From 33bb3dca54ecef2599b756d27b66781e14d06ae3 Mon Sep 17 00:00:00 2001 From: lloyd Date: Tue, 30 Sep 2008 06:20:10 +0000 Subject: Remove lookup from Randpool, HMAC, CMAC, CBC-MAC, TLS-PRF, and PBKDF2 --- checks/dolook2.cpp | 3 ++- src/core/libstate/def_alg.cpp | 27 ++++++++++++++++++--------- src/core/rng.cpp | 4 +++- src/kdf/pbkdf2/pbkdf2.cpp | 35 +++++++++++++++++------------------ src/kdf/pbkdf2/pbkdf2.h | 10 +++++++--- src/kdf/tlsv1/prf_tls.cpp | 40 ++++++++++++++++++++++++++++------------ src/kdf/tlsv1/prf_tls.h | 14 +++++++++++--- src/mac/cbc_mac/cbc_mac.cpp | 16 +++++++--------- src/mac/cbc_mac/cbc_mac.h | 3 ++- src/mac/cmac/cmac.cpp | 8 ++++++++ src/mac/cmac/cmac.h | 2 +- src/mac/hmac/hmac.cpp | 12 ++++++------ src/mac/hmac/hmac.h | 3 ++- src/pk_pad/emsa1/emsa1.cpp | 1 - src/rng/randpool/randpool.cpp | 17 +++++++++-------- src/rng/randpool/randpool.h | 7 +++++-- 16 files changed, 126 insertions(+), 76 deletions(-) diff --git a/checks/dolook2.cpp b/checks/dolook2.cpp index ed579ad67..708d5d2ef 100644 --- a/checks/dolook2.cpp +++ b/checks/dolook2.cpp @@ -135,7 +135,8 @@ Filter* lookup_rng(const std::string& algname, // defaults, so benchmark reflects real-world performance (maybe) if(!prng && (algname == "Randpool" || algname == "X9.31-RNG")) { - Randpool* randpool = new Randpool("AES-256", "HMAC(SHA-256)"); + Randpool* randpool = new Randpool(get_block_cipher("AES-256"), + get_mac("HMAC(SHA-256)")); randpool->add_entropy(reinterpret_cast(key.c_str()), key.length()); diff --git a/src/core/libstate/def_alg.cpp b/src/core/libstate/def_alg.cpp index ade7e8d08..ea58bd06f 100644 --- a/src/core/libstate/def_alg.cpp +++ b/src/core/libstate/def_alg.cpp @@ -538,9 +538,12 @@ Default_Engine::find_mac(const std::string& algo_spec) const return 0; const std::string algo_name = global_state().deref_alias(name[0]); -#if defined(BOTAN_HAS_CBC_MAC) - HANDLE_TYPE_ONE_STRING("CBC-MAC", CBC_MAC); -#endif + if(algo_name == "CBC-MAC") + { + if(name.size() == 2) + return new CBC_MAC(find_block_cipher(name[1])); + throw Invalid_Algorithm_Name(algo_spec); + } if(algo_name == "CMAC") { @@ -549,9 +552,12 @@ Default_Engine::find_mac(const std::string& algo_spec) const throw Invalid_Algorithm_Name(algo_spec); } -#if defined(BOTAN_HAS_HMAC) - HANDLE_TYPE_ONE_STRING("HMAC", HMAC); -#endif + if(algo_name == "HMAC") + { + if(name.size() == 2) + return new HMAC(find_hash(name[1])); + throw Invalid_Algorithm_Name(algo_spec); + } #if defined(BOTAN_HAS_SSL3_MAC) HANDLE_TYPE_ONE_STRING("SSL3-MAC", SSL3_MAC); @@ -579,9 +585,12 @@ S2K* Default_Engine::find_s2k(const std::string& algo_spec) const HANDLE_TYPE_ONE_STRING("PBKDF1", PKCS5_PBKDF1); #endif -#if defined(BOTAN_HAS_PBKDF2) - HANDLE_TYPE_ONE_STRING("PBKDF2", PKCS5_PBKDF2); -#endif + if(algo_spec == "PBKDF2") + { + if(name.size() == 2) + return new PKCS5_PBKDF2(find_mac("HMAC(" + name[1] + ")")); + throw Invalid_Algorithm_Name(algo_spec); + } #if defined(BOTAN_HAS_PGPS2K) HANDLE_TYPE_ONE_STRING("OpenPGP-S2K", OpenPGP_S2K); diff --git a/src/core/rng.cpp b/src/core/rng.cpp index 9bed40dc1..37b03684c 100644 --- a/src/core/rng.cpp +++ b/src/core/rng.cpp @@ -4,6 +4,7 @@ *************************************************/ #include +#include #include #include #include @@ -82,7 +83,8 @@ RandomNumberGenerator* RandomNumberGenerator::make_rng() RandomNumberGenerator* rng = 0; #if defined(BOTAN_HAS_RANDPOOL) - rng = new Randpool("AES-256", "HMAC(SHA-256)"); + rng = new Randpool(get_block_cipher("AES-256"), + get_mac("HMAC(SHA-256)")); #if defined(BOTAN_HAS_X931_RNG) rng = new ANSI_X931_RNG("AES-256", rng); diff --git a/src/kdf/pbkdf2/pbkdf2.cpp b/src/kdf/pbkdf2/pbkdf2.cpp index 09d51d2a6..baa227526 100644 --- a/src/kdf/pbkdf2/pbkdf2.cpp +++ b/src/kdf/pbkdf2/pbkdf2.cpp @@ -5,8 +5,6 @@ #include #include -#include -#include #include namespace Botan { @@ -25,9 +23,7 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len, if(passphrase.length() == 0) throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid"); - HMAC hmac(hash_name); - - hmac.set_key(reinterpret_cast(passphrase.data()), + mac->set_key(reinterpret_cast(passphrase.data()), passphrase.length()); SecureVector key(key_len); @@ -37,19 +33,19 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len, u32bit counter = 1; while(key_len) { - u32bit T_size = std::min(hmac.OUTPUT_LENGTH, key_len); - SecureVector U(hmac.OUTPUT_LENGTH); + u32bit T_size = std::min(mac->OUTPUT_LENGTH, key_len); + SecureVector U(mac->OUTPUT_LENGTH); - hmac.update(salt, salt_size); + mac->update(salt, salt_size); for(u32bit j = 0; j != 4; ++j) - hmac.update(get_byte(j, counter)); - hmac.final(U); + mac->update(get_byte(j, counter)); + mac->final(U); xor_buf(T, U, T_size); for(u32bit j = 1; j != iterations; ++j) { - hmac.update(U); - hmac.final(U); + mac->update(U); + mac->final(U); xor_buf(T, U, T_size); } @@ -66,16 +62,19 @@ OctetString PKCS5_PBKDF2::derive(u32bit key_len, *************************************************/ std::string PKCS5_PBKDF2::name() const { - return "PBKDF2(" + hash_name + ")"; + return "PBKDF2(" + mac->name() + ")"; + } + +S2K* PKCS5_PBKDF2::clone() const + { + return new PKCS5_PBKDF2(mac->clone()); } /************************************************* * PKCS5_PBKDF2 Constructor * *************************************************/ -PKCS5_PBKDF2::PKCS5_PBKDF2(const std::string& h_name) : hash_name(h_name) - { - if(!have_hash(hash_name)) - throw Algorithm_Not_Found(hash_name); - } +PKCS5_PBKDF2::PKCS5_PBKDF2(MessageAuthenticationCode* m) : mac(m) {} + +PKCS5_PBKDF2::~PKCS5_PBKDF2() { delete mac; } } diff --git a/src/kdf/pbkdf2/pbkdf2.h b/src/kdf/pbkdf2/pbkdf2.h index dc6e41b9e..c0f0229ff 100644 --- a/src/kdf/pbkdf2/pbkdf2.h +++ b/src/kdf/pbkdf2/pbkdf2.h @@ -7,6 +7,7 @@ #define BOTAN_PBKDF2_H__ #include +#include namespace Botan { @@ -17,12 +18,15 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K { public: std::string name() const; - S2K* clone() const { return new PKCS5_PBKDF2(hash_name); } - PKCS5_PBKDF2(const std::string&); + S2K* clone() const; + + PKCS5_PBKDF2(MessageAuthenticationCode* m); + ~PKCS5_PBKDF2(); private: OctetString derive(u32bit, const std::string&, const byte[], u32bit, u32bit) const; - const std::string hash_name; + + MessageAuthenticationCode* mac; }; } diff --git a/src/kdf/tlsv1/prf_tls.cpp b/src/kdf/tlsv1/prf_tls.cpp index e035ac85e..8f7063f9f 100644 --- a/src/kdf/tlsv1/prf_tls.cpp +++ b/src/kdf/tlsv1/prf_tls.cpp @@ -4,12 +4,28 @@ *************************************************/ #include -#include #include #include +#include +#include namespace Botan { +/************************************************* +* TLS PRF Constructor and Destructor * +*************************************************/ +TLS_PRF::TLS_PRF() + { + hmac_md5 = new HMAC(new MD5); + hmac_sha1 = new HMAC(new SHA_160); + } + +TLS_PRF::~TLS_PRF() + { + delete hmac_md5; + delete hmac_sha1; + } + /************************************************* * TLS PRF * *************************************************/ @@ -23,8 +39,8 @@ SecureVector TLS_PRF::derive(u32bit key_len, const byte* S2 = secret + (secret_len - S2_len); SecureVector key1, key2; - key1 = P_hash("MD5", key_len, S1, S1_len, seed, seed_len); - key2 = P_hash("SHA-1", key_len, S2, S2_len, seed, seed_len); + key1 = P_hash(hmac_md5, key_len, S1, S1_len, seed, seed_len); + key2 = P_hash(hmac_sha1, key_len, S2, S2_len, seed, seed_len); xor_buf(key1.begin(), key2.begin(), key2.size()); @@ -34,25 +50,25 @@ SecureVector TLS_PRF::derive(u32bit key_len, /************************************************* * TLS PRF P_hash function * *************************************************/ -SecureVector TLS_PRF::P_hash(const std::string& hash, u32bit len, +SecureVector TLS_PRF::P_hash(MessageAuthenticationCode* mac, + u32bit len, const byte secret[], u32bit secret_len, - const byte seed[], u32bit seed_len) const + const byte seed[], u32bit seed_len) { SecureVector out; - HMAC hmac(hash); - hmac.set_key(secret, secret_len); + mac->set_key(secret, secret_len); SecureVector A(seed, seed_len); while(len) { - const u32bit this_block_len = std::min(hmac.OUTPUT_LENGTH, len); + const u32bit this_block_len = std::min(mac->OUTPUT_LENGTH, len); - A = hmac.process(A); + A = mac->process(A); - hmac.update(A); - hmac.update(seed, seed_len); - SecureVector block = hmac.final(); + mac->update(A); + mac->update(seed, seed_len); + SecureVector block = mac->final(); out.append(block, this_block_len); len -= this_block_len; diff --git a/src/kdf/tlsv1/prf_tls.h b/src/kdf/tlsv1/prf_tls.h index 7d7134740..9bd221ca4 100644 --- a/src/kdf/tlsv1/prf_tls.h +++ b/src/kdf/tlsv1/prf_tls.h @@ -7,6 +7,7 @@ #define BOTAN_TLS_PRF__ #include +#include namespace Botan { @@ -18,10 +19,17 @@ class BOTAN_DLL TLS_PRF : public KDF public: SecureVector derive(u32bit, const byte[], u32bit, const byte[], u32bit) const; + + TLS_PRF(); + ~TLS_PRF(); private: - SecureVector P_hash(const std::string&, u32bit, - const byte[], u32bit, - const byte[], u32bit) const; + static SecureVector P_hash(MessageAuthenticationCode*, + u32bit, + const byte[], u32bit, + const byte[], u32bit); + + MessageAuthenticationCode* hmac_md5; + MessageAuthenticationCode* hmac_sha1; }; } diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp index d5275b0ed..de9a3c17d 100644 --- a/src/mac/cbc_mac/cbc_mac.cpp +++ b/src/mac/cbc_mac/cbc_mac.cpp @@ -4,7 +4,6 @@ *************************************************/ #include -#include #include #include @@ -81,20 +80,19 @@ std::string CBC_MAC::name() const *************************************************/ MessageAuthenticationCode* CBC_MAC::clone() const { - return new CBC_MAC(e->name()); + return new CBC_MAC(e->clone()); } /************************************************* * CBC-MAC Constructor * *************************************************/ -CBC_MAC::CBC_MAC(const std::string& cipher) : - MessageAuthenticationCode(block_size_of(cipher), - min_keylength_of(cipher), - max_keylength_of(cipher), - keylength_multiple_of(cipher)), - state(block_size_of(cipher)) +CBC_MAC::CBC_MAC(BlockCipher* e_in) : + MessageAuthenticationCode(e_in->BLOCK_SIZE, + e_in->MINIMUM_KEYLENGTH, + e_in->MAXIMUM_KEYLENGTH, + e_in->KEYLENGTH_MULTIPLE), + e(e_in), state(e->BLOCK_SIZE) { - e = get_block_cipher(cipher); position = 0; } diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h index a5646d07a..9559751c8 100644 --- a/src/mac/cbc_mac/cbc_mac.h +++ b/src/mac/cbc_mac/cbc_mac.h @@ -19,7 +19,8 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode void clear() throw(); std::string name() const; MessageAuthenticationCode* clone() const; - CBC_MAC(const std::string&); + + CBC_MAC(BlockCipher* e); ~CBC_MAC(); private: void add_data(const byte[], u32bit); diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index d3110f9f2..937c15c63 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -149,4 +149,12 @@ CMAC::CMAC(BlockCipher* e_in) : position = 0; } +/************************************************* +* CMAC Destructor * +*************************************************/ +CMAC::~CMAC() + { + delete e; + } + } diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h index 0fe5b75f8..b8af593e3 100644 --- a/src/mac/cmac/cmac.h +++ b/src/mac/cmac/cmac.h @@ -24,7 +24,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode byte polynomial); CMAC(BlockCipher* e); - ~CMAC() { delete e; } + ~CMAC(); private: void add_data(const byte[], u32bit); void final_result(byte[]); diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index b8c76e8f6..6401b0000 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -5,7 +5,6 @@ *************************************************/ #include -#include #include namespace Botan { @@ -77,19 +76,20 @@ std::string HMAC::name() const *************************************************/ MessageAuthenticationCode* HMAC::clone() const { - return new HMAC(hash->name()); + return new HMAC(hash->clone()); } /************************************************* * HMAC Constructor * *************************************************/ -HMAC::HMAC(const std::string& hash_name) : - MessageAuthenticationCode(output_length_of(hash_name), - 1, 2*block_size_of(hash_name)), - hash(get_hash(hash_name)) +HMAC::HMAC(HashFunction* hash_in) : + MessageAuthenticationCode(hash_in->OUTPUT_LENGTH, + 1, 2*hash_in->HASH_BLOCK_SIZE), + hash(hash_in) { if(hash->HASH_BLOCK_SIZE == 0) throw Invalid_Argument("HMAC cannot be used with " + hash->name()); + i_key.create(hash->HASH_BLOCK_SIZE); o_key.create(hash->HASH_BLOCK_SIZE); } diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h index 62529cf13..67ebc4190 100644 --- a/src/mac/hmac/hmac.h +++ b/src/mac/hmac/hmac.h @@ -19,7 +19,8 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode void clear() throw(); std::string name() const; MessageAuthenticationCode* clone() const; - HMAC(const std::string&); + + HMAC(HashFunction* hash); ~HMAC() { delete hash; } private: void add_data(const byte[], u32bit); diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp index b0c505939..12e9cca01 100644 --- a/src/pk_pad/emsa1/emsa1.cpp +++ b/src/pk_pad/emsa1/emsa1.cpp @@ -4,7 +4,6 @@ *************************************************/ #include -#include namespace Botan { diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 69ef3b9e7..d7d1763ec 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -4,7 +4,6 @@ *************************************************/ #include -#include #include #include #include @@ -180,13 +179,15 @@ std::string Randpool::name() const /************************************************* * Randpool Constructor * *************************************************/ -Randpool::Randpool(const std::string& cipher_name, - const std::string& mac_name) : - ITERATIONS_BEFORE_RESEED(128), POOL_BLOCKS(32) +Randpool::Randpool(BlockCipher* cipher_in, + MessageAuthenticationCode* mac_in, + u32bit pool_blocks, + u32bit iter_before_reseed) : + ITERATIONS_BEFORE_RESEED(iter_before_reseed), + POOL_BLOCKS(pool_blocks), + cipher(cipher_in), + mac(mac_in) { - cipher = get_block_cipher(cipher_name); - mac = get_mac(mac_name); - const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE; const u32bit OUTPUT_LENGTH = mac->OUTPUT_LENGTH; @@ -197,7 +198,7 @@ Randpool::Randpool(const std::string& cipher_name, delete cipher; delete mac; throw Internal_Error("Randpool: Invalid algorithm combination " + - cipher_name + "/" + mac_name); + cipher->name() + "/" + mac->name()); } buffer.create(BLOCK_SIZE); diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h index b68dec765..16ffcefd6 100644 --- a/src/rng/randpool/randpool.h +++ b/src/rng/randpool/randpool.h @@ -27,13 +27,16 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator void add_entropy_source(EntropySource*); void add_entropy(const byte[], u32bit); - Randpool(const std::string&, const std::string&); + Randpool(BlockCipher*, MessageAuthenticationCode*, + u32bit pool_blocks = 32, + u32bit iterations_before_reseed = 128); + ~Randpool(); private: void update_buffer(); void mix_pool(); - const u32bit ITERATIONS_BEFORE_RESEED, POOL_BLOCKS; + u32bit ITERATIONS_BEFORE_RESEED, POOL_BLOCKS; BlockCipher* cipher; MessageAuthenticationCode* mac; -- cgit v1.2.3