diff options
Diffstat (limited to 'src')
90 files changed, 846 insertions, 697 deletions
diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index b317fa735..f149a0ac0 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -1,6 +1,6 @@ /* * AES -* (C) 1999-2009 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -410,13 +410,16 @@ const u32bit TD[1024] = { 0x3C498B28, 0x0D9541FF, 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0 }; -} - /* * AES Encryption */ -void AES::encrypt_n(const byte in[], byte out[], size_t blocks) const +void aes_encrypt_n(const byte in[], byte out[], + size_t blocks, + const MemoryRegion<u32bit>& EK, + const MemoryRegion<byte>& ME) { + const size_t BLOCK_SIZE = 16; + const u32bit* TE0 = TE; const u32bit* TE1 = TE + 256; const u32bit* TE2 = TE + 512; @@ -522,8 +525,12 @@ void AES::encrypt_n(const byte in[], byte out[], size_t blocks) const /* * AES Decryption */ -void AES::decrypt_n(const byte in[], byte out[], size_t blocks) const +void aes_decrypt_n(const byte in[], byte out[], size_t blocks, + const MemoryRegion<u32bit>& DK, + const MemoryRegion<byte>& MD) { + const size_t BLOCK_SIZE = 16; + const u32bit* TD0 = TD; const u32bit* TD1 = TD + 256; const u32bit* TD2 = TD + 512; @@ -599,18 +606,19 @@ void AES::decrypt_n(const byte in[], byte out[], size_t blocks) const } } -/* -* AES Key Schedule -*/ -void AES::key_schedule(const byte key[], size_t length) +void aes_key_schedule(const byte key[], size_t length, + MemoryRegion<u32bit>& EK, + MemoryRegion<u32bit>& DK, + MemoryRegion<byte>& ME, + MemoryRegion<byte>& MD) { static const u32bit RC[10] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, - 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; const u32bit rounds = (length / 4) + 6; - SecureVector<u32bit> XEK(64), XDK(64); + SecureVector<u32bit> XEK(length + 32), XDK(length + 32); const size_t X = length / 4; for(size_t i = 0; i != X; ++i) @@ -618,13 +626,23 @@ void AES::key_schedule(const byte key[], size_t length) for(size_t i = X; i < 4*(rounds+1); i += X) { - XEK[i] = XEK[i-X] ^ S(rotate_left(XEK[i-1], 8)) ^ RC[(i-X)/X]; + XEK[i] = XEK[i-X] ^ RC[(i-X)/X] ^ + make_u32bit(SE[get_byte(1, XEK[i-1])], + SE[get_byte(2, XEK[i-1])], + SE[get_byte(3, XEK[i-1])], + SE[get_byte(0, XEK[i-1])]); + for(size_t j = 1; j != X; ++j) { + XEK[i+j] = XEK[i+j-X]; + if(X == 8 && j == 4) - XEK[i+j] = XEK[i+j-X] ^ S(XEK[i+j-1]); + XEK[i+j] ^= make_u32bit(SE[get_byte(0, XEK[i+j-1])], + SE[get_byte(1, XEK[i+j-1])], + SE[get_byte(2, XEK[i+j-1])], + SE[get_byte(3, XEK[i+j-1])]); else - XEK[i+j] = XEK[i+j-X] ^ XEK[i+j-1]; + XEK[i+j] ^= XEK[i+j-1]; } } @@ -652,38 +670,70 @@ void AES::key_schedule(const byte key[], size_t length) DK.set(&XDK[0], length + 24); } -/* -* AES Byte Substitution -*/ -u32bit AES::S(u32bit input) +} + +void AES_128::encrypt_n(const byte in[], byte out[], size_t blocks) const { - return make_u32bit(SE[get_byte(0, input)], SE[get_byte(1, input)], - SE[get_byte(2, input)], SE[get_byte(3, input)]); + aes_encrypt_n(in, out, blocks, EK, ME); } -/* -* AES Constructor -*/ -AES::AES() : BlockCipher_Fixed_Block_Size(16, 32, 8), - EK(0), ME(16), DK(0), MD(16) +void AES_128::decrypt_n(const byte in[], byte out[], size_t blocks) const { + aes_decrypt_n(in, out, blocks, DK, MD); } -/* -* AES Constructor -*/ -AES::AES(size_t key_size) : BlockCipher_Fixed_Block_Size(key_size), - EK(key_size+24), ME(16), - DK(key_size+24), MD(16) +void AES_128::key_schedule(const byte key[], size_t length) { - if(key_size != 16 && key_size != 24 && key_size != 32) - throw Invalid_Key_Length(name(), key_size); + aes_key_schedule(key, length, EK, DK, ME, MD); } -/* -* Clear memory of sensitive data -*/ -void AES::clear() +void AES_128::clear() + { + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); + } + +void AES_192::encrypt_n(const byte in[], byte out[], size_t blocks) const + { + aes_encrypt_n(in, out, blocks, EK, ME); + } + +void AES_192::decrypt_n(const byte in[], byte out[], size_t blocks) const + { + aes_decrypt_n(in, out, blocks, DK, MD); + } + +void AES_192::key_schedule(const byte key[], size_t length) + { + aes_key_schedule(key, length, EK, DK, ME, MD); + } + +void AES_192::clear() + { + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); + } + +void AES_256::encrypt_n(const byte in[], byte out[], size_t blocks) const + { + aes_encrypt_n(in, out, blocks, EK, ME); + } + +void AES_256::decrypt_n(const byte in[], byte out[], size_t blocks) const + { + aes_decrypt_n(in, out, blocks, DK, MD); + } + +void AES_256::key_schedule(const byte key[], size_t length) + { + aes_key_schedule(key, length, EK, DK, ME, MD); + } + +void AES_256::clear() { zeroise(EK); zeroise(DK); diff --git a/src/block/aes/aes.h b/src/block/aes/aes.h index d2e051f83..a165f83b5 100644 --- a/src/block/aes/aes.h +++ b/src/block/aes/aes.h @@ -1,6 +1,6 @@ /* * AES -* (C) 1999-2009 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -13,68 +13,69 @@ namespace Botan { /** -* Rijndael aka AES +* AES-128 */ -class BOTAN_DLL AES : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> { public: - std::string name() const { return "AES"; } + AES_128() : EK(40), DK(40), ME(16), MD(16) {} void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; void clear(); - BlockCipher* clone() const { return new AES; } - - AES(); - - /** - * AES fixed to a particular key_size (16, 24, or 32 bytes) - * @param key_size the chosen fixed key size - */ - AES(size_t key_size); - private: - void key_schedule(const byte[], size_t); - static u32bit S(u32bit); - SecureVector<u32bit> EK; - SecureVector<byte> ME; - - SecureVector<u32bit > DK; - SecureVector<byte> MD; - }; - -/** -* AES-128 -*/ -class BOTAN_DLL AES_128 : public AES - { - public: std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128; } - AES_128() : AES(16) {} + private: + void key_schedule(const byte key[], size_t length); + + SecureVector<u32bit> EK, DK; + SecureVector<byte> ME, MD; }; /** * AES-192 */ -class BOTAN_DLL AES_192 : public AES +class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> { public: + AES_192() : EK(48), DK(48), ME(16), MD(16) {} + + void encrypt_n(const byte in[], byte out[], size_t blocks) const; + void decrypt_n(const byte in[], byte out[], size_t blocks) const; + + void clear(); + std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192; } - AES_192() : AES(24) {} + private: + void key_schedule(const byte key[], size_t length); + + SecureVector<u32bit> EK, DK; + SecureVector<byte> ME, MD; }; /** * AES-256 */ -class BOTAN_DLL AES_256 : public AES +class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> { public: + AES_256() : EK(56), DK(56), ME(16), MD(16) {} + + void encrypt_n(const byte in[], byte out[], size_t blocks) const; + void decrypt_n(const byte in[], byte out[], size_t blocks) const; + + void clear(); + std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256; } - AES_256() : AES(32) {} + private: + void key_schedule(const byte key[], size_t length); + + SecureVector<u32bit> EK, DK; + SecureVector<byte> ME, MD; }; } diff --git a/src/block/aes_intel/aes_intel.h b/src/block/aes_intel/aes_intel.h index 1d8a68389..a8e6b53e8 100644 --- a/src/block/aes_intel/aes_intel.h +++ b/src/block/aes_intel/aes_intel.h @@ -15,7 +15,7 @@ namespace Botan { /** * AES-128 using AES-NI */ -class BOTAN_DLL AES_128_Intel : public BlockCipher +class BOTAN_DLL AES_128_Intel : public Block_Cipher_Fixed_Params<16, 16> { public: size_t parallelism() const { return 4; } @@ -27,17 +27,17 @@ class BOTAN_DLL AES_128_Intel : public BlockCipher std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128_Intel; } - AES_128_Intel() : BlockCipher(16, 16) { } + AES_128_Intel() : EK(44), DK(44) { } private: void key_schedule(const byte[], size_t); - SecureVector<u32bit, 44> EK, DK; + SecureVector<u32bit> EK, DK; }; /** * AES-192 using AES-NI */ -class BOTAN_DLL AES_192_Intel : public BlockCipher +class BOTAN_DLL AES_192_Intel : public Block_Cipher_Fixed_Params<16, 24> { public: size_t parallelism() const { return 4; } @@ -49,17 +49,17 @@ class BOTAN_DLL AES_192_Intel : public BlockCipher std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192_Intel; } - AES_192_Intel() : BlockCipher(16, 24) { } + AES_192_Intel() : EK(52), DK(52) { } private: void key_schedule(const byte[], size_t); - SecureVector<u32bit, 52> EK, DK; + SecureVector<u32bit> EK, DK; }; /** * AES-256 using AES-NI */ -class BOTAN_DLL AES_256_Intel : public BlockCipher +class BOTAN_DLL AES_256_Intel : public Block_Cipher_Fixed_Params<16, 32> { public: size_t parallelism() const { return 4; } @@ -71,11 +71,11 @@ class BOTAN_DLL AES_256_Intel : public BlockCipher std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256_Intel; } - AES_256_Intel() : BlockCipher(16, 32) { } + AES_256_Intel() : EK(60), DK(60) { } private: void key_schedule(const byte[], size_t); - SecureVector<u32bit, 60> EK, DK; + SecureVector<u32bit> EK, DK; }; } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 59bb85f12..686b7999f 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -15,7 +15,7 @@ namespace Botan { /** * AES-128 using SSSE3 */ -class BOTAN_DLL AES_128_SSSE3 : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,8 +25,7 @@ class BOTAN_DLL AES_128_SSSE3 : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128_SSSE3; } - AES_128_SSSE3() : BlockCipher_Fixed_Block_Size(16), - EK(44), DK(44) {} + AES_128_SSSE3() : EK(44), DK(44) {} private: void key_schedule(const byte[], size_t); @@ -36,7 +35,7 @@ class BOTAN_DLL AES_128_SSSE3 : public BlockCipher_Fixed_Block_Size<16> /** * AES-192 using SSSE3 */ -class BOTAN_DLL AES_192_SSSE3 : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -46,8 +45,7 @@ class BOTAN_DLL AES_192_SSSE3 : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192_SSSE3; } - AES_192_SSSE3() : BlockCipher_Fixed_Block_Size(24), - EK(52), DK(52) {} + AES_192_SSSE3() : EK(52), DK(52) {} private: void key_schedule(const byte[], size_t); @@ -57,7 +55,7 @@ class BOTAN_DLL AES_192_SSSE3 : public BlockCipher_Fixed_Block_Size<16> /** * AES-256 using SSSE3 */ -class BOTAN_DLL AES_256_SSSE3 : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -67,8 +65,7 @@ class BOTAN_DLL AES_256_SSSE3 : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256_SSSE3; } - AES_256_SSSE3() : BlockCipher_Fixed_Block_Size(32), - EK(60), DK(60) {} + AES_256_SSSE3() : EK(60), DK(60) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/block_cipher.h b/src/block/block_cipher.h index 3e14e0739..b5a3c8439 100644 --- a/src/block/block_cipher.h +++ b/src/block/block_cipher.h @@ -115,17 +115,17 @@ class BOTAN_DLL BlockCipher : public SymmetricAlgorithm virtual void clear() = 0; }; -template<size_t N> -class BlockCipher_Fixed_Block_Size : public BlockCipher +/** +* Represents a block cipher with a single fixed block size +*/ +template<size_t BS, size_t KMIN, size_t KMAX = 0, size_t KMOD = 1> +class Block_Cipher_Fixed_Params : public BlockCipher { public: - BlockCipher_Fixed_Block_Size(size_t kmin, - size_t kmax = 0, - size_t kmod = 1) : - BlockCipher(kmin, kmax, kmod) {} + Block_Cipher_Fixed_Params() : BlockCipher(KMIN, KMAX, KMOD) {} - enum { BLOCK_SIZE = N }; - size_t block_size() const { return N; } + enum { BLOCK_SIZE = BS }; + size_t block_size() const { return BS; } }; } diff --git a/src/block/blowfish/blowfish.h b/src/block/blowfish/blowfish.h index c9bf8b2e0..b89ffcaaa 100644 --- a/src/block/blowfish/blowfish.h +++ b/src/block/blowfish/blowfish.h @@ -15,7 +15,7 @@ namespace Botan { /** * Blowfish */ -class BOTAN_DLL Blowfish : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL Blowfish : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "Blowfish"; } BlockCipher* clone() const { return new Blowfish; } - Blowfish() : BlockCipher_Fixed_Block_Size(1, 56), S(1024), P(18) {} + Blowfish() : S(1024), P(18) {} private: void key_schedule(const byte[], size_t); void generate_sbox(MemoryRegion<u32bit>& box, diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 3ecbcaa5a..10c646c94 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -15,7 +15,7 @@ namespace Botan { /** * CAST-128 */ -class BOTAN_DLL CAST_128 : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL CAST_128 : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "CAST-128"; } BlockCipher* clone() const { return new CAST_128; } - CAST_128() : BlockCipher_Fixed_Block_Size(11, 16), MK(16), RK(16) {} + CAST_128() : MK(16), RK(16) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 0dda7f0d7..2f2beef47 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -15,7 +15,7 @@ namespace Botan { /** * CAST-256 */ -class BOTAN_DLL CAST_256 : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL CAST_256 : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "CAST-256"; } BlockCipher* clone() const { return new CAST_256; } - CAST_256() : BlockCipher_Fixed_Block_Size(4, 32, 4), MK(48), RK(48) {} + CAST_256() : MK(48), RK(48) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/des/des.h b/src/block/des/des.h index d758cc4c1..db5a375e0 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -15,7 +15,7 @@ namespace Botan { /** * DES */ -class BOTAN_DLL DES : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL DES : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "DES"; } BlockCipher* clone() const { return new DES; } - DES() : BlockCipher_Fixed_Block_Size(8), round_key(32) {} + DES() : round_key(32) {} private: void key_schedule(const byte[], size_t); @@ -35,7 +35,7 @@ class BOTAN_DLL DES : public BlockCipher_Fixed_Block_Size<8> /** * Triple DES */ -class BOTAN_DLL TripleDES : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -45,7 +45,7 @@ class BOTAN_DLL TripleDES : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "TripleDES"; } BlockCipher* clone() const { return new TripleDES; } - TripleDES() : BlockCipher_Fixed_Block_Size(16, 24, 8), round_key(96) {} + TripleDES() : round_key(96) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 962575529..993eca86b 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -15,7 +15,7 @@ namespace Botan { /** * DESX */ -class BOTAN_DLL DESX : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL DESX : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "DESX"; } BlockCipher* clone() const { return new DESX; } - DESX() : BlockCipher_Fixed_Block_Size(24), K1(8), K2(8) {} + DESX() : K1(8), K2(8) {} private: void key_schedule(const byte[], size_t); SecureVector<byte> K1, K2; diff --git a/src/block/gost_28147/gost_28147.cpp b/src/block/gost_28147/gost_28147.cpp index 9adc0d568..07f3359cd 100644 --- a/src/block/gost_28147/gost_28147.cpp +++ b/src/block/gost_28147/gost_28147.cpp @@ -52,7 +52,7 @@ GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : name(n) * GOST Constructor */ GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : - BlockCipher_Fixed_Block_Size(32), SBOX(1024), EK(8) + SBOX(1024), EK(8) { // Convert the parallel 4x4 sboxes into larger word-based sboxes for(size_t i = 0; i != 4; ++i) diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index adf542bbe..75ba74c44 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -49,7 +49,7 @@ class BOTAN_DLL GOST_28147_89_Params /** * GOST 28147-89 */ -class BOTAN_DLL GOST_28147_89 : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -66,7 +66,7 @@ class BOTAN_DLL GOST_28147_89 : public BlockCipher_Fixed_Block_Size<8> GOST_28147_89(const GOST_28147_89_Params& params); private: GOST_28147_89(const SecureVector<u32bit>& other_SBOX) : - BlockCipher_Fixed_Block_Size(32), SBOX(other_SBOX), EK(8) {} + SBOX(other_SBOX), EK(8) {} void key_schedule(const byte[], size_t); diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index 3552d282f..42fa60c47 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -15,7 +15,7 @@ namespace Botan { /** * IDEA */ -class BOTAN_DLL IDEA : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL IDEA : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "IDEA"; } BlockCipher* clone() const { return new IDEA; } - IDEA() : BlockCipher_Fixed_Block_Size(16), EK(52), DK(52) {} + IDEA() : EK(52), DK(52) {} protected: /** * @return const reference to encryption subkeys diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index 7b416f193..7871aa170 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -15,7 +15,7 @@ namespace Botan { /** * KASUMI, the block cipher used in 3G telephony */ -class BOTAN_DLL KASUMI : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL KASUMI : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "KASUMI"; } BlockCipher* clone() const { return new KASUMI; } - KASUMI() : BlockCipher_Fixed_Block_Size(16), EK(64) {} + KASUMI() : EK(64) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index 7a53d116b..5ca05f886 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -15,7 +15,7 @@ namespace Botan { /** * MARS, IBM's candidate for AES */ -class BOTAN_DLL MARS : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL MARS : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "MARS"; } BlockCipher* clone() const { return new MARS; } - MARS() : BlockCipher_Fixed_Block_Size(16, 32, 4), EK(40) {} + MARS() : EK(40) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/misty1/misty1.cpp b/src/block/misty1/misty1.cpp index 9ad30502c..77d1047b1 100644 --- a/src/block/misty1/misty1.cpp +++ b/src/block/misty1/misty1.cpp @@ -251,9 +251,7 @@ void MISTY1::key_schedule(const byte key[], size_t length) /* * MISTY1 Constructor */ -MISTY1::MISTY1(size_t rounds) : - BlockCipher_Fixed_Block_Size(16), - EK(100), DK(100) +MISTY1::MISTY1(size_t rounds) : EK(100), DK(100) { if(rounds != 8) throw Invalid_Argument("MISTY1: Invalid number of rounds: " diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index 3bd05b4c6..14d8a2958 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -15,7 +15,7 @@ namespace Botan { /** * MISTY1 */ -class BOTAN_DLL MISTY1 : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; diff --git a/src/block/noekeon/noekeon.h b/src/block/noekeon/noekeon.h index 79c627579..7c5c73dcb 100644 --- a/src/block/noekeon/noekeon.h +++ b/src/block/noekeon/noekeon.h @@ -15,7 +15,7 @@ namespace Botan { /** * Noekeon */ -class BOTAN_DLL Noekeon : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL Noekeon : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "Noekeon"; } BlockCipher* clone() const { return new Noekeon; } - Noekeon() : BlockCipher_Fixed_Block_Size(16), EK(4), DK(4) {} + Noekeon() : EK(4), DK(4) {} protected: /** * The Noekeon round constants diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index ad4b1a308..1ebad1e73 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC2 */ -class BOTAN_DLL RC2 : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -32,7 +32,7 @@ class BOTAN_DLL RC2 : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "RC2"; } BlockCipher* clone() const { return new RC2; } - RC2() : BlockCipher_Fixed_Block_Size(1, 32), K(64) {} + RC2() : K(64) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/rc5/rc5.cpp b/src/block/rc5/rc5.cpp index d08b44425..981f73564 100644 --- a/src/block/rc5/rc5.cpp +++ b/src/block/rc5/rc5.cpp @@ -122,7 +122,7 @@ std::string RC5::name() const /* * RC5 Constructor */ -RC5::RC5(size_t rounds) : BlockCipher_Fixed_Block_Size(1, 32) +RC5::RC5(size_t rounds) { if(rounds < 8 || rounds > 32 || (rounds % 4 != 0)) throw Invalid_Argument("RC5: Invalid number of rounds " + diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index cb282af4e..c69705471 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC5 */ -class BOTAN_DLL RC5 : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index 8446138e0..af7b62316 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -15,7 +15,7 @@ namespace Botan { /** * RC6, Ron Rivest's AES candidate */ -class BOTAN_DLL RC6 : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL RC6 : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "RC6"; } BlockCipher* clone() const { return new RC6; } - RC6() : BlockCipher_Fixed_Block_Size(1, 32), S(44) {} + RC6() : S(44) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/safer/safer_sk.cpp b/src/block/safer/safer_sk.cpp index a91e5f687..1d103040d 100644 --- a/src/block/safer/safer_sk.cpp +++ b/src/block/safer/safer_sk.cpp @@ -131,8 +131,7 @@ BlockCipher* SAFER_SK::clone() const /* * SAFER-SK Constructor */ -SAFER_SK::SAFER_SK(size_t rounds) : - BlockCipher_Fixed_Block_Size(16) +SAFER_SK::SAFER_SK(size_t rounds) { if(rounds > 13 || rounds == 0) throw Invalid_Argument(name() + ": Invalid number of rounds"); diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index 2fde757bd..803afffa0 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -15,7 +15,7 @@ namespace Botan { /** * SAFER-SK */ -class BOTAN_DLL SAFER_SK : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 649e28a68..979312930 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -15,7 +15,7 @@ namespace Botan { /** * SEED, a Korean block cipher */ -class BOTAN_DLL SEED : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL SEED : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "SEED"; } BlockCipher* clone() const { return new SEED; } - SEED() : BlockCipher_Fixed_Block_Size(16), K(32) {} + SEED() : K(32) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index fccdcf214..33bd747cd 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -15,7 +15,7 @@ namespace Botan { /** * Serpent, an AES finalist */ -class BOTAN_DLL Serpent : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,8 +25,7 @@ class BOTAN_DLL Serpent : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "Serpent"; } BlockCipher* clone() const { return new Serpent; } - Serpent() : BlockCipher_Fixed_Block_Size(16, 32, 8), - round_key(132) {} + Serpent() : round_key(132) {} protected: /** * For use by subclasses using SIMD, asm, etc diff --git a/src/block/skipjack/skipjack.h b/src/block/skipjack/skipjack.h index 73ae28de2..051d35351 100644 --- a/src/block/skipjack/skipjack.h +++ b/src/block/skipjack/skipjack.h @@ -15,7 +15,7 @@ namespace Botan { /** * Skipjack, a NSA designed cipher used in Fortezza */ -class BOTAN_DLL Skipjack : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL Skipjack : public Block_Cipher_Fixed_Params<8, 10> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL Skipjack : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "Skipjack"; } BlockCipher* clone() const { return new Skipjack; } - Skipjack() : BlockCipher_Fixed_Block_Size(10), FTAB(2560) {} + Skipjack() : FTAB(2560) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/square/square.h b/src/block/square/square.h index d6df63131..5147c0383 100644 --- a/src/block/square/square.h +++ b/src/block/square/square.h @@ -15,7 +15,7 @@ namespace Botan { /** * Square */ -class BOTAN_DLL Square : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL Square : public Block_Cipher_Fixed_Params<16, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,9 +25,7 @@ class BOTAN_DLL Square : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "Square"; } BlockCipher* clone() const { return new Square; } - Square() : BlockCipher_Fixed_Block_Size(16), - EK(28), DK(28), ME(32), MD(32) {} - + Square() : EK(28), DK(28), ME(32), MD(32) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index a7318ba5c..0290b112f 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -15,7 +15,7 @@ namespace Botan { /** * TEA */ -class BOTAN_DLL TEA : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL TEA : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "TEA"; } BlockCipher* clone() const { return new TEA; } - TEA() : BlockCipher_Fixed_Block_Size(16), K(4) {} + TEA() : K(4) {} private: void key_schedule(const byte[], size_t); SecureVector<u32bit> K; diff --git a/src/block/twofish/twofish.h b/src/block/twofish/twofish.h index a212bd285..7594bdcfd 100644 --- a/src/block/twofish/twofish.h +++ b/src/block/twofish/twofish.h @@ -15,7 +15,7 @@ namespace Botan { /** * Twofish, an AES finalist */ -class BOTAN_DLL Twofish : public BlockCipher_Fixed_Block_Size<16> +class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,9 +25,7 @@ class BOTAN_DLL Twofish : public BlockCipher_Fixed_Block_Size<16> std::string name() const { return "Twofish"; } BlockCipher* clone() const { return new Twofish; } - Twofish() : BlockCipher_Fixed_Block_Size(16, 32, 8), - SB(1024), RK(40) {} - + Twofish() : SB(1024), RK(40) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index 539725be8..985e9d6d1 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -15,7 +15,7 @@ namespace Botan { /** * XTEA */ -class BOTAN_DLL XTEA : public BlockCipher_Fixed_Block_Size<8> +class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> { public: void encrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -25,7 +25,7 @@ class BOTAN_DLL XTEA : public BlockCipher_Fixed_Block_Size<8> std::string name() const { return "XTEA"; } BlockCipher* clone() const { return new XTEA; } - XTEA() : BlockCipher_Fixed_Block_Size(16), EK(64) {} + XTEA() : EK(64) {} protected: /** * @return const reference to the key schedule diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index be49ec46a..7c0e103d1 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -94,7 +94,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const u32bit X509_CERT_VERSION = 3; - const u32bit SERIAL_BITS = 128; + const size_t SERIAL_BITS = 128; BigInt serial_no(rng, SERIAL_BITS); diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 616644e5c..88cab96c5 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -52,11 +52,11 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object() */ Extensions& Extensions::operator=(const Extensions& other) { - for(u32bit i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != extensions.size(); ++i) delete extensions[i].first; extensions.clear(); - for(u32bit i = 0; i != other.extensions.size(); ++i) + for(size_t i = 0; i != other.extensions.size(); ++i) extensions.push_back( std::make_pair(other.extensions[i].first->copy(), other.extensions[i].second)); @@ -82,7 +82,7 @@ void Extensions::add(Certificate_Extension* extn, bool critical) */ void Extensions::encode_into(DER_Encoder& to_object) const { - for(u32bit i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != extensions.size(); ++i) { const Certificate_Extension* ext = extensions[i].first; const bool is_critical = extensions[i].second; @@ -105,7 +105,7 @@ void Extensions::encode_into(DER_Encoder& to_object) const */ void Extensions::decode_from(BER_Decoder& from_source) { - for(u32bit i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != extensions.size(); ++i) delete extensions[i].first; extensions.clear(); @@ -148,7 +148,7 @@ void Extensions::decode_from(BER_Decoder& from_source) void Extensions::contents_to(Data_Store& subject_info, Data_Store& issuer_info) const { - for(u32bit i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != extensions.size(); ++i) extensions[i].first->contents_to(subject_info, issuer_info); } @@ -157,7 +157,7 @@ void Extensions::contents_to(Data_Store& subject_info, */ Extensions::~Extensions() { - for(u32bit i = 0; i != extensions.size(); ++i) + for(size_t i = 0; i != extensions.size(); ++i) delete extensions[i].first; } @@ -222,7 +222,7 @@ MemoryVector<byte> Key_Usage::encode_inner() const if(constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); - const u32bit unused_bits = low_bit(constraints) - 1; + const size_t unused_bits = low_bit(constraints) - 1; MemoryVector<byte> der; der.push_back(BIT_STRING); @@ -257,7 +257,7 @@ void Key_Usage::decode_inner(const MemoryRegion<byte>& in) obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]); u16bit usage = 0; - for(u32bit i = 1; i != obj.value.size(); ++i) + for(size_t i = 1; i != obj.value.size(); ++i) usage = (obj.value[i] << 8) | usage; constraints = Key_Constraints(usage); @@ -429,7 +429,7 @@ void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in) */ void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const { - for(u32bit i = 0; i != oids.size(); ++i) + for(size_t i = 0; i != oids.size(); ++i) subject.add("X509v3.ExtendedKeyUsage", oids[i].as_string()); } @@ -498,7 +498,7 @@ void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in) */ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const { - for(u32bit i = 0; i != oids.size(); ++i) + for(size_t i = 0; i != oids.size(); ++i) info.add("X509v3.ExtendedKeyUsage", oids[i].as_string()); } diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index a06cad0ba..a635b3930 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -186,7 +186,7 @@ X509_Store::X509_Store(const X509_Store& other) certs = other.certs; revoked = other.revoked; revoked_info_valid = other.revoked_info_valid; - for(u32bit j = 0; j != other.stores.size(); ++j) + for(size_t j = 0; j != other.stores.size(); ++j) stores[j] = other.stores[j]->clone(); time_slack = other.time_slack; } @@ -196,7 +196,7 @@ X509_Store::X509_Store(const X509_Store& other) */ X509_Store::~X509_Store() { - for(u32bit j = 0; j != stores.size(); ++j) + for(size_t j = 0; j != stores.size(); ++j) delete stores[j]; } @@ -208,7 +208,7 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, { recompute_revoked_info(); - std::vector<u32bit> indexes; + std::vector<size_t> indexes; X509_Code chaining_result = construct_cert_chain(cert, indexes); if(chaining_result != VERIFIED) return chaining_result; @@ -228,7 +228,7 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, if(is_revoked(cert)) return CERT_IS_REVOKED; - for(u32bit j = 0; j != indexes.size() - 1; ++j) + for(size_t j = 0; j != indexes.size() - 1; ++j) { const X509_Certificate& current_cert = certs[indexes[j]].cert; @@ -251,10 +251,10 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, /* * Find this certificate */ -u32bit X509_Store::find_cert(const X509_DN& subject_dn, +size_t X509_Store::find_cert(const X509_DN& subject_dn, const MemoryRegion<byte>& subject_key_id) const { - for(u32bit j = 0; j != certs.size(); ++j) + for(size_t j = 0; j != certs.size(); ++j) { const X509_Certificate& this_cert = certs[j].cert; if(compare_ids(this_cert.subject_key_id(), subject_key_id) && @@ -267,22 +267,22 @@ u32bit X509_Store::find_cert(const X509_DN& subject_dn, /* * Find the parent of this certificate */ -u32bit X509_Store::find_parent_of(const X509_Certificate& cert) +size_t X509_Store::find_parent_of(const X509_Certificate& cert) { const X509_DN issuer_dn = cert.issuer_dn(); const MemoryVector<byte> auth_key_id = cert.authority_key_id(); - u32bit index = find_cert(issuer_dn, auth_key_id); + size_t index = find_cert(issuer_dn, auth_key_id); if(index != NO_CERT_FOUND) return index; - for(u32bit j = 0; j != stores.size(); ++j) + for(size_t j = 0; j != stores.size(); ++j) { std::vector<X509_Certificate> got = stores[j]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id); - for(u32bit k = 0; k != got.size(); ++k) + for(size_t k = 0; k != got.size(); ++k) add_cert(got[k]); } @@ -293,10 +293,10 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert) * Construct a chain of certificate relationships */ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, - std::vector<u32bit>& indexes, + std::vector<size_t>& indexes, bool need_full_chain) { - u32bit parent = find_parent_of(end_cert); + size_t parent = find_parent_of(end_cert); while(true) { @@ -331,7 +331,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, if(indexes.size() < 2) break; - const u32bit cert = indexes.back(); + const size_t cert = indexes.back(); if(certs[cert].is_verified(validation_cache_timeout)) { @@ -343,8 +343,8 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, break; } - const u32bit last_cert = indexes.back(); - const u32bit parent_of_last_cert = find_parent_of(certs[last_cert].cert); + const size_t last_cert = indexes.back(); + const size_t parent_of_last_cert = find_parent_of(certs[last_cert].cert); if(parent_of_last_cert == NO_CERT_FOUND) return CERT_ISSUER_NOT_FOUND; indexes.push_back(parent_of_last_cert); @@ -415,7 +415,7 @@ void X509_Store::recompute_revoked_info() const if(revoked_info_valid) return; - for(u32bit j = 0; j != certs.size(); ++j) + for(size_t j = 0; j != certs.size(); ++j) { if((certs[j].is_verified(validation_cache_timeout)) && (certs[j].verify_result() != VERIFIED)) @@ -450,13 +450,13 @@ std::vector<X509_Certificate> X509_Store::get_cert_chain(const X509_Certificate& cert) { std::vector<X509_Certificate> result; - std::vector<u32bit> indexes; + std::vector<size_t> indexes; X509_Code chaining_result = construct_cert_chain(cert, indexes, true); if(chaining_result != VERIFIED) throw Invalid_State("X509_Store::get_cert_chain: Can't construct chain"); - for(u32bit j = 0; j != indexes.size(); ++j) + for(size_t j = 0; j != indexes.size(); ++j) result.push_back(certs[indexes[j]].cert); return result; } @@ -485,7 +485,7 @@ void X509_Store::add_cert(const X509_Certificate& cert, bool trusted) } else if(trusted) { - for(u32bit j = 0; j != certs.size(); ++j) + for(size_t j = 0; j != certs.size(); ++j) { const X509_Certificate& this_cert = certs[j].cert; if(this_cert == cert) @@ -539,9 +539,9 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl) if(time_check < 0) return CRL_NOT_YET_VALID; else if(time_check > 0) return CRL_HAS_EXPIRED; - u32bit cert_index = NO_CERT_FOUND; + size_t cert_index = NO_CERT_FOUND; - for(u32bit j = 0; j != certs.size(); ++j) + for(size_t j = 0; j != certs.size(); ++j) { const X509_Certificate& this_cert = certs[j].cert; if(compare_ids(this_cert.subject_key_id(), crl.authority_key_id())) @@ -566,7 +566,7 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl) std::vector<CRL_Entry> revoked_certs = crl.get_revoked(); - for(u32bit j = 0; j != revoked_certs.size(); ++j) + for(size_t j = 0; j != revoked_certs.size(); ++j) { CRL_Data revoked_info; revoked_info.issuer = crl.issuer_dn(); @@ -599,7 +599,7 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl) std::string X509_Store::PEM_encode() const { std::string cert_store; - for(u32bit j = 0; j != certs.size(); ++j) + for(size_t j = 0; j != certs.size(); ++j) cert_store += certs[j].cert.PEM_encode(); return cert_store; } diff --git a/src/cert/x509store/x509stor.h b/src/cert/x509store/x509stor.h index 90e83988b..532db6190 100644 --- a/src/cert/x509store/x509stor.h +++ b/src/cert/x509store/x509stor.h @@ -112,19 +112,18 @@ class BOTAN_DLL X509_Store static X509_Code check_sig(const X509_Object&, Public_Key*); - u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const; + size_t find_cert(const X509_DN&, const MemoryRegion<byte>&) const; X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; void recompute_revoked_info() const; void do_add_certs(DataSource&, bool); X509_Code construct_cert_chain(const X509_Certificate&, - std::vector<u32bit>&, bool = false); + std::vector<size_t>&, bool = false); - u32bit find_parent_of(const X509_Certificate&); + size_t find_parent_of(const X509_Certificate&); bool is_revoked(const X509_Certificate&) const; - static const u32bit NO_CERT_FOUND = 0xFFFFFFFF; - + static const size_t NO_CERT_FOUND = 0xFFFFFFFF; std::vector<Cert_Info> certs; std::vector<CRL_Data> revoked; std::vector<Certificate_Store*> stores; diff --git a/src/codec/base64/base64.cpp b/src/codec/base64/base64.cpp new file mode 100644 index 000000000..96a686e38 --- /dev/null +++ b/src/codec/base64/base64.cpp @@ -0,0 +1,103 @@ +/* +* Base64 Encoding and Decoding +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/base64.h> +#include <botan/mem_ops.h> +#include <botan/internal/rounding.h> +#include <stdexcept> + +#include <stdio.h> +#include <assert.h> + +namespace Botan { + +namespace { + +static const byte BIN_TO_BASE64[64] = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', + 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' +}; + +void do_base64_encode(char out[4], const byte in[3]) + { + out[0] = BIN_TO_BASE64[((in[0] & 0xFC) >> 2)]; + out[1] = BIN_TO_BASE64[((in[0] & 0x03) << 4) | (in[1] >> 4)]; + out[2] = BIN_TO_BASE64[((in[1] & 0x0F) << 2) | (in[2] >> 6)]; + out[3] = BIN_TO_BASE64[((in[2] & 0x3F) )]; + } + +} + +size_t base64_encode(char out[], + const byte in[], + size_t input_length, + size_t& input_consumed, + bool final_inputs) + { + input_consumed = 0; + + size_t input_remaining = input_length; + size_t output_produced = 0; + + while(input_remaining >= 3) + { + do_base64_encode(out + output_produced, in + input_consumed); + + input_consumed += 3; + output_produced += 4; + input_remaining -= 3; + } + + if(final_inputs && input_remaining) + { + byte remainder[3] = { 0 }; + for(size_t i = 0; i != input_remaining; ++i) + remainder[i] = in[input_consumed + i]; + + do_base64_encode(out + output_produced, remainder); + + size_t empty_bits = 8 * (3 - input_remaining); + size_t index = output_produced + 4 - 1; + while(empty_bits >= 8) + { + out[index--] = '='; + empty_bits -= 6; + } + + input_consumed += input_remaining; + output_produced += 4; + } + + return output_produced; + } + +std::string base64_encode(const byte input[], + size_t input_length) + { + std::string output((round_up<size_t>(input_length, 3) / 3) * 4, 0); + + size_t consumed = 0; + size_t produced = base64_encode(&output[0], + input, input_length, + consumed, true); + + assert(consumed == input_length); + assert(produced == output.size()); + + return output; + } + +std::string base64_encode(const MemoryRegion<byte>& input) + { + return base64_encode(&input[0], input.size()); + } + + +} diff --git a/src/codec/base64/base64.h b/src/codec/base64/base64.h new file mode 100644 index 000000000..551f3daf8 --- /dev/null +++ b/src/codec/base64/base64.h @@ -0,0 +1,55 @@ +/* +* Base64 Encoding and Decoding +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_BASE64_CODEC_H__ +#define BOTAN_BASE64_CODEC_H__ + +#include <botan/secmem.h> +#include <string> + +namespace Botan { + +/** +* Perform base64 encoding +* @param output an array of at least input_length*4/3 bytes +* @param input is some binary data +* @param input_length length of input in bytes +* @param input_consumed is an output parameter which says how many +* bytes of input were actually consumed. If less than +* input_length, then the range input[consumed:length] +* should be passed in later along with more input. +* @param final_inputs true iff this is the last input, in which case + padding chars will be applied if needed +* @return number of bytes written to output +*/ +size_t BOTAN_DLL base64_encode(char output[], + const byte input[], + size_t input_length, + size_t& input_consumed, + bool final_inputs); + +/** +* Perform base64 encoding +* @param input some input +* @param input_length length of input in bytes +* @param uppercase should output be upper or lower case? +* @return base64adecimal representation of input +*/ +std::string BOTAN_DLL base64_encode(const byte input[], + size_t input_length); + +/** +* Perform base64 encoding +* @param input some input +* @param uppercase should output be upper or lower case? +* @return base64adecimal representation of input +*/ +std::string BOTAN_DLL base64_encode(const MemoryRegion<byte>& input); + +} + +#endif diff --git a/src/codec/base64/info.txt b/src/codec/base64/info.txt new file mode 100644 index 000000000..aed5db3b6 --- /dev/null +++ b/src/codec/base64/info.txt @@ -0,0 +1 @@ +define BASE64_CODEC diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index a773d6558..4d92a789c 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -16,7 +16,7 @@ namespace Botan { void aont_package(RandomNumberGenerator& rng, BlockCipher* cipher, - const byte input[], u32bit input_len, + const byte input[], size_t input_len, byte output[]) { const size_t BLOCK_SIZE = cipher->block_size(); @@ -39,7 +39,7 @@ void aont_package(RandomNumberGenerator& rng, SecureVector<byte> buf(BLOCK_SIZE); - const u32bit blocks = + const size_t blocks = (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE; byte* final_block = output + input_len; @@ -48,14 +48,14 @@ void aont_package(RandomNumberGenerator& rng, // XOR the hash blocks into the final block for(u32bit i = 0; i != blocks; ++i) { - u32bit left = std::min<u32bit>(BLOCK_SIZE, - input_len - BLOCK_SIZE * i); + const size_t left = std::min<size_t>(BLOCK_SIZE, + input_len - BLOCK_SIZE * i); zeroise(buf); copy_mem(&buf[0], output + BLOCK_SIZE * i, left); - for(u32bit j = 0; j != 4; ++j) - buf[BLOCK_SIZE - 1 - j] ^= get_byte(3-j, i); + for(size_t j = 0; j != sizeof(i); ++j) + buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); cipher->encrypt(buf); @@ -67,7 +67,7 @@ void aont_package(RandomNumberGenerator& rng, } void aont_unpackage(BlockCipher* cipher, - const byte input[], u32bit input_len, + const byte input[], size_t input_len, byte output[]) { const size_t BLOCK_SIZE = cipher->block_size(); @@ -91,19 +91,19 @@ void aont_unpackage(BlockCipher* cipher, input + (input_len - BLOCK_SIZE), BLOCK_SIZE); - const u32bit blocks = ((input_len - 1) / BLOCK_SIZE); + const size_t blocks = ((input_len - 1) / BLOCK_SIZE); // XOR the blocks into the package key bits for(u32bit i = 0; i != blocks; ++i) { - u32bit left = std::min<u32bit>(BLOCK_SIZE, - input_len - BLOCK_SIZE * (i+1)); + const size_t left = std::min<size_t>(BLOCK_SIZE, + input_len - BLOCK_SIZE * (i+1)); zeroise(buf); copy_mem(&buf[0], input + BLOCK_SIZE * i, left); - for(u32bit j = 0; j != 4; ++j) - buf[BLOCK_SIZE - 1 - j] ^= get_byte(3-j, i); + for(size_t j = 0; j != sizeof(i); ++j) + buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); cipher->encrypt(buf); diff --git a/src/constructs/aont/package.h b/src/constructs/aont/package.h index 34e0f35d5..52d1c2190 100644 --- a/src/constructs/aont/package.h +++ b/src/constructs/aont/package.h @@ -24,7 +24,7 @@ namespace Botan { */ void BOTAN_DLL aont_package(RandomNumberGenerator& rng, BlockCipher* cipher, - const byte input[], u32bit input_len, + const byte input[], size_t input_len, byte output[]); /** @@ -36,7 +36,7 @@ void BOTAN_DLL aont_package(RandomNumberGenerator& rng, * input_len - cipher->BLOCK_SIZE bytes long) */ void BOTAN_DLL aont_unpackage(BlockCipher* cipher, - const byte input[], u32bit input_len, + const byte input[], size_t input_len, byte output[]); } diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index 6e393ecb4..ab263c3e9 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -28,19 +28,19 @@ for later use as flags, etc if needed */ const u32bit CRYPTOBOX_VERSION_CODE = 0xEFC22400; -const u32bit VERSION_CODE_LEN = 4; -const u32bit CIPHER_KEY_LEN = 32; -const u32bit CIPHER_IV_LEN = 16; -const u32bit MAC_KEY_LEN = 32; -const u32bit MAC_OUTPUT_LEN = 20; -const u32bit PBKDF_SALT_LEN = 10; -const u32bit PBKDF_ITERATIONS = 8 * 1024; +const size_t VERSION_CODE_LEN = 4; +const size_t CIPHER_KEY_LEN = 32; +const size_t CIPHER_IV_LEN = 16; +const size_t MAC_KEY_LEN = 32; +const size_t MAC_OUTPUT_LEN = 20; +const size_t PBKDF_SALT_LEN = 10; +const size_t PBKDF_ITERATIONS = 8 * 1024; -const u32bit PBKDF_OUTPUT_LEN = CIPHER_KEY_LEN + CIPHER_IV_LEN + MAC_KEY_LEN; +const size_t PBKDF_OUTPUT_LEN = CIPHER_KEY_LEN + CIPHER_IV_LEN + MAC_KEY_LEN; } -std::string encrypt(const byte input[], u32bit input_len, +std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng) { @@ -77,14 +77,14 @@ std::string encrypt(const byte input[], u32bit input_len, mac (20 bytes) ciphertext */ - const u32bit ciphertext_len = pipe.remaining(0); + const size_t ciphertext_len = pipe.remaining(0); SecureVector<byte> out_buf(VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN + ciphertext_len); - for(u32bit i = 0; i != VERSION_CODE_LEN; ++i) + for(size_t i = 0; i != VERSION_CODE_LEN; ++i) out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); copy_mem(&out_buf[VERSION_CODE_LEN], &pbkdf_salt[0], PBKDF_SALT_LEN); @@ -96,7 +96,7 @@ std::string encrypt(const byte input[], u32bit input_len, return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE"); } -std::string decrypt(const byte input[], u32bit input_len, +std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase) { DataSource_Memory input_src(input, input_len); @@ -107,7 +107,7 @@ std::string decrypt(const byte input[], u32bit input_len, if(ciphertext.size() < (VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN)) throw Decoding_Error("Invalid CryptoBox input"); - for(u32bit i = 0; i != VERSION_CODE_LEN; ++i) + for(size_t i = 0; i != VERSION_CODE_LEN; ++i) if(ciphertext[i] != get_byte(i, CRYPTOBOX_VERSION_CODE)) throw Decoding_Error("Bad CryptoBox version"); @@ -133,7 +133,7 @@ std::string decrypt(const byte input[], u32bit input_len, new MAC_Filter(new HMAC(new SHA_512), mac_key, MAC_OUTPUT_LEN))); - const u32bit ciphertext_offset = + const size_t ciphertext_offset = VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN; pipe.process_msg(&ciphertext[ciphertext_offset], diff --git a/src/constructs/cryptobox/cryptobox.h b/src/constructs/cryptobox/cryptobox.h index 12f054eff..ce1bb9ab0 100644 --- a/src/constructs/cryptobox/cryptobox.h +++ b/src/constructs/cryptobox/cryptobox.h @@ -25,7 +25,7 @@ namespace CryptoBox { * @param passphrase the passphrase used to encrypt the message * @param rng a ref to a random number generator, such as AutoSeeded_RNG */ -BOTAN_DLL std::string encrypt(const byte input[], u32bit input_len, +BOTAN_DLL std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng); @@ -35,7 +35,7 @@ BOTAN_DLL std::string encrypt(const byte input[], u32bit input_len, * @param input_len the length of input in bytes * @param passphrase the passphrase used to encrypt the message */ -BOTAN_DLL std::string decrypt(const byte input[], u32bit input_len, +BOTAN_DLL std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase); /** diff --git a/src/constructs/fpe/fpe.cpp b/src/constructs/fpe/fpe.cpp index 3747171c2..1023b067c 100644 --- a/src/constructs/fpe/fpe.cpp +++ b/src/constructs/fpe/fpe.cpp @@ -19,7 +19,7 @@ namespace Botan { namespace { // Normally FPE is for SSNs, CC#s, etc, nothing too big -const u32bit MAX_N_BYTES = 128/8; +const size_t MAX_N_BYTES = 128/8; /* * Factor n into a and b which are as close together as possible. @@ -34,13 +34,13 @@ void factor(BigInt n, BigInt& a, BigInt& b) a = 1; b = 1; - u32bit n_low_zero = low_zero_bits(n); + size_t n_low_zero = low_zero_bits(n); a <<= (n_low_zero / 2); b <<= n_low_zero - (n_low_zero / 2); n >>= n_low_zero; - for(u32bit i = 0; i != PRIME_TABLE_SIZE; ++i) + for(size_t i = 0; i != PRIME_TABLE_SIZE; ++i) { while(n % PRIMES[i] == 0) { @@ -67,7 +67,7 @@ void factor(BigInt n, BigInt& a, BigInt& b) * so 3 rounds is safe. The FPE factorization routine should always * return a >= b, so just confirm that and return 3. */ -u32bit rounds(const BigInt& a, const BigInt& b) +size_t rounds(const BigInt& a, const BigInt& b) { if(a < b) throw std::logic_error("FPE rounds: a < b"); @@ -86,7 +86,7 @@ class FPE_Encryptor ~FPE_Encryptor() { delete mac; } - BigInt operator()(u32bit i, const BigInt& R); + BigInt operator()(size_t i, const BigInt& R); private: MessageAuthenticationCode* mac; @@ -114,12 +114,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, mac_n_t = mac->final(); } -BigInt FPE_Encryptor::operator()(u32bit round_no, const BigInt& R) +BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { SecureVector<byte> r_bin = BigInt::encode(R); mac->update(mac_n_t); - mac->update_be(round_no); + mac->update_be((u32bit)round_no); mac->update_be((u32bit)r_bin.size()); mac->update(&r_bin[0], r_bin.size()); @@ -142,11 +142,11 @@ BigInt fpe_encrypt(const BigInt& n, const BigInt& X0, BigInt a, b; factor(n, a, b); - const u32bit r = rounds(a, b); + const size_t r = rounds(a, b); BigInt X = X0; - for(u32bit i = 0; i != r; ++i) + for(size_t i = 0; i != r; ++i) { BigInt L = X / b; BigInt R = X % b; @@ -170,11 +170,11 @@ BigInt fpe_decrypt(const BigInt& n, const BigInt& X0, BigInt a, b; factor(n, a, b); - const u32bit r = rounds(a, b); + const size_t r = rounds(a, b); BigInt X = X0; - for(u32bit i = 0; i != r; ++i) + for(size_t i = 0; i != r; ++i) { BigInt W = X % a; BigInt R = X / a; diff --git a/src/constructs/passhash/passhash9.cpp b/src/constructs/passhash/passhash9.cpp index 1834ed949..367583a0a 100644 --- a/src/constructs/passhash/passhash9.cpp +++ b/src/constructs/passhash/passhash9.cpp @@ -9,7 +9,7 @@ #include <botan/loadstor.h> #include <botan/libstate.h> #include <botan/pbkdf2.h> -#include <botan/base64.h> +#include <botan/b64_filt.h> #include <botan/pipe.h> namespace Botan { @@ -18,14 +18,14 @@ namespace { const std::string MAGIC_PREFIX = "$9$"; -const u32bit WORKFACTOR_BYTES = 2; -const u32bit ALGID_BYTES = 1; -const u32bit SALT_BYTES = 12; // 96 bits of salt -const u32bit PASSHASH9_PBKDF_OUTPUT_LEN = 24; // 192 bits output +const size_t WORKFACTOR_BYTES = 2; +const size_t ALGID_BYTES = 1; +const size_t SALT_BYTES = 12; // 96 bits of salt +const size_t PASSHASH9_PBKDF_OUTPUT_LEN = 24; // 192 bits output const byte PASSHASH9_DEFAULT_ALGO = 0; // HMAC(SHA-1) -const u32bit WORK_FACTOR_SCALE = 10000; +const size_t WORK_FACTOR_SCALE = 10000; MessageAuthenticationCode* get_pbkdf_prf(byte alg_id) { @@ -71,7 +71,7 @@ std::string generate_passhash9(const std::string& pass, SecureVector<byte> salt(SALT_BYTES); rng.randomize(&salt[0], salt.size()); - u32bit kdf_iterations = WORK_FACTOR_SCALE * work_factor; + const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor; SecureVector<byte> pbkdf2_output = kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN, @@ -93,13 +93,13 @@ std::string generate_passhash9(const std::string& pass, bool check_passhash9(const std::string& pass, const std::string& hash) { - const u32bit BINARY_LENGTH = + const size_t BINARY_LENGTH = ALGID_BYTES + WORKFACTOR_BYTES + PASSHASH9_PBKDF_OUTPUT_LEN + SALT_BYTES; - const u32bit BASE64_LENGTH = + const size_t BASE64_LENGTH = MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6; if(hash.size() != BASE64_LENGTH) @@ -121,7 +121,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) byte alg_id = bin[0]; - u32bit kdf_iterations = + const size_t kdf_iterations = WORK_FACTOR_SCALE * load_be<u16bit>(&bin[ALGID_BYTES], 0); if(kdf_iterations == 0) diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp index 055bc79ad..2bd4ec016 100644 --- a/src/constructs/tss/tss.cpp +++ b/src/constructs/tss/tss.cpp @@ -181,7 +181,7 @@ RTSS_Share::split(byte M, byte N, SecureVector<byte> RTSS_Share::reconstruct(const std::vector<RTSS_Share>& shares) { - const u32bit RTSS_HEADER_SIZE = 20; + const size_t RTSS_HEADER_SIZE = 20; for(size_t i = 0; i != shares.size(); ++i) { diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h index 485e42c53..297c65971 100644 --- a/src/constructs/tss/tss.h +++ b/src/constructs/tss/tss.h @@ -61,7 +61,7 @@ class BOTAN_DLL RTSS_Share /** * @return size of this share in bytes */ - u32bit size() const { return contents.size(); } + size_t size() const { return contents.size(); } /** * @return if this TSS share was initialized or not diff --git a/src/engine/core_engine/lookup_block.cpp b/src/engine/core_engine/lookup_block.cpp index 77436c8c1..cc5239dd1 100644 --- a/src/engine/core_engine/lookup_block.cpp +++ b/src/engine/core_engine/lookup_block.cpp @@ -117,8 +117,6 @@ BlockCipher* Core_Engine::find_block_cipher(const SCAN_Name& request, { #if defined(BOTAN_HAS_AES) - if(request.algo_name() == "AES") - return new AES; if(request.algo_name() == "AES-128") return new AES_128; if(request.algo_name() == "AES-192") diff --git a/src/entropy/beos_stats/es_beos.h b/src/entropy/beos_stats/es_beos.h index 31029a88c..5ccb430a5 100644 --- a/src/entropy/beos_stats/es_beos.h +++ b/src/entropy/beos_stats/es_beos.h @@ -15,7 +15,7 @@ namespace Botan { /** * BeOS Entropy Source */ -class BOTAN_DLL BeOS_EntropySource : public EntropySource +class BeOS_EntropySource : public EntropySource { private: std::string name() const { return "BeOS Statistics"; } diff --git a/src/entropy/cryptoapi_rng/es_capi.h b/src/entropy/cryptoapi_rng/es_capi.h index 55966d793..f55713e92 100644 --- a/src/entropy/cryptoapi_rng/es_capi.h +++ b/src/entropy/cryptoapi_rng/es_capi.h @@ -16,7 +16,7 @@ namespace Botan { /** * Win32 CAPI Entropy Source */ -class BOTAN_DLL Win32_CAPI_EntropySource : public EntropySource +class Win32_CAPI_EntropySource : public EntropySource { public: std::string name() const { return "Win32 CryptoGenRandom"; } diff --git a/src/entropy/win32_stats/es_win32.h b/src/entropy/win32_stats/es_win32.h index 2e46c773d..6c7c9ee09 100644 --- a/src/entropy/win32_stats/es_win32.h +++ b/src/entropy/win32_stats/es_win32.h @@ -15,7 +15,7 @@ namespace Botan { /** * Win32 Entropy Source */ -class BOTAN_DLL Win32_EntropySource : public EntropySource +class Win32_EntropySource : public EntropySource { public: std::string name() const { return "Win32 Statistics"; } diff --git a/src/filters/base64/b64_char.cpp b/src/filters/base64/b64_char.cpp deleted file mode 100644 index e5722a0fd..000000000 --- a/src/filters/base64/b64_char.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* -* Base64 Codec Character Tables -* (C) 1999-2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/base64.h> - -namespace Botan { - -/* -* Base64 Encoder Lookup Table -*/ -const byte Base64_Encoder::BIN_TO_BASE64[64] = { -0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, -0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, -0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, -0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, -0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x2B, 0x2F }; - -/* -* Base64 Decoder Lookup Table -*/ -const byte Base64_Decoder::BASE64_TO_BIN[256] = { -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x3E, 0x80, 0x80, 0x80, 0x3F, 0x34, 0x35, 0x36, 0x37, -0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, -0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, -0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, -0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, -0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 }; - -} diff --git a/src/filters/base64/info.txt b/src/filters/base64/info.txt deleted file mode 100644 index 93671739d..000000000 --- a/src/filters/base64/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define BASE64_CODEC - -<requires> -filters -</requires> diff --git a/src/filters/base64/base64.cpp b/src/filters/codec_filt/b64_filt.cpp index 04883ed79..8a90f8b5f 100644 --- a/src/filters/base64/base64.cpp +++ b/src/filters/codec_filt/b64_filt.cpp @@ -1,10 +1,11 @@ /* * Base64 Encoder/Decoder -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ +#include <botan/b64_filt.h> #include <botan/base64.h> #include <botan/charset.h> #include <botan/exceptn.h> @@ -13,37 +14,62 @@ namespace Botan { /* -* Base64_Encoder Constructor +* Base64 Decoder Lookup Table +* Warning: assumes ASCII encodings */ -Base64_Encoder::Base64_Encoder(bool breaks, size_t length, bool t_n) : - line_length(breaks ? length : 0), trailing_newline(t_n) - { - in.resize(48); - out.resize(4); - - counter = position = 0; - } +static const byte BASE64_TO_BIN[256] = { +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x3E, 0x80, 0x80, 0x80, 0x3F, 0x34, 0x35, 0x36, 0x37, +0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, +0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, +0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, +0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, +0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 }; /* -* Base64 Encoding Operation +* Base64_Encoder Constructor */ -void Base64_Encoder::encode(const byte in[3], byte out[4]) +Base64_Encoder::Base64_Encoder(bool breaks, size_t length, bool t_n) : + line_length(breaks ? length : 0), + trailing_newline(t_n && breaks), + in(48), + out(64), + position(0), + out_position(0) { - out[0] = BIN_TO_BASE64[((in[0] & 0xFC) >> 2)]; - out[1] = BIN_TO_BASE64[((in[0] & 0x03) << 4) | (in[1] >> 4)]; - out[2] = BIN_TO_BASE64[((in[1] & 0x0F) << 2) | (in[2] >> 6)]; - out[3] = BIN_TO_BASE64[((in[2] & 0x3F) )]; } /* * Encode and send a block */ -void Base64_Encoder::encode_and_send(const byte block[], size_t length) +void Base64_Encoder::encode_and_send(const byte input[], size_t length, + bool final_inputs) { - for(size_t j = 0; j != length; j += 3) + while(length) { - encode(block + j, &out[0]); - do_output(&out[0], 4); + const size_t proc = std::min(length, in.size()); + + size_t consumed = 0; + size_t produced = base64_encode(reinterpret_cast<char*>(&out[0]), input, + proc, consumed, final_inputs); + + do_output(&out[0], produced); + + input += proc; + length -= proc; } } @@ -59,15 +85,15 @@ void Base64_Encoder::do_output(const byte input[], size_t length) size_t remaining = length, offset = 0; while(remaining) { - size_t sent = std::min(line_length - counter, remaining); + size_t sent = std::min(line_length - out_position, remaining); send(input + offset, sent); - counter += sent; + out_position += sent; remaining -= sent; offset += sent; - if(counter == line_length) + if(out_position == line_length) { send('\n'); - counter = 0; + out_position = 0; } } } @@ -101,31 +127,12 @@ void Base64_Encoder::write(const byte input[], size_t length) */ void Base64_Encoder::end_msg() { - size_t start_of_last_block = 3 * (position / 3), - left_over = position % 3; - encode_and_send(&in[0], start_of_last_block); - - if(left_over) - { - SecureVector<byte> remainder(3); - copy_mem(&remainder[0], &in[start_of_last_block], left_over); - - encode(&remainder[0], &out[0]); - - size_t empty_bits = 8 * (3 - left_over), index = 4 - 1; - while(empty_bits >= 8) - { - out[index--] = '='; - empty_bits -= 6; - } - - do_output(&out[0], 4); - } + encode_and_send(&in[0], position, true); - if(trailing_newline || (counter && line_length)) + if(trailing_newline || (out_position && line_length)) send('\n'); - counter = position = 0; + out_position = position = 0; } /* @@ -161,9 +168,9 @@ void Base64_Decoder::decode(const byte in[4], byte out[3]) */ void Base64_Decoder::decode_and_send(const byte block[], size_t length) { - for(size_t j = 0; j != length; j += 4) + for(size_t i = 0; i != length; i += 4) { - decode(block + j, &out[0]); + decode(block + i, &out[0]); send(out, 3); } } @@ -190,12 +197,12 @@ void Base64_Decoder::handle_bad_char(byte c) */ void Base64_Decoder::write(const byte input[], size_t length) { - for(size_t j = 0; j != length; ++j) + for(size_t i = 0; i != length; ++i) { - if(is_valid(input[j])) - in[position++] = input[j]; + if(is_valid(input[i])) + in[position++] = input[i]; else - handle_bad_char(input[j]); + handle_bad_char(input[i]); if(position == in.size()) { diff --git a/src/filters/base64/base64.h b/src/filters/codec_filt/b64_filt.h index ae5fa26ce..e7cbfae1d 100644 --- a/src/filters/base64/base64.h +++ b/src/filters/codec_filt/b64_filt.h @@ -1,12 +1,12 @@ /* * Base64 Encoder/Decoder -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ -#ifndef BOTAN_BASE64_H__ -#define BOTAN_BASE64_H__ +#ifndef BOTAN_BASE64_FILTER_H__ +#define BOTAN_BASE64_FILTER_H__ #include <botan/filter.h> @@ -18,8 +18,6 @@ namespace Botan { class BOTAN_DLL Base64_Encoder : public Filter { public: - static void encode(const byte in[3], byte out[4]); - std::string name() const { return "Base64_Encoder"; } /** @@ -36,21 +34,21 @@ class BOTAN_DLL Base64_Encoder : public Filter /** * Create a base64 encoder. - * @param breaks whether to use line breaks in the Streamcipheroutput + * @param breaks whether to use line breaks in the output * @param length the length of the lines of the output * @param t_n whether to use a trailing newline */ Base64_Encoder(bool breaks = false, size_t length = 72, bool t_n = false); private: - void encode_and_send(const byte[], size_t); - void do_output(const byte[], size_t); - static const byte BIN_TO_BASE64[64]; + void encode_and_send(const byte input[], size_t length, + bool final_inputs = false); + void do_output(const byte output[], size_t length); const size_t line_length; const bool trailing_newline; SecureVector<byte> in, out; - size_t position, counter; + size_t position, out_position; }; /** @@ -59,10 +57,6 @@ class BOTAN_DLL Base64_Encoder : public Filter class BOTAN_DLL Base64_Decoder : public Filter { public: - static void decode(const byte input[4], byte output[3]); - - static bool is_valid(byte); - std::string name() const { return "Base64_Decoder"; } /** @@ -84,9 +78,11 @@ class BOTAN_DLL Base64_Decoder : public Filter */ Base64_Decoder(Decoder_Checking checking = NONE); private: + static void decode(const byte input[4], byte output[3]); + static bool is_valid(byte); + void decode_and_send(const byte[], size_t); void handle_bad_char(byte); - static const byte BASE64_TO_BIN[256]; const Decoder_Checking checking; SecureVector<byte> in, out; diff --git a/src/filters/hex_filt/hex_filt.cpp b/src/filters/codec_filt/hex_filt.cpp index 3d56beec4..3d56beec4 100644 --- a/src/filters/hex_filt/hex_filt.cpp +++ b/src/filters/codec_filt/hex_filt.cpp diff --git a/src/filters/hex_filt/hex_filt.h b/src/filters/codec_filt/hex_filt.h index cfbb818d3..cfbb818d3 100644 --- a/src/filters/hex_filt/hex_filt.h +++ b/src/filters/codec_filt/hex_filt.h diff --git a/src/filters/hex_filt/info.txt b/src/filters/codec_filt/info.txt index 7f5f47fa1..080cc8f44 100644 --- a/src/filters/hex_filt/info.txt +++ b/src/filters/codec_filt/info.txt @@ -1,4 +1,4 @@ -define HEX_FILTER +define CODEC_FILTERS <requires> filters diff --git a/src/filters/filters.h b/src/filters/filters.h index 060b1d6d0..b409e78f5 100644 --- a/src/filters/filters.h +++ b/src/filters/filters.h @@ -20,11 +20,8 @@ #include <botan/scan_name.h> -#if defined(BOTAN_HAS_BASE64_CODEC) - #include <botan/base64.h> -#endif - -#if defined(BOTAN_HAS_HEX_FILTER) +#if defined(BOTAN_HAS_CODEC_FILTERS) + #include <botan/b64_filt.h> #include <botan/hex_filt.h> #endif diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index 803ca518e..05ca6f807 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -268,7 +268,6 @@ void set_default_aliases(Library_State& config) config.add_alias("PSS-MGF1", "EMSA4"); config.add_alias("EMSA-PSS", "EMSA4"); - config.add_alias("Rijndael", "AES"); config.add_alias("3DES", "TripleDES"); config.add_alias("DES-EDE", "TripleDES"); config.add_alias("CAST5", "CAST-128"); diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index a13c4f234..a49335e75 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -184,7 +184,7 @@ bool BigInt::get_bit(size_t n) const /* * Return bits {offset...offset+length} */ -size_t BigInt::get_substring(size_t offset, size_t length) const +u32bit BigInt::get_substring(size_t offset, size_t length) const { if(length > 32) throw Invalid_Argument("BigInt::get_substring: Substring size too big"); @@ -196,7 +196,7 @@ size_t BigInt::get_substring(size_t offset, size_t length) const u64bit mask = (1 << length) - 1; size_t shift = (offset % 8); - return static_cast<size_t>((piece >> shift) & mask); + return static_cast<u32bit>((piece >> shift) & mask); } /* diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 0c01d56c1..fc2e58073 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -135,7 +135,7 @@ class BOTAN_DLL BigInt * @param i a word index * @return the word at index i */ - word operator[](size_t i) const { return reg[i]; } + const word& operator[](size_t i) const { return reg[i]; } /** * Zeroize the BigInt @@ -215,7 +215,7 @@ class BOTAN_DLL BigInt * @result the integer extracted from the register starting at * offset with specified length */ - size_t get_substring(size_t offset, size_t length) const; + u32bit get_substring(size_t offset, size_t length) const; /** * @param n the offset to get a byte from diff --git a/src/math/numbertheory/point_gfp.cpp b/src/math/numbertheory/point_gfp.cpp index 5da1959bc..8cb40270c 100644 --- a/src/math/numbertheory/point_gfp.cpp +++ b/src/math/numbertheory/point_gfp.cpp @@ -324,12 +324,12 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) while(bits_left >= window_size) { - size_t nibble = scalar.get_substring(bits_left - window_size, - window_size); - for(size_t i = 0; i != window_size; ++i) H.mult2(ws); + const u32bit nibble = scalar.get_substring(bits_left - window_size, + window_size); + if(nibble) H.add(Ps[nibble-1], ws); diff --git a/src/math/numbertheory/powm_fw.cpp b/src/math/numbertheory/powm_fw.cpp index afc53f233..3348e55cd 100644 --- a/src/math/numbertheory/powm_fw.cpp +++ b/src/math/numbertheory/powm_fw.cpp @@ -45,8 +45,7 @@ BigInt Fixed_Window_Exponentiator::execute() const for(size_t k = 0; k != window_bits; ++k) x = reducer.square(x); - size_t nibble = exp.get_substring(window_bits*(j-1), window_bits); - if(nibble) + if(u32bit nibble = exp.get_substring(window_bits*(j-1), window_bits)) x = reducer.multiply(x, g[nibble-1]); } return x; diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index 038ce14da..4f626ac9d 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -90,8 +90,7 @@ BigInt Montgomery_Exponentiator::execute() const x.get_reg().set(&z[0], mod_words + 1); } - size_t nibble = exp.get_substring(window_bits*(i-1), window_bits); - if(nibble) + if(u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits)) { const BigInt& y = g[nibble-1]; diff --git a/src/ssl/cert_req.cpp b/src/ssl/cert_req.cpp index e72ffe735..b8b2624bf 100644 --- a/src/ssl/cert_req.cpp +++ b/src/ssl/cert_req.cpp @@ -21,7 +21,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, HandshakeHash& hash, const std::vector<X509_Certificate>& certs) { - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) names.push_back(certs[i].subject_dn()); // FIXME: should be able to choose what to ask for @@ -41,7 +41,7 @@ SecureVector<byte> Certificate_Req::serialize() const append_tls_length_value(buf, types, 1); DER_Encoder encoder; - for(u32bit i = 0; i != names.size(); i++) + for(size_t i = 0; i != names.size(); ++i) encoder.encode(names[i]); append_tls_length_value(buf, encoder.get_contents(), 2); @@ -57,15 +57,15 @@ void Certificate_Req::deserialize(const MemoryRegion<byte>& buf) if(buf.size() < 4) throw Decoding_Error("Certificate_Req: Bad certificate request"); - u32bit types_size = buf[0]; + size_t types_size = buf[0]; if(buf.size() < types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); - for(u32bit i = 0; i != types_size; i++) + for(size_t i = 0; i != types_size; ++i) types.push_back(static_cast<Certificate_Type>(buf[i+1])); - u32bit names_size = make_u16bit(buf[types_size+2], buf[types_size+3]); + size_t names_size = make_u16bit(buf[types_size+2], buf[types_size+3]); if(buf.size() != names_size + types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); @@ -98,18 +98,18 @@ SecureVector<byte> Certificate::serialize() const { SecureVector<byte> buf(3); - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) { SecureVector<byte> raw_cert = certs[i].BER_encode(); - u32bit cert_size = raw_cert.size(); - for(u32bit j = 0; j != 3; j++) - buf.push_back(get_byte(j+1, cert_size)); + const size_t cert_size = raw_cert.size(); + for(size_t i = 0; i != 3; ++i) + buf.push_back(get_byte<u32bit>(i+1, cert_size)); buf += raw_cert; } - u32bit buf_size = buf.size() - 3; - for(u32bit i = 0; i != 3; i++) - buf[i] = get_byte(i+1, buf_size); + const size_t buf_size = buf.size() - 3; + for(size_t i = 0; i != 3; ++i) + buf[i] = get_byte<u32bit>(i+1, buf_size); return buf; } @@ -122,7 +122,7 @@ void Certificate::deserialize(const MemoryRegion<byte>& buf) if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); - u32bit total_size = make_u32bit(0, buf[0], buf[1], buf[2]); + const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); SecureQueue queue; queue.write(&buf[3], buf.size() - 3); @@ -137,9 +137,10 @@ void Certificate::deserialize(const MemoryRegion<byte>& buf) byte len[3]; queue.read(len, 3); - u32bit cert_size = make_u32bit(0, len[0], len[1], len[2]); - u32bit original_size = queue.size(); + const size_t cert_size = make_u32bit(0, len[0], len[1], len[2]); + const size_t original_size = queue.size(); + X509_Certificate cert(queue); if(queue.size() + cert_size != original_size) throw Decoding_Error("Certificate: Message malformed"); diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp index 2b27cd6d2..3dcd38141 100644 --- a/src/ssl/cert_ver.cpp +++ b/src/ssl/cert_ver.cpp @@ -50,7 +50,7 @@ SecureVector<byte> Certificate_Verify::serialize() const { SecureVector<byte> buf; - u16bit sig_len = signature.size(); + const u16bit sig_len = signature.size(); buf.push_back(get_byte(0, sig_len)); buf.push_back(get_byte(1, sig_len)); buf += signature; diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index a06fd75b4..1efef9213 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -10,7 +10,7 @@ namespace Botan { -/** +/* * Encode and send a Handshake message */ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const @@ -18,12 +18,12 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const SecureVector<byte> buf = serialize(); SecureVector<byte> send_buf(4); - u32bit buf_size = buf.size(); + const size_t buf_size = buf.size(); send_buf[0] = type(); - send_buf[1] = get_byte(1, buf_size); - send_buf[2] = get_byte(2, buf_size); - send_buf[3] = get_byte(3, buf_size); + + for(size_t i = 1; i != 4; ++i) + send_buf[i] = get_byte<u32bit>(i, buf_size); send_buf += buf; @@ -33,7 +33,7 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const writer.flush(); } -/** +/* * Create a new Hello Request message */ Hello_Request::Hello_Request(Record_Writer& writer) @@ -42,7 +42,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) send(writer, dummy); } -/** +/* * Serialize a Hello Request message */ SecureVector<byte> Hello_Request::serialize() const @@ -50,7 +50,7 @@ SecureVector<byte> Hello_Request::serialize() const return SecureVector<byte>(); } -/** +/* * Deserialize a Hello Request message */ void Hello_Request::deserialize(const MemoryRegion<byte>& buf) @@ -59,7 +59,7 @@ void Hello_Request::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Hello_Request: Must be empty, and is not"); } -/** +/* * Create a new Client Hello message */ Client_Hello::Client_Hello(RandomNumberGenerator& rng, @@ -76,7 +76,7 @@ Client_Hello::Client_Hello(RandomNumberGenerator& rng, send(writer, hash); } -/** +/* * Serialize a Client Hello message */ SecureVector<byte> Client_Hello::serialize() const @@ -99,11 +99,11 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - const u32bit cipher_spec_len = make_u16bit(buf[3], buf[4]); - const u32bit sess_id_len = make_u16bit(buf[5], buf[6]); - const u32bit challenge_len = make_u16bit(buf[7], buf[8]); + const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]); + const size_t sess_id_len = make_u16bit(buf[5], buf[6]); + const size_t challenge_len = make_u16bit(buf[7], buf[8]); - const u32bit expected_size = + const size_t expected_size = (9 + sess_id_len + cipher_spec_len + challenge_len); if(buf.size() != expected_size) @@ -115,7 +115,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); } - for(u32bit i = 9; i != 9 + cipher_spec_len; i += 3) + for(size_t i = 9; i != 9 + cipher_spec_len; i += 3) { if(buf[i] != 0) // a SSLv2 cipherspec; ignore it continue; @@ -128,7 +128,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) c_random.set(&buf[9+cipher_spec_len+sess_id_len], challenge_len); } -/** +/* * Deserialize a Client Hello message */ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) @@ -196,18 +196,18 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) } } -/** +/* * Check if we offered this ciphersuite */ bool Client_Hello::offered_suite(u16bit ciphersuite) const { - for(u32bit i = 0; i != suites.size(); i++) + for(size_t i = 0; i != suites.size(); ++i) if(suites[i] == ciphersuite) return true; return false; } -/** +/* * Create a new Server Hello message */ Server_Hello::Server_Hello(RandomNumberGenerator& rng, @@ -220,7 +220,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, { bool have_rsa = false, have_dsa = false; - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) { Public_Key* key = certs[i].subject_public_key(); if(key->algo_name() == "RSA") @@ -244,7 +244,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, send(writer, hash); } -/** +/* * Serialize a Server Hello message */ SecureVector<byte> Server_Hello::serialize() const @@ -265,7 +265,7 @@ SecureVector<byte> Server_Hello::serialize() const return buf; } -/** +/* * Deserialize a Server Hello message */ void Server_Hello::deserialize(const MemoryRegion<byte>& buf) @@ -292,7 +292,7 @@ void Server_Hello::deserialize(const MemoryRegion<byte>& buf) comp_algo = reader.get_byte(); } -/** +/* * Create a new Server Hello Done message */ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, @@ -301,7 +301,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, send(writer, hash); } -/** +/* * Serialize a Server Hello Done message */ SecureVector<byte> Server_Hello_Done::serialize() const @@ -309,7 +309,7 @@ SecureVector<byte> Server_Hello_Done::serialize() const return SecureVector<byte>(); } -/** +/* * Deserialize a Server Hello Done message */ void Server_Hello_Done::deserialize(const MemoryRegion<byte>& buf) diff --git a/src/ssl/info.txt b/src/ssl/info.txt index 8f1eda497..8b566ae60 100644 --- a/src/ssl/info.txt +++ b/src/ssl/info.txt @@ -1,5 +1,7 @@ define SSL_TLS +uses_tr1 yes + <header:public> socket.h tls_client.h diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 29e2ca4c7..042aae0c9 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -17,7 +17,10 @@ namespace Botan { void Record_Reader::reset() { cipher.reset(); - mac.reset(); + + delete mac; + mac = 0; + mac_size = 0; block_size = 0; iv_size = 0; @@ -44,7 +47,8 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys, Connection_Side side) { cipher.reset(); - mac.reset(); + delete mac; + mac = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -89,18 +93,21 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys, if(have_hash(mac_algo)) { + Algorithm_Factory& af = global_state().algorithm_factory(); + if(major == 3 && minor == 0) - mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("SSL3-MAC(" + mac_algo + ")"); else - mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("HMAC(" + mac_algo + ")"); - mac_size = output_length_of(mac_algo); + mac->set_key(mac_key); + mac_size = mac->output_length(); } else throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo); } -void Record_Reader::add_input(const byte input[], u32bit input_size) +void Record_Reader::add_input(const byte input[], size_t input_size) { input_queue.write(input, input_size); } @@ -108,12 +115,12 @@ void Record_Reader::add_input(const byte input[], u32bit input_size) /* * Retrieve the next record */ -u32bit Record_Reader::get_record(byte& msg_type, +size_t Record_Reader::get_record(byte& msg_type, MemoryRegion<byte>& output) { byte header[5] = { 0 }; - const u32bit have_in_queue = input_queue.size(); + const size_t have_in_queue = input_queue.size(); if(have_in_queue < sizeof(header)) return (sizeof(header) - have_in_queue); @@ -126,7 +133,7 @@ u32bit Record_Reader::get_record(byte& msg_type, // SSLv2-format client hello? if(header[0] & 0x80 && header[2] == 1 && header[3] == 3) { - u32bit record_len = make_u16bit(header[0], header[1]) & 0x7FFF; + size_t record_len = make_u16bit(header[0], header[1]) & 0x7FFF; if(have_in_queue < record_len + 2) return (record_len + 2 - have_in_queue); @@ -184,7 +191,7 @@ u32bit Record_Reader::get_record(byte& msg_type, cipher.process_msg(buffer); SecureVector<byte> plaintext = cipher.read_all(Pipe::LAST_MESSAGE); - u32bit pad_size = 0; + size_t pad_size = 0; if(block_size) { @@ -206,8 +213,8 @@ u32bit Record_Reader::get_record(byte& msg_type, } else { - for(u32bit j = 0; j != pad_size; j++) - if(plaintext[plaintext.size()-j-1] != pad_value) + for(size_t i = 0; i != pad_size; ++i) + if(plaintext[plaintext.size()-i-1] != pad_value) pad_size = 0; } } @@ -215,29 +222,25 @@ u32bit Record_Reader::get_record(byte& msg_type, if(plaintext.size() < mac_size + pad_size + iv_size) throw Decoding_Error("Record_Reader: Record truncated"); - const u32bit mac_offset = plaintext.size() - (mac_size + pad_size); + const size_t mac_offset = plaintext.size() - (mac_size + pad_size); SecureVector<byte> recieved_mac(&plaintext[mac_offset], mac_size); const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size); - mac.start_msg(); - for(u32bit j = 0; j != 8; j++) - mac.write(get_byte(j, seq_no)); - mac.write(header[0]); // msg_type + mac->update_be(seq_no); + mac->update(header[0]); // msg_type if(version != SSL_V3) - for(u32bit j = 0; j != 2; j++) - mac.write(get_byte(j, version)); + for(size_t i = 0; i != 2; ++i) + mac->update(get_byte(i, version)); - for(u32bit j = 0; j != 2; j++) - mac.write(get_byte(j, plain_length)); - mac.write(&plaintext[iv_size], plain_length); - mac.end_msg(); + mac->update_be(plain_length); + mac->update(&plaintext[iv_size], plain_length); ++seq_no; - SecureVector<byte> computed_mac = mac.read_all(Pipe::LAST_MESSAGE); + SecureVector<byte> computed_mac = mac->final(); if(recieved_mac != computed_mac) throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure"); diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index 02bbf3d56..0be275c20 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -16,9 +16,11 @@ namespace Botan { /** * Record_Writer Constructor */ -Record_Writer::Record_Writer(Socket& sock) : - socket(sock), buffer(DEFAULT_BUFFERSIZE) +Record_Writer::Record_Writer(std::tr1::function<void (const byte[], size_t)> out) : + output_fn(out), + buffer(DEFAULT_BUFFERSIZE) { + mac = 0; reset(); } @@ -28,7 +30,9 @@ Record_Writer::Record_Writer(Socket& sock) : void Record_Writer::reset() { cipher.reset(); - mac.reset(); + + delete mac; + mac = 0; zeroise(buffer); buf_pos = 0; @@ -60,7 +64,8 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, Connection_Side side) { cipher.reset(); - mac.reset(); + delete mac; + mac = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -105,12 +110,15 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, if(have_hash(mac_algo)) { + Algorithm_Factory& af = global_state().algorithm_factory(); + if(major == 3 && minor == 0) - mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("SSL3-MAC(" + mac_algo + ")"); else - mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("HMAC(" + mac_algo + ")"); - mac_size = output_length_of(mac_algo); + mac->set_key(mac_key); + mac_size = mac->output_length(); } else throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); @@ -119,20 +127,12 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, /** * Send one or more records to the other side */ -void Record_Writer::send(byte type, byte input) - { - send(type, &input, 1); - } - -/** -* Send one or more records to the other side -*/ -void Record_Writer::send(byte type, const byte input[], u32bit length) +void Record_Writer::send(byte type, const byte input[], size_t length) { if(type != buf_type) flush(); - const u32bit BUFFER_SIZE = buffer.size(); + const size_t BUFFER_SIZE = buffer.size(); buf_type = type; // FIXME: compression right here @@ -161,11 +161,11 @@ void Record_Writer::send(byte type, const byte input[], u32bit length) void Record_Writer::flush() { const byte* buf_ptr = &buffer[0]; - u32bit offset = 0; + size_t offset = 0; while(offset != buf_pos) { - u32bit record_size = buf_pos - offset; + size_t record_size = buf_pos - offset; if(record_size > MAX_PLAINTEXT_SIZE) record_size = MAX_PLAINTEXT_SIZE; @@ -179,7 +179,7 @@ void Record_Writer::flush() /** * Encrypt and send the record */ -void Record_Writer::send_record(byte type, const byte buf[], u32bit length) +void Record_Writer::send_record(byte type, const byte buf[], size_t length) { if(length >= MAX_COMPRESSED_SIZE) throw TLS_Exception(INTERNAL_ERROR, @@ -189,26 +189,22 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length) send_record(type, major, minor, buf, length); else { - mac.start_msg(); - for(u32bit j = 0; j != 8; j++) - mac.write(get_byte(j, seq_no)); - mac.write(type); + mac->update_be(seq_no); + mac->update(type); if(major > 3 || (major == 3 && minor != 0)) { - mac.write(major); - mac.write(minor); + mac->update(major); + mac->update(minor); } - mac.write(get_byte(2, length)); - mac.write(get_byte(3, length)); - mac.write(buf, length); - mac.end_msg(); + mac->update(get_byte<u16bit>(0, length)); + mac->update(get_byte<u16bit>(1, length)); + mac->update(buf, length); - // TODO: This could all use a single buffer - - SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE); + SecureVector<byte> buf_mac = mac->final(); + // TODO: This could all use a single buffer cipher.start_msg(); if(iv_size) @@ -227,10 +223,10 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length) if(block_size) { - u32bit pad_val = + size_t pad_val = (block_size - (1 + length + buf_mac.size())) % block_size; - for(u32bit j = 0; j != pad_val + 1; j++) + for(size_t i = 0; i != pad_val + 1; ++i) cipher.write(pad_val); } cipher.end_msg(); @@ -247,18 +243,18 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length) * Send a final record packet */ void Record_Writer::send_record(byte type, byte major, byte minor, - const byte out[], u32bit length) + const byte out[], size_t length) { if(length >= MAX_CIPHERTEXT_SIZE) throw TLS_Exception(INTERNAL_ERROR, "Record_Writer: Record is too big"); byte header[5] = { type, major, minor, 0 }; - for(u32bit j = 0; j != 2; j++) - header[j+3] = get_byte<u16bit>(j, length); + for(size_t i = 0; i != 2; ++i) + header[i+3] = get_byte<u16bit>(i, length); - socket.write(header, 5); - socket.write(out, length); + output_fn(header, 5); + output_fn(out, length); } /** diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index d74609152..f2df58b8b 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -86,8 +86,8 @@ SecureVector<byte> Server_Key_Exchange::serialize_params() const { SecureVector<byte> buf; - for(u32bit j = 0; j != params.size(); j++) - append_tls_length_value(buf, BigInt::encode(params[j]), 2); + for(size_t i = 0; i != params.size(); ++i) + append_tls_length_value(buf, BigInt::encode(params[i]), 2); return buf; } @@ -101,20 +101,20 @@ void Server_Key_Exchange::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Server_Key_Exchange: Packet corrupted"); SecureVector<byte> values[4]; - u32bit so_far = 0; + size_t so_far = 0; - for(u32bit j = 0; j != 4; j++) + for(size_t i = 0; i != 4; ++i) { - u16bit len = make_u16bit(buf[so_far], buf[so_far+1]); + const u16bit len = make_u16bit(buf[so_far], buf[so_far+1]); so_far += 2; if(len + so_far > buf.size()) throw Decoding_Error("Server_Key_Exchange: Packet corrupted"); - values[j].set(&buf[so_far], len); + values[i].set(&buf[so_far], len); so_far += len; - if(j == 2 && so_far == buf.size()) + if(i == 2 && so_far == buf.size()) break; } diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp index d6d62d59a..505b2c22a 100644 --- a/src/ssl/tls_client.cpp +++ b/src/ssl/tls_client.cpp @@ -81,34 +81,22 @@ void client_check_state(Handshake_Type new_msg, Handshake_State* state) /** * TLS Client Constructor */ -TLS_Client::TLS_Client(const TLS_Policy& pol, - RandomNumberGenerator& r, - Socket& sock) : - policy(pol), - rng(r), - peer(sock), - writer(sock) +TLS_Client::TLS_Client(std::tr1::function<size_t (byte[], size_t)> input_fn, + std::tr1::function<void (const byte[], size_t)> output_fn, + const TLS_Policy& policy, + RandomNumberGenerator& rng) : + input_fn(input_fn), + policy(policy), + rng(rng), + writer(output_fn) { initialize(); } -/** -* TLS Client Constructor -*/ -TLS_Client::TLS_Client(const TLS_Policy& pol, - RandomNumberGenerator& r, - Socket& sock, - const X509_Certificate& cert, - const Private_Key& key) : - policy(pol), - rng(r), - peer(sock), - writer(sock) +void TLS_Client::add_client_cert(const X509_Certificate& cert, + Private_Key* cert_key) { - certs.push_back(cert); - keys.push_back(PKCS8::copy_key(key, rng)); - - initialize(); + certs.push_back(std::make_pair(cert, cert_key)); } /** @@ -117,8 +105,8 @@ TLS_Client::TLS_Client(const TLS_Policy& pol, TLS_Client::~TLS_Client() { close(); - for(u32bit j = 0; j != keys.size(); j++) - delete keys[j]; + for(size_t i = 0; i != certs.size(); i++) + delete certs[i].second; delete state; } @@ -179,7 +167,7 @@ std::vector<X509_Certificate> TLS_Client::peer_cert_chain() const /** * Write to a TLS connection */ -void TLS_Client::write(const byte buf[], u32bit length) +void TLS_Client::write(const byte buf[], size_t length) { if(!active) throw TLS_Exception(INTERNAL_ERROR, @@ -191,7 +179,7 @@ void TLS_Client::write(const byte buf[], u32bit length) /** * Read from a TLS connection */ -u32bit TLS_Client::read(byte out[], u32bit length) +size_t TLS_Client::read(byte out[], size_t length) { if(!active) return 0; @@ -205,7 +193,7 @@ u32bit TLS_Client::read(byte out[], u32bit length) break; } - u32bit got = std::min<size_t>(read_buf.size(), length); + size_t got = std::min<size_t>(read_buf.size(), length); read_buf.read(out, got); return got; } @@ -253,12 +241,12 @@ void TLS_Client::state_machine() byte rec_type = CONNECTION_CLOSED; SecureVector<byte> record(1024); - u32bit bytes_needed = reader.get_record(rec_type, record); + size_t bytes_needed = reader.get_record(rec_type, record); while(bytes_needed) { - u32bit to_get = std::min<u32bit>(record.size(), bytes_needed); - u32bit got = peer.read(&record[0], to_get); + size_t to_get = std::min<size_t>(record.size(), bytes_needed); + size_t got = input_fn(&record[0], to_get); if(got == 0) { @@ -330,7 +318,7 @@ void TLS_Client::read_handshake(byte rec_type, byte head[4] = { 0 }; state->queue.peek(head, 4); - const u32bit length = make_u32bit(0, head[1], head[2], head[3]); + const size_t length = make_u32bit(0, head[1], head[2], head[3]); if(state->queue.size() >= length + 4) { @@ -383,9 +371,9 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, if(type != HANDSHAKE_CCS && type != HELLO_REQUEST && type != FINISHED) { state->hash.update(static_cast<byte>(type)); - const u32bit record_length = contents.size(); - for(u32bit j = 0; j != 3; j++) - state->hash.update(get_byte(j+1, record_length)); + const size_t record_length = contents.size(); + for(size_t i = 0; i != 3; i++) + state->hash.update(get_byte<u32bit>(i+1, record_length)); state->hash.update(contents); } diff --git a/src/ssl/tls_client.h b/src/ssl/tls_client.h index e59218892..913a87e50 100644 --- a/src/ssl/tls_client.h +++ b/src/ssl/tls_client.h @@ -11,7 +11,6 @@ #include <botan/tls_connection.h> #include <botan/tls_policy.h> #include <botan/tls_record.h> -#include <botan/socket.h> #include <vector> #include <string> @@ -20,34 +19,31 @@ namespace Botan { /** * TLS Client */ - -// FIXME: much of this can probably be moved up to TLS_Connection class BOTAN_DLL TLS_Client : public TLS_Connection { public: - u32bit read(byte buf[], u32bit buf_len); - void write(const byte buf[], u32bit buf_len); - - std::vector<X509_Certificate> peer_cert_chain() const; + size_t read(byte buf[], size_t buf_len); + void write(const byte buf[], size_t buf_len); void close(); bool is_closed() const; - TLS_Client(const TLS_Policy& policy, - RandomNumberGenerator& rng, - Socket& peer); + std::vector<X509_Certificate> peer_cert_chain() const; - // FIXME: support multiple/arbitrary # of cert/key pairs - TLS_Client(const TLS_Policy& policy, - RandomNumberGenerator& rng, - Socket& peer, - const X509_Certificate& cert, - const Private_Key& cert_key); + void add_client_cert(const X509_Certificate& cert, + Private_Key* cert_key); + + TLS_Client(std::tr1::function<size_t (byte[], size_t)> input_fn, + std::tr1::function<void (const byte[], size_t)> output_fn, + const TLS_Policy& policy, + RandomNumberGenerator& rng); ~TLS_Client(); private: void close(Alert_Level, Alert_Type); + size_t get_pending_socket_input(byte output[], size_t length); + void initialize(); void do_handshake(); @@ -55,15 +51,16 @@ class BOTAN_DLL TLS_Client : public TLS_Connection void read_handshake(byte, const MemoryRegion<byte>&); void process_handshake_msg(Handshake_Type, const MemoryRegion<byte>&); + std::tr1::function<size_t (byte[], size_t)> input_fn; + const TLS_Policy& policy; RandomNumberGenerator& rng; - Socket& peer; Record_Writer writer; Record_Reader reader; - std::vector<X509_Certificate> certs, peer_certs; - std::vector<Private_Key*> keys; + std::vector<X509_Certificate> peer_certs; + std::vector<std::pair<X509_Certificate, Private_Key*> > certs; class Handshake_State* state; SecureVector<byte> session_id; diff --git a/src/ssl/tls_connection.h b/src/ssl/tls_connection.h index a6de659c4..bbefa2114 100644 --- a/src/ssl/tls_connection.h +++ b/src/ssl/tls_connection.h @@ -19,9 +19,9 @@ namespace Botan { class BOTAN_DLL TLS_Connection { public: - virtual u32bit read(byte[], u32bit) = 0; - virtual void write(const byte[], u32bit) = 0; - u32bit read(byte& in) { return read(&in, 1); } + virtual size_t read(byte[], size_t) = 0; + virtual void write(const byte[], size_t) = 0; + size_t read(byte& in) { return read(&in, 1); } void write(byte out) { write(&out, 1); } virtual std::vector<X509_Certificate> peer_cert_chain() const = 0; diff --git a/src/ssl/tls_handshake_hash.cpp b/src/ssl/tls_handshake_hash.cpp index 93442cad1..7c1e2e385 100644 --- a/src/ssl/tls_handshake_hash.cpp +++ b/src/ssl/tls_handshake_hash.cpp @@ -45,15 +45,19 @@ SecureVector<byte> HandshakeHash::final_ssl3(const MemoryRegion<byte>& secret) md5.update(secret); sha1.update(secret); - for(u32bit j = 0; j != 48; j++) md5.update(PAD_INNER); - for(u32bit j = 0; j != 40; j++) sha1.update(PAD_INNER); + for(size_t i = 0; i != 48; ++i) + md5.update(PAD_INNER); + for(size_t i = 0; i != 40; ++i) + sha1.update(PAD_INNER); SecureVector<byte> inner_md5 = md5.final(), inner_sha1 = sha1.final(); md5.update(secret); sha1.update(secret); - for(u32bit j = 0; j != 48; j++) md5.update(PAD_OUTER); - for(u32bit j = 0; j != 40; j++) sha1.update(PAD_OUTER); + for(size_t i = 0; i != 48; ++i) + md5.update(PAD_OUTER); + for(size_t i = 0; i != 40; ++i) + sha1.update(PAD_OUTER); md5.update(inner_md5); sha1.update(inner_sha1); diff --git a/src/ssl/tls_handshake_hash.h b/src/ssl/tls_handshake_hash.h index 4c145c6c6..ceaa55584 100644 --- a/src/ssl/tls_handshake_hash.h +++ b/src/ssl/tls_handshake_hash.h @@ -20,7 +20,7 @@ using namespace Botan; class BOTAN_DLL HandshakeHash { public: - void update(const byte in[], u32bit length) + void update(const byte in[], size_t length) { data += std::make_pair(in, length); } void update(const MemoryRegion<byte>& in) diff --git a/src/ssl/tls_policy.cpp b/src/ssl/tls_policy.cpp index e7e25a877..38fcf58cc 100644 --- a/src/ssl/tls_policy.cpp +++ b/src/ssl/tls_policy.cpp @@ -10,7 +10,7 @@ namespace Botan { -/** +/* * Return allowed ciphersuites */ std::vector<u16bit> TLS_Policy::ciphersuites() const @@ -18,7 +18,7 @@ std::vector<u16bit> TLS_Policy::ciphersuites() const return suite_list(allow_static_rsa(), allow_edh_rsa(), allow_edh_dsa()); } -/** +/* * Return allowed ciphersuites */ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa, @@ -60,7 +60,7 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa, return suites; } -/** +/* * Return allowed compression algorithms */ std::vector<byte> TLS_Policy::compression() const @@ -70,7 +70,7 @@ std::vector<byte> TLS_Policy::compression() const return algs; } -/** +/* * Choose which ciphersuite to use */ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites, @@ -84,30 +84,30 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites, std::vector<u16bit> s_suites = suite_list(use_static_rsa, use_edh_rsa, use_edh_dsa); - for(u32bit j = 0; j != s_suites.size(); j++) - for(u32bit k = 0; k != c_suites.size(); k++) - if(s_suites[j] == c_suites[k]) - return s_suites[j]; + for(size_t i = 0; i != s_suites.size(); ++i) + for(size_t j = 0; j != c_suites.size(); ++j) + if(s_suites[i] == c_suites[j]) + return s_suites[i]; return 0; } -/** +/* * Choose which compression algorithm to use */ byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const { std::vector<byte> s_comp = compression(); - for(u32bit j = 0; j != s_comp.size(); j++) - for(u32bit k = 0; k != c_comp.size(); k++) - if(s_comp[j] == c_comp[k]) - return s_comp[j]; + for(size_t i = 0; i != s_comp.size(); ++i) + for(size_t j = 0; j != c_comp.size(); ++j) + if(s_comp[i] == c_comp[j]) + return s_comp[i]; return NO_COMPRESSION; } -/** +/* * Return the group to use for empheral DH */ DL_Group TLS_Policy::dh_group() const @@ -115,7 +115,7 @@ DL_Group TLS_Policy::dh_group() const return DL_Group("modp/ietf/1024"); } -/** +/* * Default certificate check */ bool TLS_Policy::check_cert(const std::vector<X509_Certificate>& certs) const diff --git a/src/ssl/tls_policy.h b/src/ssl/tls_policy.h index 022eed4ec..c5944f0f7 100644 --- a/src/ssl/tls_policy.h +++ b/src/ssl/tls_policy.h @@ -37,7 +37,7 @@ class BOTAN_DLL TLS_Policy virtual bool require_client_auth() const { return false; } virtual DL_Group dh_group() const; - virtual u32bit rsa_export_keysize() const { return 512; } + virtual size_t rsa_export_keysize() const { return 512; } virtual Version_Code min_version() const { return SSL_V3; } virtual Version_Code pref_version() const { return TLS_V11; } diff --git a/src/ssl/tls_reader.h b/src/ssl/tls_reader.h index 733e9bdc9..3a45235b5 100644 --- a/src/ssl/tls_reader.h +++ b/src/ssl/tls_reader.h @@ -22,7 +22,7 @@ class TLS_Data_Reader TLS_Data_Reader(const MemoryRegion<byte>& buf_in) : buf(buf_in), offset(0) {} - u32bit remaining_bytes() const + size_t remaining_bytes() const { return buf.size() - offset; } @@ -32,7 +32,7 @@ class TLS_Data_Reader return (remaining_bytes() > 0); } - void discard_next(u32bit bytes) + void discard_next(size_t bytes) { assert_at_least(bytes); offset += bytes; @@ -55,13 +55,13 @@ class TLS_Data_Reader } template<typename T, typename Container> - Container get_elem(u32bit num_elems) + Container get_elem(size_t num_elems) { assert_at_least(num_elems * sizeof(T)); Container result(num_elems); - for(u32bit i = 0; i != num_elems; ++i) + for(size_t i = 0; i != num_elems; ++i) result[i] = load_be<T>(&buf[offset], i); offset += num_elems * sizeof(T); @@ -70,35 +70,35 @@ class TLS_Data_Reader } template<typename T> - SecureVector<T> get_range(u32bit len_bytes, - u32bit min_elems, - u32bit max_elems) + SecureVector<T> get_range(size_t len_bytes, + size_t min_elems, + size_t max_elems) { - const u32bit num_elems = + const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); return get_elem<T, SecureVector<T> >(num_elems); } template<typename T> - std::vector<T> get_range_vector(u32bit len_bytes, - u32bit min_elems, - u32bit max_elems) + std::vector<T> get_range_vector(size_t len_bytes, + size_t min_elems, + size_t max_elems) { - const u32bit num_elems = + const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); return get_elem<T, std::vector<T> >(num_elems); } template<typename T> - SecureVector<T> get_fixed(u32bit size) + SecureVector<T> get_fixed(size_t size) { return get_elem<T, SecureVector<T> >(size); } private: - u32bit get_length_field(u32bit len_bytes) + size_t get_length_field(size_t len_bytes) { assert_at_least(len_bytes); @@ -110,17 +110,17 @@ class TLS_Data_Reader throw Decoding_Error("TLS_Data_Reader: Bad length size"); } - u32bit get_num_elems(u32bit len_bytes, - u32bit T_size, - u32bit min_elems, - u32bit max_elems) + size_t get_num_elems(size_t len_bytes, + size_t T_size, + size_t min_elems, + size_t max_elems) { - const u32bit byte_length = get_length_field(len_bytes); + const size_t byte_length = get_length_field(len_bytes); if(byte_length % T_size != 0) throw Decoding_Error("TLS_Data_Reader: Size isn't multiple of T"); - const u32bit num_elems = byte_length / T_size; + const size_t num_elems = byte_length / T_size; if(num_elems < min_elems || num_elems > max_elems) throw Decoding_Error("TLS_Data_Reader: Range outside paramaters"); @@ -128,14 +128,14 @@ class TLS_Data_Reader return num_elems; } - void assert_at_least(u32bit n) const + void assert_at_least(size_t n) const { if(buf.size() - offset < n) throw Decoding_Error("TLS_Data_Reader: Corrupt packet"); } const MemoryRegion<byte>& buf; - u32bit offset; + size_t offset; }; /** @@ -144,11 +144,11 @@ class TLS_Data_Reader template<typename T> void append_tls_length_value(MemoryRegion<byte>& buf, const T* vals, - u32bit vals_size, - u32bit tag_size) + size_t vals_size, + size_t tag_size) { - const u32bit T_size = sizeof(T); - const u32bit val_bytes = T_size * vals_size; + const size_t T_size = sizeof(T); + const size_t val_bytes = T_size * vals_size; if(tag_size != 1 && tag_size != 2) throw std::invalid_argument("append_tls_length_value: invalid tag size"); @@ -157,18 +157,18 @@ void append_tls_length_value(MemoryRegion<byte>& buf, (tag_size == 2 && val_bytes > 65535)) throw std::invalid_argument("append_tls_length_value: value too large"); - for(u32bit i = 0; i != tag_size; ++i) - buf.push_back(get_byte(4-tag_size+i, val_bytes)); + for(size_t i = 0; i != tag_size; ++i) + buf.push_back(get_byte(sizeof(val_bytes)-tag_size+i, val_bytes)); - for(u32bit i = 0; i != vals_size; ++i) - for(u32bit j = 0; j != T_size; ++j) + for(size_t i = 0; i != vals_size; ++i) + for(size_t j = 0; j != T_size; ++j) buf.push_back(get_byte(j, vals[i])); } template<typename T> void append_tls_length_value(MemoryRegion<byte>& buf, const MemoryRegion<T>& vals, - u32bit tag_size) + size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } @@ -176,7 +176,7 @@ void append_tls_length_value(MemoryRegion<byte>& buf, template<typename T> void append_tls_length_value(MemoryRegion<byte>& buf, const std::vector<T>& vals, - u32bit tag_size) + size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h index 7ea7f3cc8..84929b0ff 100644 --- a/src/ssl/tls_record.h +++ b/src/ssl/tls_record.h @@ -12,9 +12,18 @@ #include <botan/tls_suites.h> #include <botan/socket.h> #include <botan/pipe.h> +#include <botan/mac.h> #include <botan/secqueue.h> #include <vector> +#if defined(BOTAN_USE_STD_TR1) + #include <tr1/functional> +#elif defined(BOTAN_USE_BOOST_TR1) + #include <boost/tr1/functional.hpp> +#endif + +using namespace std::tr1::placeholders; + namespace Botan { /** @@ -23,8 +32,9 @@ namespace Botan { class BOTAN_DLL Record_Writer { public: - void send(byte, const byte[], u32bit); - void send(byte, byte); + void send(byte type, const byte input[], size_t length); + void send(byte type, byte val) { send(type, &val, 1); } + void flush(); void alert(Alert_Level, Alert_Type); @@ -35,18 +45,22 @@ class BOTAN_DLL Record_Writer void reset(); - Record_Writer(Socket& socket); + Record_Writer(std::tr1::function<void (const byte[], size_t)> output_fn); + ~Record_Writer() { delete mac; } private: - void send_record(byte, const byte[], u32bit); - void send_record(byte, byte, byte, const byte[], u32bit); + void send_record(byte type, const byte input[], size_t length); + void send_record(byte type, byte major, byte minor, + const byte input[], size_t length); + + std::tr1::function<void (const byte[], size_t)> output_fn; + Pipe cipher; + MessageAuthenticationCode* mac; - Socket& socket; - Pipe cipher, mac; SecureVector<byte> buffer; - u32bit buf_pos; + size_t buf_pos; - u32bit block_size, mac_size, iv_size; + size_t block_size, mac_size, iv_size; u64bit seq_no; byte major, minor, buf_type; @@ -58,14 +72,14 @@ class BOTAN_DLL Record_Writer class BOTAN_DLL Record_Reader { public: - void add_input(const byte input[], u32bit input_size); + void add_input(const byte input[], size_t input_size); /** * @param msg_type (output variable) * @param buffer (output variable) * @return Number of bytes still needed (minimum), or 0 if success */ - u32bit get_record(byte& msg_type, + size_t get_record(byte& msg_type, MemoryRegion<byte>& buffer); SecureVector<byte> get_record(byte& msg_type); @@ -78,12 +92,15 @@ class BOTAN_DLL Record_Reader void reset(); - Record_Reader() { reset(); } + Record_Reader() { mac = 0; reset(); } + + ~Record_Reader() { delete mac; } private: SecureQueue input_queue; - Pipe cipher, mac; - u32bit block_size, mac_size, iv_size; + Pipe cipher; + MessageAuthenticationCode* mac; + size_t block_size, mac_size, iv_size; u64bit seq_no; byte major, minor; }; diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 1503912d0..6f79fe0fb 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace { -/** +/* * Choose what version to respond with */ Version_Code choose_version(Version_Code client, Version_Code minimum) @@ -31,7 +31,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) } // FIXME: checks are wrong for session reuse (add a flag for that) -/** +/* * Verify the state transition is allowed */ void server_check_state(Handshake_Type new_msg, Handshake_State* state) @@ -82,7 +82,7 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state) } -/** +/* * TLS Server Constructor */ TLS_Server::TLS_Server(const TLS_Policy& pol, @@ -93,7 +93,7 @@ TLS_Server::TLS_Server(const TLS_Policy& pol, policy(pol), rng(r), peer(sock), - writer(sock) + writer(std::tr1::bind(&Socket::write, std::tr1::ref(peer), _1, _2)) { state = 0; @@ -120,7 +120,7 @@ TLS_Server::TLS_Server(const TLS_Policy& pol, } } -/** +/* * TLS Server Destructor */ TLS_Server::~TLS_Server() @@ -130,7 +130,7 @@ TLS_Server::~TLS_Server() delete state; } -/** +/* * Return the peer's certificate chain */ std::vector<X509_Certificate> TLS_Server::peer_cert_chain() const @@ -138,10 +138,10 @@ std::vector<X509_Certificate> TLS_Server::peer_cert_chain() const return peer_certs; } -/** +/* * Write to a TLS connection */ -void TLS_Server::write(const byte buf[], u32bit length) +void TLS_Server::write(const byte buf[], size_t length) { if(!active) throw Internal_Error("TLS_Server::write called while closed"); @@ -149,10 +149,10 @@ void TLS_Server::write(const byte buf[], u32bit length) writer.send(APPLICATION_DATA, buf, length); } -/** +/* * Read from a TLS connection */ -u32bit TLS_Server::read(byte out[], u32bit length) +size_t TLS_Server::read(byte out[], size_t length) { if(!active) throw Internal_Error("TLS_Server::read called while closed"); @@ -166,12 +166,12 @@ u32bit TLS_Server::read(byte out[], u32bit length) break; } - u32bit got = std::min<size_t>(read_buf.size(), length); + size_t got = std::min<size_t>(read_buf.size(), length); read_buf.read(out, got); return got; } -/** +/* * Check connection status */ bool TLS_Server::is_closed() const @@ -181,7 +181,7 @@ bool TLS_Server::is_closed() const return false; } -/** +/* * Close a TLS connection */ void TLS_Server::close() @@ -189,7 +189,7 @@ void TLS_Server::close() close(WARNING, CLOSE_NOTIFY); } -/** +/* * Close a TLS connection */ void TLS_Server::close(Alert_Level level, Alert_Type alert_code) @@ -205,7 +205,7 @@ void TLS_Server::close(Alert_Level level, Alert_Type alert_code) } } -/** +/* * Iterate the TLS state machine */ void TLS_Server::state_machine() @@ -213,12 +213,12 @@ void TLS_Server::state_machine() byte rec_type = CONNECTION_CLOSED; SecureVector<byte> record(1024); - u32bit bytes_needed = reader.get_record(rec_type, record); + size_t bytes_needed = reader.get_record(rec_type, record); while(bytes_needed) { - u32bit to_get = std::min<u32bit>(record.size(), bytes_needed); - u32bit got = peer.read(&record[0], to_get); + size_t to_get = std::min<size_t>(record.size(), bytes_needed); + size_t got = peer.read(&record[0], to_get); if(got == 0) { @@ -264,7 +264,7 @@ void TLS_Server::state_machine() throw Unexpected_Message("Unknown message type recieved"); } -/** +/* * Split up and process handshake messages */ void TLS_Server::read_handshake(byte rec_type, @@ -289,7 +289,7 @@ void TLS_Server::read_handshake(byte rec_type, byte head[4] = { 0 }; state->queue.peek(head, 4); - const u32bit length = make_u32bit(0, head[1], head[2], head[3]); + const size_t length = make_u32bit(0, head[1], head[2], head[3]); if(state->queue.size() >= length + 4) { @@ -320,7 +320,7 @@ void TLS_Server::read_handshake(byte rec_type, } } -/** +/* * Process a handshake message */ void TLS_Server::process_handshake_msg(Handshake_Type type, @@ -333,13 +333,13 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(type != HANDSHAKE_CCS && type != FINISHED) { - if(type != CLIENT_HELLO_SSLV2) { state->hash.update(static_cast<byte>(type)); - u32bit record_length = contents.size(); - for(u32bit j = 0; j != 3; j++) - state->hash.update(get_byte(j+1, record_length)); + + const size_t record_length = contents.size(); + for(size_t i = 0; i != 3; i++) + state->hash.update(get_byte<u32bit>(i+1, record_length)); } state->hash.update(contents); @@ -449,9 +449,11 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, "Finished message didn't verify"); state->hash.update(static_cast<byte>(type)); - u32bit record_length = contents.size(); - for(u32bit j = 0; j != 3; j++) - state->hash.update(get_byte(j+1, record_length)); + + const size_t record_length = contents.size(); + for(size_t i = 0; i != 3; i++) + state->hash.update(get_byte<u32bit>(i+1, record_length)); + state->hash.update(contents); writer.send(CHANGE_CIPHER_SPEC, 1); @@ -471,7 +473,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, throw Unexpected_Message("Unknown handshake message recieved"); } -/** +/* * Perform a server-side TLS handshake */ void TLS_Server::do_handshake() diff --git a/src/ssl/tls_server.h b/src/ssl/tls_server.h index fc6adc9ce..09a1ef40b 100644 --- a/src/ssl/tls_server.h +++ b/src/ssl/tls_server.h @@ -23,8 +23,8 @@ namespace Botan { class BOTAN_DLL TLS_Server : public TLS_Connection { public: - u32bit read(byte buf[], u32bit buf_len); - void write(const byte buf[], u32bit buf_len); + size_t read(byte buf[], size_t buf_len); + void write(const byte buf[], size_t buf_len); std::vector<X509_Certificate> peer_cert_chain() const; diff --git a/src/ssl/tls_session_key.cpp b/src/ssl/tls_session_key.cpp index 341ce7bb0..7c75d1758 100644 --- a/src/ssl/tls_session_key.cpp +++ b/src/ssl/tls_session_key.cpp @@ -71,7 +71,7 @@ SecureVector<byte> SessionKeys::master_secret() const /** * Generate SSLv3 session keys */ -SymmetricKey SessionKeys::ssl3_keygen(u32bit prf_gen, +SymmetricKey SessionKeys::ssl3_keygen(size_t prf_gen, const MemoryRegion<byte>& pre_master, const MemoryRegion<byte>& client_random, const MemoryRegion<byte>& server_random) @@ -94,7 +94,7 @@ SymmetricKey SessionKeys::ssl3_keygen(u32bit prf_gen, /** * Generate TLS 1.0 session keys */ -SymmetricKey SessionKeys::tls1_keygen(u32bit prf_gen, +SymmetricKey SessionKeys::tls1_keygen(size_t prf_gen, const MemoryRegion<byte>& pre_master, const MemoryRegion<byte>& client_random, const MemoryRegion<byte>& server_random) @@ -134,14 +134,14 @@ SessionKeys::SessionKeys(const CipherSuite& suite, Version_Code version, if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11) throw Invalid_Argument("SessionKeys: Unknown version code"); - const u32bit mac_keylen = output_length_of(suite.mac_algo()); - u32bit cipher_keylen = suite.cipher_keylen(); + const size_t mac_keylen = output_length_of(suite.mac_algo()); + const size_t cipher_keylen = suite.cipher_keylen(); - u32bit cipher_ivlen = 0; + size_t cipher_ivlen = 0; if(have_block_cipher(suite.cipher_algo())) cipher_ivlen = block_size_of(suite.cipher_algo()); - const u32bit prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen); + const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen); SymmetricKey keyblock = (version == SSL_V3) ? ssl3_keygen(prf_gen, pre_master_secret, c_random, s_random) : diff --git a/src/ssl/tls_session_key.h b/src/ssl/tls_session_key.h index 98c1b92ff..51397984b 100644 --- a/src/ssl/tls_session_key.h +++ b/src/ssl/tls_session_key.h @@ -35,10 +35,10 @@ class BOTAN_DLL SessionKeys SessionKeys(const CipherSuite&, Version_Code, const MemoryRegion<byte>&, const MemoryRegion<byte>&, const MemoryRegion<byte>&); private: - SymmetricKey ssl3_keygen(u32bit, const MemoryRegion<byte>&, + SymmetricKey ssl3_keygen(size_t, const MemoryRegion<byte>&, const MemoryRegion<byte>&, const MemoryRegion<byte>&); - SymmetricKey tls1_keygen(u32bit, const MemoryRegion<byte>&, + SymmetricKey tls1_keygen(size_t, const MemoryRegion<byte>&, const MemoryRegion<byte>&, const MemoryRegion<byte>&); diff --git a/src/ssl/tls_suites.cpp b/src/ssl/tls_suites.cpp index 12473d253..304d0b5db 100644 --- a/src/ssl/tls_suites.cpp +++ b/src/ssl/tls_suites.cpp @@ -212,7 +212,7 @@ TLS_Ciphersuite_Algos CipherSuite::lookup_ciphersuite(u16bit suite) namespace { -std::pair<std::string, u32bit> cipher_code_to_name(TLS_Ciphersuite_Algos algo) +std::pair<std::string, size_t> cipher_code_to_name(TLS_Ciphersuite_Algos algo) { if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_RC4_128) return std::make_pair("ARC4", 16); @@ -273,7 +273,7 @@ CipherSuite::CipherSuite(u16bit suite_code) kex_algo = TLS_Ciphersuite_Algos(algos & TLS_ALGO_KEYEXCH_MASK); - std::pair<std::string, u32bit> cipher_info = cipher_code_to_name(algos); + std::pair<std::string, size_t> cipher_info = cipher_code_to_name(algos); cipher = cipher_info.first; cipher_key_length = cipher_info.second; diff --git a/src/ssl/tls_suites.h b/src/ssl/tls_suites.h index 612c148e6..8d6db0e8b 100644 --- a/src/ssl/tls_suites.h +++ b/src/ssl/tls_suites.h @@ -25,7 +25,7 @@ class BOTAN_DLL CipherSuite std::string cipher_algo() const { return cipher; } std::string mac_algo() const { return mac; } - u32bit cipher_keylen() const { return cipher_key_length; } + size_t cipher_keylen() const { return cipher_key_length; } TLS_Ciphersuite_Algos kex_type() const { return kex_algo; } TLS_Ciphersuite_Algos sig_type() const { return sig_algo; } @@ -34,7 +34,7 @@ class BOTAN_DLL CipherSuite private: TLS_Ciphersuite_Algos kex_algo, sig_algo; std::string cipher, mac; - u32bit cipher_key_length; + size_t cipher_key_length; }; } diff --git a/src/stream/stream_cipher.h b/src/stream/stream_cipher.h index 26bbfe160..680d57f70 100644 --- a/src/stream/stream_cipher.h +++ b/src/stream/stream_cipher.h @@ -63,9 +63,9 @@ class BOTAN_DLL StreamCipher : public SymmetricAlgorithm * @param key_max the maximum key size * @param key_mod the modulo restriction on the key size */ - StreamCipher(u32bit key_min, - u32bit key_max = 0, - u32bit key_mod = 1) : + StreamCipher(size_t key_min, + size_t key_max = 0, + size_t key_mod = 1) : SymmetricAlgorithm(key_min, key_max, key_mod) {} virtual ~StreamCipher() {} diff --git a/src/utils/loadstor.h b/src/utils/loadstor.h index e812fca4e..29e00592a 100644 --- a/src/utils/loadstor.h +++ b/src/utils/loadstor.h @@ -97,12 +97,12 @@ inline u64bit make_u64bit(byte i0, byte i1, byte i2, byte i3, * @return off'th T of in, as a big-endian value */ template<typename T> -inline T load_be(const byte in[], u32bit off) +inline T load_be(const byte in[], size_t off) { in += off * sizeof(T); T out = 0; - for(u32bit j = 0; j != sizeof(T); j++) - out = (out << 8) | in[j]; + for(size_t i = 0; i != sizeof(T); ++i) + out = (out << 8) | in[i]; return out; } @@ -113,12 +113,12 @@ inline T load_be(const byte in[], u32bit off) * @return off'th T of in, as a litte-endian value */ template<typename T> -inline T load_le(const byte in[], u32bit off) +inline T load_le(const byte in[], size_t off) { in += off * sizeof(T); T out = 0; - for(u32bit j = 0; j != sizeof(T); j++) - out = (out << 8) | in[sizeof(T)-1-j]; + for(size_t i = 0; i != sizeof(T); ++i) + out = (out << 8) | in[sizeof(T)-1-i]; return out; } @@ -129,7 +129,7 @@ inline T load_le(const byte in[], u32bit off) * @return off'th u16bit of in, as a big-endian value */ template<> -inline u16bit load_be<u16bit>(const byte in[], u32bit off) +inline u16bit load_be<u16bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u16bit*>(in) + off)); @@ -146,7 +146,7 @@ inline u16bit load_be<u16bit>(const byte in[], u32bit off) * @return off'th u16bit of in, as a little-endian value */ template<> -inline u16bit load_le<u16bit>(const byte in[], u32bit off) +inline u16bit load_le<u16bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u16bit*>(in) + off)); @@ -163,7 +163,7 @@ inline u16bit load_le<u16bit>(const byte in[], u32bit off) * @return off'th u32bit of in, as a big-endian value */ template<> -inline u32bit load_be<u32bit>(const byte in[], u32bit off) +inline u32bit load_be<u32bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u32bit*>(in) + off)); @@ -180,7 +180,7 @@ inline u32bit load_be<u32bit>(const byte in[], u32bit off) * @return off'th u32bit of in, as a little-endian value */ template<> -inline u32bit load_le<u32bit>(const byte in[], u32bit off) +inline u32bit load_le<u32bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u32bit*>(in) + off)); @@ -197,7 +197,7 @@ inline u32bit load_le<u32bit>(const byte in[], u32bit off) * @return off'th u64bit of in, as a big-endian value */ template<> -inline u64bit load_be<u64bit>(const byte in[], u32bit off) +inline u64bit load_be<u64bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2B(*(reinterpret_cast<const u64bit*>(in) + off)); @@ -215,7 +215,7 @@ inline u64bit load_be<u64bit>(const byte in[], u32bit off) * @return off'th u64bit of in, as a little-endian value */ template<> -inline u64bit load_le<u64bit>(const byte in[], u32bit off) +inline u64bit load_le<u64bit>(const byte in[], size_t off) { #if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK return BOTAN_ENDIAN_N2L(*(reinterpret_cast<const u64bit*>(in) + off)); @@ -293,24 +293,24 @@ inline void load_le(const byte in[], template<typename T> inline void load_le(T out[], const byte in[], - u32bit count) + size_t count) { #if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS) std::memcpy(out, in, sizeof(T)*count); #if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN) - const u32bit blocks = count - (count % 4); - const u32bit left = count - blocks; + const size_t blocks = count - (count % 4); + const size_t left = count - blocks; - for(u32bit i = 0; i != blocks; i += 4) + for(size_t i = 0; i != blocks; i += 4) bswap_4(out + i); - for(u32bit i = 0; i != left; ++i) + for(size_t i = 0; i != left; ++i) out[blocks+i] = reverse_bytes(out[blocks+i]); #endif #else - for(u32bit i = 0; i != count; ++i) + for(size_t i = 0; i != count; ++i) out[i] = load_le<T>(in, i); #endif } @@ -382,24 +382,24 @@ inline void load_be(const byte in[], template<typename T> inline void load_be(T out[], const byte in[], - u32bit count) + size_t count) { #if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANNESS) std::memcpy(out, in, sizeof(T)*count); #if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN) - const u32bit blocks = count - (count % 4); - const u32bit left = count - blocks; + const size_t blocks = count - (count % 4); + const size_t left = count - blocks; - for(u32bit i = 0; i != blocks; i += 4) + for(size_t i = 0; i != blocks; i += 4) bswap_4(out + i); - for(u32bit i = 0; i != left; ++i) + for(size_t i = 0; i != left; ++i) out[blocks+i] = reverse_bytes(out[blocks+i]); #endif #else - for(u32bit i = 0; i != count; ++i) + for(size_t i = 0; i != count; ++i) out[i] = load_be<T>(in, i); #endif } diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp index 50696bbbf..ff0718bb0 100644 --- a/src/utils/parsing.cpp +++ b/src/utils/parsing.cpp @@ -231,7 +231,7 @@ std::string ipv4_to_string(u32bit ip) { std::string str; - for(size_t i = 0; i != sizeof(ip); i++) + for(size_t i = 0; i != sizeof(ip); ++i) { if(i) str += "."; diff --git a/src/wrap/perl-xs/Botan.xs b/src/wrap/perl-xs/Botan.xs index 5268a96d1..fc0c00ff5 100644 --- a/src/wrap/perl-xs/Botan.xs +++ b/src/wrap/perl-xs/Botan.xs @@ -12,9 +12,7 @@ extern "C" { #include <botan/asn1_obj.h> #include <botan/asn1_oid.h> -#include <botan/base64.h> -#include <botan/basefilt.h> -#include <botan/hex_filt.h> +#include <botan/filters.h> #include <botan/init.h> #include <botan/oids.h> #include <botan/x509cert.h> |