", "secp224k1"); - OIDS::add_oidstr("1.3.132.0.33", "secp224r1"); - OIDS::add_oidstr("1.3.132.0.34", "secp384r1"); - OIDS::add_oidstr("1.3.132.0.35", "secp521r1"); - - OIDS::add_oidstr("1.2.840.10045.3.1.1", "secp192r1"); - OIDS::add_oidstr("1.2.840.10045.3.1.2", "x962_p192v2"); - OIDS::add_oidstr("1.2.840.10045.3.1.3", "x962_p192v3"); - OIDS::add_oidstr("1.2.840.10045.3.1.4", "x962_p239v1"); - OIDS::add_oidstr("1.2.840.10045.3.1.5", "x962_p239v2"); - OIDS::add_oidstr("1.2.840.10045.3.1.6", "x962_p239v3"); - OIDS::add_oidstr("1.2.840.10045.3.1.7", "secp256r1"); - - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.1", "brainpool160r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.3", "brainpool192r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.5", "brainpool224r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.7", "brainpool256r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.9", "brainpool320r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.11", "brainpool384r1"); - OIDS::add_oidstr("1.3.36.3.3.2.8.1.1.13", "brainpool512r1"); - - OIDS::add_oidstr("1.2.643.2.2.35.1", "gost_256A"); - OIDS::add_oidstr("1.2.643.2.2.36.0", "gost_256A"); - - /* CVC */ - OIDS::add_oidstr("0.4.0.127.0.7.3.1.2.1", "CertificateHolderAuthorizationTemplate"); + return + + // Public key types + "1.2.840.113549.1.1.1 = RSA" "\n" + "2.5.8.1.1 = RSA" "\n" + "1.2.840.10040.4.1 = DSA" "\n" + "1.2.840.10046.2.1 = DH" "\n" + "1.3.6.1.4.1.3029.1.2.1 = ElGamal" "\n" + "1.3.6.1.4.1.25258.1.1 = RW" "\n" + "1.3.6.1.4.1.25258.1.2 = NR" "\n" + "1.3.6.1.4.1.25258.1.3 = McEliece" "\n" + "1.3.6.1.4.1.25258.1.4 = Curve25519" "\n" + + // X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5) + "1.2.840.10045.2.1 = ECDSA" "\n" + //"1.3.132.1.12 = ECDH" "\n" + + "1.2.643.2.2.19 = GOST-34.10" "\n" + + // Block ciphers + "1.3.14.3.2.7 = DES/CBC" "\n" + "1.2.840.113549.3.7 = TripleDES/CBC" "\n" + "1.2.840.113549.3.2 = RC2/CBC" "\n" + "1.2.840.113533.7.66.10 = CAST-128/CBC" "\n" + "2.16.840.1.101.3.4.1.2 = AES-128/CBC" "\n" + "2.16.840.1.101.3.4.1.22 = AES-192/CBC" "\n" + "2.16.840.1.101.3.4.1.42 = AES-256/CBC" "\n" + "1.2.410.200004.1.4 = SEED/CBC" "\n" + "1.3.6.1.4.1.25258.3.1 = Serpent/CBC" "\n" + "1.3.6.1.4.1.25258.3.2 = Threefish-512/CBC" "\n" + "1.3.6.1.4.1.25258.3.3 = Twofish/CBC" "\n" + + "2.16.840.1.101.3.4.1.6 = AES-128/GCM" "\n" + "2.16.840.1.101.3.4.1.26 = AES-192/GCM" "\n" + "2.16.840.1.101.3.4.1.46 = AES-256/GCM" "\n" + + "1.3.6.1.4.1.25258.3.101 = Serpent/GCM" "\n" + "1.3.6.1.4.1.25258.3.102 = Twofish/GCM" "\n" + + "1.3.6.1.4.1.25258.3.2.1 = AES-128/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.2 = AES-192/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.3 = AES-256/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.4 = Serpent/OCB" "\n" + "1.3.6.1.4.1.25258.3.2.5 = Twofish/OCB" "\n" + + // Hashes + "1.2.840.113549.2.5 = MD5" "\n" + "1.3.6.1.4.1.11591.12.2 = Tiger(24,3)" "\n" + + "1.3.14.3.2.26 = SHA-160" "\n" + "2.16.840.1.101.3.4.2.4 = SHA-224" "\n" + "2.16.840.1.101.3.4.2.1 = SHA-256" "\n" + "2.16.840.1.101.3.4.2.2 = SHA-384" "\n" + "2.16.840.1.101.3.4.2.3 = SHA-512" "\n" + "2.16.840.1.101.3.4.2.6 = SHA-512-256" "\n" + + // MACs + "1.2.840.113549.2.7 = HMAC(SHA-160)" "\n" + "1.2.840.113549.2.8 = HMAC(SHA-224)" "\n" + "1.2.840.113549.2.9 = HMAC(SHA-256)" "\n" + "1.2.840.113549.2.10 = HMAC(SHA-384)" "\n" + "1.2.840.113549.2.11 = HMAC(SHA-512)" "\n" + + // Keywrap + "1.2.840.113549.1.9.16.3.6 = KeyWrap.TripleDES" "\n" + "1.2.840.113549.1.9.16.3.7 = KeyWrap.RC2" "\n" + "1.2.840.113533.7.66.15 = KeyWrap.CAST-128" "\n" + "2.16.840.1.101.3.4.1.5 = KeyWrap.AES-128" "\n" + "2.16.840.1.101.3.4.1.25 = KeyWrap.AES-192" "\n" + "2.16.840.1.101.3.4.1.45 = KeyWrap.AES-256" "\n" + + "1.2.840.113549.1.9.16.3.8 = Compression.Zlib" "\n" + + "1.2.840.113549.1.1.1 = RSA/EME-PKCS1-v1_5" "\n" + "1.2.840.113549.1.1.2 = RSA/EMSA3(MD2)" "\n" + "1.2.840.113549.1.1.4 = RSA/EMSA3(MD5)" "\n" + "1.2.840.113549.1.1.5 = RSA/EMSA3(SHA-160)" "\n" + "1.2.840.113549.1.1.11 = RSA/EMSA3(SHA-256)" "\n" + "1.2.840.113549.1.1.12 = RSA/EMSA3(SHA-384)" "\n" + "1.2.840.113549.1.1.13 = RSA/EMSA3(SHA-512)" "\n" + "1.3.36.3.3.1.2 = RSA/EMSA3(RIPEMD-160)" "\n" + + "1.2.840.10040.4.3 = DSA/EMSA1(SHA-160)" "\n" + "2.16.840.1.101.3.4.3.1 = DSA/EMSA1(SHA-224)" "\n" + "2.16.840.1.101.3.4.3.2 = DSA/EMSA1(SHA-256)" "\n" + + "0.4.0.127.0.7.1.1.4.1.1 = ECDSA/EMSA1_BSI(SHA-160)" "\n" + "0.4.0.127.0.7.1.1.4.1.2 = ECDSA/EMSA1_BSI(SHA-224)" "\n" + "0.4.0.127.0.7.1.1.4.1.3 = ECDSA/EMSA1_BSI(SHA-256)" "\n" + "0.4.0.127.0.7.1.1.4.1.4 = ECDSA/EMSA1_BSI(SHA-384)" "\n" + "0.4.0.127.0.7.1.1.4.1.5 = ECDSA/EMSA1_BSI(SHA-512)" "\n" + "0.4.0.127.0.7.1.1.4.1.6 = ECDSA/EMSA1_BSI(RIPEMD-160)" "\n" + + "1.2.840.10045.4.1 = ECDSA/EMSA1(SHA-160)" "\n" + "1.2.840.10045.4.3.1 = ECDSA/EMSA1(SHA-224)" "\n" + "1.2.840.10045.4.3.2 = ECDSA/EMSA1(SHA-256)" "\n" + "1.2.840.10045.4.3.3 = ECDSA/EMSA1(SHA-384)" "\n" + "1.2.840.10045.4.3.4 = ECDSA/EMSA1(SHA-512)" "\n" + + "1.2.643.2.2.3 = GOST-34.10/EMSA1(GOST-R-34.11-94)" "\n" + + "1.3.6.1.4.1.25258.2.1.1.1 = RW/EMSA2(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.1.1.2 = RW/EMSA2(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.1.1.3 = RW/EMSA2(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.1.1.4 = RW/EMSA2(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.1.1.5 = RW/EMSA2(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.1.1.6 = RW/EMSA2(SHA-512)" "\n" + + "1.3.6.1.4.1.25258.2.1.2.1 = RW/EMSA4(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.1.2.2 = RW/EMSA4(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.1.2.3 = RW/EMSA4(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.1.2.4 = RW/EMSA4(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.1.2.5 = RW/EMSA4(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.1.2.6 = RW/EMSA4(SHA-512)" "\n" + + "1.3.6.1.4.1.25258.2.2.1.1 = NR/EMSA2(RIPEMD-160)" "\n" + "1.3.6.1.4.1.25258.2.2.1.2 = NR/EMSA2(SHA-160)" "\n" + "1.3.6.1.4.1.25258.2.2.1.3 = NR/EMSA2(SHA-224)" "\n" + "1.3.6.1.4.1.25258.2.2.1.4 = NR/EMSA2(SHA-256)" "\n" + "1.3.6.1.4.1.25258.2.2.1.5 = NR/EMSA2(SHA-384)" "\n" + "1.3.6.1.4.1.25258.2.2.1.6 = NR/EMSA2(SHA-512)" "\n" + + "2.5.4.3 = X520.CommonName" "\n" + "2.5.4.4 = X520.Surname" "\n" + "2.5.4.5 = X520.SerialNumber" "\n" + "2.5.4.6 = X520.Country" "\n" + "2.5.4.7 = X520.Locality" "\n" + "2.5.4.8 = X520.State" "\n" + "2.5.4.10 = X520.Organization" "\n" + "2.5.4.11 = X520.OrganizationalUnit" "\n" + "2.5.4.12 = X520.Title" "\n" + "2.5.4.42 = X520.GivenName" "\n" + "2.5.4.43 = X520.Initials" "\n" + "2.5.4.44 = X520.GenerationalQualifier" "\n" + "2.5.4.46 = X520.DNQualifier" "\n" + "2.5.4.65 = X520.Pseudonym" "\n" + + "1.2.840.113549.1.5.12 = PKCS5.PBKDF2" "\n" + "1.2.840.113549.1.5.13 = PBE-PKCS5v20" "\n" + + "1.2.840.113549.1.9.1 = PKCS9.EmailAddress" "\n" + "1.2.840.113549.1.9.2 = PKCS9.UnstructuredName" "\n" + "1.2.840.113549.1.9.3 = PKCS9.ContentType" "\n" + "1.2.840.113549.1.9.4 = PKCS9.MessageDigest" "\n" + "1.2.840.113549.1.9.7 = PKCS9.ChallengePassword" "\n" + "1.2.840.113549.1.9.14 = PKCS9.ExtensionRequest" "\n" + + "1.2.840.113549.1.7.1 = CMS.DataContent" "\n" + "1.2.840.113549.1.7.2 = CMS.SignedData" "\n" + "1.2.840.113549.1.7.3 = CMS.EnvelopedData" "\n" + "1.2.840.113549.1.7.5 = CMS.DigestedData" "\n" + "1.2.840.113549.1.7.6 = CMS.EncryptedData" "\n" + "1.2.840.113549.1.9.16.1.2 = CMS.AuthenticatedData" "\n" + "1.2.840.113549.1.9.16.1.9 = CMS.CompressedData" "\n" + + "2.5.29.14 = X509v3.SubjectKeyIdentifier" "\n" + "2.5.29.15 = X509v3.KeyUsage" "\n" + "2.5.29.17 = X509v3.SubjectAlternativeName" "\n" + "2.5.29.18 = X509v3.IssuerAlternativeName" "\n" + "2.5.29.19 = X509v3.BasicConstraints" "\n" + "2.5.29.20 = X509v3.CRLNumber" "\n" + "2.5.29.21 = X509v3.ReasonCode" "\n" + "2.5.29.23 = X509v3.HoldInstructionCode" "\n" + "2.5.29.24 = X509v3.InvalidityDate" "\n" + "2.5.29.31 = X509v3.CRLDistributionPoints" "\n" + "2.5.29.32 = X509v3.CertificatePolicies" "\n" + "2.5.29.35 = X509v3.AuthorityKeyIdentifier" "\n" + "2.5.29.36 = X509v3.PolicyConstraints" "\n" + "2.5.29.37 = X509v3.ExtendedKeyUsage" "\n" + "1.3.6.1.5.5.7.1.1 = PKIX.AuthorityInformationAccess" "\n" + + "2.5.29.32.0 = X509v3.AnyPolicy" "\n" + + "1.3.6.1.5.5.7.3.1 = PKIX.ServerAuth" "\n" + "1.3.6.1.5.5.7.3.2 = PKIX.ClientAuth" "\n" + "1.3.6.1.5.5.7.3.3 = PKIX.CodeSigning" "\n" + "1.3.6.1.5.5.7.3.4 = PKIX.EmailProtection" "\n" + "1.3.6.1.5.5.7.3.5 = PKIX.IPsecEndSystem" "\n" + "1.3.6.1.5.5.7.3.6 = PKIX.IPsecTunnel" "\n" + "1.3.6.1.5.5.7.3.7 = PKIX.IPsecUser" "\n" + "1.3.6.1.5.5.7.3.8 = PKIX.TimeStamping" "\n" + "1.3.6.1.5.5.7.3.9 = PKIX.OCSPSigning" "\n" + + "1.3.6.1.5.5.7.8.5 = PKIX.XMPPAddr" "\n" + + "1.3.6.1.5.5.7.48.1 = PKIX.OCSP" "\n" + "1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse" "\n" + + // ECC param sets + "1.3.132.0.6 = secp112r1" "\n" + "1.3.132.0.7 = secp112r2" "\n" + "1.3.132.0.8 = secp160r1" "\n" + "1.3.132.0.9 = secp160k1" "\n" + "1.3.132.0.10 = secp256k1" "\n" + "1.3.132.0.28 = secp128r1" "\n" + "1.3.132.0.29 = secp128r2" "\n" + "1.3.132.0.30 = secp160r2" "\n" + "1.3.132.0.31 = secp192k1" "\n" + "1.3.132.0.32 = secp224k1" "\n" + "1.3.132.0.33 = secp224r1" "\n" + "1.3.132.0.34 = secp384r1" "\n" + "1.3.132.0.35 = secp521r1" "\n" + + "1.2.840.10045.3.1.1 = secp192r1" "\n" + "1.2.840.10045.3.1.2 = x962_p192v2" "\n" + "1.2.840.10045.3.1.3 = x962_p192v3" "\n" + "1.2.840.10045.3.1.4 = x962_p239v1" "\n" + "1.2.840.10045.3.1.5 = x962_p239v2" "\n" + "1.2.840.10045.3.1.6 = x962_p239v3" "\n" + "1.2.840.10045.3.1.7 = secp256r1" "\n" + + "1.3.36.3.3.2.8.1.1.1 = brainpool160r1" "\n" + "1.3.36.3.3.2.8.1.1.3 = brainpool192r1" "\n" + "1.3.36.3.3.2.8.1.1.5 = brainpool224r1" "\n" + "1.3.36.3.3.2.8.1.1.7 = brainpool256r1" "\n" + "1.3.36.3.3.2.8.1.1.9 = brainpool320r1" "\n" + "1.3.36.3.3.2.8.1.1.11 = brainpool384r1" "\n" + "1.3.36.3.3.2.8.1.1.13 = brainpool512r1" "\n" + + "1.2.643.2.2.35.1 = gost_256A" "\n" + "1.2.643.2.2.36.0 = gost_256A" "\n" + + "0.4.0.127.0.7.3.1.2.1 = CertificateHolderAuthorizationTemplate" "\n" + ; } } diff --git a/src/lib/asn1/oid_lookup/oids.cpp b/src/lib/asn1/oid_lookup/oids.cpp index 6584e8682..5859e118e 100644 --- a/src/lib/asn1/oid_lookup/oids.cpp +++ b/src/lib/asn1/oid_lookup/oids.cpp @@ -6,7 +6,9 @@ */ #include <botan/oids.h> +#include <botan/parsing.h> #include <mutex> +#include <sstream> namespace Botan { @@ -74,23 +76,65 @@ class OID_Map return m_str2oid.find(str) != m_str2oid.end(); } + static OID_Map& global_registry() + { + static OID_Map g_map; + return g_map; + } + + void read_cfg(std::istream& cfg, const std::string& source); + private: + + OID_Map() + { + std::istringstream cfg(default_oid_list()); + read_cfg(cfg, "builtin"); + } + std::mutex m_mutex; std::map<std::string, OID> m_str2oid; std::map<OID, std::string> m_oid2str; }; -OID_Map& global_oid_map() +void OID_Map::read_cfg(std::istream& cfg, const std::string& source) { - static OID_Map map; - return map; + std::lock_guard<std::mutex> lock(m_mutex); + + size_t line = 0; + + while(cfg.good()) + { + std::string s; + std::getline(cfg, s); + ++line; + + if(s == "" || s[0] == '#') + continue; + + s = clean_ws(s.substr(0, s.find('#'))); + + if(s == "") + continue; + + auto eq = s.find("="); + + if(eq == std::string::npos || eq == 0 || eq == s.size() - 1) + throw std::runtime_error("Bad config line '" + s + "' in " + source + " line " + std::to_string(line)); + + const std::string oid = clean_ws(s.substr(0, eq)); + const std::string name = clean_ws(s.substr(eq + 1, std::string::npos)); + + m_str2oid.insert(std::make_pair(name, oid)); + m_oid2str.insert(std::make_pair(oid, name)); + } } } void add_oid(const OID& oid, const std::string& name) { - global_oid_map().add_oid(oid, name); + OID_Map::global_registry().add_oid(oid, name); } void add_oidstr(const char* oidstr, const char* name) @@ -100,27 +144,27 @@ void add_oidstr(const char* oidstr, const char* name) void add_oid2str(const OID& oid, const std::string& name) { - global_oid_map().add_oid2str(oid, name); + OID_Map::global_registry().add_oid2str(oid, name); } void add_str2oid(const OID& oid, const std::string& name) { - global_oid_map().add_str2oid(oid, name); + OID_Map::global_registry().add_str2oid(oid, name); } std::string lookup(const OID& oid) { - return global_oid_map().lookup(oid); + return OID_Map::global_registry().lookup(oid); } OID lookup(const std::string& name) { - return global_oid_map().lookup(name); + return OID_Map::global_registry().lookup(name); } bool have_oid(const std::string& name) { - return global_oid_map().have_oid(name); + return OID_Map::global_registry().have_oid(name); } bool name_of(const OID& oid, const std::string& name) diff --git a/src/lib/asn1/oid_lookup/oids.h b/src/lib/asn1/oid_lookup/oids.h index 28f22447b..e3caff50e 100644 --- a/src/lib/asn1/oid_lookup/oids.h +++ b/src/lib/asn1/oid_lookup/oids.h @@ -56,7 +56,7 @@ BOTAN_DLL OID lookup(const std::string& name); */ BOTAN_DLL bool name_of(const OID& oid, const std::string& name); -BOTAN_DLL void set_defaults(); +BOTAN_DLL const char* default_oid_list(); } diff --git a/src/lib/algo_base/algo_registry.h b/src/lib/base/algo_registry.h index 5fa2eed71..9582180bd 100644 --- a/src/lib/algo_base/algo_registry.h +++ b/src/lib/base/algo_registry.h @@ -17,8 +17,6 @@ namespace Botan { -size_t static_provider_weight(const std::string& prov_name); - template<typename T> class Algo_Registry { @@ -33,26 +31,19 @@ class Algo_Registry return g_registry; } - void add(const std::string& name, const std::string& provider, maker_fn fn) + void add(const std::string& name, const std::string& provider, maker_fn fn, byte pref) { std::unique_lock<std::mutex> lock(m_mutex); - - if(!m_maker_fns[name][provider]) - m_maker_fns[name][provider] = fn; + m_algo_info[name].add_provider(provider, fn, pref); } - std::vector<std::string> providers(const std::string& basename) const + std::vector<std::string> providers_of(const Spec& spec) { std::unique_lock<std::mutex> lock(m_mutex); - - std::vector<std::string> v; - auto i = m_maker_fns.find(basename); - if(i != m_maker_fns.end()) - { - for(auto&& prov : i->second) - v.push_back(prov); - } - return v; + auto i = m_algo_info.find(spec.algo_name()); + if(i != m_algo_info.end()) + return i->second.providers(); + return std::vector<std::string>(); } T* make(const Spec& spec, const std::string& provider = "") @@ -65,7 +56,6 @@ class Algo_Registry } catch(std::exception& e) { - //return nullptr; // ?? throw std::runtime_error("Creating '" + spec.as_string() + "' failed: " + e.what()); } } @@ -73,15 +63,15 @@ class Algo_Registry class Add { public: - Add(const std::string& basename, maker_fn fn, const std::string& provider = "builtin") + Add(const std::string& basename, maker_fn fn, const std::string& provider = "builtin", byte pref = 128) { - Algo_Registry<T>::global_registry().add(basename, provider, fn); + Algo_Registry<T>::global_registry().add(basename, provider, fn, pref); } - Add(bool cond, const std::string& basename, maker_fn fn, const std::string& provider) + Add(bool cond, const std::string& basename, maker_fn fn, const std::string& provider, byte pref) { if(cond) - Algo_Registry<T>::global_registry().add(basename, provider, fn); + Algo_Registry<T>::global_registry().add(basename, provider, fn, pref); } }; @@ -90,43 +80,67 @@ class Algo_Registry maker_fn find_maker(const Spec& spec, const std::string& provider) { - const std::string basename = spec.algo_name(); - std::unique_lock<std::mutex> lock(m_mutex); - auto makers = m_maker_fns.find(basename); + return m_algo_info[spec.algo_name()].get_maker(provider); + } - if(makers != m_maker_fns.end() && !makers->second.empty()) - { - const auto& providers = makers->second; + struct Algo_Info + { + public: + void add_provider(const std::string& provider, maker_fn fn, byte pref = 128) + { + if(m_maker_fns.count(provider) > 0) + throw std::runtime_error("Duplicated registration of '" + provider + "'"); + + m_maker_fns[provider] = std::make_pair(pref, fn); + } + + std::vector<std::string> providers() const + { + std::vector<std::string> v; + for(auto&& k : m_maker_fns) + v.push_back(k.first); + return v; + } - if(provider != "") + void set_pref(const std::string& provider, byte val) { - // find one explicit provider requested by user, or fail - auto i = providers.find(provider); - if(i != providers.end()) - return i->second; + m_maker_fns[provider].first = val; } - else + + maker_fn get_maker(const std::string& req_provider) { - if(providers.size() == 1) + maker_fn null_result = [](const Spec&) { return nullptr; }; + + if(req_provider != "") { - return providers.begin()->second; + // find one explicit provider requested by user or fail + auto i = m_maker_fns.find(req_provider); + if(i != m_maker_fns.end()) + return i->second.second; + return null_result; } - else if(providers.size() > 1) + + size_t pref = 255; + maker_fn result = null_result; + + for(auto&& i : m_maker_fns) { - // TODO choose best of available options (how?) - //throw std::runtime_error("multiple choice not implemented"); - return providers.begin()->second; + if(i.second.first < pref) + { + pref = i.second.first; + result = i.second.second; + } } - } - } - // Default result is a function producing a null pointer - return [](const Spec&) { return nullptr; }; - } + return result; + } + private: + std::unordered_map<std::string, std::pair<byte, maker_fn>> m_maker_fns; // provider -> (pref, creator fn) + }; std::mutex m_mutex; - std::unordered_map<std::string, std::unordered_map<std::string, maker_fn>> m_maker_fns; + std::unordered_map<std::string, Algo_Info> m_algo_info; }; template<typename T> T* @@ -135,6 +149,11 @@ make_a(const typename T::Spec& spec, const std::string provider = "") return Algo_Registry<T>::global_registry().make(spec, provider); } +template<typename T> std::vector<std::string> providers_of(const typename T::Spec& spec) + { + return Algo_Registry<T>::global_registry().providers_of(spec); + } + template<typename T> T* make_new_T(const typename Algo_Registry<T>::Spec&) { return new T; } @@ -182,8 +201,8 @@ make_new_T_1X(const typename Algo_Registry<T>::Spec& spec) #define BOTAN_REGISTER_NAMED_T_NOARGS(T, type, name, provider) \ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T<type>, provider); } -#define BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, T, type, name, provider) \ - namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, make_new_T<type>, provider); } +#define BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, T, type, name, provider, pref) \ + namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, make_new_T<type>, provider, pref); } #define BOTAN_REGISTER_NAMED_T_2LEN(T, type, name, provider, len1, len2) \ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T_2len<type, len1, len2>, provider); } diff --git a/src/lib/libstate/botan.h b/src/lib/base/botan.h index d586f5a21..0d8749155 100644 --- a/src/lib/libstate/botan.h +++ b/src/lib/base/botan.h @@ -8,9 +8,7 @@ #ifndef BOTAN_BOTAN_H__ #define BOTAN_BOTAN_H__ -#include <botan/init.h> #include <botan/lookup.h> -#include <botan/libstate.h> #include <botan/version.h> #include <botan/parsing.h> diff --git a/src/lib/algo_base/buf_comp.h b/src/lib/base/buf_comp.h index 5d11fdb73..5d11fdb73 100644 --- a/src/lib/algo_base/buf_comp.h +++ b/src/lib/base/buf_comp.h diff --git a/src/lib/base/info.txt b/src/lib/base/info.txt new file mode 100644 index 000000000..581c40fe0 --- /dev/null +++ b/src/lib/base/info.txt @@ -0,0 +1,29 @@ +<header:public> +botan.h +buf_comp.h +init.h +key_spec.h +lookup.h +scan_name.h +sym_algo.h +symkey.h +transform.h +</header:public> + +<header:internal> +algo_registry.h +</header:internal> + +define TRANSFORM 20131209 + +<requires> +alloc +block +hash +hex +mac +modes +rng +stream +utils +</requires> diff --git a/src/lib/base/init.h b/src/lib/base/init.h new file mode 100644 index 000000000..96e676d63 --- /dev/null +++ b/src/lib/base/init.h @@ -0,0 +1,33 @@ +/* +* Library Initialization +* (C) 1999-2008,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_LIBRARY_INITIALIZER_H__ +#define BOTAN_LIBRARY_INITIALIZER_H__ + +#include <botan/types.h> +#include <string> + +namespace Botan { + +/* +* Previously botan had state whose lifetime had to be explicitly +* managed by the application. As of 1.11.14 this is no longer the +* case, and this class is no longer needed and kept only for backwards +* compatability. +*/ +class BOTAN_DLL LibraryInitializer + { + public: + LibraryInitializer(const std::string& = "") {} + ~LibraryInitializer() {} + static void initialize(const std::string& = "") {} + static void deinitialize() {} + }; + +} + +#endif diff --git a/src/lib/algo_base/key_spec.h b/src/lib/base/key_spec.h index 78b6b8a23..78b6b8a23 100644 --- a/src/lib/algo_base/key_spec.h +++ b/src/lib/base/key_spec.h diff --git a/src/lib/base/lookup.cpp b/src/lib/base/lookup.cpp new file mode 100644 index 000000000..e82866e37 --- /dev/null +++ b/src/lib/base/lookup.cpp @@ -0,0 +1,78 @@ +/* +* Algorithm Retrieval +* (C) 1999-2007,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/lookup.h> +#include <botan/internal/algo_registry.h> +#include <botan/cipher_mode.h> +#include <botan/transform_filter.h> +#include <botan/block_cipher.h> +#include <botan/stream_cipher.h> +#include <botan/hash.h> +#include <botan/mac.h> +#include <botan/pbkdf.h> + +namespace Botan { + +Transform* get_transform(const std::string& specstr, + const std::string& provider, + const std::string& dirstr) + { + Algo_Registry<Transform>::Spec spec(specstr, dirstr); + return Algo_Registry<Transform>::global_registry().make(spec, provider); + } + +BlockCipher* get_block_cipher(const std::string& algo_spec, const std::string& provider) + { + return make_a<BlockCipher>(algo_spec, provider); + } + +StreamCipher* get_stream_cipher(const std::string& algo_spec, const std::string& provider) + { + return make_a<StreamCipher>(algo_spec, provider); + } + +HashFunction* get_hash_function(const std::string& algo_spec, const std::string& provider) + { + return make_a<HashFunction>(algo_spec, provider); + } + +MessageAuthenticationCode* get_mac(const std::string& algo_spec, const std::string& provider) + { + return make_a<MessageAuthenticationCode>(algo_spec, provider); + } + +std::vector<std::string> get_block_cipher_providers(const std::string& algo_spec) + { + return providers_of<BlockCipher>(BlockCipher::Spec(algo_spec)); + } + +std::vector<std::string> get_stream_cipher_providers(const std::string& algo_spec) + { + return providers_of<StreamCipher>(StreamCipher::Spec(algo_spec)); + } + +std::vector<std::string> get_hash_function_providers(const std::string& algo_spec) + { + return providers_of<HashFunction>(HashFunction::Spec(algo_spec)); + } + +std::vector<std::string> get_mac_providers(const std::string& algo_spec) + { + return providers_of<MessageAuthenticationCode>(MessageAuthenticationCode::Spec(algo_spec)); + } + +/* +* Get a PBKDF algorithm by name +*/ +PBKDF* get_pbkdf(const std::string& algo_spec, const std::string& provider) + { + if(PBKDF* pbkdf = make_a<PBKDF>(algo_spec, provider)) + return pbkdf; + throw Algorithm_Not_Found(algo_spec); + } + +} diff --git a/src/lib/base/lookup.h b/src/lib/base/lookup.h new file mode 100644 index 000000000..c50186e35 --- /dev/null +++ b/src/lib/base/lookup.h @@ -0,0 +1,82 @@ +/* +* Algorithm Lookup +* (C) 1999-2007,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_LOOKUP_H__ +#define BOTAN_LOOKUP_H__ + +#include <botan/symkey.h> +#include <string> + +namespace Botan { + +class BlockCipher; +class StreamCipher; +class HashFunction; +class MessageAuthenticationCode; +class PBKDF; + +/* +* Get an algorithm object +* NOTE: these functions create and return new objects, letting the +* caller assume ownership of them +*/ + +/** +* Block cipher factory method. +* +* @param algo_spec the name of the desired block cipher +* @return pointer to the block cipher object +*/ +BOTAN_DLL BlockCipher* get_block_cipher(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_block_cipher_providers(const std::string& algo_spec); + +/** +* Stream cipher factory method. +* +* @param algo_spec the name of the desired stream cipher +* @return pointer to the stream cipher object +*/ +BOTAN_DLL StreamCipher* get_stream_cipher(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_stream_cipher_providers(const std::string& algo_spec); + +/** +* Hash function factory method. +* +* @param algo_spec the name of the desired hash function +* @return pointer to the hash function object +*/ +BOTAN_DLL HashFunction* get_hash_function(const std::string& algo_spec, const std::string& provider = ""); + +inline HashFunction* get_hash(const std::string& algo_spec, const std::string& provider = "") + { + return get_hash_function(algo_spec, provider); + } + +BOTAN_DLL std::vector<std::string> get_hash_function_providers(const std::string& algo_spec); + +/** +* MAC factory method. +* +* @param algo_spec the name of the desired MAC +* @return pointer to the MAC object +*/ +BOTAN_DLL MessageAuthenticationCode* get_mac(const std::string& algo_spec, const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> get_mac_providers(const std::string& algo_spec); + +/** +* Password based key derivation function factory method +* @param algo_spec the name of the desired PBKDF algorithm +* @return pointer to newly allocated object of that type +*/ +BOTAN_DLL PBKDF* get_pbkdf(const std::string& algo_spec, const std::string& provider = ""); + +} + +#endif diff --git a/src/lib/algo_base/scan_name.cpp b/src/lib/base/scan_name.cpp index f433a10aa..4b0c95004 100644 --- a/src/lib/algo_base/scan_name.cpp +++ b/src/lib/base/scan_name.cpp @@ -1,6 +1,6 @@ /* * SCAN Name Abstraction -* (C) 2008-2009 Jack Lloyd +* (C) 2008-2009,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -62,9 +62,6 @@ deref_aliases(const std::pair<size_t, std::string>& in) } -std::mutex SCAN_Name::s_alias_map_mutex; -std::map<std::string, std::string> SCAN_Name::s_alias_map; - SCAN_Name::SCAN_Name(std::string algo_spec, const std::string& extra) : SCAN_Name(algo_spec) { alg_name += extra; @@ -178,57 +175,47 @@ size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const return to_u32bit(args[i]); } +std::mutex SCAN_Name::g_alias_map_mutex; +std::map<std::string, std::string> SCAN_Name::g_alias_map = { + { "3DES", "TripleDES" }, + { "ARC4", "RC4" }, + { "CAST5", "CAST-128" }, + { "DES-EDE", "TripleDES" }, + { "EME-OAEP", "OAEP" }, + { "EME-PKCS1-v1_5", "PKCS1v15" }, + { "EME1", "OAEP" }, + { "EMSA-PKCS1-v1_5", "EMSA_PKCS1" }, + { "EMSA-PSS", "PSSR" }, + { "EMSA2", "EMSA_X931" }, + { "EMSA3", "EMSA_PKCS1" }, + { "EMSA4", "PSSR" }, + { "GOST-34.11", "GOST-R-34.11-94" }, + { "MARK-4", "RC4(256)" }, + { "OMAC", "CMAC" }, + { "PSS-MGF1", "PSSR" }, + { "SHA-1", "SHA-160" }, + { "SHA1", "SHA-160" }, + { "X9.31", "EMSA2" } +}; + void SCAN_Name::add_alias(const std::string& alias, const std::string& basename) { - std::lock_guard<std::mutex> lock(s_alias_map_mutex); + std::lock_guard<std::mutex> lock(g_alias_map_mutex); - if(s_alias_map.find(alias) == s_alias_map.end()) - s_alias_map[alias] = basename; + if(g_alias_map.find(alias) == g_alias_map.end()) + g_alias_map[alias] = basename; } std::string SCAN_Name::deref_alias(const std::string& alias) { - std::lock_guard<std::mutex> lock(s_alias_map_mutex); + std::lock_guard<std::mutex> lock(g_alias_map_mutex); std::string name = alias; - for(auto i = s_alias_map.find(name); i != s_alias_map.end(); i = s_alias_map.find(name)) + for(auto i = g_alias_map.find(name); i != g_alias_map.end(); i = g_alias_map.find(name)) name = i->second; return name; } -void SCAN_Name::set_default_aliases() - { - // common variations worth supporting - SCAN_Name::add_alias("EME-PKCS1-v1_5", "PKCS1v15"); - SCAN_Name::add_alias("3DES", "TripleDES"); - SCAN_Name::add_alias("DES-EDE", "TripleDES"); - SCAN_Name::add_alias("CAST5", "CAST-128"); - SCAN_Name::add_alias("SHA1", "SHA-160"); - SCAN_Name::add_alias("SHA-1", "SHA-160"); - SCAN_Name::add_alias("MARK-4", "RC4(256)"); - SCAN_Name::add_alias("ARC4", "RC4"); - SCAN_Name::add_alias("OMAC", "CMAC"); - - SCAN_Name::add_alias("EMSA-PSS", "PSSR"); - SCAN_Name::add_alias("PSS-MGF1", "PSSR"); - SCAN_Name::add_alias("EME-OAEP", "OAEP"); - - SCAN_Name::add_alias("EMSA2", "EMSA_X931"); - SCAN_Name::add_alias("EMSA3", "EMSA_PKCS1"); - SCAN_Name::add_alias("EMSA-PKCS1-v1_5", "EMSA_PKCS1"); - - // should be renamed in sources - SCAN_Name::add_alias("X9.31", "EMSA2"); - - // kept for compatability with old library versions - SCAN_Name::add_alias("EMSA4", "PSSR"); - SCAN_Name::add_alias("EME1", "OAEP"); - - // probably can be removed - SCAN_Name::add_alias("GOST", "GOST-28147-89"); - SCAN_Name::add_alias("GOST-34.11", "GOST-R-34.11-94"); - } - } diff --git a/src/lib/algo_base/scan_name.h b/src/lib/base/scan_name.h index f1a79816d..cc89bf998 100644 --- a/src/lib/algo_base/scan_name.h +++ b/src/lib/base/scan_name.h @@ -1,6 +1,6 @@ /* * SCAN Name Abstraction -* (C) 2008 Jack Lloyd +* (C) 2008,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -106,11 +106,9 @@ class BOTAN_DLL SCAN_Name static void add_alias(const std::string& alias, const std::string& basename); static std::string deref_alias(const std::string& alias); - - static void set_default_aliases(); private: - static std::mutex s_alias_map_mutex; - static std::map<std::string, std::string> s_alias_map; + static std::mutex g_alias_map_mutex; + static std::map<std::string, std::string> g_alias_map; std::string orig_algo_spec; std::string alg_name; diff --git a/src/lib/algo_base/sym_algo.h b/src/lib/base/sym_algo.h index 7c37b2a47..7c37b2a47 100644 --- a/src/lib/algo_base/sym_algo.h +++ b/src/lib/base/sym_algo.h diff --git a/src/lib/algo_base/symkey.cpp b/src/lib/base/symkey.cpp index 0cb0d9e35..0cb0d9e35 100644 --- a/src/lib/algo_base/symkey.cpp +++ b/src/lib/base/symkey.cpp diff --git a/src/lib/algo_base/symkey.h b/src/lib/base/symkey.h index f49bf226f..f49bf226f 100644 --- a/src/lib/algo_base/symkey.h +++ b/src/lib/base/symkey.h diff --git a/src/lib/algo_base/transform.h b/src/lib/base/transform.h index 75bd5004a..75bd5004a 100644 --- a/src/lib/algo_base/transform.h +++ b/src/lib/base/transform.h diff --git a/src/lib/benchmark/benchmark.cpp b/src/lib/benchmark/benchmark.cpp index 8e0c9fdf2..3e8a29349 100644 --- a/src/lib/benchmark/benchmark.cpp +++ b/src/lib/benchmark/benchmark.cpp @@ -6,10 +6,11 @@ */ #include <botan/benchmark.h> +#include <botan/internal/algo_registry.h> #include <botan/buf_comp.h> +#include <botan/cipher_mode.h> #include <botan/block_cipher.h> #include <botan/stream_cipher.h> -#include <botan/aead.h> #include <botan/hash.h> #include <botan/mac.h> #include <vector> @@ -17,6 +18,8 @@ namespace Botan { +namespace { + double time_op(std::chrono::nanoseconds runtime, std::function<void ()> op) { std::chrono::nanoseconds time_used(0); @@ -40,7 +43,6 @@ double time_op(std::chrono::nanoseconds runtime, std::function<void ()> op) std::map<std::string, double> time_algorithm_ops(const std::string& name, - Algorithm_Factory& af, const std::string& provider, RandomNumberGenerator& rng, std::chrono::nanoseconds runtime, @@ -53,9 +55,9 @@ time_algorithm_ops(const std::string& name, const double mb_mult = buffer.size() / static_cast<double>(Mebibyte); - if(const BlockCipher* proto = af.prototype_block_cipher(name, provider)) + if(BlockCipher* p = make_a<BlockCipher>(name, provider)) { - std::unique_ptr<BlockCipher> bc(proto->clone()); + std::unique_ptr<BlockCipher> bc(p); const SymmetricKey key(rng, bc->maximum_keylength()); @@ -65,9 +67,9 @@ time_algorithm_ops(const std::string& name, { "decrypt", mb_mult * time_op(runtime / 2, [&]() { bc->decrypt(buffer); }) }, }); } - else if(const StreamCipher* proto = af.prototype_stream_cipher(name, provider)) + else if(StreamCipher* p = make_a<StreamCipher>(name, provider)) { - std::unique_ptr<StreamCipher> sc(proto->clone()); + std::unique_ptr<StreamCipher> sc(p); const SymmetricKey key(rng, sc->maximum_keylength()); @@ -76,17 +78,17 @@ time_algorithm_ops(const std::string& name, { "", mb_mult * time_op(runtime, [&]() { sc->encipher(buffer); }) }, }); } - else if(const HashFunction* proto = af.prototype_hash_function(name, provider)) + else if(HashFunction* p = make_a<HashFunction>(name, provider)) { - std::unique_ptr<HashFunction> h(proto->clone()); + std::unique_ptr<HashFunction> h(p); return std::map<std::string, double>({ { "", mb_mult * time_op(runtime, [&]() { h->update(buffer); }) }, }); } - else if(const MessageAuthenticationCode* proto = af.prototype_mac(name, provider)) + else if(MessageAuthenticationCode* p = make_a<MessageAuthenticationCode>(name, provider)) { - std::unique_ptr<MessageAuthenticationCode> mac(proto->clone()); + std::unique_ptr<MessageAuthenticationCode> mac(p); const SymmetricKey key(rng, mac->maximum_keylength()); @@ -115,8 +117,6 @@ time_algorithm_ops(const std::string& name, return std::map<std::string, double>(); } -namespace { - double find_first_in(const std::map<std::string, double>& m, const std::vector<std::string>& keys) { @@ -127,19 +127,33 @@ double find_first_in(const std::map<std::string, double>& m, return i->second; } - throw std::runtime_error("algorithm_factory no usable keys found in result"); + throw std::runtime_error("In algo benchmark no usable keys found in result"); + } + +std::set<std::string> get_all_providers_of(const std::string& algo) + { + std::set<std::string> provs; + + auto add_to_set = [&provs](const std::vector<std::string>& str) { for(auto&& s : str) { provs.insert(s); } }; + + add_to_set(Algo_Registry<BlockCipher>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<StreamCipher>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<HashFunction>::global_registry().providers_of(algo)); + add_to_set(Algo_Registry<MessageAuthenticationCode>::global_registry().providers_of(algo)); + + return provs; } } std::map<std::string, double> algorithm_benchmark(const std::string& name, - Algorithm_Factory& af, RandomNumberGenerator& rng, std::chrono::milliseconds milliseconds, size_t buf_size) { - const std::vector<std::string> providers = af.providers_of(name); + //Algorithm_Factory& af = global_state().algorithm_factory(); + const auto providers = get_all_providers_of(name); std::map<std::string, double> all_results; // provider -> ops/sec @@ -149,7 +163,7 @@ algorithm_benchmark(const std::string& name, for(auto provider : providers) { - auto results = time_algorithm_ops(name, af, provider, rng, ns_per_provider, buf_size); + auto results = time_algorithm_ops(name, provider, rng, ns_per_provider, buf_size); all_results[provider] = find_first_in(results, { "", "update", "encrypt" }); } } diff --git a/src/lib/benchmark/benchmark.h b/src/lib/benchmark/benchmark.h index 8dda48497..3fa020e1b 100644 --- a/src/lib/benchmark/benchmark.h +++ b/src/lib/benchmark/benchmark.h @@ -8,7 +8,6 @@ #ifndef BOTAN_RUNTIME_BENCHMARK_H__ #define BOTAN_RUNTIME_BENCHMARK_H__ -#include <botan/algo_factory.h> #include <botan/rng.h> #include <map> #include <string> @@ -17,24 +16,6 @@ namespace Botan { /** -* Time aspects of an algorithm/provider -* @param name the name of the algorithm to test -* @param af the algorithm factory used to create objects -* @param provider the provider to use -* @param rng the rng to use to generate random inputs -* @param runtime total time for the benchmark to run -* @param buf_size size of buffer to benchmark against, in KiB -* @return results a map from op type to operations per second -*/ -std::map<std::string, double> -BOTAN_DLL time_algorithm_ops(const std::string& name, - Algorithm_Factory& af, - const std::string& provider, - RandomNumberGenerator& rng, - std::chrono::nanoseconds runtime, - size_t buf_size); - -/** * Algorithm benchmark * @param name the name of the algorithm to test (cipher, hash, or MAC) * @param af the algorithm factory used to create objects @@ -45,14 +26,10 @@ BOTAN_DLL time_algorithm_ops(const std::string& name, */ std::map<std::string, double> BOTAN_DLL algorithm_benchmark(const std::string& name, - Algorithm_Factory& af, RandomNumberGenerator& rng, std::chrono::milliseconds milliseconds, size_t buf_size); -double BOTAN_DLL -time_op(std::chrono::nanoseconds runtime, std::function<void ()> op); - } #endif diff --git a/src/lib/benchmark/info.txt b/src/lib/benchmark/info.txt index 264811d99..6a2aaf476 100644 --- a/src/lib/benchmark/info.txt +++ b/src/lib/benchmark/info.txt @@ -1,9 +1,7 @@ define RUNTIME_BENCHMARKING 20131128 <requires> -algo_factory block -algo_base hash mac rng diff --git a/src/lib/block/aes_ni/aes_ni.cpp b/src/lib/block/aes_ni/aes_ni.cpp index 256895148..96a629d06 100644 --- a/src/lib/block/aes_ni/aes_ni.cpp +++ b/src/lib/block/aes_ni/aes_ni.cpp @@ -12,9 +12,9 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_128_NI, "AES-128", "aes_ni"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_192_NI, "AES-192", "aes_ni"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_256_NI, "AES-256", "aes_ni"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_128_NI, "AES-128", "aes_ni", 16); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_192_NI, "AES-192", "aes_ni", 16); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_aes_ni(), AES_256_NI, "AES-256", "aes_ni", 16); namespace { diff --git a/src/lib/block/aes_ni/info.txt b/src/lib/block/aes_ni/info.txt index 270b00d9d..11bf90390 100644 --- a/src/lib/block/aes_ni/info.txt +++ b/src/lib/block/aes_ni/info.txt @@ -3,7 +3,3 @@ define AES_NI 20131128 load_on auto need_isa aesni - -<requires> -aes_isa_eng -</requires> diff --git a/src/lib/block/aes_ssse3/aes_ssse3.cpp b/src/lib/block/aes_ssse3/aes_ssse3.cpp index 6a8fb3ed8..b9731d010 100644 --- a/src/lib/block/aes_ssse3/aes_ssse3.cpp +++ b/src/lib/block/aes_ssse3/aes_ssse3.cpp @@ -17,9 +17,9 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_128_SSSE3, "AES-128", "ssse3"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_192_SSSE3, "AES-192", "ssse3"); -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_256_SSSE3, "AES-256", "ssse3"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_128_SSSE3, "AES-128", "ssse3", 64); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_192_SSSE3, "AES-192", "ssse3", 64); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_ssse3(), AES_256_SSSE3, "AES-256", "ssse3", 64); namespace { diff --git a/src/lib/block/aes_ssse3/info.txt b/src/lib/block/aes_ssse3/info.txt index 4b1aec535..9e27801e6 100644 --- a/src/lib/block/aes_ssse3/info.txt +++ b/src/lib/block/aes_ssse3/info.txt @@ -4,10 +4,6 @@ load_on auto need_isa ssse3 -<requires> -simd_engine -</requires> - # Intel C++ can't deal with syntax for defining constants :( <cc> gcc diff --git a/src/lib/block/block_utils.h b/src/lib/block/block_utils.h index c1a1e34f8..ebf6354e0 100644 --- a/src/lib/block/block_utils.h +++ b/src/lib/block/block_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_BLOCK_CIPHER_UTIL_H__ -#define BOTAN_BLOCK_CIPHER_UTIL_H__ +#ifndef BOTAN_BLOCK_CIPHER_UTILS_H__ +#define BOTAN_BLOCK_CIPHER_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> #include <botan/internal/xor_buf.h> @@ -28,8 +28,8 @@ namespace Botan { #define BOTAN_REGISTER_BLOCK_CIPHER_NAMED_1STR(type, name, def) \ BOTAN_REGISTER_NAMED_T(BlockCipher, name, type, std::bind(make_new_T_1str<type>, std::placeholders::_1, def)); -#define BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, BlockCipher, type, name, provider) +#define BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(cond, type, name, provider, pref) \ + BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, BlockCipher, type, name, provider, pref) } diff --git a/src/lib/block/idea_sse2/idea_sse2.cpp b/src/lib/block/idea_sse2/idea_sse2.cpp index 3dfd26860..af7e2182d 100644 --- a/src/lib/block/idea_sse2/idea_sse2.cpp +++ b/src/lib/block/idea_sse2/idea_sse2.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_sse2(), IDEA_SSE2, "IDEA", "sse2"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_sse2(), IDEA_SSE2, "IDEA", "sse2", 64); namespace { diff --git a/src/lib/block/info.txt b/src/lib/block/info.txt index f10acaa86..e1aa52d85 100644 --- a/src/lib/block/info.txt +++ b/src/lib/block/info.txt @@ -1,9 +1,5 @@ define BLOCK_CIPHER 20131128 -<requires> -algo_base -</requires> - <header:public> block_cipher.h </header:public> diff --git a/src/lib/block/noekeon_simd/info.txt b/src/lib/block/noekeon_simd/info.txt index 78b9d5f12..3b92eb206 100644 --- a/src/lib/block/noekeon_simd/info.txt +++ b/src/lib/block/noekeon_simd/info.txt @@ -3,5 +3,4 @@ define NOEKEON_SIMD 20131128 <requires> noekeon simd -simd_engine </requires> diff --git a/src/lib/block/noekeon_simd/noekeon_simd.cpp b/src/lib/block/noekeon_simd/noekeon_simd.cpp index d5995ee1d..a5d757d3c 100644 --- a/src/lib/block/noekeon_simd/noekeon_simd.cpp +++ b/src/lib/block/noekeon_simd/noekeon_simd.cpp @@ -11,7 +11,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Noekeon_SIMD, "Noekeon", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Noekeon_SIMD, "Noekeon", "simd32", 64); /* * Noekeon's Theta Operation diff --git a/src/lib/block/serpent_simd/info.txt b/src/lib/block/serpent_simd/info.txt index f33548823..acb0b76d8 100644 --- a/src/lib/block/serpent_simd/info.txt +++ b/src/lib/block/serpent_simd/info.txt @@ -3,7 +3,6 @@ define SERPENT_SIMD 20131128 <requires> serpent simd -simd_engine </requires> <source> diff --git a/src/lib/block/serpent_simd/serp_simd.cpp b/src/lib/block/serpent_simd/serp_simd.cpp index fa7f419fe..7b957598f 100644 --- a/src/lib/block/serpent_simd/serp_simd.cpp +++ b/src/lib/block/serpent_simd/serp_simd.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Serpent_SIMD, "Serpent", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), Serpent_SIMD, "Serpent", "simd32", 64); namespace { diff --git a/src/lib/block/threefish_avx2/threefish_avx2.cpp b/src/lib/block/threefish_avx2/threefish_avx2.cpp index 432059585..e17146162 100644 --- a/src/lib/block/threefish_avx2/threefish_avx2.cpp +++ b/src/lib/block/threefish_avx2/threefish_avx2.cpp @@ -12,7 +12,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_avx2(), Threefish_512_AVX2, "Threefish-512", "avx2"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(CPUID::has_avx2(), Threefish_512_AVX2, "Threefish-512", "avx2", 64); namespace { diff --git a/src/lib/block/xtea_simd/info.txt b/src/lib/block/xtea_simd/info.txt index 7e7d001ac..01fb4110d 100644 --- a/src/lib/block/xtea_simd/info.txt +++ b/src/lib/block/xtea_simd/info.txt @@ -3,5 +3,4 @@ define XTEA_SIMD 20131128 <requires> xtea simd -simd_engine </requires> diff --git a/src/lib/block/xtea_simd/xtea_simd.cpp b/src/lib/block/xtea_simd/xtea_simd.cpp index 6fd2f94c7..ffd2eb560 100644 --- a/src/lib/block/xtea_simd/xtea_simd.cpp +++ b/src/lib/block/xtea_simd/xtea_simd.cpp @@ -11,7 +11,7 @@ namespace Botan { -BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), XTEA_SIMD, "XTEA", "simd32"); +BOTAN_REGISTER_BLOCK_CIPHER_NOARGS_IF(SIMD_32::enabled(), XTEA_SIMD, "XTEA", "simd32", 64); namespace { diff --git a/src/lib/cert/cvc/info.txt b/src/lib/cert/cvc/info.txt index 1d8e54dc4..e3da5435e 100644 --- a/src/lib/cert/cvc/info.txt +++ b/src/lib/cert/cvc/info.txt @@ -29,7 +29,6 @@ asn1 bigint ecdsa filters -libstate oid_lookup pem pubkey diff --git a/src/lib/cert/x509/info.txt b/src/lib/cert/x509/info.txt index a74fd6631..39e51a625 100644 --- a/src/lib/cert/x509/info.txt +++ b/src/lib/cert/x509/info.txt @@ -2,6 +2,7 @@ define X509_CERTIFICATES 20131128 define OCSP 20131128 <requires> +asn1 datastor http_util </requires> diff --git a/src/lib/cert/x509/x509_ca.cpp b/src/lib/cert/x509/x509_ca.cpp index 7703c49fd..e6f689016 100644 --- a/src/lib/cert/x509/x509_ca.cpp +++ b/src/lib/cert/x509/x509_ca.cpp @@ -13,6 +13,7 @@ #include <botan/parsing.h> #include <botan/lookup.h> #include <botan/oids.h> +#include <botan/hash.h> #include <botan/key_constraint.h> #include <algorithm> #include <typeinfo> @@ -218,17 +219,16 @@ PK_Signer* choose_sig_format(const Private_Key& key, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) { - std::string padding; - const std::string algo_name = key.algo_name(); - const HashFunction* proto_hash = retrieve_hash(hash_fn); - if(!proto_hash) + std::unique_ptr<HashFunction> hash(get_hash(hash_fn)); + if(!hash) throw Algorithm_Not_Found(hash_fn); - if(key.max_input_bits() < proto_hash->output_length()*8) + if(key.max_input_bits() < hash->output_length() * 8) throw Invalid_Argument("Key is too small for chosen hash function"); + std::string padding; if(algo_name == "RSA") padding = "EMSA3"; else if(algo_name == "DSA") @@ -238,10 +238,9 @@ PK_Signer* choose_sig_format(const Private_Key& key, else throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); - Signature_Format format = - (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; + const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; - padding = padding + '(' + proto_hash->name() + ')'; + padding = padding + '(' + hash->name() + ')'; sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); sig_algo.parameters = key.algorithm_identifier().parameters; diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp index 746fc7312..71449098e 100644 --- a/src/lib/cert/x509/x509_obj.cpp +++ b/src/lib/cert/x509/x509_obj.cpp @@ -175,6 +175,8 @@ std::string X509_Object::hash_used_for_signature() const */ bool X509_Object::check_signature(const Public_Key* pub_key) const { + if(!pub_key) + throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); } diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index f901001ac..b04e7c462 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -15,6 +15,7 @@ #include <botan/lookup.h> #include <botan/oids.h> #include <botan/pem.h> +#include <botan/hash.h> #include <botan/hex.h> #include <algorithm> #include <iterator> diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index 111c4c3b7..fa6d34a2d 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -124,11 +124,18 @@ check_chain(const std::vector<X509_Certificate>& cert_path, std::unique_ptr<Public_Key> issuer_key(issuer.subject_public_key()); - if(subject.check_signature(*issuer_key) == false) + if(!issuer_key) + { status.insert(Certificate_Status_Code::SIGNATURE_ERROR); + } + else + { + if(subject.check_signature(*issuer_key) == false) + status.insert(Certificate_Status_Code::SIGNATURE_ERROR); - if(issuer_key->estimated_strength() < restrictions.minimum_key_strength()) - status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); + if(issuer_key->estimated_strength() < restrictions.minimum_key_strength()) + status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); + } // Allow untrusted hashes on self-signed roots if(!trusted_hashes.empty() && !at_self_signed_root) diff --git a/src/lib/compression/bzip2/bzip2.cpp b/src/lib/compression/bzip2/bzip2.cpp index 2d1617bce..857af10b1 100644 --- a/src/lib/compression/bzip2/bzip2.cpp +++ b/src/lib/compression/bzip2/bzip2.cpp @@ -8,7 +8,7 @@ */ #include <botan/bzip2.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #define BZ_NO_STDIO #include <bzlib.h> diff --git a/src/lib/compression/comp_util.cpp b/src/lib/compression/comp_util.cpp deleted file mode 100644 index 05c9ddb3b..000000000 --- a/src/lib/compression/comp_util.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* -* Allocation Tracker -* (C) 2014 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/comp_util.h> -#include <botan/mem_ops.h> -#include <cstdlib> - -namespace Botan { - -void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) - { - const size_t total_sz = n * size; - - void* ptr = std::malloc(total_sz); - m_current_allocs[ptr] = total_sz; - return ptr; - } - -void Compression_Alloc_Info::do_free(void* ptr) - { - if(ptr) - { - auto i = m_current_allocs.find(ptr); - - if(i == m_current_allocs.end()) - throw std::runtime_error("Compression_Alloc_Info::free got pointer not allocated by us"); - - zero_mem(ptr, i->second); - std::free(ptr); - m_current_allocs.erase(i); - } - } - -} diff --git a/src/lib/compression/comp_util.h b/src/lib/compression/compress_utils.h index 963eae642..d06971751 100644 --- a/src/lib/compression/comp_util.h +++ b/src/lib/compression/compress_utils.h @@ -1,5 +1,5 @@ /* -* Shared code for compression libraries +* Compression utility header * (C) 2014 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) @@ -9,7 +9,7 @@ #define BOTAN_COMPRESSION_UTILS_H__ #include <botan/compression.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <memory> #include <unordered_map> diff --git a/src/lib/compression/compression.cpp b/src/lib/compression/compression.cpp index e5221aba6..600f2c3ae 100644 --- a/src/lib/compression/compression.cpp +++ b/src/lib/compression/compression.cpp @@ -6,10 +6,36 @@ */ #include <botan/compression.h> -#include <botan/algo_registry.h> +#include <botan/internal/compress_utils.h> +#include <botan/mem_ops.h> +#include <cstdlib> namespace Botan { +void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) + { + const size_t total_sz = n * size; + + void* ptr = std::malloc(total_sz); + m_current_allocs[ptr] = total_sz; + return ptr; + } + +void Compression_Alloc_Info::do_free(void* ptr) + { + if(ptr) + { + auto i = m_current_allocs.find(ptr); + + if(i == m_current_allocs.end()) + throw std::runtime_error("Compression_Alloc_Info::free got pointer not allocated by us"); + + zero_mem(ptr, i->second); + std::free(ptr); + m_current_allocs.erase(i); + } + } + Transform* make_compressor(const std::string& type, size_t level) { const std::string comp_suffix = "_Compression(" + std::to_string(level) + ")"; diff --git a/src/lib/compression/info.txt b/src/lib/compression/info.txt index f1a3fa696..bfbc806c8 100644 --- a/src/lib/compression/info.txt +++ b/src/lib/compression/info.txt @@ -1,7 +1,7 @@ define COMPRESSION 20141117 <header:internal> -comp_util.h +compress_utils.h </header:internal> <header:public> diff --git a/src/lib/compression/lzma/lzma.cpp b/src/lib/compression/lzma/lzma.cpp index 69d73a3a1..c7e6ab815 100644 --- a/src/lib/compression/lzma/lzma.cpp +++ b/src/lib/compression/lzma/lzma.cpp @@ -9,7 +9,7 @@ */ #include <botan/lzma.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #include <lzma.h> namespace Botan { diff --git a/src/lib/compression/zlib/zlib.cpp b/src/lib/compression/zlib/zlib.cpp index 24e8721e3..a709526ce 100644 --- a/src/lib/compression/zlib/zlib.cpp +++ b/src/lib/compression/zlib/zlib.cpp @@ -8,7 +8,7 @@ */ #include <botan/zlib.h> -#include <botan/internal/comp_util.h> +#include <botan/internal/compress_utils.h> #include <ctime> #include <zlib.h> diff --git a/src/lib/constructs/pbes2/info.txt b/src/lib/constructs/pbes2/info.txt index e1f260966..8a1ca491e 100644 --- a/src/lib/constructs/pbes2/info.txt +++ b/src/lib/constructs/pbes2/info.txt @@ -1,7 +1,6 @@ define PKCS5_PBES2 20141119 <requires> -algo_factory asn1 block cbc diff --git a/src/lib/constructs/pbes2/pbes2.cpp b/src/lib/constructs/pbes2/pbes2.cpp index 811806891..17f14170d 100644 --- a/src/lib/constructs/pbes2/pbes2.cpp +++ b/src/lib/constructs/pbes2/pbes2.cpp @@ -6,7 +6,7 @@ */ #include <botan/pbes2.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/cipher_mode.h> #include <botan/pbkdf2.h> #include <botan/der_enc.h> diff --git a/src/lib/constructs/pbes2/pbes2.h b/src/lib/constructs/pbes2/pbes2.h index 3aa7d1159..90aa4f84b 100644 --- a/src/lib/constructs/pbes2/pbes2.h +++ b/src/lib/constructs/pbes2/pbes2.h @@ -11,7 +11,6 @@ #include <botan/secmem.h> #include <botan/transform.h> #include <botan/alg_id.h> -#include <botan/algo_factory.h> #include <chrono> namespace Botan { diff --git a/src/lib/constructs/rfc3394/info.txt b/src/lib/constructs/rfc3394/info.txt index 4b62b16e3..8cd5989ca 100644 --- a/src/lib/constructs/rfc3394/info.txt +++ b/src/lib/constructs/rfc3394/info.txt @@ -1 +1,5 @@ define RFC3394_KEYWRAP 20131128 + +<requires> +aes +</requires> diff --git a/src/lib/constructs/rfc3394/rfc3394.cpp b/src/lib/constructs/rfc3394/rfc3394.cpp index 6c8b62219..422f2a2dd 100644 --- a/src/lib/constructs/rfc3394/rfc3394.cpp +++ b/src/lib/constructs/rfc3394/rfc3394.cpp @@ -6,7 +6,7 @@ */ #include <botan/rfc3394.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/block_cipher.h> #include <botan/loadstor.h> #include <botan/exceptn.h> diff --git a/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp b/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp deleted file mode 100644 index d581b65ad..000000000 --- a/src/lib/engine/aes_isa_eng/aes_isa_engine.cpp +++ /dev/null @@ -1,23 +0,0 @@ -/* -* Engine for AES instructions -* (C) 2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/aes_isa_engine.h> -#include <botan/algo_registry.h> - -namespace Botan { - -BlockCipher* -AES_ISA_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(BlockCipher* c = Algo_Registry<BlockCipher>::global_registry().make(request, "aes_ni")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/aes_isa_eng/aes_isa_engine.h b/src/lib/engine/aes_isa_eng/aes_isa_engine.h deleted file mode 100644 index 298574543..000000000 --- a/src/lib/engine/aes_isa_eng/aes_isa_engine.h +++ /dev/null @@ -1,30 +0,0 @@ -/* -* Engine for AES instructions -* (C) 2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_AES_ISA_ENGINE_H__ -#define BOTAN_AES_ISA_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for implementations that hook into CPU-specific -* AES implementations (eg AES-NI, VIA C7, or AMD Geode) -*/ -class AES_ISA_Engine : public Engine - { - public: - std::string provider_name() const { return "aes_isa"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/engine/aes_isa_eng/info.txt b/src/lib/engine/aes_isa_eng/info.txt deleted file mode 100644 index 4284e75bd..000000000 --- a/src/lib/engine/aes_isa_eng/info.txt +++ /dev/null @@ -1,11 +0,0 @@ -define ENGINE_AES_ISA 20131128 - -load_on dep - -<source> -aes_isa_engine.cpp -</source> - -<header:internal> -aes_isa_engine.h -</header:internal> diff --git a/src/lib/engine/asm_engine/asm_engine.cpp b/src/lib/engine/asm_engine/asm_engine.cpp deleted file mode 100644 index d30bae035..000000000 --- a/src/lib/engine/asm_engine/asm_engine.cpp +++ /dev/null @@ -1,39 +0,0 @@ -/* -* Assembly Implementation Engine -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/asm_engine.h> -#include <botan/algo_registry.h> - -namespace Botan { - -BlockCipher* -Assembler_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& block_cipher = Algo_Registry<BlockCipher>::global_registry(); - - if(BlockCipher* c = block_cipher.make(request, "x86-32")) - return c; - - return nullptr; - } - -HashFunction* -Assembler_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& hash_fns = Algo_Registry<HashFunction>::global_registry(); - if(HashFunction* c = hash_fns.make(request, "x86-64")) - return c; - - if(HashFunction* c = hash_fns.make(request, "x86-32")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/asm_engine/asm_engine.h b/src/lib/engine/asm_engine/asm_engine.h deleted file mode 100644 index 02e629e98..000000000 --- a/src/lib/engine/asm_engine/asm_engine.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* Assembly Implementation Engine -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_X86_32_ASM_ENGINE_H__ -#define BOTAN_X86_32_ASM_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for x86-32 specific implementations -*/ -class Assembler_Engine : public Engine - { - public: - std::string provider_name() const { return "asm"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/engine/asm_engine/info.txt b/src/lib/engine/asm_engine/info.txt deleted file mode 100644 index 185656e3d..000000000 --- a/src/lib/engine/asm_engine/info.txt +++ /dev/null @@ -1,11 +0,0 @@ -define ENGINE_ASSEMBLER 20131128 - -load_on dep - -<source> -asm_engine.cpp -</source> - -<header:internal> -asm_engine.h -</header:internal> diff --git a/src/lib/engine/core_engine/core_engine.h b/src/lib/engine/core_engine/core_engine.h deleted file mode 100644 index c98ee031b..000000000 --- a/src/lib/engine/core_engine/core_engine.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Core Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_CORE_ENGINE_H__ -#define BOTAN_CORE_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Core Engine -*/ -class Core_Engine : public Engine - { - public: - std::string provider_name() const override { return "core"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - StreamCipher* find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const override; - - MessageAuthenticationCode* find_mac(const SCAN_Name& request, - Algorithm_Factory&) const override; - - PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override; - }; - -} - -#endif diff --git a/src/lib/engine/core_engine/info.txt b/src/lib/engine/core_engine/info.txt deleted file mode 100644 index c726464f4..000000000 --- a/src/lib/engine/core_engine/info.txt +++ /dev/null @@ -1,18 +0,0 @@ -define CORE_ENGINE 20131128 - -<header:internal> -core_engine.h -</header:internal> - -<source> -lookup_block.cpp -lookup_hash.cpp -lookup_mac.cpp -lookup_stream.cpp -lookup_pbkdf.cpp -</source> - -<requires> -algo_factory -libstate -</requires> diff --git a/src/lib/engine/core_engine/lookup_block.cpp b/src/lib/engine/core_engine/lookup_block.cpp deleted file mode 100644 index 98186403e..000000000 --- a/src/lib/engine/core_engine/lookup_block.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* -* Block Cipher Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -BlockCipher* Core_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(BlockCipher* c = Algo_Registry<BlockCipher>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_hash.cpp b/src/lib/engine/core_engine/lookup_hash.cpp deleted file mode 100644 index ed48c3549..000000000 --- a/src/lib/engine/core_engine/lookup_hash.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* -* Hash Algorithms Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -HashFunction* Core_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(HashFunction* c = Algo_Registry<HashFunction>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_mac.cpp b/src/lib/engine/core_engine/lookup_mac.cpp deleted file mode 100644 index 1336cee5f..000000000 --- a/src/lib/engine/core_engine/lookup_mac.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* -* MAC Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -MessageAuthenticationCode* -Core_Engine::find_mac(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(MessageAuthenticationCode* m = Algo_Registry<MessageAuthenticationCode>::global_registry().make(request, "builtin")) - return m; - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_pbkdf.cpp b/src/lib/engine/core_engine/lookup_pbkdf.cpp deleted file mode 100644 index 1dc40322c..000000000 --- a/src/lib/engine/core_engine/lookup_pbkdf.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* -* PBKDF Lookup -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_factory.h> - -#if defined(BOTAN_HAS_PBKDF1) - #include <botan/pbkdf1.h> -#endif - -#if defined(BOTAN_HAS_PBKDF2) - #include <botan/pbkdf2.h> -#endif - -namespace Botan { - -PBKDF* Core_Engine::find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const - { -#if defined(BOTAN_HAS_PBKDF1) - if(algo_spec.algo_name() == "PBKDF1" && algo_spec.arg_count() == 1) - return new PKCS5_PBKDF1(af.make_hash_function(algo_spec.arg(0))); -#endif - -#if defined(BOTAN_HAS_PBKDF2) - if(algo_spec.algo_name() == "PBKDF2" && algo_spec.arg_count() == 1) - { - if(const MessageAuthenticationCode* mac_proto = af.prototype_mac(algo_spec.arg(0))) - return new PKCS5_PBKDF2(mac_proto->clone()); - - return new PKCS5_PBKDF2(af.make_mac("HMAC(" + algo_spec.arg(0) + ")")); - } -#endif - - return nullptr; - } - -} diff --git a/src/lib/engine/core_engine/lookup_stream.cpp b/src/lib/engine/core_engine/lookup_stream.cpp deleted file mode 100644 index 068db7def..000000000 --- a/src/lib/engine/core_engine/lookup_stream.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* -* Stream Cipher Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/core_engine.h> -#include <botan/scan_name.h> -#include <botan/algo_registry.h> - -namespace Botan { - -/* -* Look for an algorithm with this name -*/ -StreamCipher* -Core_Engine::find_stream_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(StreamCipher* c = Algo_Registry<StreamCipher>::global_registry().make(request, "builtin")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/dyn_engine/dyn_engine.cpp b/src/lib/engine/dyn_engine/dyn_engine.cpp deleted file mode 100644 index ad74370a2..000000000 --- a/src/lib/engine/dyn_engine/dyn_engine.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/** -* Dynamically Loaded Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/dyn_engine.h> -#include <botan/internal/dyn_load.h> - -namespace Botan { - -namespace { - -extern "C" { - typedef Engine* (*creator_func)(void); - typedef u32bit (*module_version_func)(void); -} - -} - -Dynamically_Loaded_Engine::Dynamically_Loaded_Engine( - const std::string& library_path) : - engine(nullptr) - { - lib = new Dynamically_Loaded_Library(library_path); - - try - { - module_version_func get_version = - lib->resolve<module_version_func>("module_version"); - - const u32bit mod_version = get_version(); - - if(mod_version != 20101003) - throw std::runtime_error("Incompatible version in " + - library_path + " of " + - std::to_string(mod_version)); - - creator_func creator = - lib->resolve<creator_func>("create_engine"); - - engine = creator(); - - if(!engine) - throw std::runtime_error("Creator function in " + - library_path + " failed"); - } - catch(...) - { - delete lib; - lib = nullptr; - throw; - } - } - -Dynamically_Loaded_Engine::~Dynamically_Loaded_Engine() - { - delete engine; - delete lib; - } - -} diff --git a/src/lib/engine/dyn_engine/dyn_engine.h b/src/lib/engine/dyn_engine/dyn_engine.h deleted file mode 100644 index d40df5663..000000000 --- a/src/lib/engine/dyn_engine/dyn_engine.h +++ /dev/null @@ -1,72 +0,0 @@ -/** -* Dynamically Loaded Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_DYN_LOADED_ENGINE_H__ -#define BOTAN_DYN_LOADED_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Dynamically_Loaded_Engine just proxies the requests to the underlying -* Engine object, and handles load/unload details -*/ -class BOTAN_DLL Dynamically_Loaded_Engine : public Engine - { - public: - /** - * @param lib_path full pathname to DLL to load - */ - Dynamically_Loaded_Engine(const std::string& lib_path); - - Dynamically_Loaded_Engine(const Dynamically_Loaded_Engine&) = delete; - - Dynamically_Loaded_Engine& operator=(const Dynamically_Loaded_Engine&) = delete; - - ~Dynamically_Loaded_Engine(); - - std::string provider_name() const override { return engine->provider_name(); } - - BlockCipher* find_block_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_block_cipher(algo_spec, af); - } - - StreamCipher* find_stream_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_stream_cipher(algo_spec, af); - } - - HashFunction* find_hash(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_hash(algo_spec, af); - } - - MessageAuthenticationCode* find_mac(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_mac(algo_spec, af); - } - - PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const override - { - return engine->find_pbkdf(algo_spec, af); - } - - private: - class Dynamically_Loaded_Library* lib; - Engine* engine; - }; - -} - -#endif diff --git a/src/lib/engine/dyn_engine/info.txt b/src/lib/engine/dyn_engine/info.txt deleted file mode 100644 index 54379f501..000000000 --- a/src/lib/engine/dyn_engine/info.txt +++ /dev/null @@ -1,14 +0,0 @@ -define DYNAMICALLY_LOADED_ENGINE 20131128 - -<header:public> -dyn_engine.h -</header:public> - -<source> -dyn_engine.cpp -</source> - -<requires> -engine -dyn_load -</requires> diff --git a/src/lib/engine/engine.cpp b/src/lib/engine/engine.cpp deleted file mode 100644 index 7aab64cad..000000000 --- a/src/lib/engine/engine.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* -* Engine -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/engine.h> - -namespace Botan { - -BlockCipher* -Engine::find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -StreamCipher* -Engine::find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -HashFunction* -Engine::find_hash(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -MessageAuthenticationCode* -Engine::find_mac(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -PBKDF* -Engine::find_pbkdf(const SCAN_Name&, - Algorithm_Factory&) const - { - return nullptr; - } - -} diff --git a/src/lib/engine/engine.h b/src/lib/engine/engine.h deleted file mode 100644 index 7fe11c12e..000000000 --- a/src/lib/engine/engine.h +++ /dev/null @@ -1,88 +0,0 @@ -/* -* Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ENGINE_H__ -#define BOTAN_ENGINE_H__ - -#include <botan/scan_name.h> -#include <botan/block_cipher.h> -#include <botan/stream_cipher.h> -#include <botan/hash.h> -#include <botan/mac.h> -#include <botan/pbkdf.h> -#include <botan/pow_mod.h> -#include <botan/pk_keys.h> - -namespace Botan { - -class Algorithm_Factory; -class RandomNumberGenerator; - -/** -* Base class for all engines. All non-pure virtual functions simply -* return NULL, indicating the algorithm in question is not -* supported. Subclasses can reimplement whichever function(s) -* they want to hook in a particular type. -*/ -class BOTAN_DLL Engine - { - public: - virtual ~Engine() {} - - /** - * @return name of this engine - */ - virtual std::string provider_name() const = 0; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual BlockCipher* - find_block_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual StreamCipher* - find_stream_cipher(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual HashFunction* - find_hash(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual MessageAuthenticationCode* - find_mac(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - - /** - * @param algo_spec the algorithm name/specification - * @param af an algorithm factory object - * @return newly allocated object, or NULL - */ - virtual PBKDF* find_pbkdf(const SCAN_Name& algo_spec, - Algorithm_Factory& af) const; - }; - -} - -#endif diff --git a/src/lib/engine/info.txt b/src/lib/engine/info.txt deleted file mode 100644 index 800a007a1..000000000 --- a/src/lib/engine/info.txt +++ /dev/null @@ -1,20 +0,0 @@ -define ENGINES 20131128 - -<header:public> -engine.h -</header:public> - -<source> -engine.cpp -</source> - -<requires> -block -hash -libstate -mac -numbertheory -pbkdf -pubkey -stream -</requires> diff --git a/src/lib/engine/openssl/info.txt b/src/lib/engine/openssl/info.txt deleted file mode 100644 index c1be7bf9b..000000000 --- a/src/lib/engine/openssl/info.txt +++ /dev/null @@ -1,21 +0,0 @@ -define ENGINE_OPENSSL 20131128 - -load_on request - -<libs> -all -> crypto -</libs> - -<header:internal> -openssl_engine.h -</header:internal> - -<source> -ossl_arc4.cpp -ossl_bc.cpp -ossl_md.cpp -</source> - -<requires> -bigint -</requires> diff --git a/src/lib/engine/openssl/openssl_engine.h b/src/lib/engine/openssl/openssl_engine.h deleted file mode 100644 index 3e3940499..000000000 --- a/src/lib/engine/openssl/openssl_engine.h +++ /dev/null @@ -1,34 +0,0 @@ -/* -* OpenSSL Engine -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ENGINE_OPENSSL_H__ -#define BOTAN_ENGINE_OPENSSL_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* OpenSSL Engine -*/ -class OpenSSL_Engine : public Engine - { - public: - std::string provider_name() const override { return "openssl"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - StreamCipher* find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - HashFunction* find_hash(const SCAN_Name&, Algorithm_Factory&) const override; - }; - -} - -#endif diff --git a/src/lib/engine/simd_engine/info.txt b/src/lib/engine/simd_engine/info.txt deleted file mode 100644 index 2063c9dfe..000000000 --- a/src/lib/engine/simd_engine/info.txt +++ /dev/null @@ -1,15 +0,0 @@ -define ENGINE_SIMD 20131128 - -load_on dep - -<source> -simd_engine.cpp -</source> - -<header:internal> -simd_engine.h -</header:internal> - -<requires> -simd -</requires> diff --git a/src/lib/engine/simd_engine/simd_engine.cpp b/src/lib/engine/simd_engine/simd_engine.cpp deleted file mode 100644 index f60c5beb2..000000000 --- a/src/lib/engine/simd_engine/simd_engine.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* -* SIMD Engine -* (C) 1999-2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/simd_engine.h> -#include <botan/algo_registry.h> -#include <botan/cpuid.h> - -namespace Botan { - -BlockCipher* -SIMD_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - auto& block_cipher = Algo_Registry<BlockCipher>::global_registry(); - - if(BlockCipher* c = block_cipher.make(request, "avx2")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "ssse3")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "sse2")) - return c; - - if(BlockCipher* c = block_cipher.make(request, "simd32")) - return c; - - return nullptr; - } - -HashFunction* -SIMD_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(HashFunction* c = Algo_Registry<HashFunction>::global_registry().make(request, "sse2")) - return c; - - return nullptr; - } - -} diff --git a/src/lib/engine/simd_engine/simd_engine.h b/src/lib/engine/simd_engine/simd_engine.h deleted file mode 100644 index 3429e0fbd..000000000 --- a/src/lib/engine/simd_engine/simd_engine.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* SIMD Assembly Engine -* (C) 1999-2009 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_SIMD_ENGINE_H__ -#define BOTAN_SIMD_ENGINE_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* Engine for implementations that use some kind of SIMD -*/ -class SIMD_Engine : public Engine - { - public: - std::string provider_name() const { return "simd"; } - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const; - - HashFunction* find_hash(const SCAN_Name& request, - Algorithm_Factory&) const; - }; - -} - -#endif diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp index 36ad70e3a..1595935d2 100644 --- a/src/lib/entropy/egd/es_egd.cpp +++ b/src/lib/entropy/egd/es_egd.cpp @@ -139,6 +139,8 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { const size_t READ_ATTEMPT = 32; + std::lock_guard<std::mutex> lock(m_mutex); + secure_vector<byte>& io_buffer = accum.get_io_buffer(READ_ATTEMPT); for(size_t i = 0; i != sockets.size(); ++i) diff --git a/src/lib/entropy/egd/es_egd.h b/src/lib/entropy/egd/es_egd.h index d6cce8b7c..5afdc5a41 100644 --- a/src/lib/entropy/egd/es_egd.h +++ b/src/lib/entropy/egd/es_egd.h @@ -41,6 +41,7 @@ class EGD_EntropySource : public EntropySource int m_fd; // cached fd }; + std::mutex m_mutex; std::vector<EGD_Socket> sockets; }; diff --git a/src/lib/entropy/egd/info.txt b/src/lib/entropy/egd/info.txt index b93c4526d..bdf6db71e 100644 --- a/src/lib/entropy/egd/info.txt +++ b/src/lib/entropy/egd/info.txt @@ -1,5 +1,7 @@ define ENTROPY_SRC_EGD 20131128 +load_on request + <source> es_egd.cpp </source> diff --git a/src/lib/entropy/entropy_src.h b/src/lib/entropy/entropy_src.h index 77f822bbf..2bd7d42e5 100644 --- a/src/lib/entropy/entropy_src.h +++ b/src/lib/entropy/entropy_src.h @@ -84,6 +84,8 @@ class BOTAN_DLL Entropy_Accumulator class BOTAN_DLL EntropySource { public: + static void poll_available_sources(class Entropy_Accumulator& accum); + /** * @return name identifying this entropy source */ diff --git a/src/lib/libstate/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp index de146d0ba..67bced409 100644 --- a/src/lib/libstate/entropy_srcs.cpp +++ b/src/lib/entropy/entropy_srcs.cpp @@ -1,11 +1,11 @@ /* -* Global PRNG -* (C) 2008-2010 Jack Lloyd +* Entropy Source Polling +* (C) 2008-2010,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ -#include <botan/libstate.h> +#include <botan/entropy_src.h> #if defined(BOTAN_HAS_ENTROPY_SRC_HIGH_RESOLUTION_TIMER) #include <botan/internal/hres_timer.h> @@ -45,7 +45,9 @@ namespace Botan { -std::vector<std::unique_ptr<EntropySource>> Library_State::entropy_sources() +namespace { + +std::vector<std::unique_ptr<EntropySource>> get_default_entropy_sources() { std::vector<std::unique_ptr<EntropySource>> sources; @@ -100,19 +102,22 @@ std::vector<std::unique_ptr<EntropySource>> Library_State::entropy_sources() return sources; } -void Library_State::poll_available_sources(class Entropy_Accumulator& accum) +} + +//static +void EntropySource::poll_available_sources(class Entropy_Accumulator& accum) { - std::lock_guard<std::mutex> lock(m_entropy_src_mutex); + static std::vector<std::unique_ptr<EntropySource>> g_sources(get_default_entropy_sources()); - if(m_sources.empty()) + if(g_sources.empty()) throw std::runtime_error("No entropy sources enabled at build time, poll failed"); size_t poll_attempt = 0; while(!accum.polling_goal_achieved() && poll_attempt < 16) { - const size_t src_idx = poll_attempt % m_sources.size(); - m_sources[src_idx]->poll(accum); + const size_t src_idx = poll_attempt % g_sources.size(); + g_sources[src_idx]->poll(accum); ++poll_attempt; } } diff --git a/src/lib/entropy/info.txt b/src/lib/entropy/info.txt index d991577f7..77c2669e9 100644 --- a/src/lib/entropy/info.txt +++ b/src/lib/entropy/info.txt @@ -1,3 +1 @@ -<requires> -algo_base -</requires> +define ENTROPY_SOURCE 20150201 diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp index 95dc4e8e3..616c76ea3 100644 --- a/src/lib/entropy/proc_walk/proc_walk.cpp +++ b/src/lib/entropy/proc_walk/proc_walk.cpp @@ -120,6 +120,8 @@ void ProcWalking_EntropySource::poll(Entropy_Accumulator& accum) const size_t MAX_FILES_READ_PER_POLL = 2048; const double ENTROPY_ESTIMATE = 1.0 / (8*1024); + std::lock_guard<std::mutex> lock(m_mutex); + if(!m_dir) m_dir.reset(new Directory_Walker(m_path)); diff --git a/src/lib/entropy/proc_walk/proc_walk.h b/src/lib/entropy/proc_walk/proc_walk.h index 047fb3bb9..218cd752a 100644 --- a/src/lib/entropy/proc_walk/proc_walk.h +++ b/src/lib/entropy/proc_walk/proc_walk.h @@ -34,6 +34,7 @@ class ProcWalking_EntropySource : public EntropySource private: const std::string m_path; + std::mutex m_mutex; std::unique_ptr<File_Descriptor_Source> m_dir; }; diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp index 3f4cd3567..f7583cf23 100644 --- a/src/lib/entropy/unix_procs/unix_procs.cpp +++ b/src/lib/entropy/unix_procs/unix_procs.cpp @@ -69,7 +69,7 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum) { static std::atomic<int> last_pid; - + int pid = ::getpid(); accum.add(pid, 0.0); @@ -186,11 +186,12 @@ const std::vector<std::string>& Unix_EntropySource::next_source() void Unix_EntropySource::poll(Entropy_Accumulator& accum) { - // refuse to run as root (maybe instead setuid to nobody before exec?) - // fixme: this should also check for setgid - if(::getuid() == 0 || ::geteuid() == 0) + // refuse to run setuid or setgid, or as root + if((getuid() != geteuid()) || (getgid() != getegid()) || (geteuid() == 0)) return; + std::lock_guard<std::mutex> lock(m_mutex); + if(m_sources.empty()) { auto sources = get_default_sources(); diff --git a/src/lib/entropy/unix_procs/unix_procs.h b/src/lib/entropy/unix_procs/unix_procs.h index 11dbead65..00ebe13ad 100644 --- a/src/lib/entropy/unix_procs/unix_procs.h +++ b/src/lib/entropy/unix_procs/unix_procs.h @@ -67,6 +67,7 @@ class Unix_EntropySource : public EntropySource const std::vector<std::string>& next_source(); + std::mutex m_mutex; const std::vector<std::string> m_trusted_paths; const size_t m_concurrent; diff --git a/src/lib/filters/aead_filt/aead_filt.h b/src/lib/filters/aead_filt.h index a97b580bd..a97b580bd 100644 --- a/src/lib/filters/aead_filt/aead_filt.h +++ b/src/lib/filters/aead_filt.h diff --git a/src/lib/filters/aead_filt/info.txt b/src/lib/filters/aead_filt/info.txt deleted file mode 100644 index 891f2c167..000000000 --- a/src/lib/filters/aead_filt/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define AEAD_FILTER 20131128 - -<requires> -aead -</requires> diff --git a/src/lib/filters/algo_filt.cpp b/src/lib/filters/algo_filt.cpp index 828f15155..c1f7b00e2 100644 --- a/src/lib/filters/algo_filt.cpp +++ b/src/lib/filters/algo_filt.cpp @@ -6,7 +6,7 @@ */ #include <botan/filters.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <algorithm> namespace Botan { diff --git a/src/lib/filters/info.txt b/src/lib/filters/info.txt index 7bb98a516..da6827833 100644 --- a/src/lib/filters/info.txt +++ b/src/lib/filters/info.txt @@ -8,6 +8,7 @@ comp_filter.cpp data_snk.cpp data_src.cpp filter.cpp +key_filt.cpp out_buf.cpp pipe.cpp pipe_io.cpp @@ -36,14 +37,6 @@ out_buf.h </header:internal> <requires> -alloc -asn1 -block compression -hash -libstate -mac -rng -stream -algo_base +modes </requires> diff --git a/src/lib/filters/key_filt.h b/src/lib/filters/key_filt.h index c2a1fd92b..96b472b7e 100644 --- a/src/lib/filters/key_filt.h +++ b/src/lib/filters/key_filt.h @@ -57,6 +57,52 @@ class BOTAN_DLL Keyed_Filter : public Filter { return (length == 0); } }; + + +/* +* Get a cipher object +*/ + +/** +* Factory method for general symmetric cipher filters. +* @param algo_spec the name of the desired cipher +* @param key the key to be used for encryption/decryption performed by +* the filter +* @param iv the initialization vector to be used +* @param direction determines whether the filter will be an encrypting +* or decrypting filter +* @return pointer to newly allocated encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + const SymmetricKey& key, + const InitializationVector& iv, + Cipher_Dir direction); + +/** +* Factory method for general symmetric cipher filters. +* @param algo_spec the name of the desired cipher +* @param key the key to be used for encryption/decryption performed by +* the filter +* @param direction determines whether the filter will be an encrypting +* or decrypting filter +* @return pointer to the encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + const SymmetricKey& key, + Cipher_Dir direction); + +/** +* Factory method for general symmetric cipher filters. No key will be +* set in the filter. +* +* @param algo_spec the name of the desired cipher +* @param direction determines whether the filter will be an encrypting or +* decrypting filter +* @return pointer to the encryption or decryption filter +*/ +BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, + Cipher_Dir direction); + } #endif diff --git a/src/lib/hash/hash_utils.h b/src/lib/hash/hash_utils.h index 00eabe820..3286b0087 100644 --- a/src/lib/hash/hash_utils.h +++ b/src/lib/hash/hash_utils.h @@ -5,11 +5,11 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_HASH_UTIL_H__ -#define BOTAN_HASH_UTIL_H__ +#ifndef BOTAN_HASH_UTILS_H__ +#define BOTAN_HASH_UTILS_H__ #include <botan/hash.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> @@ -25,8 +25,8 @@ namespace Botan { #define BOTAN_REGISTER_HASH_NAMED_1LEN(type, name, def) \ BOTAN_REGISTER_NAMED_T(HashFunction, name, type, (make_new_T_1len<type,def>)) -#define BOTAN_REGISTER_HASH_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, HashFunction, type, name, provider) +#define BOTAN_REGISTER_HASH_NOARGS_IF(cond, type, name, provider, pref) \ + BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, HashFunction, type, name, provider, pref) } diff --git a/src/lib/hash/info.txt b/src/lib/hash/info.txt index 58ff1b99f..481b39b67 100644 --- a/src/lib/hash/info.txt +++ b/src/lib/hash/info.txt @@ -1,7 +1,3 @@ -<requires> -algo_base -</requires> - <header:internal> hash_utils.h </header:internal> diff --git a/src/lib/hash/par_hash/par_hash.cpp b/src/lib/hash/par_hash/par_hash.cpp index c58b01e72..d3c641a95 100644 --- a/src/lib/hash/par_hash/par_hash.cpp +++ b/src/lib/hash/par_hash/par_hash.cpp @@ -8,7 +8,7 @@ #include <botan/internal/hash_utils.h> #include <botan/par_hash.h> #include <botan/parsing.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/hash/sha1_sse2/info.txt b/src/lib/hash/sha1_sse2/info.txt index 8d4926e63..78f5540e7 100644 --- a/src/lib/hash/sha1_sse2/info.txt +++ b/src/lib/hash/sha1_sse2/info.txt @@ -4,5 +4,4 @@ need_isa sse2 <requires> sha1 -simd_engine </requires> diff --git a/src/lib/hash/sha1_sse2/sha1_sse2.cpp b/src/lib/hash/sha1_sse2/sha1_sse2.cpp index 13cd22eeb..1fc62d957 100644 --- a/src/lib/hash/sha1_sse2/sha1_sse2.cpp +++ b/src/lib/hash/sha1_sse2/sha1_sse2.cpp @@ -14,7 +14,7 @@ namespace Botan { -BOTAN_REGISTER_HASH_NOARGS_IF(CPUID::has_sse2(), SHA_160_SSE2, "SHA-160", "sse2"); +BOTAN_REGISTER_HASH_NOARGS_IF(CPUID::has_sse2(), SHA_160_SSE2, "SHA-160", "sse2", 64); namespace SHA1_SSE2_F { diff --git a/src/lib/hash/sha1_x86_64/info.txt b/src/lib/hash/sha1_x86_64/info.txt index 54d5eefff..db7cdcb92 100644 --- a/src/lib/hash/sha1_x86_64/info.txt +++ b/src/lib/hash/sha1_x86_64/info.txt @@ -7,7 +7,6 @@ x86_64 </arch> <requires> -asm_engine asm_x86_64 sha1 </requires> diff --git a/src/lib/kdf/info.txt b/src/lib/kdf/info.txt index 91489ca24..35032e159 100644 --- a/src/lib/kdf/info.txt +++ b/src/lib/kdf/info.txt @@ -1,8 +1,7 @@ define KDF_BASE 20131128 <requires> -alloc -libstate +base </requires> <header:public> diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index e18d9ce75..793cd3d62 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -6,7 +6,7 @@ */ #include <botan/kdf.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/exceptn.h> namespace Botan { diff --git a/src/lib/kdf/kdf_utils.h b/src/lib/kdf/kdf_utils.h index bf2bfb235..f67892437 100644 --- a/src/lib/kdf/kdf_utils.h +++ b/src/lib/kdf/kdf_utils.h @@ -5,11 +5,11 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_KDF_UTIL_H__ -#define BOTAN_KDF_UTIL_H__ +#ifndef BOTAN_KDF_UTILS_H__ +#define BOTAN_KDF_UTILS_H__ #include <botan/kdf.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/exceptn.h> #include <botan/internal/xor_buf.h> diff --git a/src/lib/libstate/global_state.cpp b/src/lib/libstate/global_state.cpp deleted file mode 100644 index b9b755d87..000000000 --- a/src/lib/libstate/global_state.cpp +++ /dev/null @@ -1,88 +0,0 @@ -/* -* Global State Management -* (C) 2010,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/global_state.h> -#include <botan/libstate.h> -#include <memory> -#include <mutex> - -namespace Botan { - -namespace Global_State_Management { - -namespace { - -std::mutex g_lib_state_mutex; -std::unique_ptr<Library_State> g_lib_state; - -} - -/* -* Access the global state object -*/ -Library_State& global_state() - { - // @todo use double checked locking? (Is this safe in C++11 mm?) - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - - /* Lazy initialization. Botan still needs to be deinitialized later - on or memory might leak. - */ - if(!g_lib_state) - { - g_lib_state.reset(new Library_State); - g_lib_state->initialize(); - } - - return (*g_lib_state); - } - -/* -* Set a new global state object -*/ -void set_global_state(Library_State* state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - g_lib_state.reset(state); - } - -/* -* Set a new global state object unless one already existed -*/ -bool set_global_state_unless_set(Library_State* state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - - if(g_lib_state) - return false; - - g_lib_state.reset(state); - return true; - } - -/* -* Swap two global state objects -*/ -Library_State* swap_global_state(Library_State* new_state) - { - std::lock_guard<std::mutex> lock(g_lib_state_mutex); - Library_State* old_state = g_lib_state.release(); - g_lib_state.reset(new_state); - return old_state; - } - -/* -* Query if library is initialized -*/ -bool global_state_exists() - { - return (g_lib_state != nullptr); - } - -} - -} diff --git a/src/lib/libstate/global_state.h b/src/lib/libstate/global_state.h deleted file mode 100644 index 6597b6606..000000000 --- a/src/lib/libstate/global_state.h +++ /dev/null @@ -1,69 +0,0 @@ -/* -* Global State Management -* (C) 2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_GLOBAL_STATE_H__ -#define BOTAN_GLOBAL_STATE_H__ - -#include <botan/build.h> - -namespace Botan { - -/* -* Forward declare to avoid recursive dependency between this header -* and libstate.h -*/ -class Library_State; - -/** -* Namespace for management of the global state -*/ -namespace Global_State_Management { - -/** -* Access the global library state -* @return reference to the global library state -*/ -BOTAN_DLL Library_State& global_state(); - -/** -* Set the global state object -* @param state the new global state to use -*/ -BOTAN_DLL void set_global_state(Library_State* state); - -/** -* Set the global state object unless it is already set -* @param state the new global state to use -* @return true if the state parameter is now being used as the global -* state, or false if one was already set, in which case the -* parameter was deleted immediately -*/ -BOTAN_DLL bool set_global_state_unless_set(Library_State* state); - -/** -* Swap the current state for another -* @param new_state the new state object to use -* @return previous state (or NULL if none) -*/ -BOTAN_DLL Library_State* swap_global_state(Library_State* new_state); - -/** -* Query if the library is currently initialized -* @return true iff the library is initialized -*/ -BOTAN_DLL bool global_state_exists(); - -} - -/* -* Insert into Botan ns for convenience/backwards compatability -*/ -using Global_State_Management::global_state; - -} - -#endif diff --git a/src/lib/libstate/info.txt b/src/lib/libstate/info.txt deleted file mode 100644 index 49a6d38ee..000000000 --- a/src/lib/libstate/info.txt +++ /dev/null @@ -1,21 +0,0 @@ -load_on always - -<requires> -algo_factory -alloc -bigint -block -core_engine -engine -filters -hash -hmac -kdf -mac -mode_pad -pbkdf -pk_pad -pubkey -rng -stream -</requires> diff --git a/src/lib/libstate/init.cpp b/src/lib/libstate/init.cpp deleted file mode 100644 index 6155b3bd2..000000000 --- a/src/lib/libstate/init.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Library initialization -* (C) 1999-2009.2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/init.h> -#include <botan/libstate.h> -#include <botan/global_state.h> - -namespace Botan { - -LibraryInitializer::LibraryInitializer() - { - /* - This two stage initialization process is because Library_State's - constructor will implicitly refer to global state through the - allocators and so forth, so global_state() has to be a valid - reference before initialize() can be called. Yeah, gross. - */ - m_owned = Global_State_Management::set_global_state_unless_set(new Library_State); - - if(m_owned) - { - try - { - global_state().initialize(); - } - catch(...) - { - Global_State_Management::set_global_state(nullptr); - throw; - } - } - } - -LibraryInitializer::~LibraryInitializer() - { - if(m_owned) - Global_State_Management::set_global_state(nullptr); - } - -} diff --git a/src/lib/libstate/init.h b/src/lib/libstate/init.h deleted file mode 100644 index 46bcc66fa..000000000 --- a/src/lib/libstate/init.h +++ /dev/null @@ -1,31 +0,0 @@ -/* -* Library Initialization -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LIBRARY_INITIALIZER_H__ -#define BOTAN_LIBRARY_INITIALIZER_H__ - -#include <botan/build.h> -#include <string> - -namespace Botan { - -/** -* This class represents the Library Initialization/Shutdown Object. It -* has to exceed the lifetime of any Botan object used in an application. -*/ -class BOTAN_DLL LibraryInitializer - { - public: - LibraryInitializer(); - ~LibraryInitializer(); - private: - bool m_owned; - }; - -} - -#endif diff --git a/src/lib/libstate/libstate.cpp b/src/lib/libstate/libstate.cpp deleted file mode 100644 index a5010fc1a..000000000 --- a/src/lib/libstate/libstate.cpp +++ /dev/null @@ -1,87 +0,0 @@ -/* -* Library Internal/Global State -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/libstate.h> -#include <botan/charset.h> -#include <botan/engine.h> -#include <botan/oids.h> -#include <botan/internal/core_engine.h> -#include <botan/internal/stl_util.h> -#include <algorithm> - -#if defined(BOTAN_HAS_ENGINE_ASSEMBLER) - #include <botan/internal/asm_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_AES_ISA) - #include <botan/internal/aes_isa_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_SIMD) - #include <botan/internal/simd_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_GNU_MP) - #include <botan/internal/gnump_engine.h> -#endif - -#if defined(BOTAN_HAS_ENGINE_OPENSSL) - #include <botan/internal/openssl_engine.h> -#endif - -namespace Botan { - -/* -* Return a reference to the Algorithm_Factory -*/ -Algorithm_Factory& Library_State::algorithm_factory() const - { - if(!m_algorithm_factory) - throw Invalid_State("Uninitialized in Library_State::algorithm_factory"); - return *m_algorithm_factory; - } - -Library_State::~Library_State() - { - } - -void Library_State::initialize() - { - SCAN_Name::set_default_aliases(); - OIDS::set_defaults(); - - if(m_algorithm_factory.get()) - throw Invalid_State("Library_State has already been initialized"); - - m_algorithm_factory.reset(new Algorithm_Factory()); - -#if defined(BOTAN_HAS_ENGINE_GNU_MP) - algorithm_factory().add_engine(new GMP_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_OPENSSL) - algorithm_factory().add_engine(new OpenSSL_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_AES_ISA) - algorithm_factory().add_engine(new AES_ISA_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_SIMD) - algorithm_factory().add_engine(new SIMD_Engine); -#endif - -#if defined(BOTAN_HAS_ENGINE_ASSEMBLER) - algorithm_factory().add_engine(new Assembler_Engine); -#endif - - algorithm_factory().add_engine(new Core_Engine); - - m_sources = entropy_sources(); - } - -} diff --git a/src/lib/libstate/libstate.h b/src/lib/libstate/libstate.h deleted file mode 100644 index 908f92f4d..000000000 --- a/src/lib/libstate/libstate.h +++ /dev/null @@ -1,54 +0,0 @@ -/* -* Library Internal/Global State -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LIB_STATE_H__ -#define BOTAN_LIB_STATE_H__ - -#include <botan/global_state.h> -#include <botan/algo_factory.h> -#include <botan/rng.h> -#include <mutex> -#include <string> -#include <vector> -#include <map> - -namespace Botan { - -/** -* Global Library State -*/ -class BOTAN_DLL Library_State - { - public: - Library_State() {} - - ~Library_State(); - - Library_State(const Library_State&) = delete; - Library_State& operator=(const Library_State&) = delete; - - void initialize(); - - /** - * @return global Algorithm_Factory - */ - Algorithm_Factory& algorithm_factory() const; - - void poll_available_sources(class Entropy_Accumulator& accum); - - private: - static std::vector<std::unique_ptr<EntropySource>> entropy_sources(); - - std::mutex m_entropy_src_mutex; - std::vector<std::unique_ptr<EntropySource>> m_sources; - - std::unique_ptr<Algorithm_Factory> m_algorithm_factory; - }; - -} - -#endif diff --git a/src/lib/libstate/lookup.cpp b/src/lib/libstate/lookup.cpp deleted file mode 100644 index 08f0ac866..000000000 --- a/src/lib/libstate/lookup.cpp +++ /dev/null @@ -1,166 +0,0 @@ -/* -* Algorithm Retrieval -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/lookup.h> -#include <botan/cipher_mode.h> -#include <botan/filters.h> -#include <botan/libstate.h> -#include <botan/parsing.h> -#include <botan/transform_filter.h> - -#if defined(BOTAN_HAS_OFB) - #include <botan/ofb.h> -#endif - -#if defined(BOTAN_HAS_CTR_BE) - #include <botan/ctr.h> -#endif - -namespace Botan { - -/* -* Get a PBKDF algorithm by name -*/ -PBKDF* get_pbkdf(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(PBKDF* pbkdf = af.make_pbkdf(algo_spec)) - return pbkdf; - - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Query if an algorithm exists -*/ -bool have_algorithm(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(af.prototype_block_cipher(name)) - return true; - if(af.prototype_stream_cipher(name)) - return true; - if(af.prototype_hash_function(name)) - return true; - if(af.prototype_mac(name)) - return true; - return false; - } - -/* -* Query the block size of a cipher or hash -*/ -size_t block_size_of(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(const BlockCipher* cipher = af.prototype_block_cipher(name)) - return cipher->block_size(); - - if(const HashFunction* hash = af.prototype_hash_function(name)) - return hash->hash_block_size(); - - throw Algorithm_Not_Found(name); - } - -/* -* Query the output_length() of a hash or MAC -*/ -size_t output_length_of(const std::string& name) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(const HashFunction* hash = af.prototype_hash_function(name)) - return hash->output_length(); - - if(const MessageAuthenticationCode* mac = af.prototype_mac(name)) - return mac->output_length(); - - throw Algorithm_Not_Found(name); - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - Cipher_Dir direction) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - - std::unique_ptr<Cipher_Mode> c(get_cipher_mode(algo_spec, direction)); - if(c) - return new Transform_Filter(c.release()); - - std::vector<std::string> algo_parts = split_on(algo_spec, '/'); - if(algo_parts.empty()) - throw Invalid_Algorithm_Name(algo_spec); - - const std::string cipher_name = algo_parts[0]; - - // check if it is a stream cipher first (easy case) - const StreamCipher* stream_cipher = af.prototype_stream_cipher(cipher_name); - if(stream_cipher) - return new StreamCipher_Filter(stream_cipher->clone()); - - const BlockCipher* block_cipher = af.prototype_block_cipher(cipher_name); - if(!block_cipher) - return nullptr; - - if(algo_parts.size() >= 4) - return nullptr; // 4 part mode, not something we know about - - if(algo_parts.size() < 2) - throw Lookup_Error("Cipher specification '" + algo_spec + - "' is missing mode identifier"); - - const std::string mode = algo_parts[1]; - - -#if defined(BOTAN_HAS_OFB) - if(mode == "OFB") - return new StreamCipher_Filter(new OFB(block_cipher->clone())); -#endif - -#if defined(BOTAN_HAS_CTR_BE) - if(mode == "CTR-BE") - return new StreamCipher_Filter(new CTR_BE(block_cipher->clone())); -#endif - - throw Algorithm_Not_Found(algo_spec); - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - const InitializationVector& iv, - Cipher_Dir direction) - { - Keyed_Filter* cipher = get_cipher(algo_spec, direction); - cipher->set_key(key); - - if(iv.length()) - cipher->set_iv(iv); - - return cipher; - } - -/* -* Get a cipher object -*/ -Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - Cipher_Dir direction) - { - return get_cipher(algo_spec, - key, InitializationVector(), direction); - } - -} diff --git a/src/lib/libstate/lookup.h b/src/lib/libstate/lookup.h deleted file mode 100644 index 4350fbbd5..000000000 --- a/src/lib/libstate/lookup.h +++ /dev/null @@ -1,275 +0,0 @@ -/* -* Algorithm Lookup -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_LOOKUP_H__ -#define BOTAN_LOOKUP_H__ - -#include <botan/libstate.h> -#include <botan/filters.h> -#include <botan/mode_pad.h> -#include <botan/kdf.h> -#include <botan/eme.h> -#include <botan/emsa.h> -#include <botan/pbkdf.h> - -namespace Botan { - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const BlockCipher* -retrieve_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_block_cipher(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const StreamCipher* -retrieve_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_stream_cipher(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const HashFunction* -retrieve_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_hash_function(algo_spec); - } - -/** -* Retrieve an object prototype from the global factory -* @param algo_spec an algorithm name -* @return constant prototype object (use clone to create usable object), - library retains ownership -*/ -inline const MessageAuthenticationCode* -retrieve_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.prototype_mac(algo_spec); - } - -/* -* Get an algorithm object -* NOTE: these functions create and return new objects, letting the -* caller assume ownership of them -*/ - -/** -* Block cipher factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired block cipher -* @return pointer to the block cipher object -*/ -inline BlockCipher* get_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_block_cipher(algo_spec); - } - -/** -* Stream cipher factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired stream cipher -* @return pointer to the stream cipher object -*/ -inline StreamCipher* get_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_stream_cipher(algo_spec); - } - -/** -* Hash function factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired hash function -* @return pointer to the hash function object -*/ -inline HashFunction* get_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_hash_function(algo_spec); - } - -/** -* MAC factory method. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the desired MAC -* @return pointer to the MAC object -*/ -inline MessageAuthenticationCode* get_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return af.make_mac(algo_spec); - } - -/** -* Password based key derivation function factory method -* @param algo_spec the name of the desired PBKDF algorithm -* @return pointer to newly allocated object of that type -*/ -BOTAN_DLL PBKDF* get_pbkdf(const std::string& algo_spec); - -/** -* @deprecated Use get_pbkdf -* @param algo_spec the name of the desired algorithm -* @return pointer to newly allocated object of that type -*/ -inline PBKDF* get_s2k(const std::string& algo_spec) - { - return get_pbkdf(algo_spec); - } - -/* -* Get a cipher object -*/ - -/** -* Factory method for general symmetric cipher filters. -* @param algo_spec the name of the desired cipher -* @param key the key to be used for encryption/decryption performed by -* the filter -* @param iv the initialization vector to be used -* @param direction determines whether the filter will be an encrypting -* or decrypting filter -* @return pointer to newly allocated encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - const InitializationVector& iv, - Cipher_Dir direction); - -/** -* Factory method for general symmetric cipher filters. -* @param algo_spec the name of the desired cipher -* @param key the key to be used for encryption/decryption performed by -* the filter -* @param direction determines whether the filter will be an encrypting -* or decrypting filter -* @return pointer to the encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - const SymmetricKey& key, - Cipher_Dir direction); - -/** -* Factory method for general symmetric cipher filters. No key will be -* set in the filter. -* -* @param algo_spec the name of the desired cipher -* @param direction determines whether the filter will be an encrypting or -* decrypting filter -* @return pointer to the encryption or decryption filter -*/ -BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, - Cipher_Dir direction); - -/** -* Check if an algorithm exists. -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -BOTAN_DLL bool have_algorithm(const std::string& algo_spec); - -/** -* Check if a block cipher algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_block_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_block_cipher(algo_spec) != nullptr); - } - -/** -* Check if a stream cipher algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_stream_cipher(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_stream_cipher(algo_spec) != nullptr); - } - -/** -* Check if a hash algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_hash(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_hash_function(algo_spec) != nullptr); - } - -/** -* Check if a MAC algorithm exists. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm to check for -* @return true if the algorithm exists, false otherwise -*/ -inline bool have_mac(const std::string& algo_spec) - { - Algorithm_Factory& af = global_state().algorithm_factory(); - return (af.prototype_mac(algo_spec) != nullptr); - } - -/* -* Query information about an algorithm -*/ - -/** -* Find out the block size of a certain symmetric algorithm. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm -* @return block size of the specified algorithm -*/ -BOTAN_DLL size_t block_size_of(const std::string& algo_spec); - -/** -* Find out the output length of a certain symmetric algorithm. -* @deprecated Call algorithm_factory() directly -* -* @param algo_spec the name of the algorithm -* @return output length of the specified algorithm -*/ -BOTAN_DLL size_t output_length_of(const std::string& algo_spec); - -} - -#endif diff --git a/src/lib/mac/info.txt b/src/lib/mac/info.txt index 871e415ee..3931f22e2 100644 --- a/src/lib/mac/info.txt +++ b/src/lib/mac/info.txt @@ -1,7 +1,3 @@ -<requires> -algo_base -</requires> - <header:public> mac.h </header:public> diff --git a/src/lib/mac/mac_utils.h b/src/lib/mac/mac_utils.h index 84c954789..5b22da4a3 100644 --- a/src/lib/mac/mac_utils.h +++ b/src/lib/mac/mac_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_MAC_UTIL_H__ -#define BOTAN_MAC_UTIL_H__ +#ifndef BOTAN_MAC_UTILS_H__ +#define BOTAN_MAC_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/internal/xor_buf.h> #include <botan/loadstor.h> #include <botan/rotate.h> diff --git a/src/lib/mac/poly1305/poly1305_donna.h b/src/lib/mac/poly1305/poly1305_donna.h index 128d0359b..a5c9e1edf 100644 --- a/src/lib/mac/poly1305/poly1305_donna.h +++ b/src/lib/mac/poly1305/poly1305_donna.h @@ -107,7 +107,7 @@ void poly1305_finish(secure_vector<u64bit>& X, byte mac[16]) /* compute h + -p */ u64bit g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; u64bit g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; - u64bit g2 = h2 + c - ((u64bit)1 << 42); + u64bit g2 = h2 + c - (static_cast<u64bit>(1) << 42); /* select h if h < p, or h + -p if h >= p */ c = (g2 >> ((sizeof(u64bit) * 8) - 1)) - 1; diff --git a/src/lib/math/numbertheory/info.txt b/src/lib/math/numbertheory/info.txt index 62386c3bc..cf555b456 100644 --- a/src/lib/math/numbertheory/info.txt +++ b/src/lib/math/numbertheory/info.txt @@ -27,9 +27,7 @@ ressol.cpp </source> <requires> -algo_factory bigint hash -libstate rng </requires> diff --git a/src/lib/modes/cipher_mode.cpp b/src/lib/modes/cipher_mode.cpp index ded7b4c81..f568415f4 100644 --- a/src/lib/modes/cipher_mode.cpp +++ b/src/lib/modes/cipher_mode.cpp @@ -6,16 +6,17 @@ */ #include <botan/cipher_mode.h> +#include <botan/lookup.h> #include <sstream> namespace Botan { Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) { - const char* dir_string = (direction == ENCRYPTION) ? "_Encryption" : "_Decryption"; - const std::string provider = ""; + const char* dir_string = (direction == ENCRYPTION) ? "_Encryption" : "_Decryption"; + std::unique_ptr<Transform> t; t.reset(get_transform(algo_spec, provider, dir_string)); @@ -36,16 +37,19 @@ Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) if(mode_info.empty()) return nullptr; - std::ostringstream t_name; + std::ostringstream alg_args; - t_name << mode_info[0] << dir_string << '(' << cipher_name; + alg_args << '(' << cipher_name; for(size_t i = 1; i < mode_info.size(); ++i) - t_name << ',' << mode_info[i]; + alg_args << ',' << mode_info[i]; for(size_t i = 2; i < algo_parts.size(); ++i) - t_name << ',' << algo_parts[i]; - t_name << ')'; + alg_args << ',' << algo_parts[i]; + alg_args << ')'; - t.reset(get_transform(t_name.str(), provider)); + const std::string mode_name = mode_info[0] + alg_args.str(); + const std::string mode_name_directional = mode_info[0] + dir_string + alg_args.str(); + + t.reset(get_transform(mode_name_directional, provider)); if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get())) { @@ -53,6 +57,17 @@ Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction) return cipher; } + t.reset(get_transform(mode_name, provider)); + + if(Cipher_Mode* cipher = dynamic_cast<Cipher_Mode*>(t.get())) + { + t.release(); + return cipher; + } + + if(StreamCipher* stream_cipher = get_stream_cipher(mode_name, provider)) + return new Stream_Cipher_Mode(stream_cipher); + return nullptr; } diff --git a/src/lib/modes/cipher_mode.h b/src/lib/modes/cipher_mode.h index 691852214..19c0af150 100644 --- a/src/lib/modes/cipher_mode.h +++ b/src/lib/modes/cipher_mode.h @@ -9,6 +9,7 @@ #define BOTAN_CIPHER_MODE_H__ #include <botan/transform.h> +#include <botan/stream_cipher.h> namespace Botan { @@ -25,6 +26,52 @@ class BOTAN_DLL Cipher_Mode : public Keyed_Transform virtual bool authenticated() const { return false; } }; +class BOTAN_DLL Stream_Cipher_Mode : public Cipher_Mode + { + public: + Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} + + void update(secure_vector<byte>& buf, size_t offset) override + { + if(offset < buf.size()) + m_cipher->cipher1(&buf[offset], buf.size() - offset); + } + + void finish(secure_vector<byte>& buf, size_t offset) override + { return update(buf, offset); } + + size_t output_length(size_t input_length) const override { return input_length; } + + size_t update_granularity() const override { return 64; /* arbitrary */ } + + size_t minimum_final_size() const override { return 0; } + + size_t default_nonce_length() const override { return 0; } + + bool valid_nonce_length(size_t nonce_len) const override + { return m_cipher->valid_iv_length(nonce_len); } + + Key_Length_Specification key_spec() const override { return m_cipher->key_spec(); } + + std::string name() const override { return m_cipher->name(); } + + void clear() override { return m_cipher->clear(); } + + private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override + { + m_cipher->set_iv(nonce, nonce_len); + return secure_vector<byte>(); + } + + void key_schedule(const byte key[], size_t length) + { + m_cipher->set_key(key, length); + } + + std::unique_ptr<StreamCipher> m_cipher; + }; + BOTAN_DLL Cipher_Mode* get_cipher_mode(const std::string& algo_spec, Cipher_Dir direction); } diff --git a/src/lib/modes/info.txt b/src/lib/modes/info.txt index b3d6d3b5f..6ed13e782 100644 --- a/src/lib/modes/info.txt +++ b/src/lib/modes/info.txt @@ -1,6 +1,7 @@ <requires> block +stream </requires> <header:public> diff --git a/src/lib/modes/mode_utils.h b/src/lib/modes/mode_utils.h index 70c996428..ef2840000 100644 --- a/src/lib/modes/mode_utils.h +++ b/src/lib/modes/mode_utils.h @@ -9,7 +9,7 @@ #define BOTAN_MODE_UTILS_H__ #include <botan/cipher_mode.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/block_cipher.h> #include <botan/loadstor.h> #include <botan/internal/xor_buf.h> @@ -52,17 +52,17 @@ T* make_block_cipher_mode_len2(const Transform::Spec& spec) return nullptr; } -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE(E, D) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode<E>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode<D>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE(E, D) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, make_block_cipher_mode<E>); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, make_block_cipher_mode<D>); -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN(E, D, LEN) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode_len<E, LEN>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode_len<D, LEN>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN(E, D, LEN) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, (make_block_cipher_mode_len<E, LEN>)); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, (make_block_cipher_mode_len<D, LEN>)); -#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2(E, D, LEN1, LEN2) \ - namespace { Algo_Registry<Transform>::Add g_ ## E ## _reg(#E, make_block_cipher_mode_len2<E, LEN1, LEN2>); \ - Algo_Registry<Transform>::Add g_ ## D ## _reg(#D, make_block_cipher_mode_len2<D, LEN1, LEN2>); } +#define BOTAN_REGISTER_BLOCK_CIPHER_MODE_LEN2(E, D, LEN1, LEN2) \ + BOTAN_REGISTER_NAMED_T(Transform, #E, E, (make_block_cipher_mode_len2<E, LEN1, LEN2>)); \ + BOTAN_REGISTER_NAMED_T(Transform, #D, D, (make_block_cipher_mode_len2<D, LEN1, LEN2>)); } diff --git a/src/lib/engine/openssl/ossl_arc4.cpp b/src/lib/openssl/ossl_arc4.cpp index 4533c2688..4533c2688 100644 --- a/src/lib/engine/openssl/ossl_arc4.cpp +++ b/src/lib/openssl/ossl_arc4.cpp diff --git a/src/lib/engine/openssl/ossl_bc.cpp b/src/lib/openssl/ossl_bc.cpp index 8e8c6e5a8..8e8c6e5a8 100644 --- a/src/lib/engine/openssl/ossl_bc.cpp +++ b/src/lib/openssl/ossl_bc.cpp diff --git a/src/lib/engine/openssl/ossl_md.cpp b/src/lib/openssl/ossl_md.cpp index 063271151..063271151 100644 --- a/src/lib/engine/openssl/ossl_md.cpp +++ b/src/lib/openssl/ossl_md.cpp diff --git a/src/lib/passhash/bcrypt/info.txt b/src/lib/passhash/bcrypt/info.txt index 5cc246cab..4ea70d012 100644 --- a/src/lib/passhash/bcrypt/info.txt +++ b/src/lib/passhash/bcrypt/info.txt @@ -1,7 +1,6 @@ define BCRYPT 20131128 <requires> -libstate blowfish rng base64 diff --git a/src/lib/passhash/passhash9/info.txt b/src/lib/passhash/passhash9/info.txt index b02052eca..e47a27f67 100644 --- a/src/lib/passhash/passhash9/info.txt +++ b/src/lib/passhash/passhash9/info.txt @@ -1,7 +1,6 @@ define PASSHASH9 20131128 <requires> -libstate pbkdf2 rng base64 diff --git a/src/lib/pbkdf/info.txt b/src/lib/pbkdf/info.txt index d991577f7..32876bd44 100644 --- a/src/lib/pbkdf/info.txt +++ b/src/lib/pbkdf/info.txt @@ -1,3 +1,11 @@ <requires> -algo_base +base </requires> + +<header:public> +pbkdf.h +</header:public> + +<header:internal> +pbkdf_utils.h +</header:internal> diff --git a/src/lib/pbkdf/pbkdf.h b/src/lib/pbkdf/pbkdf.h index e86ad265d..ad5346e36 100644 --- a/src/lib/pbkdf/pbkdf.h +++ b/src/lib/pbkdf/pbkdf.h @@ -9,6 +9,7 @@ #define BOTAN_PBKDF_H__ #include <botan/symkey.h> +#include <botan/scan_name.h> #include <chrono> namespace Botan { @@ -24,6 +25,8 @@ class BOTAN_DLL PBKDF virtual ~PBKDF() {} + typedef SCAN_Name Spec; + /** * @return new instance of this same algorithm */ diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.cpp b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp index b21530f0c..e5dda579f 100644 --- a/src/lib/pbkdf/pbkdf1/pbkdf1.cpp +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp @@ -5,11 +5,14 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include <botan/internal/pbkdf_utils.h> #include <botan/pbkdf1.h> #include <botan/exceptn.h> namespace Botan { +BOTAN_REGISTER_PBKDF_1HASH(PKCS5_PBKDF1, "PBKDF1") + /* * Return a PKCS#5 PBKDF1 derived key */ diff --git a/src/lib/pbkdf/pbkdf2/info.txt b/src/lib/pbkdf/pbkdf2/info.txt index b13168c53..9863532b7 100644 --- a/src/lib/pbkdf/pbkdf2/info.txt +++ b/src/lib/pbkdf/pbkdf2/info.txt @@ -1,5 +1,5 @@ define PBKDF2 20131128 <requires> -mac +hmac </requires> diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp index 8ca0cbb0c..fedf036a3 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp @@ -5,13 +5,28 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include <botan/internal/pbkdf_utils.h> #include <botan/pbkdf2.h> #include <botan/get_byte.h> +#include <botan/hmac.h> #include <botan/internal/xor_buf.h> #include <botan/internal/rounding.h> namespace Botan { +BOTAN_REGISTER_NAMED_T(PBKDF, "PBKDF2", PKCS5_PBKDF2, PKCS5_PBKDF2::make); + +PKCS5_PBKDF2* PKCS5_PBKDF2::make(const Spec& spec) + { + if(auto mac = make_a<MessageAuthenticationCode>(spec.arg(0))) + return new PKCS5_PBKDF2(mac); + + if(auto hash = make_a<HashFunction>(spec.arg(0))) + return new PKCS5_PBKDF2(new HMAC(hash)); + + return nullptr; + } + /* * Return a PKCS #5 PBKDF2 derived key */ diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.h b/src/lib/pbkdf/pbkdf2/pbkdf2.h index d2ed6a08c..3d1a14fab 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.h +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.h @@ -10,6 +10,7 @@ #include <botan/pbkdf.h> #include <botan/mac.h> +#include <botan/hash.h> namespace Botan { @@ -41,6 +42,8 @@ class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF * @param mac_fn the MAC object to use as PRF */ PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : mac(mac_fn) {} + + static PKCS5_PBKDF2* make(const Spec& spec); private: std::unique_ptr<MessageAuthenticationCode> mac; }; diff --git a/src/lib/pbkdf/pbkdf_utils.h b/src/lib/pbkdf/pbkdf_utils.h new file mode 100644 index 000000000..480fc70eb --- /dev/null +++ b/src/lib/pbkdf/pbkdf_utils.h @@ -0,0 +1,23 @@ +/* +* PBKDF Utility Header +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PBKDF_UTILS_H__ +#define BOTAN_PBKDF_UTILS_H__ + +#include <botan/pbkdf.h> +#include <botan/internal/algo_registry.h> + +namespace Botan { + +#define BOTAN_REGISTER_PBKDF_1HASH(type, name) \ + BOTAN_REGISTER_NAMED_T(PBKDF, name, type, (make_new_T_1X<type, HashFunction>)) +#define BOTAN_REGISTER_PBKDF_1MAC(type, name) \ + BOTAN_REGISTER_NAMED_T(PBKDF, name, type, (make_new_T_1X<type, MessageAuthenticationCode>)) + +} + +#endif diff --git a/src/lib/pk_pad/get_pk_pad.cpp b/src/lib/pk_pad/get_pk_pad.cpp index e7f234f48..691de23e2 100644 --- a/src/lib/pk_pad/get_pk_pad.cpp +++ b/src/lib/pk_pad/get_pk_pad.cpp @@ -8,7 +8,7 @@ #include <botan/emsa.h> #include <botan/eme.h> #include <botan/scan_name.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/pk_pad/pad_utils.h b/src/lib/pk_pad/pad_utils.h index fecdea2de..2d261ffa6 100644 --- a/src/lib/pk_pad/pad_utils.h +++ b/src/lib/pk_pad/pad_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_PK_PAD_UTIL_H__ -#define BOTAN_PK_PAD_UTIL_H__ +#ifndef BOTAN_PK_PAD_UTILS_H__ +#define BOTAN_PK_PAD_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/hash_id.h> #include <botan/internal/xor_buf.h> #include <botan/loadstor.h> diff --git a/src/lib/prf/hkdf/info.txt b/src/lib/prf/hkdf/info.txt index 7389e5bb1..9c7e1fbfd 100644 --- a/src/lib/prf/hkdf/info.txt +++ b/src/lib/prf/hkdf/info.txt @@ -1 +1,6 @@ define HKDF 20131128 + +<requires> +mac +hash +</requires> diff --git a/src/lib/pubkey/blinding.cpp b/src/lib/pubkey/blinding.cpp index 61da26a04..cd2b3d118 100644 --- a/src/lib/pubkey/blinding.cpp +++ b/src/lib/pubkey/blinding.cpp @@ -8,42 +8,50 @@ #include <botan/blinding.h> #include <botan/numthry.h> +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include <botan/system_rng.h> +#else + #include <botan/auto_rng.h> +#endif + namespace Botan { -/* -* Blinder Constructor -*/ -Blinder::Blinder(const BigInt& e, const BigInt& d, const BigInt& n) +// TODO: use Montgomery + +Blinder::Blinder(const BigInt& modulus, + std::function<BigInt (const BigInt&)> fwd_func, + std::function<BigInt (const BigInt&)> inv_func) { - if(e < 1 || d < 1 || n < 1) - throw Invalid_Argument("Blinder: Arguments too small"); + m_reducer = Modular_Reducer(modulus); + +#if defined(BOTAN_HAS_SYSTEM_RNG) + auto& rng = system_rng(); +#else + AutoSeeded_RNG rng; +#endif + + const BigInt k(rng, modulus.bits() - 1); - reducer = Modular_Reducer(n); - this->e = e; - this->d = d; + m_e = fwd_func(k); + m_d = inv_func(k); } -/* -* Blind a number -*/ BigInt Blinder::blind(const BigInt& i) const { - if(!reducer.initialized()) - return i; + if(!m_reducer.initialized()) + throw std::runtime_error("Blinder not initialized, cannot blind"); - e = reducer.square(e); - d = reducer.square(d); - return reducer.multiply(i, e); + m_e = m_reducer.square(m_e); + m_d = m_reducer.square(m_d); + return m_reducer.multiply(i, m_e); } -/* -* Unblind a number -*/ BigInt Blinder::unblind(const BigInt& i) const { - if(!reducer.initialized()) - return i; - return reducer.multiply(i, d); + if(!m_reducer.initialized()) + throw std::runtime_error("Blinder not initialized, cannot unblind"); + + return m_reducer.multiply(i, m_d); } } diff --git a/src/lib/pubkey/blinding.h b/src/lib/pubkey/blinding.h index 1aa7687a9..e57c7888e 100644 --- a/src/lib/pubkey/blinding.h +++ b/src/lib/pubkey/blinding.h @@ -10,6 +10,7 @@ #include <botan/bigint.h> #include <botan/reducer.h> +#include <functional> namespace Botan { @@ -20,25 +21,20 @@ class BOTAN_DLL Blinder { public: BigInt blind(const BigInt& x) const; + BigInt unblind(const BigInt& x) const; - bool initialized() const { return reducer.initialized(); } + bool initialized() const { return m_reducer.initialized(); } Blinder() {} - /** - * Construct a blinder - * @param mask the forward (blinding) mask - * @param inverse_mask the inverse of mask (depends on algo) - * @param modulus of the group operations are performed in - */ - Blinder(const BigInt& mask, - const BigInt& inverse_mask, - const BigInt& modulus); + Blinder(const BigInt& modulus, + std::function<BigInt (const BigInt&)> fwd_func, + std::function<BigInt (const BigInt&)> inv_func); private: - Modular_Reducer reducer; - mutable BigInt e, d; + Modular_Reducer m_reducer; + mutable BigInt m_e, m_d; }; } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 8f44895ae..be411c5d8 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -11,12 +11,6 @@ #include <botan/pow_mod.h> #include <botan/blinding.h> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -96,34 +90,31 @@ class DH_KA_Operation : public PK_Ops::Key_Agreement secure_vector<byte> agree(const byte w[], size_t w_len); private: - const BigInt& p; + const BigInt& m_p; - Fixed_Exponent_Power_Mod powermod_x_p; - Blinder blinder; + Fixed_Exponent_Power_Mod m_powermod_x_p; + Blinder m_blinder; }; DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh, const std::string&) : - p(dh.group_p()), powermod_x_p(dh.get_x(), p) + m_p(dh.group_p()), + m_powermod_x_p(dh.get_x(), m_p), + m_blinder(m_p, + [](const BigInt& k) { return k; }, + [this](const BigInt& k) { return m_powermod_x_p(inverse_mod(k, m_p)); }) { -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, p.bits() - 1); - blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } secure_vector<byte> DH_KA_Operation::agree(const byte w[], size_t w_len) { BigInt input = BigInt::decode(w, w_len); - if(input <= 1 || input >= p - 1) + if(input <= 1 || input >= m_p - 1) throw Invalid_Argument("DH agreement - invalid key provided"); - BigInt r = blinder.unblind(powermod_x_p(blinder.blind(input))); + BigInt r = m_blinder.unblind(m_powermod_x_p(m_blinder.blind(input))); - return BigInt::encode_1363(r, p.bytes()); + return BigInt::encode_1363(r, m_p.bytes()); } } diff --git a/src/lib/pubkey/dh/info.txt b/src/lib/pubkey/dh/info.txt index bb2707951..13ee41d5b 100644 --- a/src/lib/pubkey/dh/info.txt +++ b/src/lib/pubkey/dh/info.txt @@ -11,6 +11,5 @@ dh.cpp <requires> dl_algo dl_group -libstate numbertheory </requires> diff --git a/src/lib/pubkey/dl_group/info.txt b/src/lib/pubkey/dl_group/info.txt index b094c03f5..66f142062 100644 --- a/src/lib/pubkey/dl_group/info.txt +++ b/src/lib/pubkey/dl_group/info.txt @@ -3,7 +3,6 @@ define DL_GROUP 20131128 <requires> asn1 bigint -libstate numbertheory pem </requires> diff --git a/src/lib/pubkey/dlies/info.txt b/src/lib/pubkey/dlies/info.txt index b159cc546..ec1bac803 100644 --- a/src/lib/pubkey/dlies/info.txt +++ b/src/lib/pubkey/dlies/info.txt @@ -2,6 +2,5 @@ define DLIES 20131128 <requires> kdf -libstate mac </requires> diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt index ad14494a2..6e0259ce2 100644 --- a/src/lib/pubkey/dsa/info.txt +++ b/src/lib/pubkey/dsa/info.txt @@ -4,7 +4,6 @@ define DSA 20131128 dl_algo dl_group keypair -libstate numbertheory rfc6979 </requires> diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index d024480bb..fc46675bd 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -10,7 +10,6 @@ #include <botan/ec_group.h> #include <botan/ber_dec.h> #include <botan/der_enc.h> -#include <botan/libstate.h> #include <botan/oids.h> #include <botan/pem.h> diff --git a/src/lib/pubkey/ec_group/info.txt b/src/lib/pubkey/ec_group/info.txt index 661f24473..c1cab112e 100644 --- a/src/lib/pubkey/ec_group/info.txt +++ b/src/lib/pubkey/ec_group/info.txt @@ -3,7 +3,6 @@ define ECC_GROUP 20131128 <requires> asn1 ec_gfp -libstate numbertheory oid_lookup pem diff --git a/src/lib/pubkey/ecdh/info.txt b/src/lib/pubkey/ecdh/info.txt index 9277aca9b..32d944728 100644 --- a/src/lib/pubkey/ecdh/info.txt +++ b/src/lib/pubkey/ecdh/info.txt @@ -5,6 +5,5 @@ alloc asn1 ec_group ecc_key -libstate numbertheory </requires> diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index d59fc1f6b..aacf8ec32 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -12,12 +12,6 @@ #include <botan/blinding.h> #include <botan/workfactor.h> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -155,13 +149,9 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, p.bits() - 1); - blinder = Blinder(k, powermod_x_p(k), p); + blinder = Blinder(p, + [](const BigInt& k) { return k; }, + [this](const BigInt& k) { return powermod_x_p(k); }); } secure_vector<byte> diff --git a/src/lib/pubkey/elgamal/info.txt b/src/lib/pubkey/elgamal/info.txt index 4fe20e828..068949c66 100644 --- a/src/lib/pubkey/elgamal/info.txt +++ b/src/lib/pubkey/elgamal/info.txt @@ -4,6 +4,5 @@ define ELGAMAL 20131128 dl_algo dl_group keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/gost_3410/info.txt b/src/lib/pubkey/gost_3410/info.txt index 63521d3dd..611449ebc 100644 --- a/src/lib/pubkey/gost_3410/info.txt +++ b/src/lib/pubkey/gost_3410/info.txt @@ -7,7 +7,6 @@ alloc asn1 ec_group ecc_key -libstate numbertheory rng </requires> diff --git a/src/lib/pubkey/if_algo/info.txt b/src/lib/pubkey/if_algo/info.txt index e4d2dbb5e..5ceec0a89 100644 --- a/src/lib/pubkey/if_algo/info.txt +++ b/src/lib/pubkey/if_algo/info.txt @@ -5,6 +5,5 @@ load_on dep <requires> asn1 bigint -libstate numbertheory </requires> diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index 4e95c3742..3ef346c30 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -29,14 +29,12 @@ pk_utils.h alloc asn1 bigint -engine filters kdf -libstate oid_lookup pbes2 pem pk_pad rng -algo_base +base </requires> diff --git a/src/lib/pubkey/keypair/info.txt b/src/lib/pubkey/keypair/info.txt index 10fb2013b..2bc9fce29 100644 --- a/src/lib/pubkey/keypair/info.txt +++ b/src/lib/pubkey/keypair/info.txt @@ -1,5 +1,4 @@ define KEYPAIR_TESTING 20131128 <requires> -libstate </requires> diff --git a/src/lib/pubkey/nr/info.txt b/src/lib/pubkey/nr/info.txt index 8c2816fe7..78ca6ef29 100644 --- a/src/lib/pubkey/nr/info.txt +++ b/src/lib/pubkey/nr/info.txt @@ -4,6 +4,5 @@ define NYBERG_RUEPPEL 20131128 dl_algo dl_group keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 61380e68d..75264d56f 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -107,7 +107,7 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, return new Curve25519_PublicKey(alg_id, key_bits); #endif - return nullptr; + throw Decoding_Error("Unhandled PK algorithm " + alg_name); } Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, @@ -168,7 +168,7 @@ Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, return new Curve25519_PrivateKey(alg_id, key_bits, rng); #endif - return nullptr; + throw Decoding_Error("Unhandled PK algorithm " + alg_name); } } diff --git a/src/lib/pubkey/pk_utils.h b/src/lib/pubkey/pk_utils.h new file mode 100644 index 000000000..2d643d862 --- /dev/null +++ b/src/lib/pubkey/pk_utils.h @@ -0,0 +1,36 @@ +/* +* Public Key Algos Utility Header +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PK_UTILS_H__ +#define BOTAN_PK_UTILS_H__ + +#include <botan/internal/algo_registry.h> +#include <botan/pk_ops.h> +#include <botan/numthry.h> +#include <algorithm> + +namespace Botan { + +template<typename OP, typename T> +OP* make_pk_op(const typename T::Spec& spec) + { + if(auto* key = dynamic_cast<const typename T::Key_Type*>(&spec.key())) + return new T(*key, spec.padding()); + return nullptr; + } + +#define BOTAN_REGISTER_PK_OP(T, NAME, TYPE) BOTAN_REGISTER_NAMED_T(T, NAME, TYPE, (make_pk_op<T, TYPE>)) + +#define BOTAN_REGISTER_PK_ENCRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Encryption, NAME, TYPE) +#define BOTAN_REGISTER_PK_DECRYPTION_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Decryption, NAME, TYPE) +#define BOTAN_REGISTER_PK_SIGNATURE_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Signature, NAME, TYPE) +#define BOTAN_REGISTER_PK_VERIFY_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Verification, NAME, TYPE) +#define BOTAN_REGISTER_PK_KEY_AGREE_OP(NAME, TYPE) BOTAN_REGISTER_PK_OP(PK_Ops::Key_Agreement, NAME, TYPE) + +} + +#endif diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index a1731c8ef..7b7b54891 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -12,7 +12,6 @@ #include <botan/oids.h> #include <botan/pem.h> #include <botan/pbes2.h> -#include <botan/libstate.h> #include <botan/scan_name.h> #include <botan/internal/pk_algs.h> @@ -44,7 +43,7 @@ secure_vector<byte> PKCS8_extract(DataSource& source, */ secure_vector<byte> PKCS8_decode( DataSource& source, - std::function<std::pair<bool,std::string> ()> get_passphrase, + std::function<std::string ()> get_passphrase, AlgorithmIdentifier& pk_alg_id) { AlgorithmIdentifier pbe_alg_id; @@ -77,49 +76,29 @@ secure_vector<byte> PKCS8_decode( throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); } - if(!is_encrypted) - key = key_data; - - const size_t MAX_TRIES = 3; - - size_t tries = 0; - while(true) + try { - try { - if(MAX_TRIES && tries >= MAX_TRIES) - break; - - if(is_encrypted) - { - std::pair<bool, std::string> pass = get_passphrase(); - - if(pass.first == false) - break; - - if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") - throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); - - key = pbes2_decrypt(key_data, pass.second, pbe_alg_id.parameters); - } - - BER_Decoder(key) - .start_cons(SEQUENCE) - .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") - .decode(pk_alg_id) - .decode(key, OCTET_STRING) - .discard_remaining() - .end_cons(); - - break; - } - catch(Decoding_Error) + if(is_encrypted) { - ++tries; + if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") + throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); + key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.parameters); } - } + else + key = key_data; - if(key.empty()) - throw Decoding_Error("PKCS #8 private key decoding failed"); + BER_Decoder(key) + .start_cons(SEQUENCE) + .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") + .decode(pk_alg_id) + .decode(key, OCTET_STRING) + .discard_remaining() + .end_cons(); + } + catch(std::exception& e) + { + throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); + } return key; } @@ -215,7 +194,7 @@ std::string PEM_encode(const Private_Key& key, */ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_pass) + std::function<std::string ()> get_pass) { AlgorithmIdentifier alg_id; secure_vector<byte> pkcs8_key = PKCS8_decode(source, get_pass, alg_id); @@ -233,38 +212,12 @@ Private_Key* load_key(DataSource& source, */ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_pass) + std::function<std::string ()> get_pass) { DataSource_Stream source(fsname, true); return PKCS8::load_key(source, rng, get_pass); } -namespace { - -class Single_Shot_Passphrase - { - public: - Single_Shot_Passphrase(const std::string& pass) : - passphrase(pass), first(true) {} - - std::pair<bool, std::string> operator()() - { - if(first) - { - first = false; - return std::make_pair(true, passphrase); - } - else - return std::make_pair(false, ""); - } - - private: - std::string passphrase; - bool first; - }; - -} - /* * Extract a private key and return it */ @@ -272,7 +225,7 @@ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(source, rng, Single_Shot_Passphrase(pass)); + return PKCS8::load_key(source, rng, [pass]() { return pass; }); } /* @@ -282,7 +235,7 @@ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(fsname, rng, Single_Shot_Passphrase(pass)); + return PKCS8::load_key(fsname, rng, [pass]() { return pass; }); } /* diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h index 0840f4a46..ac037407e 100644 --- a/src/lib/pubkey/pkcs8.h +++ b/src/lib/pubkey/pkcs8.h @@ -89,7 +89,7 @@ PEM_encode(const Private_Key& key, BOTAN_DLL Private_Key* load_key( DataSource& source, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_passphrase); + std::function<std::string ()> get_passphrase); /** Load a key from a data source. * @param source the data source providing the encoded key @@ -112,7 +112,7 @@ BOTAN_DLL Private_Key* load_key(DataSource& source, BOTAN_DLL Private_Key* load_key( const std::string& filename, RandomNumberGenerator& rng, - std::function<std::pair<bool, std::string> ()> get_passphrase); + std::function<std::string ()> get_passphrase); /** Load a key from a file. * @param filename the path to the file containing the encoded key diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index 95d61ad4c..82797094a 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -10,7 +10,7 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/internal/bit_ops.h> #if defined(BOTAN_HAS_SYSTEM_RNG) diff --git a/src/lib/pubkey/rfc6979/rfc6979.cpp b/src/lib/pubkey/rfc6979/rfc6979.cpp index 5ba2f844a..9f9bbc9c0 100644 --- a/src/lib/pubkey/rfc6979/rfc6979.cpp +++ b/src/lib/pubkey/rfc6979/rfc6979.cpp @@ -8,7 +8,7 @@ #include <botan/rfc6979.h> #include <botan/hmac_drbg.h> #include <botan/scan_name.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt index 6171642bc..264ff7c62 100644 --- a/src/lib/pubkey/rsa/info.txt +++ b/src/lib/pubkey/rsa/info.txt @@ -3,6 +3,5 @@ define RSA 20131128 <requires> if_algo keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 9393cb954..c371e20e0 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -13,12 +13,6 @@ #include <botan/reducer.h> #include <future> -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include <botan/system_rng.h> -#else - #include <botan/auto_rng.h> -#endif - namespace Botan { /* @@ -84,15 +78,11 @@ class RSA_Private_Operation m_powermod_e_n(rsa.get_e(), rsa.get_n()), m_powermod_d1_p(rsa.get_d1(), rsa.get_p()), m_powermod_d2_q(rsa.get_d2(), rsa.get_q()), - m_mod_p(rsa.get_p()) + m_mod_p(rsa.get_p()), + m_blinder(n, + [this](const BigInt& k) { return m_powermod_e_n(k); }, + [this](const BigInt& k) { return inverse_mod(k, n); }) { -#if defined(BOTAN_HAS_SYSTEM_RNG) - auto& rng = system_rng(); -#else - AutoSeeded_RNG rng; -#endif - BigInt k(rng, n.bits() - 1); - m_blinder = Blinder(m_powermod_e_n(k), inverse_mod(k, n), n); } BigInt blinded_private_op(const BigInt& m) const diff --git a/src/lib/pubkey/rw/info.txt b/src/lib/pubkey/rw/info.txt index 486ede47f..7cf1d1780 100644 --- a/src/lib/pubkey/rw/info.txt +++ b/src/lib/pubkey/rw/info.txt @@ -3,6 +3,5 @@ define RW 20131128 <requires> if_algo keypair -libstate numbertheory </requires> diff --git a/src/lib/pubkey/rw/rw.cpp b/src/lib/pubkey/rw/rw.cpp index 3c7a6250b..32ba398b0 100644 --- a/src/lib/pubkey/rw/rw.cpp +++ b/src/lib/pubkey/rw/rw.cpp @@ -80,7 +80,10 @@ class RW_Signature_Operation : public PK_Ops::Signature c(rw.get_c()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), - mod_p(rw.get_p()) + mod_p(rw.get_p()), + blinder(n, + [this](const BigInt& k) { return power_mod(k, e, n); }, + [this](const BigInt& k) { return inverse_mod(k, n); }) { } @@ -101,16 +104,8 @@ class RW_Signature_Operation : public PK_Ops::Signature secure_vector<byte> RW_Signature_Operation::sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) + RandomNumberGenerator&) { - rng.add_entropy(msg, msg_len); - - if(!blinder.initialized()) - { - BigInt k(rng, std::min<size_t>(160, n.bits() - 1)); - blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); - } - BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) diff --git a/src/lib/pubkey/x509_key.cpp b/src/lib/pubkey/x509_key.cpp index cd3da7a53..ccb94cea7 100644 --- a/src/lib/pubkey/x509_key.cpp +++ b/src/lib/pubkey/x509_key.cpp @@ -72,9 +72,9 @@ Public_Key* load_key(DataSource& source) return make_public_key(alg_id, key_bits); } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error("X.509 public key decoding failed"); + throw Decoding_Error("X.509 public key decoding failed: " + std::string(e.what())); } } diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp index d9a5a8d16..3e8d63f8d 100644 --- a/src/lib/rng/hmac_rng/hmac_rng.cpp +++ b/src/lib/rng/hmac_rng/hmac_rng.cpp @@ -1,12 +1,11 @@ /* * HMAC_RNG -* (C) 2008-2009,2013 Jack Lloyd +* (C) 2008-2009,2013,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/hmac_rng.h> -#include <botan/libstate.h> #include <botan/get_byte.h> #include <botan/entropy_src.h> #include <botan/internal/xor_buf.h> @@ -138,7 +137,7 @@ void HMAC_RNG::reseed(size_t poll_bits) return (bits_collected >= poll_bits); }); - global_state().poll_available_sources(accum); + EntropySource::poll_available_sources(accum); /* * It is necessary to feed forward poll data. Otherwise, a good poll diff --git a/src/lib/rng/rng.cpp b/src/lib/rng/rng.cpp index 8989c5026..a5222c51d 100644 --- a/src/lib/rng/rng.cpp +++ b/src/lib/rng/rng.cpp @@ -7,7 +7,7 @@ #include <botan/rng.h> #include <botan/hmac_rng.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> namespace Botan { diff --git a/src/lib/stream/info.txt b/src/lib/stream/info.txt index 15f0e91e5..8dc30936d 100644 --- a/src/lib/stream/info.txt +++ b/src/lib/stream/info.txt @@ -1,9 +1,5 @@ define STREAM_CIPHER 20131128 -<requires> -algo_base -</requires> - <header:public> stream_cipher.h </header:public> diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp deleted file mode 100644 index 72eb63b7c..000000000 --- a/src/lib/stream/stream_cipher.cpp +++ /dev/null @@ -1,24 +0,0 @@ -/* -* Stream Cipher -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/stream_cipher.h> - -namespace Botan { - -void StreamCipher::set_iv(const byte[], size_t iv_len) - { - if(iv_len) - throw Invalid_Argument("The stream cipher " + name() + - " does not support resyncronization"); - } - -bool StreamCipher::valid_iv_length(size_t iv_len) const - { - return (iv_len == 0); - } - -} diff --git a/src/lib/stream/stream_cipher.h b/src/lib/stream/stream_cipher.h index 2ca92e467..9768aea70 100644 --- a/src/lib/stream/stream_cipher.h +++ b/src/lib/stream/stream_cipher.h @@ -8,6 +8,7 @@ #ifndef BOTAN_STREAM_CIPHER_H__ #define BOTAN_STREAM_CIPHER_H__ +#include <botan/transform.h> #include <botan/sym_algo.h> #include <botan/scan_name.h> @@ -52,13 +53,17 @@ class BOTAN_DLL StreamCipher : public SymmetricAlgorithm * @param iv the initialization vector * @param iv_len the length of the IV in bytes */ - virtual void set_iv(const byte iv[], size_t iv_len); + virtual void set_iv(const byte[], size_t iv_len) + { + if(iv_len) + throw Invalid_IV_Length(name(), iv_len); + } /** * @param iv_len the length of the IV in bytes * @return if the length is valid for this algorithm */ - virtual bool valid_iv_length(size_t iv_len) const; + virtual bool valid_iv_length(size_t iv_len) const { return (iv_len == 0); } /** * Get a new object representing the same algorithm as *this diff --git a/src/lib/stream/stream_utils.h b/src/lib/stream/stream_utils.h index 7503029f6..2e8f58562 100644 --- a/src/lib/stream/stream_utils.h +++ b/src/lib/stream/stream_utils.h @@ -5,10 +5,10 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_STREAM_CIPHER_UTIL_H__ -#define BOTAN_STREAM_CIPHER_UTIL_H__ +#ifndef BOTAN_STREAM_CIPHER_UTILS_H__ +#define BOTAN_STREAM_CIPHER_UTILS_H__ -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/loadstor.h> #include <botan/rotate.h> #include <botan/internal/xor_buf.h> @@ -25,9 +25,6 @@ namespace Botan { #define BOTAN_REGISTER_STREAM_CIPHER_NAMED_1LEN(type, name, def) \ BOTAN_REGISTER_NAMED_T(StreamCipher, name, type, (make_new_T_1len<type,def>)) -#define BOTAN_REGISTER_STREAM_CIPHER_NOARGS_IF(cond, type, name, provider) \ - BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, StreamCipher, type, name, provider) - } #endif diff --git a/src/lib/tls/msg_hello_verify.cpp b/src/lib/tls/msg_hello_verify.cpp index 8f209998f..a3c439750 100644 --- a/src/lib/tls/msg_hello_verify.cpp +++ b/src/lib/tls/msg_hello_verify.cpp @@ -6,6 +6,7 @@ */ #include <botan/internal/tls_messages.h> +#include <botan/mac.h> #include <botan/lookup.h> namespace Botan { diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index 665a2ded6..c67dc7997 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -7,6 +7,7 @@ #include <botan/tls_session_manager_sql.h> #include <botan/database.h> +#include <botan/pbkdf.h> #include <botan/lookup.h> #include <botan/hex.h> #include <botan/loadstor.h> diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index b2ff2476b..31c688c51 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -6,8 +6,12 @@ */ #include <botan/tls_ciphersuite.h> -#include <botan/libstate.h> #include <botan/parsing.h> +#include <botan/internal/algo_registry.h> +#include <botan/block_cipher.h> +#include <botan/stream_cipher.h> +#include <botan/hash.h> +#include <botan/mac.h> #include <sstream> #include <stdexcept> @@ -96,14 +100,32 @@ bool Ciphersuite::ecc_ciphersuite() const return (sig_algo() == "ECDSA" || kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK"); } +namespace { + +bool have_hash(const std::string& prf) + { + if(Algo_Registry<HashFunction>::global_registry().providers_of(prf).size() > 0) + return true; + return false; + } + +bool have_cipher(const std::string& cipher) + { + if(Algo_Registry<BlockCipher>::global_registry().providers_of(cipher).size() > 0) + return true; + if(Algo_Registry<StreamCipher>::global_registry().providers_of(cipher).size() > 0) + return true; + return false; + } + +} + bool Ciphersuite::valid() const { if(!m_cipher_keylen) // uninitialized object return false; - Algorithm_Factory& af = global_state().algorithm_factory(); - - if(!af.prototype_hash_function(prf_algo())) + if(!have_hash(prf_algo())) return false; if(mac_algo() == "AEAD") @@ -118,7 +140,7 @@ bool Ciphersuite::valid() const { auto cipher_and_mode = split_on(cipher_algo(), '/'); BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo"); - if(!af.prototype_block_cipher(cipher_and_mode[0])) + if(!have_cipher(cipher_and_mode[0])) return false; const auto mode = cipher_and_mode[1]; @@ -141,11 +163,10 @@ bool Ciphersuite::valid() const } else { - if(!af.prototype_block_cipher(cipher_algo()) && - !af.prototype_stream_cipher(cipher_algo())) + // Old non-AEAD schemes + if(!have_cipher(cipher_algo())) return false; - - if(!af.prototype_hash_function(mac_algo())) + if(!have_hash(mac_algo())) // HMAC return false; } diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 75df6332a..bdc64283c 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -10,6 +10,7 @@ #include <botan/internal/tls_messages.h> #include <botan/internal/stl_util.h> #include <iterator> +#include <sstream> namespace Botan { @@ -227,11 +228,15 @@ void Client::process_handshake_msg(const Handshake_State* active_state, client_extn.begin(), server_extn.end(), std::back_inserter(diff)); - for(auto i : diff) + if(!diff.empty()) { - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server sent extension " + std::to_string(i) + - " but we did not request it"); + // Server sent us back an extension we did not send! + + std::ostringstream msg; + msg << "Server replied with " << diff.size() << " unsupported extensions:"; + for(auto&& d : diff) + msg << " " << static_cast<int>(d); + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, msg.str()); } if(u16bit srtp = state.server_hello()->srtp_profile()) diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index abbd725f6..76766c5fc 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -7,7 +7,7 @@ #include <botan/internal/tls_handshake_hash.h> #include <botan/tls_exceptn.h> -#include <botan/algo_registry.h> +#include <botan/internal/algo_registry.h> #include <botan/hash.h> namespace Botan { diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 883527810..f0d80556d 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -265,13 +265,9 @@ KDF* Handshake_State::protocol_specific_prf() const return get_kdf("TLS-12-PRF(" + prf_algo + ")"); } - else - { - // TLS v1.0, v1.1 and DTLS v1.0 - return get_kdf("TLS-PRF"); - } - throw Internal_Error("Unknown version code " + version().to_string()); + // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0 + return get_kdf("TLS-PRF"); } namespace { diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 56648edb3..521e7e4c1 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -14,6 +14,7 @@ #include <botan/internal/rounding.h> #include <botan/internal/xor_buf.h> #include <botan/lookup.h> +#include <botan/rng.h> namespace Botan { diff --git a/src/lib/utils/asm_x86_32/info.txt b/src/lib/utils/asm_x86_32/info.txt index d29b25fa3..6da494629 100644 --- a/src/lib/utils/asm_x86_32/info.txt +++ b/src/lib/utils/asm_x86_32/info.txt @@ -23,7 +23,3 @@ gcc clang icc </cc> - -<requires> -asm_engine -</requires> diff --git a/src/lib/utils/asm_x86_64/info.txt b/src/lib/utils/asm_x86_64/info.txt index 3173f3b14..0db499d46 100644 --- a/src/lib/utils/asm_x86_64/info.txt +++ b/src/lib/utils/asm_x86_64/info.txt @@ -21,7 +21,3 @@ netbsd openbsd solaris </os> - -<requires> -asm_engine -</requires> diff --git a/src/lib/utils/dyn_load/info.txt b/src/lib/utils/dyn_load/info.txt index c8d91dd75..3dc3c5d03 100644 --- a/src/lib/utils/dyn_load/info.txt +++ b/src/lib/utils/dyn_load/info.txt @@ -1,5 +1,7 @@ define DYNAMIC_LOADER 20131128 +load_on dep + <os> freebsd linux diff --git a/src/lib/utils/parsing.h b/src/lib/utils/parsing.h index 24d0576fd..25416d43a 100644 --- a/src/lib/utils/parsing.h +++ b/src/lib/utils/parsing.h @@ -126,6 +126,8 @@ BOTAN_DLL std::string ipv4_to_string(u32bit ip_addr); std::map<std::string, std::string> BOTAN_DLL read_cfg(std::istream& is); +std::string BOTAN_DLL clean_ws(const std::string& s); + } diff --git a/src/lib/utils/read_cfg.cpp b/src/lib/utils/read_cfg.cpp index 02708c3d6..bc895e194 100644 --- a/src/lib/utils/read_cfg.cpp +++ b/src/lib/utils/read_cfg.cpp @@ -9,8 +9,6 @@ namespace Botan { -namespace { - std::string clean_ws(const std::string& s) { const char* ws = " \t\n"; @@ -26,8 +24,6 @@ std::string clean_ws(const std::string& s) return s.substr(start, start + end + 1); } -} - std::map<std::string, std::string> read_cfg(std::istream& is) { std::map<std::string, std::string> kv; diff --git a/src/lib/simd/info.txt b/src/lib/utils/simd/info.txt index 35620c940..35620c940 100644 --- a/src/lib/simd/info.txt +++ b/src/lib/utils/simd/info.txt diff --git a/src/lib/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index 265e347a9..265e347a9 100644 --- a/src/lib/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h diff --git a/src/lib/simd/simd_altivec/info.txt b/src/lib/utils/simd/simd_altivec/info.txt index 19168a928..19168a928 100644 --- a/src/lib/simd/simd_altivec/info.txt +++ b/src/lib/utils/simd/simd_altivec/info.txt diff --git a/src/lib/simd/simd_altivec/simd_altivec.h b/src/lib/utils/simd/simd_altivec/simd_altivec.h index 32533aafb..32533aafb 100644 --- a/src/lib/simd/simd_altivec/simd_altivec.h +++ b/src/lib/utils/simd/simd_altivec/simd_altivec.h diff --git a/src/lib/simd/simd_scalar/info.txt b/src/lib/utils/simd/simd_scalar/info.txt index 26a9fbfee..26a9fbfee 100644 --- a/src/lib/simd/simd_scalar/info.txt +++ b/src/lib/utils/simd/simd_scalar/info.txt diff --git a/src/lib/simd/simd_scalar/simd_scalar.h b/src/lib/utils/simd/simd_scalar/simd_scalar.h index 379e2d6a8..379e2d6a8 100644 --- a/src/lib/simd/simd_scalar/simd_scalar.h +++ b/src/lib/utils/simd/simd_scalar/simd_scalar.h diff --git a/src/lib/simd/simd_sse2/info.txt b/src/lib/utils/simd/simd_sse2/info.txt index bd9e430cb..bd9e430cb 100644 --- a/src/lib/simd/simd_sse2/info.txt +++ b/src/lib/utils/simd/simd_sse2/info.txt diff --git a/src/lib/simd/simd_sse2/simd_sse2.h b/src/lib/utils/simd/simd_sse2/simd_sse2.h index 61989eb8e..61989eb8e 100644 --- a/src/lib/simd/simd_sse2/simd_sse2.h +++ b/src/lib/utils/simd/simd_sse2/simd_sse2.h diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/utils/sqlite3/sqlite3.h index 6c78deb42..8495a1d1b 100644 --- a/src/lib/utils/sqlite3/sqlite3.h +++ b/src/lib/utils/sqlite3/sqlite3.h @@ -6,7 +6,7 @@ */ #ifndef BOTAN_UTILS_SQLITE3_H__ -#define BOTAN_UTILS_SQLIT3_H__ +#define BOTAN_UTILS_SQLITE3_H__ #include <botan/database.h> |