diff options
Diffstat (limited to 'src')
55 files changed, 327 insertions, 226 deletions
diff --git a/src/algo_factory/algo_factory.cpp b/src/algo_factory/algo_factory.cpp index 10dfa15b8..05de330c3 100644 --- a/src/algo_factory/algo_factory.cpp +++ b/src/algo_factory/algo_factory.cpp @@ -70,8 +70,7 @@ const T* factory_prototype(const std::string& algo_spec, { if(provider == "" || engines[i]->provider_name() == provider) { - T* impl = engine_get_algo<T>(engines[i], scan_name, af); - if(impl) + if(T* impl = engine_get_algo<T>(engines[i], scan_name, af)) cache->add(impl, algo_spec, engines[i]->provider_name()); } } diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index b34bf8ca2..66a27dd4e 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -7,7 +7,7 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> namespace Botan { diff --git a/src/asn1/der_enc.cpp b/src/asn1/der_enc.cpp index a978f753b..06aaa3dfa 100644 --- a/src/asn1/der_enc.cpp +++ b/src/asn1/der_enc.cpp @@ -8,9 +8,9 @@ #include <botan/der_enc.h> #include <botan/asn1_int.h> #include <botan/bigint.h> -#include <botan/loadstor.h> -#include <botan/internal/bit_ops.h> +#include <botan/get_byte.h> #include <botan/parsing.h> +#include <botan/internal/bit_ops.h> #include <algorithm> namespace Botan { diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index 79b80745c..2d89850fd 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -17,7 +17,7 @@ DESTDIR = %{prefix} LIBDIR = $(DESTDIR)\%{libdir} HEADERDIR = $(DESTDIR)\%{includedir}\botan -DOCDIR = $(DESTDIR)\%{docdir}\Botan-$(VERSION) +DOCDIR = $(DESTDIR)\%{docdir}\botan-$(VERSION) ### Aliases for Common Programs AR = %{ar_command} diff --git a/src/build-data/makefile/unix.in b/src/build-data/makefile/unix.in index a39a10907..c525aa6bf 100644 --- a/src/build-data/makefile/unix.in +++ b/src/build-data/makefile/unix.in @@ -16,7 +16,7 @@ DESTDIR = %{prefix} BINDIR = $(DESTDIR)/bin LIBDIR = $(DESTDIR)/%{libdir} HEADERDIR = $(DESTDIR)/%{includedir}/botan -DOCDIR = $(DESTDIR)/%{docdir}/Botan-$(VERSION) +DOCDIR = $(DESTDIR)/%{docdir}/botan-$(VERSION) PKGCONF_DIR = $(LIBDIR)/pkgconfig CONFIG_SCRIPT = %{botan_config} diff --git a/src/build-data/makefile/unix_shr.in b/src/build-data/makefile/unix_shr.in index db445163e..aaedeeaf8 100644 --- a/src/build-data/makefile/unix_shr.in +++ b/src/build-data/makefile/unix_shr.in @@ -19,7 +19,7 @@ DESTDIR = %{prefix} BINDIR = $(DESTDIR)/bin LIBDIR = $(DESTDIR)/%{libdir} HEADERDIR = $(DESTDIR)/%{includedir}/botan -DOCDIR = $(DESTDIR)/%{docdir}/Botan-$(VERSION) +DOCDIR = $(DESTDIR)/%{docdir}/botan-$(VERSION) PKGCONF_DIR = $(LIBDIR)/pkgconfig CONFIG_SCRIPT = %{botan_config} diff --git a/src/checksum/crc24/crc24.cpp b/src/checksum/crc24/crc24.cpp index e50b4d33e..5441020f5 100644 --- a/src/checksum/crc24/crc24.cpp +++ b/src/checksum/crc24/crc24.cpp @@ -6,7 +6,7 @@ */ #include <botan/crc24.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> namespace Botan { diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index 8d2d7257d..5d1e674ca 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -9,7 +9,7 @@ #include <botan/package.h> #include <botan/filters.h> #include <botan/ctr.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/internal/xor_buf.h> namespace Botan { diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index 20435fa59..371b52e66 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -13,7 +13,7 @@ #include <botan/hmac.h> #include <botan/pbkdf2.h> #include <botan/pem.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/mem_ops.h> namespace Botan { @@ -48,10 +48,10 @@ std::string encrypt(const byte input[], u32bit input_len, rng.randomize(pbkdf_salt.begin(), pbkdf_salt.size()); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); - pbkdf.change_salt(pbkdf_salt.begin(), pbkdf_salt.size()); - pbkdf.set_iterations(PBKDF_ITERATIONS); - OctetString mk = pbkdf.derive_key(PBKDF_OUTPUT_LEN, passphrase); + OctetString mk = pbkdf.derive_key(PBKDF_OUTPUT_LEN, passphrase, + &pbkdf_salt[0], pbkdf_salt.size(), + PBKDF_ITERATIONS); SymmetricKey cipher_key(mk.begin(), CIPHER_KEY_LEN); SymmetricKey mac_key(mk.begin() + CIPHER_KEY_LEN, MAC_KEY_LEN); @@ -109,10 +109,10 @@ std::string decrypt(const byte input[], u32bit input_len, SecureVector<byte> pbkdf_salt(ciphertext + VERSION_CODE_LEN, PBKDF_SALT_LEN); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); - pbkdf.change_salt(pbkdf_salt.begin(), pbkdf_salt.size()); - pbkdf.set_iterations(PBKDF_ITERATIONS); - OctetString mk = pbkdf.derive_key(PBKDF_OUTPUT_LEN, passphrase); + OctetString mk = pbkdf.derive_key(PBKDF_OUTPUT_LEN, passphrase, + &pbkdf_salt[0], pbkdf_salt.size(), + PBKDF_ITERATIONS); SymmetricKey cipher_key(mk.begin(), CIPHER_KEY_LEN); SymmetricKey mac_key(mk.begin() + CIPHER_KEY_LEN, MAC_KEY_LEN); diff --git a/src/constructs/fpe/fpe.cpp b/src/constructs/fpe/fpe.cpp index 86e56625d..a0b3274b5 100644 --- a/src/constructs/fpe/fpe.cpp +++ b/src/constructs/fpe/fpe.cpp @@ -12,7 +12,7 @@ #include <botan/numthry.h> #include <botan/hmac.h> #include <botan/sha2_32.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <stdexcept> namespace Botan { diff --git a/src/constructs/passhash/info.txt b/src/constructs/passhash/info.txt new file mode 100644 index 000000000..f96809f29 --- /dev/null +++ b/src/constructs/passhash/info.txt @@ -0,0 +1,9 @@ +define PASSHASH9 + +<requires> +libstate +pbkdf2 +rng +base64 +</requires> + diff --git a/src/constructs/passhash/passhash9.cpp b/src/constructs/passhash/passhash9.cpp new file mode 100644 index 000000000..9e5ff3257 --- /dev/null +++ b/src/constructs/passhash/passhash9.cpp @@ -0,0 +1,127 @@ +/* +* Passhash9 Password Hashing +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/passhash9.h> +#include <botan/loadstor.h> +#include <botan/libstate.h> +#include <botan/pbkdf2.h> +#include <botan/base64.h> +#include <botan/pipe.h> + +namespace Botan { + +namespace { + +const std::string MAGIC_PREFIX = "$9$"; + +const u32bit WORKFACTOR_BYTES = 2; +const u32bit ALGID_BYTES = 1; +const u32bit SALT_BYTES = 12; // 96 bits of salt +const u32bit PBKDF_OUTPUT_LEN = 24; // 192 bits output + +const u32bit WORK_FACTOR_SCALE = 10000; + +MessageAuthenticationCode* get_pbkdf_prf(byte alg_id) + { + Algorithm_Factory& af = global_state().algorithm_factory(); + + if(alg_id == 0) + return af.make_mac("HMAC(SHA-1)"); + + return 0; + } + +std::pair<byte, MessageAuthenticationCode*> choose_pbkdf_prf() + { + byte alg_id = 0; + return std::make_pair(alg_id, get_pbkdf_prf(alg_id)); + } + +} + +std::string generate_passhash9(const std::string& pass, + RandomNumberGenerator& rng, + u16bit work_factor) + { + std::pair<byte, MessageAuthenticationCode*> prf = choose_pbkdf_prf(); + byte alg_id = prf.first; + + PKCS5_PBKDF2 kdf(prf.second); // takes ownership of pointer + + SecureVector<byte> salt(SALT_BYTES); + rng.randomize(&salt[0], salt.size()); + + u32bit kdf_iterations = WORK_FACTOR_SCALE * work_factor; + + SecureVector<byte> pbkdf2_output = + kdf.derive_key(PBKDF_OUTPUT_LEN, pass, + &salt[0], salt.size(), + kdf_iterations).bits_of(); + + Pipe pipe(new Base64_Encoder); + pipe.start_msg(); + pipe.write(alg_id); + pipe.write(get_byte(0, work_factor)); + pipe.write(get_byte(1, work_factor)); + pipe.write(salt); + pipe.write(pbkdf2_output); + pipe.end_msg(); + + return MAGIC_PREFIX + pipe.read_all_as_string(); + } + +bool check_passhash9(const std::string& pass, const std::string& hash) + { + const u32bit BINARY_LENGTH = + (ALGID_BYTES + WORKFACTOR_BYTES + PBKDF_OUTPUT_LEN + SALT_BYTES); + + const u32bit BASE64_LENGTH = + MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6; + + if(hash.size() != BASE64_LENGTH) + return false; + + for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i) + if(hash[i] != MAGIC_PREFIX[i]) + return false; + + Pipe pipe(new Base64_Decoder); + pipe.start_msg(); + pipe.write(hash.c_str() + MAGIC_PREFIX.size()); + pipe.end_msg(); + + SecureVector<byte> bin = pipe.read_all(); + + if(bin.size() != BINARY_LENGTH) + return false; + + byte alg_id = bin[0]; + + u32bit kdf_iterations = + WORK_FACTOR_SCALE * load_be<u16bit>(bin + ALGID_BYTES, 0); + + if(kdf_iterations == 0) + return false; + + MessageAuthenticationCode* pbkdf_prf = get_pbkdf_prf(alg_id); + + if(pbkdf_prf == 0) + return false; // unknown algorithm, reject + + PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer + + SecureVector<byte> cmp = kdf.derive_key( + PBKDF_OUTPUT_LEN, pass, + &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES, + kdf_iterations).bits_of(); + + return same_mem(cmp.begin(), + bin.begin() + ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES, + PBKDF_OUTPUT_LEN); + } + +} diff --git a/src/constructs/passhash/passhash9.h b/src/constructs/passhash/passhash9.h new file mode 100644 index 000000000..6020dce42 --- /dev/null +++ b/src/constructs/passhash/passhash9.h @@ -0,0 +1,35 @@ +/* +* Passhash9 Password Hashing +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PASSHASH9_H__ +#define BOTAN_PASSHASH9_H__ + +#include <botan/rng.h> + +namespace Botan { + +/** +* Create a password hash using PBKDF2 +* @param password the password +* @param rng a random number generator +* @Param work_factor how much work to do to slow down guessing attacks +*/ +std::string BOTAN_DLL generate_passhash9(const std::string& password, + RandomNumberGenerator& rng, + u16bit work_factor = 10); + +/** +* Check a previously created password hash +* @param password the password to check against +* @param hash the stored hash to check against +*/ +bool BOTAN_DLL check_passhash9(const std::string& password, + const std::string& hash); + +} + +#endif diff --git a/src/filters/buf_filt.cpp b/src/filters/buf_filt.cpp index 97dd1b890..897fd9be7 100644 --- a/src/filters/buf_filt.cpp +++ b/src/filters/buf_filt.cpp @@ -12,14 +12,6 @@ namespace Botan { -namespace { - -const size_t BUFFER_MULTIPLE = 2; - -//static_assert(BUFFER_MULTIPLE >= 2, "BUFFER_MULTIPLE must be >= 2"); - -} - /* * Buffered_Filter Constructor */ @@ -32,7 +24,7 @@ Buffered_Filter::Buffered_Filter(u32bit b, u32bit f) : if(final_minimum > main_block_mod) throw std::invalid_argument("final_minimum > main_block_mod"); - buffer.resize(BUFFER_MULTIPLE * main_block_mod); + buffer.resize(2 * main_block_mod); buffer_pos = 0; } @@ -54,23 +46,22 @@ void Buffered_Filter::write(const byte input[], u32bit input_size) input += to_copy; input_size -= to_copy; - if(input_size >= final_minimum) - { - u32bit to_proc_blocks = buffer_pos / main_block_mod; - u32bit to_proc_bytes = to_proc_blocks * main_block_mod; + u32bit total_to_consume = + round_down(std::min(buffer_pos, + buffer_pos + input_size - final_minimum), + main_block_mod); - buffered_block(&buffer[0], to_proc_bytes); + buffered_block(&buffer[0], total_to_consume); - buffer_pos -= to_proc_bytes; + buffer_pos -= total_to_consume; - copy_mem(&buffer[0], &buffer[to_proc_bytes], buffer_pos); - } + copy_mem(&buffer[0], &buffer[total_to_consume], buffer_pos); } if(input_size >= final_minimum) { - u32bit full_blocks = (input_size - final_minimum) / buffer.size(); - u32bit to_copy = full_blocks * buffer.size(); + u32bit full_blocks = (input_size - final_minimum) / main_block_mod; + u32bit to_copy = full_blocks * main_block_mod; if(to_copy) { @@ -105,6 +96,8 @@ void Buffered_Filter::end_msg() { buffered_final(&buffer[0], buffer_pos); } + + buffer_pos = 0; } } diff --git a/src/filters/filter.cpp b/src/filters/filter.cpp index ca32a3801..ff223ae8c 100644 --- a/src/filters/filter.cpp +++ b/src/filters/filter.cpp @@ -6,7 +6,7 @@ */ #include <botan/filter.h> -#include <botan/internal/secqueue.h> +#include <botan/secqueue.h> #include <botan/exceptn.h> namespace Botan { diff --git a/src/filters/info.txt b/src/filters/info.txt index 94b91371b..95d411c76 100644 --- a/src/filters/info.txt +++ b/src/filters/info.txt @@ -24,11 +24,11 @@ filters.h key_filt.h pbe.h pipe.h +secqueue.h </header:public> <header:internal> out_buf.h -secqueue.h </header:internal> <requires> diff --git a/src/filters/modes/cbc/cbc.h b/src/filters/modes/cbc/cbc.h index b303a841f..6d9092041 100644 --- a/src/filters/modes/cbc/cbc.h +++ b/src/filters/modes/cbc/cbc.h @@ -39,7 +39,7 @@ class BOTAN_DLL CBC_Encryption : public Keyed_Filter, const SymmetricKey& key, const InitializationVector& iv); - ~CBC_Encryption() { delete padder; } + ~CBC_Encryption() { delete cipher; delete padder; } private: void buffered_block(const byte input[], u32bit input_length); void buffered_final(const byte input[], u32bit input_length); @@ -76,7 +76,7 @@ class BOTAN_DLL CBC_Decryption : public Keyed_Filter, const SymmetricKey& key, const InitializationVector& iv); - ~CBC_Decryption() { delete padder; } + ~CBC_Decryption() { delete cipher; delete padder; } private: void buffered_block(const byte input[], u32bit input_length); void buffered_final(const byte input[], u32bit input_length); diff --git a/src/filters/modes/cfb/cfb.h b/src/filters/modes/cfb/cfb.h index 917125e46..249ae21db 100644 --- a/src/filters/modes/cfb/cfb.h +++ b/src/filters/modes/cfb/cfb.h @@ -34,6 +34,8 @@ class BOTAN_DLL CFB_Encryption : public Keyed_Filter const SymmetricKey& key, const InitializationVector& iv, u32bit feedback = 0); + + ~CFB_Encryption() { delete cipher; } private: void write(const byte[], u32bit); @@ -63,6 +65,8 @@ class BOTAN_DLL CFB_Decryption : public Keyed_Filter const SymmetricKey& key, const InitializationVector& iv, u32bit feedback = 0); + + ~CFB_Decryption() { delete cipher; } private: void write(const byte[], u32bit); diff --git a/src/filters/modes/cts/cts.h b/src/filters/modes/cts/cts.h index 4a7513fa0..c15fa9510 100644 --- a/src/filters/modes/cts/cts.h +++ b/src/filters/modes/cts/cts.h @@ -33,6 +33,8 @@ class BOTAN_DLL CTS_Encryption : public Keyed_Filter CTS_Encryption(BlockCipher* cipher, const SymmetricKey& key, const InitializationVector& iv); + + ~CTS_Encryption() { delete cipher; } private: void write(const byte[], u32bit); void end_msg(); @@ -63,6 +65,8 @@ class BOTAN_DLL CTS_Decryption : public Keyed_Filter CTS_Decryption(BlockCipher* cipher, const SymmetricKey& key, const InitializationVector& iv); + + ~CTS_Decryption() { delete cipher; } private: void write(const byte[], u32bit); void end_msg(); diff --git a/src/filters/modes/xts/xts.cpp b/src/filters/modes/xts/xts.cpp index 68eb0c482..aeef4e88d 100644 --- a/src/filters/modes/xts/xts.cpp +++ b/src/filters/modes/xts/xts.cpp @@ -185,9 +185,6 @@ void XTS_Encryption::buffered_final(const byte input[], u32bit length) input += leftover_blocks; length -= leftover_blocks; - if(length >= 2*cipher->BLOCK_SIZE) - throw std::runtime_error("Die vampire die"); - SecureVector<byte> temp(input, length); xor_buf(temp, tweak, cipher->BLOCK_SIZE); @@ -214,9 +211,12 @@ void XTS_Encryption::buffered_final(const byte input[], u32bit length) */ XTS_Decryption::XTS_Decryption(BlockCipher* ciph) : Buffered_Filter(BOTAN_PARALLEL_BLOCKS_XTS * ciph->BLOCK_SIZE, - ciph->BLOCK_SIZE + 1) + ciph->BLOCK_SIZE + 1), + cipher(ciph) { - cipher = ciph; + if(cipher->BLOCK_SIZE != 8 && cipher->BLOCK_SIZE != 16) + throw std::invalid_argument("Bad cipher for XTS: " + cipher->name()); + cipher2 = ciph->clone(); tweak.resize(BOTAN_PARALLEL_BLOCKS_XTS * cipher->BLOCK_SIZE); } @@ -228,9 +228,12 @@ XTS_Decryption::XTS_Decryption(BlockCipher* ciph, const SymmetricKey& key, const InitializationVector& iv) : Buffered_Filter(BOTAN_PARALLEL_BLOCKS_XTS * ciph->BLOCK_SIZE, - ciph->BLOCK_SIZE + 1) + ciph->BLOCK_SIZE + 1), + cipher(ciph) { - cipher = ciph; + if(cipher->BLOCK_SIZE != 8 && cipher->BLOCK_SIZE != 16) + throw std::invalid_argument("Bad cipher for XTS: " + cipher->name()); + cipher2 = ciph->clone(); tweak.resize(BOTAN_PARALLEL_BLOCKS_XTS * cipher->BLOCK_SIZE); diff --git a/src/filters/modes/xts/xts.h b/src/filters/modes/xts/xts.h index 724085d9d..a01b1da1d 100644 --- a/src/filters/modes/xts/xts.h +++ b/src/filters/modes/xts/xts.h @@ -68,6 +68,8 @@ class BOTAN_DLL XTS_Decryption : public Keyed_Filter, XTS_Decryption(BlockCipher* ciph, const SymmetricKey& key, const InitializationVector& iv); + + ~XTS_Decryption() { delete cipher; delete cipher2; } private: void write(const byte[], u32bit); void end_msg(); diff --git a/src/filters/out_buf.cpp b/src/filters/out_buf.cpp index 80189eb3c..e3ea0cfb5 100644 --- a/src/filters/out_buf.cpp +++ b/src/filters/out_buf.cpp @@ -6,7 +6,7 @@ */ #include <botan/internal/out_buf.h> -#include <botan/internal/secqueue.h> +#include <botan/secqueue.h> namespace Botan { diff --git a/src/filters/pipe.cpp b/src/filters/pipe.cpp index e86b9a964..2e8bc8d10 100644 --- a/src/filters/pipe.cpp +++ b/src/filters/pipe.cpp @@ -7,7 +7,7 @@ #include <botan/pipe.h> #include <botan/internal/out_buf.h> -#include <botan/internal/secqueue.h> +#include <botan/secqueue.h> #include <botan/parsing.h> namespace Botan { diff --git a/src/filters/pipe_rw.cpp b/src/filters/pipe_rw.cpp index de77c6b43..20119c75b 100644 --- a/src/filters/pipe_rw.cpp +++ b/src/filters/pipe_rw.cpp @@ -7,7 +7,7 @@ #include <botan/pipe.h> #include <botan/internal/out_buf.h> -#include <botan/internal/secqueue.h> +#include <botan/secqueue.h> namespace Botan { diff --git a/src/filters/secqueue.cpp b/src/filters/secqueue.cpp index 74897805c..f63ef898c 100644 --- a/src/filters/secqueue.cpp +++ b/src/filters/secqueue.cpp @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/internal/secqueue.h> +#include <botan/secqueue.h> #include <algorithm> namespace Botan { diff --git a/src/filters/secqueue.h b/src/filters/secqueue.h index 75f650030..fc1fc213a 100644 --- a/src/filters/secqueue.h +++ b/src/filters/secqueue.h @@ -16,7 +16,7 @@ namespace Botan { /* * SecureQueue */ -class SecureQueue : public Fanout_Filter, public DataSource +class BOTAN_DLL SecureQueue : public Fanout_Filter, public DataSource { public: void write(const byte[], u32bit); diff --git a/src/hash/md4/md4.h b/src/hash/md4/md4.h index 0b76a70e4..0bff5a4ce 100644 --- a/src/hash/md4/md4.h +++ b/src/hash/md4/md4.h @@ -27,7 +27,7 @@ class BOTAN_DLL MD4 : public MDx_HashFunction void hash_old(const byte[]); void copy_out(byte[]); - SecureBuffer<u32bit, 48> M; + SecureBuffer<u32bit, 16> M; SecureBuffer<u32bit, 4> digest; }; diff --git a/src/hash/md4_ia32/md4_ia32.cpp b/src/hash/md4_ia32/md4_ia32.cpp index 12fe71da4..8a60d8f0e 100644 --- a/src/hash/md4_ia32/md4_ia32.cpp +++ b/src/hash/md4_ia32/md4_ia32.cpp @@ -6,7 +6,6 @@ */ #include <botan/md4_ia32.h> -#include <botan/loadstor.h> namespace Botan { diff --git a/src/hash/md5_ia32/md5_ia32.cpp b/src/hash/md5_ia32/md5_ia32.cpp index 443569b3b..affd0b8f7 100644 --- a/src/hash/md5_ia32/md5_ia32.cpp +++ b/src/hash/md5_ia32/md5_ia32.cpp @@ -6,7 +6,6 @@ */ #include <botan/md5_ia32.h> -#include <botan/loadstor.h> namespace Botan { diff --git a/src/hash/sha1_ia32/sha1_ia32.cpp b/src/hash/sha1_ia32/sha1_ia32.cpp index 0fa0b6bf2..6eecdab56 100644 --- a/src/hash/sha1_ia32/sha1_ia32.cpp +++ b/src/hash/sha1_ia32/sha1_ia32.cpp @@ -6,7 +6,6 @@ */ #include <botan/sha1_ia32.h> -#include <botan/loadstor.h> namespace Botan { diff --git a/src/kdf/kdf2/kdf2.cpp b/src/kdf/kdf2/kdf2.cpp index 167f64436..7cc1d7416 100644 --- a/src/kdf/kdf2/kdf2.cpp +++ b/src/kdf/kdf2/kdf2.cpp @@ -6,7 +6,7 @@ */ #include <botan/kdf2.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> namespace Botan { diff --git a/src/kdf/mgf1/mgf1.cpp b/src/kdf/mgf1/mgf1.cpp index a8c7e5fa3..340e87a7c 100644 --- a/src/kdf/mgf1/mgf1.cpp +++ b/src/kdf/mgf1/mgf1.cpp @@ -6,7 +6,7 @@ */ #include <botan/mgf1.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/exceptn.h> #include <botan/internal/xor_buf.h> #include <algorithm> diff --git a/src/libstate/scan_name.cpp b/src/libstate/scan_name.cpp index 861934200..eccb15565 100644 --- a/src/libstate/scan_name.cpp +++ b/src/libstate/scan_name.cpp @@ -63,7 +63,7 @@ deref_aliases(const std::pair<u32bit, std::string>& in) } -SCAN_Name::SCAN_Name(const std::string& algo_spec) +SCAN_Name::SCAN_Name(std::string algo_spec) { orig_algo_spec = algo_spec; @@ -73,6 +73,8 @@ SCAN_Name::SCAN_Name(const std::string& algo_spec) std::string decoding_error = "Bad SCAN name '" + algo_spec + "': "; + algo_spec = global_state().deref_alias(algo_spec); + for(u32bit i = 0; i != algo_spec.size(); ++i) { char c = algo_spec[i]; diff --git a/src/libstate/scan_name.h b/src/libstate/scan_name.h index 7992d7498..4350dca86 100644 --- a/src/libstate/scan_name.h +++ b/src/libstate/scan_name.h @@ -23,9 +23,9 @@ class BOTAN_DLL SCAN_Name { public: /** - @param algo_spec A SCAN name + @param algo_spec A SCAN-format name */ - SCAN_Name(const std::string& algo_spec); + SCAN_Name(std::string algo_spec); /** @return the original input string diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index 225059e47..b92cd359e 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -7,7 +7,7 @@ #include <botan/bigint.h> #include <botan/internal/mp_core.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/parsing.h> #include <botan/internal/rounding.h> diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index 1d851d1a5..36cfaa6b4 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -80,9 +80,9 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) { PKCS5_PBKDF1 pbkdf(hash_function->clone()); - pbkdf.set_iterations(iterations); - pbkdf.change_salt(salt, salt.size()); - SymmetricKey key_and_iv = pbkdf.derive_key(16, passphrase); + SymmetricKey key_and_iv = pbkdf.derive_key(16, passphrase, + &salt[0], salt.size(), + iterations); key.set(key_and_iv.begin(), 8); iv.set(key_and_iv.begin() + 8, 8); diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index bd24c449b..63772263f 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -87,9 +87,9 @@ void PBE_PKCS5v20::set_key(const std::string& passphrase) { PKCS5_PBKDF2 pbkdf(new HMAC(hash_function->clone())); - pbkdf.set_iterations(iterations); - pbkdf.change_salt(salt, salt.size()); - key = pbkdf.derive_key(key_length, passphrase).bits_of(); + key = pbkdf.derive_key(key_length, passphrase, + &salt[0], salt.size(), + iterations).bits_of(); } /** diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index f2d93af91..97200c481 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -6,7 +6,7 @@ */ #include <botan/hmac_rng.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/internal/xor_buf.h> #include <algorithm> diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 2a8a8400c..c58378b32 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -6,7 +6,7 @@ */ #include <botan/randpool.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/internal/xor_buf.h> #include <algorithm> #include <chrono> diff --git a/src/s2k/info.txt b/src/s2k/info.txt index 1d5226524..861b6f760 100644 --- a/src/s2k/info.txt +++ b/src/s2k/info.txt @@ -1,4 +1,3 @@ <requires> -rng sym_algo </requires> diff --git a/src/s2k/pbkdf1/pbkdf1.cpp b/src/s2k/pbkdf1/pbkdf1.cpp index fcc5b9a97..a8270e26f 100644 --- a/src/s2k/pbkdf1/pbkdf1.cpp +++ b/src/s2k/pbkdf1/pbkdf1.cpp @@ -6,16 +6,17 @@ */ #include <botan/pbkdf1.h> +#include <botan/exceptn.h> namespace Botan { /* * Return a PKCS#5 PBKDF1 derived key */ -OctetString PKCS5_PBKDF1::derive(u32bit key_len, - const std::string& passphrase, - const byte salt[], u32bit salt_size, - u32bit iterations) const +OctetString PKCS5_PBKDF1::derive_key(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const { if(iterations == 0) throw Invalid_Argument("PKCS5_PBKDF1: Invalid iteration count"); diff --git a/src/s2k/pbkdf1/pbkdf1.h b/src/s2k/pbkdf1/pbkdf1.h index 4e5cafdb0..053a2dbe1 100644 --- a/src/s2k/pbkdf1/pbkdf1.h +++ b/src/s2k/pbkdf1/pbkdf1.h @@ -22,6 +22,11 @@ class BOTAN_DLL PKCS5_PBKDF1 : public S2K std::string name() const; S2K* clone() const; + OctetString derive_key(u32bit output_len, + const std::string& passphrase, + const byte salt[], u32bit salt_len, + u32bit iterations) const; + /** * Create a PKCS #5 instance using the specified hash function. * @param hash a pointer to a hash function object to use @@ -33,9 +38,6 @@ class BOTAN_DLL PKCS5_PBKDF1 : public S2K ~PKCS5_PBKDF1() { delete hash; } private: - OctetString derive(u32bit, const std::string&, - const byte[], u32bit, u32bit) const; - HashFunction* hash; }; diff --git a/src/s2k/pbkdf2/pbkdf2.cpp b/src/s2k/pbkdf2/pbkdf2.cpp index 6f790c06b..f1fc6e29f 100644 --- a/src/s2k/pbkdf2/pbkdf2.cpp +++ b/src/s2k/pbkdf2/pbkdf2.cpp @@ -6,7 +6,7 @@ */ #include <botan/pbkdf2.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/internal/xor_buf.h> namespace Botan { @@ -14,10 +14,10 @@ namespace Botan { /* * Return a PKCS#5 PBKDF2 derived key */ -OctetString PKCS5_PBKDF2::derive(u32bit key_len, - const std::string& passphrase, - const byte salt[], u32bit salt_size, - u32bit iterations) const +OctetString PKCS5_PBKDF2::derive_key(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const { if(iterations == 0) throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count"); diff --git a/src/s2k/pbkdf2/pbkdf2.h b/src/s2k/pbkdf2/pbkdf2.h index 7510338bb..b6d231916 100644 --- a/src/s2k/pbkdf2/pbkdf2.h +++ b/src/s2k/pbkdf2/pbkdf2.h @@ -22,6 +22,11 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K std::string name() const; S2K* clone() const; + OctetString derive_key(u32bit output_len, + const std::string& passphrase, + const byte salt[], u32bit salt_len, + u32bit iterations) const; + /** * Create a PKCS #5 instance using the specified message auth code * @param mac the MAC to use @@ -29,9 +34,6 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K PKCS5_PBKDF2(MessageAuthenticationCode* mac); ~PKCS5_PBKDF2(); private: - OctetString derive(u32bit, const std::string&, - const byte[], u32bit, u32bit) const; - MessageAuthenticationCode* mac; }; diff --git a/src/s2k/pgps2k/pgp_s2k.cpp b/src/s2k/pgps2k/pgp_s2k.cpp index 86394d84d..49ff6892c 100644 --- a/src/s2k/pgps2k/pgp_s2k.cpp +++ b/src/s2k/pgps2k/pgp_s2k.cpp @@ -14,9 +14,10 @@ namespace Botan { /* * Derive a key using the OpenPGP S2K algorithm */ -OctetString OpenPGP_S2K::derive(u32bit key_len, const std::string& passphrase, - const byte salt_buf[], u32bit salt_size, - u32bit iterations) const +OctetString OpenPGP_S2K::derive_key(u32bit key_len, + const std::string& passphrase, + const byte salt_buf[], u32bit salt_size, + u32bit iterations) const { SecureVector<byte> key(key_len), hash_buf; diff --git a/src/s2k/pgps2k/pgp_s2k.h b/src/s2k/pgps2k/pgp_s2k.h index 00e95f7fa..7f25623f3 100644 --- a/src/s2k/pgps2k/pgp_s2k.h +++ b/src/s2k/pgps2k/pgp_s2k.h @@ -22,12 +22,14 @@ class BOTAN_DLL OpenPGP_S2K : public S2K std::string name() const; S2K* clone() const; + OctetString derive_key(u32bit output_len, + const std::string& passphrase, + const byte salt[], u32bit salt_len, + u32bit iterations) const; + OpenPGP_S2K(HashFunction* hash_in) : hash(hash_in) {} ~OpenPGP_S2K() { delete hash; } private: - OctetString derive(u32bit, const std::string&, - const byte[], u32bit, u32bit) const; - HashFunction* hash; }; diff --git a/src/s2k/s2k.cpp b/src/s2k/s2k.cpp deleted file mode 100644 index 42064529d..000000000 --- a/src/s2k/s2k.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* -* S2K -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/s2k.h> - -namespace Botan { - -/* -* Derive a key from a passphrase -*/ -OctetString S2K::derive_key(u32bit key_len, - const std::string& passphrase) const - { - return derive(key_len, passphrase, salt, salt.size(), iterations()); - } - -/* -* Set the number of iterations -*/ -void S2K::set_iterations(u32bit i) - { - iter = i; - } - -/* -* Change the salt -*/ -void S2K::change_salt(const byte new_salt[], u32bit length) - { - salt.set(new_salt, length); - } - -/* -* Change the salt -*/ -void S2K::change_salt(const MemoryRegion<byte>& new_salt) - { - change_salt(new_salt.begin(), new_salt.size()); - } - -/* -* Create a new random salt -*/ -void S2K::new_random_salt(RandomNumberGenerator& rng, - u32bit length) - { - salt.resize(length); - rng.randomize(salt, length); - } - -} diff --git a/src/s2k/s2k.h b/src/s2k/s2k.h index ca86ab77a..f3b8b3901 100644 --- a/src/s2k/s2k.h +++ b/src/s2k/s2k.h @@ -9,7 +9,6 @@ #define BOTAN_S2K_H__ #include <botan/symkey.h> -#include <botan/rng.h> namespace Botan { @@ -39,63 +38,22 @@ class BOTAN_DLL S2K /** * Derive a key from a passphrase with this S2K object. It will use * the salt value and number of iterations configured in this object. - * @param key_len the desired length of the key to produce + * @param output_len the desired length of the key to produce * @param passphrase the password to derive the key from + * @param salt the randomly chosen salt + * @param salt_len length of salt in bytes + * @param iterations the number of iterations to use (use 10K or more) */ - OctetString derive_key(u32bit key_len, - const std::string& passphrase) const; + virtual OctetString derive_key(u32bit output_len, + const std::string& passphrase, + const byte salt[], u32bit salt_len, + u32bit iterations) const = 0; - /** - * Set the number of iterations for the one-way function during - * key generation. - * @param n the desired number of iterations - */ - void set_iterations(u32bit n); - - /** - * Set a new salt value. - * @param new_salt a byte array defining the new salt value - * @param len the length of the above byte array - */ - void change_salt(const byte new_salt[], u32bit len); - - /** - * Set a new salt value. - * @param new_salt the new salt value - */ - void change_salt(const MemoryRegion<byte>& new_salt); - - /** - * Create a new random salt value using the rng - * @param rng the random number generator to use - * @param len the desired length of the new salt value - */ - void new_random_salt(RandomNumberGenerator& rng, u32bit len); - - /** - * Get the number of iterations for the key derivation currently - * configured in this S2K object. - * @return the current number of iterations - */ - u32bit iterations() const { return iter; } - - /** - * Get the currently configured salt value of this S2K object. - * @return the current salt value - */ - SecureVector<byte> current_salt() const { return salt; } - - S2K() { iter = 0; } + S2K() {} virtual ~S2K() {} S2K(const S2K&) = delete; S2K& operator=(const S2K&) = delete; - private: - virtual OctetString derive(u32bit, const std::string&, - const byte[], u32bit, u32bit) const = 0; - - SecureVector<byte> salt; - u32bit iter; }; } diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp index 924d29b1b..8d801b75f 100644 --- a/src/utils/cpuid.cpp +++ b/src/utils/cpuid.cpp @@ -7,7 +7,7 @@ #include <botan/cpuid.h> #include <botan/types.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> #include <botan/mem_ops.h> #if defined(BOTAN_TARGET_OS_IS_DARWIN) diff --git a/src/utils/debug.h b/src/utils/debug.h index c7f19c1b1..271e0047b 100644 --- a/src/utils/debug.h +++ b/src/utils/debug.h @@ -9,26 +9,23 @@ #define BOTAN_DEBUG_H__ #include <botan/secmem.h> -#include <iostream> +#include <cstdio> namespace Botan { namespace Debug { -template<typename T> -void print_vec(const std::string& name, - const T array[], size_t array_len) +inline void print_vec(const std::string& name, + const byte array[], size_t array_len) { - std::cout << name << " = "; - + std::printf("%s = ", name.c_str()); for(size_t i = 0; i != array_len; ++i) - std::cout << std::hex << array[i]; - std::cout << std::endl; + std::printf("%02X", array[i]); + std::printf("\n"); } -template<typename T> -void print_vec(const std::string& name, - const MemoryRegion<T>& vec) +inline void print_vec(const std::string& name, + const MemoryRegion<byte>& vec) { print_vec(name, &vec[0], vec.size()); } diff --git a/src/utils/get_byte.h b/src/utils/get_byte.h new file mode 100644 index 000000000..fce87af83 --- /dev/null +++ b/src/utils/get_byte.h @@ -0,0 +1,27 @@ +/* +* Read out bytes +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_GET_BYTE_H__ +#define BOTAN_GET_BYTE_H__ + +#include <botan/types.h> + +namespace Botan { + +/* +* Byte Extraction Function +*/ +template<typename T> inline byte get_byte(u32bit byte_num, T input) + { + return static_cast<byte>( + input >> ((sizeof(T)-1-(byte_num&(sizeof(T)-1))) << 3) + ); + } + +} + +#endif diff --git a/src/utils/info.txt b/src/utils/info.txt index 8f4ad5f0e..2fb17fd80 100644 --- a/src/utils/info.txt +++ b/src/utils/info.txt @@ -36,6 +36,7 @@ time.h types.h ui.h version.h +get_byte.h </header:public> <libs> diff --git a/src/utils/loadstor.h b/src/utils/loadstor.h index bd2acc87d..ffd27540d 100644 --- a/src/utils/loadstor.h +++ b/src/utils/loadstor.h @@ -11,6 +11,7 @@ #include <botan/types.h> #include <botan/bswap.h> +#include <botan/get_byte.h> #include <cstring> #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK @@ -38,16 +39,6 @@ namespace Botan { /* -* Byte Extraction Function -*/ -template<typename T> inline byte get_byte(u32bit byte_num, T input) - { - return static_cast<byte>( - input >> ((sizeof(T)-1-(byte_num&(sizeof(T)-1))) << 3) - ); - } - -/* * Byte to Word Conversions */ inline u16bit make_u16bit(byte i0, byte i1) diff --git a/src/utils/mlock.cpp b/src/utils/mlock.cpp index bb3a38d4e..5d6fc3591 100644 --- a/src/utils/mlock.cpp +++ b/src/utils/mlock.cpp @@ -22,9 +22,9 @@ namespace Botan { bool lock_mem(void* ptr, u32bit bytes) { #if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) - return (mlock(ptr, bytes) == 0); + return (::mlock(ptr, bytes) == 0); #elif defined(BOTAN_TARGET_OS_HAS_WIN32_VIRTUAL_LOCK) - return (VirtualLock(ptr, bytes) != 0); + return (::VirtualLock(ptr, bytes) != 0); #else return false; #endif @@ -36,9 +36,9 @@ bool lock_mem(void* ptr, u32bit bytes) void unlock_mem(void* ptr, u32bit bytes) { #if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) - munlock(ptr, bytes); + ::munlock(ptr, bytes); #elif defined(BOTAN_TARGET_OS_HAS_WIN32_VIRTUAL_LOCK) - VirtualUnlock(ptr, bytes); + ::VirtualUnlock(ptr, bytes); #endif } diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp index 3b5ee42d0..2c1a02c90 100644 --- a/src/utils/parsing.cpp +++ b/src/utils/parsing.cpp @@ -8,7 +8,7 @@ #include <botan/parsing.h> #include <botan/exceptn.h> #include <botan/charset.h> -#include <botan/loadstor.h> +#include <botan/get_byte.h> namespace Botan { |