From c691561f3198f481c13457433efbccc1c9fcd898 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 18 May 2012 20:32:36 +0000 Subject: Fairly huge update that replaces the old secmem types with std::vector using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed. --- src/constructs/aont/package.cpp | 16 ++++++++-------- src/constructs/cryptobox/cryptobox.cpp | 12 ++++++------ src/constructs/fpe_fe1/fpe_fe1.cpp | 18 +++++++++--------- src/constructs/fpe_fe1/fpe_fe1.h | 4 ++-- src/constructs/rfc3394/rfc3394.cpp | 20 ++++++++++---------- src/constructs/rfc3394/rfc3394.h | 4 ++-- src/constructs/srp6/srp6.cpp | 10 +++++----- src/constructs/srp6/srp6.h | 4 ++-- src/constructs/srp6/srp6_files.cpp | 4 ++-- src/constructs/srp6/srp6_files.h | 6 +++--- src/constructs/tss/tss.cpp | 10 +++++----- src/constructs/tss/tss.h | 4 ++-- 12 files changed, 56 insertions(+), 56 deletions(-) (limited to 'src/constructs') diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index 4d46f6b61..1adee90e8 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -37,7 +37,7 @@ void aont_package(RandomNumberGenerator& rng, // Set K0 (the all zero key) cipher->set_key(SymmetricKey(all_zeros)); - SecureVector buf(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); const size_t blocks = (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE; @@ -57,13 +57,13 @@ void aont_package(RandomNumberGenerator& rng, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(final_block, buf, BLOCK_SIZE); + xor_buf(&final_block[0], &buf[0], BLOCK_SIZE); } // XOR the random package key into the final block - xor_buf(final_block, package_key.begin(), BLOCK_SIZE); + xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE); } void aont_unpackage(BlockCipher* cipher, @@ -83,8 +83,8 @@ void aont_unpackage(BlockCipher* cipher, cipher->set_key(SymmetricKey(all_zeros)); - SecureVector package_key(BLOCK_SIZE); - SecureVector buf(BLOCK_SIZE); + secure_vector package_key(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); // Copy the package key (masked with the block hashes) copy_mem(&package_key[0], @@ -105,9 +105,9 @@ void aont_unpackage(BlockCipher* cipher, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(&package_key[0], buf, BLOCK_SIZE); + xor_buf(&package_key[0], &buf[0], BLOCK_SIZE); } Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key)); diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index ab263c3e9..bb7bf353c 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -44,7 +44,7 @@ std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng) { - SecureVector pbkdf_salt(PBKDF_SALT_LEN); + secure_vector pbkdf_salt(PBKDF_SALT_LEN); rng.randomize(&pbkdf_salt[0], pbkdf_salt.size()); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); @@ -79,10 +79,10 @@ std::string encrypt(const byte input[], size_t input_len, */ const size_t ciphertext_len = pipe.remaining(0); - SecureVector out_buf(VERSION_CODE_LEN + - PBKDF_SALT_LEN + - MAC_OUTPUT_LEN + - ciphertext_len); + std::vector out_buf(VERSION_CODE_LEN + + PBKDF_SALT_LEN + + MAC_OUTPUT_LEN + + ciphertext_len); for(size_t i = 0; i != VERSION_CODE_LEN; ++i) out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); @@ -100,7 +100,7 @@ std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase) { DataSource_Memory input_src(input, input_len); - SecureVector ciphertext = + secure_vector ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE"); diff --git a/src/constructs/fpe_fe1/fpe_fe1.cpp b/src/constructs/fpe_fe1/fpe_fe1.cpp index 91d328c17..b22d3a8df 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.cpp +++ b/src/constructs/fpe_fe1/fpe_fe1.cpp @@ -84,7 +84,7 @@ class FPE_Encryptor public: FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak); + const std::vector& tweak); ~FPE_Encryptor() { delete mac; } @@ -92,17 +92,17 @@ class FPE_Encryptor private: MessageAuthenticationCode* mac; - SecureVector mac_n_t; + std::vector mac_n_t; }; FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak) + const std::vector& tweak) { mac = new HMAC(new SHA_256); mac->set_key(key); - SecureVector n_bin = BigInt::encode(n); + std::vector n_bin = BigInt::encode(n); if(n_bin.size() > MAX_N_BYTES) throw std::runtime_error("N is too large for FPE encryption"); @@ -113,12 +113,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, mac->update_be(static_cast(tweak.size())); mac->update(&tweak[0], tweak.size()); - mac_n_t = mac->final(); + mac_n_t = unlock(mac->final()); } BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { - SecureVector r_bin = BigInt::encode(R); + secure_vector r_bin = BigInt::encode_locked(R); mac->update(mac_n_t); mac->update_be(static_cast(round_no)); @@ -126,7 +126,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) mac->update_be(static_cast(r_bin.size())); mac->update(&r_bin[0], r_bin.size()); - SecureVector X = mac->final(); + secure_vector X = mac->final(); return BigInt(&X[0], X.size()); } @@ -137,7 +137,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) */ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); @@ -165,7 +165,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, */ BigInt fe1_decrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); diff --git a/src/constructs/fpe_fe1/fpe_fe1.h b/src/constructs/fpe_fe1/fpe_fe1.h index da9a6bcb6..66e7f1cfa 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.h +++ b/src/constructs/fpe_fe1/fpe_fe1.h @@ -24,7 +24,7 @@ namespace FPE { */ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); /** * Decrypt X from and onto the group Z_n using key and tweak @@ -35,7 +35,7 @@ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, */ BigInt BOTAN_DLL fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); } diff --git a/src/constructs/rfc3394/rfc3394.cpp b/src/constructs/rfc3394/rfc3394.cpp index db6420ff3..cfe95f40b 100644 --- a/src/constructs/rfc3394/rfc3394.cpp +++ b/src/constructs/rfc3394/rfc3394.cpp @@ -32,9 +32,9 @@ BlockCipher* make_aes(size_t keylength, } -SecureVector rfc3394_keywrap(const MemoryRegion& key, - const SymmetricKey& kek, - Algorithm_Factory& af) +secure_vector rfc3394_keywrap(const secure_vector& key, + const SymmetricKey& kek, + Algorithm_Factory& af) { if(key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key wrap"); @@ -44,13 +44,13 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, const size_t n = key.size() / 8; - SecureVector R((n + 1) * 8); - SecureVector A(16); + secure_vector R((n + 1) * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = 0xA6; - copy_mem(&R[8], key.begin(), key.size()); + copy_mem(&R[8], &key[0], key.size()); for(size_t j = 0; j <= 5; ++j) { @@ -74,7 +74,7 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, return R; } -SecureVector rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af) { @@ -86,13 +86,13 @@ SecureVector rfc3394_keyunwrap(const MemoryRegion& key, const size_t n = (key.size() - 8) / 8; - SecureVector R(n * 8); - SecureVector A(16); + secure_vector R(n * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = key[i]; - copy_mem(&R[0], key.begin() + 8, key.size() - 8); + copy_mem(&R[0], &key[8], key.size() - 8); for(size_t j = 0; j <= 5; ++j) { diff --git a/src/constructs/rfc3394/rfc3394.h b/src/constructs/rfc3394/rfc3394.h index 645586ee2..febd5207e 100644 --- a/src/constructs/rfc3394/rfc3394.h +++ b/src/constructs/rfc3394/rfc3394.h @@ -23,7 +23,7 @@ class Algorithm_Factory; * @param af an algorithm factory * @return key encrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keywrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); @@ -36,7 +36,7 @@ SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, * @param af an algorithm factory * @return key decrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 0eccdc154..569454350 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -48,7 +48,7 @@ BigInt hash_seq(const std::string& hash_id, BigInt compute_x(const std::string& hash_id, const std::string& identifier, const std::string& password, - const MemoryRegion& salt) + const std::vector& salt) { std::unique_ptr hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); @@ -57,12 +57,12 @@ BigInt compute_x(const std::string& hash_id, hash_fn->update(":"); hash_fn->update(password); - SecureVector inner_h = hash_fn->final(); + secure_vector inner_h = hash_fn->final(); hash_fn->update(salt); hash_fn->update(inner_h); - SecureVector outer_h = hash_fn->final(); + secure_vector outer_h = hash_fn->final(); return BigInt::decode(outer_h); } @@ -97,7 +97,7 @@ srp6_client_agree(const std::string& identifier, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ srp6_client_agree(const std::string& identifier, BigInt generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id) { diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h index 4fd127c70..b34253d7a 100644 --- a/src/constructs/srp6/srp6.h +++ b/src/constructs/srp6/srp6.h @@ -33,7 +33,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng); @@ -45,7 +45,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, */ BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id); diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp index bc321745f..4df2986f3 100644 --- a/src/constructs/srp6/srp6_files.cpp +++ b/src/constructs/srp6/srp6_files.cpp @@ -31,7 +31,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) std::string username = parts[0]; BigInt v = BigInt::decode(base64_decode(parts[1])); - MemoryVector salt = base64_decode(parts[2]); + std::vector salt = unlock(base64_decode(parts[2])); BigInt group_id_idx = BigInt::decode(base64_decode(parts[3])); std::string group_id; @@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) bool SRP6_Authenticator_File::lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const { std::map::const_iterator i = entries.find(username); diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h index 4e3293423..4e0d3ff02 100644 --- a/src/constructs/srp6/srp6_files.h +++ b/src/constructs/srp6/srp6_files.h @@ -28,7 +28,7 @@ class BOTAN_DLL SRP6_Authenticator_File bool lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const; private: struct SRP6_Data @@ -36,12 +36,12 @@ class BOTAN_DLL SRP6_Authenticator_File SRP6_Data() {} SRP6_Data(const BigInt& v, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id) : v(v), salt(salt), group_id(group_id) {} BigInt v; - MemoryVector salt; + std::vector salt; std::string group_id; }; diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp index cc34216f3..e002084a1 100644 --- a/src/constructs/tss/tss.cpp +++ b/src/constructs/tss/tss.cpp @@ -150,7 +150,7 @@ RTSS_Share::split(byte M, byte N, shares[i].contents.push_back(i+1); // secret = S || H(S) - SecureVector secret(S, S_len); + secure_vector secret(S, S + S_len); secret += hash.process(S, S_len); for(size_t i = 0; i != secret.size(); ++i) @@ -178,7 +178,7 @@ RTSS_Share::split(byte M, byte N, return shares; } -SecureVector +secure_vector RTSS_Share::reconstruct(const std::vector& shares) { const size_t RTSS_HEADER_SIZE = 20; @@ -211,7 +211,7 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad RTSS length field in header"); std::vector V(shares.size()); - SecureVector secret; + secure_vector secret; for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i) { @@ -250,13 +250,13 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad length in RTSS output"); hash->update(&secret[0], secret_len); - SecureVector hash_check = hash->final(); + secure_vector hash_check = hash->final(); if(!same_mem(&hash_check[0], &secret[secret_len], hash->output_length())) throw Decoding_Error("RTSS hash check failed"); - return SecureVector(&secret[0], secret_len); + return secure_vector(&secret[0], &secret[secret_len]); } } diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h index 297c65971..4664af317 100644 --- a/src/constructs/tss/tss.h +++ b/src/constructs/tss/tss.h @@ -38,7 +38,7 @@ class BOTAN_DLL RTSS_Share /** * @param shares the list of shares */ - static SecureVector + static secure_vector reconstruct(const std::vector& shares); RTSS_Share() {} @@ -68,7 +68,7 @@ class BOTAN_DLL RTSS_Share */ bool initialized() const { return (contents.size() > 0); } private: - SecureVector contents; + secure_vector contents; }; } -- cgit v1.2.3