diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cert/cvc/cvc_self.cpp | 26 | ||||
| -rw-r--r-- | src/cert/cvc/signed_obj.cpp | 6 | ||||
| -rw-r--r-- | src/cert/x509/x509_ca.cpp | 4 | ||||
| -rw-r--r-- | src/cert/x509/x509_obj.cpp | 7 | ||||
| -rw-r--r-- | src/cert/x509/x509self.cpp | 1 | ||||
| -rw-r--r-- | src/cert/x509/x509stor.cpp | 8 | ||||
| -rw-r--r-- | src/cms/cms_dalg.cpp | 1 | ||||
| -rw-r--r-- | src/cms/cms_ealg.cpp | 19 | ||||
| -rw-r--r-- | src/pubkey/dlies/dlies.cpp | 11 | ||||
| -rw-r--r-- | src/pubkey/dlies/dlies.h | 4 | ||||
| -rw-r--r-- | src/pubkey/dsa/dsa.cpp | 8 | ||||
| -rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 9 | ||||
| -rw-r--r-- | src/pubkey/keypair/keypair.cpp | 30 | ||||
| -rw-r--r-- | src/pubkey/keypair/keypair.h | 8 | ||||
| -rw-r--r-- | src/pubkey/nr/nr.cpp | 9 | ||||
| -rw-r--r-- | src/pubkey/rsa/rsa.cpp | 12 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.cpp | 9 | ||||
| -rw-r--r-- | src/ssl/c_kex.cpp | 22 | ||||
| -rw-r--r-- | src/ssl/cert_ver.cpp | 52 | ||||
| -rw-r--r-- | src/ssl/s_kex.cpp | 62 |
20 files changed, 148 insertions, 160 deletions
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index b54b8b4bb..fbd042676 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -10,7 +10,6 @@ #include <botan/point_gfp.h> #include <botan/time.h> #include <botan/oids.h> -#include <botan/look_pk.h> #include <sstream> namespace Botan { @@ -105,12 +104,11 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer( - get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*signer, + return make_cvc_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, @@ -133,7 +131,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); @@ -146,7 +144,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, .get_contents(); MemoryVector<byte> signed_cert = - EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(*signer, + EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); @@ -166,10 +164,10 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); } std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer signer(*priv_key, padding_and_hash); SecureVector<byte> tbs_bits = req.BER_encode(); tbs_bits.append(DER_Encoder().encode(car).get_contents()); - MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(*signer, tbs_bits, rng); + MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); DataSource_Memory source(signed_cert); return EAC1_1_ADO(source); @@ -199,7 +197,7 @@ EAC1_1_CVC create_cvca(Private_Key const& key, opts.cex.add_months(cvca_validity_months); opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT)); opts.hash_alg = hash; - return Botan::CVC_EAC::create_self_signed_cert(*priv_key, opts, rng); + return CVC_EAC::create_self_signed_cert(*priv_key, opts, rng); } @@ -230,14 +228,14 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, } AlgorithmIdentifier sig_algo = signer.signature_algorithm(); std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer pk_signer(*priv_key, padding_and_hash); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*pk_signer, enc_public_key, + return make_cvc_cert(pk_signer, enc_public_key, signer.get_car(), signee.get_chr(), signer.get_chat_value(), @@ -264,7 +262,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, chr_str += to_string(seqnr, seqnr_len); ASN1_Chr chr(chr_str); std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); + PK_Signer pk_signer(*priv_key, padding_and_hash); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); @@ -304,7 +302,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - return make_cvc_cert(*pk_signer, enc_public_key, + return make_cvc_cert(pk_signer, enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), chr, chat_val, @@ -325,7 +323,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& prkey, } ECDSA_PrivateKey key(*priv_key); key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); - return Botan::CVC_EAC::create_cvc_req(key, chr, hash_alg, rng); + return CVC_EAC::create_cvc_req(key, chr, hash_alg, rng); } } // namespace DE_EAC diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index ddb714621..d6aa2f02b 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -7,7 +7,7 @@ */ #include <botan/signed_obj.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/oids.h> #include <memory> @@ -64,8 +64,8 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, SecureVector<byte> to_sign = tbs_data(); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(pub_key, padding, format)); - return verifier->verify_message(to_sign, sig); + PK_Verifier verifier(pub_key, padding, format); + return verifier.verify_message(to_sign, sig); } catch(...) { diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 00a105d1d..1f3e643e9 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -7,12 +7,12 @@ #include <botan/x509_ca.h> #include <botan/x509stor.h> +#include <botan/pubkey.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> #include <botan/lookup.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/time.h> #include <algorithm> @@ -272,7 +272,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); sig_algo.parameters = key.algorithm_identifier().parameters; - return get_pk_signer(key, padding, format); + return new PK_Signer(key, padding, format); } } diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index fb92a9cb0..820972614 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -7,7 +7,7 @@ #include <botan/x509_obj.h> #include <botan/x509_key.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/oids.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -168,10 +168,9 @@ bool X509_Object::check_signature(Public_Key& pub_key) const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(pub_key, padding, format)); + PK_Verifier verifier(pub_key, padding, format); - return verifier->verify_message(tbs_data(), signature()); + return verifier.verify_message(tbs_data(), signature()); } catch(...) { diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index e85317462..89b63c8b2 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -9,7 +9,6 @@ #include <botan/x509_ext.h> #include <botan/x509_ca.h> #include <botan/der_enc.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/pipe.h> #include <memory> diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp index b134817e4..a24d4a070 100644 --- a/src/cert/x509/x509stor.cpp +++ b/src/cert/x509/x509stor.cpp @@ -8,7 +8,6 @@ #include <botan/x509stor.h> #include <botan/parsing.h> #include <botan/pubkey.h> -#include <botan/look_pk.h> #include <botan/oids.h> #include <botan/time.h> #include <algorithm> @@ -394,11 +393,10 @@ X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key) if(key->message_parts() >= 2) format = DER_SEQUENCE; else format = IEEE_1363; - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(*pub_key.get(), padding, format)); + PK_Verifier verifier(*pub_key.get(), padding, format); - bool valid = verifier->verify_message(object.tbs_data(), - object.signature()); + bool valid = verifier.verify_message(object.tbs_data(), + object.signature()); if(valid) return VERIFIED; diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 1fc4e2faa..50a2397e5 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -10,7 +10,6 @@ #include <botan/ber_dec.h> #include <botan/oids.h> #include <botan/hash.h> -#include <botan/look_pk.h> #include <botan/bigint.h> #include <botan/libstate.h> #include <memory> diff --git a/src/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 4bae96302..0cfdbba82 100644 --- a/src/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -6,15 +6,15 @@ */ #include <botan/cms_enc.h> -#include <botan/der_enc.h> -#include <botan/x509find.h> #include <botan/bigint.h> -#include <botan/oids.h> #include <botan/cbc.h> +#include <botan/der_enc.h> #include <botan/hash.h> -#include <botan/look_pk.h> #include <botan/libstate.h> +#include <botan/oids.h> #include <botan/pipe.h> +#include <botan/pubkey.h> +#include <botan/x509find.h> #include <memory> namespace Botan { @@ -130,7 +130,8 @@ void CMS_Encoder::encrypt_ktri(RandomNumberGenerator& rng, { const std::string padding = "EME-PKCS1-v1_5"; const std::string pk_algo = pub_key->algo_name(); - std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(*pub_key, padding)); + + PK_Encryptor_MR_with_EME encryptor(*pub_key, padding); SymmetricKey cek = setup_key(rng, cipher); @@ -146,7 +147,7 @@ void CMS_Encoder::encrypt_ktri(RandomNumberGenerator& rng, .encode((u32bit)0); encode_si(encoder, to) .encode(alg_id) - .encode(enc->encrypt(cek.bits_of(), rng), OCTET_STRING) + .encode(encryptor.encrypt(cek.bits_of(), rng), OCTET_STRING) .end_cons() .end_cons() .raw_bytes(do_encrypt(rng, cek, cipher)) @@ -292,14 +293,14 @@ void CMS_Encoder::sign(const X509_Certificate& cert, Signature_Format format = IEEE_1363; - std::auto_ptr<PK_Signer> signer(get_pk_signer(key, padding, format)); + PK_Signer signer(key, padding, format); AlgorithmIdentifier sig_algo(OIDS::lookup(key.algo_name() + "/" + padding), AlgorithmIdentifier::USE_NULL_PARAM); SecureVector<byte> signed_attr = encode_attr(data, type, hash); - signer->update(signed_attr); - SecureVector<byte> signature = signer->signature(rng); + signer.update(signed_attr); + SecureVector<byte> signature = signer.signature(rng); signed_attr[0] = 0xA0; const u32bit SI_VERSION = cert.subject_key_id().size() ? 3 : 1; diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 2253f84d5..07477fd5d 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -6,7 +6,6 @@ */ #include <botan/dlies.h> -#include <botan/look_pk.h> #include <botan/internal/xor_buf.h> namespace Botan { @@ -18,7 +17,7 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - ka(get_pk_kas(key, "Raw")), + ka(key, "Raw"), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) @@ -28,7 +27,6 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, DLIES_Encryptor::~DLIES_Encryptor() { - delete ka; delete kdf; delete mac; } @@ -48,7 +46,7 @@ SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length, out.copy(my_key, my_key.size()); out.copy(my_key.size(), in, length); - SecureVector<byte> vz(my_key, ka->derive_key(0, other_key).bits_of()); + SecureVector<byte> vz(my_key, ka.derive_key(0, other_key).bits_of()); const u32bit K_LENGTH = length + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); @@ -92,7 +90,7 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - ka(get_pk_kas(key, "Raw")), + ka(key, "Raw"), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) @@ -102,7 +100,6 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, DLIES_Decryptor::~DLIES_Decryptor() { - delete ka; delete kdf; delete mac; } @@ -121,7 +118,7 @@ SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN); SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->OUTPUT_LENGTH); - SecureVector<byte> vz(v, ka->derive_key(0, v).bits_of()); + SecureVector<byte> vz(v, ka.derive_key(0, v).bits_of()); const u32bit K_LENGTH = C.size() + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index e8b87a091..fd2cefe4a 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -35,7 +35,7 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor SecureVector<byte> other_key, my_key; - PK_Key_Agreement* ka; + PK_Key_Agreement ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; @@ -59,7 +59,7 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor SecureVector<byte> my_key; - PK_Key_Agreement* ka; + PK_Key_Agreement ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index 1fbc2abc1..bd9641856 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -8,7 +8,6 @@ #include <botan/dsa.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -65,10 +64,9 @@ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { - KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA1(SHA-1)"), - get_pk_verifier(*this, "EMSA1(SHA-1)") - ); + PK_Signer this_signer(*this, "EMSA1(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA1(SHA-1)"); + KeyPair::check_key(rng, this_signer, this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index 2abd769e5..6b919d916 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -8,7 +8,6 @@ #include <botan/elgamal.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> #include <botan/internal/workfactor.h> namespace Botan { @@ -66,10 +65,12 @@ bool ElGamal_PrivateKey::check_key(RandomNumberGenerator& rng, try { + PK_Encryptor_MR_with_EME this_encryptor(*this, "EME1(SHA-1)"); + PK_Decryptor_MR_with_EME this_decryptor(*this, "EME1(SHA-1)"); + KeyPair::check_key(rng, - get_pk_encryptor(*this, "EME1(SHA-1)"), - get_pk_decryptor(*this, "EME1(SHA-1)") - ); + this_encryptor, + this_decryptor); } catch(Self_Test_Failure) { diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index 486577fc5..d54d8e442 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -1,13 +1,11 @@ /* * Keypair Checks -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ #include <botan/keypair.h> -#include <botan/look_pk.h> -#include <memory> namespace Botan { @@ -17,22 +15,20 @@ namespace KeyPair { * Check an encryption key pair for consistency */ void check_key(RandomNumberGenerator& rng, - PK_Encryptor* encryptor, PK_Decryptor* decryptor) + PK_Encryptor& encryptor, + PK_Decryptor& decryptor) { - if(encryptor->maximum_input_size() == 0) + if(encryptor.maximum_input_size() == 0) return; - std::auto_ptr<PK_Encryptor> enc(encryptor); - std::auto_ptr<PK_Decryptor> dec(decryptor); - - SecureVector<byte> message(enc->maximum_input_size() - 1); + SecureVector<byte> message(encryptor.maximum_input_size() - 1); rng.randomize(message, message.size()); - SecureVector<byte> ciphertext = enc->encrypt(message, rng); + SecureVector<byte> ciphertext = encryptor.encrypt(message, rng); if(ciphertext == message) throw Self_Test_Failure("Encryption key pair consistency failure"); - SecureVector<byte> message2 = dec->decrypt(ciphertext); + SecureVector<byte> message2 = decryptor.decrypt(ciphertext); if(message != message2) throw Self_Test_Failure("Encryption key pair consistency failure"); } @@ -41,11 +37,9 @@ void check_key(RandomNumberGenerator& rng, * Check a signature key pair for consistency */ void check_key(RandomNumberGenerator& rng, - PK_Signer* signer, PK_Verifier* verifier) + PK_Signer& signer, + PK_Verifier& verifier) { - std::auto_ptr<PK_Signer> sig(signer); - std::auto_ptr<PK_Verifier> ver(verifier); - SecureVector<byte> message(16); rng.randomize(message, message.size()); @@ -53,18 +47,18 @@ void check_key(RandomNumberGenerator& rng, try { - signature = sig->sign_message(message, rng); + signature = signer.sign_message(message, rng); } catch(Encoding_Error) { return; } - if(!ver->verify_message(message, signature)) + if(!verifier.verify_message(message, signature)) throw Self_Test_Failure("Signature key pair consistency failure"); ++message[0]; - if(ver->verify_message(message, signature)) + if(verifier.verify_message(message, signature)) throw Self_Test_Failure("Signature key pair consistency failure"); } diff --git a/src/pubkey/keypair/keypair.h b/src/pubkey/keypair/keypair.h index b1d5c2da0..22dcca0ea 100644 --- a/src/pubkey/keypair/keypair.h +++ b/src/pubkey/keypair/keypair.h @@ -24,8 +24,8 @@ namespace KeyPair { * @throw Self_Test_Failure if the arguments are not related to each other */ BOTAN_DLL void check_key(RandomNumberGenerator& rng, - PK_Encryptor* enc, - PK_Decryptor* dec); + PK_Encryptor& enc, + PK_Decryptor& dec); /** * Tests whether the specified signer and verifier are related to each other, @@ -37,8 +37,8 @@ BOTAN_DLL void check_key(RandomNumberGenerator& rng, * @throw Self_Test_Failure if the arguments are not related to each other */ BOTAN_DLL void check_key(RandomNumberGenerator& rng, - PK_Signer* sig, - PK_Verifier* ver); + PK_Signer& sig, + PK_Verifier& ver); } diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 1fc8630d7..8a1b8c261 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -8,7 +8,6 @@ #include <botan/nr.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -71,10 +70,12 @@ bool NR_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { + PK_Signer this_signer(*this, "EMSA1(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA1(SHA-1)"); + KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA1(SHA-1)"), - get_pk_verifier(*this, "EMSA1(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index dc182f36a..984d030ef 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -9,7 +9,6 @@ #include <botan/parsing.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> namespace Botan { @@ -57,15 +56,12 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { - KeyPair::check_key(rng, - get_pk_encryptor(*this, "EME1(SHA-1)"), - get_pk_decryptor(*this, "EME1(SHA-1)") - ); + PK_Signer this_signer(*this, "EMSA4(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA4(SHA-1)"); KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA4(SHA-1)"), - get_pk_verifier(*this, "EMSA4(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index 7b87ce7df..b2bf2f916 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -8,7 +8,6 @@ #include <botan/rw.h> #include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/look_pk.h> #include <botan/parsing.h> #include <algorithm> @@ -59,10 +58,12 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const try { + PK_Signer this_signer(*this, "EMSA2(SHA-1)"); + PK_Verifier this_verifier(*this, "EMSA2(SHA-1)"); + KeyPair::check_key(rng, - get_pk_signer(*this, "EMSA2(SHA-1)"), - get_pk_verifier(*this, "EMSA2(SHA-1)") - ); + this_signer, + this_verifier); } catch(Self_Test_Failure) { diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp index 59cfa6547..7140bf35c 100644 --- a/src/ssl/c_kex.cpp +++ b/src/ssl/c_kex.cpp @@ -6,10 +6,10 @@ */ #include <botan/tls_messages.h> +#include <botan/pubkey.h> #include <botan/dh.h> #include <botan/rsa.h> #include <botan/rng.h> -#include <botan/look_pk.h> #include <botan/loadstor.h> #include <memory> @@ -31,9 +31,9 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng, { DH_PrivateKey priv_key(rng, dh_pub->get_domain()); - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(priv_key, "Raw")); + PK_Key_Agreement ka(priv_key, "Raw"); - pre_master = ka->derive_key(0, dh_pub->public_value()).bits_of(); + pre_master = ka.derive_key(0, dh_pub->public_value()).bits_of(); key_material = priv_key.public_value(); } @@ -44,10 +44,9 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng, pre_master[0] = (pref_version >> 8) & 0xFF; pre_master[1] = (pref_version ) & 0xFF; - std::auto_ptr<PK_Encryptor> encryptor(get_pk_encryptor(*rsa_pub, - "PKCS1v15")); + PK_Encryptor_MR_with_EME encryptor(*rsa_pub, "PKCS1v15"); - key_material = encryptor->encrypt(pre_master, rng); + key_material = encryptor.encrypt(pre_master, rng); if(using_version == SSL_V3) include_length = false; @@ -125,9 +124,9 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, if(const DH_PrivateKey* dh_priv = dynamic_cast<const DH_PrivateKey*>(priv_key)) { try { - std::auto_ptr<PK_Key_Agreement> ka(get_pk_kas(*dh_priv, "Raw")); + PK_Key_Agreement ka(*dh_priv, "Raw"); - pre_master = ka->derive_key(0, key_material).bits_of(); + pre_master = ka.derive_key(0, key_material).bits_of(); } catch(...) { @@ -139,17 +138,16 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } else if(const RSA_PrivateKey* rsa_priv = dynamic_cast<const RSA_PrivateKey*>(priv_key)) { - std::auto_ptr<PK_Decryptor> decryptor(get_pk_decryptor(*rsa_priv, - "PKCS1v15")); + PK_Decryptor_MR_with_EME decryptor(*rsa_priv, "PKCS1v15"); try { - pre_master = decryptor->decrypt(key_material); + pre_master = decryptor.decrypt(key_material); if(pre_master.size() != 48 || make_u16bit(pre_master[0], pre_master[1]) != version) throw Decoding_Error("Client_Key_Exchange: Secret corrupted"); } - catch(std::exception) + catch(...) { pre_master.resize(48); rng.randomize(pre_master, pre_master.size()); diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp index 22dae8350..7e17dbfab 100644 --- a/src/ssl/cert_ver.cpp +++ b/src/ssl/cert_ver.cpp @@ -1,12 +1,12 @@ /** -* Certificate Verify Message -* (C) 2004-2006 Jack Lloyd +* Certificate Verify Message +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ #include <botan/tls_messages.h> -#include <botan/look_pk.h> +#include <botan/pubkey.h> #include <botan/rsa.h> #include <botan/dsa.h> #include <botan/loadstor.h> @@ -22,21 +22,23 @@ Certificate_Verify::Certificate_Verify(RandomNumberGenerator& rng, HandshakeHash& hash, const Private_Key* priv_key) { - std::auto_ptr<PK_Signer> signer; + std::string padding = ""; + Signature_Format format = IEEE_1363; - if(const RSA_PrivateKey* rsa = dynamic_cast<const RSA_PrivateKey*>(priv_key)) + if(priv_key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(priv_key->algo_name() == "DSA") { - signer.reset(get_pk_signer(*rsa, "EMSA3(TLS.Digest.0)")); - } - else if(const DSA_PrivateKey* dsa = - dynamic_cast<const DSA_PrivateKey*>(priv_key)) - { - signer.reset(get_pk_signer(*dsa, "EMSA1(SHA-1)")); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } else - throw Invalid_Argument("Unknown PK algo for TLS signature"); + throw Invalid_Argument(priv_key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Signer signer(*priv_key, padding, format); - signature = signer->sign_message(hash.final(), rng); + signature = signer.sign_message(hash.final(), rng); send(writer, hash); } @@ -80,20 +82,22 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, std::auto_ptr<Public_Key> key(cert.subject_public_key()); - DSA_PublicKey* dsa_pub = dynamic_cast<DSA_PublicKey*>(key.get()); - RSA_PublicKey* rsa_pub = dynamic_cast<RSA_PublicKey*>(key.get()); + std::string padding = ""; + Signature_Format format = IEEE_1363; - std::auto_ptr<PK_Verifier> verifier; - - if(dsa_pub) - verifier.reset(get_pk_verifier(*dsa_pub, "EMSA1(SHA-1)", DER_SEQUENCE)); - else if(rsa_pub) - verifier.reset(get_pk_verifier(*rsa_pub, "EMSA3(TLS.Digest.0)")); + if(key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(key->algo_name() == "DSA") + { + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; + } else - throw Invalid_Argument("Client did not provide a RSA/DSA cert"); + throw Invalid_Argument(key->algo_name() + + " is invalid/unknown for TLS signatures"); - // FIXME: WRONG - return verifier->verify_message(hash.final(), signature); + PK_Verifier verifier(*key, padding, format); + return verifier.verify_message(hash.final(), signature); } } diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index d568ef14f..94b17cb7e 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -6,10 +6,10 @@ */ #include <botan/tls_messages.h> +#include <botan/pubkey.h> #include <botan/dh.h> #include <botan/rsa.h> #include <botan/dsa.h> -#include <botan/look_pk.h> #include <botan/loadstor.h> #include <memory> @@ -43,25 +43,27 @@ Server_Key_Exchange::Server_Key_Exchange(RandomNumberGenerator& rng, else throw Invalid_Argument("Bad key for TLS key exchange: not DH or RSA"); - std::auto_ptr<PK_Signer> signer; - if(const RSA_PrivateKey* rsa = dynamic_cast<const RSA_PrivateKey*>(priv_key)) - { - signer.reset(get_pk_signer(*rsa, "EMSA3(TLS.Digest.0)")); - } - else if(const DSA_PrivateKey* dsa = - dynamic_cast<const DSA_PrivateKey*>(priv_key)) + std::string padding = ""; + Signature_Format format = IEEE_1363; + + if(priv_key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(priv_key->algo_name() == "DSA") { - signer.reset(get_pk_signer(*dsa, "EMSA1(SHA-1)")); - signer->set_output_format(DER_SEQUENCE); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } else - throw Invalid_Argument("Bad key for TLS signature: not RSA or DSA"); + throw Invalid_Argument(priv_key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Signer signer(*priv_key, padding, format); - signer->update(c_random); - signer->update(s_random); - signer->update(serialize_params()); - signature = signer->signature(rng); + signer.update(c_random); + signer.update(s_random); + signer.update(serialize_params()); + signature = signer.signature(rng); send(writer, hash); } @@ -154,29 +156,31 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert, const MemoryRegion<byte>& c_random, const MemoryRegion<byte>& s_random) const { - std::auto_ptr<Public_Key> key(cert.subject_public_key()); - DSA_PublicKey* dsa_pub = dynamic_cast<DSA_PublicKey*>(key.get()); - RSA_PublicKey* rsa_pub = dynamic_cast<RSA_PublicKey*>(key.get()); + std::auto_ptr<Public_Key> key(cert.subject_public_key()); - std::auto_ptr<PK_Verifier> verifier; + std::string padding = ""; + Signature_Format format = IEEE_1363; - if(dsa_pub) + if(key->algo_name() == "RSA") + padding = "EMSA3(TLS.Digest.0)"; + else if(key->algo_name() == "DSA") { - verifier.reset(get_pk_verifier(*dsa_pub, "EMSA1(SHA-1)", DER_SEQUENCE)); - verifier->set_input_format(DER_SEQUENCE); + padding == "EMSA1(SHA-1)"; + format = DER_SEQUENCE; } - else if(rsa_pub) - verifier.reset(get_pk_verifier(*rsa_pub, "EMSA3(TLS.Digest.0)")); else - throw Invalid_Argument("Server did not provide a RSA/DSA cert"); + throw Invalid_Argument(key->algo_name() + + " is invalid/unknown for TLS signatures"); + + PK_Verifier verifier(*key, padding, format); SecureVector<byte> params_got = serialize_params(); - verifier->update(c_random); - verifier->update(s_random); - verifier->update(params_got); + verifier.update(c_random); + verifier.update(s_random); + verifier.update(params_got); - return verifier->check_signature(signature, signature.size()); + return verifier.check_signature(signature, signature.size()); } } |