diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/block/misty1/misty1.cpp | 4 | ||||
-rw-r--r-- | src/lib/kdf/hkdf/hkdf.cpp | 8 | ||||
-rw-r--r-- | src/lib/kdf/sp800_108/sp800_108.cpp | 208 | ||||
-rw-r--r-- | src/lib/mac/gmac/gmac.cpp | 7 | ||||
-rw-r--r-- | src/lib/modes/aead/ocb/ocb.cpp | 2 | ||||
-rw-r--r-- | src/lib/utils/barrier.cpp | 4 | ||||
-rw-r--r-- | src/lib/utils/barrier.h | 40 | ||||
-rw-r--r-- | src/tests/test_rng.cpp | 2 |
8 files changed, 140 insertions, 135 deletions
diff --git a/src/lib/block/misty1/misty1.cpp b/src/lib/block/misty1/misty1.cpp index 3e2677fce..d6ac5f9a9 100644 --- a/src/lib/block/misty1/misty1.cpp +++ b/src/lib/block/misty1/misty1.cpp @@ -119,7 +119,7 @@ void MISTY1::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const B3 ^= B2 & RK[2]; B2 ^= B3 | RK[3]; - uint32_t T0, T1; + uint16_t T0, T1; T0 = FI(B0 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B1; T1 = FI(B1 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0; @@ -169,7 +169,7 @@ void MISTY1::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const B0 ^= B1 | RK[2]; B1 ^= B0 & RK[3]; - uint32_t T0, T1; + uint16_t T0, T1; T0 = FI(B2 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B3; T1 = FI(B3 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0; diff --git a/src/lib/kdf/hkdf/hkdf.cpp b/src/lib/kdf/hkdf/hkdf.cpp index d66847244..63085d191 100644 --- a/src/lib/kdf/hkdf/hkdf.cpp +++ b/src/lib/kdf/hkdf/hkdf.cpp @@ -87,17 +87,19 @@ hkdf_expand_label(const std::string& hash_fn, if(hash_val_len > 0xFF) throw Invalid_Argument("HKDF-Expand-Label hash too long"); + const uint16_t length16 = static_cast<uint16_t>(length); + auto mac = MessageAuthenticationCode::create("HMAC(" + hash_fn + ")"); if(!mac) throw Invalid_Argument("HKDF-Expand-Label with HMAC(" + hash_fn + ") not available"); HKDF_Expand hkdf(mac.release()); - secure_vector<uint8_t> output(length); + secure_vector<uint8_t> output(length16); std::vector<uint8_t> prefix(3 + label.size() + 1); - prefix[0] = get_byte<uint16_t>(0, length); - prefix[1] = get_byte<uint16_t>(1, length); + prefix[0] = get_byte(0, length16); + prefix[1] = get_byte(1, length16); prefix[2] = static_cast<uint8_t>(label.size()); copy_mem(prefix.data() + 3, diff --git a/src/lib/kdf/sp800_108/sp800_108.cpp b/src/lib/kdf/sp800_108/sp800_108.cpp index 0f9eed1f2..137ade106 100644 --- a/src/lib/kdf/sp800_108/sp800_108.cpp +++ b/src/lib/kdf/sp800_108/sp800_108.cpp @@ -16,39 +16,39 @@ size_t SP800_108_Counter::kdf(uint8_t key[], size_t key_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const { - const std::size_t prf_len = m_prf->output_length(); - const uint8_t delim = 0; - uint8_t *p = key; - uint32_t counter = 1; - uint32_t length = key_len * 8; - uint8_t be_len[4] = { 0 }; - secure_vector<uint8_t> tmp; + const std::size_t prf_len = m_prf->output_length(); + const uint8_t delim = 0; + const uint32_t length = static_cast<uint32_t>(key_len * 8); - store_be(length, be_len); - m_prf->set_key(secret, secret_len); + uint8_t *p = key; + uint32_t counter = 1; + uint8_t be_len[4] = { 0 }; + secure_vector<uint8_t> tmp; - while(p < key + key_len && counter != 0) - { - const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); - uint8_t be_cnt[4] = { 0 }; + store_be(length, be_len); + m_prf->set_key(secret, secret_len); - store_be(counter, be_cnt); + while(p < key + key_len && counter != 0) + { + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + uint8_t be_cnt[4] = { 0 }; - m_prf->update(be_cnt,4); - m_prf->update(label,label_len); - m_prf->update(delim); - m_prf->update(salt,salt_len); - m_prf->update(be_len,4); - m_prf->final(tmp); + store_be(counter, be_cnt); - std::move(tmp.begin(), tmp.begin() + to_copy, p); - ++counter; + m_prf->update(be_cnt,4); + m_prf->update(label,label_len); + m_prf->update(delim); + m_prf->update(salt,salt_len); + m_prf->update(be_len,4); + m_prf->final(tmp); - if (counter == 0) - throw Invalid_Argument("Can't process more than 4GB"); + copy_mem(p, tmp.data(), to_copy); + p += to_copy; - p += to_copy; - } + ++counter; + if(counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + } return key_len; } @@ -58,98 +58,98 @@ size_t SP800_108_Feedback::kdf(uint8_t key[], size_t key_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const { - const std::size_t prf_len = m_prf->output_length(); - const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0); - const uint8_t delim = 0; + const uint32_t length = static_cast<uint32_t>(key_len * 8); + const std::size_t prf_len = m_prf->output_length(); + const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0); + const uint8_t delim = 0; - uint8_t *p = key; - uint32_t counter = 1; - uint32_t length = key_len * 8; - uint8_t be_len[4] = { 0 }; - secure_vector< uint8_t > prev(salt, salt + iv_len); - secure_vector< uint8_t > ctx(salt + iv_len, salt + salt_len); + uint8_t *p = key; + uint32_t counter = 1; + uint8_t be_len[4] = { 0 }; + secure_vector< uint8_t > prev(salt, salt + iv_len); + secure_vector< uint8_t > ctx(salt + iv_len, salt + salt_len); - store_be(length, be_len); - m_prf->set_key(secret, secret_len); + store_be(length, be_len); + m_prf->set_key(secret, secret_len); - while(p < key + key_len && counter != 0) - { - const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); - uint8_t be_cnt[4] = { 0 }; + while(p < key + key_len && counter != 0) + { + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + uint8_t be_cnt[4] = { 0 }; - store_be(counter, be_cnt); + store_be(counter, be_cnt); - m_prf->update(prev); - m_prf->update(be_cnt,4); - m_prf->update(label,label_len); - m_prf->update(delim); - m_prf->update(ctx); - m_prf->update(be_len,4); - m_prf->final(prev); + m_prf->update(prev); + m_prf->update(be_cnt,4); + m_prf->update(label,label_len); + m_prf->update(delim); + m_prf->update(ctx); + m_prf->update(be_len,4); + m_prf->final(prev); - std::copy(prev.begin(), prev.begin() + to_copy, p); - ++counter; + copy_mem(p, prev.data(), to_copy); + p += to_copy; - if (counter == 0) - throw Invalid_Argument("Can't process more than 4GB"); + ++counter; - p += to_copy; - } + if(counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + } return key_len; } size_t SP800_108_Pipeline::kdf(uint8_t key[], size_t key_len, - const uint8_t secret[], size_t secret_len, - const uint8_t salt[], size_t salt_len, - const uint8_t label[], size_t label_len) const + const uint8_t secret[], size_t secret_len, + const uint8_t salt[], size_t salt_len, + const uint8_t label[], size_t label_len) const { - const std::size_t prf_len = m_prf->output_length(); - const uint8_t delim = 0; - - uint8_t *p = key; - uint32_t counter = 1; - uint32_t length = key_len * 8; - uint8_t be_len[4] = { 0 }; - secure_vector<uint8_t> ai, ki; - - store_be(length, be_len); - m_prf->set_key(secret,secret_len); - - // A(0) - std::copy(label,label + label_len,std::back_inserter(ai)); - ai.emplace_back(delim); - std::copy(salt,salt + salt_len,std::back_inserter(ai)); - std::copy(be_len,be_len + 4,std::back_inserter(ai)); - - while(p < key + key_len && counter != 0) - { - // A(i) - m_prf->update(ai); - m_prf->final(ai); - - // K(i) - const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); - uint8_t be_cnt[4] = { 0 }; - - store_be(counter, be_cnt); - - m_prf->update(ai); - m_prf->update(be_cnt,4); - m_prf->update(label, label_len); - m_prf->update(delim); - m_prf->update(salt, salt_len); - m_prf->update(be_len,4); - m_prf->final(ki); - - std::copy(ki.begin(), ki.begin() + to_copy, p); - ++counter; - - if (counter == 0) - throw Invalid_Argument("Can't process more than 4GB"); - - p += to_copy; - } + const uint32_t length = static_cast<uint32_t>(key_len * 8); + const std::size_t prf_len = m_prf->output_length(); + const uint8_t delim = 0; + + uint8_t *p = key; + uint32_t counter = 1; + uint8_t be_len[4] = { 0 }; + secure_vector<uint8_t> ai, ki; + + store_be(length, be_len); + m_prf->set_key(secret,secret_len); + + // A(0) + std::copy(label,label + label_len,std::back_inserter(ai)); + ai.emplace_back(delim); + std::copy(salt,salt + salt_len,std::back_inserter(ai)); + std::copy(be_len,be_len + 4,std::back_inserter(ai)); + + while(p < key + key_len && counter != 0) + { + // A(i) + m_prf->update(ai); + m_prf->final(ai); + + // K(i) + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + uint8_t be_cnt[4] = { 0 }; + + store_be(counter, be_cnt); + + m_prf->update(ai); + m_prf->update(be_cnt,4); + m_prf->update(label, label_len); + m_prf->update(delim); + m_prf->update(salt, salt_len); + m_prf->update(be_len,4); + m_prf->final(ki); + + copy_mem(p, ki.data(), to_copy); + p += to_copy; + + ++counter; + + if(counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + } return key_len; } diff --git a/src/lib/mac/gmac/gmac.cpp b/src/lib/mac/gmac/gmac.cpp index 5e08a8827..7ce546ad5 100644 --- a/src/lib/mac/gmac/gmac.cpp +++ b/src/lib/mac/gmac/gmac.cpp @@ -90,9 +90,8 @@ void GMAC::final_result(uint8_t mac[]) // This ensures the GMAC computation has been initialized with a fresh // nonce. The aim of this check is to prevent developers from re-using // nonces (and potential nonce-reuse attacks). - BOTAN_ASSERT(m_initialized, - "The GMAC computation has not been initialized with a fresh " - "nonce."); + BOTAN_ASSERT(m_initialized, "GMAC was used with a fresh nonce"); + // process the rest of the aad buffer. Even if it is a partial block only // ghash_update will process it properly. if(m_aad_buf.size() > 0) @@ -102,7 +101,7 @@ void GMAC::final_result(uint8_t mac[]) m_aad_buf.size()); } secure_vector<uint8_t> result = GHASH::final(); - std::copy(result.begin(), result.end(), mac); + copy_mem(mac, result.data(), result.size()); clear(); } diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index e885eb5bc..9a7448161 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -211,7 +211,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) secure_vector<uint8_t> nonce_buf(BS); copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len); - nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0); + nonce_buf[0] = static_cast<uint8_t>(((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0)); nonce_buf[BS - nonce_len - 1] ^= 1; diff --git a/src/lib/utils/barrier.cpp b/src/lib/utils/barrier.cpp index 81c578b72..3c721d905 100644 --- a/src/lib/utils/barrier.cpp +++ b/src/lib/utils/barrier.cpp @@ -11,7 +11,7 @@ namespace Botan { -void Barrier::wait(unsigned delta) +void Barrier::wait(size_t delta) { lock_guard_type<mutex_type> lock(m_mutex); m_value += delta; @@ -23,7 +23,7 @@ void Barrier::sync() --m_value; if(m_value > 0) { - unsigned current_syncs = m_syncs; + const size_t current_syncs = m_syncs; m_cond.wait(lock, [this, ¤t_syncs] { return m_syncs != current_syncs; }); } else diff --git a/src/lib/utils/barrier.h b/src/lib/utils/barrier.h index 9b7fdd59d..943d10b0c 100644 --- a/src/lib/utils/barrier.h +++ b/src/lib/utils/barrier.h @@ -11,33 +11,37 @@ #include <botan/mutex.h> #if defined(BOTAN_TARGET_OS_HAS_THREADS) -#include <condition_variable> + #include <condition_variable> #endif namespace Botan { #if defined(BOTAN_TARGET_OS_HAS_THREADS) -// Barrier implements a barrier synchronization primitive. wait() will indicate -// how many threads to synchronize; each thread needing synchronization should -// call sync(). When sync() returns, the barrier is reset to zero, and the -// m_syncs counter is incremented. m_syncs is a counter to ensure that wait() -// can be called after a sync() even if the previously sleeping threads have -// not awoken.) + +/** +Barrier implements a barrier synchronization primitive. wait() will +indicate how many threads to synchronize; each thread needing +synchronization should call sync(). When sync() returns, the barrier +is reset to zero, and the m_syncs counter is incremented. m_syncs is a +counter to ensure that wait() can be called after a sync() even if the +previously sleeping threads have not awoken.) +*/ class Barrier final - { - public: - explicit Barrier(int value = 0) : m_value(value), m_syncs(0) {} + { + public: + explicit Barrier(int value = 0) : m_value(value), m_syncs(0) {} + + void wait(size_t delta); - void wait(unsigned delta); + void sync(); - void sync(); + private: + int m_value; + size_t m_syncs; + mutex_type m_mutex; + std::condition_variable m_cond; + }; - private: - int m_value; - unsigned m_syncs; - mutex_type m_mutex; - std::condition_variable m_cond; - }; #endif } diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp index e018349c0..193a94379 100644 --- a/src/tests/test_rng.cpp +++ b/src/tests/test_rng.cpp @@ -761,7 +761,7 @@ class RDRAND_RNG_Tests final : public Test an invalid ptr/length field to add_entropy. If it examined its arguments, it would crash... */ - const uint8_t* invalid_ptr = reinterpret_cast<const uint8_t*>(0xDEADC0DE); + const uint8_t* invalid_ptr = reinterpret_cast<const uint8_t*>(static_cast<uintptr_t>(0xDEADC0DE)); const size_t invalid_ptr_len = 64*1024; rng.add_entropy(invalid_ptr, invalid_ptr_len); |