From c691561f3198f481c13457433efbccc1c9fcd898 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 18 May 2012 20:32:36 +0000 Subject: Fairly huge update that replaces the old secmem types with std::vector using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed. --- src/block/seed/seed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/block/seed/seed.cpp') diff --git a/src/block/seed/seed.cpp b/src/block/seed/seed.cpp index 408220013..40deb18bc 100644 --- a/src/block/seed/seed.cpp +++ b/src/block/seed/seed.cpp @@ -111,7 +111,7 @@ void SEED::key_schedule(const byte key[], size_t) 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B }; - SecureVector WK(4); + secure_vector WK(4); for(size_t i = 0; i != 4; ++i) WK[i] = load_be(key, i); -- cgit v1.2.3 From 113f4035f41cf3152832e1753d28b79a7ea811a4 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 25 May 2012 02:11:10 +0000 Subject: For block and stream ciphers, don't set the size of the key vectors until we are actually setting a key. This avoids the problem of prototype objects consuming not just memory but the precious few bytes of mlock'able memory that we're given by Linux. Use clear_mem instead of a loop in BigInt::mask_bits If OS2ECP encounters an invalid format type, include what type it was in the exception message. --- src/alloc/locking_allocator/locking_allocator.cpp | 8 +++ src/block/aes/aes.cpp | 3 ++ src/block/aes/aes.h | 6 --- src/block/aes_ssse3/aes_ssse3.cpp | 9 ++++ src/block/aes_ssse3/aes_ssse3.h | 6 --- src/block/blowfish/blowfish.cpp | 17 +++++-- src/block/blowfish/blowfish.h | 5 +- src/block/cast/cast128.cpp | 22 +++++---- src/block/cast/cast128.h | 6 +-- src/block/cast/cast256.cpp | 59 ++++++++++++----------- src/block/cast/cast256.h | 4 +- src/block/des/des.cpp | 2 + src/block/des/des.h | 6 +-- src/block/des/desx.h | 4 +- src/block/gost_28147/gost_28147.cpp | 4 +- src/block/gost_28147/gost_28147.h | 11 +++-- src/block/idea/idea.cpp | 3 ++ src/block/idea/idea.h | 5 +- src/block/kasumi/kasumi.cpp | 2 + src/block/kasumi/kasumi.h | 4 +- src/block/lion/lion.cpp | 4 +- src/block/lubyrack/lubyrack.cpp | 10 ++-- src/block/mars/mars.cpp | 2 + src/block/mars/mars.h | 4 +- src/block/misty1/misty1.cpp | 5 +- src/block/misty1/misty1.h | 2 +- src/block/noekeon/noekeon.cpp | 6 ++- src/block/noekeon/noekeon.h | 2 - src/block/rc2/rc2.cpp | 1 + src/block/rc2/rc2.h | 4 +- src/block/rc5/rc5.cpp | 12 ++--- src/block/rc5/rc5.h | 7 ++- src/block/rc6/rc6.cpp | 2 + src/block/rc6/rc6.h | 4 +- src/block/safer/safer_sk.cpp | 16 +++--- src/block/safer/safer_sk.h | 4 +- src/block/seed/seed.cpp | 2 + src/block/seed/seed.h | 4 +- src/block/serpent/serpent.h | 4 +- src/block/skipjack/skipjack.cpp | 3 +- src/block/skipjack/skipjack.h | 2 - src/block/square/square.cpp | 18 +++---- src/block/square/square.h | 2 - src/block/tea/tea.cpp | 1 + src/block/tea/tea.h | 4 +- src/block/twofish/twofish.cpp | 7 ++- src/block/twofish/twofish.h | 2 - src/block/xtea/xtea.cpp | 2 + src/block/xtea/xtea.h | 4 +- src/math/bigint/bigint.cpp | 3 +- src/math/ec_gfp/point_gfp.cpp | 2 +- src/stream/arc4/arc4.cpp | 16 +++--- src/stream/salsa20/salsa20.cpp | 9 ++-- src/stream/salsa20/salsa20.h | 2 - src/stream/turing/turing.cpp | 20 +++++--- src/stream/turing/turing.h | 3 -- src/stream/wid_wake/wid_wake.cpp | 13 +++-- src/stream/wid_wake/wid_wake.h | 4 -- 58 files changed, 205 insertions(+), 193 deletions(-) (limited to 'src/block/seed/seed.cpp') diff --git a/src/alloc/locking_allocator/locking_allocator.cpp b/src/alloc/locking_allocator/locking_allocator.cpp index cb7aab08c..bb1b6abcf 100644 --- a/src/alloc/locking_allocator/locking_allocator.cpp +++ b/src/alloc/locking_allocator/locking_allocator.cpp @@ -28,6 +28,14 @@ size_t mlock_limit() ::getrlimit(RLIMIT_MEMLOCK, &limits); } + /* + * Linux defaults to only 64 KiB of mlockable memory per process + * (too small) but BSDs offer a small fraction of total RAM (more + * than we need). Bound the total mlock size to 256 KiB which is + * enough to run the entire test suite without spilling to non-mlock + * memory, but small enough that we should not cause problems if + * multiple processes are mlocking on the same machine. + */ return std::min(limits.rlim_cur, 256*1024); } diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 42db7abae..6a706fd24 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -659,6 +659,9 @@ void aes_key_schedule(const byte key[], size_t length, TD[SE[get_byte(2, XDK[i])] + 512] ^ TD[SE[get_byte(3, XDK[i])] + 768]; + ME.resize(16); + MD.resize(16); + for(size_t i = 0; i != 4; ++i) { store_be(XEK[i+4*rounds], &ME[4*i]); diff --git a/src/block/aes/aes.h b/src/block/aes/aes.h index f6f683bf9..5ddd39b08 100644 --- a/src/block/aes/aes.h +++ b/src/block/aes/aes.h @@ -18,8 +18,6 @@ namespace Botan { class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> { public: - AES_128() : EK(40), DK(40), ME(16), MD(16) {} - void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -40,8 +38,6 @@ class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> { public: - AES_192() : EK(48), DK(48), ME(16), MD(16) {} - void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; @@ -62,8 +58,6 @@ class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> { public: - AES_256() : EK(56), DK(56), ME(16), MD(16) {} - void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; diff --git a/src/block/aes_ssse3/aes_ssse3.cpp b/src/block/aes_ssse3/aes_ssse3.cpp index a9ab29863..648f96d67 100644 --- a/src/block/aes_ssse3/aes_ssse3.cpp +++ b/src/block/aes_ssse3/aes_ssse3.cpp @@ -378,6 +378,9 @@ void AES_128_SSSE3::key_schedule(const byte keyb[], size_t) __m128i key = _mm_loadu_si128(reinterpret_cast(keyb)); + EK.resize(11*4); + DK.resize(11*4); + __m128i* EK_mm = reinterpret_cast<__m128i*>(&EK[0]); __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); @@ -445,6 +448,9 @@ void AES_192_SSSE3::key_schedule(const byte keyb[], size_t) __m128i rcon = _mm_set_epi32(0x702A9808, 0x4D7C7D81, 0x1F8391B9, 0xAF9DEEB6); + EK.resize(13*4); + DK.resize(13*4); + __m128i* EK_mm = reinterpret_cast<__m128i*>(&EK[0]); __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); @@ -544,6 +550,9 @@ void AES_256_SSSE3::key_schedule(const byte keyb[], size_t) __m128i rcon = _mm_set_epi32(0x702A9808, 0x4D7C7D81, 0x1F8391B9, 0xAF9DEEB6); + EK.resize(15*4); + DK.resize(15*4); + __m128i* EK_mm = reinterpret_cast<__m128i*>(&EK[0]); __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 3d7c16f42..46bae1450 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -24,8 +24,6 @@ class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128_SSSE3; } - - AES_128_SSSE3() : EK(44), DK(44) {} private: void key_schedule(const byte[], size_t); @@ -44,8 +42,6 @@ class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192_SSSE3; } - - AES_192_SSSE3() : EK(52), DK(52) {} private: void key_schedule(const byte[], size_t); @@ -64,8 +60,6 @@ class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256_SSSE3; } - - AES_256_SSSE3() : EK(60), DK(60) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/blowfish/blowfish.cpp b/src/block/blowfish/blowfish.cpp index 9f5ac1724..c224f479b 100644 --- a/src/block/blowfish/blowfish.cpp +++ b/src/block/blowfish/blowfish.cpp @@ -85,7 +85,11 @@ void Blowfish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Blowfish::key_schedule(const byte key[], size_t length) { - clear(); + P.resize(18); + std::copy(P_INIT, P_INIT + 18, P.begin()); + + S.resize(1024); + std::copy(S_INIT, S_INIT + 1024, S.begin()); const byte null_salt[16] = { 0 }; @@ -125,12 +129,15 @@ void Blowfish::eks_key_schedule(const byte key[], size_t length, if(workfactor > 18) throw std::invalid_argument("Requested Bcrypt work factor too large"); - clear(); + P.resize(18); + std::copy(P_INIT, P_INIT + 18, P.begin()); - const byte null_salt[16] = { 0 }; + S.resize(1024); + std::copy(S_INIT, S_INIT + 1024, S.begin()); key_expansion(key, length, salt); + const byte null_salt[16] = { 0 }; const size_t rounds = 1 << workfactor; for(size_t r = 0; r != rounds; ++r) @@ -180,8 +187,8 @@ void Blowfish::generate_sbox(secure_vector& box, */ void Blowfish::clear() { - std::copy(P_INIT, P_INIT + 18, P.begin()); - std::copy(S_INIT, S_INIT + 1024, S.begin()); + P.clear(); + S.clear(); } } diff --git a/src/block/blowfish/blowfish.h b/src/block/blowfish/blowfish.h index 5bec4b231..cdf65f285 100644 --- a/src/block/blowfish/blowfish.h +++ b/src/block/blowfish/blowfish.h @@ -30,8 +30,6 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> void clear(); std::string name() const { return "Blowfish"; } BlockCipher* clone() const { return new Blowfish; } - - Blowfish() : S(1024), P(18) {} private: void key_schedule(const byte key[], size_t length); @@ -47,8 +45,7 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> static const u32bit P_INIT[18]; static const u32bit S_INIT[1024]; - secure_vector S; - secure_vector P; + secure_vector S, P; }; } diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp index 8fae4040d..d64523c8b 100644 --- a/src/block/cast/cast128.cpp +++ b/src/block/cast/cast128.cpp @@ -16,7 +16,7 @@ namespace { /* * CAST-128 Round Type 1 */ -inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R1(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK + R, RK); L ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - @@ -26,7 +26,7 @@ inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK) /* * CAST-128 Round Type 2 */ -inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R2(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK ^ R, RK); L ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + @@ -36,7 +36,7 @@ inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK) /* * CAST-128 Round Type 3 */ -inline void R3(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R3(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK - R, RK); L ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ @@ -118,16 +118,20 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_128::key_schedule(const byte key[], size_t length) { - clear(); + MK.resize(48); + RK.resize(48); + secure_vector X(4); - for(size_t j = 0; j != length; ++j) - X[j/4] = (X[j/4] << 8) + key[j]; + for(size_t i = 0; i != length; ++i) + X[i/4] = (X[i/4] << 8) + key[i]; cast_ks(MK, X); - cast_ks(RK, X); - for(size_t j = 0; j != 16; ++j) - RK[j] %= 32; + secure_vector RK32(48); + cast_ks(RK32, X); + + for(size_t i = 0; i != 16; ++i) + RK[i] = RK32[i] % 32; } /* diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 15efc8132..f3f23b14a 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -21,11 +21,10 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(MK); zeroise(RK); } + void clear() { MK.clear(); RK.clear(); } std::string name() const { return "CAST-128"; } BlockCipher* clone() const { return new CAST_128; } - CAST_128() : MK(16), RK(16) {} private: void key_schedule(const byte[], size_t); @@ -37,7 +36,8 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> static const u32bit S7[256]; static const u32bit S8[256]; - secure_vector MK, RK; + secure_vector MK; + secure_vector RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp index 00e0fbd30..9476d3faf 100644 --- a/src/block/cast/cast256.cpp +++ b/src/block/cast/cast256.cpp @@ -138,40 +138,43 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_256::key_schedule(const byte key[], size_t length) { + MK.resize(48); + RK.resize(48); + secure_vector K(8); - for(size_t j = 0; j != length; ++j) - K[j/4] = (K[j/4] << 8) + key[j]; + for(size_t i = 0; i != length; ++i) + K[i/4] = (K[i/4] << 8) + key[i]; u32bit A = K[0], B = K[1], C = K[2], D = K[3], E = K[4], F = K[5], G = K[6], H = K[7]; - for(size_t j = 0; j != 48; j += 4) + for(size_t i = 0; i != 48; i += 4) { - round1(G, H, KEY_MASK[4*j+ 0], KEY_ROT[(4*j+ 0) % 32]); - round2(F, G, KEY_MASK[4*j+ 1], KEY_ROT[(4*j+ 1) % 32]); - round3(E, F, KEY_MASK[4*j+ 2], KEY_ROT[(4*j+ 2) % 32]); - round1(D, E, KEY_MASK[4*j+ 3], KEY_ROT[(4*j+ 3) % 32]); - round2(C, D, KEY_MASK[4*j+ 4], KEY_ROT[(4*j+ 4) % 32]); - round3(B, C, KEY_MASK[4*j+ 5], KEY_ROT[(4*j+ 5) % 32]); - round1(A, B, KEY_MASK[4*j+ 6], KEY_ROT[(4*j+ 6) % 32]); - round2(H, A, KEY_MASK[4*j+ 7], KEY_ROT[(4*j+ 7) % 32]); - round1(G, H, KEY_MASK[4*j+ 8], KEY_ROT[(4*j+ 8) % 32]); - round2(F, G, KEY_MASK[4*j+ 9], KEY_ROT[(4*j+ 9) % 32]); - round3(E, F, KEY_MASK[4*j+10], KEY_ROT[(4*j+10) % 32]); - round1(D, E, KEY_MASK[4*j+11], KEY_ROT[(4*j+11) % 32]); - round2(C, D, KEY_MASK[4*j+12], KEY_ROT[(4*j+12) % 32]); - round3(B, C, KEY_MASK[4*j+13], KEY_ROT[(4*j+13) % 32]); - round1(A, B, KEY_MASK[4*j+14], KEY_ROT[(4*j+14) % 32]); - round2(H, A, KEY_MASK[4*j+15], KEY_ROT[(4*j+15) % 32]); - - RK[j ] = (A % 32); - RK[j+1] = (C % 32); - RK[j+2] = (E % 32); - RK[j+3] = (G % 32); - MK[j ] = H; - MK[j+1] = F; - MK[j+2] = D; - MK[j+3] = B; + round1(G, H, KEY_MASK[4*i+ 0], KEY_ROT[(4*i+ 0) % 32]); + round2(F, G, KEY_MASK[4*i+ 1], KEY_ROT[(4*i+ 1) % 32]); + round3(E, F, KEY_MASK[4*i+ 2], KEY_ROT[(4*i+ 2) % 32]); + round1(D, E, KEY_MASK[4*i+ 3], KEY_ROT[(4*i+ 3) % 32]); + round2(C, D, KEY_MASK[4*i+ 4], KEY_ROT[(4*i+ 4) % 32]); + round3(B, C, KEY_MASK[4*i+ 5], KEY_ROT[(4*i+ 5) % 32]); + round1(A, B, KEY_MASK[4*i+ 6], KEY_ROT[(4*i+ 6) % 32]); + round2(H, A, KEY_MASK[4*i+ 7], KEY_ROT[(4*i+ 7) % 32]); + round1(G, H, KEY_MASK[4*i+ 8], KEY_ROT[(4*i+ 8) % 32]); + round2(F, G, KEY_MASK[4*i+ 9], KEY_ROT[(4*i+ 9) % 32]); + round3(E, F, KEY_MASK[4*i+10], KEY_ROT[(4*i+10) % 32]); + round1(D, E, KEY_MASK[4*i+11], KEY_ROT[(4*i+11) % 32]); + round2(C, D, KEY_MASK[4*i+12], KEY_ROT[(4*i+12) % 32]); + round3(B, C, KEY_MASK[4*i+13], KEY_ROT[(4*i+13) % 32]); + round1(A, B, KEY_MASK[4*i+14], KEY_ROT[(4*i+14) % 32]); + round2(H, A, KEY_MASK[4*i+15], KEY_ROT[(4*i+15) % 32]); + + RK[i ] = (A % 32); + RK[i+1] = (C % 32); + RK[i+2] = (E % 32); + RK[i+3] = (G % 32); + MK[i ] = H; + MK[i+1] = F; + MK[i+2] = D; + MK[i+3] = B; } } diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 11c5117a3..4f31f187d 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -21,11 +21,9 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(MK); zeroise(RK); } + void clear() { MK.clear(); RK.clear(); } std::string name() const { return "CAST-256"; } BlockCipher* clone() const { return new CAST_256; } - - CAST_256() : MK(48), RK(48) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/des/des.cpp b/src/block/des/des.cpp index c500e9bab..2f0a3635d 100644 --- a/src/block/des/des.cpp +++ b/src/block/des/des.cpp @@ -206,6 +206,7 @@ void DES::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void DES::key_schedule(const byte key[], size_t) { + round_key.resize(32); des_key_schedule(&round_key[0], key); } @@ -280,6 +281,7 @@ void TripleDES::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void TripleDES::key_schedule(const byte key[], size_t length) { + round_key.resize(3*32); des_key_schedule(&round_key[0], key); des_key_schedule(&round_key[32], key + 8); diff --git a/src/block/des/des.h b/src/block/des/des.h index 711efb16d..fc42cfee5 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -21,11 +21,9 @@ class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(round_key); } + void clear() { round_key.clear(); } std::string name() const { return "DES"; } BlockCipher* clone() const { return new DES; } - - DES() : round_key(32) {} private: void key_schedule(const byte[], size_t); @@ -41,7 +39,7 @@ class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(round_key); } + void clear() { round_key.clear(); } std::string name() const { return "TripleDES"; } BlockCipher* clone() const { return new TripleDES; } diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 1fe8b000c..4ff41328f 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -21,11 +21,9 @@ class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { des.clear(); zeroise(K1); zeroise(K2); } + void clear() { des.clear(); K1.clear(); K2.clear(); } std::string name() const { return "DESX"; } BlockCipher* clone() const { return new DESX; } - - DESX() : K1(8), K2(8) {} private: void key_schedule(const byte[], size_t); secure_vector K1, K2; diff --git a/src/block/gost_28147/gost_28147.cpp b/src/block/gost_28147/gost_28147.cpp index d4a9faa40..db144a81f 100644 --- a/src/block/gost_28147/gost_28147.cpp +++ b/src/block/gost_28147/gost_28147.cpp @@ -51,8 +51,7 @@ GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : name(n) /* * GOST Constructor */ -GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : - SBOX(1024), EK(8) +GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : SBOX(1024) { // Convert the parallel 4x4 sboxes into larger word-based sboxes for(size_t i = 0; i != 4; ++i) @@ -165,6 +164,7 @@ void GOST_28147_89::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void GOST_28147_89::key_schedule(const byte key[], size_t) { + EK.resize(8); for(size_t i = 0; i != 8; ++i) EK[i] = load_le(key, i); } diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index a4a13b827..7c77fea06 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -55,7 +55,7 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); } + void clear() { EK.clear(); } std::string name() const; BlockCipher* clone() const { return new GOST_28147_89(SBOX); } @@ -65,12 +65,17 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> */ GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const secure_vector& other_SBOX) : + GOST_28147_89(const std::vector& other_SBOX) : SBOX(other_SBOX), EK(8) {} void key_schedule(const byte[], size_t); - secure_vector SBOX; + /* + * The sbox is not secret, this is just a larger expansion of it + * which we generate at runtime for faster execution + */ + std::vector SBOX; + secure_vector EK; }; diff --git a/src/block/idea/idea.cpp b/src/block/idea/idea.cpp index f9b6cc874..15062abdf 100644 --- a/src/block/idea/idea.cpp +++ b/src/block/idea/idea.cpp @@ -124,6 +124,9 @@ void IDEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void IDEA::key_schedule(const byte key[], size_t) { + EK.resize(52); + DK.resize(52); + for(size_t i = 0; i != 8; ++i) EK[i] = load_be(key, i); diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index f3f0ce1bc..03ecb1f03 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -21,11 +21,9 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); zeroise(DK); } + void clear() { EK.clear(); DK.clear(); } std::string name() const { return "IDEA"; } BlockCipher* clone() const { return new IDEA; } - - IDEA() : EK(52), DK(52) {} protected: /** * @return const reference to encryption subkeys @@ -39,6 +37,7 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); + secure_vector EK, DK; }; diff --git a/src/block/kasumi/kasumi.cpp b/src/block/kasumi/kasumi.cpp index d3894789d..ae21338c6 100644 --- a/src/block/kasumi/kasumi.cpp +++ b/src/block/kasumi/kasumi.cpp @@ -211,6 +211,8 @@ void KASUMI::key_schedule(const byte key[], size_t) K[i+8] = K[i] ^ RC[i]; } + EK.resize(64); + for(size_t i = 0; i != 8; ++i) { EK[8*i ] = rotate_left(K[(i+0) % 8 ], 2); diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index f3dd7e0c7..571085612 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -21,11 +21,9 @@ class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); } + void clear() { EK.clear(); } std::string name() const { return "KASUMI"; } BlockCipher* clone() const { return new KASUMI; } - - KASUMI() : EK(64) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index 778b55be0..9026f194a 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -99,10 +99,10 @@ BlockCipher* Lion::clone() const */ void Lion::clear() { + key1.clear(); + key2.clear(); hash->clear(); cipher->clear(); - zeroise(key1); - zeroise(key2); } /* diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index 2fe4c87bf..77f2a7542 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -89,10 +89,8 @@ void LubyRackoff::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void LubyRackoff::key_schedule(const byte key[], size_t length) { - K1.resize(length / 2); - K2.resize(length / 2); - copy_mem(&K1[0], key , length / 2); - copy_mem(&K2[0], key + length / 2, length / 2); + K1.assign(key, key + (length / 2)); + K2.assign(key + (length / 2), key + length); } /* @@ -100,8 +98,8 @@ void LubyRackoff::key_schedule(const byte key[], size_t length) */ void LubyRackoff::clear() { - zeroise(K1); - zeroise(K2); + K1.clear(); + K2.clear(); hash->clear(); } diff --git a/src/block/mars/mars.cpp b/src/block/mars/mars.cpp index 64ece83ab..5badc40cc 100644 --- a/src/block/mars/mars.cpp +++ b/src/block/mars/mars.cpp @@ -326,6 +326,8 @@ void MARS::key_schedule(const byte key[], size_t length) T[length / 4] = static_cast(length) / 4; + EK.resize(40); + for(u32bit i = 0; i != 4; ++i) { T[ 0] ^= rotate_left(T[ 8] ^ T[13], 3) ^ (i ); diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index fc732ae10..488ea1b83 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -21,11 +21,9 @@ class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); } + void clear() { EK.clear(); } std::string name() const { return "MARS"; } BlockCipher* clone() const { return new MARS; } - - MARS() : EK(40) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/misty1/misty1.cpp b/src/block/misty1/misty1.cpp index 64298ee92..97f1e0341 100644 --- a/src/block/misty1/misty1.cpp +++ b/src/block/misty1/misty1.cpp @@ -241,6 +241,9 @@ void MISTY1::key_schedule(const byte key[], size_t length) 0x1C, 0x05, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13, 0x1B, 0x04, 0x04, 0x0A, 0x0E, 0x00 }; + EK.resize(100); + DK.resize(100); + for(size_t i = 0; i != 100; ++i) { EK[i] = KS[EK_ORDER[i]]; @@ -251,7 +254,7 @@ void MISTY1::key_schedule(const byte key[], size_t length) /* * MISTY1 Constructor */ -MISTY1::MISTY1(size_t rounds) : EK(100), DK(100) +MISTY1::MISTY1(size_t rounds) { if(rounds != 8) throw Invalid_Argument("MISTY1: Invalid number of rounds: " diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index a4bfa14b3..81324a0b2 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -21,7 +21,7 @@ class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); zeroise(DK); } + void clear() { EK.clear(); DK.clear(); } std::string name() const { return "MISTY1"; } BlockCipher* clone() const { return new MISTY1; } diff --git a/src/block/noekeon/noekeon.cpp b/src/block/noekeon/noekeon.cpp index 06c415be9..3929d57d1 100644 --- a/src/block/noekeon/noekeon.cpp +++ b/src/block/noekeon/noekeon.cpp @@ -185,6 +185,7 @@ void Noekeon::key_schedule(const byte key[], size_t) A0 ^= RC[16]; + DK.resize(4); DK[0] = A0; DK[1] = A1; DK[2] = A2; @@ -192,6 +193,7 @@ void Noekeon::key_schedule(const byte key[], size_t) theta(A0, A1, A2, A3); + EK.resize(4); EK[0] = A0; EK[1] = A1; EK[2] = A2; @@ -203,8 +205,8 @@ void Noekeon::key_schedule(const byte key[], size_t) */ void Noekeon::clear() { - zeroise(EK); - zeroise(DK); + EK.clear(); + DK.clear(); } } diff --git a/src/block/noekeon/noekeon.h b/src/block/noekeon/noekeon.h index 8bcff64c9..108b34cd6 100644 --- a/src/block/noekeon/noekeon.h +++ b/src/block/noekeon/noekeon.h @@ -24,8 +24,6 @@ class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> void clear(); std::string name() const { return "Noekeon"; } BlockCipher* clone() const { return new Noekeon; } - - Noekeon() : EK(4), DK(4) {} protected: /** * The Noekeon round constants diff --git a/src/block/rc2/rc2.cpp b/src/block/rc2/rc2.cpp index 98e76ecfc..548c2f095 100644 --- a/src/block/rc2/rc2.cpp +++ b/src/block/rc2/rc2.cpp @@ -135,6 +135,7 @@ void RC2::key_schedule(const byte key[], size_t length) for(s32bit i = 127-length; i >= 0; --i) L[i] = TABLE[L[i+1] ^ L[i+length]]; + K.resize(64); load_le(&K[0], &L[0], 64); } diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index dc78b06fc..223c48792 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -28,11 +28,9 @@ class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> */ static byte EKB_code(size_t bits); - void clear() { zeroise(K); } + void clear() { K.clear(); } std::string name() const { return "RC2"; } BlockCipher* clone() const { return new RC2; } - - RC2() : K(64) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/rc5/rc5.cpp b/src/block/rc5/rc5.cpp index 1ac421996..fe558076a 100644 --- a/src/block/rc5/rc5.cpp +++ b/src/block/rc5/rc5.cpp @@ -18,8 +18,6 @@ namespace Botan { */ void RC5::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const size_t rounds = (S.size() - 2) / 2; - for(size_t i = 0; i != blocks; ++i) { u32bit A = load_le(in, 0); @@ -53,8 +51,6 @@ void RC5::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void RC5::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const size_t rounds = (S.size() - 2) / 2; - for(size_t i = 0; i != blocks; ++i) { u32bit A = load_le(in, 0); @@ -88,6 +84,8 @@ void RC5::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void RC5::key_schedule(const byte key[], size_t length) { + S.resize(2*rounds + 2); + const size_t WORD_KEYLENGTH = (((length - 1) / 4) + 1); const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, S.size()); @@ -116,19 +114,17 @@ void RC5::key_schedule(const byte key[], size_t length) */ std::string RC5::name() const { - return "RC5(" + std::to_string(get_rounds()) + ")"; + return "RC5(" + std::to_string(rounds) + ")"; } /* * RC5 Constructor */ -RC5::RC5(size_t rounds) +RC5::RC5(size_t r) : rounds(r) { if(rounds < 8 || rounds > 32 || (rounds % 4 != 0)) throw Invalid_Argument("RC5: Invalid number of rounds " + std::to_string(rounds)); - - S.resize(2*rounds + 2); } } diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index bf059a996..2279260a3 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -21,9 +21,9 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(S); } + void clear() { S.clear(); } std::string name() const; - BlockCipher* clone() const { return new RC5(get_rounds()); } + BlockCipher* clone() const { return new RC5(rounds); } /** * @param rounds the number of RC5 rounds to run. Must be between @@ -31,10 +31,9 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> */ RC5(size_t rounds); private: - size_t get_rounds() const { return (S.size() - 2) / 2; } - void key_schedule(const byte[], size_t); + size_t rounds; secure_vector S; }; diff --git a/src/block/rc6/rc6.cpp b/src/block/rc6/rc6.cpp index 42d00878f..5a6c1091d 100644 --- a/src/block/rc6/rc6.cpp +++ b/src/block/rc6/rc6.cpp @@ -113,6 +113,8 @@ void RC6::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void RC6::key_schedule(const byte key[], size_t length) { + S.resize(44); + const size_t WORD_KEYLENGTH = (((length - 1) / 4) + 1); const size_t MIX_ROUNDS = 3 * std::max(WORD_KEYLENGTH, S.size()); diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index d3270daf7..e30a267e6 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -21,11 +21,9 @@ class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(S); } + void clear() { S.clear(); } std::string name() const { return "RC6"; } BlockCipher* clone() const { return new RC6; } - - RC6() : S(44) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/safer/safer_sk.cpp b/src/block/safer/safer_sk.cpp index f5fe4edd7..1b79b3c2c 100644 --- a/src/block/safer/safer_sk.cpp +++ b/src/block/safer/safer_sk.cpp @@ -90,8 +90,6 @@ const byte LOG[512] = { */ void SAFER_SK::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const size_t rounds = get_rounds(); - for(size_t i = 0; i != blocks; ++i) { byte A = in[0], B = in[1], C = in[2], D = in[3], @@ -128,8 +126,6 @@ void SAFER_SK::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void SAFER_SK::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const size_t rounds = get_rounds(); - for(size_t i = 0; i != blocks; ++i) { byte A = in[0], B = in[1], C = in[2], D = in[3], @@ -208,6 +204,8 @@ void SAFER_SK::key_schedule(const byte key[], size_t) 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; + EK.resize(16 * rounds + 8); + secure_vector KB(18); for(size_t i = 0; i != 8; ++i) @@ -216,7 +214,7 @@ void SAFER_SK::key_schedule(const byte key[], size_t) KB[17] ^= KB[i+9] = EK[i] = key[i+8]; } - for(size_t i = 0; i != get_rounds(); ++i) + for(size_t i = 0; i != rounds; ++i) { for(size_t j = 0; j != 18; ++j) KB[j] = rotate_left(KB[j], 6); @@ -230,7 +228,7 @@ void SAFER_SK::key_schedule(const byte key[], size_t) */ std::string SAFER_SK::name() const { - return "SAFER-SK(" + std::to_string(get_rounds()) + ")"; + return "SAFER-SK(" + std::to_string(rounds) + ")"; } /* @@ -238,18 +236,16 @@ std::string SAFER_SK::name() const */ BlockCipher* SAFER_SK::clone() const { - return new SAFER_SK(get_rounds()); + return new SAFER_SK(rounds); } /* * SAFER-SK Constructor */ -SAFER_SK::SAFER_SK(size_t rounds) +SAFER_SK::SAFER_SK(size_t r) : rounds(r) { if(rounds > 13 || rounds == 0) throw Invalid_Argument(name() + ": Invalid number of rounds"); - - EK.resize(16 * rounds + 8); } } diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index cf8ad90f7..dfe226652 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -21,7 +21,7 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); } + void clear() { EK.clear(); } std::string name() const; BlockCipher* clone() const; @@ -31,9 +31,9 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> */ SAFER_SK(size_t rounds); private: - size_t get_rounds() const { return (EK.size() - 8) / 16; } void key_schedule(const byte[], size_t); + size_t rounds; secure_vector EK; }; diff --git a/src/block/seed/seed.cpp b/src/block/seed/seed.cpp index 40deb18bc..fb8708214 100644 --- a/src/block/seed/seed.cpp +++ b/src/block/seed/seed.cpp @@ -118,6 +118,8 @@ void SEED::key_schedule(const byte key[], size_t) G_FUNC G; + K.resize(32); + for(size_t i = 0; i != 16; i += 2) { K[2*i ] = G(WK[0] + WK[2] - RC[i]); diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index d5476de82..95dab758d 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -21,11 +21,9 @@ class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(K); } + void clear() { K.clear(); } std::string name() const { return "SEED"; } BlockCipher* clone() const { return new SEED; } - - SEED() : K(32) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index 6191e50d7..9e5abcf35 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -21,11 +21,9 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(round_key); } + void clear() { round_key.clear(); } std::string name() const { return "Serpent"; } BlockCipher* clone() const { return new Serpent; } - - Serpent() : round_key(132) {} protected: /** * For use by subclasses using SIMD, asm, etc diff --git a/src/block/skipjack/skipjack.cpp b/src/block/skipjack/skipjack.cpp index b73972b59..fb9916092 100644 --- a/src/block/skipjack/skipjack.cpp +++ b/src/block/skipjack/skipjack.cpp @@ -183,6 +183,7 @@ void Skipjack::key_schedule(const byte key[], size_t) 0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3, 0xBD, 0xA8, 0x3A, 0x01, 0x05, 0x59, 0x2A, 0x46 }; + FTAB.resize(256*10); for(size_t i = 0; i != 10; ++i) for(size_t j = 0; j != 256; ++j) FTAB[256*i+j] = F[j ^ key[9-i]]; @@ -193,7 +194,7 @@ void Skipjack::key_schedule(const byte key[], size_t) */ void Skipjack::clear() { - zeroise(FTAB); + FTAB.clear(); } } diff --git a/src/block/skipjack/skipjack.h b/src/block/skipjack/skipjack.h index 9abd10d47..60a55c8a5 100644 --- a/src/block/skipjack/skipjack.h +++ b/src/block/skipjack/skipjack.h @@ -24,8 +24,6 @@ class BOTAN_DLL Skipjack : public Block_Cipher_Fixed_Params<8, 10> void clear(); std::string name() const { return "Skipjack"; } BlockCipher* clone() const { return new Skipjack; } - - Skipjack() : FTAB(2560) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index bb9132e10..c319dab16 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -160,8 +160,11 @@ void Square::key_schedule(const byte key[], size_t) transform(&XEK[4*i]); } - ME.resize(16); - MD.resize(16); + EK.assign(&XEK[4], &XEK[36]); + DK.assign(&XDK[4], &XDK[36]); + + ME.resize(32); + MD.resize(32); for(size_t i = 0; i != 4; ++i) for(size_t j = 0; j != 4; ++j) @@ -171,9 +174,6 @@ void Square::key_schedule(const byte key[], size_t) MD[4*i+j ] = get_byte(j, XDK[i ]); MD[4*i+j+16] = get_byte(j, XEK[i ]); } - - EK.assign(&XEK[4], &XEK[36]); - DK.assign(&XDK[4], &XDK[36]); } /* @@ -212,10 +212,10 @@ void Square::transform(u32bit round_key[4]) */ void Square::clear() { - zeroise(EK); - zeroise(DK); - zeroise(ME); - zeroise(MD); + EK.clear(); + DK.clear(); + ME.clear(); + MD.clear(); } } diff --git a/src/block/square/square.h b/src/block/square/square.h index f40ad0e31..618dbf6d9 100644 --- a/src/block/square/square.h +++ b/src/block/square/square.h @@ -24,8 +24,6 @@ class BOTAN_DLL Square : public Block_Cipher_Fixed_Params<16, 16> void clear(); std::string name() const { return "Square"; } BlockCipher* clone() const { return new Square; } - - Square() : EK(28), DK(28), ME(32), MD(32) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/tea/tea.cpp b/src/block/tea/tea.cpp index 4ef995a7c..e45f7cb48 100644 --- a/src/block/tea/tea.cpp +++ b/src/block/tea/tea.cpp @@ -65,6 +65,7 @@ void TEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void TEA::key_schedule(const byte key[], size_t) { + K.resize(4); for(size_t i = 0; i != 4; ++i) K[i] = load_be(key, i); } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 5d418e084..d2f81da17 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -21,11 +21,9 @@ class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(K); } + void clear() { K.clear(); } std::string name() const { return "TEA"; } BlockCipher* clone() const { return new TEA; } - - TEA() : K(4) {} private: void key_schedule(const byte[], size_t); secure_vector K; diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index d0a4213fb..eb5b279b9 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -121,6 +121,9 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Twofish::key_schedule(const byte key[], size_t length) { + SB.resize(1024); + RK.resize(40); + secure_vector S(16); for(size_t i = 0; i != length; ++i) @@ -235,8 +238,8 @@ void Twofish::rs_mul(byte S[4], byte key, size_t offset) */ void Twofish::clear() { - zeroise(SB); - zeroise(RK); + SB.clear(); + RK.clear(); } } diff --git a/src/block/twofish/twofish.h b/src/block/twofish/twofish.h index cd84c6fe0..3d8e47498 100644 --- a/src/block/twofish/twofish.h +++ b/src/block/twofish/twofish.h @@ -24,8 +24,6 @@ class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> void clear(); std::string name() const { return "Twofish"; } BlockCipher* clone() const { return new Twofish; } - - Twofish() : SB(1024), RK(40) {} private: void key_schedule(const byte[], size_t); diff --git a/src/block/xtea/xtea.cpp b/src/block/xtea/xtea.cpp index 29287e5a0..b0c976b36 100644 --- a/src/block/xtea/xtea.cpp +++ b/src/block/xtea/xtea.cpp @@ -123,6 +123,8 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void XTEA::key_schedule(const byte key[], size_t) { + EK.resize(64); + secure_vector UK(4); for(size_t i = 0; i != 4; ++i) UK[i] = load_be(key, i); diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index 2bf544696..1d86bf5ce 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -21,11 +21,9 @@ class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(EK); } + void clear() { EK.clear(); } std::string name() const { return "XTEA"; } BlockCipher* clone() const { return new XTEA; } - - XTEA() : EK(64) {} protected: /** * @return const reference to the key schedule diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index 5029c01f8..224a27a48 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -213,8 +213,7 @@ void BigInt::mask_bits(size_t n) const word mask = (static_cast(1) << (n % MP_WORD_BITS)) - 1; if(top_word < size()) - for(size_t i = top_word + 1; i != size(); ++i) - reg[i] = 0; + clear_mem(®[top_word+1], size() - (top_word + 1)); reg[top_word] &= mask; } diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp index ec6fed4a1..599b6e842 100644 --- a/src/math/ec_gfp/point_gfp.cpp +++ b/src/math/ec_gfp/point_gfp.cpp @@ -591,7 +591,7 @@ PointGFp OS2ECP(const byte data[], size_t data_len, throw Illegal_Point("OS2ECP: Decoding error in hybrid format"); } else - throw Invalid_Argument("OS2ECP: Unknown format type"); + throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc)); PointGFp result(curve, x, y); diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp index a25b68185..13eb6ff9e 100644 --- a/src/stream/arc4/arc4.cpp +++ b/src/stream/arc4/arc4.cpp @@ -61,7 +61,10 @@ void ARC4::generate() */ void ARC4::key_schedule(const byte key[], size_t length) { - clear(); + state.resize(256); + buffer.resize(DEFAULT_BUFFERSIZE); + + position = X = Y = 0; for(size_t i = 0; i != 256; ++i) state[i] = static_cast(i); @@ -93,19 +96,14 @@ std::string ARC4::name() const */ void ARC4::clear() { - zeroise(state); - zeroise(buffer); + state.clear(); + buffer.clear(); position = X = Y = 0; } /* * ARC4 Constructor */ -ARC4::ARC4(size_t s) : SKIP(s), - state(256), - buffer(DEFAULT_BUFFERSIZE) - { - clear(); - } +ARC4::ARC4(size_t s) : SKIP(s) {} } diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index 65ee3d758..a7d1b2622 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -134,7 +134,8 @@ void Salsa20::key_schedule(const byte key[], size_t length) static const u32bit SIGMA[] = { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 }; - clear(); + state.resize(16); + buffer.resize(64); if(length == 16) { @@ -167,6 +168,8 @@ void Salsa20::key_schedule(const byte key[], size_t length) state[15] = SIGMA[3]; } + position = 0; + const byte ZERO[8] = { 0 }; set_iv(ZERO, sizeof(ZERO)); } @@ -232,8 +235,8 @@ std::string Salsa20::name() const */ void Salsa20::clear() { - zeroise(state); - zeroise(buffer); + state.clear(); + buffer.clear(); position = 0; } diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h index ac2a9b33a..b68bb979e 100644 --- a/src/stream/salsa20/salsa20.h +++ b/src/stream/salsa20/salsa20.h @@ -33,8 +33,6 @@ class BOTAN_DLL Salsa20 : public StreamCipher void clear(); std::string name() const; StreamCipher* clone() const { return new Salsa20; } - - Salsa20() : state(16), buffer(64), position(0) {} private: void key_schedule(const byte key[], size_t key_len); diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 10ac18315..5dc1a5680 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -247,6 +247,13 @@ void Turing::key_schedule(const byte key[], size_t length) PHT(K); + R.resize(17); + S0.resize(256); + S1.resize(256); + S2.resize(256); + S3.resize(256); + buffer.resize(340); + for(u32bit i = 0; i != 256; ++i) { u32bit W0 = 0, C0 = i; @@ -313,12 +320,13 @@ void Turing::set_iv(const byte iv[], size_t length) */ void Turing::clear() { - zeroise(S0); - zeroise(S1); - zeroise(S2); - zeroise(S3); - - zeroise(buffer); + S0.clear(); + S1.clear(); + S2.clear(); + S3.clear(); + R.clear(); + K.clear(); + buffer.clear(); position = 0; } diff --git a/src/stream/turing/turing.h b/src/stream/turing/turing.h index 84bfbe9c0..48fb013e7 100644 --- a/src/stream/turing/turing.h +++ b/src/stream/turing/turing.h @@ -33,9 +33,6 @@ class BOTAN_DLL Turing : public StreamCipher std::string name() const { return "Turing"; } StreamCipher* clone() const { return new Turing; } - Turing() : S0(256), S1(256), S2(256), S3(256), - R(17), buffer(340), position(0) {} - private: void key_schedule(const byte[], size_t); void generate(); diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp index 51159064d..e4ab6477f 100644 --- a/src/stream/wid_wake/wid_wake.cpp +++ b/src/stream/wid_wake/wid_wake.cpp @@ -74,6 +74,10 @@ void WiderWake_41_BE::generate(size_t length) */ void WiderWake_41_BE::key_schedule(const byte key[], size_t) { + t_key.resize(4); + state.resize(5); + buffer.resize(DEFAULT_BUFFERSIZE); + for(size_t i = 0; i != 4; ++i) t_key[i] = load_be(key, i); @@ -81,6 +85,7 @@ void WiderWake_41_BE::key_schedule(const byte key[], size_t) 0x726A8F3B, 0xE69A3B5C, 0xD3C71FE5, 0xAB3C73D2, 0x4D3A8EB3, 0x0396D6E8, 0x3D4C2F7A, 0x9EE27CF3 }; + T.resize(256); for(size_t i = 0; i != 4; ++i) T[i] = t_key[i]; @@ -143,10 +148,10 @@ void WiderWake_41_BE::set_iv(const byte iv[], size_t length) void WiderWake_41_BE::clear() { position = 0; - zeroise(t_key); - zeroise(state); - zeroise(T); - zeroise(buffer); + t_key.clear(); + state.clear(); + T.clear(); + buffer.clear(); } } diff --git a/src/stream/wid_wake/wid_wake.h b/src/stream/wid_wake/wid_wake.h index ca8d9a316..501345011 100644 --- a/src/stream/wid_wake/wid_wake.h +++ b/src/stream/wid_wake/wid_wake.h @@ -36,10 +36,6 @@ class BOTAN_DLL WiderWake_41_BE : public StreamCipher std::string name() const { return "WiderWake4+1-BE"; } StreamCipher* clone() const { return new WiderWake_41_BE; } - WiderWake_41_BE() : T(256), state(5), t_key(4), - buffer(DEFAULT_BUFFERSIZE), position(0) - {} - private: void key_schedule(const byte[], size_t); -- cgit v1.2.3